Producent oprogramowania Fortinet właśnie opublikował najnowszą aktualizację dla produktu FortiGate o numerze wersji 6.4.5. W najnowszej wersji naprawiono błąd, który przy aktualizacji podrzędnego FortiGate nie łączył się z FortiGate root za pomocą Security Fabric, skutkowało to błędem wyświetlania polis lub/oraz adresów. Rozwiązano również problem przez który konfiguracja WebFilter mogła się różnić między interfejsem GUI a CLI. Naprawiono również bug związany z utratą pakietów występującą, gdy przepływ ruchu między interfejsami VLAN tworzony był w ramach łącza 10G LACP. Po więcej ciekawych informacji zapraszamy do dalszej części artykułu.
Aktualnie wspierane modele:
| FortiGate | FG-40F, FG-40F-3G4G, FG-60E, FG-60E-DSL, FG-60E-DSLJ, FG-60E-POE, FG-60F, FG-61E, FG-61F, FG-80E, FG-80E-POE, FG-81E, FG-81E-POE, FG-90E, FG-91E, FG-100E, FG-100EF, FG-101E, FG-140E, FG-140E-POE, FG-200E, FG-201E, FG‑300D, FG-300E, FG-301E, FG‑400D, FG‑400E, FG‑401E, FG‑500D, FG‑500E, FG-501E, FG-600D, FG-600E, FG-601E, FG-800D, FG‑900D, FG-1000D, FG-1100E, FG-1101E, FG‑1200D, FG-1500D, FG-1500DT, FG-2000E, FG-2200E, FG-2201E, FG-2500E, FG-3000D, FG-3100D, FG‑3200D, FG-3300E, FG-3301E, FG-3400E, FG-3401E, FG-3600E, FG-3601E, FG-3700D, FG-3800D, FG‑3810D, FG-3815D, FG-5001D, FG-3960E, FG‑3980E, FG-5001E, FG‑5001E1 |
| FortiWiFi | FWF-40F, FWF-40F-3G4G, FWF-60E, FWF-60E-DSL, FWF-60E-DSLJ, FWF-60F, FWF-61E, FWF-61F |
| FortiGate VM | FG-SVM, FG-VM64, FG-VM64-ALI, FG-VM64-ALIONDEMAND, FG-VM64-AWS, FG-VM64-AZURE, FG‑VM64‑GCP, FG‑VM64-GCPONDEMAND, FG-VM64-HV, FG-VM64-IBM, FG‑VM64-KVM, FG‑VM64‑OPC, FG‑VM64-RAXONDEMAND, FG-VMX, FG-VM64-XEN |
| Pay-as-you-go images | FOS-VM64, FOS-VM64-HV, FOS-VM64-KVM, FOS-VM64-XEN |
Co nowego:
| Bug ID | Description |
|---|---|
| 658206 | Add a new API that would allow you to bring down IKE SAs the same way as the diagnose vpn ike gateway clear command. |
| 660596 | Because pre-standard POE devices are uncommon in the field, poe-pre-standard-detection is set to disable by default. Upgrading from previous builds will carry forward the configured value. |
| 661105 | Support FGSP four-member cluster session synchronization and redundancy. |
| 673371 | Support ICMP type 13 at local interface. |
| 676484 | When configuring the generic DDNS service provider as a DDNS server, the server type and address type can be set to IPv6. This allows the FortiGate to connect to an IPv6 DDNS server and provide the FortiGate’s IPv6 interface address for updates.
config system ddns
edit <name>
set ddns-server genericDDNS
set server-type {ipv4 | ipv6}
set ddns-server-addr <address>
set addr-type ipv6 {ipv4 | ipv6}
set monitor-interface <port>
next
end
|
| 677334 | Add support for MacOS Big Sur 11.1 in SSL VPN OS check. |
| 680599 | Increase the ICMP rate limit to allow more ICMP error message to be sent by the FortiGate per second. The ICMP rate limit has changed from 1 second (100 jiffies) to 10 milliseconds (1 jiffy). |
| 691411 | Ensure EMS logs are recorded for dynamic address related events under Log & Report > Events > SDN Connector Events logs:
|
| 697675 | Increase the maximum number of managed FortiSwitches from 8 to 16. |
Rozwiązane problemy:
Anti Virus
| Bug ID | Description |
|---|---|
| 524571 | Quarantined files cannot be fetched in the AV log page if the file was already quarantined under another protocol. |
Application Control
| Bug ID | Description |
|---|---|
| 576727 | Unknown Applications category is not present in NGFW policy-based mode. |
DNS Filter
| Bug ID | Description |
|---|---|
| 674302 | Do not send FortiGate generated DNS response if no server response was received and redirect DNS queries time out. |
Explicit Proxy
| Bug ID | Description |
|---|---|
| 642196 | Web proxy forwarding server health check does not send user name and password. |
| 664380 | When configuring explicit proxy with forward server, if ssl-ssh-profile is enabled in proxy-policy, WAD is unable to correctly learn the destination type correctly, so the destination port is set to 0, but the squid proxy server does not accept the request and returns an error. |
Firewall
| Bug ID | Description |
|---|---|
| 661014 | FortiCarrier has GTP dropped packet log after configuring GTP allow list. |
| 663062 | Sessions are marked dirty when IPsec dialup client connects/disconnects and policy routes are used. |
| 665964 | In NAT64 scenario, ICMPv6 Packet too big message translated to ICMPv4 does not set the MTU/DF bit correctly. |
| 667772 | When NGFW mode is set to policy mode and a security policy is configured, the Quard daemon should start when either an anti-virus, web filter, application, IPS, or DLP profile is enabled. |
| 675353 | Security policy (NGFW mode) flow-based UTM logs are still generated when policy traffic log is disabled. |
| 675823 | In NGFW mode, traffic is not passing through zone members when intra-zone traffic is allowed. |
| 678813 | Cannot change the order of IPv4 access control list entries from FortiOS after upgrading from 6.4.1. to 6.4.3. |
| 682956 | ISDB is empty/crashes after upgrading from 6.2.4/6.2.5 to 6.2.6. |
| 683604 | When changing a policy and creating a firewall sniffer concurrently, there is traffic that is unrelated to the policy that is being changed and matching the implicit deny policy. Some IPv4 firewall policies were missing after the change. |
FortiView
| Bug ID | Description |
|---|---|
| 628225 | FortiView Compromised Hosts dashboard cannot show data if FortiAnalyzer is configured using the FQDN address in the log setting. FortiAnalyzer configured with an IP address does not have this issue. |
| 673478 | Some FortiView graphs and drilldown views show empty data due to filtering issue. Affected graphs/views: Top System Events, Top Authentication Failures, Policy View, and Compromised Host View. |
| 683413 | Some FortiView pages/widgets fail to query data from FortiAnalyzer Cloud if the local FortiAnalyzer is not enabled.
Affected pages/widgets: Compromised Hosts, FortiView Cloud Applications, FortiView VPN, FortiView Web Categories, Top Admin Logins, Top Endpoint Vulnerabilities, Top Failed Authentication, Top System Events, Top Threats, Top Threats – WAN, and Top Vulnerable Endpoint Devices. |
GUI
| Bug ID | Description |
|---|---|
| 561420 | Show Matching Logs action does not work on Traffic Shaping Policy list page. |
| 589749 | Connectivity issue, 0 logs queued is displayed in the GUI even if the FortiGate successfully sends logs to FortiAnalyzer. |
| 592854 | Editing a firewall address or address group created by the VPN wizard shows an invalid characters warning in comments field, and this blocks any changes from being submitted. |
| 597707 | Need to add uuid_idx to statistics for GUI to send it to FortiManager. |
| 602102 | Warning message is not displayed when a user configures an interface with a static IP address that is already in use. |
| 636208 | In SD-WAN Rules page, the checkmark for selected members is not displayed for VPN interfaces. |
| 652522 | The ippool setting should clear when a policy action is changed from accept to deny. |
| 654705 | Aggregated IPsec VPN interface has down status when each member tunnel has different phase 1 and phase 2 names. |
| 656668 | Identical IP address shown for the reserved management interface across different members on the System > HA page. |
| 658206 | Add a new API that would allow you to bring down IKE SAs the same way as the diagnose vpn ike gateway clear command. |
| 659490 | When VDOMs are enabled, the remote certificate cannot be deleted in the GUI, even if it is not used in the configuration. |
| 662705 | REST API, api/v2/monitor/firewall/internet-service-details, returns raw format for start/end IP. |
| 664007 | Botnet package reported as unavailable when entitlements expire within 30 days. |
| 665111 | There is no way to add a line break when using the GUI to edit the replacement message for pre_admin-disclaimer-text. One must use the CLI with the Shift + Enter keys to insert a line break. |
| 665712 | FortiOS new features video still displays after selecting Don’t show again and re-logging in. |
| 666999 | Poll Active Directory Server connector shows empty value for configured LDAP server. |
| 668470 | DDNS Unique Location field in the GUI has removed everything that comes after the first period. |
| 670026 | Changes to DoS policy makes unwanted changes. |
| 672599 | The total number of firewall address is displayed inconsistently. |
| 673225 | Dashboard widgets for Top Traffic Shaping are not showing shaper for inbound traffic. |
| 673496 | When editing phase 2 configurations, clicking Complete Section results in a red highlight around the phase 2 configuration GUI box, and users cannot click OK to save configuration changes. |
| 676165 | Script pushed from FortiManager 6.4.2 to FortiOS 6.4.2 to add address objects and an address group only pushes the address group. |
| 680805 | Time in firewall schedule objects shows the wrong time. |
| 682008 | There is no way to specify the domain (instead of the IP address) in the SSL VPN provision configuration message. |
| 682440 | When the first IP pool is full, the second IP pool is not used. |
| 684076 | Duplicate entry found message appears in GUI when creating a phase 2 with all (IPv6) when there is an existing phase 2 interface with all (IPv4). |
| 684904 | Unable to configure explicit proxy with packet capture set to none in access profile. |
| 688076 | Firewall Address and Service pages cannot load on downstream FortiGate if Fabric Synchronization is enabled and the downstream FortiGate cannot reach the root FortiGate. |
| 688994 | In certain scenarios, there is configuration mismatch between the GUI and CLI web filter profile. |
| 689605 | Custom application and IPS pages do not show the dialog box to create a signature in Firefox. |
HA
| Bug ID | Description |
|---|---|
| 540600 | The HA hello-holddown value is divided by 10 in the hatalk daemon, which makes the hello-holddown time 10 times less than the configuration. |
| 670331 | Management access not working in transparent mode cluster after upgrade. |
| 675781 | HA cluster goes out of sync with new custom DDNS entry, and changes with respect to the ddns-key value. |
| 678309 | Cluster is out of sync because of config vpn certificate ca after upgrade. |
Intrusion Prevention
| Bug ID | Description |
|---|---|
| 668631 | IPS is constantly crashing, and ipshelper has high CPU when IPS extended database has too many rules (more than 256) sharing the same pattern. Affected models: SoC3-based FortiGates. |
| 691395 | Signature false positives causing outage after IPS database update. |
IPsec VPN
| Bug ID | Description |
|---|---|
| 642543 | IPsec did not rekey when keylife expired after back-to-back HA failover. |
| 652774 | OCVPN spoke-to-spoke communication intermittently fails with mixed topology where some spokes have two ISPs and some have one, but the hubs have two. |
| 655895 | Unable to route traffic to a spoke VPN site from the hub FortiGate when the dialup IPsec VPN interface is dual stacked (IPv4/IPv6). |
| 670025 | IKEv2 fragmentation-mtu option is not respected when EAP is used for authentication. |
| 675838 | iked ignores phase 1 configuration changes due to frequent FortiExtender cmdb changes. |
| 678166 | TFTP upload not working when application control and ASIC offload are enabled. |
| 678800 | Kernel may crash on link event update with net-device enabled. |
| 687749 | iked HA sync crashed on secondary with authenticated user group in firewall policy. |
Log & Report
| Bug ID | Description |
|---|---|
| 650886 | No log entry is generated for SSL VPN login attempts where two factor authentication challenge times out. |
| 654363 | Traffic log shows Policy violation for traffic hitting the allow policy in NGFW policy mode. |
| 667274 | FortiGate does not have log disk auto scan failure status log. |
| 667950 | IPS UTM log is missing msg= and attackcontext= TLV fields because the TLV buffer is full and not sent to miglogd. |
| 675347 | During a local log search, it returns results immediately as the logs are checked. |
| 682374 | Traffic logs not forwarded correctly to syslog server in CEF format. |
Proxy
| Bug ID | Description |
|---|---|
| 640488, 669736, 675480 | When URLs for block/allow/external resource are processed, the system might enter conserve mode when external resources are very big. |
| 658257 | StartTLS-SMTP traffic gets blocked by the firewall when certificate inspection (proxy mode) and the IPS sensor are enabled in a policy. |
| 664737 | WAD crash with signal 11 (/bin/wad => wad_ui_diag_session_get). |
| 675343 | WAD crashes with transparent web proxy when connecting to a forward server. |
| 675525 | No WAD sessions displayed when running diagnose wad filter. |
| 680651 | Memory leak when retrieving the thumbnailPhoto information from the LDAP server. |
| 681134 | Proxy-based SSL certification inspection session hangs if the outbound probe connection has no routes. |
| 682002 | An incorrect teardown logic on the WAD SSL port causes memory leak. |
| 688006 | WAD user information daemon crashes on purging extra interfaces that exist in multiple VDOMs. |
| 692462 | Transparent proxy implicit deny policy is not blocking access. |
REST API
| Bug ID | Description |
|---|---|
| 663441 | REST API unable to change status of interface when VDOMs are enabled. |
Routing
| Bug ID | Description |
|---|---|
| 579884 | VRF configuration in WWAN interface has no effect after reboot. |
| 672061 | In IPsec topology with hub and ~1000 spokes, hundreds of spoke tunnels are flapping, causing BGP instability for other spokes. |
| 677928 | SD-WAN with sit-tunnel as a member creates an unwanted default route. |
| 680365 | BGP is choosing local route that should have been removed from the BGP network table. |
| 687034 | bgpd memory leak if running BGP on 6.2.7 and 6.4.4. |
| 692241 | BGP daemon consumes high CPU in ADVPN setup when disconnecting after socket writing error. |
Security Fabric
| Bug ID | Description |
|---|---|
| 650724 | Invalid license data supplied by FortiGuard/FortiCare causes invalid warning in the Security Rating report. |
| 673560 | Compromised host automation stitch with IP ban action in multi-VDOM setup always bans the IP in the root VDOM. |
SSL VPN
| Bug ID | Description |
|---|---|
| 598614 | When a group and a user-peer is specified in an SSL VPN authentication rule, and the same group appears in multiple rules, each group and user-peer combination can be matched independently. |
| 623379 | Memory corruption in some DNS callback cases causes SSL VPN crash. |
| 630068 | When sslvpn SSH times-out, a crash is observed when the SSH client is empty. |
| 656557 | The map on the http://www.op***.org website could not be shown in SSL VPN web mode. |
| 663723 | SSL VPN with user certificate and credential verification allows a user to connect with a certificate signed by a trusted CA that does not match the certificate chain of the configured CA in the user peer configuration. |
| 666513 | An internal web site via SSL VPN web mode, https://***.46.19.****:10443, is unable to open. |
| 666855 | FortiOS supports verifying client certificates with RSA-PSS series of signature algorithms, which causes problems with certain clients. |
| 669506 | SSL VPN web mode cannot load web page https://jira.ca.ob***.com properly based on Jira application. |
| 669900 | SSL VPN crash when updating the existing connection at the authentication stage. |
| 673320 | Pop-up window does not load correctly when accessing internal application at https://re***.wo***.nl using SSL VPN web mode. |
| 674279 | Customer cannot access SAP web GUI with SSL VPN bookmark. |
| 675196 | RTA login webpage is not displaying in SSL VPN web mode. |
| 675901 | Internal website https://po***.we***.ac.uk is not loading correctly with SSL VPN bookmark. |
| 677256 | Custom languages do not work in SSL VPN web portals. |
| 677550 | GUI issues on the internal Atlassian Jira web portal in SSL VPN web mode. |
| 678130 | Customer internal website, https://va***.do***.com:21108/mne, cannot be displayed correctly in SSL VPN web mode. |
| 678132 | SSL VPN web portal SSO credentials for alternative option are not working. |
| 678450 | Unable to view the management GUI of PaloAlto running on 8.1.16 in SSL VPN web mode. |
| 681626 | Internal Gridbees portal does not display in SSL VPN web mode. |
| 684012 | SSL VPN crashed with signal 11 (segmentation fault) uri_search because of rules set for a special case. |
| 685269 | SSL VPN web mode is not working properly for aw***.co***.com website. |
| 685854 | After SSL VPN proxy rewrite, some Salto JS files could not run. |
Switch Controller
| Bug ID | Description |
|---|---|
| 686031 | LLDP updates from FortiSwitch can cause flcfgd to leak memory. |
System
| Bug ID | Description |
|---|---|
| 598464 | Rebooting FG-1500D in 5.6.x during upgrade causes an L2 loop on the heartbeat interface and VLAN is disabled on the switch side. |
| 628642 | Issue when packets from the same session are forwarded to each LACP member when NPx offloading is enabled. |
| 648083 | cmdbsvr may crash with signal 11 (segmentation fault) when frequently changing firewall policies. |
| 649937 | The diagnose geoip geoip-query command fails when fortiguard-anycast is disabled. |
| 651103 | FG-101F crashed and rebooted when adding vlan-protocol 8021ad VLAN. |
| 654131 | No statistics for TX and RX counters for VLAN interfaces. |
| 665332 | When VDOM has large number of VIPs and policies, any firewall policy change causes cmdbsvr to be too busy and consume high CPU. |
| 665550 | Fragmented UDP traffic does not assemble on the FortiGate and does not forward out. |
| 667722 | VLAN interface created on top of a 10 GB interface is not showing the actual TX/RX counters. |
| 667962 | httpsd crashed and *** signal 6 (Aborted) received *** appears when loading configurations through REST API with interactions. |
| 669914 | No statistics for TX and RX counters for VLAN interfaces. |
| 669951 | confsyncd may crash when there is an error parsing through the internet service database, but no error is returned. |
| 670897 | Update GTP code to be compatible with newer versions (GTPv1 and GTPv2). |
| 670962 | Packet loss occurs when traffic flow between VLAN interfaces is created under 10G LACP link. |
| 671643 | NTurbo does not work when enabled in IPsec tunnel or with session helper. |
| 673609 | The auto-join FortiCloud re-try timer 600 second value is too large. |
| 675171 | L2TP with status set to enable should be configured before EIP and SIP. |
| 679114 | DHCP discover request is wrongly forwarded to all IPsec VPN interfaces when tunnel flipping occurs. |
| 687519 | Bulk changes through the CLI are very slow with 24000 existing policies. |
User & Authentication
| Bug ID | Description |
|---|---|
| 658228 | The authd and foauthd processes may crash due to crypto functions being set twice. |
| 666857 | LDAP connectivity delays in transparent mode VDOM. |
| 667025 | FortiGate does not send LLDP PDU when it receives LLDP packets from VoIP phones. |
| 664123 | Log enrichment for source and destination IP with RSSO user information in logs not properly working for IPv4 with framed route attribute in RADIUS accounting. |
| 675226 | The ssl-ocsp-source-ip setting not configurable in non-management VDOMs. |
| 675539 | FSSO collector status is down, despite that it is reported as connected by authd in a multi-VDOM environment. |
| 682966 | FortiGate is unable to parse IPv6 RADIUS accounting packet (Parse error: IP6 Prefix). |
VM
| Bug ID | Description |
|---|---|
| 620654 | Spoke dialup IPsec VPN does not initiate connection to hub after FG-VM HA failover in Azure. |
| 646161 | FG-VM8 does not recognize all memory allocated in Hyper-V. |
| 669722 | Unable to import more than 50 groups from NSX-T SDN connector. |
| 672509 | OCI HA unable to handle cross-compartment failover. |
| 682260 | After enabling DPDK, the FG-VM license becomes invalid. After rebooting, the license becomes valid again. |
| 682420 | Dialup IPsec tunnel from Azure may not be re-established after HA failover. |
| 682561 | get system status output can be stuck getting the instance ID. |
| 689307 | HA secondary VMSL license is invalid after reboot. |
| 690863 | EIP is not updating properly with execute update-eip command in Azure with standard SKU public IP in some Canadian regions, like CanadaCentral and CanadaEast. |
Web Filter
| Bug ID | Description |
|---|---|
| 668325 | A hanging FortiGuard connection is not torn down in some situations. |
| 675436 | YouTube channel home page on blocklist is not blocked when directed from a YouTube search result. |
| 676403 | Replacement message pictures (FortiGuard web filter) are not displayed in Chrome. |
| 678467 | Safe search URL option is not working while the original query in Google Images has the same parameter name. |
WiFi Controller
| Bug ID | Description |
|---|---|
| 620764 | AP country and region settings are not updating as expected. |
| 625630 | FWF-60E hangs with looping kernel panic at WiFi driver. |
| 672136 | Log severity for wireless events in FortiWiFi and FortiAP should be reconsidered for CAPWAP teardown. |
| 676640 | cw_acd crash with *** signal 8 (Floating point exception) received *** after upgrading to 6.4.3. |
Znane problemy:
Firewall
| Bug ID | Description |
|---|---|
| 654356 | Traffic is not hitting the rule it should in policy-based NGFW mode. |
| 683426 | No hit counts on policy for DHCP broadcast packets in transparent mode. |
FortiView
| Bug ID | Description |
|---|---|
| 683654 | FortiView, with FortiAnalyzer Cloud as the data source, shows an error when the FortiGate has multiple VDOMs configured and both FortiAnalyzer and FortiAnalyzer Cloud are enabled. |
GUI
| Bug ID | Description |
|---|---|
| 602397 | FortiSwitch Ports page is noticeably slow when loading a large topology. |
| 688016 | GUI interface bandwidth widget does not show correct data for tunnel interface when ASIC offload is enabled on the firewall policy. |
| 697482 | Unable to configure log settings in the GUI if FortiGate Cloud is not activated. Affected models: FG-200F and FG-201F. |
Intrusion Prevention
| Bug ID | Description |
|---|---|
| 654307 | Wrong direction and banned location by quarantine action for ICMP.Oversized.Packet in NGFW policy mode. |
IPsec VPN
| Bug ID | Description |
|---|---|
| 644780 | Rectify the consequences if password renewal on FortiClient is canceled. |
| 673049 | FortiGate not sending its external interface IP in the IKE negotiation (Google Cloud Platform). |
Log & Report
| Bug ID | Description |
|---|---|
| 661040 | Cyrillic characters not displayed properly in local reports. |
| 677540 | First TCP connection to syslog server is not stable. |
Security Fabric
| Bug ID | Description |
|---|---|
| 614691 | Slow GUI performance in large Fabric topology with over 50 downstream devices. |
SSL VPN
| Bug ID | Description |
|---|---|
| 550819 | guacd is consuming too much memory and CPU resources during operation. |
| 610995 | SSL VPN web mode gets error when accessing internal website at https://st***.st***.ca/. |
System
| Bug ID | Description |
|---|---|
| 464340 | EHP drops for units with no NP service module. |
| 555616 | When NTurbo is enabled, it is unexpectedly provided with the wrong traffic direction information (from server or from client) to decide the destination for the data. This causes the traffic to be sent back to the port where it came from. |
| 572038 | VPN throughput dropped when FEC is enabled. |
| 607565 | Interface emac-vlan feature does not work on SoC4 platform. |
| 647309 | HA kernel crash at filter4 module and subsequent loop of failure at mm/vmalloc.c:1341/__get_vm_area_node()!. |
| 648085 | Link status on peer device is not down when the admin port is down on the FortiGate. |
| 663826 | Fortinet Factory certificate key integrity check failed in diagnose hardware certificate command. |
| 666418 | SFP interfaces on FG-330xE do not show link light. |
| 668856 | Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped. |
| 672183 | UDP 4500 inter-VDOM traffic is not offloaded, causing BFD/IPsec to drop. |
| 675508 | When provisioning FortiGate and FortiSwitch with enforced 6.4.2 firmware in FortiManager, the physical port for FortiLink is down and cannot connect to the FortiSwitch. |
| 677263 | When changing the interface speed, some checking is skipped if it is set from FortiManager. |
| 677568 | Failed to parse execute restore config properly when the command is from a FortiManager script. |
| 678469 | Configuration attribute field in system event logs has length limitation. |
| 680881 | Rebooting device causes interface mode to change from static to DHCP. |
| 686539 | Egress interface-based traffic shaping is not applied if the session is processed by NTurbo. |
User & Authentication
| Bug ID | Description |
|---|---|
| 580391 | Unable to create MAC address-based policies in NGFW. |
VM
| Bug ID | Description |
|---|---|
| 596742 | Azure SDN connector replicates configuration from primary device to secondary device during configuration restore. |
| 617046 | FG-VMX manager not showing all the nodes deployed. |
| 639258 | Autoscale GCP health check is not successful (port 8443 HTTPS). |
| 668625 | During every FortiGuard UTM update, there is high CPU usage because only one vCPU is available. |
| 689239 | Azure route table is not using the proper subscription ID during failover. |
WiFi Controller
| Bug ID | Description |
|---|---|
| 662714 | The security-redirect-url setting is missing when the portal-type is auth-mac. |
| 677994 | Newly discovered and authorized FortiAP will cause HA sync issue. On the HA secondary member, if the WTP profile has a radio in monitor mode, it will be changed to AP mode and unset the band. |
| 690483 | Wireless default WTP profile not synchronized between FWF-61E with HA A-A mode. |
Notatki producenta: FortiOS 6.4.5
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
