Fortinet opublikował nową wersję FortiClient EMS oraz FortiClient – 7.2.0! EMS 7.2 wprowadza funkcję zarządzania certyfikatami, która umożliwia łatwe tworzenie, przechowywanie i używanie certyfikatów dla różnych usług EMS w sposób scentralizowany. Pojawił się również Connector AD – który ma na celu ulepszenie architektury EMS do użytku w środowiskach chmurowych. Dodatkowo pojawiło się również wsparcie dla FortiAnalyzer Cloud, integracja z FortiPAM oraz kilka nowości dotyczących reguł ZTNA.
Nowe funkcjonalności w 7.2.0:
- Wildcard support for ZTNA FQDN rules
- Logging to FortiAnalyzer Cloud
- FortiGate ZTNA service portal support
- Inline CASB solution for SaaS applications
- FortiPAM integration
- FortiEDR Zero Trust tagging rule and visibility
- Selecting closest gateway for VPN connection
- Improved certificate UX
- AD connector
- Authentication server configuration for onboarding
Rozwiązane problemy (FortiClient EMS 7.2.0):
|Log viewer fails to check for license expiration: type object
'License' has no attribute
|FortiClient Cloud displays license expiry error when license has not expired.
|EMS crashes after user applies incorrect license.
|Non-default site sends
LIC_ED|0| to FortiClient.
|FortiClient shows as disconnected and license for all multitenancy sites are removed and returned to global site after upgrading EMS from 7.0.7 to 7.2.0.
|LDAP configuration persists in EMS multitenancy global/default/non-default administration users.
|EMS displays no administrators found error.
|EMS console times out. Inactivity timeout logs off administrator despite EMS activity.
|Active Directory (AD) connector fails to start after upgrade from 7.0.7 to 7.2.0 if authentication credential expired.
|EMS does not remove dashboard outbreak alerts when endpoint disconnects.
|Authorized user group name is not full path.
|Delete SAML configuration message shows incorrect active users.
|The DELETE statement conflicts with the REFERENCE constraint
|Authorized groups do not work with SAML verification.
|Off-fabric FortiClient certificate serial number does not sync to FortiOS.
|FortiClient Cloud does not allow enabling Enforce User Verification.
|EMS displays notification: Failed to send email alerts. Please check SMTP server configuration.
|EMS does not process uploaded software inventory.
|EMS displays third-party features section for non-Windows endpoints.
|EMS shows clients as unprotected if they have third-party antivirus.
|EMS has inaccurate dashboard widget results for endpoints with Windows operating systems.
|The multipart identifier
cs.is_missing cannot be bound.
|EMS always reports device state as managed in verified and unverified user table even after FortiClient unregisters from EMS.
|EMS clears all entries after upgrade and does not allow traffic for some users.
|Policy is out of sync when moving endpoints using group assignment rules.
|EMS reports endpoint vulnerability when Vulnerability Scan is not installed on endpoint.
|Group assignment rules Run Rules Now option does not work.
|EMS fails to download PDF report of on-premise FortiSandbox events.
|EMS shows endpoints duplicated in multiple groups after EMS upgrade.
|EMS displays error during AD sync when an organizational unit’s old ancestor is deleted from the domain.
|Malware Protection profile antiexploit application list includes applications that FortiClient does not support.
|EMS does not send FortiClient status changes via syslog.
|Web Filter profiles are mismatched between EMS and FortiGate for cryptomining category.
|Profile GUI is blank.
|FortiClient blocks all USB sticks after adding revision in Malware Protection profile.
|Deadlocks on Users and Forticlients_users table.
|Upgrade from 7.0.4 to 7.0.6 fails.
|EMS fails to update EOAP signatures: type object
ComplianceVerificationRuleSet has no attribute
|User cannot access FortiClient Cloud.
|EMS generates a generic error on high availability (HA) backup.
|EMS shows error while trying to restore backup.
|Software Inventory filter and sort actions in heading do not work.
|EMS user can import the same zero trust tagging rules multiple times by clicking Import button multiple times.
|FortiClient cannot connect to EMS after upgrade from 7.0.2 to 7.0.7.
|Only FortiClient 7.0.7 appears in installers list. EMS shows no custom installers.
|EMS should calculate zero trust network access (ZTNA) rules.
|Endpoint does not get correct zero trust network access tag.
|Endpoint is still tagged with threat ID rule after clearing firewall events.
|EMS shows hosts with indicators of compromise for Ransomware Evil (REvil) but shows details as No REvil_IOC_registry_key – Compromised Endpoints (0) Found.
|EMS receives network information but does not send it to FortiGates.
|EMS does not tag some endpoints with AD group after disabling Evaluate on FortiClient on the rule.
|When a rule set has an AD FortiClient-based rule and at least one non-FortiClient rule of any type, the AD rule is not loaded.
|FortiClient registered with EMS IP address does not deregister from EMS when administrator enforces invitation-only registration for all endpoints.
|FortiClient fails to register with EMS when Enforce invitation-only registration for is enabled.
|EMS stops allowing client connections.
|EMS sends malformed SAML URL to FortiClient.
|spUpdateIPList and trigger_users_UPDATED errors.
|Let’s Encrypt ACME certificate request fails due to port 80 on autotest system.
|EMS reports vulnerability to web server dictionary indexing/dictionary directory listing attack.
|Multiple FortiClient records share the same token ID.
Rozwiązane problemy (FortiClient 7.2.0):
|FortiClient (Windows) cannot show normal webpage of real Internet server (Dropbox) with zero trust network access (ZTNA).
|ZTNA TCP forwarding fails to work when FortiClient console is closed.
|FortiClient does not send
CERT_REQ after receiving certificate revoke command from EMS.
|ZTNA client certificate is missing in user certificate manager.
|GUI returns blank page after install.
|German GUI shows realtime scan events as detected virus threats.
|FortiClient (Windows) shows Remote Access tab when administrator configured it to be hidden.
|GUI becomes blank.
|FortiClient (Windows) garbles Chinese name display.
|Endpoint summary reports FortiClient (Windows) antivirus software as third-party feature.
|FortiClient Cloud is unaware of UID change when it sends a new UID to FortiClient.
|After FortiClient (Windows) status is off-Fabric, Web Filter service start is delayed.
|Logging does not work after ZTNA logging is enabled in System Settings profile.
|FortiClient reports incorrect Windows version to EMS.
|FortiClient (Windows) does not reconnect to EMS after deployment over VPN.
|Option to hide Application Firewall in FortiClient (Windows) GUI does not work.
|Endpoint tries to use ZTNA certificate when ZTNA option is disabled.
|FortiClient (Windows) does not send ADGUID.
|EMS does not display user information details from Active Directory (AD) domain.
|Single sign on configuration tool does not generate preshared key and server information in the installer.
|Upgrade does not upgrade AV engine as deployed through an EMS installer.
|FortiClient loses Telemetry connection and does not reconnect when administrator assigns the endpoint to a new group with a different installer.
|Upgrading FortiClient from 7.0.6 to 7.0.7 fails when it is registered to EMS.
|FortiClient upgrades to include full features when it should not.
|FortiClient loses all tags after deployment.
|After PC reboot, FortiClient repeatedly tries to log in with SAML when EMS is disconnected.
|User in AD group zero trust tag does not tag users in security groups.
|Zero trust tagging rule set syntax to check registry key value is unclear.
|AV Signature is up-to-date rule not does count days.
|jar file detection does not support YARA rule.
|Vulnerability compliance check includes Python vulnerability for all applications.
|FortiClient (Windows) has issues connecting to EMS after upgrade.
|FortiClient (Windows) fails to allow login with Google, LinkedIn, or Salesforce.
enable_manually_entering parameter does not work.
|FortiClient (Windows) reports system user changes to EMS inconsistently.
|FortiClient (Windows) cannot unquarantine endpoint with one-time access code.
|FortiClient (Windows) does not generate local logs for ZTNA.
|FortiClient (Windows) logs disconnecting from SSL VPN to FortiAnalyzer as a connection in security event logging.
|Corporate endpoints experience BSOD after FortiClient installation. Non-corporate endpoints do not experience BSOD.
|FortiClient (Windows) does not always get IPv4 address from https://ipify.org.
Znane problemy do rozwiązania (FortiClient EMS 7.2.0):
|Drilldown on macOS vulnerability includes unrelated vulnerabilities.
|Vulnerability count on vulnerability widgets does not match the actual number of vulnerabilities.
|User cannot change
|Setting Vulnerability Scan patch status to Not does not work.
|EMS does not save
<temp_whitelist_timeout> in an endpoint profile.
|Backing up configuration files on FortiClient Cloud results in import errors.
|Web Filter profile synced from FortiGate keeps disabled status links in the exception list.
|EMS includes Removable Media Access feature when using ZTNA user-based license.
|Non-default site’s License information page shows irrelevant license information.
|EMS does not show A new license has been detected… if synced with FortiCloud account.
|Allocating license to site resets if changes are done to default site license.
|Multitenancy-enabled EMS removes license from multiple sites.
|EMS shows features for future license.
|FortiClient Cloud connection fails during HA failover.
|EMS does not recognize disabling Use FortiManager for client software/signature updates > Failover.
|FortiGuard services setting for FortiManager selector switch shows as disabled after configuring and logging out of EMS.
|User cannot disable Delete Timeout option.
|EMS does not send email alerts for AD events.
|FortiClient cannot connect to FortiClient Cloud.
|FortiClient EMS is missing update daemon logs.
|EMS does not send FortiClient logon message offline to syslog server (FortiAuthenticator).
|Permission Denied : Your permissions might have been updated error message displays for all admin roles.
|Deleting large domain quickly fails.
|Possible slow httpd file handle leak.
|spHAKeepAlive deadlock causes failover.
|With always on high availability (HA) on multitenancy-enabled in multisubnet environment, FCEMS_monitor stops and EMS loses all configured license seats.
|The \\FCM_Default_Filesync\\ directory increases in size until space is exhausted. This causes the EMS consoles to change nodes.
|ZTNA status display should be updated in endpoint details.
|ZTNA service portal does not allow for external browser for SAML authentication.
FCKARPLY: CONT|0 if DAS cannot access the database.
|GUI does not show quarantine files or shows inconsistent ones.
|Patching a vulnerability for a specific endpoint patches it on others.
|License widget shows Forensic license as NaN used of X when no license is in use.
|EMS deployment only shows domain netbios name under endpoint groups.
|Deselecting an item from item list removes the deselected item.
|EMS fails to update email address from personal information form in FortiClient.
|With multiple sites, EMS fails to display FortiGuard outbreak detection rules downloaded from FDS.
|User cannot log in to FortiClient Cloud if they are using the same browser for login to on-premise EMS.Workaround: Clear the browser client cache or use a different browser.
|User cannot call APIs in FortiClient Cloud.
Workaround: Clear the browser client cache or use a different browser.
|Browser causes FortiClient Cloud issues.
|FortiClient Cloud does not include packaged installer when sending email invitation.
|EMS is missing newly added signature information in FortiGuard signature information page.
Znane problemy do rozwiązania (FortiClient 7.2.0):
|FortiClient Cloud application signatures block allowlisted applications.
|Threat ID is 0 on Firewall Events.
|FortiClient loses several packet on different internal resources after connecting telemetry.
|FortiClient blocks PIA VPN.
|FortiClient (Windows) blocks Veeam with messages related to Remote.CMD.Shell and VeeamAgent.exe.
|Application Firewall slows down opening of Microsoft Active Directory Users and Computers application.
|FortiClient backs up configuration that is missing locally configured ZTNA connection rules.
|Updating endpoint status from endpoint notified to deployed takes a long time.
|FortiClient shows all feature tabs without registering to EMS after upgrade.
|After administrator selects Mark All Endpoints As Uninstalled, FortiClient (Windows) connected with verified user changes to unverified user.
|FortiClient fails to send username to EMS, causing EMS to report it as different users.
|EMS displays no user for some devices.
|EMS shows endpoints as offline, while they show their own status as online.
|LDAP query for Active Directory group check does not execute.
|EMS does not show third-party features in endpoint information.
|EMS remembered list shows FQDN duplicates.
|FortiClient cannot get tenant ID after EMS administrator deploys FortiClient 7.2.0 over 7.0.7 from the EMS server.
|EMS considers the endpoint as on-Fabric when it does not meet all rules in an on-Fabric detection rule set.
|Inverse selection with ! does not work for deployment package, profile, and features under All Endpoints view.
|Console stops working on Citrix servers with ntdll.dll crash.
|Windows Security setting in Windows displays FortiClient is snoozed when FortiEDR is installed.
|FortiDeviceGuard is not installed on Windows Server 2022.
|Zero trust tag rule for Active Directory group does not work when registering FortiClient to EMS with onboarding user.
|Sandbox does not release blocked file.
|FortiClient does not allow virtual CD-ROM device.
|GUI shows ransomware quarantined files after restoration via EMS.
|Antiexploit blocks Chrome without sharing payload details.
|FortiClient (Windows) does not block phone mobile storage when default removable media access is set to block.
|FortiClient (Windows) does not block USB drive with attempt to copy contents even if WPD/USB is set to block in profile.
|Windows 10 security center popup shows FortiClient and Windows Defender are off.
|AV scan exclusion list does not work for shared/network drive files.
|FortiClient (Windows) cannot detect SentinelOne when they have product on OS level.
|Antiexploit protection blocks Microsoft signing application in Chrome.
|FortiClient wrongly detects AnyDesk vulnerabilities CVE-2021-44426 and CVE-2021-44425.
|FortiClient detects wrong vulnerability in patched AutoCAD software.
|SSL VPN add/close action does not show on FortiGate Endpoint Event section.
|FortiClient (Windows) cannot send OS logs/system events to FortiAnalyzer.
|FortiClient (Windows) does not block malicious sites when Web Filter is disabled.
|Error revokes certificate accessing outlook.office365.com using Web Filter.
|Endpoint displays Microsoft Teams offline error.
|After FortiClient install, extended uptime results in audio cracking.
|Web Filter fails to activate when off-fabric.
|FortiClient blocks web browsing traffic which Web Filter allows.
|EMS fails to update email address for endpoint from personal information form in FortiClient (Windows).
|EMS does not show correct username if user logs in with Google or Linkedin cloud service or chooses user input.
|FortiClient avatar does not update on FortiOS dashboards and FortiOS cannot show updated information.
|FortiClient (Windows) loses license.
|FortiClient (Windows) does not send EMS tenant ID to FortiAuthenticator.
|Single sign-on mobility agent (SSOMA) does not send ID to FortiAuthenticator.
|Local account can access Internet if FortiClient SSOMA logged-in AD user locks the screen.
|FortiClient (Windows) may prioritize using user information from authentication user registered to EMS.
|FortiClient (Windows) does not show login prompt when installed with installer using LDAP/local verification.
|FortiClient has incompatibility with Fuji Nexim software.
|Windows does not boot up after Windows updates.
|FortiClient causes RPC service unavailable error and blank screen when trying to connect via RDP to the server.
Notatki producenta: FortiClient 7.2.0
Bezpieczeństwo w biznesie