Producent oprogramowania Fortinet udostępnił aktualizację dla produktu FortiAuthenticator o numerze wersji 6.3.2. W najnowszej wersji rozwiązano problem braku możliwości zalogowania się do GUI. Rozwiązano także problem z automatyczną synchronizacją użytkowników LDAP w GUI z skonfigurowanym FortiTokenem która zwracała błąd. Po więcej ciekawych informacji o najnowszej wersji oprogramowania zapraszamy do dalszej części artykułu.
Co nowego w FortiAuthenticator 6.3.2:
Failure of FortiAuthenticator FSSO poller after installing Microsoft patches KB5003646 / KB5003638 / KB5003696 resolved
After installing Microsoft patches KB5003646/KB5003638/KB5003696 NT_STATUS_CONNECTION_DISCONNECTED, FortiAuthenticator event log poller fails. Applications accessing event logs on remote devices may be unable to connect. This issue may occur if the local or remote devices are yet to install updates released on June 8, 2021, or later. You may receive an error when attempting to connect, e.g., error 5: access is denied, error 1764: The requested operation is not supported, System.InvalidOperationException, and Microsoft.PowerShell.Commands.GetEventLogCommand.
Rozwiązane problemy:
Znane problemy:
| Bug ID | Description |
|---|---|
| 666880 | Hide the SNMP trap option for PSU monitoring for unsupported devices. |
| 601603 | CLI only supports configuring interfaces port1 – port4. |
| 666636 | Wrong group attributes indicator in RADIUS policy response table for EAP-TLS. |
| 637199 | Default usage profiles. |
| 615442 | No Kerberos ticket requests (negotiate) on encrypted HTTPS traffic from FortiAuthenticator. |
| 485396 | Sponsor/Admin can place created guest users into any group. |
| 588310 | FortiAuthenticator dropping FSSO login events from DC Agent on failed DNS resolution. |
| 673303 | Fine-grained menu content has misaligned pointer in SSO/General. |
| 630041 | FortiAuthenticator FSSO – TS Agent sessions are stuck at zero after server reboots until FSSOTA service is restarted. |
| 673319 | Admin cannot login to approve the self-registration when group filters are set without admin user in guest portal policy. |
| 652072 | LDAP user password expired, user not prompted for RSA Token code (chained Token Authentication). |
| 631600 | SCEP request by certmonger cannot be recognized by the automatic enrollment request. |
| 632629 | Smart Connect WPA2-Personal profile fails when WPA2-Enterprise settings are left in place. |
| 588346 | An expired certificate is delivered to WiFi authenticated users. |
| 632637 | Smart Connect missing the ability to forget an SSID. |
| 595012 | Ability to resize the column width manually by using mouse. |
| 628815 | Remote SAML user import from Azure AD fails authorization issue. |
| 602707 | Unable to add multiple alternate DNS names to certificate for user certificates. |
| 577877 | Allow bulk unlock for FortiToken mobile tokens. |
| 670811 | Issues related to remote SAML user import from Azure AD. |
| 606562 | FortiAuthenticator rejects certificate signing request from a FortiGate client with invalid password error. |
| 637028 | SSL connection fails in case when the certificate expired issue is not explicit enough. |
| 637290 | No FortiToken mobile push notification with Windows agent 3.0. |
| 670827 | FortiGate filtering stops any users sent to FortiGate even though users are member of a group/container. |
| 671345 | FortiAuthenticator Windows Agent prompts for token despite incorrect password and then does not prompt for user credentials again. |
| 657522 | SAML authentication fails when AD display name contains a coma (,) and the user has admin role. |
| 526202 | FortiAuthenticator does not check if the signature of CSR is valid. |
| 669054 | Unable to install FortiAuthenticator-VM-HV 6.2.0 on server 2012 R2. |
| 673151 | Domain controller query status shows failed even with successful queries. |
| 566145 | Usage Profile “TIME USAGE=Time used” is not triggering COA or disconnect request to FortiGate. |
| 660357 | FSSO FortiGate IP filter ignored when the global group pre-filter is enabled. |
| 669079 | HTTPS certificate chain is inconsistent/incorrect. |
| 646299 | Nutanix AHV KVM based Hypervisor FortiAuthenticator upgrade from 6.0.4 to 6.1.x hangs on “Waiting for Database”. |
| 666782 | If local CA is selected for EAP and no EAP server certificate is present on FortiAuthenticator, radiusd keeps crashing after upgrading to 6.2.0. |
| 589219 | Multiple DC’s kerberos traffic after FortiAuthenticator joining the domain with local DC. |
| 638374 | SCEP – Encryption/hash compatibility with clients. |
| 601520 | Recurrent log message: Portal was not found in the session, redirecting back to the entry point. |
| 668337 | Allowed hosts configuration through CLI not reflected in the GUI before reboot. |
| 544691 | Remote LDAP admins have no certificate bindings. |
| 645043 | GUI does not show cert UPN. |
| 592837 | Sponsor accounts can add guest user accounts to non-guest groups. |
| 666571 | “Portal was not found in the session” when registering guest with non-ASCII characters “Umlauts”. |
| 672987 | After upgrading FortiAuthenticator from 5.4 to 6.x Apple devices cannot load the FortiAuthenticator captive portal via the system pop-up only. |
| 634084 | Unable to export third party signed certificate with private key when CSR is generated locally on FortiAuthenticator. |
| 650215 | FortiAuthenticator Windows Agent 3.0 – New RDP connection by the same user unable to finish due to blank login screen. |
| 672750 | FortiAuthenticator randomly sends “Please enter correct credentials. Note password is case-sensitive” error when accessing the self-service portal. |
| 543729 | RADIUS client service not working after upgrade. |
| 668916 | Subdomain users can authenticate over FortiAuthenticator Agent installed on a workstation in the main domain without the token code. |
| 635893 | Change password not working with Checkpoint VPN when 2FA is enabled. |
| 655350 | The lockout policy does not appear to apply to username/token submissions to the /auth API endpoint. |
| 604156 | Packet captures on OCI often seem to be corrupt. |
| 604924 | SAML SSO/Proxy metadata download fails with “invalid_xml”. |
Notatki producenta: FortiAuthenticator 6.3.2
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie