Controlled failover between wireless controllers
Administrators can now define the role of the primary and secondary controllers on the FortiAP unit, allowing the unit to decide the order in which the FortiAP selects a FortiGate unit and how the FortiAP unit fails over to a backup FortiGate unit if the primary FortiGate Fails. See Controlled failover between wireless controllers on page 68.
FortiView Endpoint Vulnerability chart
A new FortiView chart that tracks vulnerability events detected by the FortiClients running on all devices registered with the FortiGate. See New FortiView Endpoint Vulnerability Scanner chart (378647) on page 61.
FortiClient Profile changes
FortiClient profiles have been re-organized and now use the FortiGate to warn or quarantine endpoints that are not compliant with a FortiClient profile. See FortiClient Profile changes (386267, 375049).
Adding Internet services to firewall policies
Internet service objects can be added to firewall policies instead of destination addresses and services. See Adding Internet services to firewall policies (389951).
Source and destination NAT in a single Firewall policy
Extensions to VIPs support more NAT options and other enhancements. See Combining source and destination NAT in the same policy (388718).
Other highlights
l Application Control is a free service l Real time logging to FortiAnalyzer and FortiCloud l Multiple PSK for WPA Personal (393320) l VXLAN support (289354) l NP6 Host Protection Engine (HPE) to add protection for DDoS attacks (363398) l FortiGate Logs can be sent to syslog servers in Common Event Format (CEF) (300128) l New PPPoE features