Fortinet black logo

Release Notes

Home FortiManager 7.4.0 Release Notes
7.4.0
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3

FortiManager 7.4.0 and FortiOS 7.2.5 compatibility issues

FortiManager 7.4.0 and FortiOS 7.2.5 compatibility issues

This section identifies interoperability issues that have been identified with FortiManager 7.4.0 and FortiOS 7.2.5. FortiOS 7.2.5 includes syntax changes not supported by FortiManager 7.4.0.

Note

When specific platforms are indicated, the syntax change applies to both the FortiGate and FortiCarrier platform for the model.

For example, (4 platforms: 3980E,3960E) indicates FortiGate-3980E, FortiCarrier-3980E, FortiGate-3960E, FortiCarrier-3960E.

The following type changed:

  • vpn certificate ocsp-server source-ip type changed from <ip4class> to <string>

The following objects were added:

  • (attr) firewall policy ip-version-type

  • (attr) firewall policy ips-voip-filter

  • (attr) firewall policy policy-behaviour-type

  • (attr) firewall profile-group ips-voip-filter

  • (attr) firewall proxy-policy ips-voip-filter

  • (attr) firewall security-policy ips-voip-filter

  • (attr) system admin gui-dashboard widget source

  • (attr) system csf file-mgmt

  • (attr) system csf file-quota

  • (attr) system csf file-quota-warning

  • (attr) system federated-upgrade ha-reboot-controller

  • (attr) system npu dedicated-management-affinity (1 platforms: 200F)

  • (attr) system npu dedicated-management-cpu (1 platforms: 200F)

  • (attr) system sso-admin gui-dashboard widget source

  • (attr) system sso-forticloud-admin gui-dashboard widget source

  • (attr) system sso-fortigate-cloud-admin gui-dashboard widget source

  • (node) system virtual-wire-pair outer-vlan-id (12 platforms: 4201F,4200F,1800F,4401F,3500F,3501F,1801F)

  • (attr) user domain-controller change-detection

  • (attr) user domain-controller change-detection-period

  • (attr) videofilter profile default-action

  • (attr) videofilter profile log

  • (attr) voip profile sip call-id-regex

  • (attr) voip profile sip content-type-regex

  • (attr) vpn certificate setting source-ip

  • (attr) vpn ipsec phase1-interface auto-discovery-crossover

  • (attr) vpn ipsec phase1-interface dev-id

  • (attr) vpn ipsec phase1-interface dev-id-notification

  • (attr) vpn ssl settings server-hostname

  • (attr) wireless-controller wtp ble-major-id

  • (attr) wireless-controller wtp ble-minor-id

  • (attr) wireless-controller wtp-group ble-major-id

  • (attr) wireless-controller wtp-profile radio-1 optional-antenna

  • (attr) wireless-controller wtp-profile radio-2 optional-antenna

  • (attr) wireless-controller wtp-profile radio-3 optional-antenna

  • (attr) wireless-controller wtp-profile radio-4 optional-antenna

The following objects were removed:

  • (attr) firewall proxy-policy voip-profile

  • (attr) videofilter youtube-channel-filter default-action

  • (attr) videofilter youtube-channel-filter override-category

  • (attr) vpn certificate setting ssl-ocsp-source-ip

The following default values changed:

  • system lte-modem auto-connect default value changed from disable to enable

  • system lte-modem gps-service default value changed from disable to enable

  • system npu hash-config default value is changed depending on the platform

  • system replacemsg admin format default value changed to none

  • system replacemsg admin header default value changed to none

  • system replacemsg alertmail format default value changed to none

  • system replacemsg alertmail header default value changed to none

  • system replacemsg auth format default value changed to none

  • system replacemsg auth header default value changed to none

  • system replacemsg automation format default value changed to none

  • system replacemsg automation header default value changed to none

  • system replacemsg custom-message format default value changed to none

  • system replacemsg custom-message header default value changed to none

  • system replacemsg fortiguard-wf format default value changed to none

  • system replacemsg fortiguard-wf header default value changed to none

  • system replacemsg ftp format default value changed to none

  • system replacemsg ftp header default value changed to none

  • system replacemsg http format default value changed to none

  • system replacemsg http header default value changed to none

  • system replacemsg icap format default value changed to none

  • system replacemsg icap header default value changed to none

  • system replacemsg mail format default value changed to none

  • system replacemsg mail header default value changed to none

  • system replacemsg nac-quar format default value changed to none

  • system replacemsg nac-quar header default value changed to none

  • system replacemsg spam format default value changed to none

  • system replacemsg spam header default value changed to none

  • system replacemsg sslvpn format default value changed to none

  • system replacemsg sslvpn header default value changed to none

  • system replacemsg traffic-quota format default value changed to none

  • system replacemsg traffic-quota header default value changed to none

  • system replacemsg utm format default value changed to none

  • system replacemsg utm header default value changed to none

  • system replacemsg webproxy format default value changed to none

  • system replacemsg webproxy header default value changed to none

  • videofilter profile fortiguard-category filters log default value changed from disable to enable

  • videofilter youtube-channel-filter log default value changed from disable to enable

  • voip profile feature-set default value changed from proxy to voipd

  • vpn certificate ocsp-server source-ip default value changed from 0.0.0.0 to null

Additional option changes:

application list entries parameters

tag: None -> tz

endpoint-control fctems ca-cn-info

tag: None -> xs

firewall address

tab-size (tag|tz): 65000,65000,0 -> 100000,100000,0 (6 platforms: 2500E,1500DT,1800F,1801F,2000E,1500D)

tab-size (tag|tz): 40000,40000,0 -> 50000,50000,0 (2 platforms: 1101E,1000D)

firewall ippool port-per-user

int-range (tag|lmt): 32,60416 -> 32,60417

log npu-server server-group

tab-size (tag|tz): 512,256,0 -> 16,0,0 (12 platforms: 4201F,4200F,1800F,4401F,3500F,3501F,1801F)

log npu-server server-info

tab-size (tag|tz): 512,256,0 -> 16,0,0 (12 platforms: 4201F,4200F,1800F,4401F,3500F,3501F,1801F)

system global http-request-limit

int-range (tag|lmt): 134217728,2147483647 -> 134217728,1073741824 (33 platforms: 3000D,5001E,1000D,4201F,600E,1101E,4401F,1500D,3200D,3601E,3100D,1800F,3401E,3501F,1801F,1500DT,2000E,4200F,3400E,2500E,3500F)

int-range (tag|lmt): 134217728,853097472 -> 134217728,1073741824 (1 platforms: 80F-2R)

int-range (tag|lmt): 134217728,853334016 -> 134217728,1073741824 (1 platforms: 80F-POE)

int-range (tag|lmt): 134217728,853332992 -> 134217728,1073741824 (1 platforms: 80F)

int-range (tag|lmt): 134217728,1773837312 -> 134217728,1073741824 (1 platforms: 400E)

int-range (tag|lmt): 134217728,851954688 -> 134217728,1073741824 (1 platforms: 81F-2R)

int-range (tag|lmt): 134217728,386418688 -> 134217728,1073741824 (1 platforms: 60F)

int-range (tag|lmt): 134217728,387472384 -> 134217728,1073741824 (1 platforms: 40F)

int-range (tag|lmt): 134217728,852159488 -> 134217728,1073741824 (1 platforms: 81F)

int-range (tag|lmt): 134217728,1634093056 -> 134217728,1073741824 (1 platforms: 800D)

int-range (tag|lmt): 134217728,398662656 -> 134217728,1073741824 (1 platforms: 40F-3G4G)

int-range (tag|lmt): 134217728,1772238848 -> 134217728,1073741824 (1 platforms: 401E)

int-range (tag|lmt): 134217728,1786169344 -> 134217728,1073741824 (1 platforms: 300E)

int-range (tag|lmt): 134217728,939444224 -> 134217728,1073741824 (1 platforms: 201E)

int-range (tag|lmt): 134217728,1644056576 -> 134217728,1073741824 (1 platforms: 200F)

int-range (tag|lmt): 134217728,680290304 -> 134217728,1073741824 (1 platforms: 101E)

int-range (tag|lmt): 134217728,369893376 -> 134217728,1073741824 (1 platforms: 60F-3G4G)

int-range (tag|lmt): 134217728,372878336 -> 134217728,1073741824 (1 platforms: 60F)

system interface mediatype

tag: None -> nd (28 platforms: 401E,300E,1000D,4201F,600E,1101E,4401F,1500D,3601E,1800F,3401E,3501F,1801F,2000E,1500DT,400E,4200F,3400E,2500E,3500F)

system interface speed

option-list (tag|opt): None -> ["40000auto"] (2 platforms: 5001E)

option-list (tag|opt): None -> ["2500auto", "400Gauto", "400Gfull", "5000auto"] (19 platforms: 4201F,4200F,3601E,3400E,1800F,3401E,1101E,4401F,3501F,3500F,1801F)

system link-monitor interval

int-range (tag|lmt): 500,3600000 -> 20,3600000

system link-monitor probe-timeout

int-range (tag|lmt): 500,5000 -> 20,5000

system lte-modem network-type

option-list (tag|opt): ["cdma-hrpd"] -> None (2 platforms: 60F-3G4G,40F-3G4G)

system npu sw-np-bandwidth

option-list (tag|opt): None -> ["7G", "8G", "9G"] (12 platforms: 3200D,3000D,3100D,1101E,5001E,800D,1500DT,1500D)

system sdwan health-check interval

int-range (tag|lmt): 500,3600000 -> 20,3600000

system sdwan health-check probe-timeout

int-range (tag|lmt): 500,3600000 -> 20,3600000

system speed-test-server name

tag: None -> xs

voip profile feature-set

option-list (tag|opt): ["flow", "proxy"] -> None

option-list (tag|opt): None -> ["ips", "voipd"]

vpn certificate ocsp-server source-ip

tag: None -> sz

Previous
Next

FortiManager 7.4.0 and FortiOS 7.2.5 compatibility issues

This section identifies interoperability issues that have been identified with FortiManager 7.4.0 and FortiOS 7.2.5. FortiOS 7.2.5 includes syntax changes not supported by FortiManager 7.4.0.

Note

When specific platforms are indicated, the syntax change applies to both the FortiGate and FortiCarrier platform for the model.

For example, (4 platforms: 3980E,3960E) indicates FortiGate-3980E, FortiCarrier-3980E, FortiGate-3960E, FortiCarrier-3960E.

The following type changed:

  • vpn certificate ocsp-server source-ip type changed from <ip4class> to <string>

The following objects were added:

  • (attr) firewall policy ip-version-type

  • (attr) firewall policy ips-voip-filter

  • (attr) firewall policy policy-behaviour-type

  • (attr) firewall profile-group ips-voip-filter

  • (attr) firewall proxy-policy ips-voip-filter

  • (attr) firewall security-policy ips-voip-filter

  • (attr) system admin gui-dashboard widget source

  • (attr) system csf file-mgmt

  • (attr) system csf file-quota

  • (attr) system csf file-quota-warning

  • (attr) system federated-upgrade ha-reboot-controller

  • (attr) system npu dedicated-management-affinity (1 platforms: 200F)

  • (attr) system npu dedicated-management-cpu (1 platforms: 200F)

  • (attr) system sso-admin gui-dashboard widget source

  • (attr) system sso-forticloud-admin gui-dashboard widget source

  • (attr) system sso-fortigate-cloud-admin gui-dashboard widget source

  • (node) system virtual-wire-pair outer-vlan-id (12 platforms: 4201F,4200F,1800F,4401F,3500F,3501F,1801F)

  • (attr) user domain-controller change-detection

  • (attr) user domain-controller change-detection-period

  • (attr) videofilter profile default-action

  • (attr) videofilter profile log

  • (attr) voip profile sip call-id-regex

  • (attr) voip profile sip content-type-regex

  • (attr) vpn certificate setting source-ip

  • (attr) vpn ipsec phase1-interface auto-discovery-crossover

  • (attr) vpn ipsec phase1-interface dev-id

  • (attr) vpn ipsec phase1-interface dev-id-notification

  • (attr) vpn ssl settings server-hostname

  • (attr) wireless-controller wtp ble-major-id

  • (attr) wireless-controller wtp ble-minor-id

  • (attr) wireless-controller wtp-group ble-major-id

  • (attr) wireless-controller wtp-profile radio-1 optional-antenna

  • (attr) wireless-controller wtp-profile radio-2 optional-antenna

  • (attr) wireless-controller wtp-profile radio-3 optional-antenna

  • (attr) wireless-controller wtp-profile radio-4 optional-antenna

The following objects were removed:

  • (attr) firewall proxy-policy voip-profile

  • (attr) videofilter youtube-channel-filter default-action

  • (attr) videofilter youtube-channel-filter override-category

  • (attr) vpn certificate setting ssl-ocsp-source-ip

The following default values changed:

  • system lte-modem auto-connect default value changed from disable to enable

  • system lte-modem gps-service default value changed from disable to enable

  • system npu hash-config default value is changed depending on the platform

  • system replacemsg admin format default value changed to none

  • system replacemsg admin header default value changed to none

  • system replacemsg alertmail format default value changed to none

  • system replacemsg alertmail header default value changed to none

  • system replacemsg auth format default value changed to none

  • system replacemsg auth header default value changed to none

  • system replacemsg automation format default value changed to none

  • system replacemsg automation header default value changed to none

  • system replacemsg custom-message format default value changed to none

  • system replacemsg custom-message header default value changed to none

  • system replacemsg fortiguard-wf format default value changed to none

  • system replacemsg fortiguard-wf header default value changed to none

  • system replacemsg ftp format default value changed to none

  • system replacemsg ftp header default value changed to none

  • system replacemsg http format default value changed to none

  • system replacemsg http header default value changed to none

  • system replacemsg icap format default value changed to none

  • system replacemsg icap header default value changed to none

  • system replacemsg mail format default value changed to none

  • system replacemsg mail header default value changed to none

  • system replacemsg nac-quar format default value changed to none

  • system replacemsg nac-quar header default value changed to none

  • system replacemsg spam format default value changed to none

  • system replacemsg spam header default value changed to none

  • system replacemsg sslvpn format default value changed to none

  • system replacemsg sslvpn header default value changed to none

  • system replacemsg traffic-quota format default value changed to none

  • system replacemsg traffic-quota header default value changed to none

  • system replacemsg utm format default value changed to none

  • system replacemsg utm header default value changed to none

  • system replacemsg webproxy format default value changed to none

  • system replacemsg webproxy header default value changed to none

  • videofilter profile fortiguard-category filters log default value changed from disable to enable

  • videofilter youtube-channel-filter log default value changed from disable to enable

  • voip profile feature-set default value changed from proxy to voipd

  • vpn certificate ocsp-server source-ip default value changed from 0.0.0.0 to null

Additional option changes:

application list entries parameters

tag: None -> tz

endpoint-control fctems ca-cn-info

tag: None -> xs

firewall address

tab-size (tag|tz): 65000,65000,0 -> 100000,100000,0 (6 platforms: 2500E,1500DT,1800F,1801F,2000E,1500D)

tab-size (tag|tz): 40000,40000,0 -> 50000,50000,0 (2 platforms: 1101E,1000D)

firewall ippool port-per-user

int-range (tag|lmt): 32,60416 -> 32,60417

log npu-server server-group

tab-size (tag|tz): 512,256,0 -> 16,0,0 (12 platforms: 4201F,4200F,1800F,4401F,3500F,3501F,1801F)

log npu-server server-info

tab-size (tag|tz): 512,256,0 -> 16,0,0 (12 platforms: 4201F,4200F,1800F,4401F,3500F,3501F,1801F)

system global http-request-limit

int-range (tag|lmt): 134217728,2147483647 -> 134217728,1073741824 (33 platforms: 3000D,5001E,1000D,4201F,600E,1101E,4401F,1500D,3200D,3601E,3100D,1800F,3401E,3501F,1801F,1500DT,2000E,4200F,3400E,2500E,3500F)

int-range (tag|lmt): 134217728,853097472 -> 134217728,1073741824 (1 platforms: 80F-2R)

int-range (tag|lmt): 134217728,853334016 -> 134217728,1073741824 (1 platforms: 80F-POE)

int-range (tag|lmt): 134217728,853332992 -> 134217728,1073741824 (1 platforms: 80F)

int-range (tag|lmt): 134217728,1773837312 -> 134217728,1073741824 (1 platforms: 400E)

int-range (tag|lmt): 134217728,851954688 -> 134217728,1073741824 (1 platforms: 81F-2R)

int-range (tag|lmt): 134217728,386418688 -> 134217728,1073741824 (1 platforms: 60F)

int-range (tag|lmt): 134217728,387472384 -> 134217728,1073741824 (1 platforms: 40F)

int-range (tag|lmt): 134217728,852159488 -> 134217728,1073741824 (1 platforms: 81F)

int-range (tag|lmt): 134217728,1634093056 -> 134217728,1073741824 (1 platforms: 800D)

int-range (tag|lmt): 134217728,398662656 -> 134217728,1073741824 (1 platforms: 40F-3G4G)

int-range (tag|lmt): 134217728,1772238848 -> 134217728,1073741824 (1 platforms: 401E)

int-range (tag|lmt): 134217728,1786169344 -> 134217728,1073741824 (1 platforms: 300E)

int-range (tag|lmt): 134217728,939444224 -> 134217728,1073741824 (1 platforms: 201E)

int-range (tag|lmt): 134217728,1644056576 -> 134217728,1073741824 (1 platforms: 200F)

int-range (tag|lmt): 134217728,680290304 -> 134217728,1073741824 (1 platforms: 101E)

int-range (tag|lmt): 134217728,369893376 -> 134217728,1073741824 (1 platforms: 60F-3G4G)

int-range (tag|lmt): 134217728,372878336 -> 134217728,1073741824 (1 platforms: 60F)

system interface mediatype

tag: None -> nd (28 platforms: 401E,300E,1000D,4201F,600E,1101E,4401F,1500D,3601E,1800F,3401E,3501F,1801F,2000E,1500DT,400E,4200F,3400E,2500E,3500F)

system interface speed

option-list (tag|opt): None -> ["40000auto"] (2 platforms: 5001E)

option-list (tag|opt): None -> ["2500auto", "400Gauto", "400Gfull", "5000auto"] (19 platforms: 4201F,4200F,3601E,3400E,1800F,3401E,1101E,4401F,3501F,3500F,1801F)

system link-monitor interval

int-range (tag|lmt): 500,3600000 -> 20,3600000

system link-monitor probe-timeout

int-range (tag|lmt): 500,5000 -> 20,5000

system lte-modem network-type

option-list (tag|opt): ["cdma-hrpd"] -> None (2 platforms: 60F-3G4G,40F-3G4G)

system npu sw-np-bandwidth

option-list (tag|opt): None -> ["7G", "8G", "9G"] (12 platforms: 3200D,3000D,3100D,1101E,5001E,800D,1500DT,1500D)

system sdwan health-check interval

int-range (tag|lmt): 500,3600000 -> 20,3600000

system sdwan health-check probe-timeout

int-range (tag|lmt): 500,3600000 -> 20,3600000

system speed-test-server name

tag: None -> xs

voip profile feature-set

option-list (tag|opt): ["flow", "proxy"] -> None

option-list (tag|opt): None -> ["ips", "voipd"]

vpn certificate ocsp-server source-ip

tag: None -> sz

Previous
Next