FortiManager 6.0.1
Zarządzasz wieloma urządzeniami Fortinet jednocześnie? Właśnie wyszła aktualizacja oprogramowania dla Twojego pomocnika! FortiManager został dzisiaj obdarzony aktualizacją o numerze 6.0.1, a my przedstawiamy zmiany które producent wprowadził. Zachęcamy do lektury jak i do aktualizacji urządzenia.
Rozwiązane problemy:
Rozwiązane problemy:
AP Manager
Bug ID Description
399726 Users may not be able to delete the last AP.
464811 Updated AP name may get reverted back to its default name if users do not install the change for a period of time.
450434 FortiManager may unset wtp-mode after users change AP config from AP Manager.
481651 fapc-compatibility may be unset.
455177 Advanced Options may not be available in the central FortiAP config page.
462857 Following changes in an AP profile, FortiManager may install unrelated local user group and radius server to VDOM root.
Device Manager
Bug ID Description
408280 FortiManager may show FortiGate mobile token status as Unknown while it is Pending.
434101 FortiManager is missing Endpoint Control replacement message in device configuration and system template.
448102 There may be an error displayed when users try to modify CLI-Only objects under System > HA.
460403 FortiManager may not be able to automatically generate an interface of type vxlan.
463169 set apn is not available in device db under system lte-modem for FortiWiFi-30E-3G4G-INTL.
467773 All zones are displayed in every FortiGate.
474245 Policy Install fails due to set disk-usage log command inconsistency.
477009 VM Meter may not show both Master and Slave licensing information in the GUI.
479258 After adding and importing a new device, other devices may have Modified policy package status.
480290 Users may be able to change VDOM of aggregated/redundant interfaces.
480541 When long-vdom-name is not enabled, the GUI error pop up message may be empty when users create a VDOM with name longer than 11 characters.
482018 Others interfaces may not show up after collapsing.
482033 FortiManager should use the same GUI style for the Column Name as Source’ & 'Destination under Policy route.
484600 FortiManager may not support enable/disable routes in Device Manager.
485722 Diffie-Hellman Groups 30, 29, 28, 27 and GCM encryption algorithms may be missing in IPsec Phase 2.
486042 FortiManager GUI may allow assigning zone bundled interfaces as SD-WAN link members.
486515 Users may be unable to change upload-option for fortianalyzer2.
491102 Password expiration date is set for new administrators even though the feature is disabled.
FortiClient Manager
Bug ID Description
366095 Users may be unable to move a FortiClient profile from the GUI.
Global ADOM
Bug ID Description
460461 The IPS package database version on Global ADOM may not be displayed in command diagnose dvm adom list.
470486 Automatic-Install may fail to detect changes to push to ADOMs.
482925 Internet Service destination is not displayed in IPv4 Header/Footer Policy in Global ADOM.
HA
Bug ID Description
414616 Hostname may not be updated when users promote Slave device to be Master in FortiGate cluster.
465503 Installation to a FortiGate HA may fail after an HA failover.
480462 FortiManager Slave may fail to sync when users add a bunch of admin users on the Master.
Policy and Objects
Bug ID Description
290293 Zone default mapping may be missing Block intra-zone traffic option.
442307 When users try to search for an address object, the address group that includes the address may not show up in the search result.
444671 GUI may not display logtraffic-start policy settings.
450922 IPS sensor with more than 8192 signature entries may be created.
459314 Users can delete used objects without options to disable it.
459655 Per-device mapping firewall address value changes may not change policy package status to Modified.
463920 Address groups should highlight the addresses searched.
471030 FortiManager allows users to use Wildcard entries under Web Rating Overrides.
472825 Web Filter profile may not be changed in Explicit Proxy Policy when profile name contains +.
475241 Users may be unable to clone global assigned FSSO objects in local ADOMs.
475496 Source, destination and services may not be ordered alphabetically in policy package.
475594 Users may be not able to create new firewall service custom objects due to the tablesize limit.
478915 Objects panel cannot be completely minimized.
481560 There is no validation check for FQDN addresses.
482361 After users rename a section, there may be one policy left under the old section name.
484261 Users may be unable to remove FSSO server2/3/4/5 with per-device mappings.
485687 Central NAT policy package installation may not follow the same logic that used in regular policy packages.
487123 Users may fail to add multiple Health Check in a Per-Device Mapping Virtual Server object.
Revision History
Bug ID Description
478606 The preview of a VDOM may show commands from other VDOMs.
480723 Copying may not work when a webfilter and an URL filter share the same name.
481383 FortiManager tries to set max-miss-heartbeats for FortiSwitch ports.
486536 Installation may fail due to vip overlap error with FQDN VIP.
487117 FortiManager may try to install ssl-hpkp-age and ssl-hsts-age despite it being disabled.
487833 Installation may fail for VIP policies with a zone as a source interface.
Script
Bug ID Description
471661 Advanced Device Filters may be displayed when users are editing CLI script.
480982 Progress bar for installing script may not work if the admin user has None access to importpolicy-packages.
Services
Bug ID Description
452732 Changing FDS/FGD schedule update and polling frequency may not work.
483670 FortiManager may not download image from FortiGuard to upgrade the FortiGate’s firmware.
485720 FOSVM licenses may be updated when FortiManager’s FortiMeter license changes.
System Settings
Bug ID Description
354283 The error message may be unclear when users try to delete a login admin session.
481018 DST change may be incorrect for Israel.
485392 Unclear error messages may be displayed after adding a FortiAnalyzer into Device Manager.
VPN Manager
Bug ID Description
484608 Dialup VPN configuration may fail when peer type is set to dialup group.
487098 Random auto-generated PSK may be identical in two separate VPN Manager topologies.
Workplace and Workflow
Bug ID Description
478444 Policy package status may not change to Modified in workflow mode.
Others
Bug ID Description
471095 ADOM upgrade may fail because of webfilter URLfilter.
476643 Signature list may not be listed in extended database mode.
480551 SNMPwalk may fail with Error: OID not increasing: IP-MIB::ipAdEntAddr.
480577 GUI may get stuck at Temporarily Unavailable upon upgrading.
481763 diagnose cdb upgrade check may not fix all errors for objcfg-intergrity.
481901 There is no way for users to reset the hit count for all ADOMs and dbcache.
485906 The admin_server_cert may not work in FIPS mode.
Common Vulnerabilities and Exposures
Bug ID Description
464795 FortiManager 6.0.1 is no longer vulnerable to the following CVE Reference:
l CVE-2017-17541
468740 FortiManager 6.0.1 is no longer vulnerable to the following CVE Reference:
l CVE-2018-1351
473644 FortiManager 6.0.1 is no longer vulnerable to the following CVE Reference:
l CVE-2018-1354
474994 FortiManager 6.0.1 is no longer vulnerable to the following CVE Reference:
l CVE-2018-1355
479513 FortiManager 6.0.1 is no longer vulnerable to the following CVE Reference:
l CVE-2018-1065
480025 FortiManager 6.0.1 is no longer vulnerable to the following CVE Reference:
l CVE-2018-7492
482793 FortiManager 6.0.1 is no longer vulnerable to the following CVE Reference:
l CVE-2018-0739
Znane problemy do rozwiązania:
Device Manager
Bug ID Description
487425 Policy Package status may incorrectly change when making changes to a package has device groups as target.
494537 FortiManager incorrectly moves the virtual switch-interface to the root VDOM when directly changing the interface configurations on FortiGate.
494923 The IKE version buttons are greyed out on an existing tunnel and the version can only be changed via CLI-only options.
495013 Device should not show up as Modified after installation.
Policy & Objects
Bug ID Description
493227 FortiManager should be able to specify which traffic shaper policy will be installed on a specific device.
493484 FortiManager cannot support IPS signatures with unknown options; returns an error.
494108 When adding or removing an interface from a zone, block intra-zone traffic should not be unset.
494367 FortiManager cannot search addresses within nested groups.
494403 Changing RSSO Agent should be possible to install without the need to make other configuration changes.
Revision History
Bug ID Description
491448 Install policy package with a FortiManager HA may fail on slave devices.
Script
Bug ID Description
486445 Scheduled TCL scripts may fail when using a wildcard RADIUS user.
Others
Bug ID Description
494072 The Central DNAT option is incorrectly translated to Central SNAT when Japanese is selected as the language for the Web GUI.
494586 The svc cdb reader daemon consumes high CPU resources when viewing VPN Phase 2 configuration.
494953 The View button in the Where Used dialog may not display the correct entries if sections are not expanded.
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
