Fortinet publikuje aktualizację systemu operacyjnego dedykowanego dla FortiGate oznaczonego numerem wersji 6.0. Nowa wersja – 6.0.10 oprogramowania FortiOS zawiera wiele poprawek, które eliminują błędy związane z SSL VPN i portalem WEB (problem z połączeniami RDP), oraz zbyt wysokim zużyciem zasobów. Oprócz tego wyeliminowano błędy związane z dynamicznym routingiem! Więcej informacji w artykule poniżej!
|Redundant logs and alert emails sent when file is sent to FortiSandbox Cloud via Suspicious Files Only.
|Slave blades occasionally report critical log event
Scanunit initiated a virus engine/definitions update.
|Cannot send an email with PDF attachment when FortiSandbox Cloud inspection is enabled.
|CDR does not disarm files when they are sent over HTTP POST, despite AV logs showing file has been disarmed.
|Shared memory not emptying out properly under /tmp.
|FG-30E AV TP mode cannot log and block oversize files.
Data Leak Prevention
|Cannot download DLP archived file from GUI for HTTPS, FTPS, SMTP and SMTPS.
|DLP quarantines IP when no quarantine action is configured.
|The specified port configurations of
config web-proxy explicit disappeared after rebooting.
|When creating a firewall address with the
associated-interface setting, cmd will stuck if there is a large nested
|Session stuck in proto_state=61 only when flow-based AV is enabled in the policy.
|Firewall policy search with decimal in the name fails in GUI.
|Empty firmware version in Managed FortiSwitch GUI page.
|No matching IPS signatures are found when the Severity or Target filters are applied.
|Configuration of HA pair of FortiGates goes out of sync when removed from central management (FortiManager).
management-ip that is set on a hardware switch interface does not respond to ping after executing reboot.
|Moving VDOM via GUI between virtual clusters causes cluster to go out of sync and VDOM state work/standby does not change.
|Ether-type HA cannot be changed.
|Signal 14 alarm crashes were observed on DFA rebuild.
|IPS engine 5.030 signal 14 alarm clock crash at
|IPS forwards attacks that are previously identified as dropped.
|Remove the IPsec global lock.
|IKED crashed using ADVPN and OSPF.
|IKEv2 EAP-TLS handshake detected retransmit of client, but FortiGate does not retransmit its response.
|IKE memory leak when IKEv2 certificate subject alternative name/peer ID matching occurs.
|MTU calculation of shared dynamic phase 1 interface is too low compared to its phase 2 MTU and makes fragmentation high.
Log & Report
|User group is not included in traffic log for transparent web proxy policy when traffic is allowed.
|FortiGate sends incorrect long session logs to FortiGate Cloud.
|Download bandwidth under FortiView is not accurate when traffic is being inspected by proxy mode AV.
|Breakout traffic is wrongly denied by proxy policy.
|OSPF route for ADVPN tunnel interface flaps.
|Routing table is not always updated when BGP gets an update with changed next hop.
|SD-WAN GUI page bandwidth shows 0 issues when there is traffic running.
|When an obsolete ISDB ID is used in a static route, a default route is created after rebooting.
|SSL VPN FortiClient login with FAC user FTM two-factor fail because it times out too fast.
|HTML PABX Admin Console not working correctly in SSL VPN mode.
|In some special cases, SSL VPN main state machine reads function pointer is empty that will cause SSL VPN daemon crash.
|Internal website not working through SSL VPN web mode.
|SSL VPN does not correctly show Windows Admin center application.
|SSL VPN LDAP group object matching only matches the first policy; is not consistent with normal firewall policy.
|TX packet drops on SSL root interface.
|In some lower-end FortiGates, the threshold of available memory is not calculated correctly for entering SSL VPN conserve mode. Threshold should be 10% of total memory when the memory is larger than 512 MB and less than 2 GB.
|SSL VPN daemon crashes when logging in several times with RADIUS user that is related to a framed IP address.
|RDP sessions are terminated (disconnect) unexpectedly.
|SSO for HTTPS fails when using „\” (backslash) with the domain\username format.
|FortiOS does not correctly re-write the Exchange OWA logoff URL when accessed via SSL VPN bookmark.
|Internal custom web application page running on Apache Tomcat is not displaying in SSL VPN web mode.
|SSL VPN web portal bookmarks are not full loading for Vivendi SelfService application.
|Sending RADIUS accounting interim update messages with SSL VPN client framed IP are delayed.
|Site in .NET framework 4.6 or 4.7 not loading in SSL VPN web mode.
|SSL VPN web mode cannot open DFS share subdirectories, gives invalid HTTP request message.
|SSL VPN tunnel is unexpectedly down sometimes when certificate bundle is updated.
|RDP over web mode SSL VPN to a Windows Server changes the time zone to GMT.
|SSL VPN daemon crash when multiple sessions are conflicting.
|SSL VPN user groups are corrupted in auth list when the user is a member of more than 100 groups.
|SSL VPN disconnects when importing or renaming CA certificates.
|The SSL VPN connection is not empty after destroying it, so it may be reused and crashes.
|Router info does not update after plugging out/plugging in USB modem.
|Master unit does not send SNMP trap for all SNMP servers when plugging out the cable from the LAG configured interface.
|CP9 VPN queue tasklet unable to handle kernel NULL pointer dereference at 0000000000000120 and device reboots.
|High memory utilization after upgrading FortiOS and IPS engine.
|Problems with cmdbsvr while handling a large number of FSSO address groups and security policies.
|FG-201E stopped sending out packets; NP6lite is stuck.
|SSH/RDP sessions are terminated unexpectedly.
|Link monitor behavior is different between FGCP and SLBC clusters.
|FortiGate 200D is dropping packets.
|FortiGate is not sending DHCP request after receiving offer.
sentbyte of NTP on local traffic log shows as
0 bytes, even though NTP client receives the packet.
|Automatically logged out of CLI when trying to configure STP due to /bin/newcli crash.
|After a reboot of the PPPoE server, the FortiGate (PPPoE clients, 35 clients) keeps flapping (connection down and up) for a long time before connecting successfully.
|hasync and cmdbsvr processes crash on slave unit, causing failed httpsd, fgfmd, and snmpd on the master.
|Low throughput on FG-2201E for traffic with ECN flag enabled.
no session matched logs while managing FortiGate.
|VPN interface is not pingable while NPU is enabled (FG-60F/61F).
|Long delay and cmdbsvr at 100% CPU consumption when modifying address objects and address groups via GUI or REST API.
|The FG-800D HA LED is off when HA status is normal.
|Unable to handle kernel NULL pointer dereference at 000000000000008f.
User & Device
|Collector agent cannot be contacted after rebooting or restarting authd if FQDN is used on FSSO server.
|Brief connectivity loss on shared service when RDP session is logged in to from local device.
|The session to the SQL database is closed as
timeout when a new user logs in to terminal server.
|Global imported local certificates can no longer be used in VDOMs.
|FortiOS does not understand CMPv2
|RDP sessions are terminated (disconnect) unexpectedly.
|vMotion causing sessions to be disconnected as it consider sessions stateless.
|RAS helper does not NAT the port 1720 in the
callSignalAddress field of the
RegistrationRequest packet sent from the endpoint.
urlfilter changes do not always work properly or take immediate effect.
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
|FortiOS6.0.10 is no longer vulnerable to the following CVE Reference:
|FortiOS 6.0.10 is no longer vulnerable to the following CVE Reference:
Znane problemy do rozwiązania:
scanunit vdom-stats to reset the statistics on ATP widget.
|Editing a policy in the GUI changes the FSSO setting to disable.
|Cannot click the Quarantine Host option on a registered device.
Log & Report
|Log device defaults to empty and cannot be switched on in the GUI after enabling FortiAnalyzer Cloud.
ftp over-limit multi-line response incorrectly.
|VLANs under LAGs do not show RX/TX packets.
User & Device
|Local FSSO poller is regularly missing logon events.
FortiOS 6.0.10 – Notatki do wydania
Bezpieczeństwo w biznesie