Fortinet black logo

Whatʼs new in FortiOS 6.4.2

Copy Link
Copy Doc ID daae6d6f-d2a0-11ea-96b9-00505692583a:950458
Download PDF

Whatʼs new in FortiOS 6.4.2

The following list contains new managed FortiSwitch features added in FortiOS 6.4.2. Click on a link to navigate to that section for further information.

  • FortiLink mode now supports FortiGate units in separate sites running in HA mode. See HA-mode FortiGate units in remote sites.
  • The 802.1x-authenticated user name is now reported in the FortiGate traffic log.
  • You can now use SNMP to retrieve the switch and port status:
    • OID: 1.3.6.1.4.1.12356.101.24.1.1.1
      FORTINET-FORTIGATE-MIB:fortinet.fnFortiGateMib.fgSw.fgSwDeviceInfo.fgSwDeviceTable.fgSwDeviceEntry
    • OID 1.3.6.1.4.1.12356.101.24.2.1.1
      FORTINET-FORTIGATE-MIB:fortinet.fnFortiGateMib.fgSw.fgSwPortInfo.fgSwPortTable.fgSwPortEntry
  • When you create a link aggregation group (LAG) in FortiLink mode, you can now select the aggregation mode for the trunk when the trunk is in LACP mode. Ports can be grouped into the aggregator with the largest bandwidth or the aggregator with the most ports. See Configuring a link aggregation group (LAG). Use the following CLI commands:

    config switch-controller managed-switch

    edit <FortiSwitch_serial_number>

    config ports

    edit <trunk_name>

    set type trunk

    set mode {lacp-passive | lacp-active}

    set aggregator-mode {bandwidth | count}

    set members <port1 port2 ...>

    next

    end

    end

    end

  • Explicit congestion notification (ECN) is now supported in FortiLink mode when the drop policy is weighted random early detection (WRED). See Configuring QoS with managed FortiSwitch units. Use the following CLI commands:

    config switch-controller qos queue-policy

    edit <QoS_egress_policy_name>

    config cos-queue

    edit queue-<number>

    set drop-policy weighted-random-early-detection

    set ecn enable

    next

    end

    next

    end

  • The RADIUS Service-Type attribute now supports sending multiple values in FortiLink mode. See RADIUS accounting support.

    config user radius

    edit <RADIUS_server_name>

    set switch-controller-service-type {administrative | authenticate-only | callback-administrative | callback-framed | callback-login | callback-nas-prompt | call-check | framed | login | nas-prompt | outbound}

    next

    end

  • The Precision Time Protocol (PTP) transparent-clock mode is now supported in FortiLink mode. See Configuring PTP transparent-clock mode.
  • The new Diagnostics and Tools form reports the general health of the FortiSwitch unit, displays details about the FortiSwitch unit, and allows you to run diagnostic tests. See Diagnostics and tools.
  • Interoperation with per-VLAN Rapid Spanning Tree Protocol (also known as Rapid PVSP or RPVST) is now supported on managed FortiSwitch units. See Configuring interoperation with per-VLAN RSTP.
  • When you define a FortiSwitch NAC policy, you can now specify a FortiClient EMS tag as the matching condition, which allows the NAC policy to match devices with the MAC address. See Creating an EMS-tag policy.
  • The number of FortiSwitch units supported by the FGT-1100E and FGT-1101E models has been increased from 128 to 196.
  • FortiLink mode now offers automated detection of conditions observed in the switch-controller and FortiSwitch network. Administrators can accept the configuration recommendations and have them automatically applied. See Optimizing the FortiSwitch network.

Whatʼs new in FortiOS 6.4.2

The following list contains new managed FortiSwitch features added in FortiOS 6.4.2. Click on a link to navigate to that section for further information.

  • FortiLink mode now supports FortiGate units in separate sites running in HA mode. See HA-mode FortiGate units in remote sites.
  • The 802.1x-authenticated user name is now reported in the FortiGate traffic log.
  • You can now use SNMP to retrieve the switch and port status:
    • OID: 1.3.6.1.4.1.12356.101.24.1.1.1
      FORTINET-FORTIGATE-MIB:fortinet.fnFortiGateMib.fgSw.fgSwDeviceInfo.fgSwDeviceTable.fgSwDeviceEntry
    • OID 1.3.6.1.4.1.12356.101.24.2.1.1
      FORTINET-FORTIGATE-MIB:fortinet.fnFortiGateMib.fgSw.fgSwPortInfo.fgSwPortTable.fgSwPortEntry
  • When you create a link aggregation group (LAG) in FortiLink mode, you can now select the aggregation mode for the trunk when the trunk is in LACP mode. Ports can be grouped into the aggregator with the largest bandwidth or the aggregator with the most ports. See Configuring a link aggregation group (LAG). Use the following CLI commands:

    config switch-controller managed-switch

    edit <FortiSwitch_serial_number>

    config ports

    edit <trunk_name>

    set type trunk

    set mode {lacp-passive | lacp-active}

    set aggregator-mode {bandwidth | count}

    set members <port1 port2 ...>

    next

    end

    end

    end

  • Explicit congestion notification (ECN) is now supported in FortiLink mode when the drop policy is weighted random early detection (WRED). See Configuring QoS with managed FortiSwitch units. Use the following CLI commands:

    config switch-controller qos queue-policy

    edit <QoS_egress_policy_name>

    config cos-queue

    edit queue-<number>

    set drop-policy weighted-random-early-detection

    set ecn enable

    next

    end

    next

    end

  • The RADIUS Service-Type attribute now supports sending multiple values in FortiLink mode. See RADIUS accounting support.

    config user radius

    edit <RADIUS_server_name>

    set switch-controller-service-type {administrative | authenticate-only | callback-administrative | callback-framed | callback-login | callback-nas-prompt | call-check | framed | login | nas-prompt | outbound}

    next

    end

  • The Precision Time Protocol (PTP) transparent-clock mode is now supported in FortiLink mode. See Configuring PTP transparent-clock mode.
  • The new Diagnostics and Tools form reports the general health of the FortiSwitch unit, displays details about the FortiSwitch unit, and allows you to run diagnostic tests. See Diagnostics and tools.
  • Interoperation with per-VLAN Rapid Spanning Tree Protocol (also known as Rapid PVSP or RPVST) is now supported on managed FortiSwitch units. See Configuring interoperation with per-VLAN RSTP.
  • When you define a FortiSwitch NAC policy, you can now specify a FortiClient EMS tag as the matching condition, which allows the NAC policy to match devices with the MAC address. See Creating an EMS-tag policy.
  • The number of FortiSwitch units supported by the FGT-1100E and FGT-1101E models has been increased from 128 to 196.
  • FortiLink mode now offers automated detection of conditions observed in the switch-controller and FortiSwitch network. Administrators can accept the configuration recommendations and have them automatically applied. See Optimizing the FortiSwitch network.