The FortiGate 7000F platform supports setting a custom load balancing method for an individual VDOM. All of the traffic destined for that VDOM will be distributed to FPMs by the NP7 load balancers according to the following setting:

config system settings
    set dp-load-distribution-method {derived | to-master | src-ip | dst-ip | src-dst-ip | src-ip-sport | dst-ip-dport | src-dst-ip-sport-dport}
end

The default load balancing method, derived, means traffic for that VDOM uses the global load balancing method set by the dp-load-distribution-method option of the global config load-balance setting command.

Add route tags to static routes.

config router static
    edit <seq-num>
        set tag <id>
    next
end

Add password field to BGP neighbor group to be used for the neighbor range.

config router bgp
    config neighbor-group
        edit <name>
            set password <password>
        next
    end
end

Introduce the new Firmware Virtual Patch (FMWP) database to support local-in virtual patching. To install the FMWP database, the FortiGate must have a valid Firmware (FMWR) license. The FMWP database can be viewed by running the diagnose autoupdate versions command.

Add new command to compute the SHA256 file hashes for each file in a directory.

# diagnose sys filesystem hash

Securely exchange serial numbers between FortiGates connected with IPsec VPN. This feature is supported in IKEv2, IKEv1 main mode, and IKEv1 aggressive mode. The exchange is only performed with participating FortiGates that have enabled the exchange-fgt-device-id setting under config vpn ipsec phase1-interface.

The Any/All GUI selector for ZTNA tags is added back to the simple and full ZTNA policy configuration page. The setting is defaulted to Any.

Improve the client-side settings of the SD-WAN network bandwidth monitoring service to increase the flexibility of the speed tests, and to optimize the settings to produce more accurate measurements. The changes include:

• Support UDP speed tests.

• Support multiple TCP connections to the server instead of a single connection.

• Measure the latency to speed test servers and select the server with the smallest latency to perform the test.

• Support the auto mode speed test, which selects either UDP or TCP testing automatically based on the latency threshold.

FortiOS can synchronize the FortiOS interface description with the VLAN description on the FortiSwitch. Previously, only the FortiOS interface name could be synchronized as the VLAN description on the FortiSwitch, and it was limited to 15 characters. This enhancement extends the VLAN description length on the FortiSwitch from 15 characters to a new maximum of 64 characters.

config switch-controller global
    set vlan-identity {name | description}
end

FortiOS now includes a built-in entropy source, which eliminates the need for a physical USB entropy token when booting up in FIPS mode on any platform. This enhancement continues to meet the requirements of FIPS 140-3 Certification by changing the source of entropy to CPU jitter entropy.