Producent oprogramowania Fortinet zaprezentował aktualizację dla produktu FortiManager w wersji 7.4.4, która wprowadza poprawki dotyczące bezpieczeństwa oraz rozwiązuje kilka znanych problemów. W tej wersji m.in. poprawiono instalację konfiguracji FortiGate, która mogła się nie udać z powodu błędu „Need to unset channel list in radio-1 first”, rozwiązano problem braku wyświetlania SSID i kanałów radiowych w widoku AP Manager oraz usunięto błąd, który powodował zawieszanie się procesu instalacji skryptów. Więcej szczegółów dotyczących aktualizacji oraz zmian można znaleźć w artykule poniżej.
Wspierane urządzenia:
| FortiManager | FMG-200F, FMG-200G, FMG-300F, FMG-400G, FMG-410G, FMG-1000F, FMG-2000E, FMG-3000F, FMG-3000G, FMG-3700F, and FMG-3700G. |
| FortiManager VM | FMG_DOCKER, FMG_VM64, FMG_VM64_ALI, FMG_VM64_AWS, FMG_VM64_AWSOnDemand, FMG_VM64_Azure, FMG_VM64_GCP, FMG_VM64_IBM, FMG_VM64_HV (including Hyper-V 2016, 2019, and 2022), FMG_VM64_KVM, FMG_VM64_OPC, FMG_VM64_XEN (for both Citrix and Open Source Xen). |
Rozwiązane problemy:
AP Manager
| Bug ID | Description |
|---|---|
| 982548 | FortiGate configuration install may fail with a reason, „Need to unset channel list in radio-1 first.” |
| 987111 | Unable to save the SSID configuration changes under the AP Manager. |
| 1002043 | AP Manager view does not show SSIDs and Radio Channels. |
Device Manager
| Bug ID | Description |
|---|---|
| 796842 | Failed to reload the configuration due to the „datasrc invalid” error message. |
| 871334
973064 |
Installation to FortiGate with NP7 Acceleration feature enabled might fail when FortiManager attempted to modify the QoS settings. Changing the „default-qos-type” to values other than its default may result in a FortiGate reboot (FortiOS behavior). |
| 956920 | Monitor Health Check graphs return incomplete or no value. |
| 960363 | Traffic Shaping widgets keep loading on dashboard page of the Device Manager. |
| 961508 | SD-WAN Monitor table view does not load. |
| 966546 | Unable to disable the „Create Address Object Matching Subnet” feature when the interfaces role is LAN. |
| 971432 | SD-WAN Monitor in the FortiManager doesn’t show up data for more than one hour. |
| 975310 | Unable to unset interface IP for a VLAN interface in Device Manager. |
| 976887 | Unable to set non-HEX values for DHCP Option; it displays an error message: „…enter a valid Hexadecimal number…”. |
| 979531 | System Template does not save the auto-firmware-upgrade settings. |
| 981031 | Device Inventory widget shows wrong date for „last seen”. |
| 986466 | When modifying the BGP template with a new route map rule, a failure error message may be displayed. |
| 988964 | FortiManager tries to push switch-controller command to devices that do not have this command. |
| 991337 | When ADOM Advanced Mode is enabled, FortiManager is unable to edit interfaces for non-root VDOM in different ADOM. |
| 991464 | Asset Identity list cannot be exported to CSV. |
| 993094 | Firmware image for Azure Fortigate (PAYGO) is not available from (Device Manager > Firmware upgrade). |
| 995919 | Cannot config system password-policy expire-day for FortiGates. |
| 1001699 | System Templates and Template Groups cannot be assigned to FortiProxy devices. |
| 1002289 | Unable to delete default wireless-controller vap configuration with pre-run CLI templates. |
| 1006838 | „Admin User” settings get modified if username is more than 37 characters. |
| 1009883 | Unable to set the Radius-Server addresses as FQDN. |
| 1011744 | Autoupdate will not update the Device DB with FortiGate’s ssh local-key details. |
| 1016654 | FortiManager fails to add FortiAnalyzer as a managed device. |
| 1016987 | FGFM’s tunnel went down after upgrade because the device’s SN doesn’t match the expected certificate. |
FortiSwitch Manager
| Bug ID | Description |
|---|---|
| 988757 | When viewing switch ports through the FortiSwitch Manager, the port status was displayed as DOWN. |
| 995984 | Cannot create MC-LAG in FortiSwitch Manager. |
Others
| Bug ID | Description |
|---|---|
| 874052 | After upgrade ADOM from v7.0 to v7.2, when installing a policy package to FortiGate-v7.2 device, FortiManager tries to change „match-vip” from disabled to enabled. |
| 876125 | Unable to assign provisioning templates to template groups in FortiProxy ADOMs. |
| 897157 | Unexpected changes in existing static routes, created by static route template after upgrade to 7.0.7, 7.2.2, 7.4.0. |
| 935430 | When FortiAnalyzer is managed by FortiManager and FortiManager’s local logs are being sent to FortiAnalyzer, installing PP to FortiGates may display the following message: „Confirm Deletion FortiManager is going to sync the following device deletion to FortiAnalyzer,…”. |
| 949994 | When the FortiAnalyzer feature is activated on the FortiManager, attempting to download FortiGate logs/log files from the FortiManager results in an error message. |
| 954564 | FortiManager attempts to change FEX serial number and returns an installation error. |
| 956335 | Unable to upgrade root ADOM from v6.4 to v7.0 with „med-location-service” object error. |
| 963490 | Installation fails as FortiManager attempts to „set role primary” feature for the „lan-extension backhaul” under the „extender-controller„. |
| 963744 | FortiManager’s HA status becomes unsynchronized when the „private-data-encryption” feature is enabled. |
| 967214 | Unable to set up metadata variables using CSV file when Workspace mode is enabled on ALL ADOMs. |
| 976448 | Unable to login FortiManager cloud. |
| 982564 | When upgrading the root ADOM, the process might fail with the following error message: „…The string contains XSS vulnerability characters…”. |
| 986753 | Policy installation may stuck on the validation due to recurrent Segmentation Fault errors on the webevent / webworker processes. |
| 991052 | FortiManager AWS is not able to form GeoRedundant Cluster as VRRP HA fails to sync. |
| 1008642 | Unable to mount disk and create lvm when deploying using AZURE D-Series v5 Instance Type. |
| 1015415 | When FortiAnalyzer is added as a managed device to FortiManager, filtered logs will not be displayed under Log View. |
| 1023512 | FortiManager fails to install policies to FortiProxy if number of local users are more than 1000. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 804160 | FortiManager does not remove „Radius Server” on the FortiGate when it becomes unused. |
| 817289 | FortiManager only accepts IPv6 Compressed Notation format for the Policy & Objects. |
| 852603 | Per device mapping feature is not available for EMS connector under the Policy & Objects on the FortiManager. |
| 883064 | When any admin makes changes to the „Object Selection Pane”, whether setting it to Dock to Right, Dock to Bottom, or Classic Dual Pane, it will effect all other admin’s GUI preferences. |
| 888798 | Changing deep inspection ssl-ssh-profile to „inspect all ports” may cause installation error. |
| 902315 | Multicast firewall policies are not visible in GUI when both interfaces are in VWP (virtual wire pair). |
| 908353 | When ISDB name changed, FortiManager is not automatically updating the new ISDB object name. |
| 917225
1012400 |
FortiManager is unable to install policy packages to multiple devices due to „securityconsole” crashes. |
| 958206 | Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server. |
| 963008 | Impossible to merge duplicate objects |
| 972392 | Users do not receive a proper warning when creating a firewall address with the IP address „0.0.0.0/0.” |
| 979554 | EMS connectors are randomly getting disabled on FortiManager, despite no changes being made to EMS settings on either FortiManager or FortiGate. |
| 982638 | Invalid IPS signature breaks the GUI when users are trying to edit the IPS profile in the FortiManager. |
| 983219 | FortiManager attempts to delete the „edm-keyword” when configuring DLP data types on the FortiGate. |
| 984935 | The „view mode” and „Routing Object” options are not displayed on the GUI. |
| 986262 | EMS Cloud tags are not updated on FortiManager. |
| 989423 | FortiManager SD-WAN interfaces are not available as Normalized interfaces. |
| 989953 | GUI can not load replacemsg-group in Web Filter profile advanced option. |
| 991351 | When ADOM Advanced Mode is enabled, FortiManager is unable to edit interfaces for non-root VDOM in different ADOM. |
| 993263 | Filters in Policy Packages do not function correctly. |
| 995766 | „Find and Replace” feature does not display „replace with” table result for some columns. |
| 997752 | Install preview randomly hangs and doesn’t return any data on next screen. |
| 1001027 | When trying to install multiple devices simultaneously, FortiManager may become unresponsive. |
| 1001165 | Installation failure while installing the Fortinet_GUI_Server Certificate. |
| 1002060 | Using unmapped interfaces under Policy Blocks does not give an installation error. |
| 1002551 | FortiManager is pushing the web-proxy profile configuration without space between domains. |
| 1002787 | User external-identity-provider can’t be created in the User Definition or CLI configuration under the Policy & Objects. |
| 1002794 | FortiManager attempts to remove the existing external-resource when „set external-blocklist-enable-all enable” in AV profile. |
| 1003295 | „Install On” field in FortiManager does not exist anymore. |
| 1003309 | When an address object is cloned it is not automatically included in the original address group. |
| 1008729 | EMS tags fail to import upon clicking Apply & Refresh. |
| 1009296 | „Fork error (out of memory?)” message has been observed when installing Policy Package on multiple targets simultaneously. |
| 1012389 | „Negate Source” and „Negate Destination” options are missing. |
| 1012435 | When editing an address group in a firewall policy, the members do not display correctly. |
| 1014499 | FortiManager Azure SDN connector is unable to pull K8s label from AKS. |
| 1020917 | When „partial-install” feature is enabled, clicking on „Install Objects” can sometimes freeze the GUI, preventing any modifications until it refreshes and also installation may not completed. |
| 1027238 | Unable to install when using vlan interfaces within a Virtual Wire Pair Policy. |
Script
| Bug ID | Description |
|---|---|
| 1008268 | The FortiManager script installation process hangs and does not complete. |
| 1011730 | FortiManager does not load scripts instantly; it takes a noticeable number of seconds for each script to open. |
| 1020938 | After the image upgrade, users may encounter a „Temporarily Unavailable” page message. This problem specifically occurs when special characters, like „$(...)„, are used within a TCL script in an ADOM. The Meta variable parsing function incorrectly identifies these characters as meta variable delimiters. |
Services
| Bug ID | Description |
|---|---|
| 980334 | „Download to Excel” option on Licensing Status under the FortiGuard does not work. |
| 985074 | Changing the FortiGuard Server Location under the the license info widget results in a blank page popup. |
System Settings
| Bug ID | Description |
|---|---|
| 881309 | In SSO configuration, whether the settings for „ext-auth-accprofile-override” and „ext-auth-adom-override” are enabled or disabled, the users are granted an adom/accprofile override if the IdP sends valid ADOMs and „profilename” attributes. |
| 987173 | The „ext-auth-group-match” feature doesn’t work for SAML SSO users. |
| 988343 | SSO users are unable to switch between ADOMs. |
| 995755 | Workspace lock override doesn’t work for whole ADOM or policy package. |
VPN Manager
| Bug ID | Description |
|---|---|
| 678319 | Once „os-check” option is enabled, „os-check-list” table is not loaded. |
Notatki producenta: FortiManager 7.4.3 Release Notes
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
