Not a user yet?
Log in Register for free Suggest a product
The manufacturer Fortinet has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

Windows users signed in with Microsoft Entra ID are automatically allowed access to ZTNA-protected TCP resources

FortiGate 7000F series firewallFortiGate 7000F series firewall
Fortinet
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

FortiOS 7.6.3: New Features and Enhancements

Cloud

  • AliCloud G8i Instance Support: FortiGate-VM now supports the AliCloud ecs.g8i instance family.

GUI (Graphical User Interface)

  • Private Data Encryption Setting: A new setting to enable/disable private data encryption is available under System > Settings > Security.
  • Enhanced Global Search: The top header menu's global search is improved for quicker access to the Command Palette, enabling faster navigation, CLI access, diagnostic command execution, and configuration search.

LAN Edge

  • FortiSwitch IPv6 Management: Users can now manage FortiSwitch units over FortiLink using IPv6 addresses.
  • FortiExtender Split Tunnel Mode: Introduced Split Tunnel Mode for FortiExtender in LAN extension mode, allowing specific traffic to bypass the central FortiGate, reducing load and enhancing efficiency.
  • FortiExtender Device Registration: FortiGate can now register authorized FortiExtender (FEXT) devices, similar to FortiAP and FortiSwitch, for comprehensive network management.
  • Prevent Automatic VLAN Creation: CLI option to prevent the switch controller from automatically creating VLANs.

Network

  • Flow Mode TLS Inspection (ECH): Flow mode now supports inspecting DNS over TLS (DoT) and DNS over HTTPS (DoH) traffic, stripping ECH responses from DNS, and blocking TLS ClientHello that uses ECH.
  • Enhanced PIM Support for VRFs: Improved PIM support for Virtual Routing and Forwarding (VRFs) is now available in the GUI.

Policy & Objects

  • Isolator Server Configuration: GUI enhancements for configuring isolator servers for explicit and transparent web proxies.
  • SAML Authentication with SCIM in Proxy Policy: Supports SAML authentication in a proxy policy using SCIM, extending SCIM client support for SAML authentication schemes.
  • NAC Policy Device Category Selection: NAC Policy GUI now allows selecting device categories from a drop-down list, simplifying matching.
  • Hyperscale Firewall NPU Session Details: diag sys npu-session list-brief command on hyperscale firewalls now includes more values (timeout, duration, policy-id) and improved EIF session filtering.
  • Policy Route User/Group Filters: Supports configuring users and groups as source filters in policy routes for granular traffic control.
  • Real-time Traffic Statistics in QTM: Displays real-time traffic statistics in QTM for NP7/NP7Lite platform devices.

SD-WAN

  • Fabric Overlay Orchestrator Topology Widget: New GUI dashboard widget provides an interactive view of hub and spoke devices configured with Fabric Overlay Orchestrator.
  • Passive Monitoring of TCP Metrics per Application: Expands TCP metric monitoring and logging to be per application, not just per session.

Security Fabric

  • Individual FortiGate Automation Settings: Each FortiGate in a Security Fabric (CSF) can now have its own automation setting using the fabric-sync option.
  • MPIP Label Integration: Re-imagined MPIP label integration for direct use with DLP profiles without dictionaries, with automatic synchronization from Microsoft Purview.
  • NPU-Stuck Event Detection (trigger-action-stitch): Added a feature to detect and log NPU-stuck events with specific event IDs, improving real-time monitoring and system stability.

Security Profiles

  • Inline CASB Control Factors: Enhanced inline CASB security profile to support control factors like tenant information in JSON data using JQ filters.
  • Industrial Ethernet Protocol Detection (IPS): IPS engine enhanced to detect and log industrial Ethernet protocols (LLDP, GOOSE, EtherCAT, PROFINET RT), with new custom signature rule options (ethertype, mac_src, mac_dst).
  • AMQP for FortiGuard Updates: Fortinet leverages AMQP to deliver real-time FortiGuard update notifications to FortiGate devices, reducing polling and providing instant, event-driven updates.
  • AI/ML-based IPS Detection: Introduces AI/ML models trained on protocol decoding features for more targeted and efficient exploit detection, using a hybrid approach with signatures for preliminary filtering.
  • Zero-day Malware Stream Scanning: Enables real-time delivery of malware IOCs via fortimq daemon, blocking new threats within seconds and maintaining an up-to-date malware hash database automatically.
  • GTP Echo Requires Path In Use: New GTP profile option to block GTP Echo Requests if no active tunnel exists over the associated GTP path.

System

  • Fortinet Support Tool Desktop Application: New Windows and macOS desktop application (evolution of Chrome extension) for capturing real-time debugging information via REST API key.
  • ACME External Account Binding (EAB) Support: Adds FortiOS support for ACME EAB (RFC 8555) for associating ACME accounts with non-ACME accounts, streamlining domain ownership verification.
  • QTM Statistics and SoC5 Egress Shaping Offload: Adds statistics for traffic shaping using QTM and egress-shaping-profile offload for SoC5.
  • FortiTelemetry Integration: Provides user experience information (application performance, failure rate) collected by FortiTelemetry agents and displayed on FortiTelemetry monitor pages.
  • CFM Extended to FG80F-POE and FG20xF: Connectivity Fault Management (CFM) extended to more FortiGate models for efficient Ethernet network diagnostics.

User & Authentication

  • SAML Users in Local User Database: FortiOS now supports defining SAML users in config user local, allowing precise, user-specific policy control for SAML authenticated users in firewall and agentless VPN policies.

VPN

  • IPsec Dial-up VPN GUI Enhancements: In IKEv2 IPsec dial-up VPN, users can now configure Remote Gateway Match and Security posture tags in the GUI.
  • IKE-TCP Port Conflict Warnings: GUI warnings displayed for IKE-TCP port conflicts if port 443 is assigned for HTTPS admin access on an interface also bound to an IPsec tunnel.
  • FortiClient Secure Internet Access (SIA) VPN Template: New VPN Wizard template for configuring Remote Access IPsec VPN to route all FortiClient traffic through FortiGate for security inspection.
  • IPsec Debugging Tools (NP6/NP7): Introduces debugging tools for IPSec on NP6 and NP7 platforms to help diagnose issues originating from the NP driver or kernel module/IKE daemon.
  • Quantum Key Distribution (QKD) and PQC Support: Adds support for configuring QKD and Digital Signature Algorithm/Post-Quantum Cryptography (PQC), allowing mixing of keys for robust security.

ZTNA (Zero Trust Network Access)

  • Microsoft Entra ID SSO for TCP Resources: Windows users signed in with Microsoft Entra ID are automatically allowed access to ZTNA-protected TCP resources using SSO via client’s login token.
  • ZTNA Tags in IP/MAC-based Access Control (Entry-level): Entry-level platforms with 2GB memory now support ZTNA tags in IP/MAC-based access control, synchronizing posture tags and IP/MAC addresses from EMS.
Version: FortiOS 7.6.3 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Fortinet FortiGate 7000F series firewall updates

More from the IT Infrastructure section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad