FortiWeb v6.4 starts to support the integration with Let’s Encrypt. This allows you to automatically generate server certificates alleviating the need to upload private certificates.
The administration guide gives you some information on how to request those Let’s Encrypt certificates but in our opinion the configuration guidelines are not sufficient. So we tried to give some more information on how to configure FortiWeb to obtain a server certificate from Let’s encrypt and how to use them in the server policy.
In the last few days, more and more articles about vulnerabilities in the Wifi area have appeared. These FragAttacks (fragmentation and aggregation attacks) which is a collection of new security vulnerabilities affects Wi-Fi devices from different vendors.
Some security researchers have demonstrated three high risk vulnerabilities for exchange server systems. Microsoft has published information about the vulnerability today and even has a patch for the problem already in place.
Since June 1st you may notice that some websites (https) are not working anymore when Fortigate or the Palo Alto Networks Firewall is doing decryption or certificate inspection. Typically you are getting one of the following error messages:
What is the problem? AuthPoint Gateway software must be updated to the latest available version, v5.1.5 before the week of 10 October 2019. If you do not update your AuthPoint Gateway before 10 October, it is likely that all authentication will fail for your AuthPoint user base.
When must I update my AuthPoint Gateway? If
you use AuthPoint Gateway software v220.127.116.11 or lower, you must update
your Gateway software to v5.1.5 as soon as possible. If you update your
Gateway software before the dates referenced below, this issue will not
For AuthPoint users in the APAC cloud region – 10 October 2019
For AuthPoint users in the EMEA cloud region – 16 October 2019
For AuthPoint users in the AMER cloud region – 17 October 2019
Several customers reported problems while upgrading to FortiOS 5.4.1. FortGate 60D models did not boot up correctly after the upgrade. Fortinet is aware of the issue and mentioned it in the release notes:
The following 60D models have an issue upon upgrading to FortiOS 5.4.1. The second disk (flash) is unformatted and results in the /var/log/ directory being mounted to an incorrect partition used exclusively for storing the firmware image and booting.
To fix the problem, follow these steps. If you have not upgraded yet, you only need to perform step 6, otherwise start with step 1.
Backup your configuration.
Connect to the console port of the FortiGate device.
Reboot the system and enter the BIOS menu.
Format the boot device.
Burn the firmware image to the primary boot device.
Once the system finishes rebooting, from the CLI run «execute disk format 16». This will format the second flash disk.