ℹ️ Document Conversion Notice: This document has been converted from PDF and formatted to fit this screen. Diagrams and images may be available only in the original here.

FortiSwitchOS 7.6.1 FortiLink Release Notes

Change log

Date	Change Description
November 28, 2024	Initial document release for FortiOS 7.6.1
December 4, 2024	Added another new feature to What's new in FortiOS 7.6.1 on page 5
January 10, 2025	Added bug 1113304.

What's new in FortiOS 7.6.1

The following list contains new managed FortiSwitch features added in FortiOS 7.6.1:

The FortiOS switch controller now supports QinQ. With QinQ, each client of a managed security service provider (MSSP) can have a unique customer VLAN with a self-managed 4k VLAN range in its own virtual domain. QinQ allows better segregation and control over network traffic.
The FortiOS switch controller now supports VLAN pruning. VLAN pruning prevents unnecessary traffic from unused VLANs by only allowing traffic from the VLANs required for the inter-switch link (ISL) trunks. This process makes networks more efficient and preserves bandwidth. In addition, VLAN pruning eliminates the time spent on manual VLAN pruning and reduces the chance of errors.
The command for enabling VLAN optimization has changed from set vlan-optimization enable to set vlan-optimization configured; the command is still located under config switch-controller global.
The following FortiGate models now support more FortiSwitch units:

FortiGate model	Number of FortiSwitch Units Supported in FortiOS 7.6.1
FG-400F and FG-401F	96
FG-600F	128
FG-900G	196

The default neighbor-detection method has been updated. Previously, the default method was “FortiLink" (set fortilink-neighbor-detect fortilink). With this release, the default neighbor-detection method is now "LLDP” (set fortilink-neighbor-detect lldp). You can configure the neighbor-detection method under the config system interface command.
The password security for managed switches has been improved. Empty passwords for the FortiSwitch admin account are no longer allowed. If a switch has no admin password set when it is authorized, the FortiGate device will generate an admin password for the FortiSwitch unit. FortiSwitch units that already have an admin password configured will remain unaffected. To log in to the FortiSwitch CLI or GUI, you can configure the switch profile (under the config switch-controller switch-profile command) with an admin password on the FortiGate device, which is the Fortinet-recommended FortiLink setup.
A new command has been introduced to retain the password of the managed switch during deauthorization or to reset the managed switch to factory default settings during deauthorization. This command helps to clear the previously FortiGate-set random password on the managed switch when it is deauthorized.

Introduction

This document provides the following information for FortiSwitch 7.6.1 devices managed by FortiOS 7.6.1 build 3457:

Special notices on page 7
Upgrade information on page 8
Product integration and support on page 9
Resolved issues on page 10
Known issues on page 11

See the Fortinet Document Library for FortiSwitchOS documentation.

Refer to the FortiLink Compatibility table to find which FortiSwitchOS versions support which FortiOS versions.

? FortiLink is not supported in transparent mode.

The maximum number of supported FortiSwitch units depends on the FortiGate model:

FortiGate Model Range	Number of FortiSwitch Units Supported
FortiGate 40F, FortiGate-VM01	8
FGR-60F, FG-60F, FGR-60F-3G4G, FG-61F, FG-70F, FG-71F, FG-80F, FG-80FB, FG-80FP, FG-81F, FG-81FP, FortiGate-VM02	24
FortiGate 100F, 101F	32
FortiGate 200E, 201E, 200F, 201F, 800D, 900D, FortiGate-VM04	64
FortiGate 300E to 500E	72
FortiGate 600E to 900E, 400F, 401F, 601F, 901G	96
FortiGate 1000D, 600F	128
FortiGate 900G, 1000F, 1001F, 1100E to 26xxF	196
FortiGate-3xxx and up and FortiGate-VM08 and up	300

? New models (NPI releases) might not support FortiLink. Contact Customer Service & Support to check support for FortiLink.

Special notices

Support of FortiLink features

? Refer to the FortiSwitchOS feature matrix for details about the FortiLink features supported by each FortiSwitchOS model.

Upgrade information

? Check the FortiSwitchOS Release Notes before upgrading the FortiSwitch firmware from the FortiGate Switch Controller.

FortiSwitchOS 7.6.1 supports upgrading from FortiSwitchOS 3.5.0 and later.

To determine a compatible FortiOS version, check the FortiLink Compatibility matrix.

Within the Security Fabric, the FortiSwitch upgrade is done after the FortiGate upgrade. Refer to the latest FortiOS Release Notes for the complete Security Fabric upgrade order.

Product integration and support

FortiSwitchOS 7.6.1 support

The following table lists FortiSwitchOS 7.6.1 product integration and support information.

Web browser

FortiOS (FortiLink Support)

Microsoft Edge 112
Mozilla Firefox version 113
Google Chrome version 113

Other web browsers might function correctly, but are not supported by Fortinet.

Refer to the FortiLink Compatibility table to find which FortiSwitchOS versions support which FortiOS versions.

Resolved issues

The following issues have been fixed in FortiOS 7.6.1. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID	Description
1035823	Using the Security Fabric to start or stop the FortiSwitch LED Blink causes a "Failed to send command" error in the GUI.
1038646	After deauthorizing a switch and then authorizing it, the FortiSwitch registration status changes to "Failed to fetch status."
1042390	The NAC policy cannot be saved in the GUI when you are using a wildcard MAC address.
1044150	Using the FortiGate GUI to upgrade a managed switch fails with a "Firmware Installation failed" message.
1052908	When the switch name does not match the switch's serial number, the status of the FortiSwitch unit is incorrectly shown as "device not registered" in the Security Fabric Setup widget (Security Fabric > Fabric Connectors).
1054445	The GUI does not show changes in the dynamic port policy.
1055052	After creating a FortiLink interfaced, the NAC policies disappear from the GUI but can be seen in the CLI.
1069164	Managed switches show the incorrect time zone. When the time zone is corrected manually, rebooting the switch changes the time zone to the incorrect value.
1071594	When there are 300 FortiSwitch VMs, it takes a long time (26 seconds) to load the FortiLink interface page.
1073340	The System > Firmware & Registration page shows the Registration Status as "Failed to fetch status" when the FortiSwitch unit is online.
1074981	The WiFi & Switch Controller > FortiSwitch Ports page does not allow users to de-select all values in the Allowed VLANs, Security Policy, or QoS Policy column.
1077496	The flpold and flcfgd processes cause high CPU usage.
1092043	Dynamic VLANs are not shown in the FortiGate GUI.

Known issues

The following known issues have been identified with FortiOS 7.6.1. For inquiries about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

Bug ID	Description
298348, 298994	Enabling the `hw-switch-ether-filter` command on the FG-92D model (the default setting) causes FortiSwitch devices to not be discovered.
520954	When a "FortiLink mode over a layer-3 network" topology has been configured, the FortiGate GUI does not always display the complete network.
527695	Starting in FortiOS 6.4.0, VLAN optimization is enabled by default (`set vlan-optimization enable` under `config switch-controller global`). On a network running FortiSwitchOS earlier than 6.0.0, this change results in a synchronization error, but the network still functions normally. If you have FortiSwitchOS 6.0.x, you can upgrade to remove the synchronization error or disable VLAN optimization. On a network with `set allowed-vlans-all enable` configured (under `config switch-controller vlan-policy`), the setting reverts to the default, which is disabled, when upgrading to FortiOS 6.4.0. If you want to maintain the `allowed-vlans-all` behavior, you can restore it after the upgrade.
586801	NetBIOS stops working when proxy ARP is configured and the access VLAN is enabled because FortiGate units do not support NetBIOS proxy.
621785	`user.nac-policy[].switch-scope` might contain a data reference to `switch-controller.managed-switch`. When this reference is set by an admin, the admin needs to remove this reference before deleting the managed-switch.
789914	When LAN segments are enabled on the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE models, the internal VLAN (`set lan-internal-vlan`) is assigned automatically by default. If the same VLAN is configured on the FortiGate device, the configuration fails when it is pushed to the FortiSwitch unit without any warning message. WORKAROUND: Use a custom command. All sub-VLANs must belong to the same MSTP instance if the FortiLink configuration includes the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE models.
813216	After CAPWAP offload is enabled or disabled, FortiLink goes down.
814674	When upgrading a FortiAP or FortiSwitch unit that is connected to a downstream FortiGate device, a "Failed to retrieve upgrade progress" message appears.

Bug ID	Description
910962	After setting values for src-mac, dst-mac, and vlan for the ACL classifier, you cannot use the unset command to remove these settings. WORKAROUND: Remove `set acl-group <ACL_group_name>` from under the `config switch-controller managed-switch` command. Delete the ACL group. Delete the ACL. Reconfigure the ACL.
940248	When both network device detection (`config switch network-monitor settings`) and the switch controller routing offload are enabled, the FS-1048E switch generates duplicate packets.
961142	An interface in FortiLink flaps when using an MCLAG with DAC on the OPSFPP-T-05-PEB transceiver.
1043815	Upgrading the firmware for a large number (more than 100) of FortiSwitch units at the same time might cause performance issues with the GUI and some devices might not upgrade. Workaround: Upgrade the FortiSwitch units in smaller batches.
1113304	After the FortiGate device is upgraded from FortiOS 7.6.0 to 7.6.1 or higher when the LLDP configuration is set to vdom or disabled under the FortiLink interface, the FortiSwitch units are offline. WORKAROUND: Enable the `lldp-reception` and `lldp-transmission` LLDP configurations under the FortiLink interface or rebuild the FortiLink interface. For example: `config system global set lldp-reception enable set lldp-transmission enable end`

Google Docs
Google Drive
Download [pdf]

File Info : application/pdf, 13 Pages, 451.11KB

FortiSwitchOS-7.6.1-FortiLink-Release-Notes-(FortiOS-7.6.1) madbuild

Related Documents

	FortiLink Release Notes for FortiOS 7.6.0 Comprehensive release notes for FortiLink with FortiOS 7.6.0, detailing new features, resolved issues, known issues, upgrade procedures, and product integration details for FortiSwitch devices.
	Fortinet FortiGate Secure LAN Controller Ordering Guide A comprehensive guide to Fortinet's Secure LAN Controller solution, detailing the integration of FortiGate devices, FortiAP wireless access points, and FortiSwitch Ethernet switches for unified network management, enhanced security, and simplified operations.
	Fortinet NGFW/Perimeter Firewalls Ordering Guide This ordering guide details Fortinet's Next-Generation Firewalls (NGFW) and Perimeter Firewalls, highlighting their advanced AI/ML capabilities, FortiGuard services, and the integrated Fortinet Security Fabric for comprehensive enterprise threat protection and policy control.
	Fortinet FortiGate Network Security Platform Top Selling Models Matrix A comprehensive matrix detailing the top-selling models of the Fortinet FortiGate Network Security Platform, including specifications for firewall throughput, IPsec VPN throughput, IPS throughput, NGFW throughput, threat protection throughput, firewall latency, concurrent sessions, new sessions per second, firewall policies, maximum tunnels, SSL VPN throughput, concurrent SSL VPN users, SSL inspection throughput, application control throughput, maximum FortiAPs, FortiSwitches, FortiTokens, and virtual domains.
	Fortinet Secure SD-WAN Ordering Guide: Product Specifications and Bundles This guide provides detailed specifications, ordering information, and bundle options for Fortinet's Secure SD-WAN solutions, including FortiGate appliances, FortiManager, and related services.
	FortiSwitchOS 7.2.4 FortiLink Release Notes This document provides release notes for FortiSwitchOS 7.2.4, detailing new features, special notices, upgrade information, resolved issues, and known issues related to FortiLink connectivity with FortiGate devices.
	Fortinet Secure & Earn Savings Promotion for APAC Partners Details of the Fortinet Secure & Earn Savings Promotion for APAC partners, offering rewards on FortiGates, FortiAPs, and FortiSwitches. Learn about eligible SKUs, program details, and terms and conditions.
	Fortinet FortiGate Secure LAN Edge Controller Ordering Guide Comprehensive ordering guide for Fortinet's FortiGate Secure LAN Edge Controller, detailing FortiAP and FortiSwitch product offerings, design considerations, and specifications for various deployment scenarios.