B&B Bezpieczeństwo w biznesie
  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Program Cyfrowy Powiat
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • RODO
  • Kontakt

Producent oprogramowania Fortinet opublikował właśnie najnowszą aktualizację oprogramowania FortiOS o numerze wersji 7.0.5. W najnowszej aktualizacji naprawiono krytyczne błędy inspekcji w trybie proxy, które były spowodowane błędnym otwarciem sesji ipsapp z informacją „all providers are busy”. Rozwiązano także problem blokowania ruchu podczas włączonej inspekcji AV w trybie proxy w przypadku połączeń IPsec z włączonym offloadingiem NPU. Po więcej ciekawych informacji zachęcamy do zapoznania się z dalszą częścią artykułu.

Aktualnie wspierane modele:

FortiGate FG-40F, FG-40F-3G4G, FG-60E, FG-60E-DSL, FG-60E-DSLJ, FG-60E-POE, FG-60F, FG-61E, FG-61F, FG-80E, FG-80E-POE, FG-80F, FG-80F-BP, FG-80F-POE, FG-81E, FG-81E-POE, FG-81F, FG-81F-POE, FG-90E, FG-91E, FG-100E, FG-100EF, FG-100F, FG-101E, FG-101F, FG-140E, FG-140E-POE, FG-200E, FG-200F, FG-201E, FG-201F, FG-300E, FG-301E, FG‑400E, FG-400E-BP, FG‑401E, FG‑500E, FG-501E, FG-600E, FG-601E, FG-800D, FG‑900D, FG-1000D, FG-1100E, FG-1101E, FG‑1200D, FG-1500D, FG-1500DT, FG-2000E, FG-2200E, FG-2201E, FG-2500E, FG-3000D, FG-3100D, FG‑3200D, FG-3300E, FG-3301E, FG-3400E, FG-3401E, FG-3600E, FG-3601E, FG-3700D, FG-3800D, FG-3960E, FG‑3980E, FG-5001E, FG‑5001E1
FortiWiFi FWF-40F, FWF-40F-3G4G, FWF-60E, FWF-60E-DSL, FWF-60E-DSLJ, FWF-60F, FWF-61E, FWF-61F, FWF-80F-2R, FWF-81F-2R, FWF-81F-2R-POE, FWF-81F-2R-3G4G-POE
FortiGate Rugged FGR-60F, FGR-60F-3G4G
FortiGate VM FG-VM64, FG-VM64-ALI, FG-VM64-AWS, FG-VM64-AZURE, FG‑VM64‑GCP, FG-VM64-HV, FG-VM64-IBM, FG-VM64-KVM, FG‑VM64‑OPC, FG‑VM64-RAXONDEMAND, FG-VM64-SVM, FG-VM64-VMX, FG-VM64-XEN
Pay-as-you-go images FOS-VM64, FOS-VM64-HV, FOS-VM64-KVM, FOS-VM64-XEN

Rozwiązane problemy:

Anti Virus

Bug ID Description
778298 Traffic is blocked when an AV profiled is enabled in proxy inspection mode in an IPsec scenario with NPU offloading enabled.

Proxy

Bug ID Description
772041 WAD crash at signal 11.
778659 Proxy inspection fails due to ipsapp session open failed: all providers busy.

System

Bug ID Description
778474 dhcpd is not processing discover messages if they contain a 0 length option, such as 80 (rapid commit). The warning, length 0 overflows input buffer, is displayed.

Znane problemy:

Endpoint Control

Bug ID Description
708545 The WAD daemon is triggered to fetch the FortiClient information based on a ZTNA EMS tag enabled for checking in a proxy policy. It is then possible to get a ZTNA EMS tag in the firewall dynamic address and get the expected traffic control.
730767 The new HA primary FortiGate cannot get EMS Cloud information when HA switches over.

Workaround: delete the EMS Cloud entry then add it back.

Firewall

Bug ID Description
719311 FortiGate shows partial view of policies after upgrading.

GUI

Bug ID Description
440197 On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly.
677806 On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status.
685431 On the Policy & Objects > Firewall Policy page, the policy list can take around 30 seconds or more to load when there is a large number (over 20 thousand) of policies.

Workaround: use the CLI to configure policies.

707589 System > Certificates list sometimes shows an incorrect reference count for a certificate, and incorrectly allows a user to delete a referenced certificate. The deletion will fail even though a success message is shown. Users should be able to delete the certificate after all references are removed.
708005 When using the SSL VPN web portal in the Firefox, users cannot paste text into the SSH terminal emulator.

Workaround: use Chrome, Edge, or Safari as the browser.

713529 When FortiAnalyzer is configured, the HTTPS daemon may crash while processing some FortiAnalyzer log requests. There is no apparent impact on the GUI operation.
755177 When upgrade firmware from 7.0.1 to 7.0.2, the GUI incorrectly displays a warning saying this is not a valid upgrade path.

HA

Bug ID Description
662978 Long lasting sessions are expired on HA secondary device with a 10G interface.
771389 SNMP community name with one extra character at the end stills matches when HA is enabled.

IPsec VPN

Bug ID Description
699973 IPsec aggregate shows down status on Interfaces, Firewall Policy, and Static Routes configuration pages.

Proxy

Bug ID Description
692444 WAD memory leak is caused by missing a close event. The WAD receives a close event from TCP when the SSL port is blocked by the up application layer. If the SSL port input buffer does not have any data, then the close event will get ignored even if the application layer turns off blocking and the SSL port will leak.

Routing

Bug ID Description
745856 The default SD-WAN route for the LTE wwan interface is not created.

Workaround: add a random gateway to the wwan member.

config system sdwan
    config members
        edit 2
            set interface "wwan"
            set gateway 10.198.58.58
            set priority 100
        next
    end
end

Security Fabric

Bug ID Description
614691 Slow GUI performance in large Fabric topology with over 50 downstream devices.

SSL VPN

Bug ID Description
757450 SNAT is not working in SSL VPN web mode when accessing an SFTP server.

System

Bug ID Description
644782 A large number of detected devices causes httpsd to consume resources, and causes low-end devices to enter conserve mode.
681322 TCP 8008 permitted by authd, even though the service in the policy does not include that port.
699152 QinQ (802.1ad) support needed on the following models: FG-1100E, FG-1101E, FG-2200E, FG-2201E, FG-3300E, FG-3301E, FG-3600E, and FG-3601E.
764252 On FG-100F, no event is raised for PSU failure and the diagnostic command is not available.

VM

Bug ID Description
689047 ARM64-KVM has kernel panic.

WAN Optimization

Bug ID Description
728861 HTTP/HTTPS traffic cannot go through when wanopt is set to manual mode and an external proxy is used.

Workaround: set wanopt to automatic mode, or set transparent disable in the wanopt profile.

WiFi Controller

Bug ID Description
630085 A cw_acd crash is observed on the FortiGate when the FortiAP is deleted from the managed AP list.
750425 In RADIUS MAC authentication, the FortiGate NAS-IP-Address will revert to 0.0.0.0 after using the FortiGate address.
757189 A batch of APs in cluster are exhibiting control messages that the maximal retransmission limit reached, and the APs disconnect from the FortiGate.
775157 A packet with the wrong IP header could not be processed by the CAPWAP driver, which randomly causes the FortiGate to reboot.

 

Notatki producenta: FortiOS 7.0.5

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Post Views: 1 084

7.0.5 FortiGate FortiOS FortiOS 7.0.5

Poprzedni artykułFortiAnalyzer 7.0.3Następny artykuł ESET Enterprise Inspector hotfix 1.6.1766

Najnowsze

FortiClientEMS 7.2.07 lutego 2023
FortiAnalyzer 7.2.27 lutego 2023
FortiManager 7.2.27 lutego 2023

Kategorie

  • Acronis
  • Aktualności
  • Bez kategorii
  • ESET
  • F-Secure
  • FortiAnalyzer
  • FortiAP
  • FortiAuthenticator
  • FortiClient
  • FORTIGATE
  • FORTIMAIL
  • FortiManager
  • FortiNAC
  • FORTISWITCH
  • FortiWeb
  • NAKIVO
  • Qnap
  • Stormshield
  • Szkolenia
  • Veeam
  • VMware

Tagi

6.0.6 6.2.1 6.2.2 6.2.7 6.4.0 6.4.2 6.4.3 6.4.4 6.4.5 6.4.8 7.0.0 7.0.2 7.0.5 7.2.0 acronis ems Eset eset endpoint antivirus eset endpoint security ESET Protect ESET Protect Cloud F-Secure f-secure client security f-secure policy manager FMG FortiAnalyzer FortiAP fortiap-s fortiap-w2 FortiAuthenticator FortiClient FortiClientEMS FortiGate FortiMail FortiManager FortiNAC Fortinet FortiOS FortiSwitch FortiWeb vCenter vCenter Server VMware vmware vcenter VMware vCenter Server

MENU

  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Program Cyfrowy Powiat
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • RODO
  • Kontakt

BLOG TECHNICZNY

FortiClientEMS 7.2.07 lutego 2023
FortiAnalyzer 7.2.27 lutego 2023
FortiManager 7.2.27 lutego 2023

KONTAKT

+48 500-413-313
biuro@b-and-b.plhttps://www.b-and-b.pl
8:00-16:00
BEZPIECZEŃSTWO W BIZNESIE 2022 - wszystkie prawa zastrzeżone

MENU

  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Program Cyfrowy Powiat
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • RODO
  • Kontakt

BLOG TECHNICZNY

FortiClientEMS 7.2.07 lutego 2023
FortiAnalyzer 7.2.27 lutego 2023
FortiManager 7.2.27 lutego 2023

Kontakt

+48 500-413-313
biuro@b-and-b.pl
8:00-16:00