Producent oprogramowania Fortinet udostępnił najnowszą aktualizację dla urządzeń FortSwitch o numerze 6.4.10. Dzięki aktualizacji, zostały poprawione błędy dotyczące niewłaściwego uwierzytelniania opartego o standard 802.1x, gdzie poprawne działanie było możliwe dopiero po ponownym uruchomieniu urządzenia. Co więcej, problem dotyczący braku usuwania informacji o MAC adresie na porcie, został naprawiony. Od wersji 6.4.10, zmiana ustawień prędkości na portach z 10GB na 1 GB, nie powinna powodować żadnych problemów. Po więcej szczegółowych informacji, zapraszam do dalszej części artykułu
Aktualnie wspierane modele:
| FortiSwitch 1xx | FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108FFPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE |
| FortiSwitch 2xx | FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248EFPOE |
| FortiSwitch 4xx | FS-424D, FS-424D-FPOE, FS-424D-POE, FS-424E, FS-424E-POE, FS-424EFPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448D, FS-448D-FPOE, FS-448DPOE, FS-448E, FS-448E-POE, FS-448E-FPOE |
| FortiSwitch 5xx | FS-524D-FPOE, FS-524D, FS-548D, FS-548D-FPOE |
| FortiSwitch 1xxx | FS-1024D, FS-1048D, FS-1048E |
| FortiSwitch 3xxx | FS-3032D, FS-3032E |
| FortiSwitch Rugged | FSR-112D-POE, FSR-124D |
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 746988 | In a dual-home, FortiLink configuration, an FS-1024D unit caused a network outage. |
| 748177 | When the network monitor is enabled, the MCLAG trunk becomes unstable. |
| 748317 | The unset allowaccess command does not work for the internal interface and secondary IP address |
| 749483 | The external sensor does not respond to the monitor/system/pcb-temp endpoint. |
| 749744 | Setting the 10G moduleʼs speed to 1G should not cause error messages |
| 752085 | When the switch receives a recordAgreement, the FS-1024D sends the bridge protocol data unit (BPDU) with the proposal bit on every 2 seconds |
| 752121 | After the port is shut down, the MAC address is not cleared |
| 753630 | When the 802.1x port-based authentication daemon crashes, MAB does not function until the switch is restarted. |
| 754232 | The user is receiving “internal PS changes to good state” and “internal PS changes to bad state” warning messages. |
| 760536 | The SNMP trap for a failed or restored power supply is using the wrong object identifier (OID) |
| 763953 | After LDAP authentication is successful, the admin user cannot log in. |
| 765197 | Automatic topology creates an ISL trunk between two switches with the wrong value for the native VLAN. |
Znane problemy:
| Bug ID | Description |
|---|---|
| 382518, 417024, 417073, 417099, 438441 |
DHCP snooping and dynamic ARP inspection (DAI) do not work with private VLANs (PVLANs). |
| 414972 | IGMP snooping might not work correctly when used with 802.1x Dynamic VLAN functionality. |
| 480605 | When DHCP snooping is enabled on the FSR-112D-POE, the switched virtual interface (SVI) cannot get the IP address from the DHCP server. Workarounds: —Use a static IP address in the SVI when DHCP snooping is enabled on that VLAN. —Temporarily disable dhcp-snooping on vlan, issue the execute interface dhcpclient-renew command to renew the IP address. After the SVI gets the IP address from the DHCP server, you can enable DHCP snooping. |
| 510943 | The time-domain reflectometer (TDR) function (cable diagnostics feature) reports unexpected values. Workaround: When using the cable diagnostics feature on a port (with the diagnose switch physical-ports cable-diag CLI command), ensure that the physical link on its neighbor port is down. You can disable the neighbor ports or physically remove the cables. |
| 520954 | When a “FortiLink mode over a layer-3 network” topology has been configured, the FortiGate GUI does not always display the complete network. |
| 542031 | For the 5xx switches, the diagnose switch physical-ports led-flash command flashes only the SFP port LEDs, instead of all the port LEDs. |
| 548783 | Some models support setting the mirror destination to “internal.” This is intended only for debugging purposes and might prevent critical protocols from operating on ports being used as mirror sources |
| 572052 | Backup files from FortiSwitchOS 3.x that have 16-character-long passwords fail when restored on FortiSwitchOS 6.x. In FortiSwitchOS 6.x, file backups fail with passwords longer than 15 characters. Workaround: Use passwords with a maximum of 15 characters for FortiSwitchOS 3.x and 6.x |
| 585550 | When packet sampling is enabled on an interface, packets that should be dropped by uRPF will be forwarded. |
| 606044 | The value for cable length is wrong when running cable diagnostics on the FS108E, FS-124E, FS-108E-POE, FS-108E-FPOE, FS-124E-POE, FS-124E-FPOE, FS-148E, and FS-148E-POE models |
| 609375 | The FortiSwitchOS supports four priority levels (critical, high, medium, and low); however, The SNMP Power Ethernet MIB only supports three levels. To support the MIB, a power priority of medium is returned as low for the PoE MIB. |
| 610149 | The results are inaccurate for open and short cables when running cable diagnostics on the FS-108E, FS-124E, FS-108E-POE, FS-108E-FPOE, FS-124EPOE, FS-124E-FPOE, FS-148E, and FS-148E-POE models |
| 673433 | Some 7-meter DAC cables cause traffic loss for the FS- 448E model. . |
| 682442 | Do not use FCLF8521P2BTL and FCLF8522P2BTL modules. They are not supported and can cause issues on the FortiSwitch unit. To find supported modules, refer to the FortiSwitch-Compatible Transceivers matrix. |
Notatki producenta: FortiSwitch 6.4.10
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
