B&B Bezpieczeństwo w biznesie
  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

FortiAuthenticator 6.0.0

Najnowsza wersja produktu FortiAuthenticator oznaczona numerem 6.0 ujrzała właśnie światło dzienne! Producent odświeżył interfejs graficzny authenticatora tak, aby zbliżyć go jak najbardziej do oprogramowania FortiOS 6.0. Opublikowana wersja została ulepszona o kilka nowych funkcjonalności między innymi nowe opcje podczas konfigurowania reguły synchronizacji użytkowników w LDAP, integracja FortiAuthenticator’a z Security Fabric czy udoskonalenia monitorowania domeny. Wprowadzono również możliwość wdrożenia FortiAuthenticator VM na platformie Microsoft Azure i Oracle Cloud.

Nowe funkcjonalności:

  • Ulepszenia zdalnych reguł synchronizacji użytkowników LDAP
  • Możliwość użycia FortiNAC jako źródła sesji SSO
  • Kontrola dostępu HTTPS / HTTP dla konkretnych usług na wskazanych interfejsach sieciowych
  • Ulepszona kryptografia dla lokalnego przechowywania haseł użytkowników
  • Konfigurowalne strony błędów
  • Integracja z FortiOS Security Fabric
  • Obsługa dodatkowych typów dzienników zdarzeń DC
  • Możliwość eksportowania certyfikatu pośredniego urzędu certyfikacji i klucza prywatnego
  • Wsparcie dla wdrożeń Microsoft Azure i Oracle Cloud
  • Aktualizowanie oprogramowania sprzętowego FortiAuthenticator poprzez CLI

Rozwiązane problemy:

Bug ID Description

527119 OCSP shows incorrect certificate status.
537510 Increase the VM_Base certificate table size.
537413 The DH parameters are not updated when upgrading firmware to version 5.4 or higher.
528680 Guest portals created from the migration of the legacy MAC address captive portal do not preserve the disclaimer setting.
526455 FortiToken Mobile transfer email message displays an incorrect expiration time.
526820 Push notifications aren’t sent out to remote users when another user with the same username (but different realm) is present.
528211 SYSLOG SSO stops working after upgrade to firmware version 5.5.0.
529463 FortiAuthenticator randomly drops all FSSOMA sessions.
537945 Support multiple username attributes in FSSO LDAP user lookup when multiple remote LDAP servers in the same domain are configured.
517959 Duplicate DCs appear under domain in FSSO if FQDN is configured in LDAP.
526095 SAML authentication fails when signing the service provider request with a local certificate.
506294 FortiAuthenticator truncates SSO groups in long SAML attributes resulting in log on failures.
525263 SAML SP using Azure does not work.
535754 Username case sensitivity is removed from RADIUS authentication, but not from FSSO.
532689 FortiAuthenticator FSSO usernames containing spaces are ignored in event polling.
503366 Monitor SSO Domains shows a domain controller as red on HA Master and green on HA backup.
520572 When the pre-login disclaimer is enabled, the FSSO login widget requires two clicks instead of one.
527359 Unable to send randomly generated passwords via SMS when admin approval is required.

532079 Guest Portal-triggered RADIUS authentication follow-up does not include group-name VSA in AccessAccept on first attempt.
535038 Radius group-name attribute is not sent to the FortiGate during initial authentication of social user causing authentication to fail.
532016 Unable to import SSO users with a DN longer than 255 characters.
509121 FSSO Logged-in users shows „N/A” in the User Inventory widget when there are users logged into the system.
538546 Error occurs when switching a local user from Sponsor to Admin.
534736 LDAP query fails if the query string contains non-ascii characters.
534347 Creating or importing Mac devices with names containing non-ascii characters causes a server crash.
532894 Registration is misspelled 'Registeration’ on the self-registration page.
526637 When changing user type to admin, 'Allow Radius Auth’ option should automatically be deselected.
519150 Spaces preceding and following the SAML IdP server address and service provider settings fields should automatically be removed.
512109 When setting up SAML IdP, selecting a third-party server certificate that is still in a pending state causes a server crash.
511667 The Change Password page does not have a Cancel button.
455084 The Debug Page for Radius Accounting crashes when displaying logs with non-utf-8 characters.
515429 An error can cause loss of access to the FortiAuthenticator GUI.
516167 An admin profile with „read-only” permissions for the SSO Monitor can log off authenticated users.
538016 Unable to assign a FortiToken to another user if the user has been already deleted on FortiAuthenticator.
504695 When exporting a guest user with the Print function, the resulting page includes unnecessary content.
521547 Mobile phone numbers with seven or eight digits do not work with SMS Gateway
540391 Finding „last backup” date/time can cause delays or failure of the System Information widget.
534879 Fix typo in error message when uploading an organization image.
521183 Rename Fortinet CAs.

307386 FortiAuthenticator version upgrade history should be part of config backup/restore.
528440 The FortiAuthenticator GUI crashes after adding a guest portal rule.
522611 Rename „Meru” guest portal label to „Social portal pinholes”.
523622 Coordinated HA upgrade produces two log entries under Upgrade History on the master.
522057 Deleting a social user on a LB slave will cause a crash to occur.
538865 FortiAuthenticator units fail to form a cluster when configuring HA active-passive mode.
534338 Factory reset / data drive formatting is extremely slow in Azure/HV/KVM.
526507 Remote user sync rules do not assign FortiToken to imported LDAP users.
524350 Tokens are not correctly assigned to local users during import rule execution.
490281 Column titled 'Type id’ in the GUI logs is titled 'Log id’ in the downloaded logs.
523780 Include Token Transfer Code in log entry.
520514 System reboots and shutdowns, intended or unintended, should be logged.
494705 Domain authentication fails for users from trusted domains due to missing domain name in authentication request.
530590 „Force password change on next logon” option does not work with FortiGate SSL-VPN if FortiToken Mobile push is used.
528580 FortiAuthenticator radiusd is unable to recognize client defined by hostname after DNS change.
493318 Remote LDAP users with expired passwords receive incorrect error messages when login fails.
526616 Auth REST API endpoint concatenated password+token_code in password field doesn’t authenticate users.
519655 REST API: localusers endpoint accepts invalid parameters when sent via the PATCH method.
519652 Changing the FortiToken Mobile provisioning PIN length via REST API causes a server error.
400466 Support signed authentication requests with embedded signature for SAML IdP.
542547 SAML IdP user sessions expire earlier than configured session timeout.
539134 Typo in default replacement message for SAML Login Message Page.

513278 Remote LDAP displayName attribute isn’t included in SAML assertion for remote LDAP admin.
522350 Miscellaneous performance improvements to SAML authentication.
531734 SAML IdP: support special character '&’ in SP URLs and multiple ACS URLs.
535136 SAML IdP needs to add „SessionIndex” inside „saml:AuthnStatement” on successful logins.
504081 SCEP requests from an iPhone fail due to an error „The SCEP server returned an invalid response.”.
526242 UTF8STRING-encoded challengePassword within CSR sent during SCEP enrollment is not parsed correctly.
523340 Sending SMS messages using Twilio fails.
519994 When the sysOID is queried, FortiAuthenticator-VM identifies itself as a LINUX Net-SNMP agent system rather than a Fortinet device.
397184 Unable to monitor the FSSO user count via SNMP.
502007 The RADIUS accounting and CoA does not take effect on FortiAuthenticator.
464556 Time-based user expiry configured in usage profile isn’t applied to users when they already have an expiry date configured.
485564 Fixed vulnerability to „TCP sequence number approximation based denial of service” attack.
411510 Fixed vulnerability to „Reverse Tabnabbing” attack

Znane problemy do rozwiązania:

Bug ID Description

540551 FortiAuthenticator should automatically recognize the configured IP address on ports other than port1 in Azure cloud.
540904 LB master should ratelimit its rechecks / changelog entries generated.
542734 SMS gateway on FortiAuthenticator is not delivering the token when used with RADIUS authentication.
537871 Unable to authenticate LDAP attribute rfc822MailMember on FortiAuthenticator-VM.
542808 CLI HA Status shows „Status: Error Status” on new build/factory reset FortiAuthenticator units.
415685 FortiToken-only users can log into a service provider configured to enforce two-factor authentication if the user already has an active session.
482900 User registration via Guest Portal requires the approver to enable radius authentication first.
541826 Assigning a profile to an admin user that restricts the 'Administrator’ permission to read-only changes the user type to Sponsor.
532604 The Social Login Users list displays 'unknown’ in the User column.
526202 FortiAuthenticator does not check if signature of CSR is valid.
530392 Cannot log in with social users on Guest Portal if their account has expired.
468513 Excluding a user from SSO causes FSSO server to exit and not recover.
536211 FortiAuthenticator should limit FSSO passwords to 15 characters since that is the limit on FortiGate.
524131 There is a multisecond delay between queuing and sending of push notifications
516358 SQL connections don’t reliably timeout when underlying VPN tunnels time out.
541043 SAML authentication with Azure UUID mapping does not include SSO group for user as expected.
542094 SAML SSO cannot handle SAML assertion request: invalid information for passport-saml signature.
519319 FortiAuthenticator VM may crash when LDAP Remote user sync rules run

538244 Add option for SAML IdP to send Subject NameID in „example.com\username” format.
537628 For new deployments and after factory resets, FortiAuthenticator VM can experience a slow startup.
528231 The FortiAuthenticator log details state „cannot add any more users because limit has been reached”.
538216 FortiAuthenticator FSSO service is unstable due to crashing DC agent daemon.
540932 FSSOMA nested group search fails if nested via primary group.
540933 Source IP is missing for authentication requests coming from FSSO Windows agent.
505897 Chained token authentication with remote RADIUS server breaks PCI.
540611 When user account gets locked because time/data usage is exceeded, FortiAuthenticator doesn’t ask for a token, even if PCI is enabled.
540587 GUI crash occurs when clicking a guest user in an LB slave.
511093 In an HA setup, Radiusd on the LB slave crashes if a large custom RADIUS dictionary is uploaded to the master.
538059 Importing an ecdsa-signed certificate/key causes an error dump.
516357 Toggling load-balancing off and back on in an existing cluster can impact availability for hours/days.
537298 For Azure, NameID assertion in SAML should reference the username instead of the UserID.
506112 REST API call fails to activate FortiGuard Messaging license.
536029 Deactivate the option to disable secure passwords after 30 days have passed.
532652 Users Audit Report not working on Slave of LB cluster

Zachęcamy do przeczytania notatek: Notatki do wydania

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Post Views: 4 875

FortiAuthenticator

Poprzedni artykułF-Secure Client Security 14.02Następny artykuł FortiWeb 6.0.3

Najnowsze

FortiOS 7.0.1630 października 2024
FortiManager 7.6.130 października 2024
FortiAnalyzer 7.4.522 października 2024

Kategorie

  • Acronis
  • Aktualności
  • Bez kategorii
  • ESET
  • F-Secure
  • FortiAnalyzer
  • FortiAP
  • FortiAuthenticator
  • FortiClient
  • FortiDeceptor
  • FORTIGATE
  • FORTIMAIL
  • FortiManager
  • FortiNAC
  • FortiSIEM
  • FORTISWITCH
  • FortiWeb
  • NAKIVO
  • Proget
  • Qnap
  • Stormshield
  • Szkolenia
  • Veeam
  • VMware
  • WithSecure

Tagi

6.0.6 6.2.2 6.2.7 6.4.0 6.4.4 6.4.5 6.4.8 7.0.0 7.0.2 7.0.5 7.2.0 7.2.2 Eset eset endpoint antivirus eset endpoint security ESET Inspect ESET Protect ESET Protect Cloud F-Secure f-secure client security FMG FortiAnalyzer forti analyzer FortiAP fortiap-w2 FortiAuthenticator FortiClient FortiClientEMS forticlient ems FortiGate FortiMail FortiManager FortiNAC Fortinet FortiOS FortiSIEM FortiSwitch FortiWeb vCenter vCenter Server VMware VMware ESXi vmware esxi 8.0 vmware vcenter VMware vCenter Server

MENU

  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

BLOG TECHNICZNY

FortiOS 7.0.1630 października 2024
FortiManager 7.6.130 października 2024
FortiAnalyzer 7.4.522 października 2024

KONTAKT

+48 500-413-313
biuro@b-and-b.plhttps://www.b-and-b.pl
8:00-16:00
RODO | POLITYKA PRYWATNOŚCI
OGÓLNE WARUNKI REKLAMACJI

BEZPIECZEŃSTWO W BIZNESIE 2024 - wszystkie prawa zastrzeżone

MENU

  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

BLOG TECHNICZNY

FortiOS 7.0.1630 października 2024
FortiManager 7.6.130 października 2024
FortiAnalyzer 7.4.522 października 2024

Kontakt

+48 500-413-313
biuro@b-and-b.pl
8:00-16:00
Add new entry logo

Korzystamy z plików cookies lub podobnych technologii, by lepiej dopasować treści na stronie do Twoich potrzeb.
W każdej chwili możesz zmienić ustawienia cookies. Polityka prywatności

Akceptuję Odmów
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
  • Always Active
    Necessary
    Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  • Marketing
    Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
  • Analytics
    Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
  • Preferences
    Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
  • Unclassified
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.