Some customers have reported, that their FortiAPs won’t connect anymore after upgrading to FortiOS 6.2.1.
Fortinet has confirmed that this is a know issue only when using trusted hosts to restrict the administrative access to the FortiGate.
The official workaround is to add the FortiAP’s IP or subnet as an additional trusted host entry on one of the admin users:
config system admin
edit "adminuser"
set trusthostx 10.33.33.3 255.255.255.255 <-- IP Address of the FortiAP
next
end
Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.
It turned out that during the update process the server certificate used for the WebUI is lost.
Config with v6.0.4 (it does not happen with „self-signed“ only):
config system global„What’s new with FortiOS 6.2: Update issue with certificate for WebUI“ weiterlesen
set admin-server-cert "self-signed"
end
Last week Fortinet has released a critical PSIRT-Advisory „Improper check for certificate revocation vulnerability“
Unfortunately the article does not give exact information regarding the background or the solution and we couldn’t find further information about the issue, either. Maybe you have more information?
„New PSIRT-Advisory from Fortinet“ weiterlesen