Fortinet udostępnił najnowszą aktualizację dla FortiNAC o oznaczeniu wersji F 7.2.4. Po wersji 9.4 FortiNAC został ponownie wersjonowany. Pierwsza publikacja po wersjonowaniu to F 7.2, zatem kolejność wersji jest następująca: FortiNAC 9.1 > FortiNAC 9.2 > FortiNAC 9.4 > FortiNAC F 7.2. Nowa wersja rozwiązuje problemy zgłaszane przez administratorów w poprzednich wersjach produktu.
Co nowego:
Important notice
Enhancements were made to the communication method between FortiNAC servers for security. Due to this change, all FortiNAC servers must have additional configuration in order to communicate. The following procedure should be done prior to upgrade to prevent communication interruption.
Follow the instructions for the appropriate appliance (if FortiNAC Manager is not used, these steps can be skipped):
Pre-upgrade procedure (FNC-M-xx): FortiNAC appliances running on CentOS
Pre-upgrade procedure (FNC-MX-xx): FortiNAC appliance running on FortiNAC-OS
Usprawnienia oraz rozwiązane problemy:
| Ticket # | Description |
|---|---|
| 889895 | High Availability cannot be removed from FortiNAC GUI. |
| 920942 | Unable to re-sync interfaces on Cisco ASA when username is configured with privilege level 15. |
| 819396 | Incorrect rank information reported in Audit Log. |
| 932570 | mibID parsing fails to check the type (sysObjectID) if the FirmwareVersion lacks a suffix. |
| 754346 | Port Changes filter parameters are not being retained. |
| 904324 | Default 'CN=Portal’ Portal SSL Certificate is presented after reboot. |
| 930027 | The portal SSL setting doesn’t remain enabled after a restart of NAC services or failover and return to primary control. |
| 937147 | Port2 remains active on the primary server after a failover to secondary. |
| 944475 | Routes aren’t dynamically created for scopes in the configWizard. |
| 948598 | There’s an L2 polling loop when reading L2 Data from FortiGate. |
| 951943 | Device profiling rules fail due to the 'TCPPortMethod IP not initialized’ error when a host has a recent IP in ArpTool. |
| 846822 | FortiNAC’s NMAP scan failed because of an old IP reported from the arptool. |
| 865256 | The Vendor OUI Device Type-based Device Profiling rule isn’t functioning as expected. |
| 884329 | Base license, User/Host profiles, and Network Access Policies are producing permissions errors. |
| 889986 | There are issues when enabling and adding subnets in the „Require Connected Adapter”. |
| 891890 | Windows 11 hosts are mistakenly detected as Windows 10 hosts when using the Dissolvable agent. |
| 908857 | The HA gateway is overwritten when making changes in the configWizard in Azure. |
| 910706 | Creating a guest account with REST v2 results in errors 400 and 500. |
| 912115 | The Guest Self Registration produces an error stating 'The input is required’. |
| 918221 | Host import fails to merge all sibling adapters. |
| 920800 | There are 404 errors when trying to request the physical MAC for a specific host. |
| 921705 | A PA logged-on user is deauthenticated upon machine-based TLS authentication. |
| 922114 | Changes in nested group membership aren’t logged in admin auditing. |
| 923688 | The Self Guest Registration Page with Dissolvable Agent doesn’t redirect to the Success Page after scanning. |
| 925641 | There’s a need to provide full support for the Adtran NetVanta 1234 switch. |
| 926429 | The MDM API URL displays 'Page Not Found’. |
| 929383 | The FNAC-F initial setup fails when an admin GUI password containing the '&’ character is used. |
| 930765 | FortiNAC doesn’t process MAC notification traps from Aruba JL676A 6100 48G 4SFP+. |
| 931408 | The HTTP cookie is missing a Secure attribute on port 80. |
| 934696 | Group data becomes corrupted after FNAC starts up. |
| 938146 | Hosts registered in gSuite with common ethernet adapter host records are being overwritten. |
| 938165 | There’s an option to skip FQDN parsing during device discovery. |
| 939122 | FortiNAC is unable to read an endpoint’s vulnerability status from FortiEMS. |
| 941207 | Portal SSL switches to „Disabled” after every system restart. |
| 942642 | The Ruckus Integration doesn’t support VLE with a large number of SSIDs. |
| 942686 | Unable to retrieve a grab-log-snapshot when the secondary system is running and in control. |
| 942947 | Uncompressed database backup replication to the secondary server results in 100% disk usage. |
| 945416 | FortiNAC is unable to apply CLI configurations to the Huawei Switch S5720-28X-PWR-SI-AC. |
| 946405 | The scheduler’s popup dialog box displays a CLI Configurations error: a.name is undefined. |
| 948193 | Applied filters in Network>Port changes aren’t saved after updating the selection. |
| 953226 | Machine Authentication using MSCHAPv2 can’t be completed. |
| 783304 | The DHCP responds with unexpected addresses in the DHCP-Server-Identifier, causing release/renew failures. |
| 889609 | The switch port doesn’t dynamically change to uplink when a v-edge router is directly connected to a Cisco switch port. |
| 904624 | The host summary panel doesn’t accurately display the total host count. |
| 907355 | Errors in the messaging for High Availability Configuration. |
| 907504 | Error message when trying to add a server to NCM. |
| 908777 | The GUI CLI Configuration for Logical Network in Model Configuration isn’t applied correctly. |
| 917032 | MICROSENS G6 Switch has issues with hiding macs on the link feature. |
| 917610 | The updated dialog box is presented when the root CLI password is changed. |
| 919423 | The API endpoint '/host/scan’ returns a status code of 405 (Method Not Allowed) for POST requests. |
| 920334 | VLAN changes aren’t reflected correctly on FNAC inventory when integrated with FSW. |
| 926831 | When a laptop is connected to a dock with a Persistent Agent installed, the 'managed by MDM’ flag isn’t displayed in FortiNAC. |
| 927754 | Custom Registration fails with the error message: 'Anonymous Guest Access is not enabled’. |
| 930459 | There are issues with FortiNAC’s integration with Tellabs switches. |
| 934685 | FortiLink over P2P L2 results in FortiNAC not setting Uplink Ports. |
| 936140 | Entitlements are removed after an upgrade on a Managed Server with the .licenseKeyNCM in the old key format. |
| 936704 | The hotstandby.log, dhcpd.log, and named.log are included in the grab-log-snapshot. |
| 937206 | Devices are created using SNMPV1 when SNMPV2 is used to add the device. |
| 942731 | There’s a permissions error when issuing the 'hsForceFailover’ command. |
| 944917 | The ‘Clear Known Hosts’ feature doesn’t work. |
| 945086 | L2 polling isn’t functional on private VLAN-enabled Cisco-XE switches. |
| 949524 | Huawei Access Points (AP) aren’t listed in the FortiNAC inventory. |
| 953685 | The secondary system takes control prematurely after ETH0 activates. |
| 954095 | The Groups page throws an HTTP 500 error. |
| 955704 | The vendor name 'Blink by Amazon’ contains an extra space at the end. |
| 955965 | Access enforcement settings aren’t applied for manually created logical networks when set to 'Deny’ only. |
| 958433 | FortiNAC sends the API request for Ruckus SZ300 using the wrong port number. |
| 959178 | The exec tcpdump doesn’t display packets in real-time. |
| 949915 | RADIUS authentication fails due to permission issues. |
| 947918 | There are missing configurations for additional routes after setting up HA. |
Znane problemy:
| Ticket # | Description |
|---|---|
| 730221 | Support for Meraki Wired Switch Stacks. |
| 827499 | Show system interface does not show the eth1/port2 IP address for Forti-OS FNAC. |
| 956436 | FortiNAC does not function properly as a RADIUS proxy when integrated with a NEC-QX switch. |
| 877245 | When adding an LDAP Admin user, it is found in the directory, but the user dialog defaults to local. |
| 962475 | After the Failover test (hsForceFailover), the GUI’s „Power Management” displays incorrect behavior for Reboot and PowerOff. |
| 827283 | The Roaming Guest Logical Network is missing from the Model Configuration of FortiGate and possibly from other vendors. |
| 912555 | The Sponsor Approval Link requires login for non-admin users. |
| 916289 | Aruba APs are observed moving between WLCs, triggering L2 polls at an exceptionally high rate. |
| 914051 | The client accesses the 'no failed scans’ remediation page; however, the host health status indicates a scan failure, leaving no possible actions for the user. |
| 956436 | FortiNAC does not function properly as a RADIUS proxy when integrated with a NEC-QX switch. |
| 960060 | SNMP traps for link state do not show the port value in event logs, even though it matches the captured packets in pcap. |
Notatki producenta: FortiNAC F 7.2.4
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie