FortiOS 7.0.9: New Capabilities & Smooth Upgrades Navigating the landscape of network security often feels like a balancing act between stability and feature progression. FortiOS 7.0.9 marks a significant point in the 7.0 "mature" release cycle, specifically focusing on expanding hardware support and refining existing enterprise features. What’s New in 7.0.9?
The standout highlight of this release is the integration of high-performance hardware into the main branch.
Main Branch Support for NP7 Processors: FortiOS 7.0.9 now provides native support for powerful NP7-based models, including the FortiGate 1800F and FG-4400F series. These units can now utilize hyperscale firewall features without needing special branch firmware.
Enhanced Security Fabric & SD-WAN: This version introduces tighter integration for the Security Fabric, including performance SLA monitoring improvements for SD-WAN to ensure mission-critical traffic always finds the fastest path.
New CLI Commands: Administrators gain more granular control with commands like primary-hold-before-reboot in HA configurations, allowing for smoother maintenance windows by delaying reboots until synchronization is confirmed. Best Practices for Your Upgrade
Upgrading a firewall is never a "set and forget" task. To ensure your FortiGate 7.0.9 deployment goes smoothly, follow these vetted industry standards:
Check the Path: Always consult the Fortinet Upgrade Path Tool to see if you can jump directly to 7.0.9 or if you need an intermediate "hop."
Backup Everything: Before hitting "upgrade," perform a full configuration backup. If you use a FortiManager, ensure it is upgraded before your FortiGate units to maintain compatibility.
Read the Release Notes: Pay close attention to the FortiOS 7.0.9 Release Notes for any known issues or changes in behavior, such as the removal of specific legacy IPsec options. A Note on Long-Term Stability fortigate 7.0.9
As the 7.0 branch matures, it is often favored by organizations prioritizing uptime over the cutting-edge features of the newer 7.2 or 7.4 branches. However, keep in mind that Fortinet regularly releases patches for security vulnerabilities; staying on top of PSIRT Advisories is essential for any version.
Are you planning to upgrade your high-end NP7 models to the main 7.0.9 branch this weekend?
Proactive Follow-up: Would you like a detailed step-by-step upgrade guide for a high-availability (HA) cluster, or are you more interested in the specific SD-WAN performance enhancements in this version? Upgrade Guide - FortiManager 7.0.9 - AWS
In FortiGate version 7.0.9, you don't "create" features in the sense of writing code, but you can enable or visibility-toggle built-in features that are hidden by default. Enabling Hidden Features (Feature Visibility)
To make specific features available in the GUI (like Load Balance, SD-WAN, or Advanced Routing), you must enable them in the Feature Visibility menu: Navigate to System > Feature Visibility.
Toggle the switch for the feature you want to use (e.g., Application Control, SD-WAN, or VOIP).
Click Apply. The feature will now appear in your side navigation menu. Creating Virtual Features (VDOMs)
If you want to create a "virtual" firewall instance with its own independent configuration (often called a "feature" of enterprise setups), you create a Virtual Domain (VDOM): FortiOS 7
Requirements: VDOMs must be enabled globally first via the CLI using set vdom-admin enable under config system global.
GUI Path: Once enabled, go to System > VDOM and click Create New. Creating Configuration "Objects"
Most users asking to "create a feature" are looking to create a specific configuration object. In 7.0.9, common objects are created as follows:
Firewall Policy: Go to Policy & Objects > Firewall Policy and click Create New.
Address Object: Go to Policy & Objects > Addresses and select Create New > Address.
Interface Zone: Go to Network > Interfaces and select Create New > Zone to group multiple ports together. Advanced: Custom Automation (Auto-Scripts)
If you need a "feature" that performs a specific task automatically (like a daily backup), you can create an Auto-Script via the CLI:
config system auto-script edit "DailyBackup" set interval 86400 set repeat 0 set script "execute backup config ftp backup.conf [ftp-server-ip]" next end Use code with caution. Copied to clipboard Why the release matters
Note: This specific syntax is used for automating recurring tasks in FortiOS 7.0.x.
Are you looking to enable a specific security service like SSL Inspection, or are you trying to build a custom application signature?
Multi VDOM configuration examples | FortiGate / FortiOS 6.4.0
ipsengine) on units with long uptime.For most SMBs and mid-sized enterprises running a 60F, 80F, 100F, FortiGate 7.0.9 is an excellent choice. It is the last version before Fortinet introduced the new certificate management system (which caused proxy issues in early 7.2.x). If you plan to stay on 7.0, also consider moving to 7.0.15 (the later patch), but test thoroughly.
In the rapid-release cycle of network security appliances, finding the "sweet spot" between new features and rock-solid stability is rare. For Fortinet’s FortiGate users, that sweet spot has often been the 7.0.x train. Among these, FortiGate 7.0.9 stands out as a particularly significant milestone.
Released as a maintenance build in early 2023 (and now approaching the end of its "Eng" support window), version 7.0.9 represents the maturation of the 7.0 codebase. It is not the newest version—7.2, 7.4, and 7.6 are now available—but it is arguably the most trustworthy firmware for production environments that require advanced SD-WAN, SASE compatibility, and robust security without the churn of beta-level bugs.
This article provides a comprehensive technical overview of FortiGate 7.0.9, covering its standout features, critical security patches, resolved issues, upgrade paths, and why it remains a preferred choice for network engineers in 2025.