FortiClient EMS 7.4.4 - B&B Bezpieczeństwo w biznesie

Fortinet udostępnił aktualizację FortiClient EMS 7.4.4, w której naprawiono kluczowe błędy zgłaszane przez administratorów. Rozwiązano m.in. problem z zawieszaniem się synchronizacji LDAP/AD, brak stosowania polityk opartych na grupach Azure AD oraz nieprawidłowe przypisywanie tagów postawy bezpieczeństwa do endpointów. Szczegóły dotyczące wszystkich poprawek dostępne będą poniżej.

Rozwiązane problemy:

Administration

Bug ID	Description
1138296	Admins with Manage Invitations permission cannot create invitations in EMS 7.4 due to an unexpected error.

Endpoint Management

Bug ID	Description
1095972	Local ad connector stuck at 1%.
1111936	Higher maximum limit for EMS license timeout setting.
1117228	LDAP sync fails due to long UPN char with the following error: error: mssql: The data for tablevalued parameter „@updated” doesn’t conform*.
1119648	EMS is showing SAM user name instead of UPN name for endpoints logged in with Azure account.
1135123	Unable to add LDAP admin and unable to import user/device from domain with the following error: Invalid idp guid.
1139290	EMS AD sync intermittently fails with bind parameter and Kerberos errors.
1139723	LDAP sync improvement: reduce number of binds.
1142865	EMS Cloud AD connector randomly goes offline and then comes online again.
1148779	(FortiClient EMS Windows) LDAP sync error „uq_users_uid_name_sid_saml_id_auth_type_upn_domain_id„.
1150306	Endpoints cannot be returned to original group after being moved to a custom group.
1150641	Ad connector gets stuck after LDAP connection timeout.
1152075	GUI inconsistency in reporting the sync progress for LOCAL AD domain.
1166665	LDAP sync fails due to special characters in user data.

Endpoint Policy and Profile

Bug ID	Description
1112386	EMS does not apply Azure user-group policies intermittently.
1136465	Error syncing web filter profile from FortiManager.
1142846	ZTNA application import enables UDP while the enable_udp option is set to FALSE.
1159904	Azure AD group-based policy assignments are not being applied: endpoints are receiving the default policy.

Endpoint control

Bug ID	Description
1140281	Existing HTML files of „send one-way message” using Japanese cannot be previewed due to an error.

Fabric Devices

Bug ID	Description
1142252	FortiGate fails to sync security posture tags from EMS, blocking compliant VPN users.
1169328	The firewall dynamic address table still keeps the IP/MAC even when VPN client is down.

GUI

Bug ID	Description
1153047	EMS vulnerability scan dashboard shows wrong number of affected endpoints.

Onboarding

Bug ID	Description
1126324	Cannot delete SAML configuration.
1139975	AD UPN matching case sensitivity for user verification with SAML authentication and domain authorization.
1147712	FortiClient cannot connect to EMS using AD accounts where SAMAccountName differs from UPN.
1163833	EMS Cloud: invitation emails lose installer link after a while.

Other

Bug ID	Description
1107278	Custom port numbers change when migrating from Windows Server-based EMS 7.2 to Linux-based 7.4.

Remote Access

Bug ID	Description
1138981	Dh group 31 is not available in EMS dhgroup: invalid value 31.
1160262	FortiClient continiously attempts to connect to machine prelogon tunnel after user is already logged in.

System Settings

Bug ID	Description
1159054	Tag removal issue for offline endpoints despite auto tag removal being enabled.

Upgrade

Bug ID	Description
1142806	Migrating 7.2.8 to 7.4.3 or upgrade 7.4.1 to 7.4.3 can sometimes fail when running the sqitch script that adds forensic tags.
995790	During the device upgrade check, duplicate Android devices are end up getting mistaken as duplicates and deleted in upgrade.
1195599	When FortiClient EMS 7.4.3 is installed on Ubuntu 22.04, upgrading Ubuntu to 24.04 will break the EMS database backup and restore function. FortiClient EMS 7.4.1 may be uninstalled after upgrading the Ubuntu OS from 22.04 to 24.04.

Bug ID

Description

1142806

Migrating 7.2.8 to 7.4.3 or upgrade 7.4.1 to 7.4.3 can sometimes fail when running the sqitch script that adds forensic tags.

995790

During the device upgrade check, duplicate Android devices are end up getting mistaken as duplicates and deleted in upgrade.

1195599

When FortiClient EMS 7.4.3 is installed on Ubuntu 22.04, upgrading Ubuntu to 24.04 will break the EMS database backup and restore function.

FortiClient EMS 7.4.1 may be uninstalled after upgrading the Ubuntu OS from 22.04 to 24.04.

Web Filter and Plugin

Bug ID	Description
1026115	Some web filter categories are not visible on EMS GUI for configuration.
1156273	EMS adds new XML tags to control FortiClient to force user to enabled „Allow in private” when the web filter plugin is enabled.

Zero Trust Network Access (ZTNA) Connection Rules

Bug ID	Description
1057009	EMS GUI page shows „mask must be null or an IPv4 formatted string” error message when creating a ZTNA Destinations profile.
1133163	Failed to create ZTNA application due to long FQDN.

Security Posture Tags

Bug ID	Description
1148269	In HA mode, EMS does not assign tags to the endpoint when connect to EMS after few days.
1152696	EMS 7.4.3 does not assign User in AD group tag to macOS endpoints.
1165567	Failure in saving security posture tags for certificate with special character in Issuer CN.

Notatki producenta: FortiClient EMS 7.4.4

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Post Views: 9

FortiClient FortiClient 7.4.4 forticlient ems FortiClient EMS 7.4.4 Fortinet