Producent oprogramowania Fortinet udostępnił najnowszą aktualizację dla FortiSwitch o oznaczeniu 7.2.5. Aktualizacja naprawia problemy z poprawnym działaniem list ACL dla modelu FS-3032E. Modele FS-148F-FPOE i FS-148F-POE mogą zapewnić zasilanie Power over Ethernet (PoE) telefonom Cisco z kluczowymi modułami rozszerzeń (KEM) i wiele innych o czym można przeczytać poniżej.
Wspierane modele:
| FortiSwitch 1xx | FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE |
| FortiSwitch 2xx | FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE |
| FortiSwitch 4xx | FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448E, FS-448E-POE, FS-448E-FPOE |
| FortiSwitch 5xx | FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE |
| FortiSwitch 1xxx | FS-1024D, FS-1024E, FS-1048E, FS-T1024E |
| FortiSwitch 3xxx | FS-3032E |
| FortiSwitch Rugged | FSR-112D-POE, FSR-124D, FSR-424F-POE |
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 860773 | The output of the diagnose sys psu status command is wrong for the FSR-112D-POE model when both power supply units (PSUs) are connected and on. |
| 866288 | ACLs should work correctly on the FS-3032E model. |
| 878762 | A VLAN interface labeled mgmt causes the GUI to crash frequently. |
| 889987 | When the port descriptions are too long, a “500 Internal Server Error” is reported. |
| 891323 | Going to the Router > Config > OSPF > Areas page results in an Internal Server Error. |
| 896010 | The FS-524D and FS-524D-FPOE models will assign two split ports with the same physical MAC address. |
| 896925 | After configuring the set edge-port disabled command, “BPDU Guard: Resetting <interface_name>” is added to the log. |
| 897887 | After enabling the blocking of intra-VLAN traffic on the VLAN, the clients cannot reach the Internet. |
| 898637 | The set poe-pre-standard-detect enable command does not work on the FS-124F-FPOE and FS-148F-FPOE models. |
| 902062 | After upgrading to FortiSwitchOS 7.2.2, the SFP link between the FS-124E model and the Calix E-9 System randomly turns off. |
| 902493 | The FS-148F-FPOE and FS-148F-POE models need to provide power over Ethernet (PoE) power to Cisco phones with Key Expansion Modules (KEMs). |
| 902910 | The 2048 key size generated certificate file shows the wrong key size in the CSR decoder. |
| 905384 | The IGMP-snooping daemon crashes on the FS-148F model. |
| 906594 | The GUI needs to support static IP/32. |
| 909353 | The FS-448E, FS-448E-POE, and FS-448E-FPOE models should provide the hardware status and temperature monitoring using the SNMP OIDs. |
| 910257 | Going to System > Config > Firmware results in a “500 Internal Server Error.” |
| 917919 | The GUI produces an “Internal server error” after an administrator user that is more than 35 characters long tries to log in. |
| 918017 | Using RSPAN on managed FSR-112D switches under FortiOS 7.0.11 causes network interruptions. |
| 921600 | Unplugging and then plugging in a PC connected to an FS-221E-POE model causes the STP state to change. |
Znane problemy:
| Bug ID | Description |
|---|---|
| 382518, 417024, 417073, 417099, 438441 | DHCP snooping and dynamic ARP inspection (DAI) do not work with private VLANs (PVLANs). |
| 414972 | IGMP snooping might not work correctly when used with 802.1x Dynamic VLAN functionality. |
| 480605 | When DHCP snooping is enabled on the FSR-112D-POE, the switched virtual interface (SVI) cannot get the IP address from the DHCP server.
Workarounds: |
| 510943 | The time-domain reflectometer (TDR) function (cable diagnostics feature) reports unexpected values.
Workaround: When using the cable diagnostics feature on a port (with the |
| 542031 | For the 5xx switches, the diagnose switch physical-ports led-flash command flashes only the SFP port LEDs, instead of all the port LEDs. |
| 548783 | Some models support setting the mirror destination to “internal.” This is intended only for debugging purposes and might prevent critical protocols from operating on ports being used as mirror sources. |
| 572052 | Backup files from FortiSwitchOS 3.x that have 16-character-long passwords fail when restored on FortiSwitchOS 6.x. In FortiSwitchOS 6.x, file backups fail with passwords longer than 15 characters.
Workaround: Use passwords with a maximum of 15 characters for FortiSwitchOS 3.x and 6.x. |
| 585550 | When packet sampling is enabled on an interface, packets that should be dropped by uRPF will be forwarded. |
| 606044/610149 | The results are inaccurate when running cable diagnostics on the FS-108E, FS-124E, FS-108E-POE, FS-108E-FPOE, FS-124E-POE, FS-124E-FPOE, FS-148E, and FS-148E-POE models. |
| 609375 | The FortiSwitchOS supports four priority levels (critical, high, medium, and low); however, The SNMP Power Ethernet MIB only supports three levels. To support the MIB, a power priority of medium is returned as low for the PoE MIB. |
| 659487 | The FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE, FS-148E, and FS-148E-POE models support ACL packet counters but not byte counters. The get switch acl counters commands always show the number of bytes as 0. |
| 667079 | For the FSR-112D-POE model:
|
| 673433 | Some 7-meter direct-attach cables (DACs) cause traffic loss for the FS- 448E model. |
| 748210 | The MAC authentication bypass (MAB) sometimes does not work on the FS-424E when a third-party hub is disconnected and then reconnected. |
| 784585 | When a dynamic LACP trunk has formed between switches in an MRP ring, the MRP ring cannot be closed. Deleting the dynamic LACP trunk does not fix this issue. MRP supports only physical ports and static trunks; MRP does not support dynamic LACP trunks.
Workaround: Disable MRP and then re-enable MRP. |
| 793145 | VXLAN does not work with the following:
|
| 828603 | The oids.html file is not accurate. |
| 829807 | eBGP does not advertise routes to its peer by default unless the set ebgp-requires-policy disable command is explicitly configured or inbound/outbound policies are configured. |
| 867108 | Depending on your browser type/version, web UI access might fail when using TLS 1.3 and client certificate authentication.
Workaround: Use TLS 1.2. |
| 922571 | The user cannot import the PKCS12 certificate.
Workaround: Use TFTP to import the PKCS12 certificate. For example: execute system certificate local import tftp p12_certificate_1.p12 1.2.3.4 p12 password123 |
| 925173 | You cannot import a PKCS12-formatted file if it does not have a password.
Workaround: Extract the certificate and key from the |
Notatki producenta: FortiSwitch 7.2.5
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
