New features or enhancements
More detailed information is available in the New Features Guide.
Feature ID |
Description |
---|---|
480717 |
Add |
685910 |
Add SoC4 driver support for the IEEE 802.1ad, which is also known as QinQ. When the OID is used up, it is forbidden to create a new QinQ interface. |
743804 |
Add a RADIUS option to allow the FortiGate to set the RADIUS accounting message group delimiter to a comma (,) instead of a plus sign (+) when using RSSO. The default delimiter is still a plus sign. |
789237 |
FortiOS supports customizing the source IP address and the outgoing interface for communication with the upstream FortiGate in the Security Fabric: config system csf set source-ip <class_ip> set upstream-interface-select-method {auto | sdwan | specify} end |
838535 |
Support matching by destination port when matching a central NAT rule if the protocols are TCP, UDP, or SCTP. |
846399 |
Add 100G speed option for FG-180xF for ports 37, 38, 39, and 40. Upon firmware upgrade, existing port speed configurations are preserved. |
883606 |
FortiOS allows customers to enable or disable the INDEX extension that appends the VDOM or interface index in RFC tables. config system snmp sysinfo set append-index {enable | disable } end |
884375 |
Add support for FAP-234G management. |
886560 |
Support switching to an alternate FortiAnalyzer if the main FortiAnalyzer is unavailable. Once the connectivity is restored, it will automatically fall back to the primary FortiAnalyzer. |
886564 |
This enhancement changes to the Internet Key Exchange (IKE) protocol to bolster the security measures and improve the performance of IPsec VPN. The three key changes include EMS SN Verification, IPsec SAML-based authentication, and IPsec Split DNS. |
906370 |
Support EMS serial number checking per IPsec phase 1 interface. config vpn ipsec phase1-interface edit <name> set ems-sn-check {enable | disable} next end |
915879 |
Add two FortiGuard web filter categories:
|
921914 |
Support autoconnect to IPsec VPN using Microsoft Entra ID. This enables seamless and secure connectivity for users accessing corporate resources by automatically establishing IPsec VPN connections based on Microsoft Entra ID logon session information. |
930522 |
Remote access with read and write rights through FortiGate Cloud now requires a paid FortiGate Cloud subscription. The FortiGate can still be accessed in a read-only state with the free tier of FortiGate Cloud. Alternatively, you can access your FortiGate through its web interface. Please contact your Fortinet Sales/Partner for details on purchasing a FortiGate Cloud Service subscription license for your FortiGate device. |
931953 |
FortiOS supports Automatic Firmware Modification Attempt Reporting. This enhancement improves upon the Real-time file system integrity checking feature by implementing an automatic reporting mechanism in the event of an unauthorized firmware modification attempt. |
934273 |
Support the BGP graceful restart helper-only mode. This ensures that during a FortiGate HA failover, the neighboring router that only supports BGP graceful restart helper mode retains its routes. |
938066 |
FortiOS supports customizing retry times and intervals for token activation for FortiFlex/Flex-VM licenses. execute vm-license-options count <integer> execute vm-license-options interval <integer> |
965990 |
FortiOS supports up to six NetFlow collectors. This enhancement extends to multi-VDOM environments where a maximum of six NetFlow collectors can be used globally or on a per-VDOMs basis. |
976152 |
FortiOS supports source IP address anchoring in dial-up IPsec tunnels. This allows the gateway to match connections based on the IPv4/IPv6 gateway address parameters, such as the subnet, address range, or country. |
977097 |
Choose whether to discard or permit IPv4 SCTP packets with zero checksum on the NP7 platform: config system npu config fp-anomaly set sctp-csum-err {allow | drop | trap-to-host} next end |
979375 |
FIPS-CC cipher mode is silently enabled when configured using cloud-init for AWS. |