FortiOS 5.4.8
Nowa wersja oprogramowania FortiOS oznaczona numerem 5.4.8 została wydana. W najnowszej odsłonie z linii 5.4.x zostały poprawione błędy. Zachęcamy do zapoznania się z listą poprawek oraz aktualizacji Firmware na swoich urządzeniach.
Poprawki / Błędy
AntiVirus
456704 When signature update runs on a FortiGate device, the scanunit process shows busy and drop.
Application Control
402773 AppCtrl signatures are blocked after rebooting FortiGate.
438759 TeamViewer not blocked with explicit proxy application control with SSL “deep inspection”.
458177 Hairpin VIP traffic fails when application control is enabled on firewall policy.
DLP
454112 HIBUN file with *.exe extension is detected as exe file
Firewall
388040 Creating address object gives errors but still creates the object.
448158 DNS traffic does not refer to user but refers to 'source user’ field.
449195 DNAT not working for SCTP -Multi-homing Traffic.
GUI
372943 Explicit proxy policy may show a blank for default authentication method.
405021 In the Policy list page, FQDN object that is just applied to the policy always shows as unresolved unless the whole page is refreshed.
456566 The firewall Policy list page needs to have support for custom sections.
458586 In the Policy list page, Interface Pair View always displays as expand-all
HA
438374 HA reserved management interface unable to access or ping.
439152 FGSP – standalone config sync – synchronizes BGP neighbor.
449147 No security database update on slave unit in FGSP environment.
452052 vcluster2’s VMAC on VLAN Interface is not persistent after vcluster1 fails over.
452715 ha-mgmt-interface on slave unit is overwritten when backed up and restored.
455738 FortiGate does not failover when the ping server is down.
457554 FortiGate does not send syslog after ha-mgmt-interface link goes down and then up.
459252 When creating firewall policy or modifying interface settings, some HA processes such as Hasync and Hatalk go into D state.
461589 HA checksum changes after each reboot.
461731 HA dedicated management port settings are modified and unreachable after restoring the configuration backup.
IPS
443418 User is not listed in quarantine list in case block duration value is set long enough
IPsec VPN
441267 FortiGate static remote-gateway can change if peer sends ESP traffic with different IP address.
461989 ESP traffic is not forwarded out over intervdom link.
Logging
445839 Disabled logging shows action=close traffic.
Proxy
392542 WAD returns 403 Forbidden when scanunit daemon is killed or crashed.
435332 Keepalive Exempted HTTPs traffic keeps on kernal and proxy.
439925 Webproxy does not update the WAD user’s list when new users log in.
441284 www.nieporet.pl website loads very slowly in proxy mode when AV is applied.
444095 Proxy-Authorization: NTLM Requests for HTTPS sites closed by FortiGate with Proxy mode and SSL Certificate Inspection.
445312 tcp-timewait-timer does not have any effect when WAD is running.
445328 WAD crashes after upgrading to 5.6.1.
445374 Proxies should preserve DSCP flags.
447274 Specific web page fails to load when proxy-based AV profile is enabled on Explicit web proxy policy
Router
441506 BGP Aggregate address results in blackhole for incoming traffic.
448291 Packets taking different routes from the same subnet even when a specific route is in place.
SSL VPN
423415 Incorrectly resolved membership for group members using SSL VPN.
441068 SSL VPN unable to connect in tunnel mode, seeing multiple stale sessions for the same user.
450128 MAC address list is lost when aborting unselect command on CLI.
System
402162 fgSysVersionIps SNMP queries do not always reflect used databases.
438944 BPDU frames are not changed in TP mode when one arm is connected to multiple VLANs.
443019 After running for some time, the FG-30E console keep printing memory leak error messages.
444090 Cannot get SNMP values for NP6 counters.
452456 Memory leak on FG-100D slave unit.
—
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
