Fortinet black logo

FortiSwitchOS Release Notes

Home FortiSwitch 7.4.1 FortiSwitchOS Release Notes
7.4.1
7.4.3
7.4.2
7.4.1
7.4.0
3.2.2
3.2.1
3.2.0
3.0.1
3.0.0
2.0.3
2.0.2

Introduction

Introduction

This document provides the following information for FortiSwitchOS 7.4.1 build 0787.

See the Fortinet Document Library for FortiSwitchOS documentation.

Supported models

FortiSwitchOS 7.4.1 supports the following models:

FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
FortiSwitch 4xx FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448E, FS-448E-POE, FS-448E-FPOE
FortiSwitch 5xx FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE
FortiSwitch 1xxx FS-1024D, FS-1024E, FS-1048E, FS-T1024E
FortiSwitch 3xxx FS-3032E
FortiSwitch Rugged FSR-112D-POE, FSR-124D, FSR-424F-POE

What’s new in FortiSwitchOS 7.4.1

Release 7.4.1 provides the following new features:

  • The FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148F, FS-148F-POE, and FS-148F-FPOE models now support flow export.

  • The FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448E, FS-448E-POE, and FS-448E-FPOE models now support Protocol Independent Multicast (PIM) routing.

  • The FS-1024E and FS-T1024E models now support Media Access Control security (MACsec) on 4x25G split ports.

  • You can now configure MACsec profiles in the GUI.

  • You now have the flexibility to exclude one or more protocols from the MACsec traffic policy. By default, all protocols are encrypted. You can use the CLI to exclude ARP, 802.1q VLAN, FortiLink, IPv4, IPv6, LACP, LLDP, 802.1ad QinQ, and STP packets.

  • When strong cryptography is disabled in the System > Config > SSL page, FortiSwitchOS displays a warning that the switch will reboot and then requires the user to confirm before rebooting the switch.

  • You can now generate an elliptic curve (ECDSA) certificate using a certificate signing request (CSR). You can choose an SECP256R1, SECP384R1, or SECP521R1 elliptic curve.

  • You can use new CLI commands to specify how the following RADIUS request attributes are formatted:

    • User-Name

    • User-Password

    • Called-Station-Id

    • Calling-Station-Id

  • You can now configure network monitoring and view network-monitoring statistics in the GUI. You can monitor specific unicast MAC addresses in directed mode, monitor all detected MAC addresses on a FortiSwitch unit in survey mode, or do both.

  • You can now configure Intermediate System to Intermediate System Protocol (IS-IS) routing in the GUI.

  • FR-TRAN-ZX now supports the diagnostic monitoring interface (DMI).

  • FortiSwitchOS can now distinguish between the interchassis link (ICL) being down and a peer switch being down or getting restarted. When a peer switch is down or restarted, the other switch does not mistakenly detect a split-brain state and shut down all ports.

  • You can now configure in the CLI how long MAC authentication bypass (MAB) sessions are kept:

    • In static mode, MAB sessions are kept until the link goes down or the MAB sessions are manually deleted with the CLI.

    • In dynamic mode, MAB sessions are treated the same way as dynamically learned MAC addresses.

  • You can now use flow-based Equal Cost Multi-Path (ECMP) routing with Virtual Extensible LAN (VXLAN) interfaces for load balancing.

  • The set vxlan-port command (under config switch global) is now the set vxlan-dport command.

  • FortiSwitchOS can now detect duplicate MAC addresses in a Border Gateway Protocol (BGP) Ethernet Virtual Private Network (EVPN) with VXLAN interfaces. When a duplicate MAC address is detected, FortiSwitchOS logs it as an error, making it quicker to find and resolve problems in the network configuration.

  • The FS-1048 model now supports autonegotiation for the 40G direct-attach cable (FN-CABLE-QSFP+).

  • If you are using FortiSwitchOS 7.4.1 in FortiLink mode:

    • You can now make your Security Fabric more secure with the FortiLink secured fabric. The FortiLink secured fabric provides authentication and encryption to all fabric links, wherever possible. Zero-touch support is available for FortiLink mode over a layer-2 network and over a layer-3 network.

    • Managed FortiSwitch units can now perform inter-VLAN routing. The FortiGate device can program a FortiSwitch unit to do the layer-3 routing of trusted traffic between specific VLANs.

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.

Previous
Next

Introduction

This document provides the following information for FortiSwitchOS 7.4.1 build 0787.

See the Fortinet Document Library for FortiSwitchOS documentation.

Supported models

FortiSwitchOS 7.4.1 supports the following models:

FortiSwitch 1xx FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
FortiSwitch 2xx FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
FortiSwitch 4xx FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448E, FS-448E-POE, FS-448E-FPOE
FortiSwitch 5xx FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE
FortiSwitch 1xxx FS-1024D, FS-1024E, FS-1048E, FS-T1024E
FortiSwitch 3xxx FS-3032E
FortiSwitch Rugged FSR-112D-POE, FSR-124D, FSR-424F-POE

What’s new in FortiSwitchOS 7.4.1

Release 7.4.1 provides the following new features:

  • The FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148F, FS-148F-POE, and FS-148F-FPOE models now support flow export.

  • The FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448E, FS-448E-POE, and FS-448E-FPOE models now support Protocol Independent Multicast (PIM) routing.

  • The FS-1024E and FS-T1024E models now support Media Access Control security (MACsec) on 4x25G split ports.

  • You can now configure MACsec profiles in the GUI.

  • You now have the flexibility to exclude one or more protocols from the MACsec traffic policy. By default, all protocols are encrypted. You can use the CLI to exclude ARP, 802.1q VLAN, FortiLink, IPv4, IPv6, LACP, LLDP, 802.1ad QinQ, and STP packets.

  • When strong cryptography is disabled in the System > Config > SSL page, FortiSwitchOS displays a warning that the switch will reboot and then requires the user to confirm before rebooting the switch.

  • You can now generate an elliptic curve (ECDSA) certificate using a certificate signing request (CSR). You can choose an SECP256R1, SECP384R1, or SECP521R1 elliptic curve.

  • You can use new CLI commands to specify how the following RADIUS request attributes are formatted:

    • User-Name

    • User-Password

    • Called-Station-Id

    • Calling-Station-Id

  • You can now configure network monitoring and view network-monitoring statistics in the GUI. You can monitor specific unicast MAC addresses in directed mode, monitor all detected MAC addresses on a FortiSwitch unit in survey mode, or do both.

  • You can now configure Intermediate System to Intermediate System Protocol (IS-IS) routing in the GUI.

  • FR-TRAN-ZX now supports the diagnostic monitoring interface (DMI).

  • FortiSwitchOS can now distinguish between the interchassis link (ICL) being down and a peer switch being down or getting restarted. When a peer switch is down or restarted, the other switch does not mistakenly detect a split-brain state and shut down all ports.

  • You can now configure in the CLI how long MAC authentication bypass (MAB) sessions are kept:

    • In static mode, MAB sessions are kept until the link goes down or the MAB sessions are manually deleted with the CLI.

    • In dynamic mode, MAB sessions are treated the same way as dynamically learned MAC addresses.

  • You can now use flow-based Equal Cost Multi-Path (ECMP) routing with Virtual Extensible LAN (VXLAN) interfaces for load balancing.

  • The set vxlan-port command (under config switch global) is now the set vxlan-dport command.

  • FortiSwitchOS can now detect duplicate MAC addresses in a Border Gateway Protocol (BGP) Ethernet Virtual Private Network (EVPN) with VXLAN interfaces. When a duplicate MAC address is detected, FortiSwitchOS logs it as an error, making it quicker to find and resolve problems in the network configuration.

  • The FS-1048 model now supports autonegotiation for the 40G direct-attach cable (FN-CABLE-QSFP+).

  • If you are using FortiSwitchOS 7.4.1 in FortiLink mode:

    • You can now make your Security Fabric more secure with the FortiLink secured fabric. The FortiLink secured fabric provides authentication and encryption to all fabric links, wherever possible. Zero-touch support is available for FortiLink mode over a layer-2 network and over a layer-3 network.

    • Managed FortiSwitch units can now perform inter-VLAN routing. The FortiGate device can program a FortiSwitch unit to do the layer-3 routing of trusted traffic between specific VLANs.

Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.

Previous
Next