Producent Fortinet udostępnił najnowszą aktualizację dla oprogramowania FortiSwitch 6.4.11. Nie będzie już problemu z brakiem dostępu do systemu po restarcie – niewłaściwości były związane ze zwiększeniem zużycia pamięci podczas uruchomienia. Ponadto producent poprawił działanie protokołu STP oraz błędne raportowanie stanu POE. Dzięki aktualizacji skorygowano dostęp zaufanych adresów IP do systemu FortiSwitch. Po więcej ciekawych informacji zapraszamy do dalszej części posta.
Aktualnie wspierane modele:
| FortiSwitch 1xx | FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108FFPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE |
| FortiSwitch 2xx | FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248EFPOE |
| FortiSwitch 4xx | FS-424D, FS-424D-FPOE, FS-424D-POE, FS-424E, FS-424E-POE, FS-424EFPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448D, FS-448D-FPOE, FS-448DPOE, FS-448E, FS-448E-POE, FS-448E-FPOE |
| FortiSwitch 5xx | FS-524D-FPOE, FS-524D, FS-548D, FS-548D-FPOE |
| FortiSwitch 1xxx | FS-1024D, FS-1048D, FS-1048E |
| FortiSwitch 3xxx | FS-3032D, FS-3032E |
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 748640 | When STP is disabled on a port, the port should not run any state machines |
| 759992 | After restarting the FortiSwitch unit, memory usage increases, and the user cannot access the FortiSwitch unit with the CLI or GUI. |
| 763264 | Displaying the Switch > Port > Physical page or the dashboard causes high CPU usage. |
| 763306 | An Intermediate System to Intermediate System Protocol (IS-IS) daemon memory leak occurs when one link goes up and down continuously. |
| 771767 | Trusted hosts with a mask other than /32 cannot access the FortiSwitch unit. |
| 777526 | The system wrongly identifies the default time stamp counter (TSC) as unreliable, causing clock issues. |
| 796806 | The FortiSwitch unit now reboots when the set cfg-save revert command is executed. If the cfg-revert-timeout command has been configured, after the specified number of seconds, the FortiSwitch unit reboots and reverts to the previous configuration. |
| 802786 | Virtual IP addresses cannot be used in a FortiGate device to redirect the public IP address to the private IP address of the FortiSwitch unit. |
Znane problemy:
| Bug ID | Description |
|---|---|
| 382518, 417024, 417073, 417099, 438441 |
DHCP snooping and dynamic ARP inspection (DAI) do not work with private VLANs (PVLANs). |
| 414972 | IGMP snooping might not work correctly when used with 802.1x Dynamic VLAN functionality |
| 480605 | When DHCP snooping is enabled on the FSR-112D-POE, the switched virtual interface (SVI) cannot get the IP address from the DHCP server. Workarounds: —Use a static IP address in the SVI when DHCP snooping is enabled on that VLAN. —Temporarily disable dhcp-snooping on vlan, issue the execute interface dhcpclient-renew command to renew the IP address. After the SVI gets the IP address from the DHCP server, you can enable DHCP snooping. |
| 510943 | The time-domain reflectometer (TDR) function (cable diagnostics feature) reports unexpected values. Workaround: When using the cable diagnostics feature on a port (with the diagnose switch physical-ports cable-diag CLI command), ensure that the physical link on its neighbor port is down. You can disable the neighbor ports or physically remove the cables. |
| 520954 | When a “FortiLink mode over a layer-3 network” topology has been configured, the FortiGate GUI does not always display the complete network |
| 542031 | For the 5xx switches, the diagnose switch physical-ports led-flash command flashes only the SFP port LEDs, instead of all the port LEDs. |
| 548783 | Some models support setting the mirror destination to “internal.” This is intended only for debugging purposes and might prevent critical protocols from operating on ports being used as mirror sources. |
| 572052 | Backup files from FortiSwitchOS 3.x that have 16-character-long passwords fail when restored on FortiSwitchOS 6.x. In FortiSwitchOS 6.x, file backups fail with passwords longer than 15 characters. Workaround: Use passwords with a maximum of 15 characters for FortiSwitchOS 3.x and 6.x. |
| 585550 | When packet sampling is enabled on an interface, packets that should be dropped by uRPF will be forwarded. |
| 606044 | The value for cable length is wrong when running cable diagnostics on the FS108E, FS-124E, FS-108E-POE, FS-108E-FPOE, FS-124E-POE, FS-124E-FPOE, FS-148E, and FS-148E-POE models. |
| 609375 | The FortiSwitchOS supports four priority levels (critical, high, medium, and low); however, The SNMP Power Ethernet MIB only supports three levels. To support the MIB, a power priority of medium is returned as low for the PoE MIB. |
| 610149 | The results are inaccurate for open and short cables when running cable diagnostics on the FS-108E, FS-124E, FS-108E-POE, FS-108E-FPOE, FS-124EPOE, FS-124E-FPOE, FS-148E, and FS-148E-POE models. |
| 673433 | Some 7-meter DAC cables cause traffic loss for the FS- 448E model. |
| 682442 | Do not use FCLF8521P2BTL and FCLF8522P2BTL modules. They are not supported and can cause issues on the FortiSwitch unit. To find supported modules, refer to the FortiSwitch-Compatible Transceivers matrix. |
Notatki producenta: FortiSwitch 6.4.11
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
