FortiOS Release Notes

Home FortiGate / FortiOS 6.2.0 FortiOS Release Notes

6.2.0

Changes in default behavior

Firewall

Remove dependency of ssl-ssh-profile on utm-status under firewall policy (531885).

Previous releases	6.2.0 release
You must enable `utm-status` under firewall policy before configuring `ssl-ssh-profile`.	You can configure `ssl-ssh-profile` by itself. When you upgrade, this configuration is added to the existing firewall policy.

Log & Report

Starting from the 6.2.0 release, exe log list displays the result of the current log device.

Previous releases	6.2.0 release
`exe log list` only lists the disk log file.	`exe log list` lists the log file from the current log device (disk/memory). `exe log list` shows the memory log file in `exe log filter device memory`. `exe log list` shows the disk log file in `exe log filter device disk`.

Previous releases

6.2.0 release

exe log list only lists the disk log file.

exe log list lists the log file from the current log device (disk/memory).

exe log list shows the memory log file in exe log filter device memory.

exe log list shows the disk log file in exe log filter device disk.

Separate policy and address log-uuid options into two individual options.

Previous releases	6.2.0 release
config system global set log-uuid [policy-only \| extended \| disable] end	config system global set log-uuid-policy [enable \| disable] set log-uuid-address [enable \| disable] end

System

Starting from the 6.2.0 release, Global admin can only back up but not restore the configuration file.

Previous releases	6.2.0 release
Super admin: can back up and restore configuration file. Global admin: can back up and restore configuration file. VDOM admin: can back up and restore VDOM configuration file with full Admin and Maintenance permission.	Super admin: can back up and restore configuration file. Global admin: can only back up configuration file. VDOM admin: can back up and restore VDOM configuration file with full Admin and Maintenance permission.

Previous releases

6.2.0 release

Super admin: can back up and restore configuration file.

Global admin: can back up and restore configuration file.

VDOM admin: can back up and restore VDOM configuration file with full Admin and Maintenance permission.

Super admin: can back up and restore configuration file.

Global admin: can only back up configuration file.

VDOM admin: can back up and restore VDOM configuration file with full Admin and Maintenance permission.

Devices configured under security-exempt-list are void after upgrading to 6.2.0.

FortiOS 6.2.0 removes any use of device enforcement from various FortiGate features.

Previous releases	6.2.0 release
config user device-category <--removed config user device-access-list <--removed config user device-group <--removed config user security-exempt-list edit [List Name] config rule edit [Rule ID] set devices [Device or group name] <--removed set srcaddr [Address or group name] next end next end config system interface edit [Interface] set ip [IP address and subnet mask] set device-access-list [Access list name] <--removed set device-identification-active-scan [enable \| disable] <--removed next end config firewall policy edit [Policy ID] set name [Policy name] set device [Device or group name] <--removed next end config firewall policy6 edit [Policy ID] set name [Policy name] set device [Device or group name] <--removed next end	config user security-exempt-list edit [List Name] config rule edit [Rule ID] set srcaddr [Address or group name] next end next end config system interface edit [Interface] set ip [IP address and subnet mask] next end config firewall policy edit [Policy ID] set name [Policy name] next end config firewall policy6 edit [Policy ID] set name [Policy name] next end

Previous releases

6.2.0 release

config user device-category <--removed

config user device-access-list <--removed

config user device-group <--removed

config user security-exempt-list
   edit [List Name]
      config rule
         edit [Rule ID]
            set devices [Device or group name] <--removed
            set srcaddr [Address or group name]
         next
      end
   next
end

config system interface
   edit [Interface]
      set ip [IP address and subnet mask]
      set device-access-list [Access list name] <--removed
      set device-identification-active-scan [enable | disable] <--removed
   next
end

config firewall policy
   edit [Policy ID]
      set name [Policy name]
      set device [Device or group name] <--removed
   next
end

config firewall policy6
   edit [Policy ID]
      set name [Policy name]
      set device [Device or group name] <--removed
   next
end

config user security-exempt-list
   edit [List Name]
      config rule
         edit [Rule ID]
            set srcaddr [Address or group name]
         next
      end
   next
end

config system interface
   edit [Interface]
      set ip [IP address and subnet mask]
   next
end

config firewall policy
   edit [Policy ID]
      set name [Policy name]
   next
end

config firewall policy6
   edit [Policy ID]
      set name [Policy name]
   next
end

Changes in default behavior

Firewall

Remove dependency of ssl-ssh-profile on utm-status under firewall policy (531885).

Previous releases	6.2.0 release
You must enable `utm-status` under firewall policy before configuring `ssl-ssh-profile`.	You can configure `ssl-ssh-profile` by itself. When you upgrade, this configuration is added to the existing firewall policy.

Log & Report

Starting from the 6.2.0 release, exe log list displays the result of the current log device.

Previous releases	6.2.0 release
`exe log list` only lists the disk log file.	`exe log list` lists the log file from the current log device (disk/memory). `exe log list` shows the memory log file in `exe log filter device memory`. `exe log list` shows the disk log file in `exe log filter device disk`.

Previous releases

6.2.0 release

exe log list only lists the disk log file.

exe log list lists the log file from the current log device (disk/memory).

exe log list shows the memory log file in exe log filter device memory.

exe log list shows the disk log file in exe log filter device disk.

Separate policy and address log-uuid options into two individual options.

Previous releases	6.2.0 release
config system global set log-uuid [policy-only \| extended \| disable] end	config system global set log-uuid-policy [enable \| disable] set log-uuid-address [enable \| disable] end

System

Starting from the 6.2.0 release, Global admin can only back up but not restore the configuration file.

Previous releases	6.2.0 release
Super admin: can back up and restore configuration file. Global admin: can back up and restore configuration file. VDOM admin: can back up and restore VDOM configuration file with full Admin and Maintenance permission.	Super admin: can back up and restore configuration file. Global admin: can only back up configuration file. VDOM admin: can back up and restore VDOM configuration file with full Admin and Maintenance permission.

Previous releases

6.2.0 release

Super admin: can back up and restore configuration file.

Global admin: can back up and restore configuration file.

VDOM admin: can back up and restore VDOM configuration file with full Admin and Maintenance permission.

Super admin: can back up and restore configuration file.

Global admin: can only back up configuration file.

VDOM admin: can back up and restore VDOM configuration file with full Admin and Maintenance permission.

Devices configured under security-exempt-list are void after upgrading to 6.2.0.

FortiOS 6.2.0 removes any use of device enforcement from various FortiGate features.

Previous releases	6.2.0 release
config user device-category <--removed config user device-access-list <--removed config user device-group <--removed config user security-exempt-list edit [List Name] config rule edit [Rule ID] set devices [Device or group name] <--removed set srcaddr [Address or group name] next end next end config system interface edit [Interface] set ip [IP address and subnet mask] set device-access-list [Access list name] <--removed set device-identification-active-scan [enable \| disable] <--removed next end config firewall policy edit [Policy ID] set name [Policy name] set device [Device or group name] <--removed next end config firewall policy6 edit [Policy ID] set name [Policy name] set device [Device or group name] <--removed next end	config user security-exempt-list edit [List Name] config rule edit [Rule ID] set srcaddr [Address or group name] next end next end config system interface edit [Interface] set ip [IP address and subnet mask] next end config firewall policy edit [Policy ID] set name [Policy name] next end config firewall policy6 edit [Policy ID] set name [Policy name] next end

Previous releases

6.2.0 release

config user device-category <--removed

config user device-access-list <--removed

config user device-group <--removed

config user security-exempt-list
   edit [List Name]
      config rule
         edit [Rule ID]
            set devices [Device or group name] <--removed
            set srcaddr [Address or group name]
         next
      end
   next
end

config system interface
   edit [Interface]
      set ip [IP address and subnet mask]
      set device-access-list [Access list name] <--removed
      set device-identification-active-scan [enable | disable] <--removed
   next
end

config firewall policy
   edit [Policy ID]
      set name [Policy name]
      set device [Device or group name] <--removed
   next
end

config firewall policy6
   edit [Policy ID]
      set name [Policy name]
      set device [Device or group name] <--removed
   next
end

config user security-exempt-list
   edit [List Name]
      config rule
         edit [Rule ID]
            set srcaddr [Address or group name]
         next
      end
   next
end

config system interface
   edit [Interface]
      set ip [IP address and subnet mask]
   next
end

config firewall policy
   edit [Policy ID]
      set name [Policy name]
   next
end

config firewall policy6
   edit [Policy ID]
      set name [Policy name]
   next
end

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

FortiOS Release Notes

Changes in default behavior

Changes in default behavior

Firewall

Log & Report

System

Changes in default behavior

Changes in default behavior

Firewall

Log & Report

System