Due to several known issues, we do not yet recommend FortiOS 6.2 in productive environments.
„FortiOS 6.2: Upgrade Notes“ weiterlesenFortiOS 6.2: Upgrade Notes
FortiGate: Admin GUI mit Chrome Browser on Mac nicht erreichbar
Mit iOS 13 und macOS 10.15 (Catalina) hat Apple die Schraube bei den TLS Zertifikaten angezogen: https://support.apple.com/en-us/HT210176
Dies führt dazu, dass bei frisch aufgesetzten FortiGates das Admin GUI per Chrome Browser nicht mehr erreichbar ist. Als Fehlermeldung wird NET::ERR_CERT_REVOKED angezeigt.
Verantwortlich ist folgende Richtlinie: TLS server certificates [issued after July 1, 2019] must have a validity period of 825 days or fewer.
Um das Problem permanent zu lösen, braucht es ein SSL Zertifikat, welches den neuen Apple Richtlinien entspricht (Gültigkeit <= 825 Tage). Das Zertifikat fürs Admin GUI wird unter System > Settings konfiguriert.
Als Workaround kann man in Chrome auf der Fehlerseite den Text thisisunsafe eintippen. Anschliessend erfolgt die Weiterleitung auf die gewünschte Seite.
OneSpan Authentication Server Appliance 3.19 Upgrade Issue
Official information from OneSpan published on January 10, 2020:
We have discovered an issue when upgrading OneSpan Authentication Server Appliance from version 3.18.x to 3.19. The upgrade brings the appliance in a non-operational state.
The Authentication Server Appliance and Authentication Server Virtual Appliance offline upgrade packages have been taken offline on January 9th. The online upgrade process to version 3.19 has also been disabled.
If you have a local copy of the version 3.19 offline upgrade package, do NOT use it to upgrade from 3.18.x to 3.19.
The issue does not occur when you perform a fresh installation of Authentication Server Virtual Appliance version 3.19 and the installation files can still be downloaded.
We are working on a solution for this problem and will make the version 3.19.1 available as soon as possible. We estimate version 3.19.1 will be available in week 4 (Week of January 20th).
FortiClient VPN 6.2
Mit dem Release von FortiClient 6.2 wurde der bisherige Full Featured FortiClient lizenzpflichtig und setzt einen FortiClient EMS Server voraus. Im Gegenzug hat Fortinet einen separaten VPN-only Client veröffentlicht. Fortinet beschreibt den FortiClient VPN folgendermassen:
For FortiGate administrators, a free version of FortiClient VPN is available which supports basic IPsec and SSL VPN and does not require registration with EMS. This version does not include central management, technical support, or some advanced features.
Basic IPsec and SSL VPN bedeutet in diesem Zusammenhang, dass folgende Features nicht enthalten sind:
- IKEv2 support
- VPN auto-connect/always-up
- on-net/off-net
- host check features
- Central management
Ebenfalls gibt es für die Version 6.2 kein FortiClient Configuration Tool . Um benutzerdefinierte Installationspakete zu erstellen, wird zwingend ein FortiClient EMS Server benötigt.
Der FortiClient VPN ist unter https://www.forticlient.com/downloads erhältlich. Weitere Informationen dazu gibt es im KB Limitation and features on Forticlient.
FortiGate: 802.1x Authentication mit Windows NPS
Die Verbindung zum Windows NPS Server steht und die 802.1x-Authentication ist auf dem Hardware-Switch aktiviert. Obwohl scheinbar alles richtig konfiguriert ist, schlägt die 802.1x Authentication fehl.
CheatSheet – FortiOS Version 6.2
With FortiOS 6.2 a few new CLI commands have been added to the Security Fabric or Switch integration. That’s why we created a new version of the Cheat Sheet and published it here.
WatchGuard Authentication fails with AuthPoint Gateway lower than version 5.1.5
What is the problem?
AuthPoint Gateway software must be updated to the latest available version, v5.1.5 before the week of 10 October 2019. If you do not update your AuthPoint Gateway before 10 October, it is likely that all authentication will fail for your AuthPoint user base.
When must I update my AuthPoint Gateway?
If
you use AuthPoint Gateway software v5.1.3.158 or lower, you must update
your Gateway software to v5.1.5 as soon as possible. If you update your
Gateway software before the dates referenced below, this issue will not
impact you.
- For AuthPoint users in the APAC cloud region – 10 October 2019
- For AuthPoint users in the EMEA cloud region – 16 October 2019
- For AuthPoint users in the AMER cloud region – 17 October 2019
Fortinet PowerPoint Icon Library
Fortinet stellt eine PowerPoint Icon Library für die Erstellung von Präsentationen zur Verfügung.
Public Network Security Icon Library
https://www.fortinet.com/resources/icon-library.html
Sie können die Icon Library auch von unserem Doc-Server herunterladen:
August 2019
https://doc.boll.ch/virtual/1522/FTNT-IconLibrary-August-2019.zip
März 2016
http://doc.boll.ch/virtual/1221/FTNT-IconLibrary-16-08-01.ppt
März 2016
http://doc.boll.ch/virtual/1186/FTNT-IconLibrary-16-03-01-Public.pptx
What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI
Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.
It turned out that during the update process the server certificate used for the WebUI is lost.
Config with v6.0.4 (it does not happen with „self-signed“ only):
config system global„What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI“ weiterlesen
set admin-server-cert "self-signed"
end
What’s new with FortiOS 6.2: FortiGuard Requests
FortiOS v6.2 has been released in March this year and we are still gaining experience with this version. In this article we would like to draw you attention to the protocol which is used for FortiGuard service communication. Up to v6.0 udp has been used, with 6.2 the default protocol has changed to https.
