Fortinet udostępnił aktualizacje oprogramowania dla FortiWeb o numerze wersji 7.0.4. Rozwiązano problemy związane z klastrem HA, przyspieszono procesowanie ruchu sieciowego, usunięto problem który powodował wycieki pamięci, rozwiązano problemy z certyfikatami administracyjnymi oraz usunięto błąd który powodował błędne procesowanie ruchu. Po więcej szczegółowych informacji zapraszam do dalszej części materiału.

Wspierane modele:

• FortiWeb 100D
• FortiWeb 400C
• FortiWeb 400D
• FortiWeb 400E
• FortiWeb 600D
• FortiWeb 600E
• FortiWeb 1000D
• FortiWeb 1000E
• FortiWeb 2000E
• FortiWeb 3000D/3000DFsx
• FortiWeb 3000E
• FortiWeb 3010E
• FortiWeb 4000D
• FortiWeb 4000E
• FortiWeb 100E
• FortiWeb 2000F
• FortiWeb 3000F
• FortiWeb 4000F

 

Nowości w FortiWeb 7.0.4:

• 100-continue headers
  • New CLI commands are added to control how FortiWeb interacts with clients and servers when forwarding the 100-continue headers.
    • config server-policy policy
      edit <policy-name>
      set reply-100-continue {enable | disable}
      set forward-expect-100-continue {enable | disable}
      next
      end

• Enhancement on HA fail-over upon core dump
  • A new CLI command is introduced to trigger HA fail-over upon proxyd coredump, so that the secondary node can
    immediately take over the traffic when coredump file is being generated on the primary node.

    • config server-policy setting
      set enable-core-file enable
      set corefile-ha-failover enable
      end

 

Please note you should enable enable-core-file as well for the corefile-ha-failover to work. From 7.0.4,
enable-core-file is by default disabled.

• Signature Algorithm setting for TLS1.2
  • When tls12-compatible-sigalg is enabled, signature algorithm negotiation in TLS handshake for FortiWeb
    behaves exactly the same as OpenSSL 1.1.0.
    • config server-policy setting
      set tls12-compatible-sigalg enable

Rozwiązane problemy:

Bug ID	Description
0860696	HTTP Parsing error occurs after rebooting proxyd or FortiWeb
0858699	Let’s Certificate status shows OK for non existing domain.
0856101	When core-file-count is 3, the newly generated coredump file will always be removed and cannot be displayed.
0851929	HA module needs to synchronize MAC address of all physical interfaces. Currently the maximum restrict is 20.
0850228	Frequent and fast certificate operations cause policy reload issue.
0848148	Slow traffic processing due to the web shell detection modules.
0847495	Memory leakage issue due to web socket traffic.
0846656	Admin certificate cannot work after upgrade to 7.0.2/7.0.3
0846369	SNMP-inaccurate interface speed reported for 10G interface.
846332	WAD site shows as disconnected and no files being backed up even though connection test shows successful.
0843673	Proxyd crashes under HTTP/2 stress with 1024 KB page size in TTP mode.
0845822	Specification issues about server pool.
0841704	Secondary unit is stuck in INIT state. The CRLF converting rules break the HA sync status.
0841686	The health status is Unavailable because we do not use the standard Azure Linux Agent
0841635	Remove the filter pserver-ip in diagnose debug flow under non-RP platforms.
0840279	Parser using uninitialized data causes hdb_dump to crash.
0840259/0835458/0757998	There is a dead lock in client management process, which will trigger connection failure.
0839557(Need Verify)	Expecting 100-Continue header causes application delay for about 3 seconds with SOAP UI application when enabling XML Protection.

Notatki producenta: FortiWeb 7.0.4

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

 

FortiWeb fortiweb 7.0.4