June 17, 2026

Recommendation for Fortinet Devices

No items found.

As part of UpKeep, our new feature to keep our NWG Manage customers' devices on the latest stable version, we reviewed the latest Fortinet releases and recommend FortiOS 7.4.11 for all supported devices. More details below.

Why Are You Sharing This Information?

Even if we're not managing Fortinet devices for you, we want you to have the latest information to help keep your devices secure.

  • What should I do if I have a Fortinet device that NWG manages?
    If you have a Fortinet device(s) that we manage for you, we already know what hardware you have and what version you need to be on. We’ll handle the upgrade during an upcoming maintenance window. Zendesk notifications will be sent out once maintenance has been scheduled, including details about when implementation will take place. If your devices/locations require different days/times for maintenance to take place, you’ll receive separate tickets.
  • What if I have a Fortinet device that NWG does not manage?
    If you have a Fortinet device(s) in your environment, we suggest you upgrade to the version listed below.
  • What if I don't have any Fortinet devices?
    No action is needed if you don’t have any Fortinet devices or if your Fortinet devices are already running the recommended versions.

Which Fortinet Release Do You Recommend?

NWG recommends FortiOS 7.4.11 for all supported devices (no change since our last review):

  • 7.4.12 is not yet recommended by Fortinet. This version is not mature enough and does not resolve any vulnerabilities that would outweigh the risk of an upgrade.
  • 7.4.11 has corrected the SAML signature verification with a new configuration option, giving users flexibility to enable or disable the feature. 7.4.11 does not show any severe, potentially service-impacting issues.
  • NWG does not recommend any of the 7.6.X code train for use. Fortinet recommends 7.6.6 for certain hardware models (E, F, and G) as of February 2026. The newest release is 7.6.7. While there are new features, the bugs and limitations identified create a much larger risk to production environment.
  • If you have devices that are not capable of running 7.4, we recommend 7.2.13. Note that FortiOS version 7.2.X will be at end-of-support in September 2026.
  • If your devices are not capable of running 7.2 or 7.4, we recommend 6.2.17. Note that devices that cannot run firmware higher than 6.2 are in the end-of-life lifecycle and should be replaced.

FortiSwitch: 

Generally, FortiSwitches managed by FortiOS devices should remain in the same primary release version. For example, when managing with FortiOS devices running 7.4.X, FortiSwitches should also be in the 7.4.X version. While there is some backward and forward compatibility, there may be features or issues outside of main versions. 

  • FortiSwitch devices that are managed by a FortiOS 7.6.6 device are most compatible with FortiSwitch version 7.6.6 or 7.4.9.
  • FortiSwitch devices that are managed by a FortiOS 7.4.11 device are most compatible with FortiSwitch version 7.4.9.
  • FortiSwitch devices that are managed by a FortiOS 7.2.13 device are most compatible with FortiSwitch version 7.2.10 or 7.4.9.

Review Details

FortiOS 7.6

FortiOS 7.6 Review

Fortinet recommends 7.6.6 for certain hardware models (E, F, and G) as of February 2026. The newest release is 7.6.7. While there are new features, the bugs and limitations identified create a much larger risk to production environments.

Bug ID: 965217
Description: In an HA configuration, FortiGate may experience intermittent heartbeat loss causing unexpected failover to the secondary unit.

Bug ID: 995912
Description: After a firmware upgrade, some VPN tunnels experience intermittent signal disruptions causing traffic to be re-routed.

FortiOS 7.6 Conclusion

NWG does not recommend using FortiOS 7.6.X on any Fortinet devices at this time.

FortiOS 7.4

FortiOS 7.4.12 Review

FortiOS 7.4.12 was released in May, 2026. This release is not yet recommended by Fortinet. Version 7.4.12 fixes only one low information disclosure vulnerability (CVE-2025-31514) that is not being exploited in the wild and requires authenticated firewall admin access to attempt to gather information. This version is not mature enough and does not resolve any vulnerabilities that would outweigh the risk of an upgrade.

This version is not currently recommended by NWG.

FortiOS 7.4.11 Review

FortiOS 7.4.11 has corrected the SAML signature verification with a new configuration option, giving users flexibility to enable or disable the feature.

Lower-end models (50G, 70G, 90G, and their variants) have the same SSL VPN tunnel restrictions as 7.4.9 and will continue with all newer versions going forward due to limited resources on these models.

7.4.11 does not show any severe, potentially service-impacting issues.

NWG recommends 7.4.11 for all supported devices.

FortiOS 7.4.9 Review

FortiOS 7.4.9 has a new feature that has caused authentication outages with SAML configurations. This change in default behavior verifies the signature for SAML response messages. This means that configurations must be made to the SAML IdP to sign SAML responses and assertions. While providers such as Azure can be reconfigured to work properly, the only workaround for other IdPs (such as Google) is to downgrade to FortiOS 7.4.8. 

On lower-end models (50G, 70G, 90G, and their variants), SSL VPN web and tunnel modes are no longer available, and any previous configuration will not be migrated during an upgrade. The workaround for this is to transition to IPSec for Remote Access VPN, but this requires planning due to changes required on the Firewall and to FortiClients.

In addition to the above SAML concerns, there are many new Hyperscale issues and limitations that have been identified. 

NWG does not recommend 7.4.9 at this time.

FortiOS 7.4.8 Review

Release notes for 7.4.8 previously showed some potentially severe issues. The new known issues in 7.4.8 are listed below. Version 7.4.8 resolves 2 medium and one low severity vulnerabilities (CVE-2025-25250, CVE-2024-52963, and CVE-2025-24471). NWG has not experienced the known issues listed below. The known issues were noticed under extreme load in lab testing and do not correlate to real-world environments.

Bug ID: 1033083

Description: HA sessions are not properly synchronized, causing a high number of sessions on the primary unit, and the standby unit enters conserve mode.

Bug ID: 1101897

Description: VPN traffic sent bytes spike to anomalous levels within 10 minutes.

Bug ID: 1125487

Description: Autoconnect to IPsec VPN using Entra ID logon fails when there are multiple IPsec tunnels.

Bug ID: 1164811

Description: SSL VPN web mode showing Access Denied error after upgrade on 2GB models.

FortiOS 7.4.7 Review

FortiOS 7.4.7 does not show any severe, potentially service-impacting issues. It also resolves 1 critical and 1 medium vulnerability (CVE-2025-22252 and CVE-2025-22254).

FortiOS 7.4 Conclusion

NWG recommends FortiOS 7.4.11 for all supported devices.

FortiOS 7.2

FortiOS 7.2.13 Review

FortiOS 7.2.13 is the newest release of FortiOS 7.2.X. There are no severe new issues identified in the 7.2.13 release over previous releases. FortiOS 7.2.13 also resolves 1 critical vulnerability (CVE-2026-24858).

FortiOS 7.2.12 Review

FortiOS 7.2.12 has a new feature that has caused authentication outages with SAML configurations. This change in default behavior verifies the signature for SAML response messages. This means that configurations must be made to the SAML IdP to sign SAML responses and assertions. While providers such as Azure can be reconfigured to work properly, the only workaround for other IdPs (such as Google) is to downgrade to FortiOS 7.2.11.

FortiOS 7.2.11 Review

Fortinet recommends version 7.2.11 for FortiGate models 100E and 101E. There are no severe new issues identified in the 7.2.11 release over previous releases. Most new issues are either GUI issues or model-specific bugs that have workarounds. The only new features are more secure administrator password hashing and improved CPU performance when updating the IPS database. FortiOS 7.2.11 also resolves 1 high, 1 medium, and 1 low severity vulnerabilities (CVE-2024-52965, CVE-2025-22254, and CVE-2024-52963).

FortiOS 7.2 Conclusion

NWG recommends FortiOS 7.2.13 for all compatible devices that are not capable of running FortiOS 7.4. Note that FortiOS version 7.2.X will be at end-of-support in September 2026.

FortiOS 6.2

FortiOS 6.2 Review

Fortinet recommends FortiOS 6.2.17. There are no new known issues with 6.2.17. There are also no new features. There are 2 high vulnerabilities resolved in 6.2.17 (CVE-2024-45324 and CVE-2024-26009).

FortiOS 6.2 Conclusion

NWG recommends FortiOS 6.2.17 for devices that are not capable of running 7.2 or 7.4. Note that devices that cannot run firmware higher than 6.2 are in the end-of-life lifecycle and should be replaced.

FortiSwitch Recommendations

Generally, FortiSwitches managed by FortiOS devices should remain in the same primary release version. While there is some backward and forward compatibility, there may be features or issues outside of main versions. For example, when managing with FortiOS devices running 7.4.X, FortiSwitches should also be in the 7.4.X version.

Managed with FortiOS 7.6.6

FortiSwitch devices that are managed by a FortiOS 7.6.6 device are most compatible with FortiSwitch version 7.6.6 or 7.4.9.

Managed with FortiOS 7.4.11

FortiSwitch devices that are managed by a FortiOS 7.4.11 device are most compatible with FortiSwitch version 7.4.9.

Managed with FortiOS 7.2.13

FortiSwitch devices that are managed by a FortiOS 7.2.13 device are most compatible with FortiSwitch version 7.2.10 or 7.4.9.

Review Process

Code Versions

Date Updated: June 17, 2026

Related Posts:

Debunking the 7 Most Common Security Myths We Hear

2026 Verizon DBIR: Key Findings and What They Mean for Your Organization

The AI-Enhanced Tabletop Exercise We Couldn’t Have Run Last Year

Think We Can Help?

Let’s Talk