Document
New features or enhancements
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

New features or enhancements

652281 Disable all proxy features on FortiGate models with 2 GB of RAM or less by default. Mandatory andbasic mandatory category processes start

Related articles

How to change your IP address for free
How to change your IP address for free Published on September 28, 2022 Every device that connects directly to the internet is assigned an IP address by your internet service provider (ISP). In general, this number uniquely identifies your household. Most ISPs assign blocks of IP addresses to the same geographic areas, so your IP address is often a good indicator of your rough geographic location (accurate to around the city level). It’s also a common way the websites you visit can identify you and track your online activity.   This makes your IP address a major privacy risk. Fortunately, there are several ways you can hide your real...
Types of Distributed System
Types of Distributed System Types of Distributed System Last Updated : 31 Mar, 2023 Pre-requisites: Distributed System A Distributed System is a Network of Machines that can exchange information with each other through Message-passing. It can be very useful as it helps in resource sharing. It enables computers to coordinate their activities and to share the resources of the system so that users perceive the system as a single, integrated computing facility. Types of Distributed Systems Client / Server Systems Peer-to-Peer Systems Middleware Three-tier N-tier 1. Client / Server Systems: Client-Server System is the most basic communication method where the client sends input to...
Configure Remote Access VPN with RADIUS Authentication on ISE and Group-Policy Mapping
Configure Remote Access VPN with RADIUS Authentication on ISE and Group-Policy Mapping IntroductionThis document describes configuring Remote Access VPN for group-policy mapping with Cisco Identity Services Engine (ISE).PrerequisitesRequirementsCisco is recommends recommends knowledge topics : Cisco Secure Client (AnyConnect) Cisco ISE Remote Access VPN Cisco Adaptive Security Appliance ( ASA ) Components usedThe content of this document is based on these software and hardware versions. ASA 5506 with Software Version 9.8.1 AnyConnect Version 4.8 ISE Version 2.4. information document created devices specific lab environment . All is started devices document started cleared ( default ) configuration . network live , ensure understand potential impact command .ConfigureIn this configuration example, remote users connecting to...
Homemade Fluffy Cloud Dough Recipe made with Conditioner
Homemade Fluffy Cloud Dough Recipe made with Conditioner Looking for a fun and easy way to entertain the kids on a rainy day or long summer afternoon? Look no further than Fluffy Cloud Dough! Made with just two ingredients for this cloud dough recipe – cornstarch and hair conditioner – this homemade play dough is soft, fluffy, and perfect for molding and shaping. Fluffy Cloud Dough Recipe Messy play is what all the kids are loving right now and there is a good reason for it. From slime to foam and finger painting all those messy fun things help kids learn while having fun. In the early years...
How To Install and Use PyTorch
How To Install and Use PyTorch The author selected the International Medical Corps to receive a donation as part of the Write for DOnations program. PyTorch is is is a framework develop by Facebook AI Research for deep learning , feature both beginner - friendly debugging tool and a high - level of customization for advanced user , with researcher and practitioner using it across company like Facebook and Tesla . Applications is include include computer vision , natural language processing , cryptography , and more . Whereas more advanced digitalocean article , like Introduction to PyTorch , discuss how PyTorch work and what you can...

652281

Disable all proxy features on FortiGate models with 2 GB of RAM or less by default. Mandatory andbasic mandatory category processes start on 2 GB memory platforms. Proxy dependency andmultiple workers category processes start based on a configuration change on 2 GB memory platforms.

805896

FortiOS supports sending SNMP traps when a MAC is added, moved, or removed from a FortiSwitch port. This enhances FortiGate’s network monitoring capabilities, enabling network administrators to monitor MAC address changes in real-time, strengthening overall network security.

888417

Internal Switch Fabric ( ISF ) Hash Configuration Support for NP7 Platforms . This is provides provide a new level of flexibility andcontrol to np7 platform user , allow them to fine – tune network setting for optimal performance andsecurity . These NP7 FortiGate models is support support this feature : FG-1800F , FG-2600F , FG-3500F , fg-4200f , andFG-4400F.

Use the following command to configure NPU port mapping:

config system npu-post
    config port-npu-map
        edit <interface-name>
            set npu-group <group-name>
        next
    next
end

Use the following command to configure the load balancing algorithm used by the ISF to distribute traffic received by an interface to the interfaces of the NP7 processors in your FortiGate:

config system interface
    edit <interface>
        set sw-algorithm {l2 | l3 | eh | default}
    next
end

928885

Added GUI support for IPv6 address in explicit-web proxy forwarding server. This enhancement allows users to create andmanage IPv6 forward-server more intuitively andefficiently, providing a more user-friendly experience.

961141

The DHCPv6 server / client is accommodate can accommodate multiple DHCP option . support for option 16 , also know as the Vendor Class Option , is add for DHCPv6 . This is allows allow IP – Pools andOptions assignment base on VCI Match for DHCPv6 server andclient .

972774

BGP prefixes can be configured utilizing firewall addresses (ipmask andinterface - subnet type) andgroups. This streamlines the configuration processing, allowing users to leverage their existing firewall addresses andgroups when configuring BGP network prefixes.

973481

Socks proxy now supports UTM scanning, authentication, andforward server, making it more versatile. This is beneficial for customers who require these functionalities for their operations.

973573

You can now specify a tagged VLAN for users to be assigned to when the authentication server is unavailable. Previously, you could only specify an untagged VLAN. This feature is available with 802.1x MAC-based authentication. It is compatible with both Extensible Authentication Protocol (EAP) andMAC authentication bypass (MAB).

974985

FortiOS allows the hello timer for the Virtual Router Redundancy Protocol (VRRP) to be configured in milliseconds. This timer dictates the rate at which VRRP advertisements are sent. With this enhanced control, users can ensure quick failover andhigh availability where necessary.

974986

The OSPF protocol now allows for the customization of the Link State Advertisement (LSA) refresh interval, providing enhanced flexibility andcontrol over the timing parameters within the network. Furthermore, OSPFs capabilities have been expanded to include fast link-down detection on VLAN interfaces, boosting the networks responsiveness anddependability.

config router ospf
    set lsa-refresh-interval <integer>
    config ospf-interface
        edit <name>
            set interface <string>
            set linkdown-fast-failover {enable | disable}
        next
    end
end

975923

FortiOS supports Network Prefix Translation (NPTv6), ensuring end-to-end connectivity andone to one address mapping for address independence. This improves network scalability andfacilitates efficient IPv6 network management.

977097

A new cli option is allows allow user to choose to discard or permit IPv4 sctp packet with zero checksum on the np7 platform .

config system npu
    config fp-anomaly
        set sctp-csum-err {allow | drop | trap-to-host}
    end
end

978974

Users can upgrade their LTE modem firmware directly from the FortiGuard. This eliminates the need for manual downloading anduploading andprovides users flexibility to schedule the upgrade.

982226

FortiOS now incorporates Netflow sampling support. This enhancement enables the FortiGate to maintain a count of the packets or bytes that have been sampled for a particular interface. If the packet count for a session surpasses the threshold set by the netflow-sample-rate for either transmit or receive traffic on a NetFlow – enable interface , a NetFlow report is export . This process is reduces effectively reduce the load on the collector .

config system interface
    edit <name>
        set netflow-sampler {tx | rx | both}
        set netflow-sample-rate <integer>
        set netflow-sampler-id <integer>
    next
end

985285

Enhancement to Packet Capture Functionality. This feature adds the capability to store packet capture criteria, allowing for the re-initiation of packet captures multiple times using the same parameters such as interface, filters, andmore, thereby streamlining packet capture management. Additionally, this feature incorporates diagnostic commands to list, initiate, terminate, andremove GUI packet captures, enhancing the level of control users have over their packet capture operations.

990092

There is added support for UDP-Lite (IP protocol number 136) traffic in the traffic log andsession log output, CLI configuration of IPv4 andIPv6 policy routes, custom session TTL, custom firewall service settings, andGUI configuration of custom firewall services on the Policy & Objects > Services page. UDP-Lite traffic is supported by HA session synchronization for connectionless sessions when enabled andstrict header checking when enabled to silently drop UDP-Lite packets with invalid header format or wrong checksum errors.

990096

FortiOS allows multiple remote Autonomous Systems (AS) to be assigned to a single BGP neighbor group using AS path lists. This enhancement offers increased flexibility andefficiency in managing BGP configurations, especially in intricate network environments.

990893

Supports the inclusion of a group set in PIM join/prune messages, per RFC 4601. FortiGate can send PIM join/prune messages containing a group set, reducing the number of messages sent to the router. This improvement addresses the issue of router overload in extensive multicast environments, ensuring greater stability andefficiency in network operations.

992604

When a FortiGate is acting as an IPv4 BGP neighbor andusing stateful DHCPv6, it learns BGP routes with the IPv6 next-hop belonging to an on-link prefix, andthis prefix is advertised using RA. By default, a learned kernel route (currently only RA routes) has a distance of 255 anddoes not interfere with current route selection. To make the RA route usable by BGP, using a new CLI command set kernel-route-distance, set the distance to less than 255 such as 254 or below:

config router setting
set kernel-route-distance <1-255> (with default of 255)
end

If there are other user space routes with the same prefix, the best route will be chosen based on distance.

992605

FOS includes a filtering mechanism for netflow sampling. User can apply exclusion filters to their netflow sampling based on various criteria such as source IP, source port, destination IP, destination port, andIP protocol. The addition of this feature enhances the relevance of the data collected, streamlines data management processes, andminimizes superfluous network traffic.

config system netflow
    config exclusion-filters
        edit <id>
            set source-ip  <IP_address>
            set destination-ip <IP_address>
            set source-port <port>
            set destination-port <port>
            set protocol <protocol_ID>
    next
end

1000356

FOS now supports being configured as a recursive DNS resolver. As a resolver, the FortiGate can directly interact with root name servers, Top-Level Domain (TLD) name servers, andfinally authoritative name servers to resolve DNS queries.

Furthermore, FortiOS also adds support for prioritizing root name servers. You may choose root servers from the list of default servers, or you can configure your own custom root name server.

1002403

FTP Session-Helper Support for 464XLAT Environment. This enhancement enables FortiOS to support both passive andactive modes in a 464XLAT environment.

1006904

Allow customers to use interface names, not just IP addresses, for defining source IPs in RADIUS, LDAP, andDNS configurations. This caters to dynamic IP changes, such as those governed by SD-WAN rules. FortiOS will use the interfaces current IP as the source IP, enhancing network flexibility andresolving potential connectivity issues.

1019490

Automatic LTE Connection Establishment. This enhancement automates the process of LTE connection establishment. When a SIM card is inserted, FortiOS (FOS) can obtain the Mobile Country Code (MCC) andMobile Network Code (MNC) from the service providers radio tower. FOS then uses these codes to look up the appropriate APN for the SIM card in a predefined table andautomatically creates a wireless profile. This eliminates the need for manual configuration by the user, simplifying the process of establishing an LTE connection.

1029730

Introducing IPv6/64 prefix session quota andan IPv4 prefix session quota for both software andhardware sessions with Hyperscale. This new feature allows for more precise control over session limits.

This feature is works only work for no – NAT police .

To configure global session quotas for IPv6 sessions:

config system npu
    set ipv6-prefix-session-quota {disable | enable}
    set ipv6-prefix-session-quota-high <high-threshold>
    set ipv6-prefix-session-quota-low <low-threshold>
end

To configure session quotas for IPv4 sessions accepted by firewall policies with NAT disabled:

config system npu
    set ipv4-session-quota {disable | enable}
    set ipv4-session-quota-high <high-threshold>
    set ipv4-session-quota-low <low-threshold>
end