Producent rozwiązań z zakresu cyberbezpieczeństwa Fortinet udostępnił najnowszą aktualizację systemu FortiManager w wersji 7.4.8. W pakiecie znalazło się szereg istotnych poprawek bezpieczeństwa oraz udoskonaleń funkcjonalnych. Aktualizacja obejmuje m.in. FortiAP Manager, gdzie rozwiązano problem zapisu ustawień DHCP dla sieci SSID, a także Device Manager, w którym wyeliminowano błędy związane z grupową instalacją pakietów zasad na wielu urządzeniach. Wcześniej mogły one prowadzić do nieoczekiwanych zmian nazw urządzeń – ta kwestia została w pełni naprawiona. Dzięki wprowadzonym poprawkom FortiManager w wersji 7.4.8 zapewnia stabilniejsze działanie i jeszcze większą niezawodność w zarządzaniu środowiskiem bezpieczeństwa sieciowego. Więcej informacji można znaleźć poniżej.
Rozwiązane problemy:
AP Manager
| Bug ID | Description |
|---|---|
| 1148572 | SSID Per-device-mapping cannot save the dhcp server settings. |
| 1173274 | FortiManager is trying to enable ddscan when it is not enabled on ADOM db, device db, and AP Manager profile |
| 1174004 | After FortiManager upgrade to 7.4.7, FortiManager may suggest to „set ddscan enable” during the first installation, and this may create some issue on FortiAPs connected to the FortiGate. |
| 1178251 | FortiManager is attempting to unset the auth-cert on the wireless-controller VAP during every installation. |
Device Manager
| Bug ID | Description |
|---|---|
| 1094451 | If the Timezone field in the System Template is left blank, FortiManager may apply its default timezone and overwrite the existing timezone on the FortiGates. |
| 1102790 | FortiManager pushes the unset auto-connect command to config system lte-modem, where the default value is disabled on FortiOS but still enabled on FortiManager. |
| 1119223 | FortiManager erroneously tries to „unset annex” on DSL interface on the FortiGate „FGT-50G-DLS”. |
| 1152287 | HA group-id not inherited from CSV file or from pre-run script. |
| 1166830 | FortiGates may be unexpectedly renamed during policy package installation when deploying to multiple devices (more than 5). |
| 1167436 | FortiManager displays „retrievehaconffail” error when performing retrieve config for FortiGate HA cluster. |
| 1167958 | After upgrading FortiManager to version 7.4.7, /var may fill up with temporary files. This is most likely to happen with high device count (>100) or heavy use of thread feeds. Possible symptoms include FGFM tunnels to FortiGates not coming up or GUI not functioning correctly. The likelihood of /var filling up increases the longer FortiManager runs on 7.4.7 |
FortiSwitch Manager
| Bug ID | Description |
|---|---|
| 1161320 | FortiManager shows an incomplete FortiSwitch Topology compared with FortiGate. |
Global ADOM
| Bug ID | Description |
|---|---|
| 1141123 | Installing the Global Header Policy fails with the error: „invalid value”, this issue has been observed after upgrading fmg to v7.2.10. |
| 1183101 | Not able to delete firewall objects from the global database after upgrading fmg from 7.2 (7.2.10) to 7.4 (7.4.7). |
Others
| Bug ID | Description |
|---|---|
| 1071646 | Formatted Event logs do not display the correct timestamp. |
| 1145473 | Upgrading ADOM fails with FortiExtender object errors „Fail (errno=0):invalid value” and „fail: err=-999,The string contains XSS vulnerability characters”. |
| 1163922 | The FortiView tile is missing after adding FortiAnalyzer as a managed device to FortiManager. |
| 1168422 | FortiManager does not properly support the „FortiGate-50G-SFP-POE” platform. |
| 1170281 | Not able to create a new VDOM or remove any interfaces from VDOMs when Workspace mode is enabled. |
| 1177051 | „retrievehaconffail” error has been observed when performing retrieve config on the FortiManager GUI. |
| 1188452 | Downstream FortiManagers in cascade mode does not download the Webfilter database from the Upstream FortiManager. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 971065 | When the number of Custom Internet Services exceeds 256, installation fails due to this limitation. |
| 1011220 | FortiManager constantly changes the UUID of some objects. |
| 1054707 | FortiManager try to install „unset qos-policy” and installation fails. |
| 1078598 | Unable to import policy due to issues related to the protocol-options feature. |
| 1087777 | During policy installation, FortiManager tries to delete firewall address object for the SSID interface UUID causing policy package Modifying. |
| 1131041 | Not able to create ZTNA Server due to the certificate error. |
| 1142983 | In FortiManager, creating a threat feed connector and applying it to multiple VDOMs results in the same UUID being assigned across all instances. This behavior may lead to duplicate UUID issues. |
| 1152640 | When no port setting (empty value) has been set for HTTPS on SSL/SSH Inspection Profile, the installation preview shows error, „https … Must set at least one port (default port:443) or enable ssl inspect-all”. |
| 1157272 | When creating a new entry under the Logical Relationship for a DLP dictionary, the Pattern field must be completed only for the applicable entry types; it should remain blank for those that do not require it. |
| 1162327
1113980 |
Install preview may get stuck if another user is simultaneously pushing an install on a different FortiGate within FortiManager. |
| 1167035 | Installation to FortiGates with multiple VDOMs might fail with the following error message: „max entry. object: firewall internet-service-custom. detail: global limit. solution: limit is 512” |
| 1169058 | Installation might fail to these devices „FGT/FWF-30G/31G” due to some unsupported syntax. |
| 1171386 | Install failure might be observed when pushing proxy-based antivirus profile to FortiGate models FGT-40F and FGT-60F. |
| 1173197 | Where Used feature is not working for objects that contain a forward slash (/). |
| 1181585 | „Where Used” feature does not function. |
| 1198075 | Upon any modification, policy installation will result in attempt to purge dns-database even though no changes are made to dns database. |
Services
| Bug ID | Description |
|---|---|
| 1170893 | When FortiManager is acting as Local FortiGaurd Servers, FortiClient applications running on Linux machines are not receiving any signature updates. |
System Settings
| Bug ID | Description |
|---|---|
| 1169081 | When clicking on the „Approve this request” link in the Workflow mode, following error message can be observed. „Unable to complete action, failed to 'approve’.” |
VPN Manager
| Bug ID | Description |
|---|---|
| 1166323 | The VPN Manager > IPsec VPN Communities page no longer displays correctly the page loads but shows only a blank (white) screen. |
Notatki producenta: FortiManager 7.4.8 Release Notes
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie