What’s new
Summary since 1.7
system:
upgrade OS to Debian Buster to provide better support of new hardware and hypervisors
upgrade command now also handles Debian packages
base disk is now 5GB, partitioning has been changed to avoid free space problems, 1.7 can’t be directly updated to 1.8 (but see execute import from remote)
CLI:
new CLI command: execute import from remote to import local repository and PoCs (including snapshots) from FortiPoC 1.7.26 or better
the deprecated
register FNDNandregister Trialmixedcase commands have been removed, instead use lowercase only commandsapt proxycommands have been removed, the apt proxy was disabled by default and was not working properlly anyway
Repositories:
can use any repository with a valid HTTPS (Let’s Encrypt, Verisign, ...) webserver, the
fortipoc-repopackage is still required to generate repository release files
VM:
using hugepages is now handled by a flag in device’s expert settings. If hugepages are not enabled on the FortiPoC, normal memory is used
attaching a VM to a custom CPUs set is now handled in a field in device’s expert settings
when restoring snapshot, generated VM definition is used instead of snapshot VM definition (to follow current hardware and CPUs), only necessary elements are copied from the snapshot VM definition. FortiPoC enforces that both the current firmware and the snapshots use strictly the same disks name
GUI:
on dashboard hugepages usage is handled in its own gauge and doesn’t count in available/used memory
Summary since 1.5
system:
upgrade OS to latest release (Debian Stretch upgraded from 9.5 to 9.9), new instance only
for KVM: delivered as system disk only, for resources should use a supplementary disk or grow the system disk
can upgrade from 1.5 (no OS upgrade)
can import PoC definition from FortiPoC <= 1.5, some changes in 1.7 may break the PoC launch, look to Notable changes
device firmware:
can support configuration backup/restore and post install on compatible Debian like VM pre-installed on disk (ex: debian-lubuntu-18.10-ssh-VM.zip firmware) support firmware that complies to California SB-327 as implemented for FGT (not yet in GA)
local repository:
fallback to a best guess mode when firmware file is not recognized (no more “basic-” prefix naming)
supports custom firmware stored as a directory of multiple files
checksum computation is disabled by default on new FortiPoC instance
GUI:
handle hugepages count on PoC launch
can change FortiPoC HTTPS certificate
can load any device’s configuration file stored within the PoC
can re-install license on a device
CLI:
new commands
improved others
can batch admin password update
resources scheduling, can automatically assigned a set of cores to:
system
LXCs
VMs
LXC:
implements new boot completion detection code before executing post install script
default gateway is now configured by network/interfaces file
license server: can bind licenses to a formal group
multiple fixes
multiple NFRs
Notable changes
System
FortiPoC is now distributed as a 4GB only system disk (doesn’t apply to zip archive for VMWare).
When you instantiate a FortiPoC with this disk image, you must either:
provide a second disk for the resources (64GB is a good size to start with)
resize the system disk (we recommend at least 60GB):
qemu-img resize fortipoc-1.7.0-beta1.qcow +60G
LXC
The interfaces definition is now split by interfaces under
/etc/network/interfaces.d.
The default gateway is now configured in the interface file (was
previously added by a rc.local like mechanism).
Default hostname based on LXC name in the PoC is now added to the
/etc/hosts file as 127.0.1.1 IP address, it should help some
services to start without warnings.
FSW
By default FortiPoC considers that FSWs are managed by FortiLink and FortiPoC skips all the configuration part. Look to FSW if you want FortiPoC to configure the FSW.
FGT
ping is now enabled on all configured interface by default.