Fortinet opublikował aktualizację oprogramowania dla produktu FortiManager o oznaczeniu wersji 7.0.7. Aktualizacja rozwiązuje problemy z monitoringiem oraz spójnością informacji w module Device Manager (SD-WAN), rozwiązano również problem który sprawiał że nieuprzywilejowani użytkownicy byli stanie uzyskać dostęp do informacji za pomocą interfejsu API. Instalacja pakietu polityk na urządzeniach FortiGate w sytuacji, gdzie baza danych FortiManager’a została odtworzona powinna funkcjonować teraz prawidłowo. Poprawiono również błąd który uniemożliwiał dodanie obiektów VIPv6.

Aktualnie wspierane modele:

FortiManager	FMG-200F, FMG-200G, FMG-300F, FMG-400E, FMG-400G, FMG-1000F, FMG-2000E FMG-3000F, FMG-3000G, FMG-3700F, FMG-3700G, and FMG-3900E.
FortiManager VM	FMG_DOCKER, FMG-VM64, FMG_VM64_ALI, FMG-VM64-AWS, FMG-VM64-Azure, FMG-VM64-GCP, FMG-VM64-HV (including Hyper-V 2016, 2019), FMG-VM64-IBM, FMG-VM64-KVM, FMG-VM64-OPC, FMG-VM64-XEN (for both Citrix and Open Source Xen).

Rozwiązane problemy:

AP Manager

Bug ID	Description
822525	FortiManager does not take the per device mapping authentication config for SSID under the Wifi Profiles.
824032	Some of the FAPs Radio configuration settings under the AP’s profile are missing.
853345	The clients are connected to the Wireless Access Point; however, „clients” section under the diagnostics & tools of AP does not display any info.

Device Manager

Bug ID	Description
789249	FortiManager does not have Logging Options after enabling One-Arm Sniffer under Interface.
789544	Status of the „Firmware Template” has been changed to „Unknown” after upgrade.
794764	FortiGate Modem Interface is not visible under Device Manager.
800191	During the ZTP deployment, „set hostname” command does not push to FortiGate.
801547	When removing an entry in the static route template, static route entries are shifted and the installation fails.
807771	FortiManager unsets the gateway settings in SDWAN template after upgrading ADOM from v6.4 to v7.0.
810936	After Upgrade, managed FortiAnalyzer on FortiManager does not display the Traffic logs under the Log View for HA devices.
812213	Default factory setting on FortiGate does not match with its default factory setting on FortiManager’s DB. This causes status conflict if FortiGate is added to the FortiManager using the „Add Model Device” method.
815901	The router static entries created by IPSEC template are deleted and re-created after upgrade.
817346	Editing interface with normalized interface mapping displays some unnecessary messages for mapping change.
818905	FortiManager unsets the certificate for „endpoint-control fctems” setting during the installation.
828897	SD-WAN Monitor map doesn’t load all devices.
829404	SD-WAN Widget does not display any data for „Bandwidth Overview” and „Traffic Growth” under the Managed Devices’ dashboard.
835106	FortiManager cannot sync its devices with FortiAnalyzer when adding it to the Device Manager; it displays the error message „Serial number already in use”.
837213	Browser crashes when clicking „view diff” to compare with current device config.
839334	FortiManager does not allow empty value for „Interface Preference” as SD-WAN Rules under the SD-WAN Templates.
845656	When BGP is enabled and no IP address is defined for set-ip-nexthop under the route-map config, FortiManager tries to set the IP to 0.0.0.0, and this may break the BGP network.
853061	Installation fails as FortiManager attempts configuring „allowas-in6” on neighbor when configuring router bgp via BGP template.
853810	Failed to edit the managed devices to modify the location.
855032	FortiManager displays the total devices/VDOMs count wrongly when split VDOM enabled on FortiGates.
855425	System Template and CLI Template config did not install to all model device FortiGates.
856207	FortiGate’s WAN1 interface cannot be edited via FortiManager’s GUI.
859249	After upgrade, 'Firmware Templates’ under the Device Manager is blank. Even new entries cannot be created.
861220	Leaving the SD-WAN member empty when configuring the SD-WAN using the template fails due to the syntax differences between FortiGate and FortiManager.
861238	SD-WAN Monitor, under Device Manager > Monitors, displays an Unknown status (a grey question mark) icon for HA devices under the Map View.
866243	The SD-WAN Monitor info for specific devices are not consistent withthe map view SD-WAN interface status (based on performance SLA).
866247	Unable to change the static route „Description” section in the Device Manager without editing the static route.
870848	SD-WAN Monitor under Device Manager > Monitors tab does not display any FortiGate devices which are running in 6.2 version.
872865	FortiManager attempts to set a default value like „system cluster-sync” on FortiGate and this causes installation failure.
874811	FortiManager tries to set the „set-ip-nexthop” to „0.0.0.0” during the installation.
874831	FortiManager attempts to install unknown and undesired static route when modifying or adding some new static routes.
859638 860071	FortiManager’s SD-WAN Monitor does not display the Health Check status correctly.

FortiSwitch Manager

Bug ID	Description
818842	FortiManager displays „Failed loading data” for „Security Policy”, „LLDP Profile”, and „QoS Policy” features when editing ports in Per-device mode FortiSwitch Management.
868949	Installation fails as FortiSwitch Manager creates an alias name longer than the total limit 25 characters.

Global ADOM

Bug ID	Description
826522	Unable to remove global object from Global Database.
868212	Assigning global policies to ADOMS by admins with access to specific ADOMs fails.

Others

Bug ID	Description
711100	FortiManager does not handle RMA and replaced FortiGates efficiently when ZTP has been used.
713714	The schedule for firmware upgrade for FortiGates does not work; instead, firmware upgrade starts immediately.
745958	Unable to config ipsec tunnel using the ipsec tunnel template.
777028	FortiManager does not support the FortiCarrier-7121F.
788006	FortiManager consumes license count for the Admin Type VDOMs.
814425	Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.
816936	FortiManager does not support the FGT/FGC 7KE/7KF syntax.
820921	FortiManager displays incorrect device firmware versions for FortiSandbox and FortiMail.
822263	Service Status under FortiGuard does not display the secondary Service status of the FortiGate’s cluster correctly.
822642	FortiManager JSON API Documentation does not provide accurate definition for the 'pkg’ variable under the „/pm/config/adom/{adom}/pkg/{pkg}/” path.
838638	FortiGates are upgraded successfully via FortiManager’s Group Firmware upgrade feature; however, the task monitor displays „Image upgrade failed” for some of the FortiGates.
838949	Using the 'refresh’ feature in the FortiExtender GUI does not refresh the stats of (RSSI, RSRP, etc.) of the associated devices.
839586	FortiManager does not save applying the configuration of „Enable AntiVirus and IPS service for FortiDeceptor” under FortiGuard settings pane.
841436	exec fmpolicy copy-adom-object command does not support the device group feature.
845753	IPSec installation fails on Google Cloud Platform (GCP) ONDEMAND FortiGate.
850377	In Workflow Mode, when new session is created, the Policies disappear.
850467	Unprivileged Users might be able to disclose unauthorized information via API.
851354	Installation while using CLI templates may fail and create the „securityconsole” Application crash.
855840	’allowaccess’ on interfaces completely removed on GCP ONDEMAND FortiGate.
857659	FortiManager did not download the „AI Malware Engine” Package from FortiGuard Server.
865200	Users encountered unsatisfactory performance of FortiManager due to several crashes on the „Application fmgd” process.
870893	Unable to install pp to FortiGates, after FortiManager’s DB got restored.
874369	Upgrading FortiManager fails due to some invalid data for managed FortiExtender’s Objects.
876425	FortiManager does not display the output of the „execute dmserver showconfig„.

Policy and Objects

Bug ID	Description
585177	FortiManager is unable to create VIPv6 virtual server objects.
698838	„Download Conflict File” does not display all of the firewall objects conflicts when importing policy packages from FortiGate to FortiManager.
738988	FortiManager does not detect the settings related to Web Cache Communication Protocol (WCCP) in SSLVPN Policies on the FortiGate.
739489	It’s not possible to enable NAT with Outgoing Interface Address by directly right-clicking on the NAT section of a firewall policy.
741269	Unable to install configuration to FortiGates due to the error message „Resource temporarily unavailable”.
752993	VPN IPSEC installation fails as phase1 settings on FortiManager are not consistent with the ones on FortiOS.
774058	Rule list order may not be saved under File Filter Profile.
778171	After the upgrade, FortiManager is changing the „config antivirus quarantine” setting; this fails the installation.
803460	„User Definitions” entries under the „User & Authentication” cannot be removed from FortiManager.
810073	Fail to import the firewall policy due to the „interface mapping undefined” error message.
814364	FortiManager does not support the FCT EMS prefix therefore policies with ZTNA Tags cannot be installed properly to the FortiGates.
814468	FortiManager purges ’gcp-project-list’ and unsets several values from GCP sdn-connector.
819847	FortiManager displays a false warning message „Duplicate Objects With Same Values” when creating the Firewall Objects’ Service entries under the Policy & Objects.
827602	Unable to import EMS Tags from EMS Server.
827607	The enable/disable status feature for the EMS Connector is not available on FortiManager.
834806	Installation fails due to extra back slashes when installing the custom IPS signatures to the FortiGates.
835087	Policies cannot be edited as FortiManager displays a warning message „Please select a SSL/SSH Inspection profile” in ADOM 6.2.
841492	FortiManager unsets the system HA settings after pushing an unsuccessful installation Policy Package to FortiGates.
846634	GUI does not allow to edit the custom Application and Filter Overrides
847932	Hit count for a policy package does not always match the total count of all installation targets.
848666	„Install Device” task stuck without any progress when installing the templates and firewall policies to the FortiGates.
850105	Unable to perform Apply & Refresh on EMS Connector.
853347	ZTNA tags name/format from EMS/FortiGates don’t match with the ones from FortiManager’s DB.
858183	After firmware’s upgrade, virtual wire pair interfaces are missing in virtual wire pair interface policy.
859217	Rearranging the Destination NAT (DNAT) objects whose names contain special characters displays an error message „object does not exist”.
862014 880359	FortiManager is purging 'replacement message group custom’ configuration after install verification fails.
862727	Policy Package installation failed due to the error „native vlan must be set” message.
862839	Cloning the Policy Packages on FortiManager creates the duplicate UUIDs.
863882	’Last Modified Time’ field is empty when exporting Policy Packages to Excel.
866724	Copy Failed error has been observed with the error message „Virtual server limit reached!”; this limit is 50 for FGT AWS ONDEMAND.
866826	Failed to modify Virtual Server addresses in Firewall Polices with Deny Action.
867809	During installation, FortiManager unsets status for the proxy policies.
868937	GUI VIP Mapped IPv6 Address/Range gives „Mapping to IP 0 not allowed”.
870688	Editing the „Install On” changes the Policy status to „Modified” for all FortiGates existing on that rule.
873896	Unable to remove „(null)” objects under „endpoint-control”.
874188	Installation fails due to FortiManager’s attempts to remove the „endpoint-control fctems” entries.
875980	FortiManager unsets EMS connector Serial Number and the tenant-id during the installation.
881857	Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used.
882996	Unable to install to FortiGates when using null values for „local-gw6” and „remote-gw6„.
889563	FortiManager, for ADOM version 6.4, does not support Creating, Importing, or Inserting Above and Below actions for a deny policy with a „Log Violation Traffic” disabled. Workarounds: To Insert, use copy & paste instead of the using Insert Above/Below. To Create, either run script to create log disabled deny policy or enable log traffic first, and then edit the policy in order to disable and save it.

Revision History

Bug ID	Description
738376	Config revision diff check may highlight the differences in config even though both revisions are exactly the same.

Services

Bug ID	Description
783422	FortiManagers configured in closed network do not support keeping the multiple entitlement copies in FortiManager’s Database.
820400	In closed network scenario, when FortiManager loses the connection to Local FortiGuard, eventually licenses become invalid.

System Settings

Bug ID	Description
753204	Admins of a specific ADOM are able to see tasks of others ADOMs.
848934	SNMPv3 does not work properly on FortiManager and FortiAnalyzer.
850469	Radius group attribute filter does not work with Microsoft NFS.
851029	FortiManager’s HA cluster breaks after upgrading the FortiManager.
853353	SDWAN Monitor Map does not show up when admin profile has been set to „None” for System Settings.
862814	Event logs did not log FortiManager admins and their actions on managed devices.
864041	SNMPv3 stopped working after upgrading the FortiManager.
864931	Unable to login into FortiManager using TACACS and Radius credentials.
868706	SSO admin users do not have the same permissions as local users with the same assigned profiles.

VPN Manager

Bug ID	Description
762401	FortiManager is unable to preserve the Specify custom IP ranges option for SSL VPN Address range setting.
798995	It’s not possible to delete an SSL VPN portal profile from FortiManager GUI if the profile has been already installed.

Notatki producenta: FortiManager 7.0.7

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

FortiManager fortimanager 7.0.7