FortiOS 6.2.8 - B&B Bezpieczeństwo w biznesie

Producent oprogramowania Fortinet właśnie udostępnił najnowszą wersję oprogramowania dla urządzeń FortiGate o numerze wersji 6.2.8. W najnowszej wersji naprawiono błąd
gdy centralne zarządzanie było włączone, użytkownicy mogli ominąć ograniczenia GUI tylko do odczytu i zastosować zmiany zasad. Rozwiązano również problem nieaktualizującej się bazy danych złośliwych certyfikatów w jednostce podrzędnej w klastrze HA. W wersji 6.2.8 producent rozwiązał także problem demonów sslvpnd które, zużywały 99,9% procesora podczas aktualizacji zasad. Po więcej ciekawych informacji zachęcamy do zapoznania się z dalszą częścią artykułu.

Co nowego:

Bug ID	Description
634006	OpenSSL updated to 1.1.1j for security fixes.
638352	To avoid large number of new IKEv2 negotiations from starving other SAs from progressing to established states, the following enhancements have been made to the IKE daemon: Prioritize established SAs. Offload groups 20 and 21 to CP9. Optimize the default embryonic limits for mid- and high-end platforms. The IKE embryonic limit can now be configured in the CLI: config system global set ike-embryonic-limit <integer> end
644218	The host protection engine (HPE) has been enhanced to add monitoring and logging capabilities when the HPE is triggered. Users can enable or disable HPE monitoring, and configure intervals and multipliers for the frequency when event logs and attack logs are generated. These logs and monitors help administrators analyze the frequency of attack types and fine-tune the desired packet rates in the HPE shaper. config monitoring npu-hpe set status {enable \| disable} set interval <integer> set multipliers <m1>, <m2>, ... <m12> end The interval is set in seconds (1 – 60, default = 1). The multiplies are twelve integers ranging from 1 -255, the default is `4, 4, 4, 4, 8, 8, 8, 8, 8, 8, 8, 8`. An event log is generated after every (interval × multiplier) seconds for any HPE type when drops occur for that HPE type. An attack log is generated after every (4 × multiplier) number of continuous event logs.
660596	Because pre-standard POE devices are uncommon in the field, `poe-pre-standard-detection` is set to `disable` by default. Upgrading from previous builds will carry forward the configured value.
660624	When enabling the Security Fabric on the root FortiGate, the following FortiAnalyzer GUI behavior has changed: If a FortiAnalyzer appliance is enabled, then the dialog will be for the FortiAnalyzer connector. If a FortiAnalyzer appliance is disabled but FortiAnalyzer Cloud is enabled, then the dialog will be for the Cloud Logging connector. If neither the FortiAnalyzer appliance or FortiAnalyzer Cloud are enabled: If the device has a FAZC (standard FortiAnalyzer Cloud subscription) or AFAC (premium subscription) entitlement, then the dialog will be for the Cloud Logging connector. If the device does not have a FAZC or AFAC entitlement, then the dialog will be for the FortiAnalyzer connector. When FortiAnalyzer Cloud is enabled and the FortiAnalyzer appliance is disabled, then the Cloud Logging connector will not let you switch to the FortiGate Cloud FortiAnalyzer.
670345	Support Strict-Transport-Security in HTTPS redirect.
673371	Support ICMP type 13 at local interface.
680599	Increase the ICMP rate limit to allow more ICMP error message to be sent by the FortiGate per second. The ICMP rate limit has changed from 1 second (100 jiffies) to 10 milliseconds (1 jiffy).
684133	Support site-to-site IPsec VPN in an asymmetric routing scenario with a loopback interface as a VPN bound interface. config vpn ipsec phase1-interface edit <name> set interface "loopback" set loopback-asymroute {enable \| disable} next end

Rozwiązane problemy:

DNS Filter

Bug ID	Description
511729	Domain filter entries whose action is set to allow should not be logged.

Explicit Proxy

Bug ID	Description
624513	IP pool address in proxy policy is not used sometimes when enabling a security profile.
662931	Browsers change default `SameSite` cookie settings to `Lax`, and Kerberos authentication does not work in transparent proxy.
664548	When the FortiGate is configured as an explicit proxy and AV is enabled on the proxy policy, users cannot access certain FTP sites.
681054	Web proxy users are disconnected due to external resource update flushing the user even if they do not have an authentication rule using the related proxy address or IP list.
689002	Proxy traffic failed after modifying resource setting in external connector.
697566	Explicit proxy unable to access a particular URL (https://***.my.salesforce.com) after upgrading from 5.6.12 to 6.2.7.

Firewall

Bug ID	Description
474612	SNAT is using low ports below 1023 for NTP.
611781	Search option on IPv4 policy page not working; after typing in the search bar, no results are displayed.
616220	ICMP reply packets are dropped by the FortiGate.
643446	Fragmented UDP traffic is silently dropped when fragments have different ECN values.
661014	FortiCarrier has GTP dropped packet log after configuring GTP allow list.
675353	Security policy (NGFW mode) flow-based UTM logs are still generated when policy traffic log is disabled.
682956	ISDB is empty/crashes after upgrading from 6.2.4/6.2.5 to 6.2.6.
683426	No hit counts on policy for DHCP broadcast packets in transparent mode.
683604	When changing a policy and creating a firewall sniffer concurrently, there is traffic that is unrelated to the policy that is being changed and matching the implicit deny policy. Some IPv4 firewall policies were missing after the change.
699785	Firewall performance may degrade when thousands of VIPs are configured.

FortiView

Bug ID	Description
628225	Compromised Hosts dashboard cannot show data if FortiAnalyzer is configured using the FQDN address in the log setting. FortiAnalyzer configured with an IP address does not have this issue.

GUI

Bug ID	Description
592854	An address created by the VPN wizard cannot save changes due to an incorrect validation check for parentheses, (), in the Comments field.
593860	When central management is enabled, users can bypass GUI read-only restrictions and apply policy changes.
601879	When logging in to the dashboard after a factory reset, the dashboard displays The web page cannot be found.
631041	Adding an RSSO group to the firewall policy does not enable RSSO on the policy.
639617	On Explicit Web Proxy Policy page, unable to change Outgoing Source IP option from IP Pools to Proxy Default or Original Source IP. CLI does not have this issue.
650708	When the client browser is in a different time zone from the FortiGate, the Guest Management page displays an incorrect expiry time for guest users. The CLI returns the correct expiry.
654626	Unable to change the action setting of Freeware and Software Downloads using the FortiGuard Category Based Filter of the DNS filter profile.
655255	FortiGuard resource retrieval delay causes GUI pages to respond slowly. Affected pages include: Firewall Policy, Settings (log and system), Explicit Proxy (web and FTP), System Global, and System CSF.
656599	Automation CLI script should support setting an administrator profile to restrict access.
656668	On the System > HA page, GUI tooltip for the reserved management interface incorrectly shows the connecting IP address instead of the configured IP address.
661703	High latency accessing Security Fabric > Physical Topology/Logical Topology pages in Firefox.
662640	Some GUI pages (dashboard, topology, policy list, interface list) are slow to load on low-end platforms when there are many concurrent HTTPSD requests.
665597	User credentials test from web UI and CLI are inconsistent.
666500	The Confirm version downgrade warning message is not displayed when a user downgrades firmware between minor patch release versions using the manual upload option. Firmware downgrades from FortiGuard do not have this issue.
667863	GUI does not display FortiSwitch ports when multiple FortiLink interfaces are configured. FortiOS 6.4.0 and later supports multiple FortiLink configurations via the GUI.
672906	GUI does not redirect to the system reboot progress page after successfully restoring a configuration.
689605	On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.
691277	When logs are retrieved from FortiAnalyzer, the GUI displays the same traffic logs for primary and secondary HA devices.

HA

Bug ID	Description
540600	The HA `hello-holddown` value is divided by 10 in the hatalk daemon, which makes the `hello-holddown` time 10 times less than the configuration.
609631	Both nodes in HA simultaneous reboot when `gtp-enhance-mode` is enabled or disabled.
627851	After the HA peer node has been replaced, there needs to be a way to reset the HA health status back to OK.
650624	HA GARP sending was delayed due to lots of transceiver reading.
652507	Sessions with `syn_ses` flags are not synced after reboot.
653095	Inband management IP connection breaks when failover occurs (only in virtual cluster setup).
657376	VLAN interfaces are created on a different virtual cluster primary instead of the root primary do not sync.
678309	Cluster is out of sync because of `config vpn certificate ca` after upgrade.
690248	Malicious certificate database is not getting updated on the secondary unit.
693223	hasync crashes with signal 11 in `ha_same_fosver_with_manage_master`.

Intrusion Prevention

Bug ID	Description
657541	On FG-80D, the IPS engine daemon count drops to 0 when the CPU number is 4.
668631	IPS is constantly crashing, and ipshelper has high CPU when IPS extended database has too many rules (more than 256) sharing the same pattern. Affected models: SoC3-based FortiGates.
686301	ipshelper CPU spikes when configuration changes are made.
689259	Flow-based AV scanning does not send specific extension files to FortiSandbox.
689590	IP quarantine is not working on FG-80D.
691395	Signature false positives causing outage after IPS database update.

IPsec VPN

Bug ID	Description
566076	IKED process signal 11 crash in an ADVPN and BGP scenario.
597246	When disabling and re-enabling OCVPN after HA failover, the IPsec tunnel cannot be established.
631804	OCVPN errors showing in logs when OCVPN is disabled.
638352	In extreme situations when thousands of tunnels are negotiating simultaneously (IKEv2), iked process gets exhausted and stuck.
642543	IPsec did not rekey when keylife expired after back-to-back HA failover.
650599	IKE HA sync truncates phase 2 options flags after the first eight bits.
655895	Unable to route traffic to a spoke VPN site from the hub FortiGate when the dialup IPsec VPN interface is dual stacked (IPv4/IPv6).
666693	If NAT-T IP changes, the dynamic IPsec spoke add route entry is stuck on the hub.
678800	Kernel may crash on link event update with `net-device` enabled.
684133	Site-to-site IPsec VPN cannot establish in asymmetric routing scenario where the IPsec VPN bound interface is a loopback interface.
687749	iked HA sync crashed on secondary with authenticated user group in firewall policy.
691878	Creating or updating a user with two-factor authentication causes dialup VPN traffic to stop.
694992	Issue establishing IPsec and L2TP tunnel with Chromebook behind NAT.
710961	Hub is dropping packets due to `Failed to find IPsec Common` after upgrading from 6.2.6 to 6.2.7.

Log & Report

Bug ID	Description
623471	FortiGate did not change the time after daylight saving time.
654363	Traffic log shows Policy violation for traffic hitting the allow policy in NGFW policy mode.
667274	FortiGate does not have log disk auto scan failure status log.
675347	When searching for some rarely-found logs within a large volume of logs, there is a long period of time before the results are returned. During the waiting period, if any new requests arrive, the old search session cannot be cleared. There is then a risk that multiple processes exist together, which may cause performance issues.
677540	First TCP connection to syslog server is not stable.
682444	No event log generated when log disk needs format.
694296	Memory leak issue in miglogd when log daemon has connection issue or FortiAnalyzer setting changes.
710344	Reliable syslog is sent in the wrong format when flushing the logs queued in the log daemon when working in TCP reliable mode.

Proxy

Bug ID	Description
603195	Multiple WAD crashes with signal 11.
633108	When FOH server is disconnected from a HTTP session, the HTTP session client port peer is not cleared. After this, the HTTP client port shutdown causes a crash because the peer port is freed.
655356, 660857	Proxy deep inspection fails if server uses TLS 1.3 cookies or record padding.
661063	If a client sends an RST to a WAD proxy, the proxy can close the connection to the server. In this case, the relatively long session expiration (which is usually 120 seconds by default) could lead to session number spikes in some tests.
675525	No WAD sessions displayed when running `diagnose wad filter`.
680651	Memory leak when retrieving the thumbnailPhoto information from the LDAP server.
681134	Proxy-based SSL certification inspection session hangs if the outbound probe connection has no routes.
693951	Cannot access Java-based application in proxy mode.

Routing

Bug ID	Description
579884	VRF configuration in WWAN interface has no effect after reboot.
628896	DHCP relay does not match the SD-WAN policy route.
687034	bgpd memory leak if running BGP on 6.2.7 and 6.4.4.
692241	BGP daemon consumes high CPU in ADVPN setup when disconnecting after socket writing error.

Security Fabric

Bug ID	Description
649556	FortiNAC requests to FortiGate can timeout on low-end models when there are many concurrent requests.
660624	FortiAnalyzer Cloud should be taken into consideration when doing CLI check for CSF setting.

SSL VPN

Bug ID	Description
602480	Use jQuery to customize FortiGate SSL VPN log in page.
608195	AngularJS web application cannot load via SSL VPN web mode.
610905	SSL VPN bypassing logon count limit with different case in user name.
610995	SSL VPN web mode gets error when accessing internal website at https://st*.st*.ca/.
619296	FortiGate reverts default values of text on buttons in SSL VPN log on page.
620946	All sslvpnd daemons use 99.9% CPU when policy is being updated.
628597	Unable to load the SSL VPN bookmark internal website, https://fi***.co.nz.
646339	SSL-SSH inspection profile changes to `no-inspection` after device reboots.
649197	Unable to use editor in Atlassian internal Confluence portal over SSL VPN web mode.
659322	SSL VPN will disconnect all connections after new address is added to IP pool.
661290	https://mo***.be site is non-accessible in SSL VPN web mode.
662042	The https://outlook.office365.com and https://login.microsoft.com websites cannot be accessed in the SSL VPN web portal.
662871	SSL VPN web mode has problems accessing some pages on FortiAnalyzer 6.2.
670731	Internal application server/website bookmark (https://*...:***/nexgen/) not working in SSL VPN web mode.
672743	sslvpnd segmentation fault crash due to old DNS entries in cache that cannot be released if the same results were added into the cache but in a different order.
673320	Pop-up window does not load correctly when accessing internal application at https://re*.wo*.nl using SSL VPN web mode.
677167	SSL VPN web mode has problem accessing Sapepronto server.
678132	SSL VPN web portal SSO credentials for alternative option are not working.
680711	Unable to access OWA web server on mobile device in SSL VPN web mode.
681764	Video could not load for https://le*.sm*.ca in SSL VPN web mode.
683601	Changing DNS or WINS server under VPN SSL settings logs off connected users.
685269	SSL VPN web mode is not working properly for aw*.co*.com website.
688023	SSL VPN bookmarked website shows empty page after logging in to SSL VPN gateway https://vd*.vi*.com.
696009	Tunnel IP pool leak when DTLS tunnel user session is deleted due to timeout (idle or authentication).
706270	sslvpnd `signal 11 (Segmentation fault) received` caused by a pointer arithmetic error.

Switch Controller

Bug ID	Description
700842	FortiSwitch MAC delete logs are not being generated.

System

Bug ID	Description
488400	FGFM sessions timeout when the sessions between two non-VLAN ID EMAC VLANs are offloaded.
521213	Read-only administrators should be able to run `diagnose sniffer packet` command.
564477	VLAN switch creation fails every other time on FG-140D-POE.
584622	SNMP trap cannot display FortiGate model in OSPF trap information.
598527	ISDB may cause crashes after downgrading FortiGate firmware.
618158	DHCP client cannot get IP address when NTP server option in DHCP server settings is set to Same as System NTP.
620902	Application fgfmsd crashed and signal 11 received `__cmdb_config_write_by_fname + 0x01cd`.
627629	DHCP client sent invalid DHCPREQUEST format during INIT state.
628642	Issue when packets from the same session are forwarded to each LACP member when NPx offloading is enabled.
642005	FortiGate does not send `service-account-id` to FortiManager via fgfm tunnel when FortiCloud is activated directly on the FortiGate.
643033	`get system interface transceiver port1` should return RX power and TX power for all Ch0[1-4] with a 0 value or N/A when the admin port is down on one side and the link status is down.
644616	NP6 does not update session timers for traffic IPsec tunnel if established over one pure EMAC VLAN interface.
650878	DHCP relay will honor the broadcast flag set to 0 (unicast) in only one VDOM at a time in a multi-VDOM environment.
654131	No statistics for TX and RX counters for VLAN interfaces.
659539	FortiGate running 6.2.7 GA cannot validate license via FortiManager due to FortiManager hardware missing Fortinet_CA2 and Fortinet_SUBCA2001.
664279	snmpd crashes when sorting a list-based ARP table if it has about 50,000 or more entries.
665332	When VDOM has large number of VIPs and policies, any firewall policy change causes cmdbsvr to become busy and use high CPU.
665550	Fragmented UDP traffic does not assemble on the FortiGate and does not forward out.
666418	SFP interfaces on FG-330xE do not show link light.
667722	VLAN interface created on top of a 10 GB interface is not showing the actual TX/RX counters.
668856	Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped.
668856	Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped.
669914	No statistics for TX and RX counters for VLAN interfaces.
670897	Update GTP code to be compatible with newer versions (GTPv1 and GTPv2).
670962	Packet loss occurs when traffic flow between VLAN interfaces is created under 10G LACP link.
672011	LTE DHCP IP addressing not installed in the routing table.
672183	UDP 4500 inter-VDOM traffic is not offloaded, causing BFD/IPsec to drop.
673263	High memory issue is caused by heavy traffic on the VDOM link.
673609	The auto-join FortiCloud re-try timer 600 second value is too large.
673918	Read-only administrator with packet capture read-write permission cannot run `diagnose sniffer` command.
675171	L2TP enabled status should be configured before EIP and SIP.
677568	Failed to parse `execute restore config` properly when the command is from a FortiManager script.
678809	dhcpd crashes with signal 6 because the timer is not canceled before calling the free release function.
680881	Rebooting device causes interface mode to change from static to DHCP.
686442	Traffic was stopped because PBA IP pool has the wrong relationship information.
690797	Huawei E8372h-320 LTE modem does not receive IP on FG-30E.
693757	Secondary FG-5001D blades in SLBC cluster do not show updated contract dates.
698014	When running `execute speed-test` command, it shows all VLAN and SSL interfaces from other VDOMs.

User & Device

Bug ID	Description
643191	FSSO TS-Agent is not working properly when FortiGates use NGFW policy-based mode.
658794	FortiGate sent CSR certificate instead of signed certificate to FortiManager when retrieve is performed.
662391	Persistent sessions for de-authenticated FSSO users.
675226	The `ssl-ocsp-source-ip` setting not configurable in non-management VDOMs.
675539	FSSO collector status is down, despite that it is reported as connected by authd in a multi-VDOM environment.

VM

Bug ID	Description
627106	FG-VM64 console shows `hw csum failure` for VLAN interface on mlx5_core PF.
711525	FG-VM-AWS PAYG instance randomly loses license after reboot.

Web Filter

Bug ID	Description
593203	Cannot enter a name for the web rating override or save it due to name input error.
668325	Hanging FortiGuard connection is not torn down in some situations.
676403	Replacement message pictures (FortiGuard web filter) are not displayed in Chrome.
678467	Safe search URL option is not working while the original query in Google Images has the same parameter name.

WiFi Controller

Bug ID	Description
621346	Dynamic VLAN on SSID cannot pass traffic through FG-100F/101F and FG-60F/61F when offloading is enabled.
698961	FWF-60F/61F and FWF-40F encounters kernel panic (`LR is at capwap_find_sta_by_mac`) when one managed FortiAP is authenticating WiFi clients.
707635	AP with MAC E0-23-FF not coming online through mesh with FortiWiFi radio set to root.

Znane problemy do rozwiązania:

DNS Filter

Bug ID	Description
582374	License shows expiry date of `0000-00-00`.

Explicit Proxy

Bug ID	Description
540091	Cannot access explicit FTP proxy via VIP.

Firewall

Bug ID	Description
654356	In NGFW policy mode, sessions are not re-validated when security policies are changed. Workaround: clear the session after policy change.

Bug ID

Description

654356

In NGFW policy mode, sessions are not re-validated when security policies are changed.

Workaround: clear the session after policy change.

FortiView

Bug ID	Description
635309	When choosing to view Compromised Hosts, FortiGate returns an error 500 when FQDN is set in `config log fortianalyzer setting`.
673225	FortiView Top Traffic Shaping widget does not show data for outbound traffic if the source interface’s role is WAN. Data is displayed if the source interface’s role is LAN, DMZ, or undefined.

GUI

Bug ID	Description
354464	Antivirus archive logging enabled from the CLI will be disabled by editing the antivirus profile in the GUI, even if no changes are made.
514632	Inconsistent reference count when using ports in HA `session-sync-dev`.
529094	When creating an anti-spam block/allowlist entry, Mark as Reject should be grayed out.
535099	The SSID dialog page does not have support for the new MAC address filter.
541042	Log viewer forwarded traffic does not support multiple filters for one field.
584915	OK button missing from many pages when viewed in Chrome on an Android device.
584939	VPN event logs are incorrectly filtered when there are two Action filters and one of them contains „–„.
602102	Warning message is not displayed when a user configures an interface with a static IP address that is already in use.
602397	Managed FortiSwitch and FortiSwitch Ports pages are slow to load when there are many managed FortiSwitches.
621254	When creating or editing an IPv4 policy or address group, firewall address searching does not work if there is an empty wildcard address due to a configuration error.
664007	GUI incorrectly displays the warning, Botnet package update unavailable, AntiVirus subscription not found., when the antivirus entitlement is expiring within 30 days. The actual botnet package update still works within the active entitlement duration.
672599	After performing a search on firewall Addresses, the matched count over total count displayed for each address type shows an incorrect total count number. The search functionality still works correctly.
682440	On Firewall Policy list, the tooltip for IP Pool incorrectly shows Port Block Allocation as being exhausted if there are expiring PBAs available to be reallocated.
688994	The Edit Web Filter Profile page incorrectly shows that a URL filter is configured (even though it is not) if the URL filter entry has the same name as the web filter profile in the CLI.

HA

Bug ID	Description
695067	When there are more than two members in a HA cluster and the HA interface is used for the heartbeat interface, some RX packet drops are observed on the HA interface. However, no apparent impact is observed on the cluster operation. Workaround: do not use the HA interface as a heartbeat interface.
700271	Non-hyperscale license system’s secondary device responds to ARP queries. Affected platforms: all NP7 platforms (FG-180XF, FG-260XF, FG-420XF, FG-440XF) that were released on 6.2.6.

Intrusion Prevention

Bug ID	Description
565747	IPS engine 5.00027 has signal 11 crash.
590087	When IPS pcap is enabled, traffic is intermittently disrupted after disk I/O reaches IOPS limit.

IPsec VPN

Bug ID	Description
644780	Rectify the consequences if password renewal on FortiClient is canceled.

Log & Report

Bug ID	Description
606533	User observes `FGT internal error` while trying to log in or activate FortiGate Cloud from the web UI.
713014	Cannot perform disk scan after enabling disk raid.

Proxy

Bug ID	Description
604681	WAD process with SoC SSL acceleration enabled consumes more memory usage over time, which may lead to conserve mode. Workaround: disable SoC SSL acceleration under the firewall SSL settings.

Bug ID

Description

604681

WAD process with SoC SSL acceleration enabled consumes more memory usage over time, which may lead to conserve mode.

Workaround: disable SoC SSL acceleration under the firewall SSL settings.

REST API

Bug ID	Description
584631	REST API admin with token unable to configure HA setting (via login session works).
663441	REST API unable to change status of interface when VDOMs are enabled.
714075	When CORS is enabled for REST API administrators, POST and PUT requests with body data do not work with CORS due to the pre-flight requests being handled incorrectly. This only impacts newer browser versions that use pre-flight requests.

Routing

Bug ID	Description
537354	BFD/BGP dropping when `outbandwidth` is set on interface.

Security Fabric

Bug ID	Description
614691	Slow GUI performance in large Fabric topology with over 50 downstream devices.

SSL VPN

Bug ID	Description
505986	On IE 11, SSL VPN web portal displays blank page title {{::data.portal.heading}} after authentication.

Switch Controller

Bug ID	Description
588584	GUI should add support to allow using switch VLAN interface under a tenant VDOM on a managed switch VDOM.
605864	If the firewall is downgraded from 6.2.3 to 6.2.2, the FortiLink interface loses its CAPWAP setting.

System

Bug ID	Description
464340	EHP drops for units with no NP service module.
578031	FortiManager Cloud cannot be removed once the FortiGate has trouble with contract.
600032	SNMP does not provide routing table for non-management VDOM.
607565	Interface `emac-vlan` feature does not work on SoC4 platform.
694202	`stpforward` does not work with LAG interfaces on a transparent VDOM.
695803	Unable to reorder firewall DoS policy in GUI or CLI.

Upgrade

Bug ID Description

658664

Bug ID	Description
658664	FortiExtender status becomes `discovered` after upgrading from 6.0.10 (build 0365). Workaround: change the `admin` from `discovered` to `enable` after upgrading. config extender-controller extender edit <id> set admin enable next end

FortiExtender status becomes discovered after upgrading from 6.0.10 (build 0365).

Workaround: change the admin from discovered to enable after upgrading.

config extender-controller extender
    edit <id>
        set admin enable
    next
end

User & Device

Bug ID	Description
595583	Device identification via LLDP on an aggregate interface does not work.

VM

Bug ID	Description
587757	FG-VM image unable to be deployed on AWS with additional HDD (st1) disk type.
596742	Azure SDN connector replicates configuration from primary device to secondary device during configuration restore.
605511	FG-VM-GCP reboots a couple of times due to kernel panic.
608881	IPsec VPN tunnel not staying up after failing over with AWS A-P cross-AZ setup.
640436	FortiGate AWS bootstrapped from configuration does not read SAML settings.
668625	During every FortiGuard UTM update, there is high CPU usage because only one vCPU is available.

WiFi Controller

Bug ID	Description
676689	RADIUS traffic not matching SD-WAN rule when using wpad daemon for wireless connection.

Notatki producenta: FortiOS 6.2.8

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Post Views: 2 004

6.2.8 FortiGate FortiOS FortiOS 6.2.8