Zachęcamy do zapoznania się z aktualizacją FortiManager’a oznaczoną numerem 6.0.2, producent standardowo eliminuje wykryte błędy w działaniu oprogramowania oraz dorzuca kilka drobiazgów od siebie. Zmiany głównie dotyczą zakładki Fabric Connectors. Zachęcamy do zapoznania się z opisem aktualizacji, link do notatek znajdą Państwo na samym dole.
Rozwiązane problemy:
Bug ID Description
297365 Install copy failure when configuring vwl (SD-WAN) interface used in a VIP.
389325 1178/B1473: Retrieved revision config shows clear password for user LDAP and FSSO password.
399893 Device Manager cannot show named address in the router table Destination field.
411796 Section title does not show in Proxy Policy list page.
435634 If external interface is zone for VIP group, you must support dynamic mapping config to select zone member interface.
437115 B1187/1670/0092: From Device Manager, installation of static route with WLLB interface fails.
441826 Cannot uncheck all policies.
441876 Hidden ssl-ssh-profile named „certificate-inspection” is displayed after importing a FortiGate configuration, even when UTM is disabled.
443008 Install „set rpc-over-http enable” and „mapi-over-https” when FortiManager and FortiGate are upgrading from 5.4.1.
452689 Radius admin with profile and ADOM enabled receives a 'No Permission’ error when trying to log in.
453702 Unable to filter policies by using Hit Count, Bytes, Packets, First Used, Last Used as is possible on FortiGate.
462851 The ha-direct option is not available for SNMP v3 in provisioning templates.
463662 Unable to move added columns in Policy Package header. The cursor gets stuck while moving columns in Policy Package header.
464267 Deleting a VDOM on FortiManager displays a pop-up message, which quickly disappears, and no details of VDOM references are given.
465511 Task Monitor does not give exact status of total and pending tasks when automatic-install is performed from Global ADOM.
469405 The uma_upd process crashes every second and quickly fills the disk.
472726 Not possible to add or edit bookmarks in VPN Manager when workflow mode is enabled.
473653 FortiManager 6.0.2 is no longer vulnerable to the following CVE-Reference: CVE-2018-1353
473973 Drag-and-drop method allows profiles and profile groups to coexist in a single policy.
474241 Cannot set HA reserved management interface IP as same subnet with another interface from FortiManager.
474270 In GUI, enable advanced options in GTP profile edit page.
474712 Auto-backup process does not work and results in out-of-sync FortiGate configuration in Backup ADOM.
475483 Static route with named address gives the following error: „router/static/2/ : dstaddr „””” does not allow routing.”
476220 Unable to edit Objects from the Explicit Proxy Policy view on a 5.4 ADOM
476227 In Workspace mode, the Policy Column Filters and its search results are cleared when the ADOM is locked by others.
477678 Add GUI support for „admin-scp” in the Provisioning Template widget.
478047 Add an option to disable dynamic mappings caused by different address comments.
480080 Unsetting adom-mode does not set expected 'normal’ mode.
480400 Device Manager > System Information does not display correct FortiGate system time.
480991 Verification fails when using „assign-ip-from usrgrp” in Device Manager VPN.
481378 The youtube-restrict option should not be visible in the GUI when creating a DNS Filter with safe-search disabled.
481873 1678: New firewall address object must not contain a default value of 0.0.0.0/0.0.0.0.
481991 Central SNAT Policy – NAT checkbox is unchecked all the time.
482929 Unable to write/change the scripts details on FortiManager 5.6.3 when using Internet Explorer version 11.
484578 FortiManager unsets CASI profiles configured in 5.4 ADOM explicit proxy policy – identity policy
484608 Dialup VPN configuration fails when peer type is set to dialup group.
486536 Policy package install fails due to „VIP overlap” error with FQDN VIP.
487177 Unable to run script when device lock is enabled.
487425 0092: Policy package status is incorrectly changed (or not properly updated) when making changes to device groups used in policy targets.
487995 Unable to import CA certificate to ADOM.
488159 Multiple policy package statuses changed to modified after changing one policy package.
489045 Installation failure when trying to configure an Explicit Web Proxy HTTPS service with the same port value as HTTP.
489545 VDOMs are not sorted in alphabetical order under managed FortiGate tree view.
489721 An installation error appears for 'switch-controller-dhcp-snooping’ after installing a NAT VDOM to FortiGate VM.
490500 RADIUS source-ip and VAP errors occur when installing a policy that has security profiles on FortiWifi-60E.
491140 Import Policy Package creates duplicate Interface mappings within a VPN Manager created zone.
491992 When scheduling scripts with script scheduler, the schedule uses the personal computer time instead of the FortiManager time.
492267 Import policy has error, but package status still displays a green check mark.
492293 When selecting an object on a policy with many objects, the user still needs to scroll down to find the highlighted object.
492359 After creating an object from the Object Selector pane, the object is not highlighted.
492723 Override-passwd-change cannot be pushed from AP Manager.
493227 Missing „Install On” for traffic shaping policy.
493300 GUI support for Internet service group, custom service, and custom service group in ADOM database.
493484 IPS signature syntax should support udp.dst_port.
493591 Should not allow globally assigned FSSO/POLLING objects to retrieve „user adgrp” in local ADOM.
493781 FortiManager fails to retrieve configuration after HA enabled for FortiGate VM model.
494108 When adding an interface to a zone, the „Block intra-zone traffic” option is unset.
494537 Virtual switch-interface moves to root VDOM after changing it directly on FortiGate 140DPOE.
494586 'svc cdb reader’ causes high CPU while viewing IPsec phase2.
494923 IKE version grayed out in existing tunnels, unlike FortiOS GUI.
494953 „View” button on the „Where Used” dialog does not display correct rules if sections are not expanded.
495754 Performing a „Policy Package diff” from Device Manager points to a firewall policy change, but does not display the difference on UUID.
496156 Changing Fortinet Single Sign-on agent name fails with the error 'Object does not exist’.
496612 Allow interface and zone to use an interface with the same name for default mapping configuration.
496827 Unable to delete the LDAP server, if the user group is deleted before removing the LDAP members.
497312 Creating an AP profile fails with the error invalid value – prop[ap-country]: option(33).
497347 Cannot resize the „Duplicated Objects” and „Merge” windows.
497360 Cannot set „Configure Default Value” to ON in existing VIP.
497367 „Bring Tunnel DOWN” in Query for IPsec VPN does not work.
497636 After FortiGate is upgraded from 6.0.0 to 6.0.1 in FortiManager, the install fails because of SSH local-key.
497908 'Collapse All’ with filter applied for Policy Package shows a „No entry found.” message.
498791 Failed to create an AP profile for FortiAnalyzer 221C with default configuration due to the error „invalid value – prop[type]: option(16)”.
499460 ADOM upgrade fails due to XSS vulnerability characters in FortiSwitch manager.
500911 Only 3 security modes are available and no Radius authentication in a WiFi SSID interface settings in a particular VDOM.
500913 When editing the SSID under AP Manager in ADOM 5.4, the web interface was non-responsive.
502047 Policy install fails when IP pool object type is changed from fixed port range to overload.
502339 Interface VLAN name limit is 14 characters in Device Manager. However, the VLAN limit in FOS is 15 which causes a response error.
502478 The action 'Retrieve configuration’ fails because 'dmgmt-vdom’ was tied to an interface in FortiGate.
503129 Cannot set comments in DoS policy.
503913 Avatar not visible in Log View on FortiManager when FortiAnalyzer is enabled.
504234 DHCP server type IPSEC created on IPSEC tunnel interface is deleted with Policy Package installation.
Znane problemy do rozwiązania:
Bug ID Description
473491 1631: Certificate enrollment fails using SCEP on Microsoft NDES server (Integrity check failed).
474629 When Security Profile Groups are created on FortiManager, all Security Profile Groups are pushed to all FortiGate units on next policy push.
476463 CPU increases to 100%, which affects performance and crashes FortiGuard Server.
478257 VPN Manager should filter out invalid interfaces for the default VPN interface.
483204 Manual speed/duplex negotiation not working for FortiManager 3900E ports.
506075 FortiSwitch monitor doesn’t show FortiSwitch connections for FortiOS 6.0.2.
Note: This issue will be addressed on FortiOS with ID 506251.
503787 FortiManager may fail to retrieve configuration when FortiGate does not show the name of an IP pool.
Note: The is a known issue on FortiGate 6.0.2 devices. The issue will be addressed on FortiOS with ID 504251.
507628 FortiManager may not show the correct configuration status on devices after a bulk install.
507629 FortiManager may not response to new tasks once a task has been canceled.
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie