B&B Bezpieczeństwo w biznesie
  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

Fortinet publikuje aktualizację oprogramowania autorskiego systemu operacyjnego dedykowanego dla FortiGate. Lista naprawionych błędów wykrytych w poprzedniej wersji oprogramowania kolejny raz utwierdza nas w przekonaniu, iż producent robi wszystko co w jego mocy aby software dla nowoczesnych zapór sieciowych FortiGate był dopracowany w każdym aspekcie! Zachęcamy do aktualizacji urządzeń oraz lektury zmian jakie wprowadzono w systemie operacyjnym FortiOS 6.0.3.
 

 

Rozwiązane problemy:

Anti-Spam
Bug ID Description

500789 FortiGuard spam submission hyperlink does not contain any link to to the FortiGuard submission page.

Antivirus
Bug ID Description

445312 tcp-timewait-timer does not have any effect when WAD is running.
459986 Repeated scanunit signal 11 crash scan_for_base64_objects.
502138 AV full scan mode causes traffic to fail.
505249 Proxy AV profile blocks Dell Command Update.
505393 Quad File Dropped Reason forticloud-daily-quota-exceeded.

Application Control
Bug ID Description

498396 Upgrade from 5.2.13 to 5.4.9 is affected by application list global limit.

Data Leak Prevention
Bug ID Description

454103 Certain PDF files are blocked when DLP filter is set to block .bat file.
496255 Some XML-based MS Office files are recognized as ZIP file.
506750 Customer wants to block .csv file extension when attaching a file on web-based gmail.

Endpoint Control
Bug ID Description

479672 FortiTelemetry not blocking VIP.
500027 Can’t block FortiClient that’s not compliant.

Explicit Proxy
Bug ID Description

496294 SNMP value returned OID of fgExplicitProxyMemUsage and fgExplicitProxyUpTime is always 0.
502392 Explicit web proxy does not learn session TTL correctly.
503478 Presence of X-XSS-Protection header causes response to be not cacheable.
506654 High memory usage on WAD.
508818 Agentless NTLM proxy authentication incorrectly returns 403 Authorization Failed to empty credential login attempt.
509876 Web proxy internet service as dst address cannot work for some IP address range overlap cases.
512268 FortiView is not populated by xff-learned original client IP address.
512294 WAD should not keep buffer data if the server’s response broke the HTTP protocol.

Firewall
Bug ID Description

504699 nat-source-vip enabled shouldn’t affect SNAT in normal policy.
506430 Traffic shaper bandwidth cannot exceed guaranteed bandwidth if max bandwidth is not configured.
508844 FortiGate needs to support NAT64 fragmentation inbound DF-set feature.
509777 Default custom service will block traffic.

FortiView
Bug ID Description

507441 Unable to show information from GUI in Fortiview > Sources.

GUI
Bug ID Description

297832 Administrator with read-write permission on Firewall Configuration is not able to read or write firewall policies.
407475 Permission denied error is shown when an admin user clicked Create New in Traffic Shaping Policy.
422871 In interface list, when logged in as VDOM admin, the GUI should gray out enable/disable option on interface that does not belong to the admin.
449956 VPN setting should not show IPv6.
458106 WiFi & Switch Controller > FortiSwitch Ports keeps on spinning.
468003 Not possible to do FW policy search based on an interface name itself when Interface Pair View is used.
468314 SD-WAN interface cannot be set as dstintf in IPv6 firewall policy.
474524 The GUI policy page won’t load for restricted admin.
474737 fwgrp read&read-write access profile doesn’t work properly.
476237 FortiGate GUI using unsecure telnet to connect to CLI of switches instead of SSH through GUI.
478057 Cannot restore configuration when GUI access to the FortiGate is via a connection with small bandwidth.
478116 Need GUI functionality added back to HUGHES branch for script execution from FortiManager.
481902 When accessing FortiView > Websites page, gets error Failed to get FortiView data and httpsd keeps crashing.
486248 For FG-30D, the default admin has insufficient privileges to access Antivirus profiles in GUI.
487350 FortiGuard Filtering Services Availability showing Unavailable on GUI when no valid Anti-spam license is present.
487512 Some GUI pages not displayed for administrators who have no access for Web Filter in profile.
488605 Device Definitions Page is not loading for a read-only account.
489744 GUI does not allow valid BGP router-id in GUI.
491394 Network > Interfaces > Internal error: VDOM.
494713 Suggest GUI Disk_Usage_Widget graph Y-axes scale’s maximum unit value to be 100%.
495043 Trusted hosts list is partial within admin details page on GUI and it allows duplicate entries of trusted IPs.
496959 Widgets Host Scan Summary and FortiClient Detected Vulnerabilities do not count online offnet devices (via WAN).
497427 V3.3.0_533151 remote access stuck loading main dashboard page and login with Fortimanager_ Access user.
501197 Sometimes cannot set or change guest user expiration time in Mozilla Firefox.
501528 Local domain name cannot be removed from GUI, can only be done through CLI.
501982 In POE, POE status not showing and POE port not shown in blue.
503867 In GUI, some certificates break the Certificate page.
504483 DHCP client list for MAC reservation keeps on loading from GUI.
504935 peertype one in ikev2 phase1-interface can be chosen in GUI.
505656 When using Edge, a page is reloaded when hovering on a connecting line between objects in the topology.
505985 FortiSwitch Topology in GUI not showing an ISL.
506795 Address object associated virtual pair port is not seen in Select Entries dialog box.
506907 Need to improve Dial Codes for Dominican Republic and Puerto Rico.
507427 IP6-mode changed from delegated to static after some parameter was changed on WebGUI.
508596 GUI Dashboard > Interface Bandwidth widget cannot be added for GRE tunnel interfaces.
512478 If NAT is configured to Use Outgoing Interface Address the Preserve Source Port switch is hidden or missing.
512481 Cannot see comments on the GUI for VIP GROUPs on FortiOS 6.0.2.

HA
Bug ID Description

465849 Wrong diagnose sys ha dump-by vcluster display when cluster V5.4 and V5.2 are on the same LAN.
502110 HA-mgmt interface is displayed on every VDOM.
503118 Slave unit sends several false alert emails everyday after upgrade to 5.6.
506363 Debugzone and checksum output do not match.
510585 HA does not recognize proper ping-server status, hence does not failover when ping-server is down.
512383 local-in-policy for ha-mgmt-int doesn’t work after reboot.

Intrusion Prevention
Bug ID Description

480525 DHCP doesn’t work properly in TP when IPS is enabled.
492193 DoS policies consume 20% more CPU than in FortiOS 5.2.
497602 After upgrading, sniffer packet on any interface causes drops on kernel and traffic impact. DoS policies used.
503895 Traffic drops for 15 seconds when UTM is enabled.
505945 IPS extended-utm-log rawdata log field should include Url field.
506234 Cannot configure IPS sensor severity or threat-weight category.
509174 6.0 build 0163 IPSengine 4.021 crash with signal 14.

IPsec VPN
Bug ID Description

463441 NAT -T broken with AWS and FortiGate.
476461 IKE does not release the mode-cfg framed-IP assigned from RADIUS.
481720 Using transparent mode and policy base VPN, about 4 ICMP packets which exceed over MTU 1375 byte are dropped.
492366 100% system CPU usage when re-keying idle IPsec tunnels.
502591 Unable to manage FortiGate with FortiManager over IPsec tunnel.
504383 When using the command get vpn ike gateway in a VDOM, the firewall CLI session outputs information for only a few tunnels and exits.

Log & Report
Bug ID Description

490378 Long-live session statistics logs add sentdelta and rcvddelta fields for FortiCloud and FortiView as required.
500087 Support WCCP set up with one arm WCCP web cache diagram.
503897 FortiGate-501E units generating logs only for five minutes after rebooting the unit, Then do not generate logs anymore.
504238 Incorrect log action blocked even user is „passthrough” in web filter log with warning-prompt per domain.
505474 DNS events are not included in the security event list.
507227 All logs in the log disk are erased after upgrading to 6.0.
508277 Non-SIP packet send to SIP ALG gets dropped with no log.

Proxy
Bug ID Description

497974 WAD crash: signal 11 (Segmentation fault) received everytime when static route is disabled.
500965 In FG-200E kernel conserve mode, WAD process consuming high memory.
503633 Some traffic forwarded to different gateway when proxy based UTM profiles are used.
503667 Numerous WAD process crashes and WAD counter errors.
505772,513667 WAD process crash with signal 11.
506995 FG-1200D WAD crashing 5.6.5 (WAD MAPI).
507155 System went into conserve mode due to WAD after upgrade to 5.6.5.
511114 WAD crashes when clientcomfort is enabled.

REST API
Bug ID Description

424403 REST API for system CSF didn’t return CSF group name.
501749 REST API 403 error on IPS log retrieval with loggrp.data-access group.
512038 REST API Post to add address objects to an address group response is incorrect if address group is at max table size.

Routing
Bug ID Description

490312 When we set keepalive-interval > 0 in GRE tunnel, static route to remote site becomes inactive.
497134 eBGP attempts to reach neighbor via a non-connected route from an IPsec VPN tunnel even though ebgp-force-multihop is disabled.
499100 SD-WAN with IPPool not respecting associated interface if one of the links has a dynamic IP.
504164 OSPF – LSA checksum error.
505189 Kernel is missing routes.
505467 For some OSPFv3 intra-area routes, the next-hop link-local address is not displayed.
506074 SD-WAN SLA’s restore link value is too small and doesn’t account for dynamic routing/convergence.
506627 SD-WAN traffic dropped by tunnel when we create a SD-WAN health check from the HUB.
509988 Dynamic tunnel (shortcut in ADVPN) cannot be established.
511203 When using policy route for IPv6, NAT64 does not work.

SSL-VPN
Bug ID Description

477231 Unable to log in to VMware vSphere vCenter 6.5 through SSL VPN web portal.
491733 SSL VPN process taking 99% of CPU utilization {tunnel mode only).
492654 SSLVPND process crashes and users are disconnected from SSL-VPN.
493772 Some URLs in SSL VPN return HTTP404.
496584 SSL VPN bad password attempt causes excessive bindRequests against LDAP and lockout of accounts.
499071 SSL VPN logon fails if user is member of a large number of LDAP groups.
499612 Web-mode SSL VPN login attempt fails for user with locally assigned token if GROUP name contains plus(+) sign.
500901 SSL VPN web portal connected to FortiManager (5.6.3) unable to view managed devices and policy packages.
502044 SSL VPN creates user bookmark placeholder where user bookmarks are not allowed.
502365 SSLVPND crashes after upgrading from 5.6.3 to 6.0.1.
503160 Unable to render icons via web based SSL VPN bookmark.
503909 Bookmark cannot load successfully in SSL web mode.
506346 JQuery errors when accessing PDF documents through SSL VPN web portal.
507068 Internal server page does not display in SSL VPN web-mode; displays OK in tunnel mode.
507242 Internal web site not working through SSL VPN web mode.
507251 SSLVPND is continuously crashing.
510967 Internal server web app not accessible when using SSL VPN web mode and gives error.
512041 SSL VPN users get a JavaScript error when accessing bookmarks in web mode.
512409 In SSL VPN web mode, SMB/CIFS uploaded Japanease file name is garbled.

Switch Controller
Bug ID Description

504179 Application cu_acd has segmentation fault on FortiGate.
510998 Unable to delete SVI on FortiGate and VLAN from switch interface under FortiGate-managed switch after it becomes part of auto-ISL trunk.
511394 Switch-controller lldp-profile global limit is hit by creating 500 VDOMs.

System
Bug ID Description

440411 Monitor NP6 IPsec engine status.
465122 GeoIP database mismatch on cluster after every new database release.
470650 DNS filter getting purged by FortiManager when not used in a policy because FortiGate DNS filter does not contain static entry.
473118 Fnbamd crashes after upgrading ca_bundle file.
474645 After modifying system settings in GUI, gets wrong message and FGFM status is changed.
476026 Bug in the config revision diff function (for comparing two configs).
482497 Running diagnose npu np6lite session in FG-201E results in high CPU and system instability.
491090 FortiGuard service is unavalable since upgrading.
495378 Port2 goes down after running for right days on FG-800D.
495493 Central-management settings do not allow push configuration and upgrade versions but do not take effect.
496528 Suggest set IPv6 address as NTP source.
496590 FQDN address object does not accept numbers at the end.
498032 Sometimes 5001E blade crashes during traffic testing with UTM enabled in firewall policy.
499055 DHCPv6c / PD: Single DUID on multiple WAN connections to same carrier causing issues with carrier DHCP utilizing only DUID.
503638 config system ipip-tunnel is lost after reboot when using pppoe interface.
503725 NP6 affecting all user traffic when enabled on policy.
503751 Changing master 5001E/5001D blade FortiController Trunk Interface MTU setting loses kernel static routes in all slave 5001E/5001D.
504960 Enhancements for maintainer account.
505715 DHCP lease new IP to same EFTPOS S800 device causes DHCP lease exhausted.
505930 FG-3700D freezes when deleting VDOM.
506030 SLBC cluster never in sync after policy push.
506219 Worker blade doesn’t update the FT routing cache when phase1 is bound to a loopback interface.
506223 FortiGate is not compliant with RFC 3397 (Domain Search Option Format).
506365 Cannot disable DNS override from CLI, can’t disable default gateway from server.
507060 Packet loss on startup when interfaces are in bypass mode.
507061 Longer time to put interfaces in bypass mode during shutdown.
507252 No session match for IPsec communication on worker blade master.
507447 FortiGate 300E is bridging OSPF packets during boot phase.
508304 IP is not updating in DDNS with 60D models.
510200 FortiGate DNS configuration doesn’t allow single-word domain names.
510419 HTTP link-monitor – response parser is case-sensitive (Content-Length header).
510450 DHCP client is not getting IP address/route in HA A-P context.
512985 Bypass port pairs getting triggered even without any power failure or reboot.
513319 execute batch start errors with Cisco ACS tacacs user login.

User & Device
Bug ID Description

453095 Mobile FortiTokens not assignable VDOM in vcluster on slave unit.
498739 FSSO session interferes with SSL VPN auth sessions, prevents users from accessing allowed destinations.
500426 Email two-factor sending two codes and failing for GUI admin login.
502835 FortiGate reply RADIUS disconnect nak to FAC with log of User name is too long.
504746 Authenticated users have time-left 49710 days timeout.
509296 WAD user list does not update list based on FSSO.
511108 ldapconntimeout allows value which instantly times out LDAP authentication attempts.

VM
Bug ID Description

484540 FOSVM serial number changes during firmware upgrade.
490248 Virtual disk is automatically divided into three partitions.
497675 No packets received by FortiGate VM virtual NIC when using type=vhostuser, model=virtio.
498653 FortiOS VM stops passing traffic after failover.
501190 Fortinet Azure crashes infrequently.
502727 FortiGate VM encounters kernel panic on boot when running on ESXi 6.7.
502881 Cloud native default password and SSH authorized key.
506221 azd keep crashing with signal 11.

Web Filter
Bug ID Description

413187 XFF header enhancements (strip-off & enforcement) for URL filtering module.
482785 Web filter proceed page loading very slowly when setting FortiGuard category to authenticate.
489286 Renaming web filter profile does not take effect.
497075 Fail to retrieve external resource files – Transfer-Encoding: chunked.
500972 Wrong log for FortiGuard block page.
513400 iphone web filter restriction and safe searching do not work.

WiFi Controller
Bug ID Description

414960 Cannot get crash trace when hostapd crashes.
503084 In managed FortiAP, the client filter is not working.
503190 FAP info (apsn, apname, channel, radioband) missing from traffic logs.
505439 Local-auth – Missing second RADIUS port from VCFG.

Znane problemy do rozwiązania:

Application Control
Bug ID Description

435951 Traffic keeps going through the DENY NGFW policy configured with URL category.
488369 DSCP/ToS is not implemented in shaping-policy yet.

FortiView
Bug ID Description

375172 FortiGate under a FortiSwitch may be shown directly connected to an upstream FortiGate.
414172 HTTPsd / DNSproxy / high CPU/memory with high rate UDP 1Byte spoofing traffic.
453610 Fortiview->Policies(or Sources)->Now, it shows nothing when filtered by physical interface at PPPoE mode.
460016 In Fortiview > Threats, drill down one level, click Return and the graph is cleared.
482045 FortiView – no data shown on Traffic from WAN.
494731 Incorrect reporting in Fortiview.

GUI
Bug ID Description

256264 Realtime session list cannot show IPv6 session and related issues.
439185 AV quarantine cannot be viewed and downloaded from detail panel when source is FortiAnalyzer.
442231 Link cannot show different colors based on link usage legend in logical topology real time view.
451776 Admin GUI has limit of 10 characters for OTP.
508015 Edit Policy from GUI changes fsso setting to disabled.
513451 Archived data filed in logs shows incorrect data.
515983 Firefox cannot list user TACACS+ Servers. Chrome is OK.
516415 Edit Disclaimer Message button is missing on Proxy Policy page.

HA
Bug ID Description

451470 Unexpected performance reduction in case of Inter-Chassis HA fail-back with enabling HA override.
479987 FG MGMT1 does not authenticate Admin RADIUS users through primary unit (secondary unit works).

Intrusion Prevention
Bug ID Description

445113 IPS engine 3.428 on FortiGate sometimes cannot detect Psiphon packets that iscan can detect.

IPsec VPN
Bug ID Description

469798 The interface shaping with egress shaping profile doesn’t work for offloaded traffic.
481201 The OCVPN feature is delayed about one day after registering on FortiCare.

Log & Report
Bug ID Description

412649 In NGFW Policy mode, FortiGate does not create web filter logs.
516033 The traffic log for WANOPT data traffic in the server-side FortiGate should show policy type as proxy-policy, not policy.

Proxy
Bug ID Description

516444 Traffic over 1GB through SCP gets terminated when SSH inspection is enabled in ssl-sshprofile.
516934 In transparent proxy policy with cookie authentication mode, NTLM authentication doesn’t work and LDAP authentication using wrong username/password will cause WAD to crash.

Security Fabric
Bug ID Description

403229 In FortiView display from FortiAnalyzer, the upstream FortiGate cannot drill down to final level for downstream traffic.
411368 In FortiView with FortiAnalyzer, the combined MAC address is displayed in the Device field.

SSL-VPN
Bug ID Description

405239 URL rewritten incorrectly for a specific page in application server.

Switch Controller
Bug ID Description

304199 Using HA with FortiLink can encounter traffic loss during failover.
357360 DHCP snooping may not work on IPv6.

System
Bug ID Description

295292 If private-data-encryption is enabled, when restoring config to a FortiGate, the FortiGate may not prompt the user to enter the key.
364280 User cannot use ssh-dss algorithm to login to FortiGate via SSH.
385860 FG-3815D does not support 1GE SFP transceivers.
436746 NP6 counter shows packet drops on FG-1500D. Pure firewall policy without UTM.
468684 EHP drop improvement for units using NP_SERVICE_MODULE.
472843 When FortiManager is set for DM = set verify-install-disable, FortiGate does not always save script changes.
474132 FG-51E hang under stress test since build 0050.
494042 If we create VLAN in VDOM A, then we cannot create ZONE name with the same VLAN name in VDOM B.

Upgrade
Bug ID Description

470575 After upgrading from 5.6.3, g-sniffer-profile and sniffer-profile exist for IPS and web filter.
473075 When upgrading, multicast policies are lost when there is a zone member as interface.
481408 When upgrading from 5.6.3 to 6.0.0, the IPv6 policy is lost if there is SD-WAN member as interface.
494217 Peer user SSL VPN personal bookmarks do not show when upgrade to 6.0.1.

Web Filter
Bug ID Description

480003 FortiGuard category does not work in NGFW mode policy.

WiFi Controller
Bug ID Description

516067 CAPWAP traffic from non-VLAN SSID is blocked when dtls-policy=ipsec-vpn and NP6 offload are enabled.

Więcej informacji znajdą Państwo w notatkach: Notatki do wydania

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Post Views: 1 507

FortiGate FortiOS

Poprzedni artykułFortiClient 6.0.3Następny artykuł FortiManager 6.0.3

Najnowsze

FortiOS 7.0.1630 października 2024
FortiManager 7.6.130 października 2024
FortiAnalyzer 7.4.522 października 2024

Kategorie

  • Acronis
  • Aktualności
  • Bez kategorii
  • ESET
  • F-Secure
  • FortiAnalyzer
  • FortiAP
  • FortiAuthenticator
  • FortiClient
  • FortiDeceptor
  • FORTIGATE
  • FORTIMAIL
  • FortiManager
  • FortiNAC
  • FortiSIEM
  • FORTISWITCH
  • FortiWeb
  • NAKIVO
  • Proget
  • Qnap
  • Stormshield
  • Szkolenia
  • Veeam
  • VMware
  • WithSecure

Tagi

6.0.6 6.2.2 6.2.7 6.4.0 6.4.4 6.4.5 6.4.8 7.0.0 7.0.2 7.0.5 7.2.0 7.2.2 Eset eset endpoint antivirus eset endpoint security ESET Inspect ESET Protect ESET Protect Cloud F-Secure f-secure client security FMG FortiAnalyzer forti analyzer FortiAP fortiap-w2 FortiAuthenticator FortiClient FortiClientEMS forticlient ems FortiGate FortiMail FortiManager FortiNAC Fortinet FortiOS FortiSIEM FortiSwitch FortiWeb vCenter vCenter Server VMware VMware ESXi vmware esxi 8.0 vmware vcenter VMware vCenter Server

MENU

  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

BLOG TECHNICZNY

FortiOS 7.0.1630 października 2024
FortiManager 7.6.130 października 2024
FortiAnalyzer 7.4.522 października 2024

KONTAKT

+48 500-413-313
biuro@b-and-b.plhttps://www.b-and-b.pl
8:00-16:00
RODO | POLITYKA PRYWATNOŚCI
OGÓLNE WARUNKI REKLAMACJI

BEZPIECZEŃSTWO W BIZNESIE 2024 - wszystkie prawa zastrzeżone

MENU

  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

BLOG TECHNICZNY

FortiOS 7.0.1630 października 2024
FortiManager 7.6.130 października 2024
FortiAnalyzer 7.4.522 października 2024

Kontakt

+48 500-413-313
biuro@b-and-b.pl
8:00-16:00
Add new entry logo

Korzystamy z plików cookies lub podobnych technologii, by lepiej dopasować treści na stronie do Twoich potrzeb.
W każdej chwili możesz zmienić ustawienia cookies. Polityka prywatności

Akceptuję Odmów
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
  • Always Active
    Necessary
    Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  • Marketing
    Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
  • Analytics
    Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
  • Preferences
    Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
  • Unclassified
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.