Producent oprogramowania Fortinet opublikował aktualizacje dla oprogramowania FortiNAC o oznaczeniu 8.8.5. W najnowszej wersji rozwiązano problem FortiNAC, który mógł nie wysyłać poprawnie informacji o grupie do FGT lub mógł ich nie usunąć z powodu braku synchronizacji wewnętrznej kolejki komunikatów FSSO FNAC. Rozwiązano również problem wolno działającego FGT VPN który wolno przetwarzał nowe sesje. Naprawiono także błąd widoku niezaszyfrowanych hasłem w odpowiedziach GET. Po więcej informacji zapraszam do dalszej części artykułu.
Wspierane modele:
| 670824 | Alcatel Omni 6860 48 port switch |
| 673042 | Huawei S5720-28X-PWR-SI-AC |
| 684702 | Fortigate 80F |
| 685957 | HPE OfficeConnect Switch 1920S 8G PPoE+ |
| 686918 | Alcatel-Lucent Enterprise OS6860-24 8.6.289.R01 GA
ATI AT-8000S Cisco IOS Software [Fuji], ISR Software (ARMV8EB_LINUX_IOSD-UNIVERSALK9_IAS-M) FL.10.04.0020 HP 1910-8G-PoE+ (65W) HPE 1950 24G 2SFP+ 2XGT PoE+ Meraki MR46E Cloud Managed AP SG350X-48P 48-Port Gigabit PoE Stackable Managed Switch S5720-52X-PWR-LI-AC TL.10.04.0030 |
| 688815 | FortiGate models
6-2_400e_bypass 6-2_100f_p2 6-2_80f_p2_merge 6-2_fgr60f_p2 6-2_200f_npi 6-2_np7_trunk – 180XF/260XF/420XF/440XF |
| 691343 | Cisco Nexus 6000 |
| 691344 | Cisco Nexus 9000 |
Rozwiązane problemy:
| Ticket # | Description (8.8.5.1722) |
|---|---|
| 600078 | Cannot show group membership of IP phone in a host Group |
| 602634 | „Device Rule Confirmation Failure” and „Device Rule Confirmation Success” events missing location and/or IP address information |
| 608757 | FortiGate VDOMs can have unique RADIUS configurations. Added primary, secondary, and secret to VDOM model config. |
| 646847 | HTTP Status 500 Error when configuring WinRM profiling |
| 671450 | Some device mappings in the database are not cleaned up when property files are changed. This can cause cause issues modeling devices. |
| 674288 | Unable to read SonicWALLPRO MAC address (L2) data |
| 675168 | Issues changing VLANs on HPE OfficeConnect 1950-48G-2SFP+-2XGT-PoE+ due to mapping |
| 679244 | Arp (L3) information not processing on HP 10508 switches |
| 681256 | Management process crashes if both primary and secondary are running in control |
| 682244 | GSuite devices are incorrectly removed from FortiNAC after poll |
| 684312 | FGT API access frequently fails when reading and writing. |
| 684732 | Added text to the following views to improve usability when configuring the shared secret for Local RADIUS:
Model Configuration tab VDOM Configuration SSID Configuration SSID Wizard configuration context (via right click multiple SSID’s) |
| 685272 | Scan does not work when host is manually placed „At Risk” and end user tries to scan from Captive Portal page. |
| 685687 | If both SSID & VDOM contexts exist in Local RADIUS, RADIUS Attribute Groups always come from VDOM. |
| 685688 | L3 polling stops due to hung HTTP request to FortiOS |
| 685928 | FSSO startup processing is not creating internal message table correctly, affecting the FSSO tagging process. |
| 685969 | FNAC may not send group information correctly to a FGT or may not remove it due to FNAC internal FSSO message queue being out of sync. |
| 686125 | NullPointerException in CiscoSwitch.updateVersion |
| 686290 | NullPointerException in FortigateCommon |
| 686293 | Added property com.bsc.plugin.dpc.ActiveFingerprint.revalidationMaxRetries to activeFingerprint.properties. This sets the number of times Device Profiler attempts to revalidate a device before triggering event „Device Rule Confirmation Failure”. |
| 686567 | Radius accounting port 1813 not listening after upgrade to 8.8.x |
| 686628 | Device modeled without CLI credentials fails to load Model Configuration panel. |
| 686801 | Corrected mapping for FortiSwitch FSW_424E_FPOE |
| 687291 | Database replication fails if /etc/hosts is misconfigured |
| 687434 | Proxy RADIUS fails to find wired port on FGT/FSW for MAB. |
| 688129 | Missing X-CSRFTOKEN for Fortigate REST API |
| 688132 | Some passwords being shown unencrypted in GET responses |
| 688656 | Duplicate FLink-FSW ports would be created if FSWs were given a name. This impacted L2 polling and other functions. |
| 688674 | Improved workflow in Local RADIUS Server view for initial configuration of Local RADIUS / winbind services |
| 689275 | When machines with virtual adapters and the Persistent Agent reboot, new host records are generated. |
| 689349 | Admin UI no longer accessible message indicates „You do not have permissions to access this page” |
| 690891 | Added global option to be able to disable the entitlements check in Device Profiler. |
| 690964 | Host owner is incorrectly set after scanning, can change Registered Device to Host |
| 691335 | Restart winbind service if it goes down automatically & generate event |
| 691465 | The FGT VPN solution is slow to process new sessions when events are missing. |
| 692447 | Global aging should not remove Administrator accounts |
| 692465 | The ability to register host by SNMPTRAP is now disabled by default.
Important: Must be re-enabled after upgrade for existing configurations. Contact Support for assistance. For details, see related KB article FD51186. |
| 692969 | Port status is set down with port property view. |
| 672014
672016 |
Users cannot set admin status on FGT and FSW ports that are Radius Enabled. |
| 676680
689332 692938 |
Includes Agent 5.2.6 |
Notatki producenta FortiNAC 8.8.5
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
