Najnowsza aktualizacja FortiSwitchOS 7.4.0 przynosi wiele zmian i poprawek. Jedną z najważniejszych jest naprawa problemu z logowaniem do interfejsu GUI, który występował, gdy hasło administratora zawierało spacje. Dodatkowo, zaktualizowano system tak, aby konsola internetowa była dostępna tylko dla profilu super_admin. Naprawiono również wewnętrzny błąd serwera, który pojawiał się po przejściu do zakładki Router > Config > OSPF > Areas. Wraz z tymi poprawkami, rozwiązano także kilka innych zgłaszanych problemów użytkowników. Więcej szczegółów znajdziesz w poniższym artykule.

Co nowego w FortiSwitch 7.4.0: 

FortiSwitch 7.4.0 wprowadza kilka nowych funkcji i usprawnień. Oto kilka z najważniejszych:

1. Ulepszony Dashboard: Strona System > Dashboard została przeorganizowana, aby zapewnić bardziej kompleksowy przegląd stanu działania jednostki FortiSwitch. Zawiera wykresy przedstawiające wykorzystanie procesora, pamięci RAM oraz temperaturę dla ostatniego dnia i ostatniego tygodnia.
2. Wzmożone monitorowanie: Wykresy ruchu portów, interfejsów oraz utraty pakietów zostały ulepszone, aby zapewnić bardziej szczegółowe i dokładne monitorowanie wydajności sieci.
3. Graficzne wyświetlanie tras: Monitor tras (Router > Monitor > Routing) teraz prezentuje trasy w formie graficznej i tabelarycznej, ułatwiając wizualizację i zarządzanie trasowaniem sieci.
4. Ulepszenia interfejsu GUI: Interfejs graficzny (GUI) został ulepszony o dodatkowe funkcje, takie jak możliwość dodawania użytkownika współpracującego, ulepszone strony monitorowania 802.1x oraz weryfikację sygnatury obrazu systemowego podczas przesyłania oprogramowania układowego.

Aktualnie wspierane modele:

FortiSwitch 1xx	FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE
FortiSwitch 2xx	FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE
FortiSwitch 4xx	FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448E, FS-448E-POE, FS-448E-FPOE
FortiSwitch 5xx	FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE
FortiSwitch 1xxx	FS-1024D, FS-1024E, FS-1048E, FS-T1024E
FortiSwitch 3xxx	FS-3032E
FortiSwitch Rugged	FSR-112D-POE, FSR-124D, FSR-424F-POE

Rozwiązane problemy:

Bug ID	Description
829804	Changed which CLI commands are available, depending on whether the user has the enhanced debugging license.
833450	Do not use multicast IP addresses in the ranges of 224-239.0.0.x and 224-239.128.0.x on the FS-2xxD, FS-2xxE, FS-4xxD, and FS-4xxE models.
848619	When connecting FS-124F-POE to FS-148F-POE with the FTLF8519P3BNLFTN, the SFP module port does not come up on the FS-148F-POE when auto-module is configured.
856123	When the network-monitor settings are enabled, there are multiple “CPU_SENSOR (78.0%) cleared warning threshold of (85.0%)” messages in the log.
859563	When the admin password contains a space and is set in the GUI, the user cannot log in using the GUI.
866288	ACLs should work correctly on the FS-3032E model.
867758	FortiSwitch units using IPv6 do not respond to SNMPv3 requests.
868358	It should optional to specify the Certificate Authority (CA) name when downloading the CA certificate using the Simple Certificate Enrollment Protocol (SCEP).
868886, 869843	The GUI for the FS-224E-POE, FS-248E-POE, FS-448E-POE, FS-248E-FPOE, and FS-M426E-FPOE models shows the ports in brown and the message, “This port is unavailable under the current configuration.”
869616	The FortiAnalyzer and FortiSwitch logs have multiple entries about the fan tray being detected or undetected on an FS-1048E switch, although the fan status is good.
872727	After upgrading FortiSwitchOS, the status of PSU2 is wrongly reported as “Not inserted.”
874684	Some layer-2 managed FortiSwitch units are flagged as being layer-3 switches in the output for the execute switch-controller get-conn-status command.
876134	The Switch > Interfaces page indicates that more than one security group can be selected, although only one is supported.
877360	Using one of the mac-move commands on FX-1xxE and FS-1xxF models causes protocol packets to be dropped when allowing an 802.1X client to move between ports that are not directly connected to the FortiSwitch unit without having to delete the 802.1X session.
878762	A VLAN interface labeled mgmt causes the GUI to crash frequently.
879156	Creating a new LLDP-MED profile in the GUI results in an Internal Server Error.
885609	The Web console only works with the super_admin profile.
891323	Going to the Router > Config > OSPF > Areas page results in an Internal Server Error.
892788	After the switch is rebooted, the fortilink-auto-discovery setting changes from disabled to enabled.
896010	Some switches will assign two split ports with the same physical MAC address.
896288	For VXLAN interfaces, the static MAC addresses on the VLAN need to be added to the VXLAN MAC address table instead of the VLAN MAC address table.
898637	The set poe-pre-standard-detect enable command does not work on the FS-124F-FPOE and FS-148F-FPOE models.
902910	The 2048 key size generated certificate file shows the wrong key size in the CSR decoder.
905384	The IGMP-snooping daemon crashes on the FS-148F model.
906594	The GUI needs to support static IP/32.

Znane problemy:

Bug ID	Description
382518, 417024, 417073, 417099, 438441	DHCP snooping and dynamic ARP inspection (DAI) do not work with private VLANs (PVLANs).
414972	IGMP snooping might not work correctly when used with 802.1x Dynamic VLAN functionality.
480605	When DHCP snooping is enabled on the FSR-112D-POE, the switched virtual interface (SVI) cannot get the IP address from the DHCP server. Workarounds: —Use a static IP address in the SVI when DHCP snooping is enabled on that VLAN. —Temporarily disable dhcp-snooping on vlan, issue the execute interface dhcpclient-renew <interface> command to renew the IP address. After the SVI gets the IP address from the DHCP server, you can enable DHCP snooping.
510943	The time-domain reflectometer (TDR) function (cable diagnostics feature) reports unexpected values. Workaround: When using the cable diagnostics feature on a port (with the diagnose switch physical-ports cable-diag <physical port name> CLI command), ensure that the physical link on its neighbor port is down. You can disable the neighbor ports or physically remove the cables.
542031	For the 5xx switches, the diagnose switch physical-ports led-flash command flashes only the SFP port LEDs, instead of all the port LEDs.
548783	Some models support setting the mirror destination to “internal.” This is intended only for debugging purposes and might prevent critical protocols from operating on ports being used as mirror sources.
572052	Backup files from FortiSwitchOS 3.x that have 16-character-long passwords fail when restored on FortiSwitchOS 6.x. In FortiSwitchOS 6.x, file backups fail with passwords longer than 15 characters. Workaround: Use passwords with a maximum of 15 characters for FortiSwitchOS 3.x and 6.x.
585550	When packet sampling is enabled on an interface, packets that should be dropped by uRPF will be forwarded.
606044/610149	The results are inaccurate when running cable diagnostics on the FS-108E, FS-124E, FS-108E-POE, FS-108E-FPOE, FS-124E-POE, FS-124E-FPOE, FS-148E, and FS-148E-POE models.
609375	The FortiSwitchOS supports four priority levels (critical, high, medium, and low); however, The SNMP Power Ethernet MIB only supports three levels. To support the MIB, a power priority of medium is returned as low for the PoE MIB.
659487	The FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE, FS-148E, and FS-148E-POE models support ACL packet counters but not byte counters. The get switch acl counters commands always show the number of bytes as 0.
667079	For the FSR-112D-POE model: If you have enabled IGMP snooping or MLD snooping, the FortiSwitch unit does not support IPv6 features and cannot pass IPv6 protocol packets transparently. If you want to use IGMP snooping or MLD snooping with IPv6 features, you need to enable set flood-unknown-multicast under the config switch global command.
673433	Some 7-meter direct-attach cables (DACs) cause traffic loss for the FS- 448E model.
748210	The MAC authentication bypass (MAB) sometimes does not work on the FS-424E when a third-party hub is disconnected and then reconnected.
784585	When a dynamic LACP trunk has formed between switches in an MRP ring, the MRP ring cannot be closed. Deleting the dynamic LACP trunk does not fix this issue. MRP supports only physical ports and static trunks; MRP does not support dynamic LACP trunks. Workaround: Disable MRP and then re-enable MRP.
793145	VXLAN does not work with the following: log-mac-event DHCP snooping LLDP-assigned VLANs NAC Block intra-VLAN traffic
828603	The oids.html file is not accurate.
829807	eBGP does not advertise routes to its peer by default unless the set ebgp-requires-policy disable command is explicitly configured or inbound/outbound policies are configured.
867108	Depending on your browser type/version, web UI access might fail when using TLS 1.3 and client certificate authentication. Workaround: Use TLS 1.2.
916405	FortiSwitchOS should not allow MACsec and 802.1X authentication to be configured on the same port.
919990	The GUI displays a warning message of “Unverified Image Detected” when the user logs in to FortiSwitchOS 7.4.0 build 0767, even though the image is verified.

Notatki producenta: FortiSwitch 7.4.0

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Fortinet FortiSwitch fortiswitchos