Producent oprogramowania Fortinet wydał najnowszą aktualizację FortiSwitchOS 7.2.8, skupiając się na naprawie kluczowych błędów. Rozwiązano problem automatycznego wykrywania po restarcie (funkcja auto-wykrywania zmieniała stan z wyłączonej na włączoną), poprawiono działanie DHCP snooping dla dynamicznych VLAN-ów 802.1x na modelach FS-6xxF oraz naprawiono losowe błędy „Forbidden” dla HTTP/HTTPS na modelu FS-548D-FPOE. Więcej informacji można znaleźć w artykule poniżej.
Wspierane urządzenia:
| FortiSwitch 1xx | FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-124F, FS-124F-POE, FS-124F-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE |
| FortiSwitch 2xx | FS-224D-FPOE, FS-224E, FS-224E-POE, FS-248D, FS-248E-POE, FS-248E-FPOE |
| FortiSwitch 4xx | FS-424E, FS-424E-POE, FS-424E-FPOE, FS-424E-Fiber, FS-M426E-FPOE, FS-448E, FS-448E-POE, FS-448E-FPOE |
| FortiSwitch 5xx | FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE |
| FortiSwitch 6xx | FS-624F, FS-624F-FPOE, FS-648F, FS-648F-FPOE |
| FortiSwitch 1xxx | FS-1024D, FS-1024E, FS-1048E, FS-T1024E |
| FortiSwitch 2xxx | FS-2048F |
| FortiSwitch 3xxx | FS-3032E |
| FortiSwitch Rugged | FSR-112D-POE, FSR-124D, FSR-424F-POE |
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 892788 | After restarting the FortiSwitch unit, the auto-discovery changes from disable to enable. |
| 942068 | After using a dynamic port policy to remove or add a port, the profile was not updated after the user logged out of the EAP session. |
| 944076 | Enabling DHCP snooping for an 802.1x dynamic VLAN does not work for FS-6xxF models. |
| 950123 | The HTTP and HTTPS daemon randomly returns “Forbidden” error pages on the FS-548D-FPOE model. |
| 995314 | Many log messages about the FortiLink daemon are generated when the admin HTTP and HTTPS port numbers are changed from the default values. |
| 996521 | The FortiGate configuration takes a long time to synchronize with the FortiSwitch configuration. |
| 998582 | The FortiGate device is not pushing the LLDP, VLAN, and static-route settings to the managed FortiSwitch units. |
| 999421 | LLDP allocates Power over Ethernet (PoE) with an extra margin. |
| 1007601 | After upgrading the FS-1024D from FortiSwitchOS 7.2.4 to 7.2.3, editing a physical port in the GUI results in a “500 internal server error.” |
| 1008119 | When using RFC 3433: Entity Sensor Management Information Base, the FortiSwitch units are sending incorrect SNMP values. |
| 1009840 | After the FS-448E-FPOE model is shut down using the GUI, the switch continues to provide power. |
| 1010330 | DHCP snooping needs to support 25 VLANs on FS-1xx models. |
| 1011022 | The FS-648F-FPOE model continuously displays “[/bin/statsd] libsw cpssd not responding Connection refused” messages on the switch console. |
| 1016325 | After the reauth-period is set to 0, the daemon for 802.1x port-based authentication might use 100% of the CPU. |
| 1021769 | After DHCP snooping is enabled for a VLAN, the CPU crashes. |
| 1024992 | The SNMP traps for power supply units (PSUs) do not report which PSU has failed. |
Common vulnerabilities and exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
| 855445 | FortiSwitch 7.2.8 is no longer vulnerable to the following CVE:
|
Notatki producenta: FortiSwitchOS 7.2.8
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie