FortiOS 7.6.7 is Out — Here’s What’s New

Fortinet has released FortiOS 7.6.7 (build 3704) — a maintenance update for the 7.6 branch that packs in meaningful security, performance, and feature enhancements. If you’re running FortiGate hardware on 7.6.x, this one’s worth your attention.

Here’s a quick breakdown of what’s new.

WebSocket Traffic Inspection — Finally

One of the most notable additions in 7.6.7 is WebSocket inspection across UTM modules. DLP, AV, IPS, and File Filter can now detect and block threats, sensitive data, and restricted files transmitted over WebSocket connections. As more enterprise apps rely on persistent WebSocket channels, this closes a real gap in coverage for organizations using Fortinet’s security profiles.

NP7 Hardware Acceleration Improvements

Three hardware-focused enhancements land for NP7-based FortiGate models:

• IPsec over VNE interfaces now supports NPU offload on SoC5/NP7Lite and NP7 platforms — translating to better throughput on encrypted tunnels without burning CPU cycles.
• A new VLAN accounting control lets admins tune or disable VLAN accounting to reduce SPV/TPV lookup messages that can cause CG-FULL conditions on busy systems.
• The NP7 link scan interval is now configurable (50–1000ms), enabling faster HA failover detection. If your FGCP cluster is seeing 2+ second failover delays, lowering this value can help significantly.

Running an NP7-based appliance? Check out our FortiGate hardware lineup or renew your FortiGuard subscriptions to stay covered.

SCIM Identity Comes to Firewall Policies

You can now use SCIM groups directly in firewall policies — no more local group mapping workarounds. This simplifies identity-based access control considerably for organizations using SCIM-provisioned directories. As a bonus, IPsec VPN authorization can now match certificate SAN fields against SCIM user attributes for streamlined authentication.

Smarter Firmware Upgrade Notifications

The Security Fabric gets a quality-of-life improvement: a new Firmware Upgrade Complete automation stitch and trigger replace the older notification, with improved email clarity. Small thing — but useful when managing multi-unit environments or FortiManager-driven upgrades.

LAN Edge & WiFi Updates

Several LAN Edge improvements round out the release, including WiFi 7 MLO (Multi-Link Operation) support on FortiAP Local Standalone VAPs for FortiAPK models. Dynamic VLAN and VLAN Pooling can now be enabled simultaneously in RADIUS-authenticated VAPs, and VLAN pool entries can now span multiple WTP groups for more flexible enterprise wireless deployments.

Should You Upgrade?

7.6.7 is a recommended update if you’re on the 7.6.x branch, particularly for environments that rely on UTM security profiles, NP7-based hardware, or SCIM-integrated identity. As with any firmware update, review the official release notes and test in a lab or staging environment before rolling out to production.

Need help with your upgrade path, licensing, or a quote on new FortiGate hardware? Our team is here — we’re a Fortinet Select Partner and MSSP serving Canadian businesses.