B&B Bezpieczeństwo w biznesie
  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

Producent oprogramowania Fortinet właśnie udostępnił najnowszą wersję oprogramowania dla urządzeń FortiGate o numerze wersji 6.2.8. W najnowszej wersji naprawiono błąd
gdy centralne zarządzanie było włączone, użytkownicy mogli ominąć ograniczenia GUI tylko do odczytu i zastosować zmiany zasad. Rozwiązano również problem nieaktualizującej się bazy danych złośliwych certyfikatów w jednostce podrzędnej w klastrze HA. W wersji 6.2.8 producent rozwiązał także problem demonów sslvpnd które, zużywały 99,9% procesora podczas aktualizacji zasad. Po więcej ciekawych informacji zachęcamy do zapoznania się z dalszą częścią artykułu.

 

 

Co nowego:

Bug ID Description
634006 OpenSSL updated to 1.1.1j for security fixes.
638352 To avoid large number of new IKEv2 negotiations from starving other SAs from progressing to established states, the following enhancements have been made to the IKE daemon:

  • Prioritize established SAs.
  • Offload groups 20 and 21 to CP9.
  • Optimize the default embryonic limits for mid- and high-end platforms.

The IKE embryonic limit can now be configured in the CLI:

config system global
    set ike-embryonic-limit <integer>
end
644218 The host protection engine (HPE) has been enhanced to add monitoring and logging capabilities when the HPE is triggered. Users can enable or disable HPE monitoring, and configure intervals and multipliers for the frequency when event logs and attack logs are generated. These logs and monitors help administrators analyze the frequency of attack types and fine-tune the desired packet rates in the HPE shaper.

config monitoring npu-hpe
    set status {enable | disable}
    set interval <integer>
    set multipliers <m1>, <m2>, ... <m12>
end

The interval is set in seconds (1 – 60, default = 1). The multiplies are twelve integers ranging from 1 -255, the default is 4, 4, 4, 4, 8, 8, 8, 8, 8, 8, 8, 8.

An event log is generated after every (interval × multiplier) seconds for any HPE type when drops occur for that HPE type. An attack log is generated after every (4 × multiplier) number of continuous event logs.
660596 Because pre-standard POE devices are uncommon in the field, poe-pre-standard-detection is set to disable by default. Upgrading from previous builds will carry forward the configured value.
660624 When enabling the Security Fabric on the root FortiGate, the following FortiAnalyzer GUI behavior has changed:

  • If a FortiAnalyzer appliance is enabled, then the dialog will be for the FortiAnalyzer connector.
  • If a FortiAnalyzer appliance is disabled but FortiAnalyzer Cloud is enabled, then the dialog will be for the Cloud Logging connector.
  • If neither the FortiAnalyzer appliance or FortiAnalyzer Cloud are enabled:
    • If the device has a FAZC (standard FortiAnalyzer Cloud subscription) or AFAC (premium subscription) entitlement, then the dialog will be for the Cloud Logging connector.
    • If the device does not have a FAZC or AFAC entitlement, then the dialog will be for the FortiAnalyzer connector.
  • When FortiAnalyzer Cloud is enabled and the FortiAnalyzer appliance is disabled, then the Cloud Logging connector will not let you switch to the FortiGate Cloud FortiAnalyzer.
670345 Support Strict-Transport-Security in HTTPS redirect.
673371 Support ICMP type 13 at local interface.
680599 Increase the ICMP rate limit to allow more ICMP error message to be sent by the FortiGate per second. The ICMP rate limit has changed from 1 second (100 jiffies) to 10 milliseconds (1 jiffy).
684133 Support site-to-site IPsec VPN in an asymmetric routing scenario with a loopback interface as a VPN bound interface.

config vpn ipsec phase1-interface
    edit <name> 
        set interface "loopback"
        set loopback-asymroute {enable | disable}
    next
end

Rozwiązane problemy:

DNS Filter

Bug ID Description
511729 Domain filter entries whose action is set to allow should not be logged.

Explicit Proxy

Bug ID Description
624513 IP pool address in proxy policy is not used sometimes when enabling a security profile.
662931 Browsers change default SameSite cookie settings to Lax, and Kerberos authentication does not work in transparent proxy.
664548 When the FortiGate is configured as an explicit proxy and AV is enabled on the proxy policy, users cannot access certain FTP sites.
681054 Web proxy users are disconnected due to external resource update flushing the user even if they do not have an authentication rule using the related proxy address or IP list.
689002 Proxy traffic failed after modifying resource setting in external connector.
697566 Explicit proxy unable to access a particular URL (https://***.my.salesforce.com) after upgrading from 5.6.12 to 6.2.7.

Firewall

Bug ID Description
474612 SNAT is using low ports below 1023 for NTP.
611781 Search option on IPv4 policy page not working; after typing in the search bar, no results are displayed.
616220 ICMP reply packets are dropped by the FortiGate.
643446 Fragmented UDP traffic is silently dropped when fragments have different ECN values.
661014 FortiCarrier has GTP dropped packet log after configuring GTP allow list.
675353 Security policy (NGFW mode) flow-based UTM logs are still generated when policy traffic log is disabled.
682956 ISDB is empty/crashes after upgrading from 6.2.4/6.2.5 to 6.2.6.
683426 No hit counts on policy for DHCP broadcast packets in transparent mode.
683604 When changing a policy and creating a firewall sniffer concurrently, there is traffic that is unrelated to the policy that is being changed and matching the implicit deny policy. Some IPv4 firewall policies were missing after the change.
699785 Firewall performance may degrade when thousands of VIPs are configured.

FortiView

Bug ID Description
628225 Compromised Hosts dashboard cannot show data if FortiAnalyzer is configured using the FQDN address in the log setting. FortiAnalyzer configured with an IP address does not have this issue.

GUI

Bug ID Description
592854 An address created by the VPN wizard cannot save changes due to an incorrect validation check for parentheses, (), in the Comments field.
593860 When central management is enabled, users can bypass GUI read-only restrictions and apply policy changes.
601879 When logging in to the dashboard after a factory reset, the dashboard displays The web page cannot be found.
631041 Adding an RSSO group to the firewall policy does not enable RSSO on the policy.
639617 On Explicit Web Proxy Policy page, unable to change Outgoing Source IP option from IP Pools to Proxy Default or Original Source IP. CLI does not have this issue.
650708 When the client browser is in a different time zone from the FortiGate, the Guest Management page displays an incorrect expiry time for guest users. The CLI returns the correct expiry.
654626 Unable to change the action setting of Freeware and Software Downloads using the FortiGuard Category Based Filter of the DNS filter profile.
655255 FortiGuard resource retrieval delay causes GUI pages to respond slowly. Affected pages include: Firewall Policy, Settings (log and system), Explicit Proxy (web and FTP), System Global, and System CSF.
656599 Automation CLI script should support setting an administrator profile to restrict access.
656668 On the System > HA page, GUI tooltip for the reserved management interface incorrectly shows the connecting IP address instead of the configured IP address.
661703 High latency accessing Security Fabric > Physical Topology/Logical Topology pages in Firefox.
662640 Some GUI pages (dashboard, topology, policy list, interface list) are slow to load on low-end platforms when there are many concurrent HTTPSD requests.
665597 User credentials test from web UI and CLI are inconsistent.
666500 The Confirm version downgrade warning message is not displayed when a user downgrades firmware between minor patch release versions using the manual upload option. Firmware downgrades from FortiGuard do not have this issue.
667863 GUI does not display FortiSwitch ports when multiple FortiLink interfaces are configured. FortiOS 6.4.0 and later supports multiple FortiLink configurations via the GUI.
672906 GUI does not redirect to the system reboot progress page after successfully restoring a configuration.
689605 On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.
691277 When logs are retrieved from FortiAnalyzer, the GUI displays the same traffic logs for primary and secondary HA devices.

HA

Bug ID Description
540600 The HA hello-holddown value is divided by 10 in the hatalk daemon, which makes the hello-holddown time 10 times less than the configuration.
609631 Both nodes in HA simultaneous reboot when gtp-enhance-mode is enabled or disabled.
627851 After the HA peer node has been replaced, there needs to be a way to reset the HA health status back to OK.
650624 HA GARP sending was delayed due to lots of transceiver reading.
652507 Sessions with syn_ses flags are not synced after reboot.
653095 Inband management IP connection breaks when failover occurs (only in virtual cluster setup).
657376 VLAN interfaces are created on a different virtual cluster primary instead of the root primary do not sync.
678309 Cluster is out of sync because of config vpn certificate ca after upgrade.
690248 Malicious certificate database is not getting updated on the secondary unit.
693223 hasync crashes with signal 11 in ha_same_fosver_with_manage_master.

Intrusion Prevention

Bug ID Description
657541 On FG-80D, the IPS engine daemon count drops to 0 when the CPU number is 4.
668631 IPS is constantly crashing, and ipshelper has high CPU when IPS extended database has too many rules (more than 256) sharing the same pattern. Affected models: SoC3-based FortiGates.
686301 ipshelper CPU spikes when configuration changes are made.
689259 Flow-based AV scanning does not send specific extension files to FortiSandbox.
689590 IP quarantine is not working on FG-80D.
691395 Signature false positives causing outage after IPS database update.

IPsec VPN

Bug ID Description
566076 IKED process signal 11 crash in an ADVPN and BGP scenario.
597246 When disabling and re-enabling OCVPN after HA failover, the IPsec tunnel cannot be established.
631804 OCVPN errors showing in logs when OCVPN is disabled.
638352 In extreme situations when thousands of tunnels are negotiating simultaneously (IKEv2), iked process gets exhausted and stuck.
642543 IPsec did not rekey when keylife expired after back-to-back HA failover.
650599 IKE HA sync truncates phase 2 options flags after the first eight bits.
655895 Unable to route traffic to a spoke VPN site from the hub FortiGate when the dialup IPsec VPN interface is dual stacked (IPv4/IPv6).
666693 If NAT-T IP changes, the dynamic IPsec spoke add route entry is stuck on the hub.
678800 Kernel may crash on link event update with net-device enabled.
684133 Site-to-site IPsec VPN cannot establish in asymmetric routing scenario where the IPsec VPN bound interface is a loopback interface.
687749 iked HA sync crashed on secondary with authenticated user group in firewall policy.
691878 Creating or updating a user with two-factor authentication causes dialup VPN traffic to stop.
694992 Issue establishing IPsec and L2TP tunnel with Chromebook behind NAT.
710961 Hub is dropping packets due to Failed to find IPsec Common after upgrading from 6.2.6 to 6.2.7.

Log & Report

Bug ID Description
623471 FortiGate did not change the time after daylight saving time.
654363 Traffic log shows Policy violation for traffic hitting the allow policy in NGFW policy mode.
667274 FortiGate does not have log disk auto scan failure status log.
675347 When searching for some rarely-found logs within a large volume of logs, there is a long period of time before the results are returned. During the waiting period, if any new requests arrive, the old search session cannot be cleared. There is then a risk that multiple processes exist together, which may cause performance issues.
677540 First TCP connection to syslog server is not stable.
682444 No event log generated when log disk needs format.
694296 Memory leak issue in miglogd when log daemon has connection issue or FortiAnalyzer setting changes.
710344 Reliable syslog is sent in the wrong format when flushing the logs queued in the log daemon when working in TCP reliable mode.

Proxy

Bug ID Description
603195 Multiple WAD crashes with signal 11.
633108 When FOH server is disconnected from a HTTP session, the HTTP session client port peer is not cleared. After this, the HTTP client port shutdown causes a crash because the peer port is freed.
655356, 660857 Proxy deep inspection fails if server uses TLS 1.3 cookies or record padding.
661063 If a client sends an RST to a WAD proxy, the proxy can close the connection to the server. In this case, the relatively long session expiration (which is usually 120 seconds by default) could lead to session number spikes in some tests.
675525 No WAD sessions displayed when running diagnose wad filter.
680651 Memory leak when retrieving the thumbnailPhoto information from the LDAP server.
681134 Proxy-based SSL certification inspection session hangs if the outbound probe connection has no routes.
693951 Cannot access Java-based application in proxy mode.

Routing

Bug ID Description
579884 VRF configuration in WWAN interface has no effect after reboot.
628896 DHCP relay does not match the SD-WAN policy route.
687034 bgpd memory leak if running BGP on 6.2.7 and 6.4.4.
692241 BGP daemon consumes high CPU in ADVPN setup when disconnecting after socket writing error.

Security Fabric

Bug ID Description
649556 FortiNAC requests to FortiGate can timeout on low-end models when there are many concurrent requests.
660624 FortiAnalyzer Cloud should be taken into consideration when doing CLI check for CSF setting.

SSL VPN

Bug ID Description
602480 Use jQuery to customize FortiGate SSL VPN log in page.
608195 AngularJS web application cannot load via SSL VPN web mode.
610905 SSL VPN bypassing logon count limit with different case in user name.
610995 SSL VPN web mode gets error when accessing internal website at https://st***.st***.ca/.
619296 FortiGate reverts default values of text on buttons in SSL VPN log on page.
620946 All sslvpnd daemons use 99.9% CPU when policy is being updated.
628597 Unable to load the SSL VPN bookmark internal website, https://fi***.co.nz.
646339 SSL-SSH inspection profile changes to no-inspection after device reboots.
649197 Unable to use editor in Atlassian internal Confluence portal over SSL VPN web mode.
659322 SSL VPN will disconnect all connections after new address is added to IP pool.
661290 https://mo***.be site is non-accessible in SSL VPN web mode.
662042 The https://outlook.office365.com and https://login.microsoft.com websites cannot be accessed in the SSL VPN web portal.
662871 SSL VPN web mode has problems accessing some pages on FortiAnalyzer 6.2.
670731 Internal application server/website bookmark (https://***.***.***.***:****/nexgen/) not working in SSL VPN web mode.
672743 sslvpnd segmentation fault crash due to old DNS entries in cache that cannot be released if the same results were added into the cache but in a different order.
673320 Pop-up window does not load correctly when accessing internal application at https://re***.wo***.nl using SSL VPN web mode.
677167 SSL VPN web mode has problem accessing Sapepronto server.
678132 SSL VPN web portal SSO credentials for alternative option are not working.
680711 Unable to access OWA web server on mobile device in SSL VPN web mode.
681764 Video could not load for https://le***.sm***.ca in SSL VPN web mode.
683601 Changing DNS or WINS server under VPN SSL settings logs off connected users.
685269 SSL VPN web mode is not working properly for aw***.co***.com website.
688023 SSL VPN bookmarked website shows empty page after logging in to SSL VPN gateway https://vd***.vi***.com.
696009 Tunnel IP pool leak when DTLS tunnel user session is deleted due to timeout (idle or authentication).
706270 sslvpnd signal 11 (Segmentation fault) received caused by a pointer arithmetic error.

Switch Controller

Bug ID Description
700842 FortiSwitch MAC delete logs are not being generated.

System

Bug ID Description
488400 FGFM sessions timeout when the sessions between two non-VLAN ID EMAC VLANs are offloaded.
521213 Read-only administrators should be able to run diagnose sniffer packet command.
564477 VLAN switch creation fails every other time on FG-140D-POE.
584622 SNMP trap cannot display FortiGate model in OSPF trap information.
598527 ISDB may cause crashes after downgrading FortiGate firmware.
618158 DHCP client cannot get IP address when NTP server option in DHCP server settings is set to Same as System NTP.
620902 Application fgfmsd crashed and signal 11 received __cmdb_config_write_by_fname + 0x01cd.
627629 DHCP client sent invalid DHCPREQUEST format during INIT state.
628642 Issue when packets from the same session are forwarded to each LACP member when NPx offloading is enabled.
642005 FortiGate does not send service-account-id to FortiManager via fgfm tunnel when FortiCloud is activated directly on the FortiGate.
643033 get system interface transceiver port1 should return RX power and TX power for all Ch0[1-4] with a 0 value or N/A when the admin port is down on one side and the link status is down.
644616 NP6 does not update session timers for traffic IPsec tunnel if established over one pure EMAC VLAN interface.
650878 DHCP relay will honor the broadcast flag set to 0 (unicast) in only one VDOM at a time in a multi-VDOM environment.
654131 No statistics for TX and RX counters for VLAN interfaces.
659539 FortiGate running 6.2.7 GA cannot validate license via FortiManager due to FortiManager hardware missing Fortinet_CA2 and Fortinet_SUBCA2001.
664279 snmpd crashes when sorting a list-based ARP table if it has about 50,000 or more entries.
665332 When VDOM has large number of VIPs and policies, any firewall policy change causes cmdbsvr to become busy and use high CPU.
665550 Fragmented UDP traffic does not assemble on the FortiGate and does not forward out.
666418 SFP interfaces on FG-330xE do not show link light.
667722 VLAN interface created on top of a 10 GB interface is not showing the actual TX/RX counters.
668856 Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped.
668856 Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped.
669914 No statistics for TX and RX counters for VLAN interfaces.
670897 Update GTP code to be compatible with newer versions (GTPv1 and GTPv2).
670962 Packet loss occurs when traffic flow between VLAN interfaces is created under 10G LACP link.
672011 LTE DHCP IP addressing not installed in the routing table.
672183 UDP 4500 inter-VDOM traffic is not offloaded, causing BFD/IPsec to drop.
673263 High memory issue is caused by heavy traffic on the VDOM link.
673609 The auto-join FortiCloud re-try timer 600 second value is too large.
673918 Read-only administrator with packet capture read-write permission cannot run diagnose sniffer command.
675171 L2TP enabled status should be configured before EIP and SIP.
677568 Failed to parse execute restore config properly when the command is from a FortiManager script.
678809 dhcpd crashes with signal 6 because the timer is not canceled before calling the free release function.
680881 Rebooting device causes interface mode to change from static to DHCP.
686442 Traffic was stopped because PBA IP pool has the wrong relationship information.
690797 Huawei E8372h-320 LTE modem does not receive IP on FG-30E.
693757 Secondary FG-5001D blades in SLBC cluster do not show updated contract dates.
698014 When running execute speed-test command, it shows all VLAN and SSL interfaces from other VDOMs.

User & Device

Bug ID Description
643191 FSSO TS-Agent is not working properly when FortiGates use NGFW policy-based mode.
658794 FortiGate sent CSR certificate instead of signed certificate to FortiManager when retrieve is performed.
662391 Persistent sessions for de-authenticated FSSO users.
675226 The ssl-ocsp-source-ip setting not configurable in non-management VDOMs.
675539 FSSO collector status is down, despite that it is reported as connected by authd in a multi-VDOM environment.

VM

Bug ID Description
627106 FG-VM64 console shows hw csum failure for VLAN interface on mlx5_core PF.
711525 FG-VM-AWS PAYG instance randomly loses license after reboot.

Web Filter

Bug ID Description
593203 Cannot enter a name for the web rating override or save it due to name input error.
668325 Hanging FortiGuard connection is not torn down in some situations.
676403 Replacement message pictures (FortiGuard web filter) are not displayed in Chrome.
678467 Safe search URL option is not working while the original query in Google Images has the same parameter name.

WiFi Controller

Bug ID Description
621346 Dynamic VLAN on SSID cannot pass traffic through FG-100F/101F and FG-60F/61F when offloading is enabled.
698961 FWF-60F/61F and FWF-40F encounters kernel panic (LR is at capwap_find_sta_by_mac) when one managed FortiAP is authenticating WiFi clients.
707635 AP with MAC E0-23-FF not coming online through mesh with FortiWiFi radio set to root.

Znane problemy do rozwiązania:

DNS Filter

Bug ID Description
582374 License shows expiry date of 0000-00-00.

Explicit Proxy

Bug ID Description
540091 Cannot access explicit FTP proxy via VIP.

Firewall

Bug ID Description
654356 In NGFW policy mode, sessions are not re-validated when security policies are changed.

Workaround: clear the session after policy change.

FortiView

Bug ID Description
635309 When choosing to view Compromised Hosts, FortiGate returns an error 500 when FQDN is set in config log fortianalyzer setting.
673225 FortiView Top Traffic Shaping widget does not show data for outbound traffic if the source interface’s role is WAN. Data is displayed if the source interface’s role is LAN, DMZ, or undefined.

GUI

Bug ID Description
354464 Antivirus archive logging enabled from the CLI will be disabled by editing the antivirus profile in the GUI, even if no changes are made.
514632 Inconsistent reference count when using ports in HA session-sync-dev.
529094 When creating an anti-spam block/allowlist entry, Mark as Reject should be grayed out.
535099 The SSID dialog page does not have support for the new MAC address filter.
541042 Log viewer forwarded traffic does not support multiple filters for one field.
584915 OK button missing from many pages when viewed in Chrome on an Android device.
584939 VPN event logs are incorrectly filtered when there are two Action filters and one of them contains „–„.
602102 Warning message is not displayed when a user configures an interface with a static IP address that is already in use.
602397 Managed FortiSwitch and FortiSwitch Ports pages are slow to load when there are many managed FortiSwitches.
621254 When creating or editing an IPv4 policy or address group, firewall address searching does not work if there is an empty wildcard address due to a configuration error.
664007 GUI incorrectly displays the warning, Botnet package update unavailable, AntiVirus subscription not found., when the antivirus entitlement is expiring within 30 days. The actual botnet package update still works within the active entitlement duration.
672599 After performing a search on firewall Addresses, the matched count over total count displayed for each address type shows an incorrect total count number. The search functionality still works correctly.
682440 On Firewall Policy list, the tooltip for IP Pool incorrectly shows Port Block Allocation as being exhausted if there are expiring PBAs available to be reallocated.
688994 The Edit Web Filter Profile page incorrectly shows that a URL filter is configured (even though it is not) if the URL filter entry has the same name as the web filter profile in the CLI.

HA

Bug ID Description
695067 When there are more than two members in a HA cluster and the HA interface is used for the heartbeat interface, some RX packet drops are observed on the HA interface. However, no apparent impact is observed on the cluster operation. Workaround: do not use the HA interface as a heartbeat interface.
700271 Non-hyperscale license system’s secondary device responds to ARP queries. Affected platforms: all NP7 platforms (FG-180XF, FG-260XF, FG-420XF, FG-440XF) that were released on 6.2.6.

Intrusion Prevention

Bug ID Description
565747 IPS engine 5.00027 has signal 11 crash.
590087 When IPS pcap is enabled, traffic is intermittently disrupted after disk I/O reaches IOPS limit.

IPsec VPN

Bug ID Description
644780 Rectify the consequences if password renewal on FortiClient is canceled.

Log & Report

Bug ID Description
606533 User observes FGT internal error while trying to log in or activate FortiGate Cloud from the web UI.
713014 Cannot perform disk scan after enabling disk raid.

Proxy

Bug ID Description
604681 WAD process with SoC SSL acceleration enabled consumes more memory usage over time, which may lead to conserve mode.

Workaround: disable SoC SSL acceleration under the firewall SSL settings.

REST API

Bug ID Description
584631 REST API admin with token unable to configure HA setting (via login session works).
663441 REST API unable to change status of interface when VDOMs are enabled.
714075 When CORS is enabled for REST API administrators, POST and PUT requests with body data do not work with CORS due to the pre-flight requests being handled incorrectly. This only impacts newer browser versions that use pre-flight requests.

Routing

Bug ID Description
537354 BFD/BGP dropping when outbandwidth is set on interface.

Security Fabric

Bug ID Description
614691 Slow GUI performance in large Fabric topology with over 50 downstream devices.

SSL VPN

Bug ID Description
505986 On IE 11, SSL VPN web portal displays blank page title {{::data.portal.heading}} after authentication.

Switch Controller

Bug ID Description
588584 GUI should add support to allow using switch VLAN interface under a tenant VDOM on a managed switch VDOM.
605864 If the firewall is downgraded from 6.2.3 to 6.2.2, the FortiLink interface loses its CAPWAP setting.

System

Bug ID Description
464340 EHP drops for units with no NP service module.
578031 FortiManager Cloud cannot be removed once the FortiGate has trouble with contract.
600032 SNMP does not provide routing table for non-management VDOM.
607565 Interface emac-vlan feature does not work on SoC4 platform.
694202 stpforward does not work with LAG interfaces on a transparent VDOM.
695803 Unable to reorder firewall DoS policy in GUI or CLI.

Upgrade

Bug ID Description
658664 FortiExtender status becomes discovered after upgrading from 6.0.10 (build 0365).

Workaround: change the admin from discovered to enable after upgrading.

config extender-controller extender
    edit <id>
        set admin enable
    next
end

User & Device

Bug ID Description
595583 Device identification via LLDP on an aggregate interface does not work.

VM

Bug ID Description
587757 FG-VM image unable to be deployed on AWS with additional HDD (st1) disk type.
596742 Azure SDN connector replicates configuration from primary device to secondary device during configuration restore.
605511 FG-VM-GCP reboots a couple of times due to kernel panic.
608881 IPsec VPN tunnel not staying up after failing over with AWS A-P cross-AZ setup.
640436 FortiGate AWS bootstrapped from configuration does not read SAML settings.
668625 During every FortiGuard UTM update, there is high CPU usage because only one vCPU is available.

WiFi Controller

Bug ID Description
676689 RADIUS traffic not matching SD-WAN rule when using wpad daemon for wireless connection.

Notatki producenta: FortiOS 6.2.8

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Post Views: 1 731

6.2.8 FortiGate FortiOS FortiOS 6.2.8

Poprzedni artykułFortiAnalyzer 7.0.0Następny artykuł FortiSwitch 7.0.0

Najnowsze

FortiOS 7.0.1630 października 2024
FortiManager 7.6.130 października 2024
FortiAnalyzer 7.4.522 października 2024

Kategorie

  • Acronis
  • Aktualności
  • Bez kategorii
  • ESET
  • F-Secure
  • FortiAnalyzer
  • FortiAP
  • FortiAuthenticator
  • FortiClient
  • FortiDeceptor
  • FORTIGATE
  • FORTIMAIL
  • FortiManager
  • FortiNAC
  • FortiSIEM
  • FORTISWITCH
  • FortiWeb
  • NAKIVO
  • Proget
  • Qnap
  • Stormshield
  • Szkolenia
  • Veeam
  • VMware
  • WithSecure

Tagi

6.0.6 6.2.2 6.2.7 6.4.0 6.4.4 6.4.5 6.4.8 7.0.0 7.0.2 7.0.5 7.2.0 7.2.2 Eset eset endpoint antivirus eset endpoint security ESET Inspect ESET Protect ESET Protect Cloud F-Secure f-secure client security FMG FortiAnalyzer forti analyzer FortiAP fortiap-w2 FortiAuthenticator FortiClient FortiClientEMS forticlient ems FortiGate FortiMail FortiManager FortiNAC Fortinet FortiOS FortiSIEM FortiSwitch FortiWeb vCenter vCenter Server VMware VMware ESXi vmware esxi 8.0 vmware vcenter VMware vCenter Server

MENU

  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

BLOG TECHNICZNY

FortiOS 7.0.1630 października 2024
FortiManager 7.6.130 października 2024
FortiAnalyzer 7.4.522 października 2024

KONTAKT

+48 500-413-313
biuro@b-and-b.plhttps://www.b-and-b.pl
8:00-16:00
RODO | POLITYKA PRYWATNOŚCI
OGÓLNE WARUNKI REKLAMACJI

BEZPIECZEŃSTWO W BIZNESIE 2024 - wszystkie prawa zastrzeżone

MENU

  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

BLOG TECHNICZNY

FortiOS 7.0.1630 października 2024
FortiManager 7.6.130 października 2024
FortiAnalyzer 7.4.522 października 2024

Kontakt

+48 500-413-313
biuro@b-and-b.pl
8:00-16:00
Add new entry logo

Korzystamy z plików cookies lub podobnych technologii, by lepiej dopasować treści na stronie do Twoich potrzeb.
W każdej chwili możesz zmienić ustawienia cookies. Polityka prywatności

Akceptuję Odmów
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
  • Always Active
    Necessary
    Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  • Marketing
    Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
  • Analytics
    Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
  • Preferences
    Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
  • Unclassified
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.