Producent oprogramowania Fortinet zaprezentował aktualizację dla produktu FortiManager w wersji 7.6.0, która wprowadza poprawki dotyczące bezpieczeństwa oraz rozwiązuje kilka znanych problemów. W tej wersji m.in. poprawiono konfigurację captive-portal SSID przez GUI, rozwiązano problem błędów kanałów przy tworzeniu profili AP oraz naprawiono błąd, który powodował problemy z importem plików CSV w FortiSwitch i AP Manager. Ponadto, zaktualizowano profile 802.11ax-5g dla wszystkich FortiAP obsługujących WiFi 6 oraz poprawiono wyświetlanie czasu w monitorze SDWAN. Więcej szczegółów dotyczących aktualizacji oraz zmian można znaleźć w artykule poniżej.
Wspierane urządzenia:
| FortiManager | FMG-200F, FMG-200G, FMG-300F, FMG-400G, FMG-410G, FMG-1000F, FMG-1000G, FMG-2000E, FMG-3000F, FMG-3000G, FMG-3100G, FMG-3700F, and FMG-3700G. |
| FortiManager VM | FMG_DOCKER, FMG_VM64, FMG_VM64_ALI, FMG_VM64_AWS, FMG_VM64_AWSOnDemand, FMG_VM64_Azure, FMG_VM64_GCP, FMG_VM64_HV (including Hyper-V 2016, 2019, and 2022), FMG_VM64_IBM, FMG_VM64_KVM, FMG_VM64_OPC, FMG_VM64_XEN (for both Citrix and Open Source Xen). |
Rozwiązane problemy:
AP Manager
| Bug ID | Description |
|---|---|
| 1028657 | The captive-portal SSID and its configurations cannot be configured via GUI. |
| 1029701 | Unsupported channel errors found when importing/creating AP profiles. |
| 1032319 | Importing AP profiles for FortiWiFi models will cause „Unable to assign template” error. |
| 1033105 | When importing the CSV file in the FortiSwitch and AP Manager, all columns show a green checkmark, but clicking Next to import is not possible. |
| 1034334 | Channels are not reflected properly for bands in AP Manager and there are missing bands in ADOM 7.4 |
| 1036210 | AP Manager does not display all supported bands for the FortiAP platform. Hence, FortiAP Bands can’t be set on AP Profiles. |
| 1050466 | The 802.11ax-5g AP profile is missing for all FortiAPs that support WiFi 6. This issue has been observed in FortiManager 7.6.0 and ADOM 7.6. |
Device Manager
| Bug ID | Description |
|---|---|
| 895994 | When using the „where used” feature in Phase 2 quick mode selector, objects do not appear, and they can be removed. |
| 1000686 | HA autolink failure occurs when LAN interfaces do not exist. |
| 1021693 | Incorrect time displays on the SDWAN monitor health check status. |
| 1026955 | Configuring BGP communities encounters errors due to improper format on the FortiManager. |
| 1029746 | There are „carriage return characters” in the downloaded config files from the Device Manager. |
| 1033653 | FortiManager is trying to install and configure „config web-proxy global” on the following FortiGates; this installation fails.
Affected FortiGates: Some low-end FGTs have encountered this issue.
|
| 1039014 | The following error has been observed while doing configuration changes in the FortiGate Global system settings. This issue has been reported after upgrading the FortiManager from 7.2.5 to 7.4.3.
„Error : datasrc invalid. object: firewall ssh setting.:caname. detail: Fortinet_SSH_CA. solution: datasrc invalid” This issue is mostly observed when the multi-vdom feature is enabled on the FortiGates. |
| 1041440 | Some FortiGate platforms (FGT-40F and FGT-60F) do not support the „ip-managed-by-fortiipam” and FortiGate refuses to take the configuration from FortiManager; hence users will be experiencing the install error. |
Global ADOM
| Bug ID | Description |
|---|---|
| 999500 | Unable to configure EMS settings in the Global ADOM. |
| 1005177 | When creating a script to rename the policies on global db policy block by taking their IDs, the error „[Policy id space out of range]” can be seen. |
Others
| Bug ID | Description |
|---|---|
| 983359 | The „40F-3G-4G LTE” modem is not listed on the FortiManager’s Extender Manager. |
| 988422 | The installation fails to FortiProxys when FortiManager attempts to set the firewall address object with the associated-interface value of „any„. FortiProxy does not support the „any” value key. |
| 988477 | There is not detail output information when executing „diagnose cdb check policy-packages„. |
| 993924 | „Application fmgd” keeps crashing when accessing SDWAN monitor page. |
| 1032350 | FortiManager fails to download Install preview log because the button is grayed out (for both policy package and device setting and device setting only installations). |
| 1034511 | Unable to upgrade ADOM from v7.2 to v7.4 due to a crash occurring with the assigned FortiSwitch template. |
| 1035552 | FortiManager’s GUI may crash when users are navigating through DHCP Monitor (Device Manager > Managed FortiGate > Dashboard: Network Monitors). |
| 1047184 | When the „Allow FortiToken Mobile push notification” policy is enabled in the FortiAuthenticator, the „Token Code” field is not displayed on the FortiManager’s GUI login page for manual insertion of the token. It should be noted, the token is received on the phone, and the login completes successfully. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 981694 | When „NAC Policy” rules are created and the „Install On” option is set to specific FortiGates, the rules are still pushed to all FortiGates listed under „Installation Targets”. This results in policy installation failures on other devices, as some FortiGates might not support NAC Policy settings. |
| 998238 | Unable to delete some Object Addresses due to the invalid policy nodes and references. |
| 1001027 | If using Static Route template, FortiManager may become unresponsive when trying to install multiple devices simultaneously. |
| 1004929 | FortiManager removes the Web Filter Profile from the Profile Group for Policy-Based FortiGates. |
| 1013434 | Unable to add VIP/VIP group in the destination address field of policies, as they are not visible when trying to add them in ADOM 6.4. |
| 1013990 | There are no commands available for installing source or destination interfaces when adding them to a firewall policy or SNAT rule. |
| 1033126 | When „private-data-encryption” is enabled globally on the FortiManager, the installation fails when attempting to change the local/LDAP/RADIUS passwords. |
| 1034754 | Policy installation might fail for v7.4.4 FortiGates when the „system interface” and „system router” configurations are applied via the CLI template and assigned to them. |
Revision History
| Bug ID | Description |
|---|---|
| 801614 | FortiManager might display an error message „Failed to create a new revision.” for some FortiGates, when retrieving their configurations. |
System Settings
| Bug ID | Description |
|---|---|
| 970056 | The policy installation fails when FortiManager attempts to apply changes related to the „management address” on the interface of the FortiGates. |
| 1034021 | FortiManager does not redirect to SSO login page when „Default Login Page” in SAML SSO is set to „Single-Sign-On”. |
| 1034076 | Admin Profile with no access to provisioning template can view provisioning templates by using direct URLs. |
| 1040130 | GMT+6 is not visible on the system settings. |
VPN Manager
| Bug ID | Description |
|---|---|
| 1042701 | The traffic view page for the full mesh does not display the FortiGate and the external gateway. |