Producent oprogramowania Fortinet opublikował nową wersję software dla produktu FortiManager o numerze wersji 6.4.8. W najnowszej aktualizacji dla rodziny 6.4 pojawiło się wiele naprawionych błędów związanych z zarządzaniem Access Pointami oraz endpointami. Producent rozwiązał problem wymuszania niższej wersji firmware na FortiAP przy podłączeniu do FortiManagera. W aktualizacji naprawiono również drobny, lecz znaczący problem brakujących elementów konfiguracji SD-WAN z konsoli CLI. Po więcej informacji dotyczących aktualizacji zapraszamy do dalszej części posta.
Aktualnie wspierane modele:
| FortiManager | FMG-200F, FMG-200G, FMG-300E, FMG-300F, FMG-400E, FMG-400G, FMG-1000F, FMG-2000E,
FMG-3000F, FMG-3000G, FMG-3700F, FMG-3700G, FMG-3900E, and FMG-4000E. |
| FortiManager VM | FMG-VM64, FMG-VM64-Ali, FMG-VM64-AWS, FMG-VM64-AWSOnDemand, FMG-VM64-Azure, FMG-VM64-GCP, FMG-VM64-HV (including Hyper-V 2016, 2019), FMG-VM64-KVM, FMG-VM64-OPC, FMG-VM64-XEN (for both Citrix and Open Source Xen). |
Rozwiązane problemy:
AP Manager
| Bug ID | Description |
|---|---|
| 691540 | Where Used should indicate that an AP is still in used in one or more FortiGate devices. |
| 697444 | SSID with MPSK may not pass verification during an install. |
| 718464 | Firmware upgrade fails for FortiAP 421E from FortiManager. |
| 726287 | Deleting Floor Map may return a blank pop-up with error. |
| 728372 | Importing SSID with optional VLAN ID set creates incorrect per-device mapping. |
| 750255 | FortiManager should enable DFS channels on WTP profiles for FAP234F and FAP231F with region N. |
| 750458 | AP Manager should not send local-authentication for VAP with wpa-enterprise and Radius to managed FortiGate. |
| 757706 | FortiManager might downgrade FortiAP with enforce firmware version. |
| 763233 | AP profile may not contain SSID when AP Manager is in central management mode. |
| 770234 | 5GHz DFS channels on AP Profile were not supported for FAP U231F. |
| 772194 | FortiManager should not install the setting, set security-redirect-url, without making any such change. |
| 772213 | FortiManager may try to delete default wtp 11ac-only profile on FortiWiFi-60F causing install to fail. |
| 785471 | FortiManager was deleting wireless-controller wtp and the objects referenced by wtp during the first installation after the upgrade. |
Device Manager
| Bug ID | Description |
|---|---|
| 545239 | After added FortiAnalyzer fabric ADOM to FortiManager , Device Manager’s log status, Log Rate, or Device Storage column cannot get data from FortiAnalyzer. |
| 587404 | FortiManager sets incorrect captive-portal-port value when installing v6.0 Policy Package to v6.2 devices. |
| 638750 | Where Used may not work for IPsec Phase 2 allowing users to delete used objects. |
| 662095 | FortiManager may take too much time to send SLA updates to over thousands of FortiGate devices. |
| 673008 | SD-WAN Rules order changes to the default when creating a rule and moving it to the top. |
| 677836 | The Client Address Range setting should allow users to configure assign-IPs from firewall address or group. |
| 691611 | FortiManager does „auto-retrieve” causing all policy package status to go „unknown” after a new VDOM is created on FortiGate. |
| 699893 | SD-WAN’s priority-members is missing from CLI configuration page. |
| 701348 | Once VRPP instance is created, user should be able to edit or delete it. |
| 709214 | System template should allow source interface to be selected when specify is activated as interface-select-method. |
| 712578 | FortiManager does not allow WiFi SSID with special characters. |
| 713833 | It may not be possible to rename device zone. |
| 725334 | Importing policy package shows ngfw-mode policy-based with the inspection-mode set to proxy. |
| 727123 | Meta Field is not translating values with spaces into correct scripts. |
| 729301 | A managed FortiGate with assigned CLI template remains in „modified” state following a successful device configure installation. |
| 729413 | FortiManager is missing peer options with dial up user configuration with VPN IPSec Phase 1. |
| 730482 | CLI Template cannot add system DNS database entries if „set domain” contains the underscore character („_”). |
| 731204 | FortiManager may incorrectly display „Object already exists” message while creating a new Hardware Switch interface. |
| 732246 | Clock format option no longer works to format date in TCL scripts. |
| 733379 | FortiManager cannot edit global level configuration when management VDOM is not in the current ADOM. |
| 733934 | During zero-touch-provisioning with „Enforce Firmware Version” enabled, upgrade task may hang if the connection is reset during the image transfer. |
| 735360 | When editing a device group, search results do not show the device if VDOM name is matched by search keyword first. |
| 735402 | When creating a new CLI Group Template and try to add members to it, it does not allow users to select other „CLI Group Templates” that are already created. |
| 737025 | SD-WAN monitor widget may not be loaded when multiple performance SLAs are added. |
| 739369 | When revision history is very large, FortiManager may not be able to retrieve configuration. |
| 740893 | Secondary IP may be purged when setting a description to VLAN interface. |
| 743102 | Device & Groups > VPN Phase1/Phase2 does not show the proposal column when using FGT-VM type „FGVMIB”. |
| 743112 | Interface Bandwidth widget on FortiManager under Device Manager does not display any data for FortiGate. |
| 743267 | FortiManager’s GUI does not show the virtual-switch ports as interface members for Hardware switches. |
| 744628 | After exported system template, importing the same configuration via CLI may fail. |
| 744973 | FortiManager GUI throws an error when switching from Policy & Objects to Device Manager. |
| 747955 | There may be performance issue when onboarding new SD-WAN devices. |
| 748240 | When FortiAnalyzer is managed via FortiManager, new devices that are registered to FortiManager should be synchronization under the corresponding ADOM on FortiAnalyzer. |
| 749823 | Named Address Static Route with SD-WAN cannot be selected on FortiManager. |
| 749923 | SD-WAN logs cannot be saved for some devices when sdwan-monitor-history is set as enabled. |
| 750303 | Under System > Interface, the data shown on this page may be incomplete. |
| 750838 | FortiManager may fail to import device list from another FortiManager due to the meta field containing prefix „_meta_”. |
| 751427 | Provisioning Template with empty name cannot be deleted or edited. |
| 753258 | FortiManager may be unable to show SD-WAN monitor data when the rtmmond daemon is stuck. |
| 754465 | FortiManager should also count promoted hidden devices. |
| 755519 | Zero-touch provisioning with script installation may fail due to duplicated snmp-index. |
| 759905 | When creating a device zone, device mapping may not be created when the zone is mapped to a normalized interface with the 'map as zone only’ option. |
| 760099 | When creating EMAC VLAN from Device Manager, FortiManager should show VLAN ID field. |
| 760132 | Device Manager may not be able to delete FortiGate-7000E HA cluster members. |
| 762082 | When creating a Static Route, FortiManager may take a few seconds to display available „Named Address”. |
| 763797 | Installation fails due to configuring forward-error-correction on FGT’s interfaces. |
| 764841 | FortiManager is unable to use secondary IP as source IP in DNS database. |
| 765762 | FortiManager is unable to install the switch controller > VLAN interface configuration during the ZTP process. |
| 773336 | FortiToken provision button is grayed out in Device Manager while it is enabled on FortiGate with the same token. |
| 779260 | When sdwan-monitor-history is enabled, replace last 5 minutes with last 10 minutes. |
| 779836 | FortiManager cannot install TCP-connect using Random port for SD-WAN. |
| 779900 | Administrative user GUI-dashboard information should be deleted upon VDOM deletion. |
| 795913 | Error Probe Failure has been observed when adding FortiAnalyzer to FortiManager. |
| 726721 | Unable to add multiple DNS domain names in Provisioning Template. |
| 737908 | The install fails with verification failure displaying to try deleting the LAN interface members. |
FortiSwitch Manager
| Bug ID | Description |
|---|---|
| 684371 | Clicking OK to import FortiSwitch Template results in no response. |
| 748200 | FortiSwitch monitor may show incorrect interface status for QSFP port. |
| 764258 | FortiManager should not update trunk-member value as it is controlled by FortiGate. |
Global ADOM
| Bug ID | Description |
|---|---|
| 660852 | FortiManager should not save invalid default value for ssl-ssh-profile in global database. |
| 691562 | Threat feeds global objects are not installed to destination ADOM when using the assign all object option. |
| 725763 | Automatic install to ADOM devices may fail from Global ADOM. |
| 728803 | Copying global firewall policy may fail due to duplicate IPS sensors. |
| 737381 | FortiManager should not allow users to delete the default reserved address object starting with „g-„. |
| 740942 | „srcintf” selector in Traffic Shaping Header or Footer Policy may not work in Global ADOM. |
| 741942 | FortiManager should show clear error message for duplicated object assigned from Global ADOM. |
| 745772 | FortiManager may randomly delete FortiManager IPv4 policies when assigning from the Global ADOM. |
| 760804 | FortiManager may return an error when adding address object to global policy. |
Others
| Bug ID | Description |
|---|---|
| 505795 | FortiManager should allow users to configure the list of allowed TLS cipher suites. |
| 657997 | Assigning device to system template may not work via JSON when FortiManager is in workspace mode. |
| 707911 | FortiManager should be able to assign VLAN interface to FortiExtender. |
| 715601 | Under some conditions, disk usage may reach 100% after a few days. |
| 718251 | Web service with port 8080 disabled may still be in listening state. |
| 733078 | FortiManager may show multiple fmgd crashes with signal 11 segmentation fault. |
| 733208 | Users may not be able to log in from GUI after restored database with changed HTTP or HTTPS port number. |
| 738639 | Users should be able to obtain status of the FGFM reclaim-dev-tunnel via API call. |
| 740523 | Retrieve task may fail due to autoupdate file already been deleted by FGFM. |
| 742137 | FortiManager may return an error when running an Ansible script to configure network interfaces, zones, and policies. |
| 744197 | If an VDOM is created and then get the VDOM information from JSON API, the VDOM mode may be shown as NULL. |
| 744736 | FGFM tunnel may go up and going down with multiple fgfmsd crashes. |
| 746311 | fgdsvr process may crash when URL length is longer than 1024 characters. |
| 750419 | Execution of integrity check may remove dynamic mappings. |
| 763669 | FortiManager Pay-As-You-Go should support connect to FortiCare via proxy. |
| 764674 | Map should use the region defined by the coordinates in System Settings’ Advanced Settings or the FortiManager’s time zone. |
| 766105 | FortiManager may not be able to upgrade ADOM from 6.2 to 6.4 due to cdb crash. |
| 775574 | There is a Criteria Latency field which is different between FortiGate and FortiManager when creating the manual interface option for SDWAN rules. |
| 776342 | System NPU values may be different between FortiManager and FortiGate-1801F. |
| 776413 | FortiManagerlock/commit operation is very slow when FortiManager HA is enabled. |
| 783226 | Fabric View may keep loading. |
| 792887 | Verification fail for default dnsfilter profile due to wrongly install „set category 0”. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 503978 | ’Thread Feeds’ should be 'Threat Feeds’ on Fabric Connector. |
| 549492 | Load-balance type VIP cannot be displayed and saved correctly. |
| 585177 | FortiManager is unable to create VIPv6 virtual server objects. |
| 615250 | Search by CVE may not work for both IPS Signatures and IPS Filters. |
| 644822 | Imported SDN Connector Objects may change to random names. |
| 657534 | SSH and MAPI should not be supported in file filter profile protocol under flow mode. |
| 696367 | Hit count, first used, and last used may not get updated on FortiManager. |
| 699975 | Multiple filters are missing for Azure SDN Connector. |
| 709908 | When checking the status on AntiVirus profile, it may not show the correct inspection mode in list view with status stays in „flow-based (Full Scan)”. |
| 713886 | FortiManager returns an error, „method failure”, when setting a shaping profile in normalized interface using per device mapping. |
| 717031 | FortiManager doesn’t update the „Hit Count” number. |
| 718223 | Hyperscale firewall EIF shall not be enabled when IP pool with CGN overload configuration is used in a policy. |
| 725024 | „Proxy Policy” page shows empty when the „View Mode” is selected as „Interface Pair View”. |
| 725132 | When modifying IP address of Default VPN Interface of spoke in Device Manager, hub remote gateway should be modified to reflect that change. |
| 726328 | SSL-SSH profile may display incorrect options when using SSL Certificate Inspection. |
| 729705 | Installing policy requires Interface Validation for interfaces that are not being use in policy package. |
| 730523 | Unused policies tool may always generate a PDF containing all policies. |
| 731053 | FortiManager may miss some Internet Service entries. |
| 732138 | Non-full admin users should be able to export Policy Check and Unused Policy results. |
| 732199 | FortiManager displays the group ID instead of display name with NSX-T Connector. |
| 734556 | FQDN type firewall address object can be created with an unsupported format. |
| 738475 | Special characters within policy’s comment causes all policies missing on GUI. |
| 740944 | Custom IPS Signature script may fail to run on policy package or ADOM database. |
| 742257 | NPU log servers for hyperscale does not show up in policy package. |
| 744049 | Proxy policy does not accept configuration with both ipv4 and ipv6 address objects. |
| 744591 | Installing or importing IPS custom signature may fail when a signature’s name contains a space character. |
| 744766 | FortiManager may not be able to retrieve IP address for group with NSX-T v3.1.2. |
| 744934 | FortiManager may try to install undesirable changes to FortiGate-5001E, FortiGate-5001E1, and FortiGate-5001D. |
| 745884 | FortiManager GUI may not response when triggering policy package install wizard under Policy & Objects. |
| 746273 | Column filter may extremely slow with large policy package. |
| 747537 | Where Used should show the correct object references for newly cloned objects. |
| 747558 | FortiManager filters should work for Hit Counters, First Session, and Last session. |
| 748222 | Cloning of a policy package is grayed out for admin users with restricted access to particular policy packager folder. |
| 748235 | Filtering by hit count may not work for policies. |
| 748246 | „Where Used” may result an empty top left frame for policy packages. |
| 748467 | FortiManager does not have the same profiles as on FortiGate with explicit proxy policy. |
| 748498 | There may be issue with Transparent Web Proxy when using interface pair view. |
| 748556 | FortiManager should not allow users to create Explicit proxy FTP with pool name. |
| 749519 | IPv4 policies in policy block may hidden on FortiManager’s GUI. |
| 749576 | FortiManager may try to install hidden synproxy parameters for DOS policy to FortiGate. |
| 750160 | custom-url-list may not be correctly parsed when URLs contain space characters. |
| 750539 | If FortiGate allows selecting LogMeIn app using specific filter override, FortiManager should also allow it. |
| 750882 | User may not be able to save changes in SSL/SSH inspection profile from GUI. |
| 751137 | There may be install performance issue when there is a huge number of dynamic mappings and there are many FortiAP or FortiSwitch devices. |
| 751710 | Editing a global user FSSO object’s dynamic mapping is not possible. |
| 751767 | Export to Excel when filters are applied for a policy package does not work. |
| 752777 | FortiManager should be able to manage valid authentication rules containing „User-Agent” proxy address. |
| 752822 | FortiManager may not response when adding a firewall address or group to a policy and changing the policy comment at the same time. |
| 754225 | Policy package status is out of sync without changes. |
| 755252 | Plus „+” sign should be added for SMS phone number when two-factor FortiToken Cloud is enabled. |
| 755348 | FortiManager should support more than one thousand traffic shapers. |
| 757164 | FortiManager database contains parameter webfilter-searchengine-Baidu-gb2312 that does not exist on FortiGate. |
| 758526 | FortiManager should be able to delete many per-device mappings quickly. |
| 758809 | When policy package in policy-based NGFW mode, FortiManager may still set action to accept even when the policy is specified as deny. |
| 760869 | Deleted objects may remain referenced in firewall policy. |
| 765793 | Adding custom signature with '_vdom-name’ should not prevent pushing changes to numerous devices. |
| 765812 | Hyperscale policy packages do not show log server until you get into a policy. |
| 767317 | Policy Hit Count may not be updated for Read-Only admin. |
| 769997 | Selection for user SAML as member under the user group may not take effect. |
| 770210 | Where used may not reporting used objects properly. |
| 770256 | FortiManager displays error when using „push to install” for objects utilized by policy blocks . |
| 770678 | Changing Action from Accept to Deny should ignore all UTM profiles within the firewall policy. |
| 771941 | FortiManager is unable to import or create virtual server with real servers using the same IP but different „http-host”. |
| 774435 | Right-click menu to add object may return an error: „cgn-resource-quote:out of range”. |
| 776361 | Policy lookup may not work if the managed devices are in Transparent mode. |
| 777554 | There may be slowness when using Find Duplicate Objects with Merge tools. |
| 779947 | Address group changes for per-device mapping does not apply to FortiGate when Address group is used in policy route. |
| 779965 | Users may not be able to export firewall header and footer policies to Excel. |
| 783899 | There may not be empty lines in „IPS Signature and Filters”. |
| 786684 | Installation fails because the virtual-wan-link did not exist. |
| 789957 | Created time doesn’t indicate AM or PM on the Tools > Find Unused Policies. |
Revision History
| Bug ID | Description |
|---|---|
| 618305 | FortiManager changes configuration system csf settings. |
| 643101 | Copy may fail due to VIP overlapping when installing policy package. |
| 657424 | FortiManager may disable the „l2forward” and „stpforward” settings on virtual switch interface when installing policy package. |
| 660525 | When installing from FortiManager, it may unset comment, organization, and subnet-name during install. |
| 674094 | FortiManager may unset explicit proxy’s HTTPS and PAC ports and change the value to 0 instead. |
| 674196 | Installation may fail after edited or created a firewall policy if reputation-minimum is set. |
| 691240 | FortiManager should not unset the value forward-error-correction with certain FortiGate platforms. |
| 700495 | FortiManager 6.2 ADOM may be sending set synproxy to FortiGate-1801F. |
| 713552 | If VIP address’s source-filter list is too long, installation may fail. |
| 722604 | After removed a member of user group that is used only in XAUTH, FortiManager is not deleting the unused local user on FortiGate. |
| 724647 | After upgraded to 6.4, retrieve from a chassis may take a long time. |
| 725252 | When customer is trying to push policy package to a device group, installation window may not show any progress but a red cross. |
| 725557 | Install always try to delete hardware switch member interface causing installation failure. |
| 725717 | After upgrade, installation may fail due to mcast-session-counting. |
| 728447 | Installation may fail due to VIP’s mapped IP as a range with two identical IP addresses. |
| 728918 | FortiManager should install changes applied on Global policy package and not indicate warnings like „no installing devices/no changes on package”. |
| 729148 | Install fails when new transparent mode VDOM is added directly via FortiGate CLI and imported into FortiManager. |
| 735455 | FortiManager may try to delete thousands of policies during install. |
| 740858 | GCP project name must be set during install. |
| 741543 | Install may fail with unset MAC address on EMAC VLAN. |
| 742806 | When modifying a configuration and installing Device Setting only , FortiManager may not display the device’s configuration change. |
| 744966 | After upgraded FortiManager, policy install verification may fail with Config status changes to Conflict due to invalid default value for log memory filter. |
| 745715 | FortiManager may not be able to install policy package with firewall rule using VIP group due to zone binding. |
| 747837 | FortiManager may try to delete interfaces lan1, lan2, and lan3 which are used by virtual-switch.sw0 on FortiGate-40F. |
| 748350 | Explicit proxy FTP ssl-ssh-profile application-list may not be installed. |
| 748462 | FortiManager should not set the HA interface IP under the central-management on FortiGate when the master unit fails. |
| 749587 | If a device revision is corrupted, FortiManager may be able to remove or create any revision. |
| 750637 | FortiGate-5001E, FortiGate-5001E1, and FortiGate-5001D may be mistakenly set to support switch-profile. |
| 751771 | Users may not be able to create hardware switch interface from FortiManager. |
| 751776 | Renaming IPSec Phase1 that is member of a zone causes all zone related rules to be re-created. |
| 754081 | Application Control signatures belong to Industrial Category are removed from FortiGate in split mode during policy install. |
| 755059 | After disabled NAT on hyperscale policy, there may be installation failure on unset action. |
| 755687 | FortiManager may show admin with no password when adding a new VDOM to FortiGate-2200E/2201E. |
| 756508 | FortiManager may unset chassis ID causing HA cluster lost. |
| 757716 | There may be install issue with Web Filter’s „config ftgd-wf” which does not exist on NGFW policy mode on FortiGate. |
| 764497 | FortiManager should not create a new wildcard FQDN object while renaming it. |
| 767824 | FortiManager may unexpectedly delete custom signature when installing policy package. |
Script
| Bug ID | Description |
|---|---|
| 384139 | Filter does not work on device group. |
| 654700 | Users need to open „View Script Execution History” to see that TCL script fails. |
| 740938 | Direct CLI script may fail when it contains an 'exec’ command. |
| 757156 | When running CLI script remotely on 100+ firewalls, partial configuration is retrieved and it may cause routing to be removed from device database. |
| 780604 | When creating a new phase1 interface, dpd=on-idle settings may not be saved. |
| 787113 | TCL scripts fails to run if the admin’s password is longer than 36 characters. |
Services
| Bug ID | Description |
|---|---|
| 644021 | FortiManager should be able to use custom certificate for the update related services. |
| 704584 | FortiAP firmware may not be listed and cannot be imported. |
| 718256 | FMG-VM64-AWSOnDemand may not retrieve the proper license when it is behind a proxy. |
| 725118 | FortiManager may not logging FortiGuard connectivity failures. |
| 741846 | AP upgrade task may hang at 45%. |
| 748489 | Numerous 'svc cdb reader’ processes reaching 100% CPU utilization. |
System Settings
| Bug ID | Description |
|---|---|
| 640670 | If a user specified ADOMs including global ADOM, workflow approval may not be able to find the same user. |
| 687992 | Backup that includes IPSec VPN cannot be restored. |
| 690926 | FortiManager is removing SD-WAN field description upon ADOM upgrading from 6.2 to 6.4. |
| 696554 | FortiManager may generate a lot of „cdb event log for object changed” event logs. |
| 706303 | Template assignment or save may not generate clear Event logs. |
| 721153 | Scroll bar is missing from device drop-down list on ADOM overview page. |
| 727233 | ADOM license count should not count root ADOM. |
| 728991 | Nested group search fails with „Bad search filter” if the user DN contains characters like „,” and „()”. |
| 729280 | Admin User with no access to management ADOM or VDOM can create a new VDOM from non-management ADOM > VDOM. |
| 731084 | FortiManager upgrade should not have warning when there is no upgrade path. |
| 734422 | The „svc sys” daemon may have high memory usage when API is used to upgrade FortiGate devices. |
| 735067 | When creating a local account with the „Force this administrator to change password upon next log on” option checked, the setting should be applied for the first login. |
| 737142 | FortiManager should support using the special character „@” in SNMP community name. |
| 738622 | ADOM upgrade from 6.0 to 6.2 may fail due to FortiExtender object. |
| 745333 | Remote authentication servers should not be synchronized among HA members. |
| 745365 | Event log may be truncated when the log contains many address objects. |
| 746568 | FortiManager may continuously changing NTP synchronization server. |
| 748237 | Users may not be able to disable ADOM via GUI or CLI. |
| 751069 | User may not be able to disable ADOM after upgrade. |
| 762708 | LDAP may stuck for twenty seconds if LDAP is not responding. |
| 768682 | Setting a Cluster ID for a model HA cluster results in an invalid group ID under config system ha. |
| 775091 | Two factor authentication fails when special characters are used in CN. |
| 777726 | FortiManager may not generate event logs for meta field changes. |
| 778405 | Script Groups should be copied with their members when cloning an ADOM. |
| 783066 | The number of FortiGate devices registered is in the upper limit of the license count may causes HA becomes asynchronized. |
| 790409 | idle_timeout under admin’s setting is not converted properly after performing the upgrade. |
VPN Manager
| Bug ID | Description |
|---|---|
| 721783 | Applying Authentication or Portal Mapping changes may take several minutes. |
| 735417 | FortiManager may purge mac-addr-check-rule when installing to FortiGate. |
| 748488 | Cloned VPN Phase1 interface may have several different parameters than the original interface. |
| 750227 | Removing a spoke or hub from VPN community may result in partial configuration removal. |
| 779498 | VPN monitor may not display correct information when FortiManager is in advanced ADOM mode. |
| 780154 | Policy package should be pushed to VPN hubs without error, „interface IP is 0”. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
| 770575 | FortiManager 6.4.8 is no longer vulnerable to the following CVE-Reference:
|
Znane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 692669 | Browser may display a message, 'A webpage is slowing down your browser’, while checking revision difference. |
Others
| Bug ID | Description |
|---|---|
| 729175 | FortiManager should highlight device consisting of specific IP address under Fabric View. |
Policy & Objects
| Bug ID | Description |
|---|---|
| 652753 | Wen an obsolete internet service is selected, FortiManager may show entries IDs instead of names. |
| 656991 | FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address. |
| 726105 | CLI Only Objects may not be able to select FSSO interface. |
| 773249 | FortiManager may not display the correct number of firewall address objects while adding the objects to DoS policy. |
| 773403 | FortiManager may now differentiate between the ISDB objects „Predefined Internet Services” and „IP Reputation Database”. |
| 774058 | Rule list order may not be saved under File Filter Profile. |
Revision History
| Bug ID | Description |
|---|---|
| 496870 | Fabric SDN Connector is installed on FortiGate even if it is not in used. |
| 779864 | FortiManager cannot install ISDB object 'Microsoft-Intune’. |
Services
| Bug ID | Description |
|---|---|
| 754038 | FortiGate firmware upgrade via FortiManager may break FortiGate HA cluster. |
System Settings
| Bug ID | Description |
|---|---|
| 579964 | FMGVM64-Cloud needs to provide GUI support for ADOM upgrade in system information dashboard. |
VPN Manager
| Bug ID | Description |
|---|---|
| 615890 | IPSec VPN Authusergrp option „Inherit from Policy” is missing when setting xauthtype as auto server. |
| 699759 | When install a policy package, per device mapped object used in SSL VPN cannot be installed. |
Notatki producenta: FortiManager 6.4.8
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie