Fortinet opublikował aktualizację dla FortiManager oznaczeniu wersji 6.4.11. Aktualizacja usprawnia funkcjonowanie rozwiązania, przyspieszając instalację konfiguracji w środowiskach z dużymi bazami danych, naprawiono również błąd związany brakiem możliwości zalogowania do FMG przy wykorzystaniu TACACS oraz RADIUS. Naprawiono również błędy które utrudniały zarządzanie obiektami w bazie danych, instalacją pakietu polityk dla FortiGate, uprawnieniami kont administracyjnych (SSO) oraz innych, związanych z monitoringiem, trasami routingu. Więcej informacji w artykule poniżej.
Aktualnie wspierane modele:
| FortiManager | FMG-200F, FMG-200G, FMG-300E, FMG-300F, FMG-400E, FMG-400G, FMG-1000F, FMG-2000E,
FMG-3000F, FMG-3000G, FMG-3700F, FMG-3700G, FMG-3900E, and FMG-4000E. |
| FortiManager VM | FMG-VM64, FMG-VM64-Ali, FMG-VM64-AWS, FMG-VM64-AWSOnDemand, FMG-VM64-Azure, FMG-VM64-GCP, FMG-VM64-HV (including Hyper-V 2016, 2019), FMG-VM64-KVM, FMG-VM64-OPC, FMG-VM64-XEN (for both Citrix and Open Source Xen). |
Rozwiązane problemy:
AP Manager
| Bug ID | Description |
|---|---|
| 822525 | FortiManager does not take the per device mapping authentication config for SSID under the WiFi Profiles. |
Device Manager
| Bug ID | Description |
|---|---|
| 751961 | SD_WAN monitor does not show the selected time period properly and instead displays the results in „hours”. |
| 789249 | FortiManager does not have Logging Options after enabling One-Arm Sniffer under Interface. |
| 794764 | FortiGate Modem Interface is not visible under Device Manager. |
| 800191 | During the ZTP deployment, set hostname command does not push to FortiGate. |
| 810936 | After Upgrade, managed FortiAnalyzer on FortiManager does not display the Traffic logs under the Log View for HA devices. |
| 812213 | Default factory setting on FortiGate does not match with its default factory setting on FortiManager’s DB. This causes status conflict if FortiGate is added to the FortiManager using the Add Model Device method. |
| 820990 | IPSec VPN deployment via ZTP creates some issues on the FortiGate routing. |
| 828897 | SD-WAN Monitor map doesn’t load all devices. |
| 830105 | FortiManager attempts to install 1.0.0.0 as the remote-gw for all the phase1-interfaces when 2 or more IPsec phase1-interfaces have same remote-gw IP. |
| 832599 | When installing the config system snmp community settings to FortiGates, some of the entries are deleted. |
| 842923 | Auto-update fails to sync FortiManager’s device DB when interfaces are modified directly in the root VDOM of the FortiGates. |
| 853810 | Failed to edit the managed devices to modify the location. |
| 855425 | System Template and CLI Template config did not install to all model device FortiGates. |
| 859638
860071 |
FortiManager’s SD-WAN Monitor does not display the Health Check status correctly. |
| 866243 | The SD-WAN Monitor info for specific devices are not consistent with the map view SD-WAN interface status (based on performance SLA). |
| 866247 | Unable to change the static route „Description” section in the Device Manager without editing the static route. |
| 870848 | SD-WAN Monitor under Device Manager’s Monitors tab does not display any FortiGate devices which are running in 6.2 version. |
| 874831 | FortiManager attempts to install unknown and undesired static route when modifying or adding some new static routes. |
FortiSwitch Manager
| Bug ID | Description |
|---|---|
| 784525 | IPv4 options cannot be defined in a per-device VLAN. |
Global ADOM
| Bug ID | Description |
|---|---|
| 789164 | Unable to delete the web rating override entries from ADOM Global Database. |
| 826522 | Unable to remove global object from Global Database. |
Others
| Bug ID | Description |
|---|---|
| 707911 | FortiManager should be able to assign VLAN interface to FortiExtender. |
| 815875 | After FortiManager’s upgrade, device level status has been modified and Install preview shows that pdf-report and FortiView features will be enabled on the FortiGates, even if these have already been enabled on the FortiGates before. |
| 827120 | FortiManager HA failed to be established in FIPS mode. |
| 870893 | Unable to install pp to FortiGates, after FortiManager’s DB got restored. |
| 876425 | FortiManager does not display the output of the execute dmserver showconfig command. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 716892 | Exporting to „Excel/CSV” does not include the value for fields „Log & Last Modified By”. |
| 731961 | When FortiManager is working in the workspace mode, the installation for those FortiManager with larger DB may take longer time to be completed. |
| 738988 | FortiManager does not detect the settings related to Web Cache Communication Protocol (WCCP) in SSLVPN Policies on the FortiGate. |
| 742293 | FortiManager, via ADOM 6.0, is not able to install set logtraffic all to proxy-policy with action deny. |
| 795449 | Unable to „Download Conflict File” to review the conflicts of firewall objects during import process. |
| 814478 | Once the normalized interface has been defined, FortiManager does not allow setting it to „None”. |
| 834401 | Upgrading ADOMs do not complete if there are some empty values for „profile-type” and „utm-status”. |
| 835087 | Policies cannot be edited as FortiManager displays a warning message, „Please select a SSL/SSH Inspection profile” in ADOM 6.2. |
| 836783 | FortiManager changes the use-metadata-iam value for the SDN connectors. |
| 841492 | FortiManager unsets the system HA settings after pushing an unsuccessful installation Policy Package to FortiGates. |
| 846222 | Unable to perform the policy diff when both device and policy package are locked. |
| 847932 | Hit count for a policy package does not always match the total count of all installation targets. |
| 863882 | Last Modified Time field is empty when exporting Policy Packages to Excel. |
| 870878 | FortiManager’s GUI does not display the color code or name for the selected color for objects once it is created. |
| 882996 | Unable to install to FortiGates when using null values for „local-gw6” and „remote-gw6”. |
Script
| Bug ID | Description |
|---|---|
| 795639 | Any commands after the set secret command in the switch-controller custom-command configuration is displayed in a form of encrypted strings. |
Services
| Bug ID | Description |
|---|---|
| 837942 | In cascade mode, FortiManager as local FortiGaurd Server does not download IPS signature for extended database. |
System Settings
| Bug ID | Description |
|---|---|
| 841782 | In Workflow mode, admins are not able to click on the „Approve this request” received from the emails as it displays „Unable to complete action” or „Invalid adom name” error messages. |
| 853353 | SDWAN Monitor Map does not show up when admin profile has been set to „None” for System Settings. |
| 864931 | Unable to login into FortiManager using TACACS and Radius credentials. |
| 868706 | SSO admin users do not have the same permissions as local users with the same assigned profiles. |
VPN Manager
| Bug ID | Description |
|---|---|
| 798995 | It’s not possible to delete an SSL VPN portal profile from the FortiManager GUI if the profile has already been installed. |
Znane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 692669 | Browser may display a message, 'A webpage is slowing down your browser’, while checking revision difference. |
| 817346 | Editing interface with normalized interface mapping displays some unnecessary messages for mapping change. |
Others
| Bug ID | Description |
|---|---|
| 729175 | FortiManager should highlight device consisting of specific IP address under Fabric View. |
| 806522 | Application websocket crashes and makes FortiManager’s GUI unresponsive. |
Policy & Objects
| Bug ID | Description |
|---|---|
| 726105 | CLI Only Objects may not be able to select FSSO interface. |
| 774058 | Rule list order may not be saved under File Filter Profile. |
| 803460 | „User Definitions” entries under the „User & Authentication” cannot be removed from FortiManager. |
| 845022 | SDN Connector failed to import objects from VMWare VSphere. |
| 889563 | FortiManager, for ADOM version 6.4, does not support Creating, Importing, or Inserting Above and Below actions for a deny policy with a „Log Violation Traffic” disabled.
Workarounds:
|
Revision History
| Bug ID | Description |
|---|---|
| 738376 | Config revision diff check may highlight the differences in config even though the both revisions are exactly same. |
VPN Manager
| Bug ID | Description |
|---|---|
| 784385 | FortiManager creates the faulty dynamic mapping for VPN manager interface during PP import.
Workaround: It is strongly recommended to create a fresh backup of the FortiManager’s configuration prior to this workaround. Perform the following command to check & repair the FortiManager’s configuration database. diagnose cdb check policy-packages <adom> After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces. |
Notatki producenta: FortiManager 6.4.11
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
