Change log
| Date | Change Description |
|---|---|
| April 16, 2025 | Initial document release for FortiOS 7.6.3 |
| April 23, 2025 | Added bug 1137075. |
| July 15, 2025 | Added bug 1174647. |
| July 16, 2025 | Revised the description of bug 1174647. |
What's new in FortiOS 7.6.3
The following list contains new managed FortiSwitchOS features added in FortiOS 7.6.3:
- You can now use CLI commands to check the system status and the fan status.
- When you create a device NAC policy in the FortiOS GUI, FortiOS now suggests values when you select the hardware vendor, device family, type, operating system, or host to match. For example, if you want the NAC policy to match a device family, FortiOS suggests FortiSwitch, FortiGate, FortiAP, FortiFone, FortiCam, FortiRecorder, FortiManager, FortiAnalyzer, Mac, iPhone, Galaxy, Virtual Machine, and Printer. These suggestions make it easier and quicker to create a device NAC policy.
- You can now use the CLI to prevent the switch controller from automatically creating VLANs.
- You can now use FortiLink to manage FortiSwitch units using IPv6 addresses. Previously, only IPv4 addresses were supported.
- You can now specify the source IP address in a FortiSwitch unit for the following:
- Layer-3 FortiLink with CAPWAP tunnel mode (in-band management and out-of-band management) (IPv4 and IPv6)
- Layer-3 FortiLink with HTTPS tunnel mode (in-band management and out-of-band management) (IPv4)
- FortiCloud management (IPv4)
Introduction
This document provides the following information for FortiSwitch 7.6.2 devices managed by FortiOS 7.6.3 build 3510:
- Special notices on page 7
- Upgrade information on page 8
- Product integration and support on page 9
- Resolved issues on page 10
- Known issues on page 11
See the Fortinet Document Library for FortiSwitchOS documentation.
Refer to the FortiLink Compatibility table to find which FortiSwitchOS versions support which FortiOS versions.
? FortiLink is not supported in transparent mode.
The maximum number of supported FortiSwitch units depends on the FortiGate model:
| FortiGate Model Range | Number of FortiSwitch Units Supported |
|---|---|
| FortiGate 40F, FortiGate-VM01 | 8 |
| FGR-60F, FG-60F, FGR-60F-3G4G, FG-61F, FG-70F, FG-71F, FG-80F, FG-80FB, FG-80FP, FG-81F, FG-81FP, FG-90G, FG-91G, FortiGate-VM02 | 24 |
| FortiGate 100F, 101F | 32 |
| FG-120G, FG-121G | 48 |
| FortiGate 200E, 201E, 200F, 201F, 800D, 900D, FortiGate-VM04 | 64 |
| FortiGate 300E to 500E | 72 |
| FortiGate 600E to 900E, 400F, 401F, 601F | 96 |
| FortiGate 1000D, 600F | 128 |
| FortiGate 900G, 901G, 1000F, 1001F, 1100E to 26xxF | 196 |
| FortiGate-3xxx and up and FortiGate-VM08 and up | 300 |
? New models (NPI releases) might not support FortiLink. Contact Customer Service & Support to check support for FortiLink.
Special notices
Support of FortiLink features
Refer to the FortiSwitchOS feature matrix for details about the FortiLink features supported by each FortiSwitchOS model.
Upgrade information
Check the FortiSwitchOS Release Notes before upgrading the FortiSwitch firmware from the FortiGate Switch Controller.
FortiSwitchOS 7.6.2 supports upgrading from FortiSwitchOS 3.5.0 and later.
To determine a compatible FortiOS version, check the FortiLink Compatibility matrix.
Within the Security Fabric, the FortiSwitch upgrade is done after the FortiGate upgrade. Refer to the latest FortiOS Release Notes for the complete Security Fabric upgrade order.
Product integration and support
FortiSwitchOS 7.6.2 support
The following table lists FortiSwitchOS 7.6.2 product integration and support information.
| Web browser | FortiOS (FortiLink Support) |
|---|---|
Other web browsers might function correctly, but are not supported by Fortinet. |
Refer to the FortiLink Compatibility table to find which FortiSwitchOS versions support which FortiOS versions. |
Resolved issues
The following issues have been fixed in FortiOS 7.6.3. For inquiries about a particular bug, please contact Customer Service & Support.
| Bug ID | Description |
|---|---|
| 1015992 | The Lockdown ISL setting cannot be disabled in FortiLink mode. |
| 1016034 | After HA failover, the Lockdown ISL setting is enabled automatically. |
| 1043815 | Upgrading the firmware for a large number (more than 100) of FortiSwitch units at the same time might cause performance issues with the GUI and some devices might not upgrade. |
| 1108965 | After deleting the dhcp-snooping-static-client entry and then shutting down or bringing up a port, there is a configuration synchronization error when making any configuration changes. |
| 1130242 | The FortiGate device is pushing a partial SNMP community configuration to the managed FortiSwitch unit, instead of the full configuration. |
| 1113465 | On a random basis, VLANs fail to be assigned on FortiSwitch ports when devices matching a dynamic port policy (DPP) come online; this is causes by a race condition during the FortiSwitch initialization. |
| 1138333 | The FortiLink configuration daemon needs to use memory more efficiently. |
Known issues
The following known issues have been identified with FortiOS 7.6.3. For inquiries about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.
| Bug ID | Description |
|---|---|
| 298348, 298994 | Enabling the hw-switch-ether-filter command on the FG-92D model (the default setting) causes FortiSwitch devices to not be discovered. |
| 520954 | When a "FortiLink mode over a layer-3 network" topology has been configured, the FortiGate GUI does not always display the complete network. |
| 527695 | Starting in FortiOS 6.4.0, VLAN optimization is enabled by default (set vlan-optimization enable under config switch-controller global). On a network running FortiSwitchOS earlier than 6.0.0, this change results in a synchronization error, but the network still functions normally. If you have FortiSwitchOS 6.0.x, you can upgrade to remove the synchronization error or disable VLAN optimization. On a network with set allowed-vlans-all enable configured (under config switch-controller vlan-policy), the setting reverts to the default, which is disabled, when upgrading to FortiOS 6.4.0. If you want to maintain the allowed-vlans-all behavior, you can restore it after the upgrade. |
| 586801 | NetBIOS stops working when proxy ARP is configured and the access VLAN is enabled because FortiGate units do not support NetBIOS proxy. |
| 621785 | user.nac-policy[].switch-scope might contain a data reference to switch-controller.managed-switch. When this reference is set by an admin, the admin needs to remove this reference before deleting the managed-switch. |
| 789914 |
|
| 813216 | After CAPWAP offload is enabled or disabled, FortiLink goes down. |
| 814674 | When upgrading a FortiAP or FortiSwitch unit that is connected to a downstream FortiGate device, a "Failed to retrieve upgrade progress" message appears. |
| 910962 | After setting values for src-mac, dst-mac, and vlan for the ACL classifier, you cannot use the unset command to remove these settings. WORKAROUND:
|
| 940248 | When both network device detection (config switch network-monitor settings) and the switch controller routing offload are enabled, the FS-1048E switch generates duplicate packets. |
| 961142 | An interface in FortiLink flaps when using an MCLAG with DAC on the OPSFPP-T-05-PEB transceiver. |
| 1113304 | After the FortiGate device is upgraded from FortiOS 7.6.0 to 7.6.1 or higher when the LLDP configuration is set to vdom or disabled under the FortiLink interface, the FortiSwitch units are offline. WORKAROUND: Enable the lldp-reception and lldp-transmission LLDP configurations under the FortiLink interface or rebuild the FortiLink interface. For example: config system globalset lldp-reception enableset lldp-transmission enableend |
| 1137075 | In the WiFi & Switch Controller > Managed FortiSwitches page, the Topology view shows the link between FortiSwitch units with a dotted line instead of a solid line. Workaround: To see if FortiLink is up or down, use the execute switch-controller get-conn-status command or use the List view in the WiFi & Switch Controller > Managed FortiSwitches page. |
| 1138430 | The switch-id for managed switches cannot be longer than 16 characters. |
| 1174647 | This issue affects a FortiGate device running any version of FortiOS and managing one or more FortiSwitch units that are running FortiSwitchOS 7.4.7 (or later) or 7.6.2 (or later). When the total number of trunk members exceeds five on any managed switch, the Topology view displays incorrectly on the FortiGate device; however the data traffic is not affected. Workarounds:
a. If the switch is a core switch and fortilink-neighbor-detect is set to lldp, change the fortilink-neighbor-detect mode to fortilink. Before doing so, verify that the FortiLink trunk on the switch does not have the set static-isl enable setting. b. After changing the fortilink-neighbor-detect mode tofortilink on the FortiGate device, ensure that the name of the FortiLink trunk on the switch does not include the -0 suffix. c. Enable set isl-static enable in that FortiLink trunk. |
