Kolejny produkt ze stajni Fortinet dołącza do grona z zaimplementowanym systemem o wersji 6.0.5! Fortinet publikuje nową wersję oprogramowania dla FortiManager oznaczoną numerem 6.0.5. W nowej wersji oprogramowania naprawiono między innymi drobnostki dotyczące braku możliwości zalogowania się na konto administratora w przypadku posiadania specyficznych znaków specjalnych w swoim haśle, w nowej wersji FortiManager poprawnie synchronizuje polityki bezpieczeństwa pomiędzy urządzeniami FortiGate a FortiManager, administratorowi przywrócono możliwość zmiany adresu IP dla interfejsu FortiGate HA mgmt. Poza tym oprogramowanie zostało ulepszone poprzez wyeliminowanie wielu innych błędów wykrytych w poprzedniej wersji softu, o czym możemy przeczytać w naszym artykule. Zapraszamy do lektury!
|FortiManager is missing permission settings when managing FortiAnalyzer.
|HA-status changes to standalone from ELBC cluster when making changes to FortiGuard server setting directly on FortiGate.
|FortiManager should adjust Radius configuration on SSID when renaming a Radius server.
|The „set disk-usage log” command should not be installed for devices with log disk.
|Passwords should allow special characters on certificate templates in FortiManager.
|FortiManager attempts to change Chassis ID on FortiGate 7000 series when installing configuration.
|User cannot paste password in managed device’s Telnet or SSH console.
|When an address is a member of a dynamic address group, its „Where Used” results does not say which dynamic group it belongs.
|FortiToken provision does not work.
|Operator to filter Event logs on FortiManager may not work properly.
|FortiManager returns TCL Error when pushing Policy to FortiGate due to failure to resolve hostname defined under “set fmg”.
|FortiSwitch Manager and AP Manager reports switches and APs connected to FortiGates as online when the devices are no longer powered on.
|When creating new vdom-link from the global interface menu, all the VDOMs should be visible in the management VDOM.
|FortiManager always overrides the device-level configured parameters to DPD 'default values’ making impossible to tune DPD settings when using VPN Manager.
|FortiManager pushes IP POOL with pool type not specified but with parameter „set num-blocks-per-user 32” set.
|With the ADOM option „Perform Policy Check Before Every Install” enabled and no changes to install, an install will fail with the „Validation Failed” message.
|FortiManager should remove the mandatory requirement of having a hub-to-hub interface when two hubs are defined in a VPN community using VPN Manager.
|When workspace is enabled, IPv6 session based counters are synchronized with FortiGate.
|Admin users are unable to login from the GUI when their password contains two sequential question marks.
|ADOM upgrade may fail when the IPs in FortiSwitch VLAN DHCP server are configured with zero.
|FortiSwitch Manager > FortiSwitch Templates > FortiSwitch VLANs missing advanced options.
|During import, FortiManager does not checking if adding suffix to object name will exceed character limit.
|Deleting multiple SD-WAN rules does not work.
|DHCP Gateway option may not working in AP Manager.
|Running a script always returns the error, 'the script is not eligible’, even though the actual error may be different.
|When querying a policy package, FortiManager API’s response may be missing the VDOM information.
|FortiManager should warn user in install wizard if there is an IP address being installed that is 0.0.0.0/0.
|FortiManager is not able to assign FQDN address object to Static Route Named Address.
|FortiManager responses with errors if multiple protected subnets are defined in Dial-Up community external spoke configuration.
|Policy counters may not be accurately synchronized with the FortiGate devices.
|SD-WAN rule protocol options 'ANY’ is not saved on GUI.
|Tooltip for device lock is not show in Device Manger’s device tree.
|Right-click menu does not allow firmware upgrade with device locked.
|GTP global tunnel limit is not configurable on FortiManager.
|FortiManager does not support the increased firewall addresses limit to 10000 objects for FGT81E or FGT81_POE.
|ADOM upgrade stuck at 5%.
dhcp-snooping when installing from a 5.4 ADOM.
|FortiManager is trying to unset the category for user device when pushing policy package.
|Search in zone does not work after upgrade.
|IPS Filter does not include ALL if filtered based on OS.
|FortiManager is not updating the last modified time when modifying a web filter category.
|In web filter profile, FortiManager should only allow configuring quota for categories set to monitor, warning, or authenticate.
|FortiManager may attempt to add trailing spaces for VIP’s mapped IP.
|Push update should be available from Manager > License.
|Editing SD-WAN interface shows inaccurate GUI Page.
|FortiManager should not allow illegal change with
ssl-ssh-profile causing installation to fail.
|API request returns all the devices even when the user does not have access to other ADOMs.
|FortiManager cannot delete WF and AS FortiGuard databases on FortiManager.
|The Local Users column is always empty even if a token is assigned.
|Import all objects is not importing unused FortiTokens.
|Token used in device local admin configuration is displayed as not used at ADOM level.
|When having multiple hosts within an SNMP community, it is not possible to edit a host and change the status of HA-direct.
execute reset hitcount command tries to reset on v5.2 ADOMs, which have no hitcounts feature resulting system returning failure with code -160
|Policy install may stuck at 67%.
|Some SMTP/splice options under firewall profile-protocol options cannot be disabled.
|List of static route is always empty if user uses search filter before edit or clone a static route.
|FortiManager is unable to add multiple DHCP Relay Servers from the Device Manager System Interface Menu.
|Users may not be able to change the FortiGate HA management interface IP.
|Importing a local certificate with a big number of subject alternative names is not supported.
|IS-IS interfaces cannot be deleted from GUI.
|Users may not be able to upgrade ADOM after ADOM name has been changed.
|FOS-VM may be getting invalid license from FMGR-VM-Meter.
|FortiManager does not allow users to manually set SD-WAN member sequence ID.
|FortiGuard 7000 Service Status shows slave chassis with serial number instead of host name.
|VPN Manager should not show the options for main and aggressive mode when IKEv2 is selected.
|FortiManager should not prompt for Device setting for static route in TP VDOM.
|Web filter and Application profiles are not available in the FortiClient profile GUI.
|Upgrading ADOM 5.2 to 5.4 may be very timing consuming.
|Installing configuration after fail-over in cluster causes installation fail because of difference in management-ip.
|Policies that are Last Modified matched by actual traffic always shows recently modified by 'admin’ even if the default admin user is not present in the FortiManager configuration.
|Users are unable to select Schedule Object for SSID in AP Manager.
|Read-Only admin can enable VPN Manager in the ADOM.
|FortiManager may not be able to configure a full-mesh VPN among FortiGates with multi-VDOMs.
|FortiManager is unable to import policy configuration from devices with a long VDOM name.
|When configuring Per-Device Mappings for Real Servers, mode is missing and users cannot create multiple real servers.
|Users should not be allowed to delete default Meta fields.
|Column showing unused object reverts to original size after scrolling down.
|Re-importing a device may result in policy package status change to „modified” for many devices.
|When trying to add a new gateway from VPN Manager, FortiManager returns an error 'peer invalid value’.
|FortiManager is not able to set Type of Service field for SD-WAN service.
|FortiManager is showing 'Create New’ option under script even though ADOM is not locked.
|FortiManager should be able to configure dynamic mappings for SD-WAN via a script.
|With Safari, there are two issues when user editing device group: there are two scrollbars in the „Edit Device Group” window and „Edit Device Group” window size cannot be changed.
|SSL/SSH Profile should not allow the user to enable „Allow Invalid SSL Certificates” when Inspection mode is „SSL Certificate Inspection”.
|When editing comment/description, FortiManager may display the slash character, “/”, as “/”.
|Bytes/Hit/packet count should not be a parameter to consider in the Diff as these are not part of configuration.
|Once a Local ID value is configured for a VPN Node within VPN Manager, it can no longer be removed.
|FortiGate’s system time is now shown on FortiManager when time zone index is set at 79, 80, or 83.
|Retrieving configuration under Workspace mode does not allow further changes under AP manager.
|FortiManager should support encrypted disk on AWS Cloud.
|FortiManager is unable to automatically register devices via Pre-Shared Key method if a revision is imported prior to registering the devices.
|FGFM debug shows
fgfm_keepalive_handler entries for all managed devices in fgfm debug output when device filter is specified.
|FortiManager is unable to import 7040E v5.6.
|Editing Wi-Fi interface, which is a zone member, should not enable block intra-zone traffic.
|FSSO Agent with option Select FSSO groups via FortiGate does not work if the policy has no pending changes.
|When there is a dynamic interface and a multicast interface that has the same name within a policy package, the install wizard was not be able to create dynamic mappings.
|FortiManager does not accept FQDN address configuration containing the _ character.
|After upgrade, install may fail due to invalid VDOM snmp-index.
|Dynamic/Dialup Type IPSec Tunnel Interface cannot be added as SD-WAN member.
|Retrieving or importing configuration revision fails if configuration contains a large number of CRLs.
|Downstream FortiManager does not update Signature until changing schedule setting in the second tier FortiManager’s FDN.
|When ADOM is locked, FortiManager may display incorrect values or configurations from some objects or policies.
|AP Manager may not be able to change wtp-mode.
|Install fails for DoS policy quarantine-expiry.
|There is no GUI validation when an invalid subnet mask is used as destination for a Static Route.
|Change to policy with install target specified should not change the status of ALL targets within the policy package.
|The command, execute device replace, is missing username.
|LDAP query failure over slow satellite connection.
|FortiManager tries to add full scan options while using quick scan in default AV profile.
|Proxy policy should not allow empty source address.
|Occasionally, duplicate sequence number may appear in some policy packages.
|Install to device may delete configuration on FortiGate cluster with large configuration file.
|FortiManager should not install forward-error-correction on VLANs.
|The „Policy Package” column is missing in „Where Used” result after upgrade.
|Install fails when deny rule contains DNS filter profile.
|FortiManager should be able to display CA certificate under 6.0 ADOM.
|Scheduled TCL Script intermittently fails to run on the scheduled time after upgrade.
|Policy package status changed to „Never Installed” after upgrade.
|There is an ordering issue on admin users where multiple wildcard users are configured on the same server.
|Remote wildcard users breaks user profile access to workflow sessions.
|FortiManager may not be able to configure or import IPS custom signature.
|Where Used may not point to the entity using the object.
|Adding section for traffic shaping policies causes runtime error.
|Script fails to set
accprofile on device database.
|User may not be able to delete ADOM from Global Assignment.
|Policy Package name is truncated in table with „Where Used” output.
|FortiManager does not install new certificate obtained from FortiAuthenticator.
|Key Type specified, as elliptic curve is not functional when generating a CSR.
|Installation log is missing due to
dpm-logsize limited to 10MB.
|Installation fails due to DNS server „Same as Interface IP” option inside device interface configuration.
|Two SSL-SSH profiles added by FortiManager may cause installation issue.
|When importing device list of multiple model devices with PSKs, FortiManager prompts the error, „Serial number already in use”.
|Adding wildcard FQDN for SSL inspection exemption list from FortiManager fails.
|AP Manager may not be able to show map.
|When attempting to remove a VDOM from a FortiGate by running a script, the script fails unexpectedly and the VDOM is not deleted.
|FortiManager may fail to retrieve configuration when there are more than 10000 central NAT entries.
|Users may not be able to see SD-WAN options in Backup mode after switching from Normal mode.
|FortiManager should not push ssh-filter profile
upgrade_1 to FortiGate devices after upgrade.
|When FortiManager is running in workspace mode, FortiManager may unexpectedly delete firewall policy.
|User should be able to create a FortiGate admin account with Restrict Admin to Guest Account Provisioning Only option selected with VDOM(s) guest group(s).
|Changes on Existing Static Route is not displayed on Installation Preview.
|FortiGuard service event logs should always been generated with an internal FortiManager user.
|FortiManager does not give an option to choose RSA 4096 and Elliptic Curve algorithms in certificates.
|FortiManager may fail to install local certificate on FortiGate and private key is missing after saving the configuration.
Znane problemy do rozwiązania:
|FortiManager has no option available to configure VLAN IDs under VLAN Pooling.
|AP Profile in AP Manager may offer redundant options for specific AP models which can lead to failed installation.
|WiFi Profiles SSID DHCP Server Toolbar is hidden if System Settings is set to None in an Admin Profile.
|Installation error after changing inspection mode from Proxy to Flow.
|In case FortiGate is in NGFW policy-based mode, URL or Application control profiles should not be visible on FortiManager.
|Users should be able to set the
login-timestamp from CLI script.
|MAC address Access control list entries under DHCP server are duplicated when editing one of the entries.
|FortiManager is unable to create SD-WAN Template in Central Management Mode if System Settings is set to None in an Admin Profile.
|User cannot change IPSec Phase1 on an existing IPSec Phase2 interface.
object-tag from 5.6 Global ADOM to 6.0 ADOM should not fail.
|FortiManager may not be able to import policies from FortiGate SLBC.
|User without Super User Profile is unable to manage Tags from Tag Management.
|FortiManager is unable to Set OSPF Interface Network Type as P2MP.
|FortiManager cannot show where used for FortiSwitch Security Policy.
|Install copy fails when setting captive portal user group for FortiSwitch’s VLAN.
|Imported SSIDs cannot be selected within AP Profile until the SSIDs have been edited.
|When SSID is in bridge mode, external link to captive portal and CMCC Radius Secret are missing on AP Manager’s SSID page.
|Find Duplicate Objects may get stuck loading.
|FortiManager should have public IP for
remote-gw under IPSec Phase1 interface.
|Split-tunneling information may not be retrieved completely for managed AP.
|User should be able to configure split-tunneling related information on AP profile and managed AP pages.
|FortiManager incorrectly sets
security-external-web when external authentication is selected.
|When redirect after captive portal is set, verification may fail on
security-redirect-url due to missing http:// prefix.
|Configuration may modify FQDN addresses after FortiManager and FortiGate are both upgrade to version 6.0.5.
|FortiManager is unable to use interface member of a zone as Source Interface filter for VIP object.
|FortiManager is unable to select multiple FortiExtender units for upgrade of firmware from Extender tab.
|Device Manager generates incorrect configuration for Filter MAC Addresses on SSID that causes installation to fail.
|Device Manager’s SSID page cannot save links to authentication portal and redirect after captive capital.
|FortiManager is missing to generate software switch related configurations for Quarantine Host for SSID.
|AP Manager may not be able to import AP Profile for FAP-421E/423E/S421E/S423E.
|7000 series HA members may show up as unregistered after failover.
|EU country ID is available on FortiManager, but the ID is not part of latest geographic database.
|Sub-admin clicks View on where Used may lead to disappearance of dual panel.
|After deleting an SSID from Device Manager, AP Manager still shows the SSID.
|Search box for SSID selection within AP Profile may not work well.
|Install may fail if zone member is used in a Multicast policy.
|Resetting hitcount in ADOM 5.4 fails.
|FortiManager may fail to run
execute fips kat all and
diagnose system fips kat-error commands.
|FortiManager may show Device objects from another ADOM.
Bezpieczeństwo w biznesie