Die Verbindung zum Windows NPS Server steht und die 802.1x-Authentication ist auf dem Hardware-Switch aktiviert. Obwohl scheinbar alles richtig konfiguriert ist, schlägt die 802.1x Authentication fehl.
With FortiOS 6.2 a few new CLI commands have been added to the Security Fabric or Switch integration. That’s why we created a new version of the Cheat Sheet and published it here.
What is the problem?
AuthPoint Gateway software must be updated to the latest available version, v5.1.5 before the week of 10 October 2019. If you do not update your AuthPoint Gateway before 10 October, it is likely that all authentication will fail for your AuthPoint user base.
When must I update my AuthPoint Gateway?
If
you use AuthPoint Gateway software v5.1.3.158 or lower, you must update
your Gateway software to v5.1.5 as soon as possible. If you update your
Gateway software before the dates referenced below, this issue will not
impact you.
Fortinet stellt eine PowerPoint Icon Library für die Erstellung von Präsentationen zur Verfügung.
Sie können die Icon Library auch von unserem Doc-Server herunterladen:
August 2019
https://doc.boll.ch/virtual/1522/FTNT-IconLibrary-August-2019.zip
März 2016
http://doc.boll.ch/virtual/1221/FTNT-IconLibrary-16-08-01.ppt
März 2016
http://doc.boll.ch/virtual/1186/FTNT-IconLibrary-16-03-01-Public.pptx
As with every software product, even the latest and greatest releases have some known glitches. That’s one of the reasons why you should review the release notes as part of the upgrade process.
But even then you might face a not-yet-documented issue. You’ll find some notable examples below.
Some customers have reported, that their FortiAPs won’t connect anymore after upgrading to FortiOS 6.2.1. Fortinet has confirmed that this is a know issue only when using trusted hosts to restrict the administrative access to the FortiGate.
The official workaround is to add the FortiAP’s IP or subnet as an additional trusted host entry on one of the admin users:
config system admin
edit "adminuser"
set trusthostx 10.33.33.3 255.255.255.255 <-- IP Address of the FortiAP
next
end
When using a RADIUS server behind an IPsec-tunnel, you most likely had to configure the source-ip in the radius configuration (normally to the internal address of the firewall). A bug in FortiOS 6.2.1 prevents this from working. As a workaround you’ll have to use an ip address owned by the outgoing interface.
config user radius
edit "nps-server"
set source-ip "192.168.101.99" <-- IP Address of the outgoing (IPsec)interface
next
end
Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.
It turned out that during the update process the server certificate used for the WebUI is lost.
Config with v6.0.4 (it does not happen with „self-signed“ only):
config system global„What’s new with FortiOS 6.2: Update issue with certificate for WebUI“ weiterlesen
set admin-server-cert "self-signed"
end
FortiOS v6.2 has been released in March this year and we are still gaining experience with this version. In this article we would like to draw you attention to the protocol which is used for FortiGuard service communication. Up to v6.0 udp has been used, with 6.2 the default protocol has changed to https.
Last week Fortinet has released a critical PSIRT-Advisory „Improper check for certificate revocation vulnerability“
Unfortunately the article does not give exact information regarding the background or the solution and we couldn’t find further information about the issue, either. Maybe you have more information?
„New PSIRT-Advisory from Fortinet“ weiterlesen
Die Fortinet WiFi Produkte erfreuen sich schon länger zunehmender Beliebtheit. Dies nicht zuletzt, weil die FortiAP und Controller je länger je angewandtere Technologien bieten und daher unterdessen praktisch alle vorstellbaren Einsatzszenarien abdecken.
Da mit dem Featureset zugleich auch die Komplexität der Systeme mit wächst, möchten wir ihnen mit diesem Artikel einen Überblick über die Technologie, die Funktionalität und deren Einschränkungen verschaffen.
„Fortinet Wireless FAQ“ weiterlesen
Watchguard is going to release Fireware version 12.5 in the next few days / weeks. From the public beta phase some new features are already known, which I would like to introduce here:
Update: Fireware 12.5 has been released.
Please check the “ What’s New in Fireware v12.5 “ presentation for detailed information.
In the Access Portal configuration, you can now configure reverse proxy actions so remote users can connect to internal web applications and Microsoft Exchange services with an external URL. With reverse proxy actions, you can give remote teams access to internal resources without the need for a VPN. Multi-factor authentication is supported as well.
„WatchGuard Fireware 12.5“ weiterlesen