Menu
Lately I have been growing tired of using CLI to configure network devices, so when I was faced with the project to deploy about 100 of Fortigate firewalls, I have decided that I am not that interested in copy-pasting configs via CLI and I want to do something different. Luckily for me, Fortigate did roll out pretty good API in the code 5.4, which can be used to configure most (if not all) of the parameters of the device. I already had automation that would generate configuration for all the devices by pulling IPAM (I may write a different post about that at a later time), so I just needed something to push that config to devices. That’s the part I’ll concentrate on in this post.
Why REST?
Because I am tired of screen scraping. Because I am tired of having to deal with different carriage return symbols between portX interfaces and mgmtX interfaces. Yes, I could have used already built library, but I just don’t like the principle of it. REST API is not ideal, in fact it has shortcomings compared to CLI in Fortigate implementation, but I see it as a lesser of 2 evils. Plus, more and more devices are starting to support it, so I decided that I could use some experience with it.
Why write library myself, instead of using one by Fortinet?
Fortinet used to hide their APIs behind the paywall, but now you can get into its documentation if you know 2 people with @fortinet.com e-mail addresses. They do have a python library that you can use to make API calls, but I chose to write my own for the following reasons:
- Fortinet’s library required python 2.7, there are some machines in my environment that only have 2.6 and I wanted flexibility to use them if needed.
- I wanted to be able to use socks proxy for API calls. Yes, I could ssh with -L and do port forwarding, but it was much easier to ssh with -D and do socks proxy.
- Fortinet’s library didn’t seem to do anything complicated, so I figured I could replicate it fairly easily (which ended up being mostly true)
At the end, I came up with this: https://github.com/eoprede/fortigate_api
Please note that this code by no means is a full-baked solution, it was created for a very narrow use case and it does it fairly well. Hopefully I’ll have time to keep working on it and adding functionality.
Interfacing with the device via REST API
To make a very simple script that calls to a Fortigate at IP 1.1.1.1 and queries and prints configuration of port1, download the fw_api_test.py file and create the following python script in the same folder.
2 4 | fw=fortigate_api('1.1.1.1','user','password') fw.print_data(a) |
There are more examples available in the readme on github.
Real-life use
Since I wanted to avoid as much manual labor as possible, I ended up writing a bunch of automation around the provisioning as well. At the end, the provisioning process looked like this:
Just wanted to update this entry with the new standalone finally coming out. I am having the same issue as the original poster and have been trying to find the answer, with everyone telling me that a character is linked server side with my game.I would like to note that server characters are BS for standalone, at least as of 01/25/14. Dayz mod download. If you were to buy Arma on a different steam account you could essentially have 2 DayZ characters.
- Populate IPAM with all the information about the new device(s), including interface IPs and some systems that firewall is protecting.
- Create a JSON file that has common configuration shared between all the devices (like snmp and syslog settings, ddos profiles, etc)
- Pull IPAM and create a JSON file with unique configuration for each firewall.
- Wire up the firewalls, turn them on, set mgmt IPs via the console.
- Run a script, which reads both of the JSON files and in 20 seconds joins the firewalls in the cluster, creates VDOMs and sets up the rest of the config.
Unfortunately, due to security concerns, I am not allowed to share even sanitized version of my script. If there’s an interest, I can come up with some unrelated to my work scripts, but that will take some time.
Problems with Fortigate API
The biggest issue by far is that it isn’t very consistent. For example, path for the interface configuration is cmdb/system/interface, which is quite logical. The path for syslog settings is, however, cmdb/log.syslogd/setting. This extra dot in the path is annoying and often times not very logical. I did have to download schema and search through it quite a few times to find the right URL for the API call.
Another inconsistency that I have discovered – not all the fields are being edited in the same way. For example, you have to edit firewall rules one by one, you can’t just send the device a whole list of them (which would be awesome). You can, however, send a whole list of rules for prefix list in one command, which makes it much easier to edit them.
But probably by far the biggest issue is that you can not pre-stage the config. Once you push the command, it is active and saved in the config. CLI does have a couple of tricks to avoid it (run time only config mode and batch mode config utility), but API does not. You can do a config backup via the API call, so at least you can make sure that you have good config before the changes and then you can revert back if needed, but it would be much easier to manage the device if you could do bulk configuration.
Was it worth it?
Yes, absolutely. Having 100 devices that are configured with the same template and are guaranteed to not have any fat-fingered values in them is worth a lot. The values in IPAM could have been fat-fingered, but fixing them would be very easy with just writing the provisioning script again.
Did I have to use REST API for this? Most likely not. But I’m not sure if using already built-in library for SSH communication would be any easier or faster, as I still needed to generate JSON files from my other systems and feeding JSON into REST API is as easy as it gets.
What’s next?
Being able to push commands via API is great, but it’s useful mostly for the initial deploy. It would be nice to be able to manage the device in the live environment, using tools like Ansible. Yes, there’s a module that can manage Fortigates, but it is using SSH again. So, next step is probably to write a module for Ansible. How hard could that be?
FortiManager - Release Notes Version 6.0.2
FORTINET DOCUMENT LIBRARY https://docs.fortinet.com FORTINET VIDEO GUIDE https://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com FORTINET COOKBOOK https://cookbook.fortinet.com FORTINET TRAINING & CERTIFICATION PROGRAM https://www.fortinet.com/support-and-training/training.html NSE INSTITUTE https://training.fortinet.com FORTIGUARD CENTER https://fortiguard.com/ END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/eula.pdf FEEDBACK Email: [email protected] November 02, 2018 FortiManager 6.0.2 Release Notes 02-602-500977-20181102
TABLE OF CONTENTS FortiManager 6.0.2 Release 5 Supported models 5 What s new in FortiManager 6.0.2 6 Fabric View 6 Policy & Objects 6 Special Notices 7 FortiManager 6.0.2 support for FortiOS 6.0.3 7 Reconfigure SD-WAN after Upgrade 7 FortiGate VM 16/32/UL license support 7 Hyper-V FortiManager-VM running on an AMD CPU 7 VM License (VM-10K-UG) Support 8 FortiOS 5.4.0 Support 8 SSLv3 on FortiManager-VM64-AWS 8 Upgrade Information 9 Downgrading to previous firmware versions 9 Firmware image checksums 9 FortiManager VM firmware 9 SNMP MIB files 11 Product Integration and Support 12 FortiManager 6.0.2 support 12 Feature support 15 Language support 15 Supported models 16 FortiGate models 23 FortiCarrier models 25 FortiDDoS models 26 FortiAnalyzer models 26 FortiMail models 27 FortiSandbox models 28 FortiSwitch ATCA models 28 FortiWeb models 28 FortiCache models 29 FortiProxy models 30 FortiAuthenticator models 30 Compatibility with FortiOS Versions 31 FortiOS 6.0.3 compatibility issues 31 FortiOS 5.6.6 compatibility issues 31 FortiOS 5.6.4 compatibility issues 32 FortiOS 5.6.3 compatibility issues 32 FortiOS 5.6.0 and 5.6.1 compatibility issues 32 FortiOS 5.4.10 compatibility issues 33 FortiOS 5.4.9 compatibility issues 33
4 FortiOS 5.2.10 compatibility issues 33 FortiOS 5.2.7 compatibility issues 34 FortiOS 5.2.6 compatibility issues 34 FortiOS 5.2.1 compatibility issues 34 FortiOS 5.2.0 compatibility issues 34 Resolved Issues 36 Common Vulnerabilities and Exposures 39 Known Issues 40 Appendix A - FortiGuard Distribution Servers (FDS) 41 FortiGuard Center update support 41 Change Log 43
FortiManager 6.0.2 Release This document provides information about FortiManager version 6.0.2 build 205. The recommended minimum screen resolution for the FortiManager GUI is 1280 x 800. Please adjust the screen resolution accordingly. Otherwise, the GUI may not display properly. This section includes the following topics: Supported models on page 5 What s new in FortiManager 6.0.2 on page 6 Supported models FortiManager version 6.0.2 supports the following models: FortiManager FortiManager VM FMG-200D, FMG-200F, FMG-300D, FMG-300E, FMG-300F, FMG-400E, FMG- 1000D, FMG-2000E, FMG-3000F, FMG-3900E, FMG-4000D, FMG-4000E, and FMG-MFGD. FMG-VM64, FMG-VM64-AWS, FMG-VM64-Azure, FMG-VM64-HV (including Hyper-V 2016), FMG-VM64-KVM, FMG-VM64-OPC, FMG-VM64-XEN (for both Citrix and Open Source Xen).
FortiManager 6.0.2 Release 6 What s new in FortiManager 6.0.2 The following is a list of new features and enhancements in 6.0.2. For details, see the FortiManager Administrator Guide: Not all features/enhancements listed below are supported on all models Fabric View Fabric Connector Improvements Improvements to Fabric Connector configuration and added support for multiple ITSM vendor connectors. Policy & Objects Color support for policy packages Enhanced readability of Policy Interfaces & Zones objects by adding color support.
Special Notices This section highlights some of the operational changes that administrators should be aware of in 6.0.2. FortiManager 6.0.2 support for FortiOS 6.0.3 FortiManager 6.0.2 treats the status field of firewall policies as a mandatory field, and it is set to enable by default. FortiOS 6.0.3 has reverted this change. As a result, FortiManager may report verification failures on installations. The verification report shows that the policy status field has to be installed with the enable setting: '---> generating verification report (vdom root: firewall policy 1:status) remote original: to be installed: enable <--- done generating verification report install failed' Reconfigure SD-WAN after Upgrade The SD-WAN module has been fully redesigned in FortiManager v6.0 to provide granular monitor and control. Upgrading SD-WAN settings from 5.6 to 6.0 is not supported. Please reconfigure SD-WAN after upgraded to v6.0. FortiGate VM 16/32/UL license support FortiOS 5.4.4 introduces new VM license types to support additional vcpus. FortiManager 5.6.0 supports these new licenses with the prefixes of FGVM16, FGVM32, and FGVMUL. Hyper-V FortiManager-VM running on an AMD CPU A Hyper-V FMG-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.
Special Notices 8 VM License (VM-10K-UG) Support FortiManager 5.4.2 introduces a new VM license (VM-10K-UG) that supports 10,000 devices. It is recommended to upgrade to FortiManager 5.4.2 or later before applying the new license to avoid benign GUI issues. FortiOS 5.4.0 Support With the enhancement in password encryption, FortiManager 5.4.2 and later no longer supports FortiOS 5.4.0. Please upgrade FortiGate to 5.4.2 or later. The following ADOM versions are not affected: 5.0 and 5.2. SSLv3 on FortiManager-VM64-AWS Due to known vulnerabilities in the SSLv3 protocol, FortiManager-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run: config system global set ssl-protocol t1sv1 end
Upgrade Information You can upgrade FortiManager 5.6.0 or later directly to 6.0.2. If you are upgrading from versions earlier than 5.6.x, you should upgrade to the latest patch version of FortiManager 5.6, then 6.0.0. For details about upgrading your FortiManager device, see the FortiManager Upgrade Guide. This section contains the following topics: Downgrading to previous firmware versions on page 9 Firmware image checksums on page 9 FortiManager VM firmware on page 9 SNMP MIB files on page 11 Downgrading to previous firmware versions FortiManager does not provide a full downgrade path. You can downgrade to a previous firmware release via the GUI or CLI, but doing so results in configuration loss. A system reset is required after the firmware downgrading process has completed. To reset the system, use the following CLI commands via a console port connection: execute reset {all-settings all-except-ip} execute format {disk disk-ext4 disk-ext3} Firmware image checksums The MD5 checksums for all Fortinet software and firmware releases are available at the Customer Service & Support portal, https://support.fortinet.com. After logging in select Download > Firmware Image Checksums, enter the image file name including the extension, and select Get Checksum Code. FortiManager VM firmware Fortinet provides FortiManager VM firmware images for Amazon AWS, Citrix and Open Source XenServer, Linux KVM, Microsoft Hyper-V Server, and VMware ESX/ESXi virtualization environments. Amazon Web Services The 64-bit Amazon Machine Image (AMI) is available on the AWS marketplace.
Upgrade Information 10 Citrix XenServer and Open Source XenServer.out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation.out.openxen.zip: Download the 64-bit package for a new FortiManager VM installation. This package contains the QCOW2 file for the Open Source Xen Server.out.CitrixXen.zip: Download the 64-bit package for a new FortiManager VM installation. This package contains the Citrix XenServer Virtual Appliance (XVA), Virtual Hard Disk (VHD), and OVF files. Linux KVM.out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation.out.kvm.zip: Download the 64-bit package for a new FortiManager VM installation. This package contains QCOW2 that can be used by qemu. Microsoft Azure The files for Microsoft Azure have AZURE in the filenames, for example FMG_VM64_AZURE-v<number>build<number>-FORTINET.out.hyperv.zip.out: Download the firmware image to upgrade your existing FortiManager VM installation.hyperv.zip: Download the package for a new FortiManager VM installation. This package contains a Virtual Hard Disk (VHD) file for Microsoft Azure. Microsoft Hyper-V Server The files for Microsoft Hyper-V Server have HV in the filenames, for example, FMG_VM64_HV-v<number>build<number>-FORTINET.out.hyperv.zip.out: Download the firmware image to upgrade your existing FortiManager VM installation.hyperv.zip: Download the package for a new FortiManager VM installation. This package contains a Virtual Hard Disk (VHD) file for Microsoft Hyper-V Server. Microsoft Hyper-V 2016 is supported. VMware ESX/ESXi.out: Download the 64-bit firmware image to upgrade your existing VM installation.ovf.zip: Download either the 64-bit package for a new VM installation. This package contains an Open Virtualization Format (OVF) file for VMware and two Virtual Machine Disk Format (VMDK) files used by the OVF file during deployment. For more information see the FortiManager product data sheet available on the Fortinet web site, http://www.fortinet.com/products/fortimanager/virtualappliances.html. VM installation guides are available in the Fortinet Document Library.
Upgrade Information 11 SNMP MIB files You can download the FORTINET-FORTIMANAGER-FORTIANALYZER.mib MIB file in the firmware image file folder. The Fortinet Core MIB file is located in the main FortiManager version 5.00 file folder.
Product Integration and Support This section lists FortiManager 6.0.2 support of other Fortinet products. It also identifies what FortiManager features are supported for managed platforms and what languages FortiManager supports. It also lists which Fortinet models can be managed by FortiManager. The section contains the following topics: FortiManager 6.0.2 support on page 12 Feature support on page 15 Language support on page 15 Supported models on page 16 FortiManager 6.0.2 support The following table lists 6.0.2 product integration and support information: Web Browsers Microsoft Internet Explorer version 11 or Edge 40 Due to limitation on Microsoft Internet Explorer or Edge, it may not completely render a page with a large set of policies or objects. Mozilla Firefox version 61 Google Chrome version 68 Other web browsers may function correctly, but are not supported by Fortinet. FortiOS/FortiOS Carrier 6.0.0 to 6.0.3 FortiManager 6.0.2 is fully tested as compatible with FortiOS/FortiOS Carrier 6.0.3, with some minor interoperability issues. For information, see FortiOS 6.0.3 compatibility issues on page 31. 5.6.5 to 5.6.6 FortiManager 5.6.5 is fully tested as compatible with FortiOS/FortiOS Carrier 5.6.6, with some minor interoperability issues. For information, see FortiOS 5.6.6 compatibility issues on page 31. 5.6.4 FortiManager 5.6.3 is fully tested as compatible with FortiOS/FortiOS Carrier 5.6.4, with some minor interoperability issues. For information, see FortiOS 5.6.4 compatibility issues on page 32. 5.6.2 to 5.6.3 FortiManager 5.6.1 is fully tested as compatible with FortiOS/FortiOS Carrier 5.6.2 to 5.6.3, with some minor interoperability issues. For information, see FortiOS 5.6.3 compatibility issues on page 32. 5.6.0 to 5.6.1 FortiManager 5.6.0 is fully tested as compatible with FortiOS/FortiOS Carrier 5.6.0 to 5.6.1, with some minor interoperability issues. For
Product Integration and Support 13 information, see FortiOS 5.6.0 and 5.6.1 compatibility issues on page 32. 5.4.10 FortiManager 5.4.5 is fully tested as compatible with FortiOS/FortiOS Carrier 5.4.10, with some minor interoperability issues. For information, see FortiOS 5.4.10 compatibility issues on page 33. 5.4.9 FortiManager 5.6.3 is fully tested as compatible with FortiOS/FortiOS Carrier 5.4.9, with some minor interoperability issues. For information, see FortiOS 5.4.9 compatibility issues on page 33. 5.4.1 to 5.4.8 5.2.8 to 5.2.13 FortiManager 5.4.1 is fully tested as compatible with FortiOS/FortiOS Carrier 5.2.10, with some minor interoperability issues. For information, see FortiOS 5.2.10 compatibility issues on page 33. 5.2.7 FortiManager 5.2.6 is fully tested as compatible with FortiOS/FortiOS Carrier 5.2.7, with some minor interoperability issues. For information, see FortiOS 5.2.7 compatibility issues on page 34. 5.2.6 FortiManager 5.2.4 is fully tested as compatible with FortiOS/FortiOS Carrier 5.2.6, with some minor interoperability issues. For information, see FortiOS 5.2.6 compatibility issues on page 34. 5.2.2 to 5.2.5 FortiAnalyzer 6.0.0 and later 5.6.0 and later 5.4.0 and later 5.2.0 and later 5.0.0 and later FortiAuthenticator 5.2.2 FortiCache 4.2.7 4.2.6 4.1.2 5.2.1 FortiManager 5.2.1 is fully tested as compatible with FortiOS/FortiOS Carrier 5.2.1, with some minor interoperability issues. For information, see FortiOS 5.2.1 compatibility issues on page 34. 5.2.0 FortiManager 5.2.1 is fully tested as compatible with FortiOS/FortiOS Carrier 5.2.0, with some minor interoperability issues.for information, see FortiOS 5.2.0 compatibility issues on page 34. 4.0.0 to 4.0.4 FortiClient 5.6.6 5.6.3 5.6.0
Product Integration and Support 14 FortiMail 5.4.5 5.4.0 and later 5.2.0 and later 5.3.12 5.2.10 5.1.7 5.0.10 FortiSandbox 2.5.0 to 2.5.2 2.4.0 and 2.4.1 2.3.2 and 2.3.3 2.2.2 2.1.3 1.4.0 and later 1.3.0 FortiSwitch ATCA 5.2.3 FortiWeb 5.9.1 5.8.6 5.8.3 5.8.1 5.8.0 5.7.2 5.6.1 5.5.6 5.4.1 5.3.9 5.2.4 5.1.4 5.0.6 FortiDDoS 4.5.0 4.4.1 4.2.3 1.2.0 and later 5.0.0 and later 4.3.0 and later 4.2.0 and later 4.1.11 Limited support. For more information, see Feature support on page 15. Virtualization Amazon Web Service AMI, Amazon EC2, Amazon EBS Citrix XenServer 7.2 Linux KVM Redhat 7.1 Microsoft Azure Microsoft Hyper-V Server 2012 and 2016 OpenSource XenServer 4.2.5 VMware ESXi versions 5.0, 5.5, 6.0, 6.5 and 6.7
Product Integration and Support 15 To confirm that a device model or firmware version is supported by current firmware version running on FortiManager, run the following CLI command: diagnose dvm supported-platforms list Always review the Release Notes of the supported platform firmware version before upgrading your device. Feature support The following table lists FortiManager feature support for managed platforms. Platform Management Features FortiGuard Update Services Reports Logging FortiGate ü ü ü ü FortiCarrier ü ü ü ü FortiAnalyzer ü ü FortiAuthenticator ü ü FortiCache ü ü FortiClient ü ü ü FortiDDoS ü ü FortiMail ü ü ü FortiSandbox ü ü ü FortiSwitch ATCA ü FortiWeb ü ü ü Syslog ü Language support The following table lists FortiManager language support information. Language GUI Reports English ü ü Chinese (Simplified) ü ü
Product Integration and Support 16 Language GUI Reports Chinese (Traditional) ü ü French ü Japanese ü ü Korean ü ü Portuguese ü Spanish ü To change the FortiManager language setting, go to System Settings > Admin > Admin Settings, in Administrative Settings > Language select the desired language on the drop-down menu. The default value is Auto Detect. Russian, Hebrew, and Hungarian are not included in the default report languages. You can create your own language translation files for these languages by exporting a predefined language from FortiManager, modifying the text to a different language, saving the file as a different language name, and then importing the file into FortiManager. For more information, see the FortiAnalyzer Administration Guide. Supported models The following tables list which FortiGate, FortiCarrier, FortiDDoS, FortiAnalyzer, FortiMail, FortiSandbox, FortiSwitch ATCA, FortiWeb, FortiCache, FortiProxy, and FortiAuthenticator models and firmware versions that can be managed by a FortiManager or send logs to a FortiManager running version 6.0.2. Software license activated LENC devices are supported, if their platforms are in the supported models list. For example, support of FG-3200D indicates support of FG- 3200D-LENC. This section contains the following topics: FortiGate models on page 23 FortiCarrier models on page 25 FortiDDoS models on page 26 FortiAnalyzer models on page 26 FortiMail models on page 27 FortiSandbox models on page 28 FortiSwitch ATCA models on page 28 FortiWeb models on page 28 FortiCache models on page 29 FortiProxy models on page 30 FortiAuthenticator models on page 30
Product Integration and Support 17 FortiGate models FortiGate: FG-30D, FG-30D-POE, FG-30E, FG-30E-3G4G-INTL, FG-30E-3G4G-NAM, FG50E, FG-51E, FG-52E, FG-60D, FG-60D-POE, FG-60E, FG-60E-POE, FG-61E, FG-70D, FG-70D-POE, FG-80D, FG-80E, FG-80E-POE, FG-81E, FG-81E-POE, FG-90D, FG-90D- POE, FG-90E, FG-91E, FG-92D, FG-94D-POE, FG-98D-POE, FG-100D, FG-100E, FG- 100EF, FG-101E, FG-140D, FG-140D-POE, FG-140E, FG-140E-POE, FG200D, FG-200D- POE, FG-200E, FG-201E, FG-240D, FG-240-POE, FG-280D-POE, FG300D, FG-300E, FG- 301E, FG-400D, FG-500D, FG-500E, FG-501E, FG-600D, FG-800D, FG-900D, FG-1000D, FG-1200D, FG-1500D, FG-1500DT, FG-2000E, FG-2500E, FG-3000D, FG-3100D, FG- 3200D, FG-3600C, FG3700D, FG-3800D, FG-3810D, FG-3815D, FG-3960E, FG-3980E FortiGate 5000 Series: FG-5001D, FG-5001E, FG-5001E1 FortiGate DC: FG1500D-DC, FG-3000D-DC, FG-3100D-DC, FG-3200D-DC, FG-3700D- DC, FG-3800D-DC, FG-3810D-DC, FG-3815D-DC FortiGate Hardware Low Encryption: FG-100D-LENC, FG-600C-LENC Note: All license-based LENC is supported based on the FortiGate support list. FortiWiFi: FWF-30D, FWF-30E, FWF-30E-3G4G-INTL, FWF-30E-3G4G-NAM, FWF-50E, FWF-50E-2R, FWF-51E, FWF-60D, FWF-60D-POE, FWF-60E, FWF-61E, FWF-90D, FWF- 90D-POE, FWF-92D FortiGate VM: FG-VM64, FG-VM64-AWS, FG-VM64-AWSONDEMAND, FG-VM64- AZUREONDEMAND, FG-VM64-Azure, FG-VM64-GCP,VM64-GCPONDEMAND, FG-VM64- HV, FG-VM64-KVM, FG-VM64-OPC, FG-VM64-XEN, FG-VMX-Service-Manager, FOS- VM64, FOS-VM64-KVM, FOS-VM64-Xen FortiGate Rugged: FGR-30D, FGR-35D, FGR-60D, FGR-90D FortiGate: FG-30D, FG-30D-POE, FG-30E, FG-30E-3G4G-INTL, FG-30E-3G4G-NAM, FG- 50E, FG-51E, FG-52E, FG-60D, FG-60D-POE, FG-60E, FG-60E-POE, FG-60E-DSL, FG- 61E, FG-70D, FG-70D-POE, FG-80C, FG-80CM, FG-80D, FG-80E, FG-80E-POE, FG-81E, FG-81E-POE, FG-90D, FG-90D-POE, FG-90E, FG-91E, FG-92D, FG-94D-POE, FG-98D- POE, FG-100D, FG-100E, FG-100EF, FG-101E, FG-140D, FG-140D-POE, FG-140E, FG- 140E-POE, FG-200D, FG-200D-POE, FG-200E, FG-201E, FG-240D, FG-240-POE, FG- 280D-POE, FG-300D, FG-300E, FG-301E, FG-400D, FG-500D, FG-500E, FG-501E, FG- 600C,FG-600D, FG-800C, FG-800D, FG-900D, FG-1000C, FG-1000D, FG-1200D, FG- 1500D, FG-1500DT, FG-2000E, FG-2500E, FG-3000D, FG-3100D, FG-3200D, FG-3240C, FG-3600C, FG-3700D, FG-3700DX, FG-3800D, FG-3810D, FG-3815D, FG-3960E, FG- 3980E, FortiGate 5000 Series: FG-5001C, FG-5001D, FG-5001E, FG-5001E1 FortiGate DC: FG-80C-DC, FG-600C-DC, FG-800C-DC, FG-800D-DC, FG-1000C-DC, FG- 1500D-DC, FG-3000D-DC, FG-3100D-DC, FG-3200D-DC, FG-3240C-DC, FG-3600C-DC, FG-3700D-DC, FG-3800D-DC, FG-3810D-DC, FG-3815D-DC FortiGate Hardware Low Encryption: FG-80C-LENC, FG-100D-LENC, FG-600C-LENC, FG-1000C-LENC Note: All license-based LENC is supported based on the FortiGate support list. FortiWiFi: FWF-30D, FWF-30D-POE, FWF-30E, FWF-30E-3G4G-INTL, FWF-30E-3G4G- NAM, FWF-50E, FWF-50E-2R, FWF-51E, FWF-60D, FWF-60D-POE, FWF-60E, FWF-61E, FWF-80CM, FWF-81CM, FWF-90D, FWF-90D-POE, FWF-92D 6.0 5.6
Product Integration and Support 18 FortiGate VM: FG-VM64, FG-VM64-AWS, FG-VM64-AWSONDEMAND, FG-VM64-Azure, FG-VM64-AZUREONDEMAND, FG-VM64-GCP, FG-VM64-HV, FG-VM64-KVM, FG-VM64- OPC, FG-VM64-XEN, FG-VMX-Service-Manager, FOSVM64, FOSVM64-KVM, FOS-VM64- Xen FortiGate Rugged: FGR-30D, FGR-35D, FGR-60D, FGR-90D FortiGate: FG-30D, FG-30D-POE, FG-30E, FG-30E-3G4G-INTL, FG-30E-3G4G-NAM, FG- 50E, FG-51E, FG-52E, FG-60D, FG-60D-POE, FG-60E, FG-60E-DSL, FG-60E-POE, FG- 61E, FG-70D, FG-70D-POE, FG-80C, FG-80CM, FG-80D, FG-80E, FG-80E-POE, FG-81E, FG-81E-POE, FG-90D, FG-90D-POE,FG-90E, FG-91E, FG-92D, FG-94D-POE, FG-98D- POE, FG-100D, FG-100E, FG-100EF, FG-101E, FG-140D, FG-140D-POE, FG-140E, FG- 140-POE, FG-200D, FG-200D-POE, FG-240D, FG-240D-POE, FG-280D-POE, FG-200E, FG-201E, FGT-300D, FGT-300E, FGT-301E, FG-400D, FG-500D, FG-500E, FG-501E, FG- 600C, FG-600D, FG-800C, FG-800D, FG-900D, FG-1000C, FG-1000D, FG-1200D, FG- 1500D, FG-1500DT, FG-3000D, FG-3100D, FG-3200D, FG-3240C, FG-3600C, FG-3700D, FG-3700DX, FG 3800D, FG-3810D, FG-3815D, FG-3960E, FG3980E, FG-2000E, FG- 2500E FortiGate 5000 Series: FG-5001C, FG-5001D, FG-5001E, FG-5001E1 FortiGate 6000 Series: FG-6300F, FG-6301F, FG-6500F, FG-6501F FortiGate 7000 Series: FG-7030E-Q, FG-7030E-S, FG-7040E-1, FG-7040E-2, FG-7040E- 3, FG-7040E-4, FG-7040E-5, FG-7040E-6, FG-7040E-8, FG-7040E-8-DC, FG-7060E-1, FG- 7060E-2, FG-7060E-3, FG-7060E-4, FG-7060E-5, FG-7060E-6, FG-7060E-8 FortiGate DC: FG-80C-DC, FG-600C-DC, FG-800C-DC, FG-800D-DC, FG-1000C-DC, FG- 1500D-DC, FG-3000D-DC, FG-3100D-DC, FG-3200D-DC, FG-3240C-DC, FG-3600C-DC, FG-3700D-DC, FG-3800D-DC, FG-3810D-DC, FG-3815DC FortiGate Hardware Low Encryption: FG-80C-LENC, FG-100D-LENC, FG-600C-LENC, FG-1000C-LENC Note: All license-based LENC is supported based on the FortiGate support list. FortiWiFi: FWF-30D, FWF-30D-POE, FWF-30E, FWF-30E-3G4G-INTL, FWF-30E-3G4G- NAM, FWF-50E, FWF-50E-2R, FWF-51E, FWF-60D, FWF-60D-POE, FWF-60E-DSL, FWF- 60E, FWF-61E, FWF-80CM, FWF-81CM, FWF-90D, FWF-90D-POE, FWF-92D FortiGate VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64-AWSONDEMAND, FG- VM64-HV, FG-VM64-KVM, FG-VM64-OPC, FG-VM64-XEN, FG-VMX-Service-Manager, FOS-VM64, FOS-VM64-KVM FortiGate Rugged: FGR-30D, FGR-30D-ADSL-A, FGR-35D, FGR-60D, FGR-90D FortiGate: FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-40C, FG-60C, FG-60C- POE, FG-60C-SFP, FG-60D, FG-60D-3G4G-VZW, FG-60D-POE, FG-70D, FG-70D-POE, FG-80C, FG-80CM, FG-80D, FG-90D, FG-90D-POE, FG-92D, FG-94D-POE, FG-98D-POE, FG-100D, FG-110C, FG-111C, FG-140D, FG-140D-POE, FG-140D-POE-T1, FG-200B, FG- 200B-POE, FG-200D, FG-200D-POE, FG-240D, FG-240D-POE, FG-280D-POE, FG-300C, FG-300D, FG-310B, FG-311B, FG-400D, FG-500D, FG-600C, FG-600D, FG-620B, FG- 621B, FG-800C, FG-800D, FG-900D, FG-1000C, FG-1000D, FG-1200D, FG-1240B, FG- 1500D, FG-1500DT, FG-3000D, FG-3016B, FG-3040B, FG-3100D, FG-3140B, FG-3200D, FG-3240C, FG-3600C,FG-3700D, FG-3700DX, FG-3810A, FG-3810D, FG-3815D, FG- 3950B, FG-3951B 5.4 5.2
Product Integration and Support 19 FortiGate 5000 Series: FG-5001A, FG-5001A-SW, FG-5001A-LENC, FG-5001A-DW- LENC, FG-5001A-SW-LENC, FG-5001B, FG-5001C, FG-5001D, FG-5101C FortiGate DC: FG-80C-DC, FG-300C-DC, FG-310B-DC, FG-600C-DC, FG-620B-DC, FG- 621B-DC, FG-800C-DC, FG-800D-DC, FG-1000C-DC, FG-1240B-DC, FG-1500D-DC, FG- 3000D-DC, FG-3040B-DC, FG-3100D-DC, FG-3140B-DC, FG-3200D-DC, FG-3240C-DC, FG-3600C-DC, G-3700D-DC, FG-3810A-DC, FG-3810D-DC, FG-3815D-DC, FG-3950B-DC, FG-3951B-DC FortiGate Low Encryption: FG-20C-LENC, FG-40C-LENC, FG-60C-LENC, FG-80C- LENC, FG-100D-LENC, FG-200B-LENC, FG-300C-LENC, FG-310B-LENC, FG-600C-LENC, FG-620B-LENC, FG-1000C-LENC, FG-1240B-LENC, FG-3040B-LENC, FG-3140B-LENC, FG-3810A-LENC, FG-3950B-LENC FortiWiFi: FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-40C, FWF-60C, FWF-60CM, FWF-60CX-ADSL-A, FWF-60D, FWF-60D-3G4G-VZW, FWF-60D-POE, FWF- 80CM, FWF-81CM, FWF-90D, FWF-90D-POE, FWF-92D FortiGate Rugged: FGR-60D, FGR-100C FortiGate VM: FG-VM, FG-VM64, FG-VM64-AWSONDEMAND, FG-VM-Azure, FG-VM64- HV, FG-VM64-KVM, FG-VM64-XEN FortiSwitch: FS-5203B, FCT-5902D FortiCarrier s FortiCarrier: FGT-3000D, FGT-3100D, FGT-3200D, FGT-3700D, FGT-3800D, FGT- 3810D, FGT-3960E, FGT-3980E, FGT-5001D, FGT-5001E FortiCarrier-DC: FGT-3000D-DC, FGT-3100D-DC, FGT-3200D-DC, FGT-3700D-DC, FGT- 3800D-DC, FGT-3810D-DC, FGT-3960E-DC, FGT-3980E-DC FortiCarrier-VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64-Azure, FG-VM64-GCP, FG-VM64-HV, FG-VM64-KVM, FG-VM64-OPC, FG-VM64-Xen FortiCarrier: FGT-3000D, FGT-3100D, FGT-3200D, FGT-3240C, FGT-3600C, FGT- 3700D, FGT-3700DX, FGT-3800D, FGT-3810D, FGT-3960E, FGT-3980E, FGT-5001C, FGT-5001D, FGT-5001E FortiCarrier-DC: FGT-3000D-DC, FGC-3100D-DC, FGT-3200D-DC, FGT-3240C-DC, FGT-3600C-DC, FGT-3700D-DC, FGT-3800D-DC, FGT-3810D-DC, FGT-3960E-DC, FGT- 3980E-DC FortiCarrier-VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64-AWS-AWSONDEMAND, FG-VM64-Azure, FG-VM64-GCP, FG-VM64-HV, FG-VM64-KVM, FG-VM64-OPC, FG- VM64-Xen FortiCarrier: FGT-3000D, FGT-3100D, FGT-3200D, FGT-3240C, FGT-3600C, FGT- 3700D, FGT-3700DX, FGT-3800D, FGT-3810D, FGT-5001C, FGT-5001D, FGT-7030E, FGT-7040E FortiCarrier-DC: FGT-3000D-DC, FGC-3100D-DC, FGT-3200D-DC, FGT-3240C-DC, FGT-3600C-DC, FGT-3700D-DC, FGT-3800D-DC, FGT-3810D-DC 6.0 5.6 5.4
Product Integration and Support 20 FortiCarrier-VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64-AWS-AWSONDEMAND, FG-VM64-Azure, FG-VM64-HV, FG-VM64-KVM, FG-VM64-OPC, FG-VM64-Xen FortiCarrier: FGT-3000D, FGT-3100D, FGT-3200D, FGT-3240C, FGT-3600C, FGT- 3700D, FGT-3700DX, FGT-3810A, FGT-3810D, FGT-3950B, FGT-3951B, FGT-5100B, FGT-5100C, FGT-5001D, FGT-5101C, FS-5203B, FT-5902D FortiCarrier-DC: FGT-3000D-DC, FGT-3100D-DC, FGT-3200D-DC, FGT-3240C-DC, FGT- 3600C-DC, FGT-3700D-DC, FGT-3810A-DC, FGT-3810D-DC, FGT-3950B-DC, FGT- 3951B-DC FortiCarrier-VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64-AWS-AWSONDEMAND, FG-VM64-HV, FG-VM64-KVM, FG-VM64-Xen 5.2 FortiDDoS models FortiDDoS: FI-200B, FI400B, FI-600B, FI-800B, FI-900B, FI-1000B, FI-1200B, FI-2000B, FI-3000B 4.2, 4.1, 4.0 FortiAnalyzer models FortiAnalyzer: FAZ-200D, FAZ-300D, FAZ-400E, FAZ-1000D, FAZ-1000E, FAZ-2000B, FAZ-3000D, FAZ-3000E, FAZ-3000F, FAZ-3500E, FAZ-3500F, and FAZ-3900E. 5.6 FortiAnalyzer VM: FAZ-VM64, FAZ-VM64-AWS, FMG-VM64-Azure, FAZ-VM64-HV, FAZ- VM64-KVM, and FAZ-VM64-XEN (Citrix XenServer and Open Source Xen). FortiAnalyzer: FAZ-200D, FAZ-300D, FAZ-400E, FAZ-1000D, FAZ-1000E, FAZ-2000B, FAZ-2000E, FAZ-3000D, FAZ-3000E, FAZ-3000F, FAZ-3500E, FAZ-3500F, FAZ-3900E, and FAZ-4000B. 5.4 FortiAnalyzer VM: FAZ-VM64, FMG-VM64-Azure, FAZ-VM64-HV, FAZ-VM64-XEN (Citrix XenServer and Open Source Xen), FAZ-VM64-KVM, and FAZ-VM64-AWS. FortiAnalyzer: FAZ-100C, FAZ-200D, FAZ-300D, FAZ-400C, FAZ-400E, FAZ-1000C, FAZ- 1000D, FAZ-1000E, FAZ-2000B, FAZ-3000D, FAZ-3000E, FAZ-3000F, FAZ-3500E, FAZ- 3500F, FAZ-3900E, FAZ-4000B FortiAnalyzer VM: FAZ-VM, FAZ-VM-AWS, FAZ-VM64, FAZ-VM64-Azure, FAZ-VM64-HV, FAZ-VM64-KVM, FAZ-VM64-XEN FortiAnalyzer: FAZ-100C, FAZ-200D, FAZ-300D, FAZ-400B, FAZ-400C, FAZ-400E, FAZ- 1000B, FAZ-1000C, FAZ-1000D, FAZ-1000E, FAZ-2000A, FAZ-2000B, FAZ-3000D, FAZ- 3000E, FAZ-3000F, FAZ-3500E, FAZ-3500F, FAZ-4000A, FAZ-4000B FortiAnalyzer VM: FAZ-VM, FAZ-VM64, FAZ-VM64-AWS, FAZ-VM64-Azure, FAZ-VM64- HV, FAZ-VM-KVM, FAZ-VM-XEN 5.2 5.0
Product Integration and Support 21 FortiMail models FortiMail: FE-60D, FE-200D, FE-200E, FE-400C, FE-400E, FE-1000D, FE-2000B, FE- 2000E, FE-3000C, FE-3000D, FE-3000E, FE-3200E, FE-5002B FortiMail Low Encryption: FE-3000C-LENC FortiMail VM: FE-VM64, FE-VM64-HV, FE-VM64-XEN FortiMail: FE-60D, FE-200D, FE-200E, FE-400C, FE-400E, FE-1000D, FE-2000B, FE- 3000C, FE-3000D, FE-5002B FortiMail VM: FE-VM64, FE-VM64-HV, FE-VM64-XEN FortiMail: FE-100C, FE-200D, FE-200E, FE-400B, FE-400C, FE-400E, FE-1000D, FE- 2000B, FE-3000C, FE-3000D, FE-5001A, FE-5002B FortiMail VM: FE-VM64 FortiMail: FE-100C, FE-200D, FE-200E, FE-400B, FE-400C, FE-1000D, FE-2000A, FE- 2000B, FE-3000C, FE-3000D, FE-4000A, FE-5001A, FE-5002B FortiMail VM: FE-VM64 5.3.7 5.2.8 5.1.6 5.0.10 FortiSandbox models FortiSandbox: FSA-1000D, FSA-2000E, FSA-3000D, FSA-3000E, FSA-3500D FortiSandbox VM: FSA-VM FortiSandbox: FSA-1000D, FSA-3000D, FSA-3500D FortiSandbox VM: FSA-VM FortiSandbox: FSA-1000D, FSA-3000D FortiSandbox VM: FSA-VM 2.4.0 2.3.2 2.2.0 2.1.0 2.0.0 1.4.2 FortiSandbox: FSA-1000D, FSA-3000D 1.4.0 and 1.4.1 1.3.0 1.2.0 and later FortiSwitch ACTA models FortiController: FTCL-5103B, FTCL-5902D, FTCL-5903C, FTCL-5913C 5.2.0 FortiSwitch-ATCA: FS-5003A, FS-5003B FortiController: FTCL-5103B, FTCL-5903C, FTCL-5913C 5.0.0 FortiSwitch-ATCA: FS-5003A, FS-5003B 4.3.0 4.2.0
Product Integration and Support 22 FortiWeb models FortiWeb: FWB-2000E 5.6.0 FortiWeb: FWB-100D, FWB-400C, FWB-400D, FWB-1000C, FWB-1000D, FWB-3000C, FWB-3000CFSX, FWB-3000D, FWB-3000DFSX, FWB-3000E, FWB-3010E, FWB-4000C, FWB-4000D, FWB-4000E 5.5.3 FortiWeb VM: FWB-VM-64, FWB-XENAWS, FWB-XENOPEN, FWB-XENSERVER, FWB- HYPERV, FWB-KVM, FWB-AZURE FortiWeb: FWB-100D, FWB-400C, FWB-1000C, FWB-3000C, FWB-3000CFSX, FWB- 3000D, FWB-3000DFSX, FWB-3000E, FWB-4000C, FWB-4000D, FWB-4000E 5.4.1 FortiWeb VM: FWB-VM64, FWB-XENAWS, FWB-XENOPEN, FWB-XENSERVER, FWB- HYPERV FortiWeb: FWB-100D, FWB-400B, FWB-400C, FWB-1000B, FWB-1000C, FWB-1000D, FWB-3000C, FWB-3000CFSX, FWB-3000D, FWB-3000DFSX, FWB-3000E, FWB-4000C, FWB-4000D, FWB-4000E 5.3.8 FortiWeb VM: FWB-VM64, FWB-XENAWS, FWB-XENOPEN, FWB-XENSERVER, and FWB-HYPERV FortiWeb: FWB-100D, FWB-400B, FWB-400C, FWB-1000B, FWB-1000C, FWB-1000D, FWB-3000C, FWB-3000CFSX, FWB-3000D, FWB-3000DFSX, FWB-3000E, FWB-4000C, FWB-4000D, FWB-4000E FortiWeb VM: FWB-VM64, FWB-HYPERV,FWB-XENAWS, FWB-XENOPEN, FWB- XENSERVER 5.2.4 FortiCache models FortiCache: FCH-400C, FCH-400E, FCH-1000C, FCH-1000D, FCH-3000C, FCH-3000D, FCH-3900E FortiCache VM: FCH-VM64 4.0 FortiProxy models FortiProxy: FPX-400E, FPX-2000E FortiProxy VM: FPX-KVM, FPX-VM64 1.0
Product Integration and Support 23 FortiAuthenticator models FortiAuthenticator: FAC-200D, FAC-200E, FAC-400C, FAC-400E, FAC-1000C, FAC- 1000D, FAC-3000B, FAC-3000D, FAC-3000E, FAC-VM 4.0 and 4.1 FortiGate models FortiGate: FG-30D, FG-30D-POE, FG-30E, FG-30E-3G4G-INTL, FG-30E-3G4G-NAM, FG50E, FG-51E, FG-52E, FG-60D, FG-60D-POE, FG-60E, FG-60E-POE, FG-61E, FG-70D, FG-70D-POE, FG-80D, FG-80E, FG-80E-POE, FG-81E, FG-81E-POE, FG-90D, FG-90D- POE, FG-90E, FG-91E, FG-92D, FG-94D-POE, FG-98D-POE, FG-100D, FG-100E, FG- 100EF, FG-101E, FG-140D, FG-140D-POE, FG-140E, FG-140E-POE, FG200D, FG-200D- POE, FG-200E, FG-201E, FG-240D, FG-240-POE, FG-280D-POE, FG300D, FG-300E, FG- 301E, FG-400D, FG-500D, FG-500E, FG-501E, FG-600D, FG-800D, FG-900D, FG-1000D, FG-1200D, FG-1500D, FG-1500DT, FG-2000E, FG-2500E, FG-3000D, FG-3100D, FG- 3200D, FG-3600C, FG3700D, FG-3800D, FG-3810D, FG-3815D, FG-3960E, FG-3980E FortiGate 5000 Series: FG-5001D, FG-5001E, FG-5001E1 FortiGate DC: FG1500D-DC, FG-3000D-DC, FG-3100D-DC, FG-3200D-DC, FG-3700D- DC, FG-3800D-DC, FG-3810D-DC, FG-3815D-DC FortiGate Hardware Low Encryption: FG-100D-LENC, FG-600C-LENC Note: All license-based LENC is supported based on the FortiGate support list. FortiWiFi: FWF-30D, FWF-30E, FWF-30E-3G4G-INTL, FWF-30E-3G4G-NAM, FWF-50E, FWF-50E-2R, FWF-51E, FWF-60D, FWF-60D-POE, FWF-60E, FWF-61E, FWF-90D, FWF- 90D-POE, FWF-92D FortiGate VM: FG-VM64, FG-VM64-AWS, FG-VM64-AWSONDEMAND, FG-VM64- AZUREONDEMAND, FG-VM64-Azure, FG-VM64-GCP,VM64-GCPONDEMAND, FG-VM64- HV, FG-VM64-KVM, FG-VM64-OPC, FG-VM64-XEN, FG-VMX-Service-Manager, FOS- VM64, FOS-VM64-KVM, FOS-VM64-Xen FortiGate Rugged: FGR-30D, FGR-35D, FGR-60D, FGR-90D FortiGate: FG-30D, FG-30D-POE, FG-30E, FG-30E-3G4G-INTL, FG-30E-3G4G-NAM, FG- 50E, FG-51E, FG-52E, FG-60D, FG-60D-POE, FG-60E, FG-60E-POE, FG-60E-DSL, FG- 61E, FG-70D, FG-70D-POE, FG-80C, FG-80CM, FG-80D, FG-80E, FG-80E-POE, FG-81E, FG-81E-POE, FG-90D, FG-90D-POE, FG-90E, FG-91E, FG-92D, FG-94D-POE, FG-98D- POE, FG-100D, FG-100E, FG-100EF, FG-101E, FG-140D, FG-140D-POE, FG-140E, FG- 140E-POE, FG-200D, FG-200D-POE, FG-200E, FG-201E, FG-240D, FG-240-POE, FG- 280D-POE, FG-300D, FG-300E, FG-301E, FG-400D, FG-500D, FG-500E, FG-501E, FG- 600C,FG-600D, FG-800C, FG-800D, FG-900D, FG-1000C, FG-1000D, FG-1200D, FG- 1500D, FG-1500DT, FG-2000E, FG-2500E, FG-3000D, FG-3100D, FG-3200D, FG-3240C, FG-3600C, FG-3700D, FG-3700DX, FG-3800D, FG-3810D, FG-3815D, FG-3960E, FG- 3980E, FortiGate 5000 Series: FG-5001C, FG-5001D, FG-5001E, FG-5001E1 6.0 5.6
Product Integration and Support 24 FortiGate DC: FG-80C-DC, FG-600C-DC, FG-800C-DC, FG-800D-DC, FG-1000C-DC, FG- 1500D-DC, FG-3000D-DC, FG-3100D-DC, FG-3200D-DC, FG-3240C-DC, FG-3600C-DC, FG-3700D-DC, FG-3800D-DC, FG-3810D-DC, FG-3815D-DC FortiGate Hardware Low Encryption: FG-80C-LENC, FG-100D-LENC, FG-600C-LENC, FG-1000C-LENC Note: All license-based LENC is supported based on the FortiGate support list. FortiWiFi: FWF-30D, FWF-30D-POE, FWF-30E, FWF-30E-3G4G-INTL, FWF-30E-3G4G- NAM, FWF-50E, FWF-50E-2R, FWF-51E, FWF-60D, FWF-60D-POE, FWF-60E, FWF-61E, FWF-80CM, FWF-81CM, FWF-90D, FWF-90D-POE, FWF-92D FortiGate VM: FG-VM64, FG-VM64-AWS, FG-VM64-AWSONDEMAND, FG-VM64-Azure, FG-VM64-AZUREONDEMAND, FG-VM64-GCP, FG-VM64-HV, FG-VM64-KVM, FG-VM64- OPC, FG-VM64-XEN, FG-VMX-Service-Manager, FOSVM64, FOSVM64-KVM, FOS-VM64- Xen FortiGate Rugged: FGR-30D, FGR-35D, FGR-60D, FGR-90D FortiGate: FG-30D, FG-30D-POE, FG-30E, FG-30E-3G4G-INTL, FG-30E-3G4G-NAM, FG- 50E, FG-51E, FG-52E, FG-60D, FG-60D-POE, FG-60E, FG-60E-DSL, FG-60E-POE, FG- 61E, FG-70D, FG-70D-POE, FG-80C, FG-80CM, FG-80D, FG-80E, FG-80E-POE, FG-81E, FG-81E-POE, FG-90D, FG-90D-POE,FG-90E, FG-91E, FG-92D, FG-94D-POE, FG-98D- POE, FG-100D, FG-100E, FG-100EF, FG-101E, FG-140D, FG-140D-POE, FG-140E, FG- 140-POE, FG-200D, FG-200D-POE, FG-240D, FG-240D-POE, FG-280D-POE, FG-200E, FG-201E, FGT-300D, FGT-300E, FGT-301E, FG-400D, FG-500D, FG-500E, FG-501E, FG- 600C, FG-600D, FG-800C, FG-800D, FG-900D, FG-1000C, FG-1000D, FG-1200D, FG- 1500D, FG-1500DT, FG-3000D, FG-3100D, FG-3200D, FG-3240C, FG-3600C, FG-3700D, FG-3700DX, FG 3800D, FG-3810D, FG-3815D, FG-3960E, FG3980E, FG-2000E, FG- 2500E FortiGate 5000 Series: FG-5001C, FG-5001D, FG-5001E, FG-5001E1 FortiGate 6000 Series: FG-6300F, FG-6301F, FG-6500F, FG-6501F FortiGate 7000 Series: FG-7030E-Q, FG-7030E-S, FG-7040E-1, FG-7040E-2, FG-7040E- 3, FG-7040E-4, FG-7040E-5, FG-7040E-6, FG-7040E-8, FG-7040E-8-DC, FG-7060E-1, FG- 7060E-2, FG-7060E-3, FG-7060E-4, FG-7060E-5, FG-7060E-6, FG-7060E-8 FortiGate DC: FG-80C-DC, FG-600C-DC, FG-800C-DC, FG-800D-DC, FG-1000C-DC, FG- 1500D-DC, FG-3000D-DC, FG-3100D-DC, FG-3200D-DC, FG-3240C-DC, FG-3600C-DC, FG-3700D-DC, FG-3800D-DC, FG-3810D-DC, FG-3815DC FortiGate Hardware Low Encryption: FG-80C-LENC, FG-100D-LENC, FG-600C-LENC, FG-1000C-LENC Note: All license-based LENC is supported based on the FortiGate support list. FortiWiFi: FWF-30D, FWF-30D-POE, FWF-30E, FWF-30E-3G4G-INTL, FWF-30E-3G4G- NAM, FWF-50E, FWF-50E-2R, FWF-51E, FWF-60D, FWF-60D-POE, FWF-60E-DSL, FWF- 60E, FWF-61E, FWF-80CM, FWF-81CM, FWF-90D, FWF-90D-POE, FWF-92D FortiGate VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64-AWSONDEMAND, FG- VM64-HV, FG-VM64-KVM, FG-VM64-OPC, FG-VM64-XEN, FG-VMX-Service-Manager, FOS-VM64, FOS-VM64-KVM FortiGate Rugged: FGR-30D, FGR-30D-ADSL-A, FGR-35D, FGR-60D, FGR-90D 5.4
Product Integration and Support 25 FortiGate: FG-20C, FG-20C-ADSL-A, FG-30D, FG-30D-POE, FG-40C, FG-60C, FG-60C- POE, FG-60C-SFP, FG-60D, FG-60D-3G4G-VZW, FG-60D-POE, FG-70D, FG-70D-POE, FG-80C, FG-80CM, FG-80D, FG-90D, FG-90D-POE, FG-92D, FG-94D-POE, FG-98D-POE, FG-100D, FG-110C, FG-111C, FG-140D, FG-140D-POE, FG-140D-POE-T1, FG-200B, FG- 200B-POE, FG-200D, FG-200D-POE, FG-240D, FG-240D-POE, FG-280D-POE, FG-300C, FG-300D, FG-310B, FG-311B, FG-400D, FG-500D, FG-600C, FG-600D, FG-620B, FG- 621B, FG-800C, FG-800D, FG-900D, FG-1000C, FG-1000D, FG-1200D, FG-1240B, FG- 1500D, FG-1500DT, FG-3000D, FG-3016B, FG-3040B, FG-3100D, FG-3140B, FG-3200D, FG-3240C, FG-3600C,FG-3700D, FG-3700DX, FG-3810A, FG-3810D, FG-3815D, FG- 3950B, FG-3951B FortiGate 5000 Series: FG-5001A, FG-5001A-SW, FG-5001A-LENC, FG-5001A-DW- LENC, FG-5001A-SW-LENC, FG-5001B, FG-5001C, FG-5001D, FG-5101C FortiGate DC: FG-80C-DC, FG-300C-DC, FG-310B-DC, FG-600C-DC, FG-620B-DC, FG- 621B-DC, FG-800C-DC, FG-800D-DC, FG-1000C-DC, FG-1240B-DC, FG-1500D-DC, FG- 3000D-DC, FG-3040B-DC, FG-3100D-DC, FG-3140B-DC, FG-3200D-DC, FG-3240C-DC, FG-3600C-DC, G-3700D-DC, FG-3810A-DC, FG-3810D-DC, FG-3815D-DC, FG-3950B-DC, FG-3951B-DC FortiGate Low Encryption: FG-20C-LENC, FG-40C-LENC, FG-60C-LENC, FG-80C- LENC, FG-100D-LENC, FG-200B-LENC, FG-300C-LENC, FG-310B-LENC, FG-600C-LENC, FG-620B-LENC, FG-1000C-LENC, FG-1240B-LENC, FG-3040B-LENC, FG-3140B-LENC, FG-3810A-LENC, FG-3950B-LENC FortiWiFi: FWF-20C, FWF-20C-ADSL-A, FWF-30D, FWF-30D-POE, FWF-40C, FWF-60C, FWF-60CM, FWF-60CX-ADSL-A, FWF-60D, FWF-60D-3G4G-VZW, FWF-60D-POE, FWF- 80CM, FWF-81CM, FWF-90D, FWF-90D-POE, FWF-92D FortiGate Rugged: FGR-60D, FGR-100C FortiGate VM: FG-VM, FG-VM64, FG-VM64-AWSONDEMAND, FG-VM-Azure, FG-VM64- HV, FG-VM64-KVM, FG-VM64-XEN FortiSwitch: FS-5203B, FCT-5902D 5.2 FortiCarrier models FortiCarrier: FGT-3000D, FGT-3100D, FGT-3200D, FGT-3700D, FGT-3800D, FGT- 3810D, FGT-3960E, FGT-3980E, FGT-5001D, FGT-5001E FortiCarrier-DC: FGT-3000D-DC, FGT-3100D-DC, FGT-3200D-DC, FGT-3700D-DC, FGT- 3800D-DC, FGT-3810D-DC, FGT-3960E-DC, FGT-3980E-DC FortiCarrier-VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64-Azure, FG-VM64-GCP, FG-VM64-HV, FG-VM64-KVM, FG-VM64-OPC, FG-VM64-Xen FortiCarrier: FGT-3000D, FGT-3100D, FGT-3200D, FGT-3240C, FGT-3600C, FGT- 3700D, FGT-3700DX, FGT-3800D, FGT-3810D, FGT-3960E, FGT-3980E, FGT-5001C, FGT-5001D, FGT-5001E 6.0 5.6
Product Integration and Support 26 FortiCarrier-DC: FGT-3000D-DC, FGC-3100D-DC, FGT-3200D-DC, FGT-3240C-DC, FGT-3600C-DC, FGT-3700D-DC, FGT-3800D-DC, FGT-3810D-DC, FGT-3960E-DC, FGT- 3980E-DC FortiCarrier-VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64-AWS-AWSONDEMAND, FG-VM64-Azure, FG-VM64-GCP, FG-VM64-HV, FG-VM64-KVM, FG-VM64-OPC, FG- VM64-Xen FortiCarrier: FGT-3000D, FGT-3100D, FGT-3200D, FGT-3240C, FGT-3600C, FGT- 3700D, FGT-3700DX, FGT-3800D, FGT-3810D, FGT-5001C, FGT-5001D, FGT-7030E, FGT-7040E FortiCarrier-DC: FGT-3000D-DC, FGC-3100D-DC, FGT-3200D-DC, FGT-3240C-DC, FGT-3600C-DC, FGT-3700D-DC, FGT-3800D-DC, FGT-3810D-DC FortiCarrier-VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64-AWS-AWSONDEMAND, FG-VM64-Azure, FG-VM64-HV, FG-VM64-KVM, FG-VM64-OPC, FG-VM64-Xen FortiCarrier: FGT-3000D, FGT-3100D, FGT-3200D, FGT-3240C, FGT-3600C, FGT- 3700D, FGT-3700DX, FGT-3810A, FGT-3810D, FGT-3950B, FGT-3951B, FGT-5100B, FGT-5100C, FGT-5001D, FGT-5101C, FS-5203B, FT-5902D FortiCarrier-DC: FGT-3000D-DC, FGT-3100D-DC, FGT-3200D-DC, FGT-3240C-DC, FGT- 3600C-DC, FGT-3700D-DC, FGT-3810A-DC, FGT-3810D-DC, FGT-3950B-DC, FGT- 3951B-DC FortiCarrier-VM: FG-VM, FG-VM64, FG-VM64-AWS, FG-VM64-AWS-AWSONDEMAND, FG-VM64-HV, FG-VM64-KVM, FG-VM64-Xen 5.4 5.2 FortiDDoS models FortiDDoS: FI-200B, FI400B, FI-600B, FI-800B, FI-900B, FI-1000B, FI-1200B, FI-2000B, FI-3000B 4.2, 4.1, 4.0 FortiAnalyzer models FortiAnalyzer: FAZ-200D, FAZ-300D, FAZ-400E, FAZ-1000D, FAZ-1000E, FAZ-2000B, FAZ-3000D, FAZ-3000E, FAZ-3000F, FAZ-3500E, FAZ-3500F, and FAZ-3900E. 5.6 FortiAnalyzer VM: FAZ-VM64, FAZ-VM64-AWS, FMG-VM64-Azure, FAZ-VM64-HV, FAZ- VM64-KVM, and FAZ-VM64-XEN (Citrix XenServer and Open Source Xen).
Product Integration and Support 27 FortiAnalyzer: FAZ-200D, FAZ-300D, FAZ-400E, FAZ-1000D, FAZ-1000E, FAZ-2000B, FAZ-2000E, FAZ-3000D, FAZ-3000E, FAZ-3000F, FAZ-3500E, FAZ-3500F, FAZ-3900E, and FAZ-4000B. 5.4 FortiAnalyzer VM: FAZ-VM64, FMG-VM64-Azure, FAZ-VM64-HV, FAZ-VM64-XEN (Citrix XenServer and Open Source Xen), FAZ-VM64-KVM, and FAZ-VM64-AWS. FortiAnalyzer: FAZ-100C, FAZ-200D, FAZ-300D, FAZ-400C, FAZ-400E, FAZ-1000C, FAZ- 1000D, FAZ-1000E, FAZ-2000B, FAZ-3000D, FAZ-3000E, FAZ-3000F, FAZ-3500E, FAZ- 3500F, FAZ-3900E, FAZ-4000B FortiAnalyzer VM: FAZ-VM, FAZ-VM-AWS, FAZ-VM64, FAZ-VM64-Azure, FAZ-VM64-HV, FAZ-VM64-KVM, FAZ-VM64-XEN FortiAnalyzer: FAZ-100C, FAZ-200D, FAZ-300D, FAZ-400B, FAZ-400C, FAZ-400E, FAZ- 1000B, FAZ-1000C, FAZ-1000D, FAZ-1000E, FAZ-2000A, FAZ-2000B, FAZ-3000D, FAZ- 3000E, FAZ-3000F, FAZ-3500E, FAZ-3500F, FAZ-4000A, FAZ-4000B FortiAnalyzer VM: FAZ-VM, FAZ-VM64, FAZ-VM64-AWS, FAZ-VM64-Azure, FAZ-VM64- HV, FAZ-VM-KVM, FAZ-VM-XEN 5.2 5.0 FortiMail models FortiMail: FE-60D, FE-200D, FE-200E, FE-400C, FE-400E, FE-1000D, FE-2000B, FE- 2000E, FE-3000C, FE-3000E, FE-3200E FortiMail Low Encryption: FE-3000C-LENC FortiMail: FE-60D, FE-200D, FE-200E, FE-400C, FE-400E, FE-1000D, FE-2000B, FE- 2000E, FE-3000C, FE-3000D, FE-3000E, FE-3200E, FE-5002B FortiMail Low Encryption: FE-3000C-LENC FortiMail VM: FE-VM64, FE-VM64-HV, FE-VM64-XEN FortiMail: FE-60D, FE-200D, FE-200E, FE-400C, FE-400E, FE-1000D, FE-2000B, FE- 3000C, FE-3000D, FE-5002B FortiMail VM: FE-VM64, FE-VM64-HV, FE-VM64-XEN FortiMail: FE-100C, FE-200D, FE-200E, FE-400B, FE-400C, FE-400E, FE-1000D, FE- 2000B, FE-3000C, FE-3000D, FE-5001A, FE-5002B FortiMail VM: FE-VM64 FortiMail: FE-100C, FE-200D, FE-200E, FE-400B, FE-400C, FE-1000D, FE-2000A, FE- 2000B, FE-3000C, FE-3000D, FE-4000A, FE-5001A, FE-5002B FortiMail VM: FE-VM64 5.4.5 5.3.12 5.2.10 5.1.7 5.0.10
Product Integration and Support 28 FortiSandbox models FortiSandbox: FSA-1000D, FSA-2000E, FSA-3000D, FSA-3000E, FSA-3500D FortiSandbox VM: FSA-KVM, FSA-VM FortiSandbox: FSA-1000D, FSA-2000E, FSA-3000D, FSA-3000E, FSA-3500D FortiSandbox VM: FSA-VM FortiSandbox: FSA-1000D, FSA-3000D, FSA-3500D FortiSandbox VM: FSA-VM FortiSandbox: FSA-1000D, FSA-3000D FortiSandbox VM: FSA-VM 2.5.2 2.4.1 2.3.3 2.2.0 2.1.3 2.0.3 1.4.2 FortiSandbox: FSA-1000D, FSA-3000D 1.4.0 and 1.4.1 1.3.0 1.2.0 and later FortiSwitch ATCA models FortiController: FTCL-5103B, FTCL-5902D, FTCL-5903C, FTCL-5913C 5.2.0 FortiSwitch-ATCA: FS-5003A, FS-5003B FortiController: FTCL-5103B, FTCL-5903C, FTCL-5913C 5.0.0 FortiSwitch-ATCA: FS-5003A, FS-5003B 4.3.0 4.2.0 FortiWeb models FortiWeb: FWB-1000D, FWB-1000E, FWB-100D, FWB-2000E, FWB-3000C, FWB- 3000CFSX, FWB-3000D, FWB-3000DFSX, FWB-3000E, FWB-3010E, FWB-4000C, FWB- 4000D, FWB-4000E, FWB-400C, FWB-400D, FWB-600D FortiWeb VM: FWB-Azure, FWB-CMINTF, FWB-HYPERV, FWB-KVM, FWB-KVM-PAYG, FWB-VM, FWB-VM-PAYG, FWB-XENAWS, FWB-XENAWS-Ondemand, FWB-XENOPEN FortiWeb: FWB-1000C, FWB-1000D, FWB-1000E, FWB-100D, FWB-2000E, FWB-3000C, FWB-3000CFSX, FWB-3000D, FWB-3000DFSX, FWB-3000E, FWB-3010E, FWB-4000C, FWB-4000D, FWB-4000E, FWB-400C, FWB-400D, FWB-600D FortiWeb VM: FWB-Azure, FWB-Azure-Ondemand, FWB-CMINTF, FWB-HYPERV, FWB- KVM, FWB-KVM-PAYG, FWB-VM, FWB-VM-PAYG, FWB-XENAWS, FWB-XENAWS- Ondemand, FWB-XENOPEN 5.9.1 5.8.6
Product Integration and Support 29 FortiWeb: FWB-1000C, FWB-1000D, FWB-100D, FWB-2000E, FWB-3000C, FWB- 3000CFSX, FWB-3000D, FWB-3000DFSX, FWB-3000E, FWB-3010E, FWB-4000C, FWB- 4000D, FWB-4000E, FWB-400C, FWB-400D, FWB-600D FortiWeb VM: FWB-Azure, FWB-HYPERV, FWB-KVM, FWB-OS1, FWB-VM, FWB- XENAWS, FWB-XENAWS-Ondemand, FWB-XENOPEN FortiWeb: FWB-1000C, FWB-1000D, FWB-100D, FWB-2000E, FWB-3000C, FWB- 3000CFSX, FWB-3000D, FWB-3000DFSX, FWB-3000E, FWB-3010E, FWB-4000C, FWB- 4000D, FWB-4000E, FWB-400C, FWB-400D, FWB-600D FortiWeb VM: FWB-Azure, FWB-HYPERV, FWB-KVM, FWB-VM, FWB-XENAWS, FWB- XENAWS-Ondemand, FWB-XENOPEN FortiWeb: FWB-100D, FWB-400C, FWB-400D, FWB-1000C, FWB-1000D, FWB-3000C, FWB-3000CFSX, FWB-3000D, FWB-3000DFSX, FWB-3000E, FWB-3010E, FWB-4000C, FWB-4000D, FWB-4000E 5.7.2 5.6.1 5.5.6 FortiWeb VM: FWB-VM-64, FWB-XENAWS, FWB-XENOPEN, FWB-XENSERVER, FWB- HYPERV, FWB-KVM, FWB-AZURE FortiWeb: FWB-100D, FWB-400C, FWB-1000C, FWB-3000C, FWB-3000CFSX, FWB- 3000D, FWB-3000DFSX, FWB-3000E, FWB-4000C, FWB-4000D, FWB-4000E 5.4.1 FortiWeb VM: FWB-VM64, FWB-XENAWS, FWB-XENOPEN, FWB-XENSERVER, FWB- HYPERV FortiWeb: FWB-100D, FWB-400B, FWB-400C, FWB-1000B, FWB-1000C, FWB-1000D, FWB-3000C, FWB-3000CFSX, FWB-3000D, FWB-3000DFSX, FWB-3000E, FWB-4000C, FWB-4000D, FWB-4000E 5.3.9 FortiWeb VM: FWB-VM64, FWB-XENAWS, FWB-XENOPEN, FWB-XENSERVER, and FWB-HYPERV FortiWeb: FWB-100D, FWB-400B, FWB-400C, FWB-1000B, FWB-1000C, FWB-1000D, FWB-3000C, FWB-3000CFSX, FWB-3000D, FWB-3000DFSX, FWB-3000E, FWB-4000C, FWB-4000D, FWB-4000E FortiWeb VM: FWB-VM64, FWB-HYPERV,FWB-XENAWS, FWB-XENOPEN, FWB- XENSERVER 5.2.4 FortiCache models FortiCache: FCH-400C, FCH-400E, FCH-1000C, FCH-1000D, FCH-3000C, FCH-3000D, FCH-3900E FortiCache VM: FCH-VM64 4.0
Product Integration and Support 30 FortiProxy models FortiProxy: FPX-400E, FPX-2000E FortiProxy VM: FPX-KVM, FPX-VM64 1.0 FortiAuthenticator models FortiAuthenticator: FAC-200D, FAC-200E, FAC-400C, FAC-400E, FAC-1000C, FAC- 1000D, FAC-3000B, FAC-3000D, FAC-3000E, FAC-VM 4.0 and 4.1
Fmg 5.6.6 Upgrade Guide Download
Compatibility with FortiOS Versions This section highlights compatibility issues that administrators should be aware of in FortiManager 6.0.2. Compatibility issues have been identified for the following FortiOS releases: FortiOS 6.0 FortiOS 6.0.3 compatibility issues on page 31 FortiOS 5.6 FortiOS 5.6.6 compatibility issues on page 31 FortiOS 5.6.4 compatibility issues on page 32 FortiOS 5.6.3 compatibility issues on page 32 FortiOS 5.6.0 and 5.6.1 compatibility issues on page 32 FortiOS 5.4 FortiOS 5.4.10 compatibility issues on page 33 FortiOS 5.4.9 compatibility issues on page 33 FortiOS 5.2 FortiOS 5.2.10 compatibility issues on page 33 FortiOS 5.2.7 compatibility issues on page 34 FortiOS 5.2.6 compatibility issues on page 34 FortiOS 5.2.1 compatibility issues on page 34 FortiOS 5.2.0 compatibility issues on page 34 FortiOS 6.0.3 compatibility issues The following table lists known interoperability issues that have been identified with FortiManager version 6.0.2 and FortiOS version 6.0.3. Bug ID Description 516113 Install verification may fail on policy status field. For details, see the following Special Notice: FortiManager 6.0.2 support for FortiOS 6.0.3 on page 7. 516242 Install verification may fail on the wtp profile s handoff-sta-thresh parameter. FortiOS 5.6.6 compatibility issues The following table lists known interoperability issues that have been identified with FortiManager version 5.6.5 and FortiOS version 5.6.6.
Compatibility with FortiOS Versions 32 Bug ID Description 513066 FortiManager 5.6.5 does not support the following new value in FortiOS 5.6.6: system sdn-connector command with the azure-region variable set to germany usgov local. If set on FortiGate, the values will be unset during the next configuration installation from FortiManager. 513069 FortiManager 5.6.5 does not support the following new value in FortiOS 5.6.6: system snmp user command with the community events variable set to av-oversizeblocked or faz-disconnect. If set on FortiGate, the values will be unset during the next configuration installation from FortiManager. FortiOS 5.6.4 compatibility issues The following table lists interoperability issues that have been identified with FortiManager version 5.6.3 and FortiOS 5.6.4. Bug ID Description 486921 FortiManager may not be able to support the syntax for the following objects: rsso-endpoint-block-attribute, rsso-endpoint-block-attribute, or sso-attribute for RADIUS users. sdn and its filter attributes for firewall address objects. azure SDN connector type. ca-cert attribute for LDAP users. FortiOS 5.6.3 compatibility issues The following table lists interoperability issues that have been identified with FortiManager version 5.6.1 and FortiOS 5.6.3. Bug ID Description 469993 FortiManager has a different default value for switch-controller-dhcp-snooping from that on FortiGate. FortiOS 5.6.0 and 5.6.1 compatibility issues The following table lists interoperability issues that have been identified with FortiManager version 5.6.0 and FortiOS 5.6.0 and 5.6.1.
Compatibility with FortiOS Versions 33 Bug ID Description 451036 FortiManager may return verification error on proxy enable when installing a policy package. 460639 FortiManager may return verification error on wtp-profile when creating a new VDOM. FortiOS 5.4.10 compatibility issues The following table lists interoperability issues that have been identified with FortiManager version 5.4.5 and FortiOS 5.4.10. Bug ID Description 508337 FortiManager cannot edit the following configurations for replacement message: system replacemsg mail 'email-decompress-limit' system replacemsg mail 'smtp-decompress-limit' system replacemsg nntp 'email-decompress-limit' FortiOS 5.4.9 compatibility issues The following table lists interoperability issues that have been identified with FortiManager version 5.6.3 and FortiOS 5.4.9. Bug ID Description 486592 FortiManager may report verification failure on the following attributes for RADIUS users: rsso-endpoint-attribute rsso-endpoint-block-attribute sso-attribute FortiOS 5.2.10 compatibility issues The following table lists interoperability issues that have been identified with FortiManager version 5.4.1 and FortiOS 5.2.10. Bug ID Description 397220 FortiOS 5.2.10 increased the maximum number of the firewall schedule objects for 1U and 2U+ appliances. As a result, a retrieve may fail if more than the maximum objects are configured.
Compatibility with FortiOS Versions 34 FortiOS 5.2.7 compatibility issues The following table lists interoperability issues that have been identified with FortiManager version 5.2.6 and FortiOS 5.2.7. Bug ID Description 365757 Retrieve may fail on LDAP User Group if object filter has more than 511 characters. 365766 Retrieve may fail when there are more than 50 portals within a VDOM. 365782 Install may fail on system global optimize or system fips-cc entropy-token. FortiOS 5.2.6 compatibility issues The following table lists interoperability issues that have been identified with FortiManager version 5.2.4 and FortiOS 5.2.6. Bug ID Description 308294 1) New default wtp-profile settings on FOS 5.2.6 cause verification errors during installation. 2) FortiManager only supports 10,000 firewall addresses while FortiOS 5.2.6 supports 20,000 firewall addresses. FortiOS 5.2.1 compatibility issues The following table lists interoperability issues that have been identified with FortiManager version 5.2.1 and FortiOS version 5.2.1. Bug ID Description 262584 When creating a VDOM for the first time it fails. 263896 If it contains the certificate: Fortinet_CA_SSLProxy or Fortinet_SSLProxy, retrieve may not work as expected. FortiOS 5.2.0 compatibility issues The following table lists known interoperability issues that have been identified with FortiManager version 5.2.1 and FortiOS version 5.2.0.
Compatibility with FortiOS Versions 35 Bug ID Description 262584 When creating a VDOM for the first time it fails. 263949 Installing a VIP with port forwarding and ICMP to a 5.2.0 FortiGate fails.
Resolved Issues The following issues have been fixed in 6.0.2. For inquires about a particular bug, please contact Customer Service & Support. Bug ID Description 297365 Install copy failure when configuring vwl (SD-WAN) interface used in a VIP. 389325 1178/B1473: Retrieved revision config shows clear password for user LDAP and FSSO password. 399893 Device Manager cannot show named address in the router table Destination field. 411796 Section title does not show in Proxy Policy list page. 435634 If external interface is zone for VIP group, you must support dynamic mapping config to select zone member interface. 437115 B1187/1670/0092: From Device Manager, installation of static route with WLLB interface fails. 441826 Cannot uncheck all policies. 441876 Hidden ssl-ssh-profile named 'certificate-inspection' is displayed after importing a FortiGate configuration, even when UTM is disabled. 443008 Install 'set rpc-over-http enable' and 'mapi-over-https' when FortiManager and FortiGate are upgrading from 5.4.1. 452689 Radius admin with profile and ADOM enabled receives a 'No Permission' error when trying to log in. 453702 Unable to filter policies by using Hit Count, Bytes, Packets, First Used, Last Used as is possible on FortiGate. 462712 Improvement on policy table scroll and table component usibility. 462851 The ha-direct option is not available for SNMP v3 in provisioning templates. 463662 Unable to move added columns in Policy Package header. The cursor gets stuck while moving columns in Policy Package header. 464267 Deleting a VDOM on FortiManager displays a pop-up message, which quickly disappears, and no details of VDOM references are given. 465511 Task Monitor does not give exact status of total and pending tasks when automatic-install is performed from Global ADOM. 469405 The uma_upd process crashes every second and quickly fills the disk. 472726 Not possible to add or edit bookmarks in VPN Manager when workflow mode is enabled. 473973 Drag-and-drop method allows profiles and profile groups to coexist in a single policy.
Resolved Issues 37 Bug ID Description 474241 Cannot set HA reserved management interface IP as same subnet with another interface from FortiManager. 474270 In GUI, enable advanced options in GTP profile edit page. 474712 Auto-backup process does not work and results in out-of-sync FortiGate configuration in Backup ADOM. 475483 Static route with named address gives the following error: 'router/static/2/ : dstaddr '<address_name>' does not allow routing.' 476220 Unable to edit Objects from the Explicit Proxy Policy view on a 5.4 ADOM 476227 In Workspace mode, the Policy Column Filters and its search results are cleared when the ADOM is locked by others. 477678 Add GUI support for 'admin-scp' in the Provisioning Template widget. 478047 Add an option to disable dynamic mappings caused by different address comments. 480080 Unsetting adom-mode does not set expected 'normal' mode. 480400 Device Manager > System Information does not display correct FortiGate system time. 480991 Verification fails when using 'assign-ip-from usrgrp' in Device Manager VPN. 481378 The youtube-restrict option should not be visible in the GUI when creating a DNS Filter with safe-search disabled. 481873 1678: New firewall address object must not contain a default value of 0.0.0.0/0.0.0.0. 481991 Central SNAT Policy - NAT checkbox is unchecked all the time. 482929 Unable to write/change the scripts details on FortiManager 5.6.3 when using Internet Explorer version 11. 484578 FortiManager unsets CASI profiles configured in 5.4 ADOM explicit proxy policy - identity policy 484608 Dialup VPN configuration fails when peer type is set to dialup group. 486536 Policy package install fails due to 'VIP overlap' error with FQDN VIP. 487177 Unable to run script when device lock is enabled. 487425 0092: Policy package status is incorrectly changed (or not properly updated) when making changes to device groups used in policy targets. 487995 Unable to import CA certificate to ADOM. 488159 Multiple policy package statuses changed to modified after changing one policy package. 489045 Installation failure when trying to configure an Explicit Web Proxy HTTPS service with the same port value as HTTP. 489545 VDOMs are not sorted in alphabetical order under managed FortiGate tree view. 489721 An installation error appears for 'switch-controller-dhcp-snooping' after installing a NAT
Resolved Issues 38 Bug ID Description VDOM to FortiGate VM. 490500 RADIUS source-ip and VAP errors occur when installing a policy that has security profiles on FortiWifi-60E. 491140 Import Policy Package creates duplicate Interface mappings within a VPN Manager created zone. 491992 When scheduling scripts with script scheduler, the schedule uses the personal computer time instead of the FortiManager time. 492267 Import policy has error, but package status still displays a green check mark. 492293 When selecting an object on a policy with many objects, the user still needs to scroll down to find the highlighted object. 492359 After creating an object from the Object Selector pane, the object is not highlighted. 492723 Override-passwd-change cannot be pushed from AP Manager. 493227 Missing 'Install On' for traffic shaping policy. 493300 GUI support for Internet service group, custom service, and custom service group in ADOM database. 493484 IPS signature syntax should support udp.dst_port. 493591 Should not allow globally assigned FSSO/POLLING objects to retrieve 'user adgrp' in local ADOM. 493781 FortiManager fails to retrieve configuration after HA enabled for FortiGate VM model. 494108 When adding an interface to a zone, the 'Block intra-zone traffic' option is unset. 494537 Virtual switch-interface moves to root VDOM after changing it directly on FortiGate 140D- POE. 494586 'svc cdb reader' causes high CPU while viewing IPsec phase2. 494923 IKE version grayed out in existing tunnels, unlike FortiOS GUI. 494953 'View' button on the 'Where Used' dialog does not display correct rules if sections are not expanded. 495754 Performing a 'Policy Package diff' from Device Manager points to a firewall policy change, but does not display the difference on UUID. 496156 Changing Fortinet Single Sign-on agent name fails with the error 'Object does not exist'. 496612 Allow interface and zone to use an interface with the same name for default mapping configuration. 496827 Unable to delete the LDAP server, if the user group is deleted before removing the LDAP members. 497312 Creating an AP profile fails with the error invalid value - prop[ap-country]: option(33).
Resolved Issues 39 Bug ID Description 497347 Cannot resize the 'Duplicated Objects' and 'Merge' windows. 497360 Cannot set 'Configure Default Value' to ON in existing VIP. 497367 'Bring Tunnel DOWN' in Query for IPsec VPN does not work. 497636 After FortiGate is upgraded from 6.0.0 to 6.0.1 in FortiManager, the install fails because of SSH local-key. 497908 'Collapse All' with filter applied for Policy Package shows a 'No entry found.' message. 498791 Failed to create an AP profile for FortiAnalyzer 221C with default configuration due to the error 'invalid value - prop[type]: option(16)'. 499460 ADOM upgrade fails due to XSS vulnerability characters in FortiSwitch manager. 500911 Only 3 security modes are available and no Radius authentication in a WiFi SSID interface settings in a particular VDOM. 500913 When editing the SSID under AP Manager in ADOM 5.4, the web interface was nonresponsive. 502047 Policy install fails when IP pool object type is changed from fixed port range to overload. 502339 Interface VLAN name limit is 14 characters in Device Manager. However, the VLAN limit in FOS is 15 which causes a response error. 502478 The action 'Retrieve configuration' fails because 'dmgmt-vdom' was tied to an interface in FortiGate. 503129 Cannot set comments in DoS policy. 503913 Avatar not visible in Log View on FortiManager when FortiAnalyzer is enabled. 504234 DHCP server type IPSEC created on IPSEC tunnel interface is deleted with Policy Package installation. Common Vulnerabilities and Exposures Visit https://fortiguard.com/psirt for more information. Bug ID Description 473653 FortiManager 6.0.2 is no longer vulnerable to the following CVE Reference: CVE-2018-1353
Known Issues The following issues have been identified in 6.0.2. For inquires about a particular bug or to report a bug, please contact Customer Service & Support. Bug ID Description 473491 1631: Certificate enrollment fails using SCEP on Microsoft NDES server (Integrity check failed). 474629 When Security Profile Groups are created on FortiManager, all Security Profile Groups are pushed to all FortiGate units on next policy push. 476463 CPU increases to 100%, which affects performance and crashes FortiGuard Server. 478257 VPN Manager should filter out invalid interfaces for the default VPN interface. 483204 Manual speed/duplex negotiation not working for FortiManager 3900E ports. 503787 FortiManager may fail to retrieve configuration when FortiGate does not show the name of an IP pool. Note: The is a known issue on FortiGate 6.0.2 devices. The issue will be addressed on FortiOS with ID 504251. 506075 FortiSwitch monitor doesn't show FortiSwitch connections for FortiOS 6.0.2. Note: This issue will be addressed on FortiOS with ID 506251. 507628 FortiManager may not show the correct configuration status on devices after a bulk install. 507629 FortiManager may not response to new tasks once a task has been canceled.
Appendix A - FortiGuard Distribution Servers (FDS) In order for the FortiManager to request and retrieve updates from FDS, and for FortiManager to serve as a FDS, please configure the necessary settings on all devices between FortiManager and FDS, or between FortiManager and FortiGate devices based on the items listed below: FortiManager accesses FDS for antivirus and attack updates through TCP/SSL port 443. If there is a proxy server between FortiManager and FDS, FortiManager uses port 80 to communicate with the proxy server by default and connects to the proxy server using HTTP protocol. If FortiManager manages a FortiGate device located behind a proxy server, the proxy server permits TCP/SSL traffic to pass through via port 443. FortiGuard Center update support You can configure FortiManager as a local FDS to provide FortiGuard updates to other Fortinet devices and agents on your network. The following table lists which updates are available per platform/version: Platform Version Antivirus WebFilter Vulnerability Scan Software FortiClient (Windows) 6.0.0 and later ü ü ü ü FortiClient (Windows) FortiClient (Mac OS X) 5.6.0 and later 5.4.0 and later 6.0.0 and later 5.6.0 and later 5.4.0 and later ü ü ü ü FortiMail 5.4.5 5.4.2 4.3.7 4.2.9 5.1.6 FortiSandbox 2.5.0, 2.5.1 2.4.0, 2.4.1 2.3.2 2.2.1 2.1.2 1.4.0 and later 1.3.0 1.2.0, 1.2.3 ü ü FortiWeb 5.9.0 ü
Appendix A - FortiGuard Distribution Servers (FDS) 42 Platform Version Antivirus WebFilter Vulnerability Scan Software 5.8.6 5.6.0 5.5.4 5.4.1 5.3.8 5.2.4 5.1.4 5.0.6 To enable FortiGuard Center updates for FortiMail version 4.2 enter the following CLI command: config fmupdate support-pre-fgt-43 set status enable end
Change Log Date Change Description 2018-08-14 Initial release of 6.0.2. 2018-08-22 Updated to add support for FortiOS 5.4.10 to Product Integration and Support and to add FMG-VM64-AWSOnDemand to Supported s. 2018-08-23 Added 462712 to Resolved Issues. 2018-08-30 Updated FortiMail support in FortiManager 6.0.0 Support and added 473653 to Resolved Issues. 2018-09-07 Updated Product Integration and Support > FortiManager 6.0.0 Support > Virtualization. 2018-09-18 Added support for FortiOS 5.6.6 to Product Integration and Support. 2018-10-09 Added support for FortiOS 6.0.3 to Product Integration and Support. 2018-11-02 Removed FMG-VM64-AWSOnDemand from Supported s.
Copyright 2018 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.