FortiManager 5.6.3
Posiadasz urządzenie do zarządzania wieloma urządzeniami Fortinet ? Warto zainteresować się dzisiejszą aktualizacją oprogramowania w odsłoenie 5.6.3. Wnosi ona poprawki zabezpieczeń i użytkowania systemu. Zachęcamy do aktualizacji.
Poprawki / Błędy:
Device Manager
Bug ID Description
474315 Interface mappings may not be loaded in offline mode.
450186 The interface page is missing dynamic mapping configurations.
462852 Ports pertaining to a virtual wire pair do not have the vlanforward variable set to enable when the virtual wire pair is created using FortiManager.
467091 MTU settings in FortiExtender may be removed upon installation.
467262 FortiManager should be able to edit device settings of FortiGate that resides in an ADOM with backup mode.
463408 Users may not be able to select None (blackhole) in administrative distance in static route.
414026 Some DHCP server options may be not displayed in the FortiManager GUI.
467127 OSPF Interface may not support multiple MD5-keys.
469667 The Close button in Install Preview may be displayed as Cancel.
467398 Users may not be able to select the source address or destination address from address list while configuring policy route.
470613 PPPoE interface may not be configured as virtual-wan-link member from the FortiManager GUI.
471114 Users may not be able to create a new revision when max-revs has been reached.
257346 Re-installations may be launched without any prompts or ways to cancel.
470671 VPN IPsec Phase 2 Diffie-Hellman Groups check boxes may be missing in Device Manager.
Global ADOM
Bug ID Description
451193 In normal ADOMs, users may be unable to view which Global Policy Package has been applied
Revision History
Bug ID Description
474231 Users may not be able to install a policy package when SD-WAN interfaces are used for interfaces in the policy.
465488 The port reserved for FortiGate HA management may get overwritten during installation after a Slave in the cluster gets promoted to Master.
455151 The VPN Phase1 setting set add-route disable is always skipped if set type static is set.
463847 Multicast address object has associated interface value set to null in device database and any in ADOM database resulting with interface binding contradiction error when installing.
471421 FortiManager can add an interface to a zone where the interface is already used by an explicitproxy policy causing aninstallation error.
471688 When installing set webcache-https (null) from a global policy, the policy package install may stop at 67%.
465854 IP ranges in DHCP server may get deleted during installation.
472044 Installation may fail because of incorrect IPS sensor quarantine-expiry time format.
469373 Installation may fail because of ssl-ssh profile.
VPN Manager
Bug ID Description
463906 The localid setting may enable mode-cfg in vpnmgr node.
460722 Changing portal mappings in SSL-VPN settings may not remove the reference of the policy package to the portal.
466255 Reference to SSL VPN settings for a FortiGate is broken after a configuration is retrieved.
Policy and Objects
Bug ID Description
469394 Policy package status may change to Modified after users delete a device in the current ADOM when a global policy package has been assigned to this ADOM.
459902 Searching numbers in Policy Package may yield a result of a policy with the sequence number.
473732 Users may be unable to add a VIP to firewall policy due to incorrect extintf binding check.
463139 FortiManager may not be able to retrieve FSSO users with username containing a back slash.
468211 Custom IPS signatures with –icmp.type and –weight may not be accepted by FortiManager.
471663 FortiManager does not display FSSO groups after clicking the Apply & Refresh button.
469191 Sections may not work in VWP policy.
453213 After moving a policy, the focus may return to the top of policy package page.
465887 Log setting for Multicast policy may be wrongly displayed as disabled.
459375 Upon creating or cloning a firewall address, FortiManager GUI may not perform a length check for its name.
467781 Users may be unable to search using capital letters in a v5.2 ADOM in Explicit Proxy Policy Packages.
470164 There may be a duplicate interface pair view section in policy list.
371732 Users may not be able to create or edit a virtual server from right object selection list.
469254 Some firewall policies may not be imported because of name conflicts between firewall addresses and address groups.
472719 Search in Policy Package may not display all results in Interface Pair View.
System Settings
Bug ID Description
469958 FortiManager is unable to upgrade ADOM from v5.4 to v5.6 due to ADOM Interface default value is „”.
392934 The priority level for backup up system config in event log may be inappropriate.
416537 Changing FortiManager hostname may not work if the name contains a dot.
459427 FortiManager may allow a local certificate with a name longer than 15 characters to be imported.
462450 Users may not move a VDOM from a v5.2 ADOM to a v5.4 ADOM if it has the same name as the device name.
453605 OIDs for license status of the managed devices may return incorrect values in SNMP.
Workplace and Workflow
Bug ID Description
417658 In workspace mode, fmgd crashes may be found if the admin user logs out without saving the newly created policy.
468724 Policy sections may get expanded unexpectedly.
Common Vulnerabilities and Exposures
Bug ID Description
465966 FortiManager5.6.3 is no longer vulnerable to the following CVE-References:
l 2016-2183
Visit https://fortiguard.com/psirt for more information.
Others
Bug ID Description
466085 FortiManager KVM may fail to boot.
458430 Using XML API to view a device configuration may take a long time.
394383 Device sync status may get stuck on checking in IE 11 browser.
Znane Problemy:
Device Manager
Bug ID Description
478624 Users may fail to add a static route to a TP VDOM from FortiManager.
474241 Users may fail to set HA management interface IP if it falls in the same subnet with another interface.
478478 There may be security console crash after users import a large number of URL filters.
399893 Named addresses in the router table Destination field may be not shown in Device Manager.
459990 Some windows are not resizable in Device Manager Dashboard.
Global ADOM
Bug ID Description
460002 Global Policy Package inspection mode may default to Proxy mode.
Revision History
Bug ID Description
474354 Users may not be able to install Policy Packages from v5.2 ADOM to v5.4 devices.
477295 FortiManager may disable set show-backplane-intfunder config sys global unexpectedly during installation.
477940 There might be errors if users are installing one policy package to more than 2 devices.
VPN Manager
Bug ID Description
478536 FortiManager may fail to install a recreated VPN with a different name.
AP Manager
Bug ID Description
474033 There might be JSON API errors returned during device polling periods.
478239 AP profiles may fail to be imported because of error The login-password must be empty or 5 to 8 characters long
FortiSwitch Manager
Bug ID Description
478482 Users may be unable to create trunk in FortiSwitch template.
Script
Bug ID Description
442120 Running script on remote FortiGate directly may cause dmserver crashes.
Policy & Objects
Bug ID Description
470190 Users may be unable to map Dynamic Local Certificate between v5.4 FortiGate and v5.2 ADOM.
474849 After users insert a policy, the page focus may go to the first policy.
475497 Members may not be displayed in the right click editing page of an address group.
477676 The displayed sequence number of a policy may change after inline editing.
475935 FortiManager may falsely report conflicts of icmptype and icmpcode during policy import.
471187 Copy fail may occur if dstintf or srcintf = any.
475072 Conflicting objects may not be updated correctly.
System Settings
Bug ID Description
476905 Too many event logs may be generated when policy hit count feature is enabled.
Services
Bug ID Description
478294 Updates may fail when FortiManager is used as a FortiGuard server.
Others
Bug ID Description
477282 v5.2 ADOMs may fail to upgrade to v5.4 because wtp-profile type has changed.
—
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
