Fortinet black logo

FortiManager 7.2.1 and FortiOS 7.0.8 compatibility issues

FortiManager 7.2.1 and FortiOS 7.0.8 compatibility issues

This section identifies interoperability issues that have been identified with FortiManager 7.2.1 and FortiOS 7.0.8 in mantis 841187. FortiOS 7.0.8 includes syntax changes not supported by FortiManager 7.2.1.

  • system ddns ddns-key changed from user to passwd_aes256
  • system dhcp server ddns-key changed from user to passwd_aes256
  • system mobile-tunnel n-mhae-key changed from user to passwd_aes256

The following default values changed:

  • router bgp neighbor allowas-in default value changed from 0 to 3
  • router bgp neighbor allowas-in6 default value changed from 0 to 3
  • router bgp neighbor-group allowas-in default value changed from 0 to 3
  • router bgp neighbor-group allowas-in6 default value changed from 0 to 3
  • system external-resource user-agent default value changed from curl/7.58.0 to not specified
  • system ftm-push server-cert default value changed from self-sign to Fortinet_Factory
  • system npu default-qos-type default value changed from policing to shaping
  • system npu policy-offload-level default value changed from full-offload to disable

The following objects were added:

    (attr) antivirus profile cifs fortindr
    (attr) antivirus profile fortindr-error-action
    (attr) antivirus profile fortindr-timeout-action
    (attr) antivirus profile ftp fortindr
    (attr) antivirus profile http fortindr
    (attr) antivirus profile http unknown-content-encoding
    (attr) antivirus profile imap fortindr
    (attr) antivirus profile nntp fortindr
    (attr) antivirus profile pop3 fortindr
    (attr) antivirus profile smtp fortindr
    (attr) antivirus profile ssh fortindr
    (attr) endpoint-control fctems dirty-reason
    (attr) endpoint-control fctems ems-id
    (attr) endpoint-control fctems out-of-sync-threshold
    (attr) endpoint-control fctems serial-number
    (attr) endpoint-control fctems status
    (attr) firewall access-proxy-virtual-host replacemsg-group
    (attr) firewall ippool subnet-broadcast-in-ippool
    (attr) firewall profile-protocol-options ftp explicit-ftp-tls
    (attr) firewall vip6 ndp-reply
    (attr) log threat-weight malware fortindr
    (attr) switch-controller igmp-snooping query-interval
    (attr) system external-resource server-identity-check
    (node) system fortindr
    (attr) system global ip-fragment-mem-thresholds
    (attr) system sdn-connector external-account-list external-id
    (attr) system settings nat46-force-ipv4-packet-forwarding
    (attr) system settings nat64-force-ipv6-packet-forwarding
    (attr) vpn ipsec phase1 fgsp-sync
    (attr) vpn ipsec phase1-interface fgsp-sync
    (attr) wireless-controller vap sae-h2e-only
    (attr) wireless-controller vap sae-pk
    (attr) wireless-controller vap sae-private-key
    (attr) wireless-controller vap sticky-client-threshold-6g

The following objects were removed:

    (attr) antivirus profile cifs fortiai
    (attr) antivirus profile fortiai-error-action
    (attr) antivirus profile fortiai-timeout-action
    (attr) antivirus profile ftp fortiai
    (attr) antivirus profile http fortiai
    (attr) antivirus profile imap fortiai
    (attr) antivirus profile mapi fortiai
    (attr) antivirus profile nntp fortiai
    (attr) antivirus profile pop3 fortiai
    (attr) antivirus profile smtp fortiai
    (attr) antivirus profile ssh fortiai
    (attr) antivirus settings cache-clean-result
    (attr) firewall vip6 arp-reply
    (attr) log threat-weight malware fortiai
    (attr) system automation-trigger ioc-level
    (attr) system cluster-sync ike-heartbeat-interval
    (attr) system cluster-sync ike-monitor
    (attr) system cluster-sync ike-monitor-interval
    (attr) system cluster-sync ike-use-rfc6311
    (node) system fortiai

Additional option changes:

    extender-controller extender-profile model
        option-list (tag|opt): None -> ["FX04DI", "FX04DN"]
    switch-controller managed-switch ports speed
        option-list (tag|opt): ["10000", "1000fiber", "25000cr4", "25000sr4", "40000", "5000full"] -> None (102 platforms: excludes 5001E1,5001E)
        option-list (tag|opt): None -> ["10000full", "1000full-fiber", "25000cr", "25000sr", "40000cr4", "40000full", "40000sr4", "50000cr", "50000sr", "5000auto"] (102 platforms: excludes 5001E1,5001E)
    wireless-controller setting country
        option-list (tag|opt): None -> ["MN"]
    wireless-controller wtp radio-1 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp radio-2 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp radio-3 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp radio-4 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp-group platform-type
        option-list (tag|opt): None -> ["231FL", "231G", "233G", "431FL", "431G", "432FR", "433FL", "433G", "U231G", "U441G"]
    wireless-controller wtp-profile ap-country
        option-list (tag|opt): None -> ["MN"]
    wireless-controller wtp-profile platform type
        option-list (tag|opt): None -> ["231FL", "231G", "233G", "431FL", "431G", "432FR", "433FL", "433G", "U231G", "U441G"]
    wireless-controller wtp-profile radio-1 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp-profile radio-2 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp-profile radio-3 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp-profile radio-4 band
        option-list (tag|opt): None -> ["802.11ax-6G"]

FortiManager 7.2.1 and FortiOS 7.0.8 compatibility issues

This section identifies interoperability issues that have been identified with FortiManager 7.2.1 and FortiOS 7.0.8 in mantis 841187. FortiOS 7.0.8 includes syntax changes not supported by FortiManager 7.2.1.

  • system ddns ddns-key changed from user to passwd_aes256
  • system dhcp server ddns-key changed from user to passwd_aes256
  • system mobile-tunnel n-mhae-key changed from user to passwd_aes256

The following default values changed:

  • router bgp neighbor allowas-in default value changed from 0 to 3
  • router bgp neighbor allowas-in6 default value changed from 0 to 3
  • router bgp neighbor-group allowas-in default value changed from 0 to 3
  • router bgp neighbor-group allowas-in6 default value changed from 0 to 3
  • system external-resource user-agent default value changed from curl/7.58.0 to not specified
  • system ftm-push server-cert default value changed from self-sign to Fortinet_Factory
  • system npu default-qos-type default value changed from policing to shaping
  • system npu policy-offload-level default value changed from full-offload to disable

The following objects were added:

    (attr) antivirus profile cifs fortindr
    (attr) antivirus profile fortindr-error-action
    (attr) antivirus profile fortindr-timeout-action
    (attr) antivirus profile ftp fortindr
    (attr) antivirus profile http fortindr
    (attr) antivirus profile http unknown-content-encoding
    (attr) antivirus profile imap fortindr
    (attr) antivirus profile nntp fortindr
    (attr) antivirus profile pop3 fortindr
    (attr) antivirus profile smtp fortindr
    (attr) antivirus profile ssh fortindr
    (attr) endpoint-control fctems dirty-reason
    (attr) endpoint-control fctems ems-id
    (attr) endpoint-control fctems out-of-sync-threshold
    (attr) endpoint-control fctems serial-number
    (attr) endpoint-control fctems status
    (attr) firewall access-proxy-virtual-host replacemsg-group
    (attr) firewall ippool subnet-broadcast-in-ippool
    (attr) firewall profile-protocol-options ftp explicit-ftp-tls
    (attr) firewall vip6 ndp-reply
    (attr) log threat-weight malware fortindr
    (attr) switch-controller igmp-snooping query-interval
    (attr) system external-resource server-identity-check
    (node) system fortindr
    (attr) system global ip-fragment-mem-thresholds
    (attr) system sdn-connector external-account-list external-id
    (attr) system settings nat46-force-ipv4-packet-forwarding
    (attr) system settings nat64-force-ipv6-packet-forwarding
    (attr) vpn ipsec phase1 fgsp-sync
    (attr) vpn ipsec phase1-interface fgsp-sync
    (attr) wireless-controller vap sae-h2e-only
    (attr) wireless-controller vap sae-pk
    (attr) wireless-controller vap sae-private-key
    (attr) wireless-controller vap sticky-client-threshold-6g

The following objects were removed:

    (attr) antivirus profile cifs fortiai
    (attr) antivirus profile fortiai-error-action
    (attr) antivirus profile fortiai-timeout-action
    (attr) antivirus profile ftp fortiai
    (attr) antivirus profile http fortiai
    (attr) antivirus profile imap fortiai
    (attr) antivirus profile mapi fortiai
    (attr) antivirus profile nntp fortiai
    (attr) antivirus profile pop3 fortiai
    (attr) antivirus profile smtp fortiai
    (attr) antivirus profile ssh fortiai
    (attr) antivirus settings cache-clean-result
    (attr) firewall vip6 arp-reply
    (attr) log threat-weight malware fortiai
    (attr) system automation-trigger ioc-level
    (attr) system cluster-sync ike-heartbeat-interval
    (attr) system cluster-sync ike-monitor
    (attr) system cluster-sync ike-monitor-interval
    (attr) system cluster-sync ike-use-rfc6311
    (node) system fortiai

Additional option changes:

    extender-controller extender-profile model
        option-list (tag|opt): None -> ["FX04DI", "FX04DN"]
    switch-controller managed-switch ports speed
        option-list (tag|opt): ["10000", "1000fiber", "25000cr4", "25000sr4", "40000", "5000full"] -> None (102 platforms: excludes 5001E1,5001E)
        option-list (tag|opt): None -> ["10000full", "1000full-fiber", "25000cr", "25000sr", "40000cr4", "40000full", "40000sr4", "50000cr", "50000sr", "5000auto"] (102 platforms: excludes 5001E1,5001E)
    wireless-controller setting country
        option-list (tag|opt): None -> ["MN"]
    wireless-controller wtp radio-1 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp radio-2 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp radio-3 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp radio-4 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp-group platform-type
        option-list (tag|opt): None -> ["231FL", "231G", "233G", "431FL", "431G", "432FR", "433FL", "433G", "U231G", "U441G"]
    wireless-controller wtp-profile ap-country
        option-list (tag|opt): None -> ["MN"]
    wireless-controller wtp-profile platform type
        option-list (tag|opt): None -> ["231FL", "231G", "233G", "431FL", "431G", "432FR", "433FL", "433G", "U231G", "U441G"]
    wireless-controller wtp-profile radio-1 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp-profile radio-2 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp-profile radio-3 band
        option-list (tag|opt): None -> ["802.11ax-6G"]
    wireless-controller wtp-profile radio-4 band
        option-list (tag|opt): None -> ["802.11ax-6G"]