FortiManager 7.4.1 - B&B Bezpieczeństwo w biznesie

Producent oprogramowania Fortinet opublikował najnowszą aktualizację dla FortiManager’a w wersji 7.4.1, która zawiera kilka ważnych poprawek i rozwiązuje znane problemy. FortiManager nie wyświetla już błędu dotyczącego nakładania się podsieci dla identyfikatora SSID, poprawiono działanie przeszukiwania tras za pomocą nazwy interfejsu. Dodatkowo rozwiązano problemy dotyczące polityk i obiektów a wiele więcej informacji można znaleźć w artykule poniżej.

Aktualnie wspierane modele:

FortiManager

FMG-200F, FMG-200G, FMG-300F, FMG-400E, FMG-400G, FMG-1000F, FMG-2000E

FMG-3000F, FMG-3000G, FMG-3700F, and FMG-3700G.

FortiManager VM

FMG_DOCKER, FMG_VM64, FMG_VM64_ALI, FMG_VM64_AWS, FMG_VM64_AWSOnDemand, FMG_VM64_Azure, FMG_VM64_GCP, FMG_VM64_IBM, FMG_VM64_HV (including Hyper-V 2016, 2019), FMG_VM64_KVM, FMG_VM64_OPC, FMG_VM64_XEN (for both Citrix and Open Source Xen).

Rozwiązane problemy:

AP Manager

Bug ID	Description
861941	FortiManager attempts to install „`arrp-profile`” even if „`darrp`” is disabled.
892773	Assigning AP Profile returns invalid value.
906930	FortiManager displays an error for Subnets overlap for a Bridge SSID.

Device Manager

Bug ID	Description
768289	There is a discrepancy in the usage of quotation marks („”) when configuring DHCP relay from FortiManager or retrieving it from FortiGate.
831624	SD-WAN Monitor under Monitors displays time frame as „`invalid date - invalid date`„.
895001	The „`gui-ztna`” configuration is displayed as enabled on the FortiManager even though this setting is disabled on the FortiGate.
896367	The geographic coordination config of FortiGates on Device Manager is being reset to `0,0` after a certain period of time.
899350	Promote button is missing for Fortigate 80F Clusters.
902908	Managed FortiAnalyzer is not listed under System Template.
906558	Importing a Revision fails and displays a runtime error.
909867	FortiManager attempts to configure unsupported syntax for „`sdwan health-check`„.
910391	When FortiManager operates in a non-default workspace mode, it may attempt to purge the configuration of the FortiGate devices due to database corruption.
911535	Adding a Model device with MetaVariables changes the status of other devices which using the MetaVariables to Modified/unknown.
912833	Adding FortiGates with Open Authentication (OAuth) Method, Fortinet Security Fabric dialog box does not display the FortiManager’s related info.
915361	FortiWifi devices are displayed in FortiManager under the Vulnerable devices as FortiAP.
917969	FortiManager is unable to search static routes via its interface name.
918292	The SD-WAN services cannot be modified, and attempting to make changes results in an 'Invalid Value’ error message.
919613	When using a space character in ’`psksecret`’, the FMG is unable to install the ’`psksecret`’ and displays an error message.
921094	In 6.2 or 6.4 ADOMs, problems might occur when attempting to add or modify static routes.
925546	Assigned Devices on Provisioning Template/CLI Template shows incorrect VDOM.
925684	Only a maximum of 10 devices can be previewed before installation using 'install preview’.
925854	FortiManager fails to load the security fabric data for FortiGates (Versions 7.0.5+ & 7.2.5).

FortiSwitch Manager

Bug ID	Description
881766	Event logs or task manager do not show which user authorized a FortiSwitch.
922068	FortiSwitch Manager does not display any ports for managed switches.
947651	Per Device under the FortiSwitch Manager cannot edit FortiSwitch name and GUI returns error „invalid value”.

Global ADOM

Bug ID	Description
894714	FortiManager does not allow creating/modification or removing the per-device mapping in global objects in assigned ADOM.
906058	Firewall address cannot be deleted from Global ADOM; it displays an error message indicating that the object is being used in ADOM root.
925188	The per-device mapping for any assigned global objects cannot be modified.

Others

Bug ID	Description
671904	FortiManager does not support the „Lock Override” feature when Workspace mode works on Per-ADOM mode.
880465	TCP ports 8902 & 8903 are opened and in listening mode after the upgrade.
894947	FortiManager fails to trigger the event handler for its local events after enabling the FortiAnalyzer features.
895982	Admin with a super user profile is not able to create the Firmware Template when FortiManager is working in the Workflow mode.
897157	Unexpected changes in existing static routes, created by static route template after upgrade to 7.0.7, 7.2.2, 7.4.0.
910175	When provisioning the FortiExtender via CLI template, FortiManager displays the „mismatch interface” error message.
914027	FortiManager does not display/use the latest ISDB version for all of its ADOMs.
916463	The approval emails are not being sent to the „Email Notification” admins when a new session is created and submitted for approval.
917834	Report Definitions cannot be viewed or modified from FortiManager when FortiAnalyzer is being managed by FortiManager.
918129	FortiManager does not support the AWS Security Token Service in AWS SDN connector.
919088	GUI may not work properly in Google Chrome and Microsoft Edge version 114.
919981	Installation fails to Azure FortiGate standalone as FortiManager attempts to set the peervd to „root”.
921273	Unable to upgrade ADOMs due to the XSS vulnerability characters check on wireless-controller.
925778	FortiGates are displayed offline and Inactive on FortiWLM MEA.
930305	Firmware template upgrade preview shows incorrect versions for the upgrade.
930425	When downloading the install preview, the file name doesn’t include the timestamp.

Policy and Objects

Bug ID	Description
696367	Hit count, first used, and last used may not get updated on FortiManager.
780058	FortiManager’s GUI does not support the „`src-vendor-mac`” objects in Firewall policy.
830640	„Send files to FortiSandbox for inspection” option is being enabled when creating an antivirus profile.
863819	Unable to delete unused objects.
869863	NSX connector; unable to unselect the group with no users.
873358	Installation fails as FortiManager tries to set „`cgn-client-startip`” and „`cgn-client-endip`” settings when ippool object has been modified.
880418	The default values of the Application Control Profile entries cannot be changed.
883064	Any admin make changes to „Object Selection Pane”, either set it to Dock to Right, Dock to Bottom, or Classic Dual Pane, it will affect all other admin’s GUI preferences.
894597	Default value for „`unsupported-ssl-version`” in `ssl-ssh-profile` gets modified during the installation.
896461	FortiManager disables `ip6-send-adv` after opening and closing interface configuration.
896491	Installation fails with unclear error message: „vdom copy failed”.
898883	Exported firewall policies do not contain firewall address values IP, netmask, and other details.
899135	Installation fails as FortiManager tries to unset the „`arrp-profile`” during the installation.
902298	FortiManager does not generate error messages when invalid or obsolete application IDs are used in the policy. Instead, it allows installation and sets the category to 'pass’ or 'monitor’.
908445	FortiManager does not display correct edit page for virtual server VIP when edit object in policy table.
911146	Under the Policy & Objects, GUI does not display the Address Object list.
911632	When retrieving the configuration from the FortiGate, the FortiManager shows the new cert; however, those can’t be assigned to the FCT EMS connector.
912114	FortiManager is unable to import OpenStack SDN connector and the following error message is displayed: „send_sdn_connector_openstack_cmd: Failed to get openstack token”.
914945	Unable to modify or clone the „SSL/SSH inspection profile” in the Policy & Objects on the ADOM 7.0 version.
914981	In Policy & Objects, local policy is not displayed if view mode „Interface pair view” is selected.
916459	The option 'Allow Websites When a Rating Error Occurs’ is not being saved correctly in the default web filter.
919415	Unable to „Edit” and „Delete” Installation Target after enable classic dual pane mode.
919681	The incoming and outgoing interfaces are not loading after creating a custom policy package in a 7.2 FortiGate ADOM.
920740	Unable to create a per device mapping for a virtual server.
920983	The policy blocks using a group object do not get updated when the objects within the group are modified.
922648	FortiManager unable to push WiFi SSID to FortiGates.
925058	„Web URL Filter” entries are not visible in the Web Filter Profile.
925076	FortiManager tries to install different preconnection-id under VPN SSL WEB Portal > Profile > Bookmark-Group > Gui-Bookmark > Book.

Revision History

Bug ID	Description
904710	Restoring a revision of a policy removes the information of all the SD-WAN rules.

Script

Bug ID	Description
913360	Device script is trying to add additional configuration; therefore, installation gets failed.
923966	When FortiManager is operating in Workspace mode, there are no options to save changes after executing a CLI script.
931196	Scheduled Scripts created by the LDAP users cannot be run and FortiManager displays „Data is not ready” error message.

System Settings

Bug ID	Description
733279	After changing the http or https port, FortiManager displays an „Unknown Error.” error message.
842732	FortiManager does not display the Secondary HA member’s status correctly.
861997	Unable to delete a particular non-default empty ADOM.
890956	SAML SSO Authentication only works with the default local certs.

VPN Manager

Bug ID	Description
863424	The „Latest Patch Level” should be available with action „Check-up-to-date” under the SSL VPN Portal.
931564	In VPN Manager, ipsec vpn map, topology view and traffic view does not display map normally.

FortiManager 7.4.1

—

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Post Views: 1 242

FortiManager Fortinet