FortiManager 5.6.1

18.12.2017 – Firma Fortinet aktualizuje produkt FortiManager do wersji oznaczonej numerem 5.6.1.

Wspierane modele to:

FMG-200D, FMG-200F, FMG-300D, FMG-300E, FMG-400E, FMG-1000D,
FMG-2000E, FMG-3000F, FMG-3900E, FMG-4000D, and FMG-4000E.

 

Nowości w oprogramowaniu:

Upgrade – One step ADOM upgrade to 5.6.1
One-step procedure to upgrade a 5.4-based ADOM to a 5.6-based ADOM.

FOS-VM HA Cluster Support
FOS-VM HA clusters are now supported by FortiManager. Install and retrieve FOS-VM configurations, authorize UTM
services to FOS-VM members, provide metering service for FOS-VM HA cluster and upgrade FOS-VM firmware.

FortiSwitch Manager Improvements
FortiSwitch Manager now supports:
l Trunk interface creation
l DHCP Snooping
l IGMP Network Traffic Snooping
l STP State
l Loop-guard/loop-guard timeout
l Port speed/status

Configurable FortiGuard server location from System Settings
You can now view the list of connected FortiGuard update servers from the License Information widget and update the
list by selecting a preferred server location.

Lista poprawek / aktualizacji oprogramowania:

AP Manager / Bug ID Description
397342 Users may not be able to change the encrypt or disable WiFi broadcast in the AP Manager WiFi
templates.
439365 The attribute Schedule may be missing in AP Manager SSID configuration.
440650 Users may not be able to configure two DNS servers in SSID profile.
442114 Change of administrative access on WiFi Templates may change the SSID DHCP leasetime.
444739 A newly created WiFi interface may have its role set to undefined by FortiManager.
456043 Users may not be able to add 63 characters long pre-shared key containing a simple or double
quotes in SSID WiFi templates.
495156 SSID configuration changes may not trigger config install.
Device Manager / Bug ID Description
395060 FortiManager may fail to add a v5.6.0 FortiGate LENC device.
397151 Users may be forced to select and admin profile when creating a Restricted Admin to Guest
Account Provisioning Only.
399254 Users may see Relay Service from other VDOM’s when they are configuring DHCP Server in the
Device Manager.
408105 FortiManager may not be able to manage a FortiGate with a long VDOM name.
410995 Users may encounter error popups in the System Interface in CLI-Only pages.
414623 The Change button for host name may be wrongly displayed for FortiGate HA devices.
416266 Changes to the PAC file in System > Explicit Proxy may not be saved.
416529 ip-pools in SSL VPN portal profiles may not be pushed to FortiGate.
417200 engine-id under config system snmp sysinfo may not be installed to FortiGate.
434847 Users may not be able to select some interfaces in the Listen on Interfaces for explicit proxy page
in the GUI.
438217 FortiManager may not send Mobile FortiToken activation request.
439546 Users may not be able to deauthorize users from FortiManager.
441237 Users may fail to create a DHCP relay server with a VLAN interface.
441649 Users may fail to enable SNMPv3 in provisioning template for v5.2 ADOMs.
441754 Device revision diff may show passwords in plain text.
441820 FortiManager may try to unset tcp-mss value in device interface unexpectedly during installation.
441878 Authtype option Both may not be supported in FortiManager under lte-modem settings.
442327 FortiManager GUI may show minutes instead of seconds for webfilter-cache-ttl and
antispam-cache-ttl in Device Manager > System >FortiGuard.
445172 Cloned IPSec phase1/phase2 may be missing some configurations.
445688 Retrieving configuration from FortiGate may fail due to duplicate webfilter url-filter
entries.
446637 Interface attributes l2forward, ipmac and subst may be unset during installation.
447063 Installation may fail if the md5-key contains a comma in OSPF settings.
447443 Installing an existing policy package to a new device may cause other devices config status to be
shown as Modified.
448289 The category Multicast address6 may not be displayed correctly in import conflicts page.
449225 FortiManager allows users to delete all interfaces of virtual switch.
451737 Adding a FortiGate may fail if there is invalid datasource on the FortiGate.
451796 Upgrade Firmware Task may show Image upgrade failed even though it succeeded.
452460 Installation may fail when backslash \ character is used in the FortiGate username or password.
452616 Users may be able to add a VLAN interface to a FortiGate hardware switch.
452903 Deleting one imported firmware may indeed delete another one other than the selected one.
454254 Device Manager left tree may not be able to display the devices at the very bottom.
455541 WAN Link Load Balanced > Status Check Profiles may not be configured.
455937 Some VDOMs may be missing.
456713 FortiManager may accept PSK with less than minimum number of characters.
464034 FortiExtender entries may not be displayed.
464244 FortiManager cannot edit settings on the Modem interface.
FortiSwitch Manager  / Bug ID Description
414429 FortiManager may unset switch-controller when FortiSwitch is being managed.
Global ADOM / Bug ID Description
368643 Find Unused Objects and Find Duplicate Objects tools in Global ADOM may not work.
441162 Deleting an address object from Global ADOM may cause errors when users assign a Global Policy
Package.
448616 Deleting a Global policy may not be updated to assigned ADOMs.
451544 Changes in assigned Global Policies may not trigger config status to change to Modified.
456046 Automatically Install Policies to ADOM Devices may not push Global Policy Packages to all the
devices.
Policy and Objects / Bug ID Description
167355 The default color value of address objects may be different from that on FortiGate.
293781 FortiManager may not support policy hit count reset.
376655 Installation may fail because FortiManager tries to use net client-cert-request setting in
the ssl-ssh-profile.
389768 Traffic shaping policy installations to some FortiGates may fail because of the config set
bandwidth-unit.
392443 Setting quarantine-expiry for IPS sensor from FortiManager may cause installation to fail.
393077 Setting a global-label for one policy may also apply it to all policies below it.
401482 Exported policies may be missing the column of Install on scope.
401843 Insert policy above/below may create a duplicate section.
406784 Users may not be able to block the Unknown Applications category in Application Control profile
from GUI.
411896 Users may not be able to update FSSO correctly from the GUI.
412932 Users may not be able to unset associated interface for a firewall address object from GUI.
416283 Cyrillic letters may not be displayed correctly.
417443 Adding users from OpenLDAP and eDirectory LDAP may not work.
420104 Users may not be able to see Health Checks in Virtual Servers per-device mappings from GUI.
435971 URL filter rules may be re-ordered following FortiManager upgrade.
438170 When users create custom service and set an iprange, set fqdn may be used instead of set
iprange.
438745 Certificate in per device mapping of Virtual Servers may not be saved upon editing.
439086 The sequence number of a policy may be changed after users drag an object to a column.
439356 Not all groups may be displayed when users try to assign a user device to a group.
439594 Users may be unable to delete duplicated dynamic mappings.
440228 Policy packages may not be in an alphabetical order.
440831 Column Filter search in Policy Package may not return the exact matches.
441782 Explicit proxy firewall address groups in object selection may be missing.
442769 Installation Preview may get stuck at 15% following the FortiManager upgrade.
443564 Firewall Policies may not be displayed after they are created.
444304 server-cert may not be applied to the ssl-ssh-profile.
444316 Importing a Dynamic Mapping of firewall address for a VDOM other than root may fail.
444709 The default HTTPS port number may be 433 in SSL/SSH inspection profile.
445010 LDAP users containing escape characters \ may not be displayed properly.
445517 Low destination/source port value can be higher than the high destionation/source port.
445651 Users may be able to set multiple attack_ids in IPS custom signature.
446026 Policy check process may get stuck at 25%.
446029 Map to Port value in VirtualIP objects may be lost after editing.
446245 FortiManager may update the conflicted objects during Import All Objects when users choose use
value from FortiManager.
447674 The order of custom services may change during policy import.
448113 ADOM revision diff may show that there is difference when two identical revisions.
448459 Some configurations in Web Filter Profiles may not trigger conflict reports during the process of
import policy.
448537 Install Wizard may show duplicate occurrence of a device.
449000 Some files may be missing in exported policy package files.
449533 FortiManager may fail to import a URL filter with an apostrophe.
450092 Custom IPS signatures with ! in the –pcre field may not be accepted by FortiManager.
450430 When the last object is removed in a field, it may become empty.
450622 Installation log may show verification errors while the installation has succeeded.
450711 Policy package installation may fail for unset and reset the system resource-limits.
451113 The content in install wizard may be not readable.
451552 Users may receive the error binding interface does not match dstintf when they try to delete a
source interface.
452022 Policy package status may not change to Modified after updating a firewall address object being
used in the policy package.
453187 The position indication number shown bottom right may not be accurate.
453329 The UUIDs of cloned objects and policies may be changed on every installation.
453371 After Object Selector is set to Dock to Bottom, GUI may not be able to render policies on a
refresh.
406513 Newly added customer devices in a group may not be installed if they are only used in SSID Exempt
list device group.
455627 Users may not be able to create a zone with multiple interfaces.
402174 Add this user to groups may be missing in create new LOCAL user page.
436907 The section toggle status may not be remembered.
415338 Object icons may change in policy list unexpectedly.
453436 The empty object selector may be shown after users create a new policy.
459441 Users may need to refresh to see the changes made by drag and drop objects from Object Selector
in policy list.
456765 Users may not be able to add custom IPS signatures with —dns.query_type.
453942 Policy import may fail because of server-cert in the ssl-ssh-profile check.
446543 Block HTTP Redirects by Rating may not be able to be checked in Web Filter profile.
381161 Duplicate address objects with different comments may be deemed as different.
453744 FortiManager may not check * in URL filters in v5.4 ADOMs.
441222 More than 16 ranges may be allowed in service in FortiManager.
371154 In a Policy package re-install, the package selection may change after users do a preview.
435107 FortiManager may install a new Web Filter entry at the end of the Urlfilter table.
448618 Verification may fail when there is Web Filter local rating with a trailing slash created in
FortiManager.
452008 Renaming a section may create a new one.
457084 Changing firewall address objects in policy packages may not trigger the Policy Package status to
be Modified.
457938 service-group changes may not get installed to FortiGates.
Script / Bug ID Description
417075 The Cancel button in the run script popup may be misleading.
444976 The Import Script function may not be displayed in the top toolkit.
Services / Bug ID Description
437966 Downstream FortiManager may not receive AV & IPS signatures from Upstream FortiManager.
440718 If an FOSVM joins a HA cluster as a slave when it is in the Unregistered Device List, it may not be
able to receive the UTM contract from FortiManager.
System Settings  / Bug ID Description
394218 Admin profiles may not include Global Database in ADOM scope options.
416505 The modules, Policy & Packages, AP Manager and FortiSwtich may not be accessible to Remote
Radius admin users.
421868 Users may not be able to delete a v4.3 ADOM.
424389 The fingerprints of certificates may not be displayed.
439377 Duplicate even log entries may be generated for changes made on FortiManager HA master.
443717 Syslog server 1 may be allowed to be deleted.
447281 PKI authentication may not work with mutated vowels in the Subject.
447282 Admin users with Add/Delete Device Groups read/write access may not be able to edit Device
Groups.
457906 LDAP authentication may fail for group matching issues.
VPN Manager / Bug ID Description
400529 Changing node settings may not trigger installation when workspace is enabled and installation target
is a group.
Workplace and Workflow / Bug ID Description
423315 The Save button may be triggered for a locked policy package.
434642 execute fmpolicy promote-adom-object may not work properly in Workflow Mode.
435083 Users are able to quick edit the Comment section without locking the ADOM.
437663 Users may not be able to view objects without locking the ADOM first.
Others / Bug ID Description
378830 ADOM upgrade from v5.2 to 5.4 may fail because of DNS-based web-filtering
profiles.
414830 Corrupted images may be accepted for upgrade.
442695 Slave FortiGate may be incorrectly counted as one device for licensing purposes.
452464 There may be too many logs generated for Policy Hit Count.
449964 Switch interfaces created via JSON API may not have a snmp-index value.
309449 The ADOM selection upon login may not be remembered.
453579 JSON API may not be able to filter a JASON array using IN operator without giving the full list of
array values.
453703 Using JSON API to add a device may fail.
Common Vulnerabilities and Exposures  / Bug ID Description
389255 FortiManager 5.6.1 is no longer vulnerable to the following CVE-References:
l 2017-9765
Visit https://fortiguard.com/psirt for more information.

 

Pełna lista zmian:

Notatki do wydania

—

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznes

FortiManager