Kolejny produkt ze stajni Fortinet dołącza do grona z zaimplementowanym systemem o wersji 6.0.5! Fortinet publikuje nową wersję oprogramowania dla FortiManager oznaczoną numerem 6.0.5. W nowej wersji oprogramowania naprawiono między innymi drobnostki dotyczące braku możliwości zalogowania się na konto administratora w przypadku posiadania specyficznych znaków specjalnych w swoim haśle, w nowej wersji FortiManager poprawnie synchronizuje polityki bezpieczeństwa pomiędzy urządzeniami FortiGate a FortiManager, administratorowi przywrócono możliwość zmiany adresu IP dla interfejsu FortiGate HA mgmt. Poza tym oprogramowanie zostało ulepszone poprzez wyeliminowanie wielu innych błędów wykrytych w poprzedniej wersji softu, o czym możemy przeczytać w naszym artykule. Zapraszamy do lektury!
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 436774 | FortiManager is missing permission settings when managing FortiAnalyzer. |
| 443240 | HA-status changes to standalone from ELBC cluster when making changes to FortiGuard server setting directly on FortiGate. |
| 460615 | FortiManager should adjust Radius configuration on SSID when renaming a Radius server. |
| 474245 | The „set disk-usage log” command should not be installed for devices with log disk. |
| 489373 | Passwords should allow special characters on certificate templates in FortiManager. |
| 492088 | FortiManager attempts to change Chassis ID on FortiGate 7000 series when installing configuration. |
| 497900 | User cannot paste password in managed device’s Telnet or SSH console. |
| 498107 | When an address is a member of a dynamic address group, its „Where Used” results does not say which dynamic group it belongs. |
| 500037 | FortiToken provision does not work. |
| 502882 | Operator to filter Event logs on FortiManager may not work properly. |
| 502945 | FortiManager returns TCL Error when pushing Policy to FortiGate due to failure to resolve hostname defined under “set fmg”. |
| 503722 | FortiSwitch Manager and AP Manager reports switches and APs connected to FortiGates as online when the devices are no longer powered on. |
| 504962 | When creating new vdom-link from the global interface menu, all the VDOMs should be visible in the management VDOM. |
| 507044 | FortiManager always overrides the device-level configured parameters to DPD 'default values’ making impossible to tune DPD settings when using VPN Manager. |
| 507231 | FortiManager pushes IP POOL with pool type not specified but with parameter „set num-blocks-per-user 32” set. |
| 508340 | With the ADOM option „Perform Policy Check Before Every Install” enabled and no changes to install, an install will fail with the „Validation Failed” message. |
| 511826 | FortiManager should remove the mandatory requirement of having a hub-to-hub interface when two hubs are defined in a VPN community using VPN Manager. |
| 512046 | When workspace is enabled, IPv6 session based counters are synchronized with FortiGate. |
| 515101 | Admin users are unable to login from the GUI when their password contains two sequential question marks. |
| 517061 | ADOM upgrade may fail when the IPs in FortiSwitch VLAN DHCP server are configured with zero. |
| 517376 | FortiSwitch Manager > FortiSwitch Templates > FortiSwitch VLANs missing advanced options. |
| 518351 | During import, FortiManager does not checking if adding suffix to object name will exceed character limit. |
| 519422 | Deleting multiple SD-WAN rules does not work. |
| 519484 | DHCP Gateway option may not working in AP Manager. |
| 519495 | Running a script always returns the error, 'the script is not eligible’, even though the actual error may be different. |
| 520651 | When querying a policy package, FortiManager API’s response may be missing the VDOM information. |
| 520691 | FortiManager should warn user in install wizard if there is an IP address being installed that is 0.0.0.0/0. |
| 520964 | FortiManager is not able to assign FQDN address object to Static Route Named Address. |
| 521063 | FortiManager responses with errors if multiple protected subnets are defined in Dial-Up community external spoke configuration. |
| 521649 | Policy counters may not be accurately synchronized with the FortiGate devices. |
| 521900 | SD-WAN rule protocol options 'ANY’ is not saved on GUI. |
| 521905 | Tooltip for device lock is not show in Device Manger’s device tree. |
| 522070 | Right-click menu does not allow firmware upgrade with device locked. |
| 522206 | GTP global tunnel limit is not configurable on FortiManager. |
| 522456 | FortiManager does not support the increased firewall addresses limit to 10000 objects for FGT81E or FGT81_POE. |
| 522713 | ADOM upgrade stuck at 5%. |
| 522828 | FortiManager unsets dhcp-snooping when installing from a 5.4 ADOM. |
| 523208 | FortiManager is trying to unset the category for user device when pushing policy package. |
| 523228 | Search in zone does not work after upgrade. |
| 523480 | IPS Filter does not include ALL if filtered based on OS. |
| 523649 | FortiManager is not updating the last modified time when modifying a web filter category. |
| 523705 | In web filter profile, FortiManager should only allow configuring quota for categories set to monitor, warning, or authenticate. |
| 523712 | FortiManager may attempt to add trailing spaces for VIP’s mapped IP. |
| 523817 | Push update should be available from Manager > License. |
| 524447 | Editing SD-WAN interface shows inaccurate GUI Page. |
| 524607 | FortiManager should not allow illegal change with ssl-ssh-profile causing installation to fail. |
| 524684 | API request returns all the devices even when the user does not have access to other ADOMs. |
| 525646 | FortiManager cannot delete WF and AS FortiGuard databases on FortiManager. |
| 525926 | The Local Users column is always empty even if a token is assigned. |
| 525927 | Import all objects is not importing unused FortiTokens. |
| 525928 | Token used in device local admin configuration is displayed as not used at ADOM level. |
| 526002 | When having multiple hosts within an SNMP community, it is not possible to edit a host and change the status of HA-direct. |
| 526232 | The execute reset hitcount command tries to reset on v5.2 ADOMs, which have no hitcounts feature resulting system returning failure with code -160 |
| 526287 | Policy install may stuck at 67%. |
| 526642 | Some SMTP/splice options under firewall profile-protocol options cannot be disabled. |
| 526935 | List of static route is always empty if user uses search filter before edit or clone a static route. |
| 527140 | FortiManager is unable to add multiple DHCP Relay Servers from the Device Manager System Interface Menu. |
| 527407 | Users may not be able to change the FortiGate HA management interface IP. |
| 527650 | Importing a local certificate with a big number of subject alternative names is not supported. |
| 528633 | IS-IS interfaces cannot be deleted from GUI. |
| 528916 | Users may not be able to upgrade ADOM after ADOM name has been changed. |
| 528931 | FOS-VM may be getting invalid license from FMGR-VM-Meter. |
| 528938 | FortiManager does not allow users to manually set SD-WAN member sequence ID. |
| 528977 | FortiGuard 7000 Service Status shows slave chassis with serial number instead of host name. |
| 529036 | VPN Manager should not show the options for main and aggressive mode when IKEv2 is selected. |
| 529045 | FortiManager should not prompt for Device setting for static route in TP VDOM. |
| 529475 | Web filter and Application profiles are not available in the FortiClient profile GUI. |
| 529771 | Upgrading ADOM 5.2 to 5.4 may be very timing consuming. |
| 530207 | Installing configuration after fail-over in cluster causes installation fail because of difference in management-ip. |
| 530249 | Policies that are Last Modified matched by actual traffic always shows recently modified by 'admin’ even if the default admin user is not present in the FortiManager configuration. |
| 530376 | Users are unable to select Schedule Object for SSID in AP Manager. |
| 530498 | Read-Only admin can enable VPN Manager in the ADOM. |
| 530735 | FortiManager may not be able to configure a full-mesh VPN among FortiGates with multi-VDOMs. |
| 530749 | FortiManager is unable to import policy configuration from devices with a long VDOM name. |
| 530792 | When configuring Per-Device Mappings for Real Servers, mode is missing and users cannot create multiple real servers. |
| 530837 | Users should not be allowed to delete default Meta fields. |
| 531338 | Column showing unused object reverts to original size after scrolling down. |
| 531489 | Re-importing a device may result in policy package status change to „modified” for many devices. |
| 531508 | When trying to add a new gateway from VPN Manager, FortiManager returns an error 'peer invalid value’. |
| 531573 | FortiManager is not able to set Type of Service field for SD-WAN service. |
| 531610 | FortiManager is showing 'Create New’ option under script even though ADOM is not locked. |
| 531645 | FortiManager should be able to configure dynamic mappings for SD-WAN via a script. |
| 531813 | With Safari, there are two issues when user editing device group: there are two scrollbars in the „Edit Device Group” window and „Edit Device Group” window size cannot be changed. |
| 531963 | SSL/SSH Profile should not allow the user to enable „Allow Invalid SSL Certificates” when Inspection mode is „SSL Certificate Inspection”. |
| 532075 | When editing comment/description, FortiManager may display the slash character, “/”, as “/”. |
| 532275 | Device Manager > System Admin Profile: Unable to change Access control due to JavaScript error. |
| 532488 | Bytes/Hit/packet count should not be a parameter to consider in the Diff as these are not part of configuration. |
| 532721 | Once a Local ID value is configured for a VPN Node within VPN Manager, it can no longer be removed. |
| 532943 | FortiGate’s system time is now shown on FortiManager when time zone index is set at 79, 80, or 83. |
| 533141 | Retrieving configuration under Workspace mode does not allow further changes under AP manager. |
| 533213 | FortiManager should support encrypted disk on AWS Cloud. |
| 533857 | FortiManager is unable to automatically register devices via Pre-Shared Key method if a revision is imported prior to registering the devices. |
| 534173 | FGFM debug shows fgfm_keepalive_handler entries for all managed devices in fgfm debug output when device filter is specified. |
| 534188 | FortiManager is unable to import 7040E v5.6. |
| 534559 | Editing Wi-Fi interface, which is a zone member, should not enable block intra-zone traffic. |
| 534784 | FSSO Agent with option Select FSSO groups via FortiGate does not work if the policy has no pending changes. |
| 534927 | When there is a dynamic interface and a multicast interface that has the same name within a policy package, the install wizard was not be able to create dynamic mappings. |
| 535170 | FortiManager does not accept FQDN address configuration containing the _ character. |
| 535245 | After upgrade, install may fail due to invalid VDOM snmp-index. |
| 535525 | Dynamic/Dialup Type IPSec Tunnel Interface cannot be added as SD-WAN member. |
| 535621 | Retrieving or importing configuration revision fails if configuration contains a large number of CRLs. |
| 535743 | Downstream FortiManager does not update Signature until changing schedule setting in the second tier FortiManager’s FDN. |
| 536043 | When ADOM is locked, FortiManager may display incorrect values or configurations from some objects or policies. |
| 536113 | AP Manager may not be able to change wtp-mode. |
| 536805 | Install fails for DoS policy quarantine-expiry. |
| 537135 | There is no GUI validation when an invalid subnet mask is used as destination for a Static Route. |
| 537197 | Change to policy with install target specified should not change the status of ALL targets within the policy package. |
| 537214 | The command, execute device replace, is missing username. |
| 537236 | LDAP query failure over slow satellite connection. |
| 537752 | FortiManager tries to add full scan options while using quick scan in default AV profile. |
| 537775 | Proxy policy should not allow empty source address. |
| 538029 | Occasionally, duplicate sequence number may appear in some policy packages. |
| 538934 | Install to device may delete configuration on FortiGate cluster with large configuration file. |
| 539184 | FortiManager should not install forward-error-correction on VLANs. |
| 539197 | The „Policy Package” column is missing in „Where Used” result after upgrade. |
| 539998 | Install fails when deny rule contains DNS filter profile. |
| 540065 | FortiManager should be able to display CA certificate under 6.0 ADOM. |
| 540095 | Scheduled TCL Script intermittently fails to run on the scheduled time after upgrade. |
| 540222 | Policy package status changed to „Never Installed” after upgrade. |
| 540657 | There is an ordering issue on admin users where multiple wildcard users are configured on the same server. |
| 540936 | Remote wildcard users breaks user profile access to workflow sessions. |
| 541015 | FortiManager may not be able to configure or import IPS custom signature. |
| 542024 | Where Used may not point to the entity using the object. |
| 542472 | Adding section for traffic shaping policies causes runtime error. |
| 542823 | Script fails to set accprofile on device database. |
| 543129 | User may not be able to delete ADOM from Global Assignment. |
| 543251 | Policy Package name is truncated in table with „Where Used” output. |
| 543567 | FortiManager does not install new certificate obtained from FortiAuthenticator. |
| 543734 | Key Type specified, as elliptic curve is not functional when generating a CSR. |
| 544121 | Installation log is missing due to dpm-logsize limited to 10MB. |
| 544142 | Installation fails due to DNS server „Same as Interface IP” option inside device interface configuration. |
| 544580 | Two SSL-SSH profiles added by FortiManager may cause installation issue. |
| 544886 | When importing device list of multiple model devices with PSKs, FortiManager prompts the error, „Serial number already in use”. |
| 545143 | Adding wildcard FQDN for SSL inspection exemption list from FortiManager fails. |
| 545457 | AP Manager may not be able to show map. |
| 545480 | When attempting to remove a VDOM from a FortiGate by running a script, the script fails unexpectedly and the VDOM is not deleted. |
| 545491 | FortiManager may fail to retrieve configuration when there are more than 10000 central NAT entries. |
| 545813 | Users may not be able to see SD-WAN options in Backup mode after switching from Normal mode. |
| 547646 | FortiManager should not push ssh-filter profile upgrade_1 to FortiGate devices after upgrade. |
| 547740 | When FortiManager is running in workspace mode, FortiManager may unexpectedly delete firewall policy. |
| 548320 | User should be able to create a FortiGate admin account with Restrict Admin to Guest Account Provisioning Only option selected with VDOM(s) guest group(s). |
| 548416 | Changes on Existing Static Route is not displayed on Installation Preview. |
| 550240 | FortiGuard service event logs should always been generated with an internal FortiManager user. |
| 551057 | FortiManager does not give an option to choose RSA 4096 and Elliptic Curve algorithms in certificates. |
| 552069 | FortiManager may fail to install local certificate on FortiGate and private key is missing after saving the configuration. |
Znane problemy do rozwiązania:
| Bug ID | Description |
|---|---|
| 540347 | FortiManager has no option available to configure VLAN IDs under VLAN Pooling. |
| 547361 | AP Profile in AP Manager may offer redundant options for specific AP models which can lead to failed installation. |
| 548329 | WiFi Profiles SSID DHCP Server Toolbar is hidden if System Settings is set to None in an Admin Profile. |
| 549001 | Installation error after changing inspection mode from Proxy to Flow. |
| 549113 | In case FortiGate is in NGFW policy-based mode, URL or Application control profiles should not be visible on FortiManager. |
| 549615 | Users should be able to set the login-timestamp from CLI script. |
| 549638 | MAC address Access control list entries under DHCP server are duplicated when editing one of the entries. |
| 549674 | FortiManager is unable to create SD-WAN Template in Central Management Mode if System Settings is set to None in an Admin Profile. |
| 550513 | User cannot change IPSec Phase1 on an existing IPSec Phase2 interface. |
| 551072 | Assignment of object-tag from 5.6 Global ADOM to 6.0 ADOM should not fail. |
| 551077 | FortiManager may not be able to import policies from FortiGate SLBC. |
| 551237 | User without Super User Profile is unable to manage Tags from Tag Management. |
| 551701 | FortiManager is unable to Set OSPF Interface Network Type as P2MP. |
| 552110 | FortiManager cannot show where used for FortiSwitch Security Policy. |
| 552144 | Install copy fails when setting captive portal user group for FortiSwitch’s VLAN. |
| 553270 | Imported SSIDs cannot be selected within AP Profile until the SSIDs have been edited. |
| 553276 | When SSID is in bridge mode, external link to captive portal and CMCC Radius Secret are missing on AP Manager’s SSID page. |
| 553704 | Find Duplicate Objects may get stuck loading. |
| 553860 | FortiManager should have public IP for remote-gw under IPSec Phase1 interface. |
| 553926 | Split-tunneling information may not be retrieved completely for managed AP. |
| 553933 | User should be able to configure split-tunneling related information on AP profile and managed AP pages. |
| 553985 | FortiManager incorrectly sets security-external-web when external authentication is selected. |
| 553991 | When redirect after captive portal is set, verification may fail on security-redirect-url due to missing http:// prefix. |
| 554001 | Configuration may modify FQDN addresses after FortiManager and FortiGate are both upgrade to version 6.0.5. |
| 554092 | FortiManager is unable to use interface member of a zone as Source Interface filter for VIP object. |
| 554154 | FortiManager is unable to select multiple FortiExtender units for upgrade of firmware from Extender tab. |
| 554491 | Device Manager generates incorrect configuration for Filter MAC Addresses on SSID that causes installation to fail. |
| 554500 | Device Manager’s SSID page cannot save links to authentication portal and redirect after captive capital. |
| 554761 | FortiManager is missing to generate software switch related configurations for Quarantine Host for SSID. |
| 554778 | AP Manager may not be able to import AP Profile for FAP-421E/423E/S421E/S423E. |
| 554882 | 7000 series HA members may show up as unregistered after failover. |
| 554901 | EU country ID is available on FortiManager, but the ID is not part of latest geographic database. |
| 554946 | Sub-admin clicks View on where Used may lead to disappearance of dual panel. |
| 555159 | After deleting an SSID from Device Manager, AP Manager still shows the SSID. |
| 555257 | Search box for SSID selection within AP Profile may not work well. |
| 555730 | Install may fail if zone member is used in a Multicast policy. |
| 556192 | Resetting hitcount in ADOM 5.4 fails. |
| 556192 | FortiManager may fail to run execute fips kat all and diagnose system fips kat-error commands. |
| 556368 | FortiManager may show Device objects from another ADOM. |
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
