Producent oprogramowania Fortinet udostępnił najnowszą aktualizację produktu FortiOS do wersji 7.0.15. Dzięki tej aktualizacji poprawiono funkcjonowanie kontroli aplikacji na urządzeniach FG-400F, eliminując problem z nadmierną utratą pakietów. Usprawniono również mechanizmy High Availability (HA) oraz proces aktualizacji, rozwiązując kwestie związane z utratą certyfikacji systemu oraz błędami podczas aktualizacji z wersji 7.0.14 GA do 7.2.8 GA. Ponadto, zwiększono wydajność połączeń SIP w infrastrukturze Hyperscale, poprawiając obsługę ruchu SIP. Te zmiany znacząco wpływają na wydajność i bezpieczeństwo systemu, o czym można przeczytać w szczegółowych notatkach poniżej.
Wspierane urządzenia:
| FortiGate | FG-40F, FG-40F-3G4G, FG-60E, FG-60E-DSL, FG-60E-DSLJ, FG-60E-POE, FG-60F, FG61E, FG-61F, FG-70F, FG-71F, FG-80E, FG-80E-POE, FG-80F, FG-80F-BP, FG-80F-POE, FG-81E, FG-81E-POE, FG-81F, FG-81F-POE, FG-90E, FG-91E, FG-100E, FG-100EF, FG100F, FG-101E, FG-101F, FG-140E, FG-140E-POE, FG-200E, FG-200F, FG-201E, FG201F, FG-300E, FG-301E, FG-400E, FG-400E-BP, FG-400F, FG-401F, FG-401E, FG-500E, FG-501E, FG-600E, FG-601E, FG-600F, FG-601F, FG-800D, FG-900D, FG-1000D, FG1100E, FG-1101E, FG-1200D, FG-1500D, FG-1500DT, FG-1800F, FG-1801F, FG-2000E, FG-2200E, FG-2201E, FG-2500E, FG-2600F, FG-2601F, FG-3000D, FG-3000F, FG-3001F, FG-3100D, FG-3200D, FG-3300E, FG-3301E, FG-3400E, FG-3401E, FG-3500F, FG-3501F, FG-3600E, FG-3601E, FG-3700D, FG-3800D, FG-3960E, FG-3980E, FG-4200F, FG-4201F, FG-4400F, FG-4401F, FG-5001E, FG-5001E1 |
| FortiWiFi | FWF-40F, FWF-40F-3G4G, FWF-60E, FWF-60E-DSL, FWF-60E-DSLJ, FWF-60F, FWF61E, FWF-61F, FWF-80F-2R, FWF-81F-2R, FWF-81F-2R-POE, FWF-81F-2R-3G4G-POE |
| FortiGate Rugged | FGR-60F, FGR-60F-3G4G |
| FortiFirewall | FFW-3980E, FFW-VM64, FFW-VM64-KVM |
| FortiGate V | FG-ARM64-AWS, FG-ARM64-KVM, FG-ARM64-OCI, FG-VM64, FG-VM64-ALI, FG-VM64- AWS, FG-VM64-AZURE, FG-VM64-GCP, FG-VM64-HV, FG-VM64-IBM, FG-VM64-KVM, FG-VM64-OPC, FG-VM64-RAXONDEMAND, FG-VM64-SVM, FG-VM64-VMX, FG-VM64-XEN |
| Pay-as-you-go images | FOS-VM64, FOS-VM64-HV, FOS-VM64-KVM, FOS-VM64-XEN |
Rozwiązane problemy:
Application Control
| Bug ID | Description |
|---|---|
| 952307 | FG-400F sees increased packet loss when using an application list in the policy. |
FortiGate 6000 and 7000 platforms
| Bug ID | Description |
|---|---|
| 949175 | During FIM failover from FIM2 to FIM1, the NP7 PLE sticks on a cache invalidation, stopping traffic. |
HA
| Bug ID | Description |
|---|---|
| 869557 | Upgrading or re-uploading an image to the HA secondary node causes the OS to be un-certified. |
| 1011674 | Upgrading from 7.0.14 GA to 7.2.8 GA from an HA secondary node fails with BIOS security level 2. The new image is unrecognized as un-certified and aborts the upgrade process. The HA cluster is unaffected. |
Hyperscale
| Bug ID | Description |
|---|---|
| 936747 | Connections per second (CPS) performance of SIP sessions accepted by hyperscale firewall policies with EIM and EIF disabled that include overload with port block allocation (PBA) GCN IP pools is lower than expected. |
| 949188 | ICMP reply packets are dropped by FortiOS in a NAT64 hyperscale policy. |
| 961684 | When DoS policies are used and the system is under stress conditions, BGP might go down. |
| 976972 | New primary can get stuck on failover with HTTP CC sessions. |
Intrusion Prevention
| Bug ID | Description |
|---|---|
| 968367 | IPS engine high memory usage can cause FortiOS to go into conserve mode. |
Limitations
| Bug ID | Description |
|---|---|
| 961992 | The buffer and description queue limitation of Marvell switch ports causes a performance limitation. |
Routing
| Bug ID | Description |
|---|---|
| 935370 | SD-WAN performance SLA tcp-connect probes clash with user sessions. |
Security Fabric
| Bug ID | Description |
|---|---|
| 887967 | Fabric crashes when synchronizing objects with names longer than 64 characters. |
| 988526 | Address object changes from the CLI of the root FortiGate in Security Fabric are not synchronized with downstream devices. |
SSL VPN
| Bug ID | Description |
|---|---|
| 821240 | SSLVPNVD 11 signal failure due to attempt to read out of bounds memory. |
System
| Bug ID | Description |
|---|---|
| 828557 | FortiGate as DHCP relay is not showing a DHCP decline in the debugs when there is an IP conflict in the network. |
| 888941 | Some sessions are still reported as offloaded when auto-asic-offload is disabled. |
| 910829 | Degraded traffic bandwidth for download passing from 10G to 1G interfaces. |
| 937500, 969083 | FortiOS does not accept an installation script from FortiManager when creating an extender-profile with login-password-change is set to yes. |
| 938449 | In the 4.19 kernel, when a neighbor’s MAC is changed, the session and IPsec tunnel cannot be flushed from the NPU. |
| 943090 | Buffer and description queue limitation of Marvell switch port will cause a performance limitation. |
| 949481 | The tx_collision_err counter in the FortiOS CLI keeps increasing on both 10G SFP+ X1 and X2 interfaces. |
| 956107 | On the FortiGate 400F and 600F, the buffer and description queue limitation of the Marvell switch port causes a performance limitation. |
| 984696 | Network usage is not accurately reported by the get system performance status command. |
| 986698 | The NP7 should use the updated MAC address from the ARP table to forward traffic to the destination server. |
| 1001938 | Support Kazakhstan time zone change to a single time zone, UTC+5. |
User & Authentication
| Bug ID | Description |
|---|---|
| 1000108 | Guest-management administrators cannot see or print guest user passwords in plain text; the password is masked as ENC XXXX string. |
WiFi Controller
| Bug ID | Description |
|---|---|
| 821320 | FG-1800F drops wireless client traffic in L2 tunneled VLAN with capwap-offload enabled. |
Notatki producenta: FortiOS 7.0.15 Release Notes
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
