Nowa aktualizacja FortiManager 7.0.8 – a w niej naprawiony problem z działaniem GUI w przeglądarkach Google Chrome oraz Microsoft Edge w wersji 114, możliwość dodania „FortiGateRugged-60F” do FortiManager oraz rozwiązanie problemu z komunikatem „Błąd TCL” przy instalacji pakietu zasad z IPSec VPN do FortiGate. Więcej informacji w artykule poniżej.
Aktualnie wspierane modele:
| FortiManager | FMG-200F, FMG-200G, FMG-300F, FMG-400E, FMG-400G, FMG-1000F, FMG-2000E
FMG-3000F, FMG-3000G, FMG-3700F, FMG-3700G, and FMG-3900E. |
| FortiManager VM | FMG_DOCKER, FMG-VM64, FMG_VM64_ALI, FMG-VM64-AWS, FMG-VM64-Azure, FMG-VM64-GCP, FMG-VM64-HV (including Hyper-V 2016, 2019), FMG-VM64-IBM, FMG-VM64-KVM, FMG-VM64-OPC, FMG-VM64-XEN (for both Citrix and Open Source Xen). |
Rozwiązane problemy:
AP Manager
| Bug ID | Description |
|---|---|
| 767774 | Installation failed as FortiManager attempts to change power-level and power-value under the wireless-controller settings at the same time. |
| 781561 | User may not be able to access AP Manager with custom read only admin profile. |
| 861941 | FortiManager attempts to install „arrp-profile” even if „darrp” is disabled. |
Device Manager
| Bug ID | Description |
|---|---|
| 803425 | Installation failed due to the some of the „os-check-list” items which are not supported by the FortiGates anymore. |
| 836933 | Changes on the External-Resource settings from ADOMs for specific VDOMs/FGTs alter the External-Resource settings for other ADOMs and VDOMs. |
| 838462 | Adding device using „Add Model HA Cluster” feature failed as FortiManager does not allow „virtual switch interfaces” being used as „heartbeat interfaces”. |
| 864588 | Firmware Template under the Device Manager does not work properly; It might display „No Device”. |
| 876040 | Status of Certificates is displayed as „pending” under the System’s Certificates. |
| 891341 | Installation fails due to the Copy failure error; system template created with some empty string values which are assigned to devices. |
| 896998 | Unable to get access to the Certificates via Device Manager > DEVICE_NAME > VDOM_NAME > System. |
| 897863 | After deselecting the ’allow-dns’ feature under the application control list, the changes cannot be saved. |
| 902316 | Unable to delete unused Template Groups |
| 909867 | FortiManager attempts to configure unsupported syntax for „sdwan health-check”. |
Others
| Bug ID | Description |
|---|---|
| 851586 | FortiManager displays „invalid scope” errors when running the „diagnose cdb check policy-packages” command. |
| 897157 | Unexpected changes in existing static routes created by static route template after upgrade to 7.0.7, 7.2.2, 7.4.0. |
| 899570 | Unable to add the „FortiGateRugged-60F” FGT to the FortiManager. |
| 899750 | ADOM upgrade makes the Policy Packages status modified. |
| 919088 | GUI may not work properly in Google Chrome and Microsoft Edge version 114. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 656991 | FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address. |
| 798955 | Traffic shaping policy changes does not trigger any changes/updateson the Policy Packages status. |
| 866826 | Failed to modify Virtual Server addresses in Firewall Polices with Deny Action. |
| 880575 | When using the „reinstall policy” option to install to devices with different policy packages, the corresponding event log shows the same policy package pushed to all devices. |
| 889068 | Unable to push policies when VDOMs are in different ADOMs. |
| 895979 | FortiManager attempts setting the Zone as the interface for firewall policy, during the installation. |
| 896491 | Installation fails with unclear error message „vdom copy failed”. |
| 898334 | Policy Package Export to Excel is not working for all policy types. |
System Settings
| Bug ID | Description |
|---|---|
| 897945 | The configured theme of FortiManager is not displayed prior to logging in. |
VPN Manager
| Bug ID | Description |
|---|---|
| 857051 | Installing a policy package with IPSec VPN to FortiGates fail with the following error: „TCL error(The remote gateway is a duplicate of another IPsec gateway entry)”. |
Znane problemy:
Device Manager
| Bug ID | Description |
|---|---|
| 752443 | Vertical scroll bar is missing in SD-WAN configuration. |
Others
| Bug ID | Description |
|---|---|
| 777831 | When FortiAnalyzer is added as a managed device to FortiManager, „Incident & Event” Tile will be displayed instead of the „FortiSoC„. |
Policy & Objects
| Bug ID | Description |
|---|---|
| 751443 | FortiManager displays policy installation copy failures error when ipsec template gets unassigned.
Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface. Please ensure a fresh FortiManager backup is created prior to any changes. |
| 793240 | FortiManager fails to retrieve FortiGate’s configuration when external-resource objects include a „g-” prefix.
Workaround: Create a fresh backup of your FGT and FMG, and then re-create all threat feeds on a per VDOM basis and update policies and security profiles that reference them to the local threat feed vs. the global feed. |
| 845022 | SDN Connector failed to import objects from VMware VSphere. |
| 855073 | The „where used” feature does not function properly. |
| 863819 | Unable to delete unused objects. |
| 911632 | When retrieving the configuration from the FrotiGate, the FortiManager shows the new cert; however, those cannot be assigned to the FCT EMS connector. |
Revision History
| Bug ID | Description |
|---|---|
| 801614 | FortiManager might display an error message „Failed to create a new revision.” for some FortiGates, when retrieving their configurations. |
System Settings
| Bug ID | Description |
|---|---|
| 825319 | FortiManager fails to promote a FortiGate HA member to the Primary. |
| 853429 | Creating FortiManager’s configuration backup via scp cannot be done. |
VPN Manager
| Bug ID | Description |
|---|---|
| 784385 | If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.
Workaround: It is strongly recommended to create a fresh backup of the FortiManager’s configuration prior to the workaround. Perform the following command to check & repair the FortiManager’s configuration database. diagnose cdb check policy-packages <adom> After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces. |
Notatki producenta:
Pozdrawiamy
Zespół B&B
Bezpieczeństwo w biznesie