Fortinet udostępnił najnowszą aktualizację dla FortiNAC-F o oznaczeniu wersji  7.2.5. Po wersji 9.4 FortiNAC został ponownie wersjonowany. Pierwsza publikacja po wersjonowaniu to F 7.2, zatem kolejność wersji jest następująca: FortiNAC 9.1 > FortiNAC 9.2 > FortiNAC 9.4 > FortiNAC F 7.2. Nowa wersja rozwiązuje problemy zgłaszane przez administratorów w poprzednich wersjach produktu.

Ważna informacja:

Ze względów bezpieczeństwa wprowadzono ulepszenia w metodzie komunikacji pomiędzy serwerami FortiNAC. W związku z tą zmianą wszystkie serwery FortiNAC muszą mieć dodatkową konfigurację, aby móc się komunikować. Przed aktualizacją należy wykonać następującą procedurę, aby zapobiec zakłóceniom komunikacji.

Postępuj zgodnie z instrukcjami dla odpowiedniego urządzenia (jeśli nie korzystasz z FortiNAC Manager, te kroki można pominąć):

Pre-upgrade procedure (FNC-M-xx): FortiNAC appliances running on CentOS

Pre-upgrade procedure (FNC-MX-xx): FortiNAC appliance running on FortiNAC-OS

Usprawnienia oraz rozwiązane problemy:

960060	„Device Link Down” and „Device Link Up” event log entries for link state traps do not display the correct interface value.
970257	Specified role not assigned to devices registered via the Portal, instead NAC-Default is assigned.
934794	Performance issues with host record aging.
946405	Scheduler pop up dialog box with CLI Configurations error of undefined.
975442	Unable to read VLANs/ports on Mist AP’s.
974363	Lantech switch VLAN change and traps not functioning.
974008	Browsing to Administrator Users page causes OutOfMemory error.
973447	RADIUS EAP Certificate reverts to default self-signed certificate on reboot of system.
973328	FortiNAC-F shows custom created device type with 'cust_’ prefix.
968809	Host view: Failed to retrieve Device Types – An error occurred when processing your request.
968649	Device profiling rules using network traffic as a method will accept any IP as destination.
968630	In High Availability configurations, disk fills on Primary and Secondary servers after a period of time due to large backup files.
968100	Dell EMC Networking OS10 Enterprise Switch Aggregate Ports are being ignored.
964473	HTTPS device profiling method expects SAN to be present in certificate of IoT/OT endpoint device and fails if not present.
964017	While secondary is in control, running shutdown on primary causes secondary to shut off.
962475	After Failover test using „hsForceFailover” script, Reboot and PowerOff is wrong behavior from GUI’Power Management’.
960361	Standard User Captive Portal Error 'The input is required’.
958984	Correct VLAN ID not shown on FortiNAC GUI.
957987	Disconnect Not Sent on Host Deletion Meraki Wired.
956088	WebUI Session Timer not working.
950425	Local RADIUS config loads incorrectly after reboot from ConfigWizard.
941702	FortiNAC serves Portal v1 if index.html file is present.
939970	Discovery not scanning full range.
928189	FortiNAC does not send FSSO TAG when internal ARP cache entry is expected to be updated from the Persistent Agent.
927929	User title not visible in Users view in standard view mode.
914051	Client gets 'no failed scans’ remediation page, host health status shows scan failed, no actions possible for the user.
912555	Sponsor Approval Link Requires Login for non-Admin users.
904444	[FortiNAC-OS] Need Time Zone data update procedure, Egypt changing April 28th 2023.
897660	After upgrade FSSO information not being sent for endpoints not directly connected to FortiGate.
977272	VPN host connecting and using DA cannot connect to Server after DA Download.
961235	Managed Fortilink system. System>Settings>Groups Port group FSW doesn’t populate the FSW ports.
969596	Dynamic Tags sent to FortiGate that has no SSO configured in FortiNAC.
971169	SSO addresses not always cleared from internal address cache.
969640	Periodically syncing FSSO for FGT & FNAC does not work.
966737	FortiNAC does not send dynamic firewall tags down to FortiGate when device port is enabled.
972151	Reboot of FortiNAC after VLAN switch causes race conditions with tags being sent to FortiGate.
972343	FortiNAC unable to join security fabric upon initial configuration.
960436	FortiNAC is unable to read the ARP table from Forcepoint FW.
913211	Added VMXNET 3 interface type option on VMware. Has improved network performance over the existing E1000 interface type. See Import Virtual Machine in the VMware Deployment Guide for details.   Note: For existing pre-7.2.5 VM deployments, the E1000 interface will continue to be used. To change the adapter type after upgrading to 7.2.5, see vendor documentation.
868147	FortiNAC-OS > Need CLI capability to be able to reload/restart processes.
916289	Aruba AP’s are seen moving between WLC’s, initiating L2 polls at a very high rate.
968050	Unable to read VLANs for MICROSENS G6 Industrial Switch.

Znane problemy:

944935	FortiNAC unable to recover from a pending MySQL transaction. It is not recommend to run CLI execute mysql repair, which will cause mysql down.
962235	Can’t schedule a task in scheduler to start at 00:00:00 or any time with 00 as the hour.
974270	Non fabric root FortiGate does not have dynamic tags after firmware update.
970135	Unchecking System > FSSO communication returns „There was an error processing this request” when saving.
954220	Unable to restore system backup files on FortiNAC-OS appliances.
969091	Admin with System Administrator profile cannot delete another user in the UI with Base license.
951419	HTTPS Status 500 – Internal Server Error attempting to access model config from right click context menu.
955985	Extreme switch with 'description-string’ in switchport config won’t display connected adapters in GUI device model.
964841	Users & Hosts > Hosts GUI does not allow selection of bulk hosts in view.
827499	Show system interface does not show the eth1/port2 IP address for Forti-OS FNAC.
827283	The Roaming Guest Logical Network is missing from the Model Configuration of FortiGate and possibly from other vendors.
956436	FortiNAC does not function properly as a RADIUS proxy when integrated with a NEC-QX switch.
972884	Config backup file taken before the FortiNAC factory reset cannot be restored after factory reset, and vice versa.

Notatki producenta: FortiNAC F 7.2.5

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie