Introduction:

This document provides instructions and integration support issues in FortiOS v5.0.0 GA build 0128.

 
FortiOS v5.0.0 GA FortiGate Models
All models are supported on the
regular v5.0.0 GA branch.





 
FG-20C, FG-20C-ADSL-A, FG-40C, FG-60C, FG-60C-PoE,
FG-80C, FG-80CM, FG-100D, FG-110C, FG-111C,
FG-200B, FG-200B-PoE, FG-300C, FG-310B,
FG-310B-DC, FG-311B, FG-600C, FG-620B, FG-620B-DC,
FG-621B, FG-800C, FG-1000C, FG-1240B, FG-3016B,
FG-3040B, FG-3140B, FG-3810A, FG-3950B, FG-3951B,
FG-5001A, FG-5001B, and FG-5101C.
FortiOS v5.0.0 GA FortiWiFi Models
All models are supported on the
regular v5.0.0 GA branch.

 
FWF-20C, FWF-20C-ADSL-A, FWF-40C, FWF-60C,
FWF-60CM, FWF-60CX-ADSL-A, FWF-80CM, and
FWF-81CM.
FortiOS v5.0.0 GA FortiGate Virtual Machine Models
All models are supported on the
regular v5.0.0 GA branch.

 
FG-VM32 and FG-VM64.
 
FortiOS v5.0.0 GA FortiSwitch Models
This model is supported on the
regular v5.0.0 GA branch.

 
FortiSwitch 5203B
 

Summary of enhancements

FortiOS v5.0.0 GA
The following is a list of enhancements in FortiOS v5.0.0 GA:


 
 Ability to disable the console login
 Ability to setup RADIUS-based SSO (RSSO) using RADIUS Accounting from Web-based Manager
 Added Carrier feature to Virtual Machine with the new license model
 Added csum comparison support for FortiClient configuration distribution
 Added Custom Application Control and IPS Signatures
 Added download widget and history widget into SSL-VPN portal
 Add Endpoint Control to the FortiGate 40C
 Added FortiClient Ads option in Endpoint Control profile
 Added IPv6 IPS support to XLP firmware
 Added NAT/Route Device device type/category
 Added Web-based Manager support for multicast policy and multicast address.
 Added option to format boot device before firmware update
 Added option to log to FortiManager
 Added replacement message for BYOD device capture portal and SIP User-Agent scanning support
 Added support for Web Filter quota streaming
 Added support for GTP monitor mode
 Add text to help/logout icons in SSL-VPN portal
 Additional pre-defined service groups; Web Access and Email Access
 Additional columns for the session list
 Allow to set a more general src-filter after more specific ones
 Allow virtual domain (VDOM) link to link transparent VDOM with NAT/Route VDOM
 AntiVirus and Web Filter Web-based Manager updates
 Application Control and IPS Web-based Manager improvements
 ARIA encryption
 auth-lockout parameter added to enable the auth lockout function in non-FIPS-CC mode
 Auto-IPsec restricted to desktop platforms
 Automatic reboot after kernel panic
 Automatic Rogue APs suppression
 Automatic TX power adjustment to prevent co-channel interference
 Better support for long hostnames in the CLI prompt
 Block botnet & phishing connections
 Bridge VLAN tagged local bridging SSID with physical port
 BYOD: Endpoint Profile Updates
 BYOD - FortiClient Endpoint Profile
 CAPWAP data channel DTLS encryption support
 Central management configuration improvement
 Charts for search phrase
 Citrix agent support for Single Sign On (SSO)
 CLI options to hide WAN Optimization and explicit proxy
 Click-able icon on FortiAP
 Client load balancing support (Frequency handoff and AP handoff)
 Client reputation
 Client reputation in sniffer mode
 Configuration wizard included for all 1U models
 Consolidate IPS and vulnerability management (VM) services
 Content type scanning by FortiGuard category
 Corporate ID for endpoint registration & configuration deployment
 Cost column added to the OSPF Web-based Manager
 Create new IPsec site-to-site and dial up tunnels directly from the policy page
 Create short-cut or blocking entry using switch access control list (ACL)
 Data Leak Prevention (DLP) filter improvements
 Dedicated interface for FortiAP and FortiSwitch devices
 Dedicated management port on the FortiGate 100D
 Device based license for FortiCloud
 DFS support for Japan and Korea
 DFS channel support for FortiWiFi
 DHCPv6 relay
 DHCP and WiFi Web-based Manager clean-up
 Display options on Web-based Manager to show and hide certificates
 Display threat information from FortiGuard Encyclopedia
 DLP watermarking
 DNS service profile
 DOS policy improvements
 Dynamic comment field
 Dynamic profile redesign - HA synchronization component
 Dynamically cost of lag interface
 ELBCv3 enhancements
 ELBCv3 support for the FortiGate 5101C
 Enable unit operation widget on FortiGate 600C, 800C, and 1000C
 Endpoint control client installers
 Endpoint control feature enhancements
 Enhanced drill-down reports
 Enhanced SNMP based device monitoring
 Enhance soft-switch features: hardware switching
 Evasion attacks exploiting file-parsing vulnerabilities in AntiVirus products
 Explicit proxy and SSL decryption
 Explicit proxy integration with IPS and Application Control
 Extend SIP helper for MSRP support
 Facetime support
 Factory license feature
 Fake AP detection
 FortiCloud account activation
 FCCK header extended to include app signature version and vulnerability scan engine Version
 Flow-based Web Filter support for replacement message in HTTPS Web Filter
 FortiAP Web-based Manager
 FortiCarrier: GTP extensions (Top3 #1390, #1413)
 FortiCarrier: logging Improvements
 FortiClient limits in v5.0 (Endpoint Control)
 FortiClient registration password enforcement
 FortiClient ubiquitous authentication
 FortiCloud report pages and status widget updates
 FortiExplorer for iPhone (USB-A)
 FortiExplorer for Android mobile
 FortiGate AAA
 FortiGuard DDNS
 FortiGuard license updates: DNS & Dashboard changes
 FortiGuard message service
 Fortinet redundant UTM protocol (FRUP) on FortiGate 100D
 Fortinet Single Sign On (FSSO) polling enhancement
 FortiOS Apache web server upgrades
 FortiSwitch 5203B inter-chassis HA support (A-P mode only)
 FortiToken soft token support
 GeoIP Override
 Generalized TTL Security Mechanism (GTSM) support (RFC 5082)
 Global FortiGuard server override
 Global View Menu implementation
 GTP profile name character limit increased to 63 characters
 Guest access provisioning
 Guest management feature enhancements
 Web-based Manager Lite implementation
 HTTP-only authentication over HTTPS channel
 Implement Fortinet Bar for SSL-VPN web mode
 Improved SSL inspection performance
 Improved Web-based Manager performance
 Improve WiFi Client-Mode Usability
 Improvements to support asymmetric traffic flows
 Improvements to the Managed FortiAP context menu
 Improvements to the RNG/RBG driver
 Improvements to Switch Interfaces / Interface list
 Improvements to the UTM email filter feature
 Increased default SSL-VPN worker number
 Increased limit on SSID to 64 for FortiGate 100D and above
 Increased limit on URL filter, Web Profile, Group Profile, and Policy
 Increased VDOM limit on the FortiGate 1000C and FortiGate 1240B from 100 to 250
 Increased Router Policy limit
 IP fragment and NAT enhancements
 IP Pool Fixed Port Range
 IPS/Application Control improvement
 IPS signatures clean-up
 IPS Engine improvements
 IPv6 explicit proxy
 IPv6 MIBs
 IPv6 NAT: NAT66, NAT64, DNS64
 IPv6 Per-IP shaper
 IPv6 policy routing
 IPv6 route sync and BGP6 support to ELBCv3
 IPv6 session offloading and IPv4 trap session offloading
 IPv6 session pickup in HA mode
 IPv6 SSL proxy IPS inspection
 JSON API for token support
 LACP support on the FortiSwitch 5203B
 Local bridge added to the FortiAP
 Local bridging SSID
 Local-in policy logging
 Log message organization
 Log search performance improved and SQL log database reduced
 Log speed improved
 Log viewer improvements
 Low end model feature updates (HA/Packet-Capture/AV-Quarantine/IPS-ETDB)
 Low end platform feature matrix
 MAC address logging
 MAC tunnel client to the FortiOS firmware image included
 Make IPsec IKEv2 IDr configurable
 Management port restriction on the FortiGate 100D
 Maximum user authentication timeout value increased to 24 hours
 Messaging Application Programming Interface (MAPI) content scan
 Medium severity added to default IPS sensor
 Merge new AV engine v5.
 Merge BGP AS-Path rewrite
 Merged BYOB phase 2 branch
 Merged Endpoint Control profile updates
 Merged FortiController 5103B related FortiOS side support
 Merged FortiSwitch 5203B and content cluster solution
 Merged IPS Engine version 2
 Merged NPI branch for the FortiGate 100D
 Merge UTM incidents into traffic log
 Move device identification options to Interface page
 Multicast policy enhancement (CLI)
 Multi-VDOM admin
 NAT64 acceleration (XLR/XLP)
 NAT64 in kernel/NP6
 NAT64 High Availability (HA)
 Network visibility: destination hostname & geographic visibility
 Network visibility: user visibility
 New address type: Network Service
 New CLI command to set factory default except VDOM/interface settings
 New functionality added to FortiOS v4.0 MR3 based FIPS-CC branch
 New OID for HA master/slave status
 New setup wizard design
 NP4 accelerate inter-VDOM traffic
 One-arm sniffer improvement
 One-arm URL filtering
 Option to control show/hide replacement message groups
 Option to restrict the number of IP addresses that can be leased to the same MAC address
 OSPF6 should support same link types as OSPF(IPv4)
 PDF report improvements
 Performance improvement by moving data path fro user daemon to kernel
 Per VDOM and global limits on guest user accounts
 Phase 1 of the Bring Your Own Device (BYOD) feature set implemented
 Policy edit merge
 Policy List enhancement
 pre- and post-login warning message for admin log in
 QOS support for traffic between the controller and FortiAP
 RADIUS based SSO revision - added a new RSSO user group and rename the dynamic Profile to RSSO
 RADIUS override support for multiple VDOM administrators
 Real time geography updates
 Real-time Sessions Widget feature
 Rename DoS policy on the Web-based Manager
 Reorganized service items
 Restriction to virtual IP (VIP) on specific interfaces
 RF analysis feature
 Search engine configuration
 Secure OTP seed import
 Separate DoS policy from interface policy
 Set DHCP options to get TFTP server IP and config file name to restore the configurations
 Setting added to always drop fragmented packets and then log the action
 Simple VPN setup support added
 Simplify FortiGate & FortiWiFi 20C and 40C
 SIP enhancements to add the original IP address in the SIP message header after NAT
 SIP over TLS inspection
 Sniffer improvements
 SNMP Extensions for BGP
 SNMP implementation for Intelligent Platform Management Interface (IPMI) sensor
 SNMP trap for FortiAP or FortiSwitch up/down event
 Soft Token Activation feature added
 Some embedded java scripts using Sharepoint should not be rewritten through SSL Web Portal
 Support Sprint U602 3G/4G USB adapter, consolidate it with LTE support
 Support update for IPS XLR/XLP engine
 SSH handover support
 SSL CA certificate selection moved to each UTM proxy options
 SSL deep-scan configuration improvements
 SSL inspection Support for IPS and Application Control
 SSL-VPN authentication high availability (HA) failover support
 SSL-VPN extensions
 SSL-VPN Web-based Manager extensions
 SSO support for FTP and SMB added under SSL-VPN
 Standalone management VDOM
 Submit files detected as suspicious by AV engine to a FDS public server via email
 Supply FQDN in the captive portal
 Support Bidirectional Forwarding Detection (BFD) static neighbor
 Support cache-cookie option to set web cache behavior on cookie
 Support Citrix feature by FSSO module
 Support configuration from iOS devices through USB interface
 Support configuration synchronization in standalone mode
 Support DHCP Client for IPv6 addresses
 Support DHCP servers on the VDOM-link interface
 Support dynamic data chunking for WAN Optimization byte cache
 Support dynamic-profile for SSH proxy
 Support for adding X-Forwarded-Proto for SSL offload half mode
 Support for IKE to bind to loop-back interface
 Support for secondary/backup remote authentication server
 Support for Softbank 3G modem 004z (ZTE WCDMA Technologies MSM)
 Support for the Fortinet bar feature for explicit web proxy
 Support for the new FortiAP 112B and FortiAP 320B
 Support for FortiGate 5101C and FortiGate 5103B
 Support GPRS tunneling protocol version 2 (GTPv2)
 Support HTTPS offload and HTTPS cache features
 Support Internet Content Adaptation Protocol (ICAP) in explicit Web Proxy
 Support IPS for IPv6 forwarding policy
 Support network visibility features for Client Reputation
 Support not sync config with FortiGate option on the FortiClient side
 Support per VLAN MTU setting
 Support RADIUS-based SSO
 Support server probes and remote request response in http-get and ping
 Support SMS Contract Activation
 Support SSH inspection
 Support SSL-VPN push configuration of DNS suffix
 Support SSO Polling Mode from FortiGate directly
 Support Spanning Tree Protocol (STP) for FortiGate Switch Mode interfaces
 Support user-based authentication
 Support user-based policy for FSSO
 Support Virtual Switch
 Support WAN Optimization and content scan in a single VDOM
 Support WAN Optimization per policy
 Switch access control list (ACL) short-cut: bug fixes & extension
 Switch port extensions
 Token import feature on Web-based Manager
 Translate multicast frames to unicast frame
 Update Analytics Widget
 User and Device menu
 VDOM sub attribute added in FortiCloud update command
 Virtual Hardware-Switch Improvements for FortiGate 100D
 Visibility: new dashboard widgets
 VPN case for FortiClient registration and authentication
 WCCP L2 mode
 Web-based Manager filtering improvements
 Web-based Manager for IPv6 policy routing
 Web-based Manager interface clean-up
 Web-based Manager options added for SSL-VPN, personal bookmarks, simplified routing, and DLP
 Web-based Manager support for NP4 inter-VDOM links
 Web-based Manager support for standalone management VDOM
 Web Cache extensions
 WIDS Management flood detection
 WiFi Device Monitor and Enforcement (BYOD)
 WiFi: Bridge SSID with physical port
 WiFi client mode usability back-end support
 WiFi encryption support
 WiFi improvements
 WiFi Mesh support
 Wireless client load balance
 Wireless Intrusion Detection Systems (WIDS) support
 Wireless Sniffing support
 Wireless SSO
 XG2 Load Balance with DoS protection
 Yandex search engine; safe search support