Producent oprogramowania Fortinet wydał najnowszą aktualizację dla produktu FortiManager o numerze wersji 7.0.11. Dzięki tej aktualizacji został rozwiązany problem z instalacją na urządzeniu FortiGate, które ma włączoną funkcję akceleracji NP7. Teraz modyfikacja ustawień QoS nie kończy się niepowodzeniem. Dodatkowo, podczas próby wdrożenia szablonu FortiSwitch na urządzeniu modelowym FortiManager, użytkownik nie otrzymuje już komunikatu błędu: „Interfejs VLAN nie pasuje do FortiLink”. Zachęcamy do zapoznania się z pełnym opisem aktualizacji poniżej.
Aktualnie wspierane modele:
| FortiManager | FMG-200F, FMG-200G, FMG-300F, FMG-400E, FMG-400G, FMG-1000F, FMG-2000E, FMG-3000F, FMG-3000G, FMG-3700F, FMG-3700G, and FMG-3900E. |
| FortiManager VM | FMG_DOCKER, FMG-VM64, FMG_VM64_ALI, FMG-VM64-AWS, FMG-VM64-Azure, FMG-VM64-GCP, FMG-VM64-HV (including Hyper-V 2016, 2019), FMG-VM64-IBM, FMG-VM64-KVM, FMG-VM64-OPC, FMG-VM64-XEN (for both Citrix and Open Source Xen). |
Rozwiązane problemy:
AP Manager
| Bug ID | Description |
|---|---|
| 906061 | It takes a significant amount of time to assign a profile to each FortiAPs. |
| 974444 | DNS server for SSIDs gets resets after importing AP Profile. |
| 979129 | Unable to export AP list form AP Manager to excel or CSV; the option is grayed out. |
| 982548 | FortiGate configuration install may fail with a reason „Need to unset channel list in radio-1 first.” |
Device Manager
| Bug ID | Description |
|---|---|
| 789655 | FortiManager BGP Template does not support the „set-route-tag” option in the „route-maps„. |
| 838462 | Adding device using „Add Model HA Cluster” feature failed as FortiManager does not allow „virtual switch interfaces” being used as „heartbeat interfaces”. |
| 871334
973064 |
Installation to FortiGate with NP7 Acceleration feature enabled might fail when FortiManager attempted to modify the QoS settings. Changing the ’default-qos-type’ to values other than its default may result in a FortiGate reboot (FortiOS Behaviour). |
| 880934 | FortiManager reverts Syslog mode settings on local FortiGates (when FortiGates are in FIPS mode). |
| 896367 | The geographic coordination config of FortiGates on Device Manager is being reset to 0,0 after a certain period of time. |
| 899903 | FortiManager GUI does not list all NTP interfaces. |
| 920394 | Installation failed due to the incorrect install order during ZTP. |
| 922543 | FortiManager attempts to unset authentication mode in OSPF settings. |
| 923808 | Even with the „set dhcp-relay-request-all-server enable” option enabled, FortiManager does not keep the DHCP server & relay configurations on the same interface. |
| 926069 | Unable to add devices to the Device Group using „Add to Existing Group(s)„. |
| 936168 | Unable to assign Device Group to the Firmware Template. |
| 966118 | FortiManager tries to purge all entries under table "system global split-port-mode” for its System template. |
| 978503 | Unable to select internet-service-custom on device level setting. |
FortiSwitch Manager
| Bug ID | Description |
|---|---|
| 967213 | While attempting to deploy a FortiSwitch template to a model device, FortiManager generates the following error message: „VLAN interface does not match FortiLink.” |
Others
| Bug ID | Description |
|---|---|
| 583349 | FortiManager does not provide support for image upgrades on „ONDEMAND” devices. |
| 897157 | Unexpected changes in existing static routes created by static route template after upgrade to 7.0.7, 7.2.2, 7.4.0. |
| 921273 | Unable to upgrade ADOMs due to the XSS vulnerability characters check on wireless-controller. |
| 935430 | When FortiAnalyzer is managed by FortiManager and FortiManager’s local logs are being sent to FortiAnalyzer, installing PP to FortiGates may display the following message: „Confirm Deletion FortiManager is going to sync the following device deletion to FortiAnalyzer,…”. |
| 982564 | When upgrading the root ADOM, the process might fail with the following error message: „…The string contains XSS vulnerability characters…”. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 854359 | An installation error occurs when FortiManager attempts to install wildcard FQDN addresses „mzstatic-apple” and „cdn-apple” within the „custom-deep-inspection” SSL-SSH profile. |
| 888798 | Changing deep inspection ssl-ssh-profile to „inspect all ports” may cause installation error. |
| 938019 | Policy Package Status not changed on modification of nested group used in policy block. |
| 945853 | FortiManager doesn’t sync previously deleted EMS tags. |
| 963008 | Impossible to merge duplicate objects. |
| 966495 | In FortiManager v7.0.10, whether it’s a fresh setup or an upgrade, a „copy failed error” occurs due to the absence of the default „sd-wan” interface. This may happen on an existing 6.4 ADOM or when attempting to create a new ADOM v6.4. |
| 968847 | Installing VPN IPsec tunnel from FortiManager failed due to the following error message: „ipsec interface … is used by switchctl”. |
| 972392 | Users do not receive a proper warning when creating a firewall address with the IP address '0.0.0.0/0.’ |
| 986262 | EMS Cloud tags are not updated on FortiManager. |
Script
| Bug ID | Description |
|---|---|
| 833285 | Installation failed when executing multiple Jinja scripts. |
Services
| Bug ID | Description |
|---|---|
| 846689 | Firmware Template is missing FSW 1024E/T1024E platforms. |
| 938365 | FortiManager’s GUI does not display an option under FortiGuard Settings to support the 7.2 version for FortiClient and FortiMail. |
| 980334 | „Download to Excel” option on Licensing Status under the FortiGuard does not work. |
System Settings
| Bug ID | Description |
|---|---|
| 853429 | Creating FortiManager’s configuration backup via scp cannot be done. |
| 966148 | RADIUS remote users are unable to successfully install changes to FortiGates. |
Notatki producenta: FortiManager 7.0.11
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
