Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 7.2.6 FortiOS Release Notes
7.2.6
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2

Changes in CLI

Changes in CLI

Bug ID

Description

896333

You can use the diagnose span-sniffer packet command to sniff traffic on internal FortiGate 6000 or 7000 interfaces in the same way as using the diagnose sniffer packet command to sniff traffic on data or management interfaces. The diagnose span-sniffer packet syntax is similar to the diagnose sniffer packet command syntax. Internal FortiGate 6000 or 7000 interfaces includes internal switch ports (for example, sw:1-P1, sw:7-P4) and the DP processor (dp).

Command syntax for the packet sniffer part of the command is:

diagnose span-sniffer packet <interface> <filter> <verbose> <count> <timestamp> <frame-size>

The <filter> option does not work for internal switch (sw:) interfaces. You can work around this problem by using the default filter (which is "") and using grep to display the information you are looking for. For example, use the following command to see echo request packets:

diagnose span-sniffer packet dp "" 4 | grep echo

913040

The config vpn ssl settings option tunnel-addr-assigned-method is now available again in the FortiGate 6000 and 7000 CLI. This option had been removed in a previous release because setting this option to first-available and configuring multiple IP pools was found to reduce FortiGate 6000 and 7000 SSL VPN load balancing performance. However, some users may want the ability to use multiple IP pools for their SSL VPN configuration, even if performance is reduced. So the change has been reverted.
Previous
Next

Changes in CLI

Bug ID

Description

896333

You can use the diagnose span-sniffer packet command to sniff traffic on internal FortiGate 6000 or 7000 interfaces in the same way as using the diagnose sniffer packet command to sniff traffic on data or management interfaces. The diagnose span-sniffer packet syntax is similar to the diagnose sniffer packet command syntax. Internal FortiGate 6000 or 7000 interfaces includes internal switch ports (for example, sw:1-P1, sw:7-P4) and the DP processor (dp).

Command syntax for the packet sniffer part of the command is:

diagnose span-sniffer packet <interface> <filter> <verbose> <count> <timestamp> <frame-size>

The <filter> option does not work for internal switch (sw:) interfaces. You can work around this problem by using the default filter (which is "") and using grep to display the information you are looking for. For example, use the following command to see echo request packets:

diagnose span-sniffer packet dp "" 4 | grep echo

913040

The config vpn ssl settings option tunnel-addr-assigned-method is now available again in the FortiGate 6000 and 7000 CLI. This option had been removed in a previous release because setting this option to first-available and configuring multiple IP pools was found to reduce FortiGate 6000 and 7000 SSL VPN load balancing performance. However, some users may want the ability to use multiple IP pools for their SSL VPN configuration, even if performance is reduced. So the change has been reverted.
Previous
Next