14 Jan 2025 — If FortiManager has 8 CPUs and 16 GB RAM, then only 4 CPUs and 8 GB RAM are ... All other product or company names may be trademarks of their respective owners.
Release Notes
FortiManager 7.2.8
FORTINET DOCUMENT LIBRARY https://docs.fortinet.com FORTINET VIDEO LIBRARY https://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com FORTINET TRAINING & CERTIFICATION PROGRAM https://www.fortinet.com/training-certification FORTINET TRAINING INSTITUTE https://training.fortinet.com FORTIGUARD LABS https://www.fortiguard.com END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/EULA.pdf FEEDBACK Email: techdoc@fortinet.com
November 22, 2024 FortiManager 7.2.8 Release Notes 02-728-1089427-20241122
TABLE OF CONTENTS
Change Log
6
FortiManager 7.2.8 Release
7
Supported models
7
FortiManager VM subscription license
7
Management extension applications
7
Supported models for MEA
8
Minimum system requirements
8
Special Notices
10
Shell access has been removed
10
Enable fcp-cfg-service for Backup Mode ADOMs
10
Custom certificate name verification for FortiGate connection
10
Configuration backup requires a password
11
Additional configuration required for SSO users
11
When using VPN Manager, IPSEC VPN CA certificates must be re-issued to all devices
after upgrade
11
Apache-mode changed from prefork to event
12
FortiGuard web filtering category v10 update
12
Install On column for policies
12
FortiManager 7.2.3 and later firmware on FortiGuard
13
Option to enable permission check when copying policies
13
Management Extensions visibility in the GUI
13
FortiManager creates faulty dynamic mapping for VPN manager interface during PP
import
13
SD-WAN Orchestrator removed in 7.2
14
Changes to FortiManager meta fields
14
Setup wizard requires FortiCare registration
14
Access lists as ADOM-level objects
14
View Mode is disabled in policies when policy blocks are used
15
Reconfiguring Virtual Wire Pairs (VWP)
15
Fortinet verified publisher docker image
15
Scheduling firmware upgrades for managed devices
16
Modifying the interface status with the CLI
17
SD-WAN with upgrade to 7.0
17
Citrix XenServer default limits and upgrade
17
Multi-step firmware upgrades
18
Hyper-V FortiManager-VM running on an AMD CPU
18
SSLv3 on FortiManager-VM64-AWS
18
Upgrade Information
19
Downgrading to previous firmware versions
19
Firmware image checksums
19
FortiManager VM firmware
20
FortiManager 7.2.8 Release Notes
3
Fortinet Inc.
SNMP MIB files FortiManager instances on Azure Stack
Product Integration and Support Supported software Web browsers FortiOS and FortiOS Carrier FortiADC FortiAnalyzer FortiAnalyzer-BigData FortiAuthenticator FortiCache FortiClient FortiDDoS FortiDeceptor FortiFirewall and FortiFirewallCarrier FortiMail FortiPAM FortiProxy FortiSandbox FortiSOAR FortiSwitch ATCA FortiTester FortiWeb Virtualization Feature support Language support Supported models FortiGate models FortiGate special branch models FortiCarrier models FortiCarrier special branch models FortiADC models FortiAnalyzer models FortiAnalyzer-BigData models FortiAuthenticator models FortiCache models FortiDDoS models FortiDeceptor models FortiFirewall models FortiFirewallCarrier models FortiMail models FortiPAM models FortiProxy models FortiSandbox models FortiSOAR models FortiSwitch ATCA models FortiTester models FortiWeb models
FortiManager 7.2.8 Release Notes
Fortinet Inc.
21 21
22 22 23 23 23 23 24 24 24 24 24 25 25 25 25 25 26 26 26 26 27 27 28 28 29 30 33 35 36 38 38 39 39 39 39 40 40 41 42 43 43 43 44 44 44 45
4
Compatibility with FortiOS Versions
46
FortiManager 7.2.8 and FortiOS 7.0.16 compatibility issues
46
Resolved Issues
47
Common Vulnerabilities and Exposures
47
Known issues
48
New known issues
48
Existing known issues
48
AP Manager
48
Device Manager
48
Others
49
Policy & Objects
50
Script
51
System Settings
51
VPN Manager
51
Appendix A - FortiGuard Distribution Servers (FDS)
52
FortiGuard Center update support
52
Appendix B - Default and maximum number of ADOMs supported
53
Hardware models
53
Virtual Machines
53
FortiManager 7.2.8 Release Notes
5
Fortinet Inc.
Change Log
Date 2024-10-18 2024-10-22
2024-10-23 2024-10-25 2024-10-30
2024-11-14 2024-11-22
Change Description Initial release. Updated FortiOS and FortiOS Carrier on page 23. Added FortiManager 7.2.8 and FortiOS 7.0.16 compatibility issues on page 46. Updated Resolved Issues on page 47. Added 1078947 to Known issues on page 48. Updated Known issues on page 48 Updated FortiGate special branch models on page 33. Updated FortiGate models on page 30 and Known issues on page 48. Updated Known issues on page 48.
FortiManager 7.2.8 Release Notes
6
Fortinet Inc.
FortiManager 7.2.8 Release
This document provides information about FortiManager version 7.2.8 build 1634.
The recommended minimum screen resolution for the FortiManager GUI is 1920 x 1080. Please adjust the screen resolution accordingly. Otherwise, the GUI may not display properly.
This section includes the following topics: l Supported models on page 7 l FortiManager VM subscription license on page 7 l Management extension applications on page 7
Supported models
FortiManager version 7.2.8 supports the following models:
FortiManager FortiManager VM
FMG-200F, FMG-200G, FMG-300F, FMG-400E, FMG-400G, FMG-410G, FMG1000F, FMG-1000G, FMG-2000E, FMG-3000F, FMG-3000G, FMG-3100G, FMG-3700F, and FMG-3700G.
FMG_DOCKER, FMG_VM64, FMG_VM64_ALI, FMG_VM64_AWS, FMG_ VM64_AWSOnDemand, FMG_VM64_Azure, FMG_VM64_GCP, FMG_VM64_ IBM, FMG_VM64_HV (including Hyper-V 2016, 2019, and 2022), FMG_VM64_ KVM, FMG_VM64_OPC, FMG_VM64_XEN (for both Citrix and Open Source Xen).
FortiManager VM subscription license
The FortiManager VM subscription license supports FortiManager version 6.4.1 and later. For information about supported firmware, see FortiManager VM firmware on page 20. See also Appendix B - Default and maximum number of ADOMs supported on page 53.
Management extension applications
The following section describes supported models and minimum system requirements for management extension applications (MEA) in FortiManager 7.2.8.
FortiManager 7.2.8 Release Notes
7
Fortinet Inc.
FortiManager 7.2.8 Release
FortiManager uses port TCP/443 or TCP/4443 to connect to the Fortinet registry and download MEAs. Ensure that the port is also open on any upstream FortiGates. For more information about incoming and outgoing ports, see the FortiManager 7.0 Ports Guide.
Supported models for MEA
As of FortiManager 7.2.3, the Management Extensions pane is only visible in the GUI when docker status is enabled and at least one MEA is enabled and downloaded. For more information about enabling and using the MEAs, see the Management Extensions documentation in the FortiManager Documents Library.
You can use any of the following FortiManager models as a host for management extension applications:
FortiManager FortiManager VM
FMG-3000F, FMG-3000G, FMG-3100G, FMG-3700F, and FMG-3700G.
FMG_VM64, FMG_VM64_ALI, FMG_VM64_AWS, FMG_VM64_ AWSOnDemand, FMG_VM64_Azure, FMG_VM64_GCP, FMG_VM64_IBM, FMG_VM64_HV (including Hyper-V 2016, 2019, and 2022), FMG_VM64_KVM, FMG_VM64_OPC, FMG_VM64_XEN (for both Citrix and Open Source Xen).
Minimum system requirements
By default FortiManager VMs use the following system resource settings:
l 4 vCPU l 16 GB RAM l 500 GB disk space
Starting with FortiManager 7.0.0, RAM and CPU is capped at 50% for MEAs. (Use the config system docker command to view the setting.) If FortiManager has 8 CPUs and 16 GB RAM, then only 4 CPUs and 8 GB RAM are available to MEAs by default, and the 4 CPUs and 8 GB RAM are used for all enabled MEAs.
Some management extension applications have minimum system requirements that require you to increase system resources. The following table identifies the minimum requirements for each MEA as well as the recommended system resources to function well in a production environment.
MEA minimum system requirements apply only to the individual MEA and do not take into consideration any system requirements for resource-sensitive FortiManager features or multiple, enabled MEAs. If you are using multiple MEAs, you must increase the system resources to meet the cumulative need of each MEA.
Management Extension Application FortiAIOps
FortiSigConverter
Minimum system requirements
l 8 vCPU l 32 GB RAM l 500 GB disk storage l 4 vCPU l 8 GB RAM
Recommended system resources for production* No change
No change
FortiManager 7.2.8 Release Notes
8
Fortinet Inc.
FortiManager 7.2.8 Release
Management Extension Application FortiSOAR
Policy Analyzer
Universal Connector
Wireless Manager (FortiWLM)
Minimum system requirements
l 4 vCPU l 8 GB RAM l 500 GB disk storage l 4 vCPU l 8 GB RAM l 1 GHZ vCPU l 2 GB RAM l 1 GB disk storage l 4 vCPU l 8 GB RAM
Recommended system resources for production*
l 16 vCPU l 64 GB RAM l No change for disk storage No change
No change
No change
*The numbers in the Recommended system resources for production column are a combination of the default system resource settings for FortiManager plus the minimum system requirements for the MEA.
FortiManager 7.2.8 Release Notes
9
Fortinet Inc.
Special Notices
This section highlights some of the operational changes that administrators should be aware of in 7.2.8.
Shell access has been removed
As of FortiManager 7.2.6, shell access has been removed. The following CLI variables have been removed, which were previously used to enable shell access:
config system admin setting set shell-access {enable | disable} set shell-password <passwd>
The following CLI command has been removed, which was previously used to access shell when enabled: execute shell
Enable fcp-cfg-service for Backup Mode ADOMs
When performing a configuration backup from the CLI of FortiGates managed by FortiManager in Backup Mode ADOMs, you must enable the "fcp-cfg-service" using the following command on the FortiManager:
config system global set fcp-cfg-service enable
end
Custom certificate name verification for FortiGate connection
FortiManager 7.2.5 introduces a new verification of the CN or SAN of a custom certificate uploaded by the FortiGate admin. This custom certificate is used when a FortiGate device connects to a FortiManager unit. The FortiGate and FortiManager administrators may configure the use of a custom certificate with the following CLI commands: FortiGate-related CLI:
config system central-management local-cert Certificate to be used by FGFM protocol. ca-cert CA certificate to be used by FGFM protocol.
FortiManager-related CLI: config system global fgfm-ca-cert set the extra fgfm CA certificates. fgfm-cert-exclusive set if the local or CA certificates should be used exclusively. fgfm-local-cert set the fgfm local certificate.
FortiManager 7.2.8 Release Notes
10
Fortinet Inc.
Special Notices
Upon upgrading to FortiManager 7.2.5, FortiManager will request that the FortiGate certificate must contain the FortiGate serial number either in the CN or SAN. The tunnel connection may fail if a matching serial number is not found. If the tunnel connection fails, the administrator may need to re-generate the custom certificates to include serial number. Alternatively, FortiManager 7.2.5 provides a new CLI command to disable this verification. Fortinet recommends to keep the verification enabled.
config system global fgfm-peercert-withoutsn set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device.
When the CLI setting fgfm-peercert-withoutsn is disabled (default), the FortiGate device's certificate must include the FortiGate serial number in the subject CN or SAN. When the CLI setting fgfm-peercert-withoutsn is enabled, the FortiManager unit does not perform the verification serial number in subject CN or SAN.
Configuration backup requires a password
As of FortiManager 7.2.5, configuration backup files are automatically encrypted and require you to set a password. The password is required for scheduled backups as well. In previous versions, the encryption and password were optional. For more information, see the FortiManager Administration Guide.
Additional configuration required for SSO users
Beginning in 7.2.5, additional configuration is needed for FortiManager Users declared as wildcard SSO users. When configuring Administrators as wildcard SSO users, the ext-auth-accprofile-override and/or ext-authadom-override features, under Advanced Options, should be enabled if the intent is to obtain the ADOMs list and/or permission profile from the SAML IdP.
When using VPN Manager, IPSEC VPN CA certificates must be reissued to all devices after upgrade
When FortiManager is upgraded to 7.2.5 or later, it creates a new CA <ADOM Name>_CA3 certificate as part of a fix for resolved issue 796858. See Resolved Issues in the FortiManager 7.2.5 Release Notes. These certificates are installed to the FortiGate devices on the next policy push. As a result, the next time any IPSEC VPNs which use certificates rekey, they will fail authentication and be unable to re-establish. The old CA <ADOM Name>_CA2 cannot be deleted, as existing certificates rely on it for validation. Similarly, the new CA <ADOM Name>_CA3 cannot be deleted as it is required for the fix. Therefore, customers affected by this change must follow the below workaround after upgrading FortiManager to v7.2.5 or later. A maintenance period is advised to avoid IPSEC VPN service disruption. Workaround:
FortiManager 7.2.8 Release Notes
11
Fortinet Inc.
Special Notices
Re-issue all certificates again to all devices, and then delete the old CA <ADOM Name>_CA2 from all devices. Next, regenerate the VPN certificates. To remove CA2 from FortiManager, Policy & Objects > Advanced > CA Certificates must be enabled in feature visibility.
Apache-mode changed from prefork to event
Before version 7.2.3, the default "apache-mode" utilized the "prefork" mode. However, starting from version 7.2.4, the default configuration switches to the "event" mode.
This change is aimed at supporting the HTTP/2.0 protocol. With HTTP/2.0, there is no limit on the maximum concurrency of HTTP requests, potentially leading to slower GUI performance if the client's environment imposes restrictions , whether network or implementation-related. HTTP/2 may face issues such as head-of-line blocking and resource prioritization, leading to slower performance compared to HTTP/1. Additionally, server push and intermediaries struggling with encrypted headers can further complicate matters. Implementing HTTP/2 requires more computational resources, which may affect response times. These complexities highlight scenarios where HTTP/1 might outperform HTTP/2.
If customers experience GUI slowness, they have the option to revert to the "prefork" mode using the following commands:
config system global (global)# set apache-mode prefork (global)# end
FortiGuard web filtering category v10 update
Fortinet has updated its web filtering categories to v10, which includes two new URL categories for AI chat and cryptocurrency web sites. In order to use the new categories, customers must upgrade their Fortinet products to one of the versions below.
l FortiManager - Fixed in 6.0.12, 6.2.9, 6.4.7, 7.0.2, 7.2.0, 7.4.0. l FortiOS - Fixed in 7.2.8 and 7.4.1. l FortiClient - Fixed in Windows 7.2.3, macOS 7.2.3, Linux 7.2.3. l FortiClient EMS - Fixed in 7.2.1. l FortiMail - Fixed in 7.0.7, 7.2.5, 7.4.1. l FortiProxy - Fixed in 7.4.1. Please read the following CSB for more information to caveats on the usage in FortiManager and FortiOS. https://support.fortinet.com/Information/Bulletin.aspx
Install On column for policies
Prior to version 7.2.3, the 'Install-on' column for policies in the policy block had no effect. However, starting from version 7.2.3, the 'Install-on' column is operational and significantly impacts the behavior and installation process of policies. It's
FortiManager 7.2.8 Release Notes
12
Fortinet Inc.
Special Notices
important to note that using 'Install-on' on policies in the policy block is not recommended. If required, this setting can only be configured through a script or JSON APIs.
FortiManager 7.2.3 and later firmware on FortiGuard
Starting in FortiManager 7.2.1, a setup wizard executes to prompt the user for various configuration steps and registration with FortiCare. During the execution, the FortiManager unit attempts to communicate with FortiGuard for a list of FortiManager firmware images currently available on FortiGuard older and newer. In the case of FortiManager 7.2.2, a bug in the GUI prevents the wizard from completing and prevents the user from accessing the FortiManager unit. The issue has been fixed in 7.2.3 and later and a CLI command has been added to bypass the setup wizard at login time.
config system admin setting set firmware-upgrade-check disable
end Fortinet has not uploaded FortiManager 7.2.3 and later firmware to FortiGuard in order to work around the GUI bug, however, the firmware is available for download from the Fortinet Support website.
Option to enable permission check when copying policies
As of 7.2.3, a new command is added in the CLI: config system global set no-copy-permission-check {enable | disable} end
By default, this is set to disable. When set to enable, a check is performed when copying policies to prevent changing global device objects if the user does not have permission.
Management Extensions visibility in the GUI
As of FortiManager 7.2.3, the Management Extensions pane is only visible in the GUI when docker status is enabled and at least one management extension application (MEA) is enabled and downloaded. For more information about enabling and using the MEAs, see the Management Extensions documentation in the FortiManager Documents Library.
FortiManager creates faulty dynamic mapping for VPN manager interface during PP import
If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.
FortiManager 7.2.8 Release Notes
13
Fortinet Inc.
Special Notices
It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to this workaround. Perform the following command to check & repair the FortiManager's configuration database:
diagnose cdb check policy-packages <adom> After executing this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.
SD-WAN Orchestrator removed in 7.2
Starting in 7.2.0, the SD-WAN Orchestrator is no longer available in FortiManager. Instead, you can use the SDWAN Overlay Template wizard to configure your SD-WAN overlay network. For more information, see SD-WAN Overlay Templates in the FortiManager Administration Guide.
Changes to FortiManager meta fields
Beginning in 7.2.0, FortiManager supports policy object metadata variables. When upgrading from FortiManager 7.0 to 7.2.0 and later, FortiManager will automatically create ADOM-level metadata variable policy objects for meta fields previously configured in System Settings that have per-device mapping configurations detected. Objects using the meta field, for example CLI templates, are automatically updated to use the new metadata variable policy objects. Meta fields in System Settings can continue to be used as comments/tags for configurations. For more information, see ADOM-level meta variables for general use in scripts, templates, and model devices.
Setup wizard requires FortiCare registration
Starting in FortiManager 7.2.1, the FortiManager Setup wizard requires you to complete the Register with FortiCare step before you can access the FortiManager appliance or VM. Previously the step was optional. For FortiManager units operating in a closed environment, contact customer service to receive an entitlement file, and then load the entitlement file to FortiManager by using the CLI.
Access lists as ADOM-level objects
Starting in 7.2.0, FortiManager supports IPv4 and IPv6 access list firewall policies as ADOM-level object configurations from FortiGate. Previously, these access lists were controlled by the device database/FortiGate configuration. After upgrading to 7.2.0 from an earlier release, the next time you install changes to a FortiGate device with an IPv4 or IPv6 access list firewall policy (config firewall acl/acl6), FortiManager will purge the device database/FortiGate configuration which may have previously contained the access list.
FortiManager 7.2.8 Release Notes
14
Fortinet Inc.
Special Notices
To address this, administrators can re-import the FortiGate policy configuration to an ADOM's policy package or recreate the IPv4/IPv6 access list firewall policy in the original package.
View Mode is disabled in policies when policy blocks are used
When policy blocks are added to a policy package, the View Mode option is no longer available, and policies in the table cannot be arranged by Interface Pair View. This occurs because policy blocks typically contain policies with multiple interfaces, however, View Mode is still disabled even when policy blocks respect the interface pair.
Reconfiguring Virtual Wire Pairs (VWP)
A conflict can occur between the ADOM database and device database when a Virtual Wire Pair (VWP) is installed on a managed FortiGate that already has a configured VWP in the device database. This can happen when an existing VWP has been reconfigured or replaced. Before installing the VWP, you must first remove the old VWP from the device's database, otherwise a policy and object validation error may occur during installation. You can remove the VWP from the device database by going to Device Manager > Device & Groups, selecting the managed device, and removing the VWP from System > Interface.
Fortinet verified publisher docker image
FortiManager docker images are available for download from Fortinet's Verified Publisher public repository on dockerhub. To download the FortiManager image from dockerhub: 1. Go to dockerhub at https://hub.docker.com/.
The dockerhub home page is displayed.
2. In the banner, click Explore.
FortiManager 7.2.8 Release Notes
15
Fortinet Inc.
Special Notices 3. In the search box, type Fortinet, and press Enter. The fortinet/fortimanager and fortinet/fortianalyzer options are displayed.
4. Click fortinet/fortimanager. The fortinet/fortimanager page is displayed, and two tabs are available: Overview and Tags. The Overview tab is selected by default.
5. On the Overview tab, copy the docker pull command, and use it to download the image. The CLI command from the Overview tab points to the latest available image. Use the Tags tab to access different versions when available.
Scheduling firmware upgrades for managed devices
Starting in FortiManager 7.0.0, firmware templates should be used to schedule firmware upgrades on managed FortiGates. Attempting firmware upgrade from the FortiManager GUI by using legacy methods may ignore the schedule upgrade option and result in FortiGates being upgraded immediately.
FortiManager 7.2.8 Release Notes
16
Fortinet Inc.
Special Notices
Modifying the interface status with the CLI
Starting in version 7.0.1, the CLI to modify the interface status has been changed from up/down to enable/disable. For example: config system interface
edit port2 set status <enable/disable>
next end
SD-WAN with upgrade to 7.0
Due to design change with SD-WAN Template, upgrading to FortiManager 7.0 may be unable to maintain dynamic mappings for all SD-WAN interface members. Please reconfigure all the missing interface mappings after upgrade.
Citrix XenServer default limits and upgrade
Citrix XenServer limits ramdisk to 128M by default. However the FMG-VM64-XEN image is larger than 128M. Before updating to FortiManager 6.4, increase the size of the ramdisk setting on Citrix XenServer.
To increase the size of the ramdisk setting: 1. On Citrix XenServer, run the following command:
xenstore-write /mh/limits/pv-ramdisk-max-size 536,870,912 2. Confirm the setting is in effect by running xenstore-ls.
----------------------limits = "" pv-kernel-max-size = "33554432" pv-ramdisk-max-size = "536,870,912" boot-time = "" --------------------------3. Remove the pending files left in /run/xen/pygrub.
The ramdisk setting returns to the default value after rebooting.
FortiManager 7.2.8 Release Notes
17
Fortinet Inc.
Special Notices
Multi-step firmware upgrades
Prior to using the FortiManager to push a multi-step firmware upgrade, confirm the upgrade path matches the path outlined on our support site. To confirm the path, please run: dia fwmanager show-dev-upgrade-path <device name> <target firmware> Alternatively, you can push one firmware step at a time.
Hyper-V FortiManager-VM running on an AMD CPU
A Hyper-V FMG-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.
SSLv3 on FortiManager-VM64-AWS
Due to known vulnerabilities in the SSLv3 protocol, FortiManager-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run: config system global set ssl-protocol t1sv1 end
FortiManager 7.2.8 Release Notes
18
Fortinet Inc.
Upgrade Information
Prior to upgrading your FortiManager, please review the FortiManager Upgrade Guide in detail as it includes all of the necessary steps and associated details required to upgrade your FortiManager device or VM. See FortiManager 7.2.8 Upgrade Guide.
You can upgrade FortiManager 7.0.1 or later directly to 7.2.8.
Before upgrading FortiManager, check ADOM versions. Check the ADOM versions supported by the destination firmware and the current firmware. If the current firmware uses ADOM versions not supported by the destination firmware, upgrade ADOM versions in FortiManager before upgrading FortiManager to the destination firmware version. For example, FortiManager 7.0 supports ADOM versions 6.2, 6.4, and 7.0, but FortiManager 7.2 supports ADOM versions 6.4, 7.0, and 7.2. Before you upgrade FortiManager 7.0 to 7.2, ensure that all ADOM 6.2 versions have been upgraded to ADOM version 6.4 or later. See FortiManager 7.2.8 Upgrade Guide.
This section contains the following topics: l Downgrading to previous firmware versions on page 19 l Firmware image checksums on page 19 l FortiManager VM firmware on page 20 l SNMP MIB files on page 21 l FortiManager instances on Azure Stack on page 21
Downgrading to previous firmware versions
FortiManager does not provide a full downgrade path. You can downgrade to a previous firmware release by using the GUI or CLI, but doing so results in configuration loss. A system reset is required after the firmware downgrade process has completed. To reset the system, use the following CLI commands via a console port connection: execute reset {all-settings | all-except-ip} execute format {disk | disk-ext4 | disk-ext3}
Firmware image checksums
The MD5 checksums for all Fortinet software and firmware releases are available at the Customer Service & Support portal, https://support.fortinet.com. After logging in, go to Download > Firmware Image Checksums, enter the image file name including the extension, and select Get Checksum Code.
FortiManager 7.2.8 Release Notes
19
Fortinet Inc.
Upgrade Information
FortiManager VM firmware
Fortinet provides FortiManager VM firmware images for Amazon AWS, Amazon AWSOnDemand, Citrix and Open Source XenServer, Linux KVM, Microsoft Hyper-V Server, and VMware ESX/ESXi virtualization environments.
Amazon Web Services l The 64-bit Amazon Machine Image (AMI) is available on the AWS marketplace.
Citrix XenServer and Open Source XenServer l .out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation. l .out.OpenXen.zip: Download the 64-bit package for a new FortiManager VM installation. This package contains the QCOW2 file for the Open Source Xen Server. l .out.CitrixXen.zip: Download the 64-bit package for a new FortiManager VM installation. This package contains the Citrix XenServer Virtual Appliance (XVA), Virtual Hard Disk (VHD), and OVF files.
Google Cloud Platform l .out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation. l .out.gcp.zip: Download the 64-bit package for a new FortiManager VM installation.
Linux KVM l .out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation. l .out.kvm.zip: Download the 64-bit package for a new FortiManager VM installation. This package contains QCOW2 that can be used by qemu.
Microsoft Azure The files for Microsoft Azure have AZURE in the filenames, for example <product>_VM64_AZURE-v<number>build<number>-FORTINET.out.hyperv.zip.
l .out: Download the firmware image to upgrade your existing FortiManager VM installation.
Microsoft Hyper-V Server The files for Microsoft Hyper-V Server have HV in the filenames, for example, <product>_VM64_HV-v<number>build<number>-FORTINET.out.hyperv.zip.
l .out: Download the firmware image to upgrade your existing FortiManager VM installation. l .hyperv.zip: Download the package for a new FortiManager VM installation. This package contains a Virtual
Hard Disk (VHD) file for Microsoft Hyper-V Server.
Microsoft Hyper-V 2016 is supported.
FortiManager 7.2.8 Release Notes
20
Fortinet Inc.
Upgrade Information
Oracle Private Cloud l .out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation. l .out.opc.zip: Download the 64-bit package for a new FortiManager VM installation.
VMware ESX/ESXi l .out: Download the 64-bit firmware image to upgrade your existing VM installation. l .ovf.zip: Download either the 64-bit package for a new VM installation. This package contains an Open Virtualization Format (OVF) file for VMware and two Virtual Machine Disk Format (VMDK) files used by the OVF file during deployment.
For more information see the FortiManager Data Sheet available on the Fortinet web site. VM installation guides are available in the Fortinet Document Library.
SNMP MIB files
You can download the FORTINET-FORTIMANAGER-FORTIANALYZER.mib MIB file in the firmware image file folder. The Fortinet Core MIB file is located in the main FortiManager version 5.00 file folder.
FortiManager instances on Azure Stack
After upgrading FortiManager on Azure Stack from version 7.2.3 to 7.2.4, the instance will become unreachable. To reestablish connectivity, dissociate the Public IP of the instance and then re-associate it via the Azure Stack client portal.
FortiManager 7.2.8 Release Notes
21
Fortinet Inc.
Product Integration and Support
This section lists FortiManager 7.2.8 support of other Fortinet products. It also identifies what FortiManager features are supported for managed platforms and what languages FortiManager supports. It also lists which Fortinet models can be managed by FortiManager. The section contains the following topics:
l Supported software on page 22 l Feature support on page 28 l Language support on page 28 l Supported models on page 29
Supported software
FortiManager 7.2.8 supports the following software: l Web browsers on page 23 l FortiOS and FortiOS Carrier on page 23 l FortiADC on page 23 l FortiAnalyzer on page 23 l FortiAnalyzer-BigData on page 24 l FortiAuthenticator on page 24 l FortiCache on page 24 l FortiClient on page 24 l FortiDDoS on page 24 l FortiDeceptor on page 25 l FortiFirewall and FortiFirewallCarrier on page 25 l FortiMail on page 25 l FortiPAM on page 25 l FortiProxy on page 25 l FortiSandbox on page 26 l FortiSOAR on page 26 l FortiSwitch ATCA on page 26 l FortiTester on page 26 l FortiWeb on page 27 l Virtualization on page 27
To confirm that a device model or firmware version is supported by the current firmware version running on FortiManager, run the following CLI command:
diagnose dvm supported-platforms list
FortiManager 7.2.8 Release Notes
22
Fortinet Inc.
Product Integration and Support
Always review the Release Notes of the supported platform firmware version before upgrading your device.
Web browsers
FortiManager 7.2.8 supports the following web browsers: l Microsoft Edge 114 l Mozilla Firefox version 96 l Google Chrome version 114
Other web browsers may function correctly, but are not supported by Fortinet.
FortiOS and FortiOS Carrier
The FortiManager Release Notes communicate support for FortiOS versions that are available at the time of the FortiManager 7.2.8 release. For additional information about other supported FortiOS versions, please refer to the FortiManager compatibility chart in the Fortinet Document Library. See FortiManager compatibility with FortiOS.
FortiManager 7.2.8 supports the following versions of FortiOS and FortiOS Carrier: l 7.2.0 to 7.2.10 l 7.0.0 to 7.0.16 l 6.4.0 to 6.4.15
Some FortiOS versions are supported with compatibility issues. For more details, see Compatibility with FortiOS Versions on page 46.
FortiADC
FortiManager 7.2.8 supports the following versions of FortiADC: l 7.2.0 and later l 7.1.0 and later l 7.0.0 and later
FortiAnalyzer
FortiManager 7.2.8 supports the following versions of FortiAnalyzer:
FortiManager 7.2.8 Release Notes
23
Fortinet Inc.
Product Integration and Support
l 7.2.0 and later l 7.0.0 and later l 6.4.0 and later
FortiAnalyzer-BigData
FortiManager 7.2.8 supports the following versions of FortiAnalyzer-BigData: l 7.2.0 and later l 7.0.0 and later
FortiAuthenticator
FortiManager 7.2.8 supports the following versions of FortiAuthenticator: l 6.6.0 and later l 6.5.0 and later l 6.4.0 and later l 6.3.0 and later l 6.2.0 and later
FortiCache
FortiManager 7.2.8 supports the following versions of FortiCache: l 4.2.0 and later l 4.1.0 and later l 4.0.0 and later
FortiClient
FortiManager 7.2.8 supports the following versions of FortiClient: l 7.2.0 and later l 7.0.0 and later l 6.4.0 and later l 6.2.1 and later
FortiDDoS
FortiManager 7.2.8 supports the following versions of FortiDDoS: l 7.0.0 and later l 6.6.0 and later l 6.5.0 and later l 6.4.0 and later
FortiManager 7.2.8 Release Notes
24
Fortinet Inc.
Product Integration and Support
l 6.3.0 and later l 6.2.0 and later Limited support. For more information, see Feature support on page 28.
FortiDeceptor
FortiManager 7.2.8 supports the following versions of FortiDeceptor: l 5.3.0 and later l 5.2.0 and later l 5.1.0 and later l 5.0.0 and later l 4.3.0 and later l 4.2.0 and later
FortiFirewall and FortiFirewallCarrier
FortiManager 7.2.8 supports the following versions of FortiFirewall and FortiFirewallCarrier: l 7.2.0 and later l 7.0.0 and later l 6.4.0 and later
FortiMail
FortiManager 7.2.8 supports the following versions of FortiMail: l 7.2.0 and later l 7.0.0 and later l 6.4.0 and later
FortiPAM
FortiManager 7.2.8 supports the following versions of FortiPAM: l 1.1.0 and later l 1.0.0 and later
FortiProxy
FortiManager 7.2.8 supports configuration management for the following versions of FortiProxy: l 7.2.9 l 7.2.7 l 7.2.6
FortiManager 7.2.8 Release Notes
25
Fortinet Inc.
Product Integration and Support
l 7.2.3 l 7.2.2 l 7.0.12 to 7.0.17 l 7.0.7 to 7.0.10
Configuration management support is identified as Management Features in these release notes. See Feature support on page 28.
FortiManager 7.2.8 supports logs from the following versions of FortiProxy:
l 7.2.0 to 7.2.9 l 7.0.0 to 7.0.17 l 2.0.0 to 2.0.5 l 1.2.0 to 1.2.13 l 1.1.0 to 1.1.6 l 1.0.0 to 1.0.7
FortiSandbox
FortiManager 7.2.8 supports the following versions of FortiSandbox: l 4.4.0 and later l 4.2.0 and later l 4.0.0 and 4.0.1 l 3.2.0 and later
FortiSOAR
FortiManager 7.2.8 supports the following versions of FortiSOAR: l 7.3.0 and later l 7.2.0 and later l 7.0.0 and later
FortiSwitch ATCA
FortiManager 7.2.8 supports the following versions of FortiSwitch ATCA: l 5.2.0 and later l 5.0.0 and later l 4.3.0 and later
FortiTester
FortiManager 7.2.8 supports the following versions of FortiTester:
FortiManager 7.2.8 Release Notes
26
Fortinet Inc.
Product Integration and Support
l 7.3.0 and later l 7.2.0 and later l 7.1.0 and later l 7.0.0 and later l 4.2.0 and later
FortiWeb
FortiManager 7.2.8 supports the following versions of FortiWeb: l 7.4.0 and later l 7.2.0 and later l 7.0.0 and later l 6.4.0 and later
Virtualization
FortiManager 7.2.8 supports the following virtualization software:
Public Cloud
l Amazon Web Service AMI, Amazon EC2, Amazon EBS l Alibaba Cloud l Google Cloud Platform l IBM Cloud l Microsoft Azure l Oracle Cloud Infrastructure
Private Cloud
l Citrix XenServer 7.2 l OpenSource XenServer 4.2.5 l Microsoft Hyper-V Server 2016, 2019, and 2022 l Nutanix
l AHV 20220304 and later l AOS 6.5 and later l NCC 4.6 and later l LCM 3.0 and later l RedHat 9.1 l Other versions and Linux KVM distributions are also supported l VMware ESXi versions 6.5 and later
FortiManager 7.2.8 Release Notes
27
Fortinet Inc.
Product Integration and Support
Feature support
The following table lists FortiManager feature support for managed platforms.
Platform
Management Features
FortiGate
FortiCarrier
FortiADC
FortiAnalyzer
FortiAuthenticator
FortiCache
FortiClient
FortiDDoS
FortiDeceptor
FortiFirewall
FortiFirewall Carrier
FortiMail
FortiPAM
FortiProxy
FortiSandbox
FortiSOAR
FortiSwitch ATCA
FortiTester
FortiWeb
Syslog
FortiGuard Update Services
VM License Activation
Reports
Logging
Language support
The following table lists FortiManager language support information.
Language
GUI
English
Reports
FortiManager 7.2.8 Release Notes
28
Fortinet Inc.
Product Integration and Support
Language
GUI
Chinese (Simplified)
Chinese (Traditional)
French
Japanese
Korean
Portuguese
Spanish
Reports
To change the FortiManager language setting, go to System Settings > Admin > Admin Settings, in Administrative Settings > Language select the desired language on the drop-down menu. The default value is Auto Detect.
Russian, Hebrew, and Hungarian are not included in the default report languages. You can create your own language translation files for these languages by exporting a predefined language from FortiManager, modifying the text to a different language, saving the file as a different language name, and then importing the file into FortiManager. For more information, see the FortiManager Administration Guide.
Supported models
The following tables list which FortiGate, FortiCarrier, FortiDDoS, FortiAnalyzer, FortiMail, FortiSandbox, FortiSwitch ATCA, FortiWeb, FortiCache, FortiProxy, and FortiAuthenticator models and firmware versions that can be managed by a FortiManager or send logs to a FortiManager running version 7.2.8.
Software license activated LENC devices are supported, if their platforms are in the supported models list. For example, support of FG-3200D indicates support of FG3200D-LENC.
This section contains the following topics:
l FortiGate models on page 30 l FortiGate special branch models on page 33 l FortiCarrier models on page 35 l FortiCarrier special branch models on page 36 l FortiADC models on page 38 l FortiAnalyzer models on page 38 l FortiAnalyzer-BigData models on page 39 l FortiAuthenticator models on page 39 l FortiCache models on page 39 l FortiDDoS models on page 39 l FortiDeceptor models on page 40 l FortiFirewall models on page 40 l FortiFirewallCarrier models on page 41 l FortiMail models on page 42
FortiManager 7.2.8 Release Notes
29
Fortinet Inc.
Product Integration and Support
l FortiPAM models on page 43 l FortiProxy models on page 43 l FortiSandbox models on page 43 l FortiSOAR models on page 44 l FortiSwitch ATCA models on page 44 l FortiTester models on page 44 l FortiWeb models on page 45
FortiGate models
The following FortiGate models are released with FortiOS firmware. For information about supported FortiGate models on special branch releases of FortiOS firmware, see FortiGate special branch models on page 33.
Model
Firmware Version
FortiGate: FortiGate-40F, FortiGate-40F-3G4G, FortiGate-60E, FortiGate-60E-DSL,
7.2
FortiGate-60E-DSLJ, FortiGate-60E-POE, FortiGate-60F, FortiGate-61E, FortiGate-61F,
FortiGate-70F, FortiGate-71F, FortiGate-80E, FortiGate-80E-POE, FortiGate-80F, FortiGate-
80F-Bypass, FortiGate-80F-DSL, FortiGate-80F-POE, FortiGate-81E, FortiGate-81E-POE,
FortiGate-81F, FortiGate-81F-POE, FortiGate-90E, FortiGate-90G, FortiGate-91E, FortiGate-
91G, FortiGate-100E, FortiGate-100EF, FortiGate-100F, FortiGate-101E, FortiGate-101F,
FortiGate-120G, FortiGate-121G, FortiGate-140E, FortiGate-140E-POE, FortiGate-200E,
FortiGate-200F, FortiGate-201E, FortiGate-201F, FortiGate-300E, FortiGate-301E,
FortiGate-400E, FortiGate-400F, FortiGate-400E-Bypass, FortiGate-401E, FortiGate-401F,
FortiGate-500E, FortiGate-501E, FortiGate-600E, FortiGate-600F, FortiGate-601E,
FortiGate-601F, FortiGate-800D, FortiGate-900D, FortiGate-900G, FortiGate-901G,
FortiGate-1000D, FortiGate-1000F, FortiGate-1001F, FortiGate-1100E, FortiGate-1101E,
FortiGate-1500D, FortiGate-1500DT, FortiGate-1800F, FortiGate-1801F, FortiGate-2000E,
FortiGate-2200E, FortiGate-2201E, FortiGate-2500E, FortiGate-2600F, FortiGate-2601F,
FortiGate-3000D, FortiGate-3000F, FortiGate-3001F, FortiGate-3100D, FortiGate-3200D,
FortiGate-3200F, FortiGate-3201F, FortiGate-3300E, FortiGate-3301E, FortiGate-3400E,
FortiGate-3401E, FortiGate-3500F, FortiGate-3501F, FortiGate-3600E, FortiGate-3601E,
FortiGate-3700D, FortiGate-3700F, FortiGate-3701F, FortiGate-3800D, FortiGate-3960E,
FortiGate-3980E, FortiGate-4200F, FortiGate-4201F, FortiGate-4400F, FortiGate-4401F,
FortiGate-4800F, FortiGate-4801F
FortiGate 5000 Series: FortiGate-5001E, FortiGate-5001E1
FortiGate 6000 Series: FortiGate-6000F, FortiGate-6001F, FortiGate-6300F, FortiGate6300F-DC, FortiGate-6301F, FortiGate-6301F-DC, FortiGate-6500F, FortiGate-6500F-DC, FortiGate-6501F, FortiGate-6501F-DC
FortiGate 7000 Series: FortiGate-7000E, FortiGate-7000F, FortiGate-7030E, FortiGate7040E, FortiGate-7060E, FortiGate-7060E-8-DC, FortiGate-7081F, FortiGate-7081F-2-DC, FortiGate-7081F-DC, FortiGate-7121F, FortiGate-7121F-2, FortiGate-7121F-2-DC, FortiGate-7121F-DC
FortiManager 7.2.8 Release Notes
30
Fortinet Inc.
Product Integration and Support
Model
Firmware Version
FortiGate DC: FortiGate-400F-DC, FortiGate-401E-DC, FortiGate-401F-DC, FortiGate800D-DC, FortiGate-900G-DC, FortiGate-901G-DC, FortiGate-1100E-DC, FortiGate-1500DDC, FortiGate-1800F-DC, FortiGate-1801F-DC, FortiGate-2201E-ACDC, FortiGate-2600FDC, FortiGate-2601F-DC, FortiGate-3000D-DC, FortiGate-3000F-ACDC, FortiGate-3000FDC, FortiGate-3001F-ACDC, FortiGate-3001F-DC, FortiGate-3100D-DC, FortiGate-3200DDC, FortiGate-3400E-DC, FortiGate-3401E-DC, FortiGate-3600E-DC, FortiGate-3700D-DC, FortiGate-3800D-DC, FortiGate-3960E-ACDC, FortiGate-3960E-DC, FortiGate-3980E-DC, FortiGate-4200F-DC, FortiGate-4201F-DC, FortiGate-4400F-DC, FortiGate-4401F-DC, FortiGate-4800F-DC, FortiGate-4801F-DC
FortiWiFi: FWF-60E, FWF-60E-DSL, FWF-60E-DSLJ, FWF-60F, FWF-61E, FWF-61F, FWF-80F-2R, FWF-81F-2R, FWF-81F-2R-3G4G-DSL, FWF-81F-2R-3G4G-POE, FWF-81F2R-POE
FortiGate VM: FortiGate-ARM64-AWS, FortiGate-ARM64-Azure, FortiGate-ARM64-GCP, FortiGate-ARM64-KVM, FortiGate-ARM64-OCI, FortiGate-VM64, FortiGate-VM64-ALI, FortiGate-VM64-AWS, FortiGate-VM64-Azure, FortiGate-VM64-GCP, FortiGate-VM64-HV, FortiGate-VM64-IBM, FortiGate-VM64-KVM, FortiGate-VM64-OPC, FortiGate-VM64RAXONDEMAND, FortiGate-VM64-XEN, FortiGate-VMX-Service-Manager
FortiOS-VM: FOS-VM64, FOS-VM64-HV, FOS-VM64-KVM, FOS-VM64-Xen
FortiGate Rugged: FGR-60F, FGR-60F-3G4G, FGR-70F, FGR-70F-3G4G
FortiGate: FortiGate-40F, FortiGate-40F-3G4G, FortiGate-60E, FortiGate-60E-DSL,
7.0
FortiGate-60E-DSLJ, FortiGate-60E-POE, FortiGate-60F, FortiGate-61E, FortiGate-61F, FortiGate-70F, FortiGate-71F, FortiGate-80E, FortiGate-80E-POE, FortiGate-80F, FortiGate-
80F-Bypass, FortiGate-80F-POE, FortiGate-81E, FortiGate-81E-POE, FortiGate-81F,
FortiGate-81F-POE, FortiGate-90E, FortiGate-91E, FortiGate-100E, FortiGate-100EF,
FortiGate-100F, FortiGate-101E, FortiGate-101F, FortiGate-140E, FortiGate-140E-POE,
FortiGate-200E, FortiGate-200F, FortiGate-201E, FortiGate-201F, FortiGate-300D,
FortiGate-300E, FortiGate-301E, FortiGate-400D, FortiGate-400E, FortiGate-400F, FortiGate-400E-Bypass, FortiGate-401E, FortiGate-401F, FortiGate-500D, FortiGate-500E,
FortiGate-501E, FortiGate-600D, FortiGate-600E, FortiGate-600F, FortiGate-601E,
FortiGate-601F, FortiGate-800D, FortiGate-900D, FortiGate-1000D, FortiGate-1100E,
FortiGate-1101E, FortiGate-1200D, FortiGate-1500D, FortiGate-1500DT, FortiGate-1800F,
FortiGate-1801F, FortiGate-2000E, FortiGate-2200E, FortiGate-2201E, FortiGate-2500E,
FortiGate-2600F, FortiGate-2601F, FortiGate-3000D, FortiGate-3000F, FortiGate-3001F, FortiGate-3100D, FortiGate-3200D, FortiGate-3300E, FortiGate-3301E, FortiGate-3400E,
FortiGate-3401E, FortiGate-3500F, FortiGate-3501F, FortiGate-3600E, FortiGate-3601E,
FortiGate-3700D, FortiGate-3800D, FortiGate-3810D, FortiGate-3815D, FortiGate-3960E,
FortiGate-3980E, FortiGate-4200F, FortiGate-4201F, FortiGate-4400F, FortiGate-4401F,
FortiGate 5000 Series: FortiGate-5001D, FortiGate-5001E, FortiGate-5001E1
FortiManager 7.2.8 Release Notes
31
Fortinet Inc.
Product Integration and Support
Model
Firmware Version
FortiGate DC: FortiGate-400F-DC, FortiGate-401E-DC, FortiGate-401F-DC, FortiGate800D-DC, FortiGate-1100E-DC, FortiGate-1500D-DC, FortiGate-1800F-DC, FortiGate1801F-DC, FortiGate-2201E-ACDC, FortiGate-2600F-DC, FortiGate-2601F-DC, FortiGate3000D-DC, FortiGate-3000F-ACDC, FortiGate-3000F-DC, FortiGate-3001F-ACDC, FortiGate-3001F-DC, FortiGate-3100D-DC, FortiGate-3200D-DC, FortiGate-3400E-DC, FortiGate-3401E-DC, FortiGate-3600E-DC, FortiGate-3700D-DC, FortiGate-3800D-DC, FortiGate-3810D-DC, FortiGate-3815D-DC, FortiGate-3960E-ACDC, FortiGate-3960E-DC, FortiGate-3980E-DC, FortiGate-4200F-DC, FortiGate-4201F-DC, FortiGate-4400F-DC, FortiGate-4401F-DC
FortiWiFi: FWF-60E, FWF-60E-DSL, FWF-60E-DSLJ, FWF-60F, FWF-61E, FWF-61F, FWF-80F-2R, FWF-81F-2R, FWF-81F-2R-3G4G-POE, FWF-81F-2R-POE
FortiGate VM: FortiGate-ARM64-AWS, FortiGate-ARM64-KVM, FortiGate-ARM64-OCI, FortiGate-VM64, FortiGate-VM64-ALI, FortiGate-VM64-AWS, FortiGate-VM64-Azure, FortiGate-VM64-GCP, FortiGate-VM64-HV, FortiGate-VM64-IBM, FortiGate-VM64-KVM, FortiGate-VM64-OPC, FortiGate-VM64-RAXONDEMAND, FortiGate-VM64-XEN, FortiGateVMX-Service-Manager
FortiOS-VM: FOS-VM64, FOS-VM64-HV, FOS-VM64-KVM, FOS-VM64-Xen
FortiGate Rugged: FGR-60F, FGR-60F-3G4G
FortiGate: FortiGate-40F, FortiGate-40F-3G4G, FortiGate-60E, FortiGate-60E-DSL,
6.4
FortiGate-60E-DSLJ, FortiGate-60E-POE, FortiGate-60F, FortiGate-61E, FortiGate-61F,
FortiGate-80E, FortiGate-80E-POE, FortiGate-80F, FortiGate-80F-Bypass, FortiGate-80F-
POE, FortiGate-81E, FortiGate-81E-POE, FortiGate-81F, FortiGate-81F-POE, FortiGate-
90E, FortiGate-91E, FortiGate-100D, FortiGate-100E, FortiGate-100EF, FortiGate-100F,
FortiGate-101E, FortiGate-101F, FortiGate-140E, FortiGate-140E-POE, FortiGate-200E,
FortiGate-200F, FortiGate-201E, FortiGate-201F, FortiGate-300D, FortiGate-300E,
FortiGate-301E, FortiGate-400D, FortiGate-400E, FortiGate-400E-Bypass, FortiGate-401E,
FortiGate-500D, FortiGate-500E, FortiGate-501E, FortiGate-600D, FortiGate-600E,
FortiGate-601E, FortiGate-800D, FortiGate-900D, FortiGate-1000D, FortiGate-1100E,
FortiGate-1101E, FortiGate-1200D, FortiGate-1500D, FortiGate-1500DT, FortiGate-1800F,
FortiGate-1801F, FortiGate-2000E, FortiGate-2200E, FortiGate-2201E, FortiGate-2500E,
FortiGate-2600F, FortiGate-2601F, FortiGate-3000D, FortiGate-3100D, FortiGate-3200D,
FortiGate-3300E, FortiGate-3301E, FortiGate-3400E, FortiGate-3401E, FortiGate-3600E,
FortiGate-3601E, FortiGate-3700D, FortiGate-3800D, FortiGate-3810D, FortiGate-3815D,
FortiGate-3960E, FortiGate-3980E, FortiGate-4200F, FortiGate-4201F, FortiGate-4400F,
FortiGate-4401F,
FortiGate 5000 Series: FortiGate-5001D, FortiGate-5001E, FortiGate-5001E1
FortiGate DC: FortiGate-401E-DC, FortiGate-800D-DC, FortiGate-1100E-DC, FortiGate1500D-DC, FortiGate-1800F-DC, FortiGate-1801F-DC, FortiGate-2201E-ACDC, FortiGate2600F-DC, FortiGate-2601F-DC, FortiGate-3000D-DC, FortiGate-3100D-DC, FortiGate3200D-DC, FortiGate-3400E-DC, FortiGate-3401E-DC, FortiGate-3600E-DC, FortiGate3700D-DC, FortiGate-3800D-DC, FortiGate-3810D-DC, FortiGate-3815D-DC, FortiGate3960E-ACDC, FortiGate-3960E-DC, FortiGate-3980E-DC, FortiGate-4200F-DC, FortiGate4201F-DC, FortiGate-4400F-DC, FortiGate-4401F-DC
FortiGate Hardware Low Encryption: FortiGate-100D-LENC
FortiManager 7.2.8 Release Notes
32
Fortinet Inc.
Product Integration and Support
Model
Firmware Version
FortiWiFi: FWF-40F, FWF-40F-3G4G, FWF-60E, FWF-60E-DSL, FWF-60E-DSLJ, FWF60F, FWF-61E, FWF-61F, FWF-80F-2R, FWF-81F-2R, FWF-81F-2R-3G4G-POE, FWF-81F2R-POE
FortiGate VM: FortiGate-VM64, FortiGate-VM64-ALI, FortiGate-VM64-ALIONDEMAND, FortiGate-VM64-AWS, FortiGate-VM64-AZUREONDEMAND, FortiGate-VM64-Azure, FortiGate-VM64-GCP, VM64-GCPONDEMAND, FortiGate-VM64-HV, FortiGate-VM64-IBM, FortiGate-VM64-KVM, FortiGate-VM64-OPC, FortiGate-VM64-RAXONDEMAND, FortiGateVM64-XEN, FortiGate-VMX-Service-Manager
FortiOS-VM: FOS-VM64, FOS-VM64-HV, FOS-VM64-KVM, FOS-VM64-Xen
FortiGate Rugged: FGR-60F, FGR-60F-3G4G
FortiGate special branch models
The following FortiGate models are released on special branches of FortiOS. FortiManager version 7.2.8 supports these models on the identified FortiOS version and build number. For information about supported FortiGate models released with FortiOS firmware, see FortiGate models on page 30.
FortiOS 7.2
FortiGate Model FortiGate-30G FortiGate-200G, FortiGate-201G FortiWiFi-30G
FortiOS Version 7.2.8 7.2.8 7.2.8
FortiOS Build 6390 6397 6390
FortiOS 7.0
FortiGate Model FortiGate-50G-DSL FortiGate-50G-SFP FortiGate-50G-SFP-POE FortiGate-51G-SFP-POE FortiGate-80F-DSL FortiGate-90G, FortiGate-91G FortiGate-120G, FortiGate-121G FortiGate-900G, FortiGate-900G-DC, FortiGate-901G, FortiGate-901G-DC
FortiOS Version 7.0.12 7.0.12 7.0.12 7.0.12 7.0.15 7.0.15 7.0.15 7.0.15
FortiOS Build 7353 7192 7257 7257 7272 7288 7277 7266
FortiManager 7.2.8 Release Notes
33
Fortinet Inc.
Product Integration and Support
FortiGate Model
FortiOS Version
FortiGate-1000F, FortiGate-1001F
7.0.15
FortiGate-3200F
7.0.15
FortiGate-3201F
7.0.15
FortiGate-3700F, FortiGate-3701F
7.0.15
FortiGate-4800F, FortiGate-4800F-DC
7.0.15
FortiGate-4801F, FortiGate-4801F-DC
7.0.15
FortiGate-6000F, FortiGate-6001F, FortiGate-6300F, FortiGate-6300F-DC, FortiGate-6301F, FortiGate-6301F-DC, FortiGate-6500F, FortiGate-6500F-DC, FortiGate-6501F, FortiGate-6501F-DC
7.0.15
FortiGate-7000E, FortiGate-7030E, FortiGate-7040E, FortiGate-7060E, FortiGate-7060E-8-DC
7.0.15
FortiGate-7000F, FortiGate-7081F, FortiGate-7081F-2-DC, FortiGate-7081F-DC, FortiGate-7121F, FortiGate-7121F-2, FortiGate-7121F-2-DC, FortiGate-7121F-DC
7.0.15
FortiGateRugged-70F, FortiGateRugged70F-3G4G
7.0.15
FortiGateRugged-70G-5G-Dual
7.0.12
FortiWiFi-50G-5G
7.0.12
FortiWiFi-50G-DSL
7.0.12
FortiWiFi-50G-SFP
7.0.12
FortiWiFi-80F-2R-3G4G-DSL, FortiWiFi-81F- 7.0.15 2R-3G4G-DSL
FortiOS 6.4
FortiGate Model FortiGate-400F, FortiGate-400F-DC, FortiGate-401F, FortiGate-401F-DC FortiGate-600F, FortiGate-601F FortiGate-3500F FortiGate-3501F
FortiOS Version 6.4.13
6.4.13 6.4.6 6.4.6
FortiOS Build 7267 7278 7273 7286 7286 7286 0247
0247
0247
7284 7151 7192 7353 7192 7272
FortiOS Build 5455 5455 5886 6132
FortiManager 7.2.8 Release Notes
34
Fortinet Inc.
Product Integration and Support
FortiGate Model
FortiOS Version
FortiGate-6000F, FortiGate-6001F, FortiGate-6300F, FortiGate-6300F-DC, FortiGate-6301F, FortiGate-6301F-DC, FortiGate-6500F, FortiGate-6500F-DC, FortiGate-6501F, FortiGate-6501F-DC
6.4.13
FortiGate-7000E, FortiGate-7030E, FortiGate-7040E, FortiGate-7060E, FortiGate-7060E-8-DC
6.4.13
FortiGate-7000F, FortiGate-7081F, FortiGate-7081F-2-DC, FortiGate-7081F-DC, FortiGate-7121F, FortiGate-7121F-2, FortiGate-7121F-2-DC, FortiGate-7121F-DC
6.4.13
FortiWiFi-80F-2R-3G4G-DSL
6.4.7
FortiOS Build 1926
1926 1926 5003
FortiCarrier models
The following FortiCarrier models are released with FortiCarrier firmware.
For information about supported FortiCarrier models on special branch releases of FortiCarrier firmware, see FortiCarrier special branch models on page 36.
Model
Firmware Version
FortiCarrier: FortiCarrier-2600F, FortiCarrier-2601F, FortiCarrier-3000D, FortiCarrier-3000F, 7.2 FortiCarrier-3001F, FortiCarrier-3100D, FortiCarrier-3200D, FortiCarrier-3200F, FortiCarrier3201F, FortiCarrier-3300E, FortiCarrier-3301E, FortiCarrier-3400E, FortiCarrier-3401E, FortiCarrier-3500F, FortiCarrier-3501F, FortiCarrier-3600E, FortiCarrier-3601E, FortiCarrier3700D, FortiCarrier-3700F, FortiCarrier-3701F, FortiCarrier-3800D, FortiCarrier-3960E, FortiCarrier-3980E, FortiCarrier-4200F, FortiCarrier-4201F, FortiCarrier-4400F, FortiCarrier4401F, FortiCarrier-4800F, FortiCarrier-4801F, FortiCarrier-5001E, FortiCarrier-5001E1
FortiCarrier 6000 Series: FortiCarrier-6000F, FortiCarrier-6001F, FortiCarrier-6300F, FortiCarrier-6300F-DC, FortiCarrier-6301F, FortiCarrier-6301F-DC, FortiCarrier-6500F, FortiCarrier-6500F-DC, FortiCarrier-65001F, FortiCarrier-6501F-DC
FortiCarrier 7000 Series: FortiCarrier-7000E, FortiCarrier-7000F, FortiCarrier-7030E, FortiCarrier-7040E, FortiCarrier-7060E, FortiCarrier-7060E-8-DC, FortiCarrier-7081F, FortiCarrier-7081F-2, FortiCarrier-7081F-2-DC, FortiCarrier-7081F-DC, FortiCarrier-7121F, FortiCarrier-7121F-2, FortiCarrier-7121F-2-DC, FortiCarrier-7121F-DC
FortiCarrier-DC: FortiCarrier-2600F-DC, FortiCarrier-2601F-DC, FortiCarrier-3000D-DC, FortiCarrier-3000F-ACDC, FortiCarrier-3000F-DC, FortiCarrier-3001F-ACDC, FortiCarrier3001F-DC, FortiCarrier-3100D-DC, FortiCarrier-3200D-DC, FortiCarrier-3400E-DC, FortiCarrier-3401E-DC, FortiCarrier-3600E-DC, FortiCarrier-3700D-DC, FortiCarrier-3800DDC, FortiCarrier-3960E-DC, FortiCarrier-3980E-DC, FortiCarrier-4200F-DC, FortiCarrier4201F-DC, FortiCarrier-4400F-DC, FortiCarrier-4401F-DC
FortiManager 7.2.8 Release Notes
35
Fortinet Inc.
Product Integration and Support
Model
Firmware Version
FortiCarrier-VM: FortiCarrier-ARM64-AWS, FortiCarrier-ARM64-Azure, FortiCarrierARM64-GCP, FortiCarrier-ARM64-KVM, FortiCarrier-ARM64-OCI, FortiCarrier-VM64, FortiCarrier-VM64-ALI, FortiCarrier-VM64-AWS, FortiCarrier-VM64-Azure, FortiCarrierVM64-GCP, FortiCarrier-VM64-HV, FortiCarrier-VM64-IBM, FortiCarrier-VM64-KVM, FortiCarrier-VM64-OPC, FortiCarrier-VM64-Xen
FortiCarrier: FortiCarrier-2600F, FortiCarrier-2601F, FortiCarrier-3000D, FortiCarrier-3000F, 7.0 FortiCarrier-3001F, FortiCarrier-3100D, FortiCarrier-3200D, FortiCarrier-3300E, FortiCarrier3301E, FortiCarrier-3400E, FortiCarrier-3401E, FortiCarrier-3500F, FortiCarrier-3501F, FortiCarrier-3600E, FortiCarrier-3601E, FortiCarrier-3700D, FortiCarrier-3800D, FortiCarrier3810D, FortiCarrier-3815D, FortiCarrier-3960E, FortiCarrier-3980E, FortiCarrier-5001D, FortiCarrier-5001E, FortiCarrier-5001E1
FortiCarrier-DC: FortiCarrier-2600F-DC, FortiCarrier-2601F-DC, FortiCarrier-3000D-DC, FortiCarrier-3000F-ACDC, FortiCarrier-3000F-DC, FortiCarrier-3001F-ACDC, FortiCarrier3001F-DC, FortiCarrier-3100D-DC, FortiCarrier-3200D-DC, FortiCarrier-3400E-DC, FortiCarrier-3401E-DC, FortiCarrier-3600E-DC, FortiCarrier-3700D-DC, FortiCarrier-3800DDC, FortiCarrier-3810D-DC, FortiCarrier-3815D-DC, FortiCarrier-3960E-DC, FortiCarrier3980E-DC
FortiCarrier-VM: FortiCarrier-ARM64-AWS, FortiCarrier-ARM64-KVM, FortiCarrier-ARM64OCI, FortiCarrier-VM64, FortiCarrier-VM64-ALI, FortiCarrier-VM64-AWS, FortiCarrier-VM64Azure, FortiCarrier-VM64-GCP, FortiCarrier-VM64-HV, FortiCarrier-VM64-IBM, FortiCarrierVM64-KVM, FortiCarrier-VM64-OPC, FortiCarrier-VM64-Xen, FortiCarrier-ARM64-KVM
FortiCarrier: FortiCarrier-3000D, FortiCarrier-3100D, FortiCarrier-3200D, FortiCarrier-
6.4
3300E, FortiCarrier-3301E, FortiCarrier-3400E, FortiCarrier-3401E, FortiCarrier-3500F,
FortiCarrier-3501F, FortiCarrier-3600E, FortiCarrier-3601E, FortiCarrier-3700D, FortiCarrier-
3800D, FortiCarrier-3810D, FortiCarrier-3815D, FortiCarrier-3960E, FortiCarrier-3980E,
FortiCarrier-5001D, FortiCarrier-5001E, FortiCarrier-5001E1
FortiCarrier-DC: FortiCarrier-3000D-DC, FortiCarrier-3000F-DC, FortiCarrier-3001F-DC, FortiCarrier-3100D-DC, FortiCarrier-3200D-DC, FortiCarrier-3400E-DC, FortiCarrier-3401EDC, FortiCarrier-3600E-DC, FortiCarrier-3700D-DC, FortiCarrier-3800D-DC, FortiCarrier3810D-DC, FortiCarrier-3815D-DC, FortiCarrier-3960E-DC, FortiCarrier-3980E-DC
FortiCarrier-VM: FortiCarrier-VM64, FortiCarrier-VM64-ALI, FortiCarrier-VM64-AWS, FortiCarrier-VM64-Azure, FortiCarrier-VM64-GCP, FortiCarrier-VM64-HV, FortiCarrierVM64-IBM, FortiCarrier-VM64-KVM, FortiCarrier-VM64-OPC, FortiCarrier-VM64-Xen
FortiCarrier special branch models
The following FortiCarrier models are released on special branches of FortiOS Carrier. FortiManager version 7.2.8 supports these models on the identified FortiOS Carrier version and build number. For information about supported FortiCarrier models released with FortiOS Carrier firmware, see FortiCarrier models on page 35.
FortiManager 7.2.8 Release Notes
36
Fortinet Inc.
Product Integration and Support
FortiCarrier 7.0
FortiCarrier Model
FortiCarrier-3200F
FortiCarrier-3201F
FortiCarrier-3700F, FortiCarrier-3701F
FortiCarrier-4800F, FortiCarrier-4800F-DC
FortiCarrier-4801F, FortiCarrier-4801F-DC
FortiCarrier-6000F, FortiCarrier-6001F, FortiCarrier-6300F, FortiCarrier-6300F-DC, FortiCarrier-6301F, FortiCarrier-6301F-DC, FortiCarrier-6500F, FortiCarrier-6500F-DC, FortiCarrier-65001F, FortiCarrier-6501F-DC
FortiCarrier-7000E, FortiCarrier-7030E, FortiCarrier-7040E, FortiCarrier-7060E, FortiCarrier-7060E-8-DC
FortiCarrier-7000F, FortiCarrier-7081F, FortiCarrier-7081F-2, FortiCarrier-7081F-2DC, FortiCarrier-7081F-DC, FortiCarrier7121F, FortiCarrier-7121F-2, FortiCarrier7121F-2-DC, FortiCarrier-7121F-DC
FortiCarrier Version 7.0.15 7.0.15 7.0.15 7.0.15 7.0.15 7.0.15
7.0.15
7.0.15
FortiCarrier 6.4
FortiCarrier Model
FortiCarrier-3500F
FortiCarrier-3501F
FortiCarrier-6000F, FortiCarrier-6001F, FortiCarrier-6300F, FortiCarrier-6300F-DC, FortiCarrier-6301F, FortiCarrier-6301F-DC, FortiCarrier-6500F, FortiCarrier-6500F-DC, FortiCarrier-65001F, FortiCarrier-6501F-DC
FortiCarrier-7000E, FortiCarrier-7030E, FortiCarrier-7040E, FortiCarrier-7060E, FortiCarrier-7060E-8-DC
FortiCarrier-7000F, FortiCarrier-7081F, FortiCarrier-7081F-2, FortiCarrier-7081F-2DC, FortiCarrier-7081F-DC, FortiCarrier7121F, FortiCarrier-7121F-2, FortiCarrier7121F-2-DC, FortiCarrier-7121F-DC
FortiCarrier Version 6.4.6 6.4.6 6.4.13
6.4.13
6.4.13
FortiCarrier Build 7278 7273 7331 7286 7286 0247
0247
0247
FortiCarrier Build 5886 6132 1926
1926
1926
FortiManager 7.2.8 Release Notes
37
Fortinet Inc.
Product Integration and Support
FortiADC models
Model
FortiADC: FortiADC-100F, FortiADC-120F, FortiADC-200D, FortiADC-200F, FortiADC220F, FortiADC-300D, FortiADC-300F, FortiADC-400D, FortiADC-400F, FortiADC-700D, FortiADC-1000F, FortiADC-1200F, FortiADC-1500D, FortiADC-2000D, FortiADC-2000F, FortiADC-2200F, FortiADC-4000D, FortiADC-4000F, FortiADC-4200F, FortiADC-5000F FortiADC VM: FortiADC-VM
Firmware Version 7.0, 7.1, 7.2
FortiAnalyzer models
Model
Firmware Version
FortiAnalyzer: FortiAnalyzer-150G, FortiAnalyzer-300F, FortiAnalyzer-300G, FortiAnalyzer- 7.2 400E, FortiAnalyzer-800F, FortiAnalyzer-800G, FortiAnalyzer-810G, FortiAnalyzer-1000F, FortiAnalyzer-1000G, FortiAnalyzer-2000E, FortiAnalyzer-3000E, FortiAnalyzer-3000F, FortiAnalyzer-3000G, FortiAnalyzer-3100G, FortiAnalyzer-3500E, FortiAnalyzer-3500F, FortiAnalyzer-3500G, FortiAnalyzer-3510G, FortiAnalyzer-3700F, FortiAnalyzer-3700G, FortiAnalyzer-3900E
FortiAnalyzer VM: FortiAnalyzer-DOCKER, FortiAnalyzer-VM64, FortiAnalyzer-VM64-ALI, FortiAnalyzer-VM64-AWS, FortiAnalyzer-VM64-AWS-OnDemand, FortiAnalyzer-VM64Azure, FortiAnalyzer-VM64-Azure-OnDemand, FortiAnalyzer-VM64-GCP, FortiAnalyzerVM64-HV, FortiAnalyzer-VM64-IBM, FortiAnalyzer-VM64-KVM, FortiAnalyzer-VM64-OPC, FortiAnalyzer-VM64-Xen
FortiAnalyzer: FortiAnalyzer-150G, FortiAnalyzer-200F, FortiAnalyzer-300F, FortiAnalyzer- 7.0 300G, FortiAnalyzer-400E, FortiAnalyzer-800F, FortiAnalyzer-800G, FortiAnalyzer-810G, FortiAnalyzer-1000F, FortiAnalyzer-1000G, FortiAnalyzer-2000E, FortiAnalyzer-3000E, FortiAnalyzer-3000F, FortiAnalyzer-3000G, FortiAnalyzer-3100G, FortiAnalyzer-3500E, FortiAnalyzer-3500F, FortiAnalyzer-3500G, FortiAnalyzer-3510G, FortiAnalyzer-3700F, FortiAnalyzer-3700G, FortiAnalyzer-3900E
FortiAnalyzer VM: FortiAnalyzer-DOCKER, FortiAnalyzer-VM64, FortiAnalyzer-VM64-ALI, FortiAnalyzer-VM64-ALI-OnDemand, FortiAnalyzer-VM64-AWS, FortiAnalyzer-VM64-Azure, FortiAnalyzer-VM64-Azure-OnDemand, FortiAnalyzer-VM64-GCP, FortiAnalyzer-VM64GCP-OnDemand, FortiAnalyzer-VM64-HV, FortiAnalyzer-VM64-IBM, FortiAnalyzer-VM64KVM, FortiAnalyzer-VM64-OPC, FortiAnalyzer-VM64-Xen
FortiAnalyzer: FortiAnalyzer-150G, FortiAnalyzer-200F, FortiAnalyzer-300F, FortiAnalyzer- 6.4 300G, FortiAnalyzer-400E, FortiAnalyzer-800F, FortiAnalyzer-800G, FortiAnalyzer-1000E, FortiAnalyzer-1000F, FortiAnalyzer-2000E, FortiAnalyzer-3000E, FortiAnalyzer-3000F, FortiAnalyzer-3000G, FortiAnalyzer-3500E, FortiAnalyzer-3500F, FortiAnalyzer-3500G, FortiAnalyzer-3700F, FortiAnalyzer-3700G, FortiAnalyzer-3900E
FortiAnalyzer VM: FortiAnalyzer-DOCKER, FortiAnalyzer-VM64, FortiAnalyzer-VM64-ALI, FortiAnalyzer-VM64-ALI-OnDemand, FortiAnalyzer-VM64-AWS, FortiAnalyzer-VM64AWSOnDemand, FortiAnalyzer-VM64-Azure, FortiAnalyzer-VM64-Azure-OnDemand, FortiAnalyzer-VM64-GCP, FortiAnalyzer-VM64-GCP-OnDemand, FortiAnalyzer-VM64-HV, FortiAnalyzer-VM64-KVM, FortiAnalyzer-VM64-OPC, FortiAnalyzer-VM64-Xen
FortiManager 7.2.8 Release Notes
38
Fortinet Inc.
Product Integration and Support
FortiAnalyzer-BigData models
Model FortiAnalyzer-BigData: FortiAnalyzer-BigData-4500F FortiAnalyzer-BigData VM: FortiAnalyzer-BigData-VM64 FortiAnalyzer-BigData: FortiAnalyzer-BigData-4500F FortiAnalyzer-BigData VM: FortiAnalyzer-BigData-VM64
Firmware Version 7.2
7.0
FortiAuthenticator models
Model
FortiAuthenticator: FAC-200D, FAC-200E, FAC-300F, FAC-400C, FAC-400E, FAC-800F, FAC-1000C, FAC-1000D, FAC-2000E, FAC-3000D, FAC-3000E, FAC-3000F FortiAuthenticator VM: FAC-VM
FortiAuthenticator: FAC-200D, FAC-200E, FAC-300F, FAC-400C, FAC-400E, FAC-800F, FAC-1000C, FAC-1000D, FAC-2000E, FAC-3000D, FAC-3000E FortiAuthenticator VM: FAC-VM
Firmware Version 6.4, 6.5, 6.6
6.2, 6,3
FortiCache models
Model
FortiCache: FCH-400C, FCH-400E, FCH-1000C, FCH-1000D, FCH-3000C, FCH-3000D, FCH-3000E, FCH-3900E FortiCache VM: FCH-KVM, FCH-VM64
FortiCache: FCH-400C, FCH-400E, FCH-1000C, FCH-1000D, FCH-3000C, FCH-3000D, FCH-3900E FortiCache VM: FCH-VM64
Firmware Version 4.1, 4.2
4.0
FortiDDoS models
Model FortiDDoS: FortiDDoS-200F, FortiDDoS-1500F, FortiDDoS-2000F, FortiDDoS-3000F FortiDDoS VM: FortiDDoS-VM FortiDDoS: FortiDDoS-200F, FortiDDoS-1500F, FortiDDoS-2000F FortiDDoS VM: FortiDDoS-VM FortiDDoS: FortiDDoS-200F, FortiDDoS-1500F FortiDDoS VM: FortiDDoS-VM
Firmware Version 6.4, 6.5, 6.6, 7.0 6.3 6.2
FortiManager 7.2.8 Release Notes
39
Fortinet Inc.
Product Integration and Support
FortiDeceptor models
Model FortiDeceptor: FDC-100G, FDC-1000F, FDC-1000G FortiDeceptor Rugged: FDCR-100G FortiDeceptor VM: FDC-VM FortiDeceptor: FDC-1000F, FDC-1000G FortiDeceptor Rugged: FDCR-100G FortiDeceptor VM: FDC-VM FortiDeceptor: FDC-1000F, FDC-1000G FortiDeceptor Rugged: FDCR-100G FortiDeceptor VM: FDC-VM
Firmware Version 5.0, 5.1, 5.2, 5.3
4.3
4.2
FortiFirewall models
Some of the following FortiFirewall models are released on special branches of FortiFirewall firmware. FortiManager version 7.2.8 supports these models on the identified FortiFirewall firmware version and build number.
FortiFirewall 7.2
Model
Firmware Version
FortiFirewall: FortiFirewall-1801F, FortiFirewall-2600F, FortiFirewall-3980E, FortiFirewall- 7.2 4200F, FortiFirewall-4400F, FortiFirewall-4401F, FortiFirewall-4801F FortiFirewall DC: FortiFirewall-1801F-DC, FortiFirewall-2600F-DC, FortiFirewall-4200F-DC, FortiFirewall-4401F-DC FortiFirewall-VM: FortiFirewall-VM64, FortiFirewall-VM64-KVM
FortiFirewall 7.0
Model
FortiFirewall: FortiFirewall-3001F FortiFirewall: FortiFirewall-3501F FortiFirewall: FortiFirewall-3980E FortiFirewall DC: FortiFirewall-3980E-DC FortiFirewall-VM: FortiFirewall-VM64, FortiFirewall-VM64-KVM
Firmware Ver- Firmware
sion
Build (for
special
branch)
7.0.10
4955
7.0.10
4940
7.0
FortiManager 7.2.8 Release Notes
40
Fortinet Inc.
Product Integration and Support
FortiFirewall 6.4
Model
FortiFirewall: FortiFirewall-1801F, FortiFirewall-2600F FortiFirewall DC: FortiFirewall-1801F-DC, FortiFirewall-2600F-DC FortiFirewall: FortiFirewall-3980E FortiFirewall DC: FortiFirewall-3980E-DC FortiFirewall: FortiFirewall-4200F, FortiFirewall-4400F FortiFirewall: FortiFirewall-4401F FortiFirewall DC: FortiFirewall-4401F-DC FortiFirewall-VM: FortiFirewall-VM64, FortiFirewall-VM64-KVM
Firmware Ver- Firmware
sion
Build (for
special
branch)
6.4.12
5423
6.4
6.4 6.4.12
1999 5423
6.4
FortiFirewallCarrier models
Some of the following FortiFirewallCarrier models are released on special branches of FortiFirewallCarrier firmware. FortiManager version 7.2.8 supports these models on the identified FortiFirewallCarrier firmware version and build number.
FortiFirewallCarrier 7.2
Model
Firmware Ver- Firmware
sion
Build (for
special
branch)
FortiFirewallCarrier: FortiFirewallCarrier-1801F FortiFirewallCarrier-DC: FortiFirewallCarrier-1801F-DC
7.2.6
4609
FortiFirewallCarrier: FortiFirewallCarrier-2600F, FortiFirewallCarrier-3980E,
7.2
FortiFirewallCarrier-4200F, FortiFirewallCarrier-4400F, FortiFirewallCarrier-
4401F, FortiFirewallCarrier-4801F
FortiFirewallCarrier-DC: FortiFirewallCarrier-4200F-DC, FortiFirewallCarrier4401F-DC
FortiFirewallCarrier-VM: FortiFirewallCarrier-VM64, FortiFirewallCarrier-VM64KVM
FortiManager 7.2.8 Release Notes
41
Fortinet Inc.
Product Integration and Support
FortiFirewallCarrier 7.0
Model
Firmware Ver- Firmware
sion
Build (for
special
branch)
FortiFirewallCarrier: FortiFirewallCarrier-3001F
7.0.10
4955
FortiFirewallCarrier: FortiFirewallCarrier-3501F
7.0.10
4940
FortiFirewallCarrier: FortiFirewallCarrier-4200F, FortiFirewallCarrier-4400F
6.4
FortiFirewallCarrier: FortiFirewallCarrier-4200F, FortiFirewallCarrier-4400F
6.2.7
5148
FortiFirewallCarrier: FortiFirewallCarrier-4401F
6.4.9
5318
FortiFirewallCarrier-VM: FortiFirewallCarrier-VM64, FortiFirewallCarrier-VM64- 7.0 KVM
FortiFirewallCarrier 6.4
Model
FortiFirewallCarrier: FortiFirewallCarrier-4200F, FortiFirewallCarrier-4400F FortiFirewallCarrier: FortiFirewallCarrier-4401F
Firmware Ver- Firmware
sion
Build (for
special
branch)
6.4
6.4.9
5318
FortiFirewallCarrier 6.2
Model
FortiFirewallCarrier: FortiFirewallCarrier-4200F, FortiFirewallCarrier-4400F
Firmware Ver- Firmware
sion
Build (for
special
branch)
6.2.7
5148
FortiMail models
Model
FortiMail: FE-60D, FE-200D, FE-200E, FE-200F, FE-400E, FE-400F, FE-900F, FE-2000F, FE-3000F
FortiMail: FE-60D, FE-200D, FE-200E, FE-200F, FE-400E, FE-400F, FE-900F, FE-1000D, FE-2000E, FE-2000F, FE-3000D, FE-3000E, FE-3000F, FE-3200E
Firmware Version 7.2
7.0
FortiManager 7.2.8 Release Notes
42
Fortinet Inc.
Product Integration and Support
Model
FortiMail VM: FML-VM, FortiMail Cloud
FortiMail: FE-60D, FE-200D, FE-200E, FE-200F, FE-400E, FE-400F, FE-900F, FE-1000D, FE-2000E, FE-3000D, FE-3000E, FE-3200E FortiMail VM: FML-VM, FortiMail Cloud
Firmware Version 6.4
FortiPAM models
Model FortiPAM: FortiPAM-1000G, FortiPAM-3000G FortiPAM VM: FortiPAM-AWS, FortiPAM-Azure, FortiPAM-GCP, FortiPAM-HyperV, FortiPAM-KVM, FortiPAM-VM64
Firmware Version 1.0, 1.1
FortiProxy models
Model
FortiProxy: FPX-400E, FPX-400G, FPX-2000E, FPX-2000G, FPX-4000E, FPX-4000G FortiProxy VM: FortiProxy-AliCloud, FortiProxy-AWS, FortiProxy-Azure, FortiProxy-GCP, FortiProxy-HyperV, FortiProxy-KVM, FortiProxy-VM64
FortiProxy: FPX-400E, FPX-2000E, FPX-4000E FortiProxy VM: FortiProxy-KVM, FortiProxy-VM64
Firmware Version 7.0, 7.2
1.0, 1.1, 1.2, 2.0
FortiSandbox models
Model
FortiSandbox: FSA-500F, FSA-1000D, FSA-1000F, FSA-2000E, FSA-3000D, FSA-3000E, FSA-3000F, FSA-3500D FortiSandbox DC: FSA-1000F-DC FortiSandbox-VM: FortiSandbox-AWS, FortiSandbox-Cloud, FSA-VM
FortiSandbox: FSA-500F, FSA-1000D, FSA-1000F, FSA-2000E, FSA-3000D, FSA-3000E, FSA-3000F, FSA-3500D FortiSandbox DC: FSA-1000F-DC FortiSandbox-VM: FortiSandbox-AWS, FortiSandbox-Cloud, FSA-VM
FortiSandbox: FSA-500F, FSA-1000D, FSA-1000F, FSA-2000E, FSA-3000D, FSA-3000E, FSA-3000F, FSA-3500D FortiSandbox DC: FSA-1000F-DC FortiSandbox-VM: FortiSandbox-AWS, FortiSandbox-Cloud, FSA-VM
Firmware Version 4.4
4.2
4.0
FortiManager 7.2.8 Release Notes
43
Fortinet Inc.
Product Integration and Support
Model
FortiSandbox: FSA-500F, FSA-1000D, FSA-1000F, FSA-2000E, FSA-3000D, FSA-3000E, FSA-3500D FortiSandbox DC: FSA-1000F-DC FortiSandbox-VM: FortiSandbox-AWS, FSA-VM
Firmware Version 3.2
FortiSOAR models
Model FortiSOAR VM: FortiSOAR-VM
Firmware Version 7.0, 7.2, 7.3
FortiSwitch ATCA models
Model FortiController: FTCL-5103B, FTCL-5903C, FTCL-5913C FortiSwitch-ATCA: FS-5003A, FS-5003B FortiController: FTCL-5103B FortiSwitch-ATCA: FS-5003A, FS-5003B
Firmware Version 5.2 5.0
4.3
FortiTester models
Model
FortiTester: FortiTester-100F, FortiTester-2000D, FortiTester-2000E, FortiTester-2000F, FortiTester-2500E, FortiTester-3000E, FortiTester-4000E, FortiTester VM: FortiTester-VM, FortiTester-VM-ALI-BYOL, FortiTester-VM-ALI-PAYG, FortiTester-VM-AWS-BYOL, FortiTester-VM-AWS-PAYG, FortiTester-VM-AZURE-BYOL, FortiTester-VM-AZURE-PAYG, FortiTester-VM-GCP-BYOL, FortiTester-VM-GCP-PAYG, FortiTester-VM-IBM-BYOL, FortiTester-VM-IBM-PAYG, FortiTester-VM-KVM, FortiTesterVM-OCI-BYOL, FortiTester-VM-OCI-PAYG
FortiTester: FortiTester-60F, FortiTester-100F, FortiTester-2000D, FortiTester-2000E, FortiTester-2000F, FortiTester-2500E, FortiTester-3000E, FortiTester-3000F, FortiTester4000E, FortiTester-4000F FortiTester VM: FortiTester-VM, FortiTester-VM-ALI-BYOL, FortiTester-VM-ALI-PAYG, FortiTester-VM-AWS-BYOL, FortiTester-VM-AWS-PAYG, FortiTester-VM-AZURE-BYOL, FortiTester-VM-AZURE-PAYG, FortiTester-VM-GCP-BYOL, FortiTester-VM-GCP-PAYG, FortiTester-VM-IBM-PAYG, FortiTester-VM-KVM, FortiTester-VM-OCI-BYOL, FortiTesterVM-OCI-PAYG
Firmware Version 7.2, 7.3
7.1
FortiManager 7.2.8 Release Notes
44
Fortinet Inc.
Product Integration and Support
Model
FortiTester: FortiTester-60F, FortiTester-100F, FortiTester-2000D, FortiTester-2000E, FortiTester-2000F, FortiTester-2500E, FortiTester-3000E, FortiTester-3000F, FortiTester4000E, FortiTester-4000F FortiTester VM: FortiTester-VM, FortiTester-VM-ALI-BYOL, FortiTester-VM-ALI-PAYG, FortiTester-VM-AWS-BYOL, FortiTester-VM-AWS-PAYG, FortiTester-VM-AZURE-BYOL, FortiTester-VM-AZURE-PAYG, FortiTester-VM-GCP-BYOL, FortiTester-VM-GCP-PAYG, FortiTester-VM-IBM-PAYG, FortiTester-VM-KVM, FortiTester-VM-OCI-BYOL, FortiTesterVM-OCI-PAYG
FortiTester: FortiTester-60F, FortiTester-100F, FortiTester-2000D, FortiTester-2000E, FortiTester-2500E, FortiTester-3000E, FortiTester-3000F, FortiTester-4000E, FortiTester4000F FortiTester VM: FortiTester-VM, FortiTester-VM-ALI-BYOL, FortiTester-VM-ALI-PAYG, FortiTester-VM-AWS-BYOL, FortiTester-VM-AWS-PAYG, FortiTester-VM-AZURE-BYOL, FortiTester-VM-AZURE-PAYG, FortiTester-VM-GCP-BYOL, FortiTester-VM-GCP-PAYG, FortiTester-VM-KVM, FortiTester-VM-OCI-BYOL, FortiTester-VM-OCI-PAYG
Firmware Version 7.0
4.2
FortiWeb models
Model
Firmware Version
FortiWeb: FortiWeb-100D, FortiWeb-100E, FortiWeb-400C, FortiWeb-400D, FortiWeb400E, FortiWeb-600D, FortiWeb-600E, FortiWeb-1000D, FortiWeb-1000E, FortiWeb-1000F, FortiWeb-2000E, FortiWeb-2000F, FortiWeb-3000C, FortiWeb-3000CFSX, FortiWeb-3000D, FortiWeb-3000DFSX, FortiWeb-3000E, FortiWeb-3000F, FortiWeb-3010E, FortiWeb-4000C, FortiWeb-4000D, FortiWeb-4000E, FortiWeb-4000F
FortiWeb VM: FortiWeb-Azure, FortiWeb-Azure_OnDemand, FortiWeb-Docker, FortiWebGCP, FortiWeb-GCP_OnDemand, FortiWeb-HyperV, FortiWeb-VM, FortiWebXENOpenSource, FortiWeb-XENServer
7.2, 7.4
FortiWeb: FortiWeb-100D, FortiWeb-100E, FortiWeb-400C, FortiWeb-400D, FortiWeb400E, FortiWeb-600D, FortiWeb-600E, FortiWeb-1000D, FortiWeb-1000E, FortiWeb-2000E, FortiWeb-2000F, FortiWeb-3000C, FortiWeb-3000CFSX, FortiWeb-3000D, FortiWeb3000DFSX, FortiWeb-3000E, FortiWeb-3000F, FortiWeb-3010E, FortiWeb-4000C, FortiWeb-4000D, FortiWeb-4000E, FortiWeb-4000F
FortiWeb VM: FortiWeb-Azure, FortiWeb-Azure_OnDemand, FortiWeb-Docker, FortiWebGCP, FortiWeb-GCP_OnDemand, FortiWeb-HyperV, FortiWeb-VM, FortiWebXENOpenSource, FortiWeb-XENServer
6.4, 7.0
FortiManager 7.2.8 Release Notes
45
Fortinet Inc.
Compatibility with FortiOS Versions
This section highlights compatibility issues that administrators should be aware of in FortiManager 7.2.8.
FortiManager 7.2.8 and FortiOS 7.0.16 compatibility issues
This section identifies interoperability issues that have been identified with FortiManager 7.2.8 and FortiOS 7.0.16. FortiOS 7.0.16 includes syntax changes not supported by FortiManager 7.2.8.
When specific platforms are indicated, the syntax change applies to both the FortiGate and FortiCarrier platform for the model. For example, (4 platforms: 3980E,3960E) indicates FortiGate-3980E, FortiCarrier3980E, FortiGate-3960E, FortiCarrier-3960E.
The following objects were added: (attr) system csf legacy-authentication
The following objects were changed: switch-controller system tunnel-mode ++ 1 opts: moderate (110 platforms: excludes 5001E1,5001E)
Additional option changes: system csf group-password tag: mu -> None
FortiManager 7.2.8 Release Notes
46
Fortinet Inc.
Resolved Issues
The following issues have been fixed in FortiManager version 7.2.8. To inquire about a particular bug, please contact Customer Service & Support.
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID 1086790
CVE references
FortiManager 7.2.8 is no longer vulnerable to the following CVE Reference: l CVE-2024-47575
FortiManager 7.2.8 Release Notes
47
Fortinet Inc.
Known issues
Known issues are organized into the following categories: l New known issues on page 48 l Existing known issues on page 48
To inquire about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.
New known issues
There are no new issues identified in 7.2.8.
Existing known issues
The following issues have been identified in a previous version of FortiManager and remain in FortiManager 7.2.8.
AP Manager
Bug ID 1010632 1040365
1076200
Description
Floor Map shows wrong AP status and does not show the rest of APs when adding a new AP.
FortiManager is generating false vulnerability reports for certain FortiAPs: l U431F l U231F
Policy install fails due to FortiManager installs unexpected changes related to "<wifi_intf> address". Workaround: Create a CLI template with all subnet addresses and assign to device.
Device Manager
Bug ID 894948 973365
Description
FortiManager fails to push the FortiAnalyzer override settings to the FortiGate. FortiManager does not display the IP addresses of FortiGate interfaces configured with DHCP addressing mode.
FortiManager 7.2.8 Release Notes
48
Fortinet Inc.
Known issues Bug ID
980362 1004220 1024552 1030685 1062545 1063635 1063835 1070943
Others
Bug ID 703585 777831 1003711
1019261
Description
Workaround: Disable Addressing Mode from DHCP to Manual in FortiManager Device DB, then Retrieve from FortiGate and IP will be updated successfully. The Firmware Version column in Device Manager incorrectly shows "Upgrading FortiGate from V1 to V2" even after a successful upgrade has been completed. The SD-WAN Overlay template creates route-map names that exceed the 35-character limit. SD-WAN Monitor (Map View) and Network Monitor SD-WAN (on device DB) keep loading indefinitely. Unable to export metadata variables if the metadata's per-device-mapping value is empty. When using the backslash "\" in the preshared key of IPSEC settings, the install may fail. FortiManager does not support the "FortiWiFi-80F-2R-3G4G-DSL". FortiManager ZTP installation to FortiGate versions 7.2.8 and lower may fail due to differing default "ssh-kex-algo" settings between FortiManager and FortiGate. Unable to upgrade the devices via Device Group Upgrade Firmware feature. Workaround: Upgrade devices individually by using the "Device Firmware Upgrade" feature or Create New Firmware Template for single devices or device groups and use the "Assign to Devices/Groups" feature.
Description
FortiManager may return 'Connection aborted' error with JSON API request. When FortiAnalyzer is added as a managed device to FortiManager, "Incidents & Events" tile will be displayed instead of the "FortiSoC". During the FortiGate HA upgrade, both the primary and secondary FortiGates may reboot simultaneously, which can disrupt the network. This issue is more likely to occur in FortiGates that require disk checks, leading to longer boot times. Workaround: Disabling the disk check on fmupdate before the upgrade. Unable to upgrade ADOM from 7.0 to 7.2, due to the error "Do not support urlfilter-table for global scope webfilter profile". Workaround: Run the following script against the ADOM DB:
config webfilter profile edit "g-default" config web unset urlfilter-table end
FortiManager 7.2.8 Release Notes
49
Fortinet Inc.
Known issues
Bug ID 1029677 1078947
Description
next end
Unable to upgrade ADOM from v6.4 to v7.0 due to global scope error in webfilter profile. Workaround: Rename the "g-default" to "g-test" > save. It can be deleted after that. Once ADOM upgraded, new g-default is created.
Repeatedly testing the URL rating on FortiManager (diagnose fmupdate test fgdurl-rating...) may cause the "fgdsvr daemon" to crash.
Policy & Objects
Bug ID 845022 967271 971065 1004929
1005161
1029921 1030914 1037861 1076659
1079678
Description
SDN Connector failed to import objects from VMWare VSphere.
Installation failed when trying to remove firewall internet-service-name objects.
When the number of Custom Internet Services exceeds 256, installation fails due to this limitation.
FortiManager removes the Web Filter Profile from the Profile Group for Policy-Based FortiGates. Workaround: Use individual profiles in the policy instead of the profile group.
The policy package status changes for all devices even when an address object is opened and saved without any modifications. This issue is particularly observed in objects utilizing the per-device mapping feature.
Under the "Web Application Firewall" security profiles,users are unable to disable the signatures via GUI.
Copy and paste function in GUI removes name of the policy rule and adds unwanted default security profiles (SSL-SSH no-inspection and default PROTOCOL OPTIONS).
ADOM versions (7.0 & 7.2) do nothave "ie-allow-list" option available to create GTP object.
When policy package configured with policy block, installation to multiple devices may have copy fail errors if combined length of the Policy Block name and Policy name is greater than 35 characters and if the total number of such policies exceeds 1000.
FortiManager does not provide any warning when there is a "deny all" policy in the middle of a Policy Package. This can be still seen on the "task monitor".
FortiManager 7.2.8 Release Notes
50
Fortinet Inc.
Known issues
Script
Bug ID 931088
Description
Unable to delete VDOMs using the FortiManager script. Interfaces remain in the device database, causing the installation to fail.
System Settings
Bug ID 825319
Description
FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary.
VPN Manager
Bug ID 784385
1042701
Description
If policy changes are made directly on the FortiGates, the subsequent policy package import creates faulty dynamic mappings for VPN Manager. Workaround: It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to the workaround. Perform the following command to check & repair the FortiManager's configuration database.
diagnose cdb check policy-packages <adom> After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.
The traffic view page for the full mesh does not display the FortiGate and the external gateway.
FortiManager 7.2.8 Release Notes
51
Fortinet Inc.
Appendix A - FortiGuard Distribution Servers (FDS)
In order for FortiManager to request and retrieve updates from FDS, and for FortiManager to serve as an FDS, please configure the necessary settings on all devices between FortiManager and FDS, or between FortiManager and FortiGate devices based on the following items:
l FortiManager accesses FDS for antivirus and attack updates through TCP/SSL port 443. l If there is a proxy server between FortiManager and FDS, FortiManager uses port 443 to communicate with the
proxy server in tunnel mode by default. Alternatively, you can configure web proxy to use proxy mode using port 80. For more information, see the FortiManager Administration Guide.
FortiGuard Center update support
You can configure FortiManager as a local FDS to provide FortiGuard updates to other Fortinet devices and agents on your network. The following table lists which updates are available per platform:
Platform FortiGate FortiADC FortiCache FortiCarrier FortiClient FortiDeceptor FortiDDoS FortiEMS FortiMail FortiProxy FortiSandbox FortiSOAR FortiTester FortiWeb
Update Service
Query Service
FortiManager 7.2.8 Release Notes
52
Fortinet Inc.
Appendix B - Default and maximum number of ADOMs supported
This section identifies the supported number of ADOMs for FortiManager hardware models and virtual machines.
Hardware models
FortiManager supports a default number of ADOMs based on hardware model.
Some hardware models support an ADOM subscription license. When you purchase an ADOM subscription license, you increase the number of supported ADOMs. For example, you can purchase an ADOM subscription license for the FMG3000G series, which allows you to use up to a maximum of 8000 ADOMs.
Other hardware models do not support the ADOM subscription license. For hardware models that do not support the ADOM subscription license, the default and maximum number of ADOMs is the same.
FortiManager Platform
200G Series 300F Series 400G Series 1000F Series 2000E Series 3000G Series 3700G Series
Default number of ADOMs 30 100 150 1000 1200 4000 10,000
ADOM license support?
Maximum number of ADOMs 30 100 150 1000 1200 8000 12,000
For FortiManager F series and earlier, the maximum number of ADOMs is equal to the maximum devices/VDOMs as described in the FortiManager Data Sheet.
Virtual Machines
FortiManager VM subscription license includes five (5) ADOMs. Additional ADOMs can be purchased with an ADOM subscription license. For FortiManager VM perpetual license, the maximum number of ADOMs is equal to the maximum number of Devices/VDOMs listed in the FortiManager Data Sheet.
FortiManager 7.2.8 Release Notes
53
Fortinet Inc.
Appendix B - Default and maximum number of ADOMs supported
l FortiManager-VM subscription licenses are fully stackable. l For FortiManager-VM perpetual licenses, only the number of managed devices is
stackable.
FortiManager 7.2.8 Release Notes
54
Fortinet Inc.
www.fortinet.com
Copyright© 2024 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet's Chief Legal Officer, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet's internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
madbuild