Not a user yet?
Log in Register for free Suggest a product
The manufacturer Fortinet has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

Kubernetes Connector: FortiGate now supports Multus CNI for Kubernetes

FortiGate 7000F series firewallFortiGate 7000F series firewall
Fortinet
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

FortiOS 7.6.4
New features or enhancements

Cloud

  • Kubernetes Connector: FortiGate now supports Multus CNI for Kubernetes, ensuring that all IP addresses, including those dynamically configured at runtime, are accurately retrieved and added to dynamic firewall address objects.

LAN Edge

  • Storm Control: The FortiSwitch controller now supports configuring a storm-control burst size level for more precise control over the maximum number of packets or bytes.
  • IP Source Guard Logging: New CLI commands allow for enabling and configuring IP source guard event logging on the switch-controller.
  • Combined Authentication: FortiSwitch now allows both FortiSwitch Network Access Control (NAC) and 802.1X authentication on the same port.
  • Layer 3 Switch Configuration: The FortiSwitch controller now supports generalized Layer 3 switch configuration, including SVI, RVI, VRF, DHCP Server, and IPv4 static routes.
  • Increased Switch Name Length: The maximum length for managed FortiSwitch names has been increased from 16 to 35 characters for better organization.

Log & Report

  • Log Search by Zone: New srczone and dstzone fields enable searching logs by zone names, which improves scalability and efficiency.

Network

  • Auto Speed Negotiation: 10G Base-T interfaces on the FGT100xF can now automatically handle both 1G and 10G speeds.
  • NIC Interface Diagnostics: New diagnostics provide enhanced visibility into NIC interfaces by displaying FEC status, RX/TX bits per second, packets per second, and host-level RX drop statistics.

Policy & Objects

  • FQDN Address Groups: Support has been added for Fully Qualified Domain Name (FQDN) address groups within the Internet Service Database (ISDB).
  • Policy Filtering: Policy lists now support filtering by key metrics such as bytes, packets, hit count, and last user.
  • Telemetry Sub-type: A new telemetry sub-type for dynamic firewall addresses and a new telemetry category for firewall address groups have been added for more structured and scalable management of telemetry agents.

SD-WAN

  • Unique Underlay Paths: A new feature ensures that all SD-WAN shortcuts use unique underlay paths to prevent the sharing of underlay paths between spokes.
  • Per-Tunnel Egress Shaping: Spokes can now define per-tunnel egress shaping values that are automatically communicated to hubs or other spokes during IKEv2 negotiation, providing consistent QoS.
  • Hybrid SD-WAN Mode: A new hybrid mode combines SLA and Priority modes, allowing SD-WAN to select the best link based on both SLA values and link quality.

Security Profiles

  • DLP with MPIP Labels: MPIP labels can now be used directly with DLP profiles, and remote labels can be synchronized automatically from a Microsoft Purview account.
  • FortiData Integration: FortiGate can now pass file fingerprints to FortiData for analysis and labeling, with the results used for DLP policy processing.
  • GenAI Application Control: A new AIAP database type for generative AI rules has been added to Application Control, along with new logging fields and a new "Generative AI" category.
  • FortiSandbox Inline Scanning: FortiSandbox Inline scanning is now supported in Flow mode, which improves threat detection without requiring Proxy mode.

System

  • HTTP Authentication Daemon: A new http_authd daemon centralizes administrative authentication processes for improved efficiency.
  • Firmware Upgrade Prompts: Users can now dismiss specific firmware upgrade prompts, and upgrade logs are more detailed with distinct IDs for auto-upgrades and manual ones.
  • Automatic Patching: FortiGate appliances that are no longer under a valid license or have reached end-of-support will now automatically upgrade to the latest patch within their minor version to enhance security.
  • VWP A/P Failover: A new CLI command, set bounce-intf-upon-failover enable, improves manual failover behavior in VWP A/P FortiGate deployments with wildcard VLANs.

User & Authentication

  • SAML Authentication: SCIM is now supported for SAML authentication in a proxy policy.
  • FortiToken Mobile: A new GUI-based page for FTM push configuration allows users to select an interface instead of manually entering an IP address, which is useful for dynamic WAN IP environments.

WiFi Controller

  • Zero-Touch Provisioning (ZTP): Mesh leaf FAPs now support ZTP, automatically detecting the FortiGate via the default mesh link to reduce manual configuration.
  • Captive Network Assistant (CNA) Bypass: A configurable option allows bypassing the default CNA behavior on WiFi clients to improve authentication reliability with captive portals.
  • Zero-Wait DFS: Zero-wait DFS functionality, which was previously limited to FAP-U platforms, has been extended to QCA-based FAP F, G, and K models.

ZTNA

  • Tag Sharing: Used tags from ZTNA policies can now be shared with FortiClient EMS.
  • Error Codes and Messages: New ZTNA error codes (024 and 025) have been added, and existing replacement messages for error codes 064 and 065 have
    been improved.
Version: FortiOS 7.6.4 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Fortinet FortiGate 7000F series firewall updates

More from the IT Infrastructure section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad