Producent oprogramowania Fortinet udostępnił najnowszą aktualizację dla FortiOS o numerze wersji 7.2.3. Dzięki aktualizacji, został rozwiązany problem z przeglądaniem logów w technologii FortiGate Cloud, gdzie problem dotyczył braków logów dla okresu 5 minut i 1 godziny. Ponadto, od wersji 7.2.1 występował problem z kolejnością reguł SD-WAN, na skutek nowszej wersji błędne działanie zostało rozwiązane. Aktualizacja naprawiła problem z błędnym synchronizowaniem klastra HA, który wynikał z powodu częstych logowań i wylogowań użytkowników przy połączeniu SSL VPN. Po więcej ciekawych informacji zapraszamy do dalszej części posta
Aktualnie wspierane modele:
FortiGate | FG-40F, FG-40F-3G4G, FG-60E, FG-60E-DSL, FG-60E-DSLJ, FG-60E-POE, FG-60F, FG-61E, FG-61F, FG-80E, FG-80E-POE, FG-80F, FG-80F-BP, FG-80F-POE, FG-81E, FG-81E-POE, FG-81F, FG-81F-POE, FG-90E, FG-91E, FG-100E, FG-100EF, FG-100F, FG-101E, FG-101F, FG-140E, FG-140E-POE, FG-200E, FG-200F, FG-201E, FG-201F, FG-300E, FG-301E, FG‑400E, FG-400E-BP, FG‑401E, FG‑500E, FG-501E, FG-600E, FG-601E, FG-800D, FG‑900D, FG-1000D, FG-1100E, FG-1101E, FG-1500D, FG-1500DT, FG-1800F, FG-1801F, FG-2000E, FG-2200E, FG-2201E, FG-2500E, FG-2600F, FG-2601F, FG-3000D, FG-3100D, FG‑3200D, FG-3300E, FG-3301E, FG-3400E, FG-3401E, FG-3500F, FG-3501F, FG-3600E, FG-3601E, FG-3700D, FG-3960E, FG‑3980E, FG-4200F, FG-4201F, FG-4400F, FG-4401F, FG-5001E, FG‑5001E1 |
FortiWiFi | FWF-40F, FWF-40F-3G4G, FWF-60E, FWF-60E-DSL, FWF-60E-DSLJ, FWF-60F, FWF-61E, FWF-61F, FWF-80F-2R, FWF-81F-2R, FWF-81F-2R-POE, FWF-81F-2R-3G4G-POE |
FortiGate Rugged | FGR-60F, FGR-60F-3G4G |
FortiGate VM | FG-ARM64-AWS, FG-ARM64-KVM, FG-VM64, FG-VM64-ALI, FG-VM64-AWS, FG-VM64-AZURE, FG‑VM64‑GCP, FG-VM64-HV, FG-VM64-IBM, FG-VM64-KVM, FG‑VM64‑OPC, FG‑VM64-RAXONDEMAND, FG-VM64-XEN |
Rozwiązane problemy:
Anti Virus
Bug ID | Description |
---|---|
794575 | If FortiGate Cloud is selected as sandbox server under Security Fabric > Fabric Connectors, an anti virus profile with settings to Send files to FortiSandbox for inspection does not get saved in the GUI. |
Explicit Proxy
Bug ID | Description |
---|---|
803228 | When converting an explicit proxy session to SSL redirect and if this session already has connected to an HTTP server, the WAD crashes continuously with signal 11. |
GUI
Bug ID | Description |
---|---|
829313 | The dropdown field for the IdP Certificate is empty when editing an SSO user configuration (User & Authentication > Single Sign-On), even though the summary shows an IdP certificate. |
835089 | Unable to move SD-WAN rule ordering in the GUI (FortiOS 7.2.1). |
HA
Bug ID | Description |
---|---|
823687 | A cluster is repeatedly out-of sync due to external files (SSLVPN_AUTH_GROUPS) when there are frequent user logins and logouts. |
IPsec VPN
Bug ID | Description |
---|---|
765868 | The packets did not pass through QTM, and SYN packets bypass the IPsec tunnel once traffic is offloaded. Affected platforms: NP7 models. |
Log & Report
Bug ID | Description |
---|---|
789007 | Unable to select FortiAnalyzer as a data source on the Summary tab for the System Events and Security Events pages. |
826431 | FortiGate Cloud log viewer shows no results for the 5 minutes and 1 hour time period due to an incorrect timestamp (24 hours is OK). |
Proxy
Bug ID | Description |
---|---|
780182 | WAD crash occurred when forwarding the release bytes from the IPS engine to the server and the connection to the server is closed. |
825496 | Explicit proxy traffic is terminated when IPS is enabled. The exact failure happened upon certificate inspection. |
836198 | Console randomly displays a read_tagbuf - 152: Failed to open device: /dev/sdb errno:2(No such file or directory) error. |
Routing
Bug ID | Description |
---|---|
822659 | Secure SD-WAN Monitor in FortiAnalyzer does not show graphs when the SLA target is not configured in SD-WAN performance SLA. |
SSL VPN
Bug ID | Description |
---|---|
856316 | Browser displays an Error, Feature is not available message if a file larger than 1 MB is uploaded from FTP or SMB using a web bookmark, even though the file is uploaded successfully. There are no issues with downloading files. |
System
Bug ID | Description |
---|---|
810879 | DoS policy ID cannot be moved in GUI and CLI when enabling multiple DoS policies. |
855151 | There may be a race condition between the CMDB initializing and the customer language file loading, which causes the customer language file be removed after upgrading. |
User & Authentication
Bug ID | Description |
---|---|
822923 | When a device is detected as vulnerable, its source is not set and the inventory query quits. |
827458 | A User device store query error (error code: -1) warning appears on the Asset Identity Center page. |
WiFi Controller
Bug ID | Description |
---|---|
821803 | Wireless multicast traffic causes the cw_acd process to have high CPU usage and triggers a hostapd crash. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID | CVE references |
---|---|
846234 | FortiOS 7.2.3 is no longer vulnerable to the following CVE Reference:
|
846854 | FortiOS 7.2.3 is no longer vulnerable to the following CVE Reference:
|
Notatki producenta: FortiOS 7.2.3
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie