Fortinet udostępnił aktualizację dla produktu FortiOS z rodziny 6.0! Najnowsza wersja 6.0.16 jest przede wszystkim wolna od podatności CVE-2022-42475 – FG-IR-22-398. Ponadto, naprawiono błąd który powodował awarię procesu sslvpn w momencie odebrania żądania POST o treści większej niż 2GB. Jeśli korzystasz z rodziny oprogramowania 6.0, koniecznie zaktualizuj swoje urządzenie!
Aktualnie wspierane modele:
| FortiGate | FG-30D, FG-30D-POE, FG-30E, FG-30E_3G4G_INTL, FG-30E_3G4G_NAM, FG-50E, FG‑51E, FG-52E, FG-60D, FG-60D-POE, FG-60E, FG-60E-DSL, FG-60E-DSLJ, FG‑60E‑POE, FG-61E, FG-70D, FG-70D-POE, FG‑80D, FG-80E, FG-80E-POE, FG-81E, FG-81E-POE, FG-90D, FG-90D-POE, FG-90E, FG-92D, FG-94D-POE, FG-98D-POE, FG-100D, FG-100E, FG-100EF, FG-101E, FG-140D, FG-140D-POE, FG-140E, FG-140E-POE, FG- 200D, FG-200D-POE, FG-200E, FG-201E, FG-240D, FG-240D-POE, FG-280D-POE, FG‑300D, FG-300E, FG-301E, FG‑400D, FG-400E, FG-401E, FG‑500D, FG‑500E, FG-501E, FG-600D, FG-600E, FG-601E, FG‑800D, FG-900D, FG-1000D, FG‑1200D, FG-1500D, FG-1500DT, FG-2000E, FG-2500E, FG-3000D, FG-3100D, FG‑3200D, FG-3400E, FG-3401E, FG3600E, FG-3601E, FG-3700D, FG-3800D, FG‑3810D, FG-3815D, FG‑3960E, FG‑3980E, FG‑5001D, FG-5001E, FG-5001E1 |
| FortiWiFi | FWF-30D, FWF-30D-POE, FWF-30E, FWF-30E_3G4G_INTL, FWF-30E_3G4G_NAM, FWF-50E, FWF-50E-2R, FWF‑51E, FWF-60D, FWF-60D-POE, FWF-60E, FWF-60E-DSL, FWF-60E-DSLJ, FWF-61E, FWF‑90D, FWF-90D-POE, FWF-92D |
| FortiGate Rugged | FGR-30D, FGR-35D, FGR-60D, FGR-90D |
| FortiGate VM | FG-SVM, FG-VM64, FG-VM64-ALI, FG-VM64-ALIONDEMAND, FG-VM64-AWS, FG‑VM64‑AWSONDEMAND, FG-VM64-HV, FG‑VM64-KVM, FG-VMX, FG-VM64-XEN, FG‑VM64‑GCP, FG-VM64-OPC, FG‑VM64-GCPONDEMAND |
| Pay-as-you-go images | FOS-VM64, FOS-VM64-KVM, FOS-VM64-XEN |
| FortiOS Carrier | FortiOS Carrier 6.0.16 images are delivered upon request and are not available on the customer support firmware download page. |
Rozwiązane problemy:
SSL VPN
| Bug ID | Description |
|---|---|
| 848437 | The sslvpn process crashes if a POST request with a body greater than 2 GB is received. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
| 853448 | FortiOS 6.0.16 is no longer vulnerable to the following CVE Reference:
|
Znane problemy:
Antivirus
| Bug ID | Description |
|---|---|
| 590092 | Cannot clear scanunit vdom-stats to reset the statistics on ATP widget. |
Firewall
| Bug ID | Description |
|---|---|
| 508015 | Editing a policy in the GUI changes the FSSO setting to disable. |
GUI
| Bug ID | Description |
|---|---|
| 682440 | On Firewall Policy list, the tooltip for IP Pool shows Port Block Allocation as being exhausted if there are expiring PBAs available to be reallocated. |
| 697290 | In Firefox, the GUI cannot load the IPS signature list page if the user clicks View IPS Signatures before the IPS profile page finishes loading. Other browsers do not have this issue. |
Log & Report
| Bug ID | Description |
|---|---|
| 592766 | Log device defaults to empty and cannot be switched on in the GUI after enabling FortiAnalyzer Cloud. |
Proxy
| Bug ID | Description |
|---|---|
| 584719 | WAD reads ftp over-limit multi-line response incorrectly. |
System
| Bug ID | Description |
|---|---|
| 550701 | WAD daemon signal 11 causes a cmdbsvr deadlock. |
| 607565 | Interface emac-vlan feature does not work on SoC4 platform. |
| 657629 | ARM-based platforms do not have sensor readings included in SNMP MIBs. |
| 735306 | Enabling ssl-mirror-intf on a management port in a firewall policy with flow mode IPS or application control profiles will cause all traffic to be blocked and the FortiGate to go into kernel panic and automatically reboot.
Workaround: do not use a management port as an SSL mirror interface. |
User & Device
| Bug ID | Description |
|---|---|
| 567831 | Local FSSO poller is regularly missing logon events. |
| 701356 | When a GUI administrator certificate, admin-server-cert, is provisioned via SCEP, the FortiGate does not automatically offer the newly updated certificate to HTTPS clients. FortiOS 7.0.0 and later does not have this issue.
Workaround: manually unset config system global
unset admin-server-cert
end
config system global
set admin-server-cert <scep_certificate>
end
|
Notatki producenta: FortiOS 6.0.16
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie