Technical Tip: Security Level naming changed from 0/1/2 to low/low/high

amatos · ‎11-15-2024

Description

This article describes a behavior change since v7.0.16/v7.2.11/v7.4.6/v7.6.1, where now the Security Level information uses the low/low/high attributes instead of 0/1/2.

Scope

FortiGate.

Solution

Since firmware v7.0.16/v7.2.11/v7.4.6/v7.6.1, the Security Level naming has changed from the common 0, 1, and 2 levels low, low, and high.

In the v7.0.15 and other versions it would be seen the below information by using the command get system status:

When set as Security Level 0 in the boot menu:

FortiGate-60F # get sys status
Version: FortiGate-60F v7.0.15,build0632,240401 (GA.M)
Security Level: 0
Firmware Signature: certified

When set as Security Level 1 in the boot menu:

FortiGate-60F # get sys status
Version: FortiGate-60F v7.0.15,build0632,240401 (GA.M)
Security Level: 1
Firmware Signature: certified

When set as Security Level 2 in the boot menu:

FortiGate-60F # get sys status
Version: FortiGate-60F v7.0.15,build0632,240401 (GA.M)
Security Level: 2
Firmware Signature: certified

In v7.0.16, the naming of the level has changed as below:

When set as Security Level 0 in the boot menu:

FortiGate-60F # get sys status
Version: FortiGate-60F v7.0.16,build0667,241001 (GA.M)
Security Level: Low
Firmware Signature: certified

When set as Security Level 1 in the boot menu:

FortiGate-60F # get sys status
Version: FortiGate-60F v7.0.16,build0667,241001 (GA.M)
Security Level: Low
Firmware Signature: certified

When set as Security Level 2 in the boot menu:

FortiGate-60F # get system status
Version: FortiGate-60F v7.0.16,build0667,241001 (GA.M)
Security Level: High
Firmware Signature: certified

For more information about the change, see BIOS security Low and High level classification

Technical Tip: Security Level naming changed from 0/1/2 to low/low/high

You are leaving our website