Fortinet black logo

Release Notes

Home FortiManager 7.4.2 Release Notes
7.4.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3

FortiManager 7.4.2 and FortiOS 7.2.8 compatibility issues

FortiManager 7.4.2 and FortiOS 7.2.8 compatibility issues

This section identifies interoperability issues that have been identified with FortiManager 7.4.2 and FortiOS 7.2.8.

FortiOS 7.2.8 includes two new webfilter categories that are not supported by FortiManager 7.4.2. Thus, adding a device running FortiOS 7.2.8 may cause syntax issues. The new categories are category 100 and category 101. These categories are used in the default webfilter profiles sniffer-profile and monitor-all. Before adding a device running FortiOS 7.2.8, you must delete the filter entires that contain these categories from the FortiGate CLI using the following command:

config webfilter profile

edit sniffer-profile

config ftgd-wf

config filters

delete 92

delete 93

end

end

edit monitor-all

config ftgd-wf

config filters

delete 92

delete 93

end

end

FortiOS 7.2.8 includes the following syntax changes not supported by FortiManager 7.4.2.

Note

When specific platforms are indicated, the syntax change applies to both the FortiGate and FortiCarrier platform for the model.

For example, (4 platforms: 3980E,3960E) indicates FortiGate-3980E, FortiCarrier-3980E, FortiGate-3960E, FortiCarrier-3960E.

The following objects were added:

  • (attr) firewall central-snat-map dst-port

  • (attr) firewall interface-policy uuid

  • (attr) firewall interface-policy uuid-idx

  • (attr) firewall interface-policy6 uuid

  • (attr) firewall interface-policy6 uuid-idx

  • (attr) firewall sniffer uuid

  • (attr) firewall sniffer uuid-idx

  • (attr) log fortianalyzer override-setting alt-server

  • (attr) log fortianalyzer override-setting fallback-to-primary

  • (attr) log fortianalyzer override-setting server-cert-ca

  • (attr) log fortianalyzer setting alt-server

  • (attr) log fortianalyzer setting fallback-to-primary

  • (attr) log fortianalyzer setting server-cert-ca

  • (attr) log fortianalyzer2 override-setting alt-server

  • (attr) log fortianalyzer2 override-setting fallback-to-primary

  • (attr) log fortianalyzer2 override-setting server-cert-ca

  • (attr) log fortianalyzer2 setting alt-server

  • (attr) log fortianalyzer2 setting fallback-to-primary

  • (attr) log fortianalyzer2 setting server-cert-ca

  • (attr) log fortianalyzer3 override-setting alt-server

  • (attr) log fortianalyzer3 override-setting fallback-to-primary

  • (attr) log fortianalyzer3 override-setting server-cert-ca

  • (attr) log fortianalyzer3 setting alt-server

  • (attr) log fortianalyzer3 setting fallback-to-primary

  • (attr) log fortianalyzer3 setting server-cert-ca

  • (node) rule fmwp

  • (attr) system csf source-ip

  • (attr) system csf upstream-interface

  • (attr) system csf upstream-interface-select-method

  • (attr) system global gui-auto-upgrade-setup-warning

  • (attr) system global ipv6-allow-local-in-silent-drop

  • (attr) system global npu-neighbor-update

  • (attr) system interface mediatype (2 platforms: 101F,100F)

  • (node) system netflow collectors

  • (attr) system np6xlite congestion-handling-mode (2 platforms: 201F,200F)

  • (attr) system npu fp-anomaly sctp-csum-err (11 platforms: 3700F,3701F,400F,1000F,3201F,600F,3200F)

  • (attr) system npu ip-fragment-offload (14 platforms: 3701F,3200F,400F,1001F,1000F,601F,3201F,401F,3700F,600F)

  • (attr) system npu split-ipsec-engines (27 platforms: 60F,100F,40F,80F,200F,80F-2R,61F,81F,81F-2R-3G4G-POE,60F-3G4G,80F-POE,81F-2R-POE,40F-3G4G,71F,101F,80F-BYPASS,81F-POE,201F,70F-3G4G,70F,81F-2R)

  • (attr) system npu tunnel-over-vlink (43 platforms: 3301E,3200D,401E,3300E,3401E,1100E,3960E,3400E,800D,2000E,2500E,1101E,501E,2200E,1500D,3000D,600E,500E,5001E,300E,3100D,3600E,1000D,5001E1,301E,2201E,400E,601E,400E-BYPASS,3601E,900D)

  • (attr) system snmp sysinfo append-index

  • (node) system vdom-netflow collectors

  • (node) user external-identity-provider

  • (attr) vpn ipsec phase1 azure-ad-autoconnect

  • (node) vpn ipsec phase1 internal-domain-list

  • (attr) vpn ipsec phase1-interface azure-ad-autoconnect

  • (attr) vpn ipsec phase1-interface cert-trust-store

  • (attr) vpn ipsec phase1-interface ems-sn-check

  • (node) vpn ipsec phase1-interface internal-domain-list

  • (attr) vpn ipsec phase1-interface remote-gw-country

  • (attr) vpn ipsec phase1-interface remote-gw-end-ip

  • (attr) vpn ipsec phase1-interface remote-gw-match

  • (attr) vpn ipsec phase1-interface remote-gw-start-ip

  • (attr) vpn ipsec phase1-interface remote-gw-subnet

  • (attr) vpn ipsec phase1-interface remote-gw6-country

  • (attr) vpn ipsec phase1-interface remote-gw6-end-ip

  • (attr) vpn ipsec phase1-interface remote-gw6-match

  • (attr) vpn ipsec phase1-interface remote-gw6-start-ip

  • (attr) vpn ipsec phase1-interface remote-gw6-subnet

  • (attr) web-proxy global log-policy-pending

  • (attr) web-proxy global policy-category-deep-inspect

The following objects were removed:

  • (attr) switch-controller managed-switch ports link-status (98 platforms: excludes 5001E1,5001E)

  • (attr) system console baudrate

  • (attr) system global gui-allow-default-hostname

  • (attr) system global ipv6-allow-local-in-slient-drop

  • (attr) system netflow collector-ip

  • (attr) system netflow collector-port

  • (attr) system netflow interface

  • (attr) system netflow interface-select-method

  • (attr) system netflow source-ip

  • (attr) system vdom-netflow collector-ip

  • (attr) system vdom-netflow collector-port

  • (attr) system vdom-netflow interface

  • (attr) system vdom-netflow interface-select-method

  • (attr) system vdom-netflow source-ip

The following default values changed:

  • system fortiguard auto-firmware-upgrade-start-hour (2 -> 1)

  • system global ssh-enc-algo (chacha20-poly1305@openssh.com aes256-ctr aes256-gcm@openssh.com -> aes256-ctr aes256-gcm@openssh.com)

  • system interface ipv6 nd-cga-modifier (0000007264702F6C69627264705F7373 -> 0065636473612D776974682D73686132)

  • system interface pvc-atm-qos (cbr -> ubr)

Additional option changes:

switch-controller 802-1X-settings tx-period

int-range (tag|lmt): 4,60 -> 12,60 (98 platforms: excludes 5001E1,5001E)

switch-controller managed-switch 802-1X-settings tx-period

int-range (tag|lmt): 4,60 -> 12,60 (98 platforms: excludes 5001E1,5001E)

switch-controller managed-switch ports speed

option-list (tag|opt): None -> ["2500full", "40000auto"] (98 platforms: excludes 5001E1,5001E)

switch-controller system tunnel-mode

option-list (tag|opt): None -> ["moderate"] (98 platforms: excludes 5001E1,5001E)

system dnp3-proxy term-baudrate

option-list (tag|opt): None -> ["9600"] (4 platforms: 60F,60F-3G4G,70F-3G4G,70F)

system interface pvc-atm-qos

option-list (tag|opt): None -> ["ubr"] (11 platforms: 60F,70F-3G4G,81F,70F,81F-2R-3G4G-POE,60F-3G4G,80F-BYPASS,80F,80F-POE,81F-POE,81F-2R-POE)

system interface speed

option-list (tag|opt): None -> ["100Gauto", "100Gfull", "100auto", "200Gauto", "200Gfull", "25000auto", "25000full", "2500auto", "40000auto", "40000full", "400Gauto", "400Gfull", "50000auto", "50000full", "5000auto"] (2 platforms: 101F,100F)

vpn ssl web portal bookmark-group bookmarks keyboard-layout

option-list (tag|opt): None -> ["la-am"]

vpn ssl web user-bookmark bookmarks keyboard-layout

option-list (tag|opt): None -> ["la-am"]

vpn ssl web user-group-bookmark bookmarks keyboard-layout

option-list (tag|opt): None -> ["la-am"]

wireless-controller wtp-group platform-type

option-list (tag|opt): None -> ["234G", "432G"]

wireless-controller wtp-profile platform type

option-list (tag|opt): None -> ["234G", "432G"]

Table changes:

  • The system.interface table limit was changed from 0 (unlimited) to 1036.

Previous
Next

FortiManager 7.4.2 and FortiOS 7.2.8 compatibility issues

This section identifies interoperability issues that have been identified with FortiManager 7.4.2 and FortiOS 7.2.8.

FortiOS 7.2.8 includes two new webfilter categories that are not supported by FortiManager 7.4.2. Thus, adding a device running FortiOS 7.2.8 may cause syntax issues. The new categories are category 100 and category 101. These categories are used in the default webfilter profiles sniffer-profile and monitor-all. Before adding a device running FortiOS 7.2.8, you must delete the filter entires that contain these categories from the FortiGate CLI using the following command:

config webfilter profile

edit sniffer-profile

config ftgd-wf

config filters

delete 92

delete 93

end

end

edit monitor-all

config ftgd-wf

config filters

delete 92

delete 93

end

end

FortiOS 7.2.8 includes the following syntax changes not supported by FortiManager 7.4.2.

Note

When specific platforms are indicated, the syntax change applies to both the FortiGate and FortiCarrier platform for the model.

For example, (4 platforms: 3980E,3960E) indicates FortiGate-3980E, FortiCarrier-3980E, FortiGate-3960E, FortiCarrier-3960E.

The following objects were added:

  • (attr) firewall central-snat-map dst-port

  • (attr) firewall interface-policy uuid

  • (attr) firewall interface-policy uuid-idx

  • (attr) firewall interface-policy6 uuid

  • (attr) firewall interface-policy6 uuid-idx

  • (attr) firewall sniffer uuid

  • (attr) firewall sniffer uuid-idx

  • (attr) log fortianalyzer override-setting alt-server

  • (attr) log fortianalyzer override-setting fallback-to-primary

  • (attr) log fortianalyzer override-setting server-cert-ca

  • (attr) log fortianalyzer setting alt-server

  • (attr) log fortianalyzer setting fallback-to-primary

  • (attr) log fortianalyzer setting server-cert-ca

  • (attr) log fortianalyzer2 override-setting alt-server

  • (attr) log fortianalyzer2 override-setting fallback-to-primary

  • (attr) log fortianalyzer2 override-setting server-cert-ca

  • (attr) log fortianalyzer2 setting alt-server

  • (attr) log fortianalyzer2 setting fallback-to-primary

  • (attr) log fortianalyzer2 setting server-cert-ca

  • (attr) log fortianalyzer3 override-setting alt-server

  • (attr) log fortianalyzer3 override-setting fallback-to-primary

  • (attr) log fortianalyzer3 override-setting server-cert-ca

  • (attr) log fortianalyzer3 setting alt-server

  • (attr) log fortianalyzer3 setting fallback-to-primary

  • (attr) log fortianalyzer3 setting server-cert-ca

  • (node) rule fmwp

  • (attr) system csf source-ip

  • (attr) system csf upstream-interface

  • (attr) system csf upstream-interface-select-method

  • (attr) system global gui-auto-upgrade-setup-warning

  • (attr) system global ipv6-allow-local-in-silent-drop

  • (attr) system global npu-neighbor-update

  • (attr) system interface mediatype (2 platforms: 101F,100F)

  • (node) system netflow collectors

  • (attr) system np6xlite congestion-handling-mode (2 platforms: 201F,200F)

  • (attr) system npu fp-anomaly sctp-csum-err (11 platforms: 3700F,3701F,400F,1000F,3201F,600F,3200F)

  • (attr) system npu ip-fragment-offload (14 platforms: 3701F,3200F,400F,1001F,1000F,601F,3201F,401F,3700F,600F)

  • (attr) system npu split-ipsec-engines (27 platforms: 60F,100F,40F,80F,200F,80F-2R,61F,81F,81F-2R-3G4G-POE,60F-3G4G,80F-POE,81F-2R-POE,40F-3G4G,71F,101F,80F-BYPASS,81F-POE,201F,70F-3G4G,70F,81F-2R)

  • (attr) system npu tunnel-over-vlink (43 platforms: 3301E,3200D,401E,3300E,3401E,1100E,3960E,3400E,800D,2000E,2500E,1101E,501E,2200E,1500D,3000D,600E,500E,5001E,300E,3100D,3600E,1000D,5001E1,301E,2201E,400E,601E,400E-BYPASS,3601E,900D)

  • (attr) system snmp sysinfo append-index

  • (node) system vdom-netflow collectors

  • (node) user external-identity-provider

  • (attr) vpn ipsec phase1 azure-ad-autoconnect

  • (node) vpn ipsec phase1 internal-domain-list

  • (attr) vpn ipsec phase1-interface azure-ad-autoconnect

  • (attr) vpn ipsec phase1-interface cert-trust-store

  • (attr) vpn ipsec phase1-interface ems-sn-check

  • (node) vpn ipsec phase1-interface internal-domain-list

  • (attr) vpn ipsec phase1-interface remote-gw-country

  • (attr) vpn ipsec phase1-interface remote-gw-end-ip

  • (attr) vpn ipsec phase1-interface remote-gw-match

  • (attr) vpn ipsec phase1-interface remote-gw-start-ip

  • (attr) vpn ipsec phase1-interface remote-gw-subnet

  • (attr) vpn ipsec phase1-interface remote-gw6-country

  • (attr) vpn ipsec phase1-interface remote-gw6-end-ip

  • (attr) vpn ipsec phase1-interface remote-gw6-match

  • (attr) vpn ipsec phase1-interface remote-gw6-start-ip

  • (attr) vpn ipsec phase1-interface remote-gw6-subnet

  • (attr) web-proxy global log-policy-pending

  • (attr) web-proxy global policy-category-deep-inspect

The following objects were removed:

  • (attr) switch-controller managed-switch ports link-status (98 platforms: excludes 5001E1,5001E)

  • (attr) system console baudrate

  • (attr) system global gui-allow-default-hostname

  • (attr) system global ipv6-allow-local-in-slient-drop

  • (attr) system netflow collector-ip

  • (attr) system netflow collector-port

  • (attr) system netflow interface

  • (attr) system netflow interface-select-method

  • (attr) system netflow source-ip

  • (attr) system vdom-netflow collector-ip

  • (attr) system vdom-netflow collector-port

  • (attr) system vdom-netflow interface

  • (attr) system vdom-netflow interface-select-method

  • (attr) system vdom-netflow source-ip

The following default values changed:

  • system fortiguard auto-firmware-upgrade-start-hour (2 -> 1)

  • system global ssh-enc-algo (chacha20-poly1305@openssh.com aes256-ctr aes256-gcm@openssh.com -> aes256-ctr aes256-gcm@openssh.com)

  • system interface ipv6 nd-cga-modifier (0000007264702F6C69627264705F7373 -> 0065636473612D776974682D73686132)

  • system interface pvc-atm-qos (cbr -> ubr)

Additional option changes:

switch-controller 802-1X-settings tx-period

int-range (tag|lmt): 4,60 -> 12,60 (98 platforms: excludes 5001E1,5001E)

switch-controller managed-switch 802-1X-settings tx-period

int-range (tag|lmt): 4,60 -> 12,60 (98 platforms: excludes 5001E1,5001E)

switch-controller managed-switch ports speed

option-list (tag|opt): None -> ["2500full", "40000auto"] (98 platforms: excludes 5001E1,5001E)

switch-controller system tunnel-mode

option-list (tag|opt): None -> ["moderate"] (98 platforms: excludes 5001E1,5001E)

system dnp3-proxy term-baudrate

option-list (tag|opt): None -> ["9600"] (4 platforms: 60F,60F-3G4G,70F-3G4G,70F)

system interface pvc-atm-qos

option-list (tag|opt): None -> ["ubr"] (11 platforms: 60F,70F-3G4G,81F,70F,81F-2R-3G4G-POE,60F-3G4G,80F-BYPASS,80F,80F-POE,81F-POE,81F-2R-POE)

system interface speed

option-list (tag|opt): None -> ["100Gauto", "100Gfull", "100auto", "200Gauto", "200Gfull", "25000auto", "25000full", "2500auto", "40000auto", "40000full", "400Gauto", "400Gfull", "50000auto", "50000full", "5000auto"] (2 platforms: 101F,100F)

vpn ssl web portal bookmark-group bookmarks keyboard-layout

option-list (tag|opt): None -> ["la-am"]

vpn ssl web user-bookmark bookmarks keyboard-layout

option-list (tag|opt): None -> ["la-am"]

vpn ssl web user-group-bookmark bookmarks keyboard-layout

option-list (tag|opt): None -> ["la-am"]

wireless-controller wtp-group platform-type

option-list (tag|opt): None -> ["234G", "432G"]

wireless-controller wtp-profile platform type

option-list (tag|opt): None -> ["234G", "432G"]

Table changes:

  • The system.interface table limit was changed from 0 (unlimited) to 1036.

Previous
Next