Fortinet opublikował aktualizację dla produktu FortiMail. FortiMail 6.2.0 pozbawiony został błędów wykrytych w poprzedniej wersji firmware’u, wyeliminowano problemy związane z komunikacją pomiędzy serwerem LDAP a FortiMailem, wyeliminowano problem zbyt wysokiego zużycia zasobów maszyny. Wersja 6.2.0 jest wolna od podatności w jądrze Kernel. Wersja 6.2.0 jest pierwszym produktem nowej rodziny systemów, dlatego też aktualizacja ta przynosi sporo nowości. Zachęcamy do lektury!
Co nowego w wersji FortiMail 6.2.0?
- Aktywne usuwanie zagrożeń MS Office 365
- FortiMail może teraz wykonywać skanowanie wiadomości e-mail na żądanie w MS Office 365. Skanowanie w czasie rzeczywistym zostanie dodane w przyszłych wydaniach, do korzystania z tej funkcji wymagana jest specjalna licencja.
- Obsługa TLS 1.3
- Począwszy od wersji 6.2.0, TLS 1.3 jest obsługiwany dla dostępu HTTPS do FortiMail.
- Wsparcie SSO
- Oprócz poczty internetowej logowanie SSO jest teraz obsługiwane także przy logowaniu administratora.
- Metadane załączników
- Obsługa filtrowania DLP na podstawie metadanych załączników.
- Integracja GeoIP
- Możliwość użycia bazy danych GeoIP w zasadach IP do skanowania opartego na geografii. GUI wyświetla również informacje GeoIP.
- Interfejs API REST
- Dodano polecenia interfejsu REST API w celu zwolnienia wszystkich wiadomości e-mail z folderu kwarantanny. Dodano także polecenia dostępu do informacji na poziomie użytkownika (białe listy i czarne listy).
- Rozszerzenie puli IP
- Teraz możesz używać pul IP w regułach dostarczania ACL.
- Zarządzanie HA
- Aby ułatwić zarządzanie klastrami HA, informacje o systemie i statystyki poczty członków klastra można teraz monitorować na jednostce master. Logi jednostek klastra można również przeglądać z poziomu głównego urządzenia.
- Przycisk wyszukiwania
- Dodano przycisk wyszukiwania na stronach ACL, IP Policy i Recipient Policy.
Rozwiązane problemy:
Antispam/Antivirus/Content/Session
| Bug ID | Description |
|---|---|
| 569960 | DLP with profanity setting does not work. |
| 557805 | Regular expressions in DLP rules and content monitor do not match contents in HTML links. |
| 567801 | For URI protection scan, FortiMail and FortiSandbox Cloud have communication issues. |
| 568910 | BCC action in the content profile does not work if DSN email generation is disabled. |
| 567511 | Rewrite From in the session profile does not work if Header From is missing. |
| 563130 | In some cases, header manipulation may not work properly. |
| 569416 | Impersonation Analysis should not be bypassed for ACL rule match. |
| 568281 | Impersonation Analysis is bypassed when an email message contains multiple recipients. |
| 573097 | When using a customized file filter in a content profile, the .pub files are caught by the MS PowerPoint filter, instead of the MS Publisher filter. |
| 544827 | In some cases, low-risk URIs are not replaced as configured. |
| 546154 | Too many log messages are generated when encoding fails. |
| 551451 | Under Security > Quarantine > System Quarantine Setting, the account name field should only allow to enter the local part of an email address, not the entire email address. |
| 549961 | Not DKIM signature is generated when Mail From is empty but the Header From is not. |
| 549420 | False positive in DLP sensitive data scan. |
| 543019 | URI click protection removes Japanese characters. |
| 547671 | Dictionary profiles cannot detect and block banned words in Office 365 Word files. |
Mail Receiving/Delivery
| Bug ID | Description |
|---|---|
| 553478 | In some cases, received email is not delivered. |
| 556364 | Recipient Address Verification does not work when the internal mail server responds to SMTP connections with warning messages. |
| 565422 | SMTP connections timeout on incoming mail. FortiMail should send EOM responses after receiving all data. |
| 530592 | When both URI Click Protection and MS Office/PDF CDR are enabled, there will be milter exception error. |
| 542901 | When a large number of IBE users try to access their encrypted email simutaniously, some users may experience problems to register and access their email. |
System
| Bug ID | Description |
|---|---|
| 561924 | Nested LDAP groups deeper than two levels cannot be found. |
| 572514 | Error message when resetting an IBE user. |
| 565860 | After system reboot, IP pools fail to answer SMTP connections. |
| 498174 | LDAP alias expansion should not be case sensitive. |
| 551045 | In some cases, mailfiltered may cause high CPU usage on HA pairs. |
| 514185 | Under certain conditions, Cyrillic alphabets from some domains show incorrect encoding. |
| 558429 | Config-only HA members should not have the same entity IDs. |
| 554636 | FortiMail can be accessed from any IP address even if the IP address is different from the trusted host. |
| 574342 | After upgrading to 6.0.6 release, LDAP groups with access control policies stop working. |
| 572983 | The SNMPv3 EngineBoots parameter does not increment after system reboot. |
| 542637 | Fortinet VM appliance anti-exploit enhancement. |
| 551408 | Wrong certificate chain is supplied when the default certificate is chained and the IP pool is used. |
| 552607 | Real-only administrators cannot change their own passwords. |
| 544856 | Smtpqd memory leak. |
| 531263 | FortiMail cannot be added to the Fortinet Security Fabric anymore due to Fabric API changes. |
| 495407 | FortiMail to FortiGuard XOR encryption enhancement. |
Mail Receiving/Delivery
| Bug ID | Description |
|---|---|
| 553478 | In some cases, received email is not delivered. |
| 556364 | Recipient Address Verification does not work when the internal mail server responds to SMTP connections with warning messages. |
| 565422 | SMTP connections timeout on incoming mail. FortiMail should send EOM responses after receiving all data. |
| 530592 | When both URI Click Protection and MS Office/PDF CDR are enabled, there will be milter exception error. |
| 542901 | When a large number of IBE users try to access their encrypted email simutaniously, some users may experience problems to register and access their email. |
Admin GUI/Webmail
| Bug ID | Description |
|---|---|
| 563496 | Multiple attachments cannot be uploaded and sent properly in webmail. |
| 565536 | Under Security > Quarantine > Quarantine Report > Web release host name/IP, a port number cannot be added. |
| 556550 | Some columns of the policy table are not displayed properly. |
| 560618 | The system quarantine folder cannot be opened when the folder name contains Japanese characters. |
| 564553 | In some cases, the FotiSandbox statistics are not displayed properly under FortiView > Threat Statistics > FortiSandbox Statistics. |
| 554898 | Expired administrators are still displayed in the current administrator list if the administrators closed the browser without logging out from the admin GUI. |
| 552338 | The warning sign in the content disarm and reconstruction message cannot be displayed properly in Internet Explorer.Log and Report |
Znane problemy do rozwiązania:
| Bug ID | Description |
|---|---|
| 307919 | Webmail GUI for IBE users displays a paper clip for all email although the email has no attachments. |
| 381511 | IBE messages are not signed with DKIM although DKIM signing is enabled. |
Zachęcamy do lektury notatek wydanych przez producenta: Release Notes – FortiMail 6.2.0
Pozdrawiamy, Zespół B&B
Bezpieczeństwo w biznesie