Академический Документы
Профессиональный Документы
Культура Документы
Release Notes
v4.0 MR2
Patch Release 1
01-421-84420-20100520
Release Notes FortiOS v4.0 MR2 - Patch Release 1
Table of Contents
1 FortiOS v4.0 MR2 - Patch Release 1..................................................................................................................1
2 Special Notices....................................................................................................................................................2
2.1 General........................................................................................................................................................2
3 Upgrade Information...........................................................................................................................................3
3.1 Upgrading from FortiOS v4.0.....................................................................................................................3
3.2 Upgrading from FortiOS v4.0 MR1............................................................................................................5
4 Downgrading to FortiOS v4.0 MR1................................................................................................................... 6
5 Known Issues in FortiOS v4.0 MR2 - Patch Release 1...................................................................................... 7
5.1 Web User Interface..................................................................................................................................... 7
6 Resolved Issues in FortiOS v4.0 MR2 - Patch Release 1...................................................................................8
6.1 Command Line Interface (CLI).................................................................................................................. 8
6.2 Web User Interface..................................................................................................................................... 8
6.3 System.........................................................................................................................................................9
6.4 High Availability.......................................................................................................................................11
6.5 Router........................................................................................................................................................11
6.6 Firewall..................................................................................................................................................... 12
6.7 VPN...........................................................................................................................................................12
6.8 WAN Optimization...................................................................................................................................12
6.9 Web Filter..................................................................................................................................................12
6.10 Antispam................................................................................................................................................. 13
6.11 Data Leak Prevention..............................................................................................................................13
6.12 Log & Report.......................................................................................................................................... 13
7 Image Checksums............................................................................................................................................. 14
Change Log
Trademarks
Copyright© 2010 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein
may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were
attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may affect performance results, and
Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the
identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal
conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this
publication without notice, and the most current version of the publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600.
Support will be provided to customers who have purchased a valid support contract. All registered customers with valid support contracts may enter their support
tickets via the support site:
https://support.fortinet.com
FGT-30B, FWF-30B, FGT-50B, FGT-51B, FWF-50B, All models are supported on the regular v4.0 MR2 - Patch Release 1 branch.
FGT-60B, FWF-60B, FGT-80C, FGT-80CM, FWF-
80CM, FWF-81CM, FGT-82C, FGT-100A, FGT-
110C, FGT-111C, FGT-200A, FGT-200B, FGT-200B-
POE, FGT-224B, FGT-300A, FGT-310B, FGT-311B,
FGT-310B-DC, FGT-400A, FGT-500A, FGT-620B,
FGT-620B-DC, FGT-800, FGT-800F, FGT-1000A,
FGT-1000A-FA2, FGT-1000A-LENC, FGT-1240B,
FGT3016B, FGT-3600, FGT-3600A, FGT-3810A,
FGT-5001A, FGT-5001, FGT-5001-FA2, and FGT-
5005-FA2.
Please visit http://docs.forticare.com/fgt.html for additional documents on FortiOS v4.0 MR2 release.
2 Special Notices
2.1 General
The TFTP boot process erases all current firewall configuration and replaces it with the factory default settings.
IMPORTANT!
• Fortinet recommends setting your monitor to a screen resolution of 1280x1024. This allows for all objects in the Web UI to
be viewed properly.
• Microsoft Internet ExplorerTM 8.0 (IE8) and FireFox 3.5 or later are fully supported.
• [FortiGate Configuration] Save a copy of your FortiGate unit configuration (including replacement messages) prior to
upgrading.
• [WebUI Display] If you are using the Web UI, clear the browser cache prior to login on the FortiGate to ensure proper
display of the Web UI screens.
• [Update the AV/IPS definitions] The AV/IPS signature included with an image upgrade may be older than ones currently
available from the Fortinet's FortiGuard system. Fortinet recommends performing an "Update Now" as soon as possible
after upgrading. Consult the FortiGate User Guide for detailed procedures.
3 Upgrade Information
[FortiOS v4.0]
The upgrade is supported from FortiOS v4.0.4 B0113 or later.
After every upgrade, ensure that the build number and branch point match the image that was loaded.
In FortiOS v4.0.4
end
Before upgrading, backup your configuration, parse the webfilter exempt list entries, and merge them into the webfilter content list
after the upgrade.
After merging the exempt list from v4.0.4 to the webfilter content list
[VoIP Settings]
FortiOS v4.0 MR2 has functionality to archive message and files as caught by the Data Leak Prevention feature, which includes some
VoIP messages. However, some scenarios have an implication configuration retention on the upgrading. Consider the following:
o Application control list: APP2 which has content-summary enabled for SIMPLE
Upon upgrading to FortiOS v4.0 MR2 Patch Release 1, the VoIP settings are not moved into the DLP archive feature.
After every upgrade, ensure that the build number and branch point match the image that was loaded.
[DLP Rule]
A DLP rule with subprotocol setting set to 'sip simple sccp' will be lost upon upgrading to FortiOS v4.0 MR2 Patch Release 1.
[AlertMail Setting]
The "set local-disk-usage-warning enable " setting under "config alertemail settings" will get reset to
disable after upgrading to FortiOS v4.0 MR2 Patch Release 1.
• operation modes
• interface IP/management IP
• route static table
• DNS settings
• VDom parameters/settings
• admin user account
• session helpers
• system access profiles
Description: TTL value range is not displayed for some CLI commands.
Bug ID: 117464
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: 'set nac-quar-expiry' command shows an unexpected error message. The setting is not correctly saved.
Bug ID: 114962
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Storage quotas cannot be saved from the web UI in non-management VDoms.
Bug ID: 122198
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: User cannot enable application control log setting under UTM > Application Control > Application Control List web
UI.
Bug ID: 121979
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Sometimes 'details' button on Top Sessions widget does not work .
Bug ID: 122253
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: System > Log and Archive Statistics does not include URLs being blocked by FortiGuard service.
Bug ID: 112066
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: URL filter whitelist only shows one page of URLs even if there are more URLs than what one page can display.
Bug ID: 123160
Description: There is no function to change the order of policy routes via web UI.
Bug ID: 123283
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: FortiGuard categories are not displayed correctly when language is set to Japanese.
Bug ID: 121122
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: User is unable to edit replacement messages from web UI when using Internet Explorer web browser.
Bug ID: 123920
Status: Fixed in v4.0 MR2 - Patch Release 1.
6.3 System
Description: Netscan limits are not defined in the tablesize.
Bug ID: 123268
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: VDom administrator may be able to changing other VDoms setting using 'exe enter' command.
Bug ID: 122642
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Administrator with read-only privilege can delete SSL-VPN login user.
Bug ID: 122655
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: FortiGate does not have CP6 support for AES cipher-suites with SSL 3.0
Bug ID: 120506
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: FortiManager in GMS mode cannot delete unused object in the FortiGate.
Bug ID: 122596
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Storage object cannot be added for 2nd or later partitions on SAS virtual disks.
Bug ID: 122973
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Log disk size should be included in FGFM message between the FortiGate and FortiManager.
Bug ID: 123097
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: SSL offload does not work to servers running protocols where the server initiates traffic first.
Bug ID: 123204
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Some unexpected messages may get displayed on the FortiGate's console when AV quarantine is enabled.
Bug ID: 122062
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: SpamFilter feature may not work after upgrading to FortiOS v4.0 MR2 if blank lists are being used.
Bug ID: 123402
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: IPS engine does not release the file handler of the signature files after an IPS package update. This may cause a
temporary file to consume a large amount of flash memory.
Bug ID: 121526
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Switching admin-port to web proxy port may cause httpsd to crash.
Bug ID: 123058
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: NP4 interface does not work properly and may encounter frequent Tx timeout.
Bug ID: 123493
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Kernel crash was encountered when IPS scanning was enabled and stress traffic was passed through the FortiGate.
Bug ID: 123597
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Default and Strict VoIP profiles are missing after upgrading to FortiOS v4.0 MR2.
Bug ID: 122225, 123142
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: User should not be allowed to create a VDom named 'global' when HA mode is enabled.
Bug ID: 121785
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Unable to form a HA cluster, with multiple VDoms configured, after upgrading from FortiOS v3.00 B0752 to v4.0
MR1.
Bug ID: 122254
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Switch interface may drop ingressing unicast frames for around 300 seconds after a HA failover.
Models Affected: FGT-110C
Bug ID: 122583
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Banned user list may not synchronize correctly on virtual cluster 2.
Bug ID: 121941
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Enabling and disabling VDoms a few times may cause the master and slave FortiGate to go out-of-sync.
Bug ID: 122044
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: When HA is enabled, orphan system storage objects (those whose underlying partition/disks do not exist anymore) are
not deleted at system init.
Bug ID: 123258
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: New members may fail to join an existing HA cluster if the cluster is handling more that 7 million sessions.
Bug ID: 123290
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Slave FortiGate may randomly stop getting AV and IPS updates. Some error messages may also be displayed on the
console.
Bug ID: 123022
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Slave FortiGate may sometimes use incorrect MAC address while sending out packets using heartbeat interface.
Bug ID: 122515
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: HA session sync does not work in an A-A mode cluster with 3 or more members.
Bug ID: 123301
Status: Fixed in v4.0 MR2 - Patch Release 1.
6.5 Router
Description: Fix high CPU usage and memory leak of nsm routing daemon
Bug ID: 121774
6.6 Firewall
Description: Changes made to a profile-group does not get applied to firewall policy.
Bug ID: 122828
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Server load balance VIP HTTP, HTTPS, SSL type incorrectly use VIP instead of interface IP for outbound traffic.
Bug ID: 122886
Status: Fixed in v4.0 MR2 - Patch Release 1.
6.7 VPN
Description: IPSec tunnel phase2 may not come up when Xauth client is enabled if the request is received after the phase1 is
established but before Xauth (or Mode Cfg) has completed.
Bug ID: 122378
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: FortiGuard override feature may not work after upgrading to FortiOS v4.0 MR2.
Bug ID: 122332
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Web Filter local ratings setting should be per-vdom on web UI.
Bug ID: 122558
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Invalid rating returned by the FortiGuard server should be treated as rating error.
Bug ID: 123418
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: The Web Filter local rating feature does not always rate categories correctly.
Bug ID: 124363
Status: Fixed in v4.0 MR2 - Patch Release 1.
6.10 Antispam
Description: Antispam banned word filter fails to check embedded URLs in HTML email.
Bug ID: 120809
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Content scanning does not work when DLP encrypted rule is enabled.
Bug ID: 123084
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Log entry for file pattern related logs shows filetype=Unknown.
Bug ID: 120308
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: FortiGate does not send the logs messages with a long URL properly to the FortiAnalyzer. This may cause
FortiAnalyzer to drop these logs.
Bug ID: 115438
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: IPS log entry may include two blank vd= fields.
Bug ID: 121598
Status: Fixed in v4.0 MR2 - Patch Release 1.
Description: Traffic logs in SQL format cannot be viewed properly in RAW format.
Bug ID: 122215
Status: Fixed in v4.0 MR2 - Patch Release 1.
7 Image Checksums
The MD5 checksums for the firmware images are available at the Fortinet Customer Support
website (https://support.fortinet.com). After login, click on the "Firmware Images
Checksum Code" link in the left frame.