W ostatnim czasie oprócz aktualizacji FortiOS oraz FortiAnalyzera producent serwuje nam również aktualizację oprogramowania dla FortiManager! Nowa wersja – 6.0.8 eliminuje kłopoty związane między innymi z politykami bezpieczeństwa, sygnaturami IPS i ich niespodziewanymi resetami, kłopotami podczas tworzenia interfejsów ( błąd powodujący utratę przypisania interfejsu z konkretnego ADOMu).
Rozwiązane problemy w FortiManager 6.0.8:
AP Manager
| Bug ID | Description |
|---|---|
| 578123 | Multiple dhcp-relay-ip cannot be defined. |
Device Manager
| Bug ID | Description |
|---|---|
| 604756 | FortiManager may return the error, value 0 out of range (1,255), when creating a new or editing an existing SD-WAN. |
| 523463 | Firmware version not displayed in backup ADOM. |
| 544562 | The „Force this Admin to Change Password Next Time He/She Logs on” option on administrator is not installed to FortiGate. |
| 568626 | FortiManager can only modify the order of DNS forwarder only if the IP addresses are in quotes („”) and when the IP addresses are not separated by comma. |
| 580533 | Saving configuration with incorrect IP/mask format does not display an error for inner configurations. |
| 587693 | Users should able to delete interfaces from aggregate interface. |
| 589826 | Device Manager cannot create EMAC VLAN interfaces over VLAN interface created in root VDOM. |
| 594709 | Device Manager may not be able to generate Policy Package Diff result. |
| 594853 | FortiManager may create duplicate VDOMs when retrieving a configuration for multiple devices. |
| 597284 | When creating a new switch through a script, all configuration is visible in Device Manager but no port configuration is installed. |
| 598230 | Removing Per-device mapping causes all referenced Policy Packages status to become modified. |
Global ADOM
| Bug ID | Description |
|---|---|
| 545008 | After upgrade, there are IPS signatures without name and „Rate Based Signatures” list is empty. |
| 582171 | FortiManager may not be able to assign all objects from 5.6 global ADOM to a 6.0 ADOM. |
Others
| Bug ID | Description |
|---|---|
| 552085 | FortiManager live migration fails with Microsoft Hyper-V and it is not accessible via GUI and SSH. |
| 565515 | User may not be able to create a new SNMP host under System Templates. Workaround: Please add a new SNMP host for System Templates under CLI Configurations within Device Manager. |
| 574731 | Some hardware specific SNMP traps are missing from the device SNMP settings and the system provisioning templates. |
| 595589 | When running a script on a device with large configuration, dmworker may crash with high CPU spike. |
| 595741 | After ADOM upgrade, FortiManager may report an error on reaching the max limit of firewall-service-custom. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 491813 | FortiManager should group IPS Sensor entries with same filters as one rule. |
| 545605 | Searching on Created Time or Last Modified does not work on policy table. |
| 548573 | FortiManager changes UUIDs of existing objects after policy install. |
| 569576 | Web rating override category change is not reflected in GUI. |
| 580484 | Signature, „Apache.Optionsbleed.Scanner”, cannot be selected as IPS Signature but only as „Rate based Signature”. |
| 583387 | Creating an already existing interface loses interface or zone mapping in ADOM. |
| 585021 | Adding or modifying rate based signature on IPS profile resets all rate based signature to default settings. |
| 594811 | Using copy and paste on multiple proxy policies may insert rules in reversed order. |
| 594957 | SSL/SSH Inspection profile should not allow „Untrusted SSL Certificates” to be set to Block. |
| 597123 | Proxy policy using ISDB object(s) as „Destination address” should be properly created on the Policy Package without adding the „none” address object. |
| 597668 | FortiManager should be able to install the scheduled policy package even though it is scheduled by wildcard user. |
| 597879 | Policy package installation fails with commit check error on system interface dhcp-relay-type. |
| 598656 | When long-vdom-name is enabled on FortiGate, installing from FortiManager may show nothing to install. |
| 602871 | FortiManager may show zero on First use, Last used, and Byte count on policy. |
Revision History
| Bug ID | Description |
|---|---|
| 513317 | FortiManager may fail to install policy after FortiGate failover on Azure. |
| 539829 | FortiManager should be able to delete FortiGate default admin user from FortiManager. |
| 560638 | When checking the Revision Diff between two revisions for multiple times, the result may not be consistent. |
| 578231 | FortiManager tries to push „casi-profile” on a Deny Policy. |
| 587005 | FortiManager should support the radius-server-vdom setting and be able to install it. |
| 592062 | Custom Internet Service created on FortiManager systematically fails to be installed on target FortiGate. |
| 599413 | Policy Package Diff is showing differences for passwords when there is no actual difference. |
Script
| Bug ID | Description |
|---|---|
| 572524 | Users may not be able to create admin user via a Script due to long password. |
| 577463 | Script scheduling should not be affected by the order of configuration. |
Services
| Bug ID | Description |
|---|---|
| 520875 | FortiManager should keep the same FortiGate On-Demand contract as FortiGuard. |
System Settings
| Bug ID | Description |
|---|---|
| 600833 | When trying to create a local certificate, and assign and install it for remote administration, the install operation fails due to incorrect order of configurations. |
| 597765 | ADOM upgrade may stuck with „svc cdb reader” crashes. |
| 599847 | FortiManager may not be able to move VDOMs with long names among different ADOMs. |
VPN Manager
| Bug ID | Description |
|---|---|
| 412143 | Renaming user in Policy Objects does not update the SSL VPN portal mapped user. |
| 554080 | VPN monitor may not list all mesh tunnels if the remote VPN peer has a dynamically assigned IP address and subscribes to a dynamic DNS service. |
Znane problemy do rozwiązania w 6.0.8:
AP Manager
| Bug ID | Description |
|---|---|
| 595674 | When attempting to place an AP on a map, there is a considerable border around map image and it is not possible to place an AP to the far right or complete bottom of the floor. |
| 600899 | FortiManager is unable to delete WiFi profile with a forward slash in the name. |
Device Manager
| Bug ID | Description |
|---|---|
| 555635 | Certificate is not visible on GUI after restoring the configuration, which was exported from FortiManager. |
| 586809 | FortiManager incorrectly counts VDOM licenses for FortiGate 7000 series. |
| 598916 | When creating user groups via CLI Only Objects, comma separated values are treated as a string instead of a list. |
Others
| Bug ID | Description |
|---|---|
| 581140 | The SNMP, FmDeviceEntPolicyPackageState, always returns (-1), which indicates never installed, regardless of the actual policy package status. |
| 591206 | The SNMP trap, fmDeviceTable, should show VDOM information as well. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 505887 | Internet Service should separate into source and destination. |
| 545759 | „From” or „To” column filter displays unmapped interfaces in the drop-down list. |
| 574560 | Installation from FortiManager may fail with the error, „No response from remote” FortiGate. |
| 577199 | Importing policy package does not add interfaces in dynamic mappings for zone if the zone mapping is empty. |
| 577201 | Next button should be inactive until zone validation is fixed in the case of 'Re-Install Policy’. |
| 577660 | Despite table limits on firewall central-nat of 300k-max and 30K-per VDOMs, FortiManager still shows 10k limit reached error. |
| 578004 | The policy interface colors are different between Device Manager and Policy & Objects. |
| 581825 | In workflow mode, changes to the SSL VPN portals do not trigger „Modified” status on the policy package. |
| 598913 | Deleting a policy will bring user to the top of the policy package instead of remaining in the same position. |
| 598938 | FortiManager should allow setting wildcard-fqdn type firewall address as destination on proxy policy. |
| 599780 | If one or more devices has a policy validation error, FortiManager does not show devices that are „ready to install”. |
| 602600 | FortiManager may show any duplicate sections in the policy page. |
Revision History
| Bug ID | Description |
|---|---|
| 473517 | FortiManager should have a proper progress bar for device install preview. |
| 543507 | Install fails for newly defined transparent VDOM’s management IP. |
| 584118 | Router access-list rule’s default value is mismatched causing installation failure. |
| 586275 | Policy Package Diff does not show user or admin details. |
| 591818 | Install fails with 'No response from remote’ when making addrgrp changes. |
| 597650 | FortiManager cannot install allowed DNS and URL threat feed configuration. |
| 602272 | Installing UUIDs from local-in policies for FortiGate-60F may cause installation failure. |
System Settings
| Bug ID | Description |
|---|---|
| 571181 | An admin user with read-write system permissions and restricted to one ADOM can change their permission to All ADOMs. |
FortiManager 6.0.8 – notatki producenta
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie