FortiManager 5.6.5
Właśnie wyszła aktualizacja oprogramowania dla FortiManager! Menedżer został dzisiaj obdarzony aktualizacją o numerze 5.6.5, a my przedstawiamy zmiany które wprowadził producent. Zachęcamy do lektury jak i do aktualizacji urządzenia.
Wprowadzone poprawki:
AP Manager
Bug ID Description
462857 Following changes in an AP profile, FortiManager may install unrelated local user group and radius server to VDOM root.
465297 Users should be able to add more than one entry to the MAC Address Access Control List.
492723 AP Manager should be able to push override password settings.
494971 FortiAPs are not displayed in the AP Manager Map View after upgrade.
464811 Updated AP name may be reverted back to its default name if users do not install the change in a while.
Device Manager
Bug ID Description
399893 FortiManager cannot show named address in Destination field of the router table.
408280 FortiManager may show FortiGate mobile token status as Unknown while it is pending.
434101 FortiManager is missing Endpoint Control replacement message in device configuration and system template.
459990 User should be able to resize the following windows: installation preview, view config revision, and database configuration view.
460403 FortiManager may not be able to generate an interface of type vxlan.
474241 The reserved management interface should be configurable as same subnet as another interface.
474245 Policy Install fails due to set disk-usage log command inconsistency.
481011 Individual VDOM should not be placed into backup mode ADOM when adom-mode is set to Advanced.
482033 FortiManager should be use the same GUI style for the Column Name as Source & Destination under Policy route.
484600 FortiManager may not support enable/disable routes in Device Manager.
485722 Diffie-Hellman Groups 30, 29, 28, 27 and GCM encryption algorithms may be missing in IPSec Phase 2.
486515 Users may be unable to change upload-option for Fortianalyzer-2.
489545 VDOMs are not sorted in alphabetical order under Managed FortiGate tree view.
491102 Password expiration date is set for new administrators even though the feature is disabled.
491113 It is not possible to edit Replacement Messages via System’s Replacement Message Group option.
207797 Device Manager System Information does not display correct FortiGate’ system time.
462851 The ha-direct option should exist in SNMP v3 in provisioning template.
464267 When deleting a VDOM, FortiManager shows a pop up that disappears very quickly and it does not show details of VDOM references.
477142 Cloning a DHCP server may fail at the first attempt.
478338 First column of policy route list is incorrectly labeled as sequence number.
478444 Policy package status may not change to Modified in workflow mode.
487425 Policy Package status may incorrectly change when making changes to a package that has device groups as target.
Global ADOM
Bug ID Description
482925 Internet Service destination is not displayed in IPv4 Header/Footer Policy in Global ADOM.
465511 Task Monitor does not give the exact status of total and pending tasks when an automaticinstall is performed from the Global ADOM.
HA
Bug ID Description
480462 FortiManager Slave may fail to synchronize when users add a lot of admin users to the Master.
Policy and Objects
Bug ID Description
448895 There may be a performance issue with policy package check.
450509 Tokens should not be shown in the token list if they have been assigned to specific users.
463920 Address groups should highlight the addresses searched.
465620 Intrusion Prevention log-attack-context and rate-mode are not configurable on FortiManager.
471030 FortiManager allows users to use Wildcard entries under Web Rating Overrides.
474868 Block intra-zone traffic setting is not enabled by default in Zone.
478047 Add an option to disable dynamic mappings caused by different address comments.
481560 There is no validation check for FQDN addresses.
481873 A new firewall address object must not contain the default value: 0.0.0.0/0.0.0.0.
485687 Central NAT policy package installation may not follow the same logic that used in regular policy packages.
488159 Multiple Policy Packages status changed to Modified after making change to one Policy Package.
489045 Installation failure when trying to configure an Explicit Web Proxy HTTPS service with the same port value than HTTP.
493484 FortiManager cannot support IPS signatures with unknown options.
493591 The FSSO polling server that is inherited from Global ADOM should not be edited at the assigned ADOM.
469685 When editing policy objects and switching to Full Screen mode, the OK button is missing and changes cannot be applied.
478601 When a user searches for unused objects and attempt to delete all searched objects, none of the objects are deleted.
481378 FortiManager should have the same visibility for YouTube Restrict compared to FortiGate.
487995 Users are unable to import CA certificate to ADOM.
494108 When adding or removing an interface from a zone, block intra-zone traffic should not be unset.
496612 FortiManager should allow the same real interface to be used in policy interface and zone at the same time.
Revision History
Bug ID Description
478606 The preview of a VDOM may show commands from other VDOMs.
487117 FortiManager may try to install ssl-hpkp-age and ssl-hsts-age despite being disabled.
487833 Installation may fail for VIP policies with a zone as a source interface.
480982 Progress bar for installing script may not work if the admin user has None access to importpolicy-packages.
482929 Users may be unable to add/edit script details using IE 11.
System Settings
Bug ID Description
481018 DST change may be incorrect for Israel.
485392 Unclear error messages may be displayed after adding a FortiAnalyzer into Device Manager.
485675 TACACS authentication may not work when there are multiple servers defined.
492000 Users may not be able to upgrade ADOM from 5.4 to 5.6.
465511 Task Monitor does not give exact status of total and pending tasks when Automatic Install is performed from a Global ADOM.
VPN Manager
Bug ID Description
487098 Random auto-generated PSK may be identical in two separate VPN Manager topologies.
493738 Following any change in VPN community settings, FortiManager is incorrectly hashing the PSK.
472726 Users may not be able to add/edit bookmarks in VPN manager when workflow mode is enabled.
480991 Verification fails when using assign-ip-from usrgrp in Device Manager VPN.
Others
Bug ID Description
480551 SNMPwalk may fail with Error: OID not increasing: IP-MIB::ipAdEntAddr.
494586 The svc cdb reader daemon consumes high CPU resources when viewing VPN Phase 2 configuration.
469405 The process uma_upd may crash often.
480080 Unsetting adom-mode in config system global does not make adom-mode normal.
482779 JSON API may return a HTTP 503 error when attempting to change a policy scope member while having no write access to the ADOM.
452732 B1578: [UDM] the fds and fgd schedule update and polling frequency does not work on backend.
Common Vulnerabilities and Exposures
Bug ID Description
464795 FortiManager 5.6.5 is no longer vulnerable to the following CVE Reference:
CVE-2017-17541
Znane problemy:
Device Manager
Bug ID Description
456821 After a model device is linked to a real device, the VDOM is not displayed.
Script
Bug ID Description
486445 Wildcard RADIUS user may fail to schedule TCL scripts.
Services
Bug ID Description
478050 When a FortiGate HA cluster uses FortiManager as FDS server it may display duplicate entries in FortiGuard > Package Management > Service Status after a failover.
VPN Manager
Bug ID Description
478536 When pushing configuration from FortiManager to FortiGate, the outdated VPN should be deleted before creating a new VPN to avoid the duplicate remote gateway error.
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
