Document
Library
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiProxy
NOC & SOC Management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
/
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
/
FortiVoice Cloud
FortiRecorder
/
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
Flex-VM
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
/
FortiWeb Cloud
FortiADC
/
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
/
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
/
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
/
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Curated links by solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Define, Design, Deploy, Demo
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
Filter Products
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
Filter Products
AscenLink
AV Engine
AWS Firewall Rules
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiExtender Cloud
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Search documents and hardware ...
New Features
Overview
GUI
General usability enhancements
Updated Dashboard and FortiView
Accessing additional support resources
Run simultaneous packet captures and use the command palette
Update FortiSandbox Files FortiView monitor
Combine the Device Inventory widget and Asset Identity Center page
GUI enhancements for FortiGuard DLP service 7.4.1
FortiConverter usability improvements 7.4.1
Update FortiGuard License Information widget 7.4.1
Optimize policy and objects pages and dialogs 7.4.2
Indicate Special Technical Support builds 7.4.2
Network
General
Using MP-BGP EVPN with VXLAN
Add route tag address objects
Configuring a DHCP shared subnet
Configuring DHCP smart relay on interfaces with a secondary IP
Improve DVLAN QinQ performance for NP7 platforms over virtual wire pairs
Active SIM card switching available on FortiGates with cellular modem and dual SIM card support
LAG interface status signaled to peer when available links fall below min-link
Configuring multiple DDNS entries in the GUI
Support DHCP client mode for inter-VDOM links 7.4.1
Configuring FortiGate LAN extension the GUI 7.4.1
Transparent conditional DNS forwarder 7.4.1
IPAM enhancements 7.4.1
DNS over QUIC and DNS over HTTP3 for transparent and local-in DNS modes 7.4.1
Enhancement to QUIC and HTTP3 inspection 7.4.1
Interfaces in non-management VDOMs as the source IP address of the DNS conditional forwarding server 7.4.1
FortiGate 3G4G: improved dual SIM card switching capabilities 7.4.1
Cellular interface of FortiGate-40F-3G4G supports IPv6 7.4.1
Connectivity Fault Management supported for network troubleshooting 7.4.1
Support LTE / BLE airplane mode for FGR-70F-3G4G 7.4.1
BGP incorporates the advanced security measures of TCP Authentication Option (TCP-AO) 7.4.2
Allow multiple sFlow collectors 7.4.2
Support BGP graceful restart helper-only mode 7.4.2
Support for LAN extension VDOM simplifications 7.4.2
Allow multiple Netflow collectors 7.4.2
Enhance port-level control for STP and 802.1x authentication 7.4.2
IPv6
BGP conditional advertisements for IPv6 prefix when IPv4 prefix conditions are met and vice-versa
Explicit and transparent proxy
Changing the FTP mode from active to passive for explicit proxy
Configuring a secure explicit proxy
Explicit proxy logging enhancements
Support the Happy Eyeballs algorithm for explicit proxy 7.4.1
Support webpages to properly display CORS content in an explicit proxy environment 7.4.1
Forward HTTPS requests to a web server without the need for an HTTP CONNECT message 7.4.1
Support web proxy forward server over IPv6 7.4.1
SD-WAN
Overlays and underlays
Using a single IKE elector in ADVPN to match all SD-WAN control plane traffic
Improve client-side settings for SD-WAN network monitor 7.4.1
Support the new SD-WAN Overlay-as-a-Service 7.4.1
IPv6 support for SD-WAN segmentation over a single overlay 7.4.2
SD-WAN hub and spoke speed test improvements 7.4.2
ADVPN 2.0 edge discovery and path management 7.4.2
Support an OaaS agent for uninterrupted spoke traffic 7.4.4
Routing
Add option to keep sessions in established ADVPN shortcuts while they remain in SLA
Allow better control over the source IP used by each egress interface for local out traffic
SD-WAN multi-PoP multi-hub large scale design and failover 7.4.1
Active dynamic BGP neighbor triggered by ADVPN shortcut 7.4.1
Performance SLA
Logging FortiMonitor-detected performance metrics
Classifying SLA probes for traffic prioritization
VRF-aware SD-WAN IPv6 health checks
Support maximize bandwidth (SLA) to load balance spoke-to-spoke traffic between multiple ADVPN shortcuts
Support HTTPS performance SLA health checks 7.4.1
Service rules
Support IPv6 application based steering in SD-WAN
Allow multicast traffic to be steered by SD-WAN
Using load balancing in a manual SD-WAN rule without configuring an SLA target 7.4.1
Policy and objects
NGFW
Add scanunit support for learning mode
Support dynamic Fabric address in security policies 7.4.1
Policies
Support destination port matching of central SNAT rules
Support the Port Control Protocol
Improve the performance of the GUI policy list
Process Ethernet frames with Cisco Security Group Tag and VLAN tag
Support port block allocation for NAT64
Support refreshing active sessions for specific protocols and port ranges per VDOM in a specified direction 7.4.1
Update policy lookup tool with policy match tool 7.4.1
Policy list enhancements 7.4.1
Support IPS inspection for multicast UDP traffic 7.4.2
Optimize virtual patching on the local-in interface 7.4.2
Objects
Increase the number of supported dynamic FSSO IP addresses
Internet service as source addresses in the local-in policy 7.4.4
Traffic shaping
Traffic shaping extensions
Protocol options
Stripping the X-Forwarded-For value in the HTTP header 7.4.2
Zero Trust Network Access
General
Introduce new ZTNA replacement message types 7.4.1
Condense ZTNA server mapping configurations 7.4.2
Introduce Fabric integration with FortiGSLB 7.4.2
Tags and EMS connectors
Support logical AND for tag matching between primary and secondary EMS tags in a firewall policy
Support sending the FortiGate interface subnet list to EMS
Add the Any and All options back for security posture tags in the GUI 7.4.2
Rename ZTNA Tag to Security Posture Tag in the GUI 7.4.2
ZTNA policies
Introduce simplified ZTNA rules within firewall policies
Security profiles
Antivirus
Download quarantined files in archive format 7.4.1
Web filter
Add FortiGuard web filter categories for AI and cryptocurrency 7.4.1
Support Punycode encoding for the url and hostname fields in flow inspection logs 7.4.2
IPS
Support full extended IPS database for FortiGate VMs with eight cores or more
Support Diameter protocol inspection on the FortiGate 7.4.2
Virtual patching
Support OT and IoT virtual patching on NAC policies
Virtual patching profile 7.4.1
Improve visibility of OT vulnerabilities and virtual patching signatures 7.4.2
Others
Improve replacement message displayed in blocked videos
Introduce SIP IPS profile as a complement to SIP ALG
Add inline CASB security profile 7.4.1
Support domain name in XFF with ICAP 7.4.1
Enhance the video filter profile with a new level of customization and control 7.4.2
Enhancements to data loss prevention (DLP) 7.4.2
VPN
IPsec and SSL VPN
Update the SSL VPN web portal layout using Neutrino
Improve the styling of the SSL VPN landing page
Allow SSL VPN login to be redirected to a custom landing page
IPsec SA key retrieval from a KMS server using KMIP
Add user group information to the SSL-VPN monitor
IPsec IKE load balancing based on FortiSASE account information
Adjust DTLS heartbeat parameter for SSL VPN
SAML-based authentication for FortiClient remote access dialup IPsec VPN clients
Multiple interface monitoring for IPsec 7.4.1
Update SSL VPN default behavior and visibility in the GUI 7.4.1
Securely exchange serial numbers between FortiGates connected with IPsec VPN 7.4.1
IPsec split DNS 7.4.1
Support IPsec tunnel to change names 7.4.2
Encapsulate ESP packets within TCP headers 7.4.2
IPsec key retrieval with a QKD system using the ETSI standardized API 7.4.2
Support for autoconnect to IPsec VPN using Microsoft Entra ID 7.4.2
User and authentication
Authentication
Add RADSEC client support
Enable the FortiToken Cloud free trial directly from the FortiGate
Enhance complexity options for local user password policy 7.4.1
RADIUS integrated certificate authentication for SSL VPN 7.4.1
LAN Edge
Wireless
Add profile support for UNII-4 5GHz band on FortiAP G-series models
Add support for WPA3-SAE security mode on mesh backhaul SSIDs
Implement multi-processing for the wpad daemon for large-scale FortiAP management
Add support for an IPsec VPN tunnel that carries the FortiAP SN
Support for WPA3 security modes on FortiWiFi units operating in Client Mode
Support Dynamic VLAN assignment with multiple VLAN IDs per Name Tag 7.4.1
Support for EAP/TLS on FortiWiFi models operating in Client Mode 7.4.1
Enable AP and Client mode on FortiWiFi 80F series models 7.4.1
Integration with Pole Star's NAO Cloud service for BLE asset tag tracking 7.4.1
Wireless Foreground Scan improvements 7.4.1
Support for MIMO mode configuration 7.4.1
Add GUI support for configuring WPA3-SAE security mode on mesh backhaul SSIDs 7.4.1
Add support for SAE-PK generation 7.4.2
Support RADIUS accounting interim update on roaming for WPA Enterprise security 7.4.2
Improve Bonjour profile provisioning and redundancy 7.4.2
GUI support for WPA3 security mode on Client mode FortiWiFi units 7.4.2
Support WPA3 options when the FortiAP radio mode is set to SAM 7.4.2
Add automated reboot functionality for FortiAPs 7.4.2
Support individual control of 802.11k and 802.11v protocols 7.4.2
Support external antennas in select FortiAP models 7.4.2
Support Hitless Rolling AP upgrade 7.4.2
Support third-party antennas in select FortiAP models 7.4.2
Improve CAPWAP stability over NAT 7.4.2
Switch controller
Specify FortiSwitch names to use in switch-controller CLI commands
Support user-configurable ACL
Support configuring DHCP-snooping option-82 settings
Display DHCP-snooping option-82 data
Support automatically allowing and blocking intra-VLAN traffic based on FortiLink connectivity 7.4.1
Support the FortiOS one-arm sniffer on a mirrored VLAN interface 7.4.1
Support new commands for Precision Time Protocol configuration 7.4.1
Support inter-VLAN routing by managed FortiSwitch units 7.4.1
Support security rating recommendations for tier-2 and tier-3 MCLAGs 7.4.1
Support for the authentication and encryption of fabric links 7.4.1
Synchronize the FortiOS interface description with the FortiSwitch VLAN description 7.4.1
Support FortiSwitch management using HTTPS 7.4.2
Set the priority for dynamic or egress VLAN assignment 7.4.2
Specify how RADIUS request attributes are formatted 7.4.2
FortiExtender
Fast failover of CAPWAP control channel between two uplinks
System
General
Display warnings for supported Fabric devices passing their hardware EOS date
Add setting to control the upper limit of the FQDN refresh timer
Command to compute file hashes
Support checking for firmware updates daily when auto firmware upgrade is enabled
FortiConverter in the GUI
Prevent FortiGates with an expired support contract from upgrading to a major or minor firmware release
Prevent firmware upgrades when the support contract is expired using the GUI 7.4.1
Automatic firmware upgrade enhancements 7.4.1
Introduce selected availability (SA) version and label 7.4.1
View batch transaction commands through the REST API 7.4.1
Separate the SSHD host key from the administration server certificate 7.4.2
FortiOS REST API enhances FortiManager interaction with FortiExtender 7.4.2
CLI system permissions 7.4.2
Memory usage reduced on FortiGate models with 2 GB RAM 7.4.2
Prevent firmware upgrade depending on the current firmware license's expiration date 7.4.2
High availability
FGCP HA between FortiGates of the same model with different AC and DC PSUs
FGCP multi-version cluster upgrade 7.4.1
Enhance IPv6 VRRP state control 7.4.2
SNMP
Add SNMP trap for memory usage on FortiGates 7.4.2
Add SNMP trap for PSU power restore 7.4.2
FortiGuard
FortiGuard DLP service
Attack Surface Security Rating service 7.4.1
Operational Technology Security Service 7.4.1
Support automatic federated firmware updates of managed FortiAPs and FortiSwitches 7.4.1
Certificates
Support Enrollment over Secure Transport for automatic certificate management 7.4.1
Security
Enhance BIOS-level signature and file integrity checking
Real-time file system integrity checking
Add built-in entropy source 7.4.1
Unauthorized firmware modification attempt reporting 7.4.1
Security Fabric
Fabric settings and connectors
MAC address threat feed
Configuring FortiClient EMS and FortiClient EMS Cloud on a per-VDOM basis
Update FortiVoice connector features 7.4.1
External SDN connectors
Support IPv6 dynamic addresses retrieved from Cisco ACI SDN connector
Security ratings
Support CIS compliance standards within security ratings 7.4.1
Add prompt for one-time upgrade when a critical vulnerability is detected upon login 7.4.1
Automation
Improve automation trigger and action selection
Asset Identity Center
Configure Purdue Levels for Fabric devices 7.4.2
Log and report
Logging
Support switching to an alternate FortiAnalyzer if the main FortiAnalyzer is unavailable 7.4.1
Introduce new log fields for long-live sessions 7.4.2
Cloud
Public and private cloud
Support the AWS t4g, c6a, and c6in instance families
VMware ESXi FortiGate-VM as ZTNA gateway
Support the new AWS c7gn instance family
Support SCCC backed by AliCloud
Upgrade AWS ENA network interface driver to 2.8.3
Support UEFI-Preferred boot mode on AWS FortiGate-VM models
OCI DRCC support
Support multiple compartments and regions with single OCI SDN connector
Add Cisco ACI ESG support for direct connector 7.4.1
Add OVF template support for VMware ESXi 8 7.4.1
GCP support for C3 machine type 7.4.1
AWS support for local zones 7.4.1
AWS SBE support 7.4.1
GCP support for C3A and C3D machine type 7.4.2
Add FortiFlex GUI option 7.4.2
AliCloud support for c7, c7a, and g5ne instance families 7.4.2
AliCloud support change route table with IPv4 gateway for HA 7.4.2
AWS SDN Connector support for alternate resources 7.4.2
Integrate FortiGate Azure vWAN solution with Azure Monitor to capture health metrics 7.4.2
Customizing the FortiFlex license token activation retry parameters 7.4.2
Operational Technology
System
Configuring the Purdue Level for discovered assets based on detected interface
Index
7.4.0
7.4.1
7.4.2
Change Log
Home
FortiGate / FortiOS 7.4.0
New Features
7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Cloud
Cloud
This section includes information about cloud related new features:
Public and private cloud
Previous
Next
Cloud
This section includes information about cloud related new features:
Public and private cloud
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
Flex-VM
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiExtender Cloud
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Overview
GUI
General usability enhancements
Updated Dashboard and FortiView
Accessing additional support resources
Run simultaneous packet captures and use the command palette
Update FortiSandbox Files FortiView monitor
Combine the Device Inventory widget and Asset Identity Center page
GUI enhancements for FortiGuard DLP service 7.4.1
FortiConverter usability improvements 7.4.1
Update FortiGuard License Information widget 7.4.1
Optimize policy and objects pages and dialogs 7.4.2
Indicate Special Technical Support builds 7.4.2
Network
General
Using MP-BGP EVPN with VXLAN
Add route tag address objects
Configuring a DHCP shared subnet
Configuring DHCP smart relay on interfaces with a secondary IP
Improve DVLAN QinQ performance for NP7 platforms over virtual wire pairs
Active SIM card switching available on FortiGates with cellular modem and dual SIM card support
LAG interface status signaled to peer when available links fall below min-link
Configuring multiple DDNS entries in the GUI
Support DHCP client mode for inter-VDOM links 7.4.1
Configuring FortiGate LAN extension the GUI 7.4.1
Transparent conditional DNS forwarder 7.4.1
IPAM enhancements 7.4.1
DNS over QUIC and DNS over HTTP3 for transparent and local-in DNS modes 7.4.1
Enhancement to QUIC and HTTP3 inspection 7.4.1
Interfaces in non-management VDOMs as the source IP address of the DNS conditional forwarding server 7.4.1
FortiGate 3G4G: improved dual SIM card switching capabilities 7.4.1
Cellular interface of FortiGate-40F-3G4G supports IPv6 7.4.1
Connectivity Fault Management supported for network troubleshooting 7.4.1
Support LTE / BLE airplane mode for FGR-70F-3G4G 7.4.1
BGP incorporates the advanced security measures of TCP Authentication Option (TCP-AO) 7.4.2
Allow multiple sFlow collectors 7.4.2
Support BGP graceful restart helper-only mode 7.4.2
Support for LAN extension VDOM simplifications 7.4.2
Allow multiple Netflow collectors 7.4.2
Enhance port-level control for STP and 802.1x authentication 7.4.2
IPv6
BGP conditional advertisements for IPv6 prefix when IPv4 prefix conditions are met and vice-versa
Explicit and transparent proxy
Changing the FTP mode from active to passive for explicit proxy
Configuring a secure explicit proxy
Explicit proxy logging enhancements
Support the Happy Eyeballs algorithm for explicit proxy 7.4.1
Support webpages to properly display CORS content in an explicit proxy environment 7.4.1
Forward HTTPS requests to a web server without the need for an HTTP CONNECT message 7.4.1
Support web proxy forward server over IPv6 7.4.1
SD-WAN
Overlays and underlays
Using a single IKE elector in ADVPN to match all SD-WAN control plane traffic
Improve client-side settings for SD-WAN network monitor 7.4.1
Support the new SD-WAN Overlay-as-a-Service 7.4.1
IPv6 support for SD-WAN segmentation over a single overlay 7.4.2
SD-WAN hub and spoke speed test improvements 7.4.2
ADVPN 2.0 edge discovery and path management 7.4.2
Support an OaaS agent for uninterrupted spoke traffic 7.4.4
Routing
Add option to keep sessions in established ADVPN shortcuts while they remain in SLA
Allow better control over the source IP used by each egress interface for local out traffic
SD-WAN multi-PoP multi-hub large scale design and failover 7.4.1
Active dynamic BGP neighbor triggered by ADVPN shortcut 7.4.1
Performance SLA
Logging FortiMonitor-detected performance metrics
Classifying SLA probes for traffic prioritization
VRF-aware SD-WAN IPv6 health checks
Support maximize bandwidth (SLA) to load balance spoke-to-spoke traffic between multiple ADVPN shortcuts
Support HTTPS performance SLA health checks 7.4.1
Service rules
Support IPv6 application based steering in SD-WAN
Allow multicast traffic to be steered by SD-WAN
Using load balancing in a manual SD-WAN rule without configuring an SLA target 7.4.1
Policy and objects
NGFW
Add scanunit support for learning mode
Support dynamic Fabric address in security policies 7.4.1
Policies
Support destination port matching of central SNAT rules
Support the Port Control Protocol
Improve the performance of the GUI policy list
Process Ethernet frames with Cisco Security Group Tag and VLAN tag
Support port block allocation for NAT64
Support refreshing active sessions for specific protocols and port ranges per VDOM in a specified direction 7.4.1
Update policy lookup tool with policy match tool 7.4.1
Policy list enhancements 7.4.1
Support IPS inspection for multicast UDP traffic 7.4.2
Optimize virtual patching on the local-in interface 7.4.2
Objects
Increase the number of supported dynamic FSSO IP addresses
Internet service as source addresses in the local-in policy 7.4.4
Traffic shaping
Traffic shaping extensions
Protocol options
Stripping the X-Forwarded-For value in the HTTP header 7.4.2
Zero Trust Network Access
General
Introduce new ZTNA replacement message types 7.4.1
Condense ZTNA server mapping configurations 7.4.2
Introduce Fabric integration with FortiGSLB 7.4.2
Tags and EMS connectors
Support logical AND for tag matching between primary and secondary EMS tags in a firewall policy
Support sending the FortiGate interface subnet list to EMS
Add the Any and All options back for security posture tags in the GUI 7.4.2
Rename ZTNA Tag to Security Posture Tag in the GUI 7.4.2
ZTNA policies
Introduce simplified ZTNA rules within firewall policies
Security profiles
Antivirus
Download quarantined files in archive format 7.4.1
Web filter
Add FortiGuard web filter categories for AI and cryptocurrency 7.4.1
Support Punycode encoding for the url and hostname fields in flow inspection logs 7.4.2
IPS
Support full extended IPS database for FortiGate VMs with eight cores or more
Support Diameter protocol inspection on the FortiGate 7.4.2
Virtual patching
Support OT and IoT virtual patching on NAC policies
Virtual patching profile 7.4.1
Improve visibility of OT vulnerabilities and virtual patching signatures 7.4.2
Others
Improve replacement message displayed in blocked videos
Introduce SIP IPS profile as a complement to SIP ALG
Add inline CASB security profile 7.4.1
Support domain name in XFF with ICAP 7.4.1
Enhance the video filter profile with a new level of customization and control 7.4.2
Enhancements to data loss prevention (DLP) 7.4.2
VPN
IPsec and SSL VPN
Update the SSL VPN web portal layout using Neutrino
Improve the styling of the SSL VPN landing page
Allow SSL VPN login to be redirected to a custom landing page
IPsec SA key retrieval from a KMS server using KMIP
Add user group information to the SSL-VPN monitor
IPsec IKE load balancing based on FortiSASE account information
Adjust DTLS heartbeat parameter for SSL VPN
SAML-based authentication for FortiClient remote access dialup IPsec VPN clients
Multiple interface monitoring for IPsec 7.4.1
Update SSL VPN default behavior and visibility in the GUI 7.4.1
Securely exchange serial numbers between FortiGates connected with IPsec VPN 7.4.1
IPsec split DNS 7.4.1
Support IPsec tunnel to change names 7.4.2
Encapsulate ESP packets within TCP headers 7.4.2
IPsec key retrieval with a QKD system using the ETSI standardized API 7.4.2
Support for autoconnect to IPsec VPN using Microsoft Entra ID 7.4.2
User and authentication
Authentication
Add RADSEC client support
Enable the FortiToken Cloud free trial directly from the FortiGate
Enhance complexity options for local user password policy 7.4.1
RADIUS integrated certificate authentication for SSL VPN 7.4.1
LAN Edge
Wireless
Add profile support for UNII-4 5GHz band on FortiAP G-series models
Add support for WPA3-SAE security mode on mesh backhaul SSIDs
Implement multi-processing for the wpad daemon for large-scale FortiAP management
Add support for an IPsec VPN tunnel that carries the FortiAP SN
Support for WPA3 security modes on FortiWiFi units operating in Client Mode
Support Dynamic VLAN assignment with multiple VLAN IDs per Name Tag 7.4.1
Support for EAP/TLS on FortiWiFi models operating in Client Mode 7.4.1
Enable AP and Client mode on FortiWiFi 80F series models 7.4.1
Integration with Pole Star's NAO Cloud service for BLE asset tag tracking 7.4.1
Wireless Foreground Scan improvements 7.4.1
Support for MIMO mode configuration 7.4.1
Add GUI support for configuring WPA3-SAE security mode on mesh backhaul SSIDs 7.4.1
Add support for SAE-PK generation 7.4.2
Support RADIUS accounting interim update on roaming for WPA Enterprise security 7.4.2
Improve Bonjour profile provisioning and redundancy 7.4.2
GUI support for WPA3 security mode on Client mode FortiWiFi units 7.4.2
Support WPA3 options when the FortiAP radio mode is set to SAM 7.4.2
Add automated reboot functionality for FortiAPs 7.4.2
Support individual control of 802.11k and 802.11v protocols 7.4.2
Support external antennas in select FortiAP models 7.4.2
Support Hitless Rolling AP upgrade 7.4.2
Support third-party antennas in select FortiAP models 7.4.2
Improve CAPWAP stability over NAT 7.4.2
Switch controller
Specify FortiSwitch names to use in switch-controller CLI commands
Support user-configurable ACL
Support configuring DHCP-snooping option-82 settings
Display DHCP-snooping option-82 data
Support automatically allowing and blocking intra-VLAN traffic based on FortiLink connectivity 7.4.1
Support the FortiOS one-arm sniffer on a mirrored VLAN interface 7.4.1
Support new commands for Precision Time Protocol configuration 7.4.1
Support inter-VLAN routing by managed FortiSwitch units 7.4.1
Support security rating recommendations for tier-2 and tier-3 MCLAGs 7.4.1
Support for the authentication and encryption of fabric links 7.4.1
Synchronize the FortiOS interface description with the FortiSwitch VLAN description 7.4.1
Support FortiSwitch management using HTTPS 7.4.2
Set the priority for dynamic or egress VLAN assignment 7.4.2
Specify how RADIUS request attributes are formatted 7.4.2
FortiExtender
Fast failover of CAPWAP control channel between two uplinks
System
General
Display warnings for supported Fabric devices passing their hardware EOS date
Add setting to control the upper limit of the FQDN refresh timer
Command to compute file hashes
Support checking for firmware updates daily when auto firmware upgrade is enabled
FortiConverter in the GUI
Prevent FortiGates with an expired support contract from upgrading to a major or minor firmware release
Prevent firmware upgrades when the support contract is expired using the GUI 7.4.1
Automatic firmware upgrade enhancements 7.4.1
Introduce selected availability (SA) version and label 7.4.1
View batch transaction commands through the REST API 7.4.1
Separate the SSHD host key from the administration server certificate 7.4.2
FortiOS REST API enhances FortiManager interaction with FortiExtender 7.4.2
CLI system permissions 7.4.2
Memory usage reduced on FortiGate models with 2 GB RAM 7.4.2
Prevent firmware upgrade depending on the current firmware license's expiration date 7.4.2
High availability
FGCP HA between FortiGates of the same model with different AC and DC PSUs
FGCP multi-version cluster upgrade 7.4.1
Enhance IPv6 VRRP state control 7.4.2
SNMP
Add SNMP trap for memory usage on FortiGates 7.4.2
Add SNMP trap for PSU power restore 7.4.2
FortiGuard
FortiGuard DLP service
Attack Surface Security Rating service 7.4.1
Operational Technology Security Service 7.4.1
Support automatic federated firmware updates of managed FortiAPs and FortiSwitches 7.4.1
Certificates
Support Enrollment over Secure Transport for automatic certificate management 7.4.1
Security
Enhance BIOS-level signature and file integrity checking
Real-time file system integrity checking
Add built-in entropy source 7.4.1
Unauthorized firmware modification attempt reporting 7.4.1
Security Fabric
Fabric settings and connectors
MAC address threat feed
Configuring FortiClient EMS and FortiClient EMS Cloud on a per-VDOM basis
Update FortiVoice connector features 7.4.1
External SDN connectors
Support IPv6 dynamic addresses retrieved from Cisco ACI SDN connector
Security ratings
Support CIS compliance standards within security ratings 7.4.1
Add prompt for one-time upgrade when a critical vulnerability is detected upon login 7.4.1
Automation
Improve automation trigger and action selection
Asset Identity Center
Configure Purdue Levels for Fabric devices 7.4.2
Log and report
Logging
Support switching to an alternate FortiAnalyzer if the main FortiAnalyzer is unavailable 7.4.1
Introduce new log fields for long-live sessions 7.4.2
Cloud
Public and private cloud
Support the AWS t4g, c6a, and c6in instance families
VMware ESXi FortiGate-VM as ZTNA gateway
Support the new AWS c7gn instance family
Support SCCC backed by AliCloud
Upgrade AWS ENA network interface driver to 2.8.3
Support UEFI-Preferred boot mode on AWS FortiGate-VM models
OCI DRCC support
Support multiple compartments and regions with single OCI SDN connector
Add Cisco ACI ESG support for direct connector 7.4.1
Add OVF template support for VMware ESXi 8 7.4.1
GCP support for C3 machine type 7.4.1
AWS support for local zones 7.4.1
AWS SBE support 7.4.1
GCP support for C3A and C3D machine type 7.4.2
Add FortiFlex GUI option 7.4.2
AliCloud support for c7, c7a, and g5ne instance families 7.4.2
AliCloud support change route table with IPv4 gateway for HA 7.4.2
AWS SDN Connector support for alternate resources 7.4.2
Integrate FortiGate Azure vWAN solution with Azure Monitor to capture health metrics 7.4.2
Customizing the FortiFlex license token activation retry parameters 7.4.2
Operational Technology
System
Configuring the Purdue Level for discovered assets based on detected interface
Index
7.4.0
7.4.1
7.4.2
Change Log