W aktualizacji dla przełączników FortiSwitch oznaczonej numerem 6.0.4 znajdziemy kilka nowych rozwiązań ze strony producenta. Pierwszą z nich jest funkcjonalność Loop Guarda, a dokładniej informowanie administratora o wykryciu pętli. W nowej wersji producent informuje nas w głównym kokpicie czy dana jednostka FortiSwitch jest zarządzana z poziomu FortiSwitch Cloud. Kilka kolejnych udoskonaleń umożliwia podgląd informacji na temat ID VLANów oraz Trunków i ruchu który przez nie przechodzi. Zapraszamy do lektury artykułu, w którym znajdą Państwo więcej informacji na temat naprawionych błędów czy nowości w systemie 6.0.4.
Nowości w wersji FortiSwitch 6.0.4:
- Po wyzwoleniu zabezpieczenia przeciwko pętli, napis „Triggered” jest wyświetlany w kolumnie Status w zakładce Switch> Monitor> Loop Guard.
- W kokpicie głównym wyświetlana jest informacja, gdy jednostka FortiSwitch jest zarządzana przez FortiSwitch Cloud.
- Nowa kolumna na stronie System> Network> Interface> VLAN pokazuje identyfikatory VLAN.
- Nowa kolumna na stronie Switch> Interface> Trunk pokazuje ruch w ciągu ostatniego dnia.
Wprowadzone poprawki:
| Bug ID | Description |
|---|---|
| 506762 | It is difficult to access the switch when an IP camera is connected to port 21. |
| 515211., 534922 | Upgrading from FortiSwitchOS 6.0.3 can cause the switch to stop responding. |
| 527565 | When MAB is enabled on a FortiSwitch port, you cannot quarantine a host. |
| 292688 | After a FortiSwitch unit in FortiLink mode is restarted, the FortiGate unit sends traffic from the LAG port that is down. |
| 530517 | There is random ping loss when dynamic ARP inspection (DAI) is enabled on a VLAN. |
| 539957 | When MAC authentication bypass (MAG) is enabled on a managed switchʼs port, clients being authenticated by MAB are moved to unknown VLANs after reauthentication. |
| 541865 | The Log > Event Log > System page does not display detailed logs when there are changes made in an admin session. |
| 541871 | A managed FortiSwitch unit cannot be reached by SSH when using a public key. |
| 543765 | Selecting Revert in the System > Config > Revisions page fails for FS-1xx Series switches running FortiSwitchOS 6.0 or later. |
| 543789 | The LLDP MED service has a high memory usage in a core switch in FortiLink mode. |
| 547351 | After upgrading from FortiSwitchOS 3.6.9 to 6.0.3, the trunk interface configuration is lost. |
Znane problemy:
| Bug ID | Description |
|---|---|
| 380239 | IGMP-snooped multicast groups are not immediately flushed out of the snooping table when the querier port is shut down. Workaround: Upgrade to FortiSwitchOS 6.2.0. |
| 382518 | DHCP snooping and dynamic ARP inspection (DAI) do not work with private VLANs (PVLANs). |
| 391607 | Switch does not send gratuitous ARP for IP conflict when the system boots up and adds a new switch virtual interface (SVI). Workaround: Upgrade to FortiSwitchOS 6.2.0. |
| 414972 | IGMP snooping might not work correctly when used with 802.1x Dynamic VLAN functionality. |
| 416655 | When using DHCP, the IPv6 address cannot be configured. Also, the automatic configuration of the global address does not work. Workaround: Upgrade to FortiSwitchOS 6.2.0. |
| 480605 | When DHCP snooping is enabled on the FSR-112D-POE, the switched virtual interface (SVI) cannot get the IP address from the DHCP server. Workarounds: —Use a static IP address in the SVI when DHCP snooping is enabled on that VLAN. —Temporarily disable dhcp-snooping on vlan, issue the execute interface dhcpclient-renew command to renew the IP address. After the SVI gets the IP address from the DHCP server, you can enable DHCP snooping. |
| 488044 | On a Protocol Independent Multicast (PIM) topology using the assert mechanism, when the assert winner lost the route to the source, no multicast route was created, and the multicast traffic stopped. Workaround: Upgrade to FortiSwitchOS 6.2.0. |
| 510943 | When using the cable diagnostics feature on a port (with the diagnose switch physical-ports cable-diag CLI command), ensure that the physical link on its neighbor port is down. You can disable the neighbor ports or physically remove the cables. Workaround: When using the cable diagnostics feature on a port (with the diagnose switch physical-ports cable-diag CLI command), ensure that the physical link on its neighbor port is down. You can disable the neighbor ports or physically remove the cables. |
| 520954 | When a “FortiLink mode over a layer-3 network” topology has been configured, the FortiGate GUI does not always display the complete network. |
| 535736 | If a FortiSwitch firmware image is an even multiple of 1024 bytes, it will not upgrade properly using the default FortiLink upgrade mechanism. The following builds are known to be affected: version 3.x build 0415/FSW_124D_POE version 6.x build 0039/FSW_1048E build 0043/FSW_124E build 0141/FSW_224D_FPOE build 0052/FSW_548D_FPOE Workarounds: —Change to HTTPS mode using the following commands: config switch-controller global set https-image-push enable end —Upgrade to FortiOS 6.0.5 (build 0243 or later) or FortiOS 6.2.0 (build 0794 or later). |
Zachęcam do przeczytania notatek: Notatki do wydania
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie