DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
New Features
Overview
Device Manager
Device and Groups
Device Inventory adds new chart and columns
Improved design for onboarding FortiGate HA clusters to prevent auto-link failure
Global device dashboard 7.2.1
Enhancement to aggregate interface allows creation without specifying the interface members 7.2.1
FortiManager to add IoT devices based on FortiOS Asset Identity Center 7.2.1
Model device initialization enhancements 7.2.1
Internet service database version checked for model devices 7.2.1
Perform packet capture on managed FortiGate interfaces and on managed FortiSwitches 7.2.2
FortiManager supports FortiGate Cloud-Native Firewall as device type 7.2.2
Interface-based traffic shaping can display real time dropped packets 7.2.2
FortiManager detects and displays the out-of-sync status of the FortiGate HA Cluster nodes 7.2.2
Improved FortiGate RMA process using zero touch provisioning 7.2.2
Device configuration status and Policy Package status messages display specific information about the out of sync cause and how to remediate 7.2.3
SD-WAN
SD-WAN overlay templates
SD-WAN Monitor includes new filter to display unhealthy devices or interfaces only 7.2.1
Pre-built route-maps used for SD-WAN self-healing with BGP routing 7.2.2
SD-WAN Template added the health-check embedded SLA information 7.2.2
FortiManager supports multiple interface members in the SD-WAN neighbor configurations 7.2.2
Templates
SD-WAN template enhancement
IPS template combines configuration for global "IPS Global" and per-vdom "System IPS " / "IPS Settings"
Device blueprints
CLI templates have increased visibility for troubleshooting
Improved CLI templates with validation and preview functions
Fabric Authorization Template automatically provisions and authorizes LAN Edge devices on the managed FortiGates 7.2.1
Central Management
AP Manager
AP Manager exposes wireless advanced features 7.2.1
AP groups can be now formed with different AP models 7.2.2
AP Manager improvements in naming and tooltips 7.2.5
FortiSwitch Manager
Configuration enhancement improves multiple port selection in FortiSwitch Templates
NAC policy added to policy package 7.2.1
NAC policy enhanced with FortiLink settings, LAN segments, and NAC policy tags 7.2.1
LAN-Edge: Keep VLAN info when cloning FortiSwitch template 7.2.1
Extender Manager
Extender Manager displays the ESN IMEI, phone number, IMSI, and ICCID as columns for all managed FortiExtenders 7.2.2
Others
ADOM-level meta variables for general use in scripts, templates, and model devices
One FortiAnalyzer can be shared across multiple FortiManager ADOMs
SAML SSO wildcard admin user to match all users on IdP server
Administrative access to FortiManager controlled by IPv4/IPv6 local-in policy
AI Analysis link exposed in Device Manager redirects to FortiAIOps MEA
IPS administrators have visibility on each IPS profile
IPS admin install preview for multiple FortiGate devices at once shows the CLI configuration to be installed on each target device
IPS diagnostics page for IPS dedicated admin displays CPU, memory, and performance statistics for FortiGates related to IPS processes
IoT query service support 7.2.1
Initiate the RMA process to replace the FortiSwitch or FortiAP units from FortiManager 7.2.1
FortiManager supports push updates via JSON API for dynamic address groups objects 7.2.1
FortiManager supports BYOL installation on managed FortiGate VM 7.2.1
FortiGates with firmware FOS version 7.0 and version 7.2 can be managed under the same FortiManager 7.0 ADOM 7.2.1
ADOM version 7.2 supports policy package installation to the lower version of FortiGate on FortiOS 7.0. 7.2.1
Improved FortiSwitch Manager and AP Manager dashboards 7.2.1
Option to automatically unlock the ADOM after installing the Policy Package has been added to the Workspace Mode 7.2.2
FortiManager supports MFA with FortiToken Cloud 7.2.2
Wildcard admin user is supported in the per-ADOM admin profile 7.2.2
FortiManager supports now the FAZ-BD VM and appliance as managed devices 7.2.2
IoT Vulnerabilities has been added to the Asset Identity Center 7.2.2
Workspace mode is supported for the restricted admin 7.2.2
Restricted IPS admins can manage the IPS header and footer and perform IPS installations in the global ADOM 7.2.2
FortiManager displays PSIRT information when a vulnerability is detected for managed devices 7.2.2
FortiManager supports authentication token for API administrators 7.2.2
FortiProxy 7.2 ADOM type added support for VDOMs 7.2.2
Configurable SD-WAN monitor data with custom disk usage 7.2.2
FortiManager added support for IOTV objects and vulnerability download from FDS 7.2.2
VPN Monitoring displays IPsec VPN tunnels created by IPSec templates and SD-WAN overlay wizard 7.2.3
FortiManager supports FortiPAM license validation and central packages download 7.2.5
Proxy settings server URL page enhanced with drag-and-drop and better user experience 7.2.5
Enforce Device Configuration option allows autolink to push changes on FortiGate management interface during ZTP 7.2.5
Policy and Objects
Policy
Policy Packages can use colors for sections
Firewall policy creator exposed 7.2.1
Unused Policies filter in a predefined time frame to help security teams for audit purposes
The Insert Empty Policy operation will insert a new disabled policy above or below, with no interface pair inheritance from the adjacent policies 7.2.1
Increased number of multicast policies to 2560 per policy package 7.2.2
Firewall policy strict search option will return only the results with an exact match 7.2.2
Inserting a new policy in the Policy Package page will keep the screen focus and position on the newly added policy 7.2.2
Policy Blocks are supported in the Global ADOM and can be reused in different Global Policy Packages 7.2.2
Create new firewall policy page consolidates source and destination object types 7.2.2
Create a Policy Block from a selection of the policies within Policy Package 7.2.2
Create a new policy based on the logged traffic and traffic hit count 7.2.4
Objects
Resolve IP address from FQDN for firewall address type subnet
FortiManager supports empty Address Group
Metadata Variables are supported in Firewall Objects configuration
Additional filters available for IPS sensors
Monitoring page for the IPS on-hold signatures
Enhanced object "where used" function 7.2.1
Factory default firewall addresses and address group for private IP space (RFC1918) 7.2.2
Virtual IP (VIP) objects defined as an IP range are now searchable by an IP in the range 7.2.2
FortiManager added support for FortiGate shared global objects 7.2.2
Object search is done using a persistent search menu, and the search extends to all object types 7.2.2
Fabric View
Connectors
Allow multiple Cisco PxGrid connectors in the same ADOM
FortiManager updated integration with NSX-T
Flex-VM Fabric Connector to support flex licensing management from FortiManager 7.2.1
System
High Availability (HA)
FortiManager-HA automatic failover enhancement
FortiManager-HA support automatic VRRP failover in Azure 7.2.5
Administrators
New firewall admin role with no RW permission on IPS objects
Per-ADOM admin profile 7.2.1
FortiManager French GUI support 7.2.3
Network
FortiManager supports link aggregation of physical ports
FortiManager supports VLANs on physical network interfaces
Others
Add LLDP support on FMG and FAZ 7.2.1
FortiManager setup wizard improvement with optional firmware upgrade step 7.2.1
TPM hardware module 7.2.2
Entitlement file can be uploaded during the setup wizard in air-gapped environments 7.2.2
SAML assertions and SAML requests can be now signed to better support third-party IdPs 7.2.3
Extended JSON API to support the FortiManager backup operation 7.2.3
Management Extensions
Management Extensions
Universal Connector MEA added support for Cisco ACI 7.2.1
Cloud Services
Automatic configuration synchronization for the members of the auto-scaling group in Public Cloud in case of scale-out/scale-in events 7.2.1
Visibility improvement for auto-scaling clusters 7.2.1
FortiManager-VM has been added to the Flex-VM offering 7.2.1
VM flexible shapes support for Oracle Cloud Infrastructure 7.2.1
NSX-T connector options can be managed from FortiManager 7.2.2
NSX-T connector support for retrieval of North-South service objects 7.2.2
FortiManager-VM added support for Oracle Dedicated Region Cloud 7.2.2
FortiManager added support for SCCC Alibaba Cloud 7.2.2
Index
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
Appendix A - Example scenarios
Branch configuration using FortiManager Jinja2 CLI templates
Create metadata variables used in templates
Create Jinja templates and a CLI template group
Create a device group for branch devices
Create model devices and add them to device group
Assign a Jinja CLI template group to the branch device group
Set metadata variable mapping for each branch FortiGate
Preview Jinja script on device or device group
Perform installation to apply Jinja template configurations to branches
Jinja2 template sample scripts
Change Log
Home
FortiManager 7.2.0
New Features
7.2.0
7.6.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.7
6.2.3
6.2.2
6.2.1
6.2.0
Policy and Objects
Policy and Objects
This section lists the new features added to
FortiManager
for policy and objects:
Policy
Objects
Previous
Next
Policy and Objects
Policy and Objects
This section lists the new features added to
FortiManager
for policy and objects:
Policy
Objects
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Overview
Device Manager
Device and Groups
Device Inventory adds new chart and columns
Improved design for onboarding FortiGate HA clusters to prevent auto-link failure
Global device dashboard 7.2.1
Enhancement to aggregate interface allows creation without specifying the interface members 7.2.1
FortiManager to add IoT devices based on FortiOS Asset Identity Center 7.2.1
Model device initialization enhancements 7.2.1
Internet service database version checked for model devices 7.2.1
Perform packet capture on managed FortiGate interfaces and on managed FortiSwitches 7.2.2
FortiManager supports FortiGate Cloud-Native Firewall as device type 7.2.2
Interface-based traffic shaping can display real time dropped packets 7.2.2
FortiManager detects and displays the out-of-sync status of the FortiGate HA Cluster nodes 7.2.2
Improved FortiGate RMA process using zero touch provisioning 7.2.2
Device configuration status and Policy Package status messages display specific information about the out of sync cause and how to remediate 7.2.3
SD-WAN
SD-WAN overlay templates
SD-WAN Monitor includes new filter to display unhealthy devices or interfaces only 7.2.1
Pre-built route-maps used for SD-WAN self-healing with BGP routing 7.2.2
SD-WAN Template added the health-check embedded SLA information 7.2.2
FortiManager supports multiple interface members in the SD-WAN neighbor configurations 7.2.2
Templates
SD-WAN template enhancement
IPS template combines configuration for global "IPS Global" and per-vdom "System IPS " / "IPS Settings"
Device blueprints
CLI templates have increased visibility for troubleshooting
Improved CLI templates with validation and preview functions
Fabric Authorization Template automatically provisions and authorizes LAN Edge devices on the managed FortiGates 7.2.1
Central Management
AP Manager
AP Manager exposes wireless advanced features 7.2.1
AP groups can be now formed with different AP models 7.2.2
AP Manager improvements in naming and tooltips 7.2.5
FortiSwitch Manager
Configuration enhancement improves multiple port selection in FortiSwitch Templates
NAC policy added to policy package 7.2.1
NAC policy enhanced with FortiLink settings, LAN segments, and NAC policy tags 7.2.1
LAN-Edge: Keep VLAN info when cloning FortiSwitch template 7.2.1
Extender Manager
Extender Manager displays the ESN IMEI, phone number, IMSI, and ICCID as columns for all managed FortiExtenders 7.2.2
Others
ADOM-level meta variables for general use in scripts, templates, and model devices
One FortiAnalyzer can be shared across multiple FortiManager ADOMs
SAML SSO wildcard admin user to match all users on IdP server
Administrative access to FortiManager controlled by IPv4/IPv6 local-in policy
AI Analysis link exposed in Device Manager redirects to FortiAIOps MEA
IPS administrators have visibility on each IPS profile
IPS admin install preview for multiple FortiGate devices at once shows the CLI configuration to be installed on each target device
IPS diagnostics page for IPS dedicated admin displays CPU, memory, and performance statistics for FortiGates related to IPS processes
IoT query service support 7.2.1
Initiate the RMA process to replace the FortiSwitch or FortiAP units from FortiManager 7.2.1
FortiManager supports push updates via JSON API for dynamic address groups objects 7.2.1
FortiManager supports BYOL installation on managed FortiGate VM 7.2.1
FortiGates with firmware FOS version 7.0 and version 7.2 can be managed under the same FortiManager 7.0 ADOM 7.2.1
ADOM version 7.2 supports policy package installation to the lower version of FortiGate on FortiOS 7.0. 7.2.1
Improved FortiSwitch Manager and AP Manager dashboards 7.2.1
Option to automatically unlock the ADOM after installing the Policy Package has been added to the Workspace Mode 7.2.2
FortiManager supports MFA with FortiToken Cloud 7.2.2
Wildcard admin user is supported in the per-ADOM admin profile 7.2.2
FortiManager supports now the FAZ-BD VM and appliance as managed devices 7.2.2
IoT Vulnerabilities has been added to the Asset Identity Center 7.2.2
Workspace mode is supported for the restricted admin 7.2.2
Restricted IPS admins can manage the IPS header and footer and perform IPS installations in the global ADOM 7.2.2
FortiManager displays PSIRT information when a vulnerability is detected for managed devices 7.2.2
FortiManager supports authentication token for API administrators 7.2.2
FortiProxy 7.2 ADOM type added support for VDOMs 7.2.2
Configurable SD-WAN monitor data with custom disk usage 7.2.2
FortiManager added support for IOTV objects and vulnerability download from FDS 7.2.2
VPN Monitoring displays IPsec VPN tunnels created by IPSec templates and SD-WAN overlay wizard 7.2.3
FortiManager supports FortiPAM license validation and central packages download 7.2.5
Proxy settings server URL page enhanced with drag-and-drop and better user experience 7.2.5
Enforce Device Configuration option allows autolink to push changes on FortiGate management interface during ZTP 7.2.5
Policy and Objects
Policy
Policy Packages can use colors for sections
Firewall policy creator exposed 7.2.1
Unused Policies filter in a predefined time frame to help security teams for audit purposes
The Insert Empty Policy operation will insert a new disabled policy above or below, with no interface pair inheritance from the adjacent policies 7.2.1
Increased number of multicast policies to 2560 per policy package 7.2.2
Firewall policy strict search option will return only the results with an exact match 7.2.2
Inserting a new policy in the Policy Package page will keep the screen focus and position on the newly added policy 7.2.2
Policy Blocks are supported in the Global ADOM and can be reused in different Global Policy Packages 7.2.2
Create new firewall policy page consolidates source and destination object types 7.2.2
Create a Policy Block from a selection of the policies within Policy Package 7.2.2
Create a new policy based on the logged traffic and traffic hit count 7.2.4
Objects
Resolve IP address from FQDN for firewall address type subnet
FortiManager supports empty Address Group
Metadata Variables are supported in Firewall Objects configuration
Additional filters available for IPS sensors
Monitoring page for the IPS on-hold signatures
Enhanced object "where used" function 7.2.1
Factory default firewall addresses and address group for private IP space (RFC1918) 7.2.2
Virtual IP (VIP) objects defined as an IP range are now searchable by an IP in the range 7.2.2
FortiManager added support for FortiGate shared global objects 7.2.2
Object search is done using a persistent search menu, and the search extends to all object types 7.2.2
Fabric View
Connectors
Allow multiple Cisco PxGrid connectors in the same ADOM
FortiManager updated integration with NSX-T
Flex-VM Fabric Connector to support flex licensing management from FortiManager 7.2.1
System
High Availability (HA)
FortiManager-HA automatic failover enhancement
FortiManager-HA support automatic VRRP failover in Azure 7.2.5
Administrators
New firewall admin role with no RW permission on IPS objects
Per-ADOM admin profile 7.2.1
FortiManager French GUI support 7.2.3
Network
FortiManager supports link aggregation of physical ports
FortiManager supports VLANs on physical network interfaces
Others
Add LLDP support on FMG and FAZ 7.2.1
FortiManager setup wizard improvement with optional firmware upgrade step 7.2.1
TPM hardware module 7.2.2
Entitlement file can be uploaded during the setup wizard in air-gapped environments 7.2.2
SAML assertions and SAML requests can be now signed to better support third-party IdPs 7.2.3
Extended JSON API to support the FortiManager backup operation 7.2.3
Management Extensions
Management Extensions
Universal Connector MEA added support for Cisco ACI 7.2.1
Cloud Services
Automatic configuration synchronization for the members of the auto-scaling group in Public Cloud in case of scale-out/scale-in events 7.2.1
Visibility improvement for auto-scaling clusters 7.2.1
FortiManager-VM has been added to the Flex-VM offering 7.2.1
VM flexible shapes support for Oracle Cloud Infrastructure 7.2.1
NSX-T connector options can be managed from FortiManager 7.2.2
NSX-T connector support for retrieval of North-South service objects 7.2.2
FortiManager-VM added support for Oracle Dedicated Region Cloud 7.2.2
FortiManager added support for SCCC Alibaba Cloud 7.2.2
Index
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
Appendix A - Example scenarios
Branch configuration using FortiManager Jinja2 CLI templates
Create metadata variables used in templates
Create Jinja templates and a CLI template group
Create a device group for branch devices
Create model devices and add them to device group
Assign a Jinja CLI template group to the branch device group
Set metadata variable mapping for each branch FortiGate
Preview Jinja script on device or device group
Perform installation to apply Jinja template configurations to branches
Jinja2 template sample scripts
Change Log
