Professional Documents
Culture Documents
FortiOS v4.0 MR2 Patch Release 13 Release Notes September 05, 2012 01-4213-180205-20120905 Copyright 2012 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
Technical Documentation Knowledge Base Customer Service & Support Training Services FortiGuard Document Feedback
Table of Contents
Change Log....................................................................................................... Introduction....................................................................................................... FortiOS Carrier.................................................................................................. Special Notices .................................................................................................
Important ................................................................................................................. Monitor settings for Web-based Manager access............................................. Supported web browsers .................................................................................. Before any upgrade ........................................................................................... After any upgrade ..............................................................................................
4 5 7 8
8 8 8 8 8
General..................................................................................................................... 8
Resolved Issues.............................................................................................. 15
Resolved issues ............................................................................................... 15
Limitations....................................................................................................... 16
Citrix XenServer limitations.................................................................................... 16 Open source Xen limitations .................................................................................. 16
Image Checksums.......................................................................................... 17
Page 3
Change Log
Date 2012-09-05 2012-09-07 2012-09-11 Change Description Initial release. Changed supported AV Engine and IPS Engine information. Added bug 173399 to Resolved Issues table.
Page 4
Introduction
This document provides installation instructions and addresses issues and caveats in FortiOS v4.0 MR2 Patch Release 13 build 0349. Table 1 outlines the release status for these models. Table 1: Supported models FortiGate Models FG-30B, FG-50B, FG-51B, FG-60B, FG-80C, FG-80CM, FG-82C, FG-100A, FG-110C, FG-111C, FG-200A, FG-200B, FG-200B-PoE, FG-224B, FG-300A, FG-310B, FG-311B, FG-310B-DC, FG-400A, FG-500A, FG-620B, FG-620B-DC, FG-621B, FG-800, FG-800F, FG-1000A, FG-1000A-FA2, FG-1000A-LENC, FG-1240B, FG-3016B, FG-3040B, FG-3140B, FG-3600, FG-3600A, FG-3810A, FG-3950B, FG-3951B, FG-5001, FG-5001A, FG-5001B, FG-5001FA2, FG-5002FB2, and FG-5005FA2 FWF-30B, FWF-50B, FWF-60B, FWF-80CM, and FWF-81CM. FG-60C, FWF-60C, FWF-60CM, FWF-60CX-ADSL-A This model is released on a special branch based off of FortiOS v4.0 MR2 Patch Release 13: fg_4-2_60c/build_tag_5918. As such, the build number found at System > Dashboard > Status and the output from the get system status CLI command displays 5918 as the build number. To confirm that you are running the proper build, the output from the get system status CLI command has a Branch point: field that should read 0349. This model is released on a special branch based off of FortiOS v4.0 MR2 Patch Release 13: fg_4-2_300c/build_tag_4244. As such, the build number found at System > Dashboard > Status and the output from the get system status CLI command displays 4244 as the build number. To confirm that you are running the proper build, the output from the get system status CLI command has a Branch point: field that should read 0349. v4.0 MR2 Patch Release 13 All models are supported on the regular v4.0 MR2 Patch Release 13 branch.
FG-300C
Page 5
Table 1: Supported models (continued) FortiGate Models FortiGate-VM v4.0 MR2 Patch Release 13 This model is released on a special branch based off of FortiOS v4.0 MR2 Patch Release 13: fg_4-2_vmware_esx/build_tag_5919. As such, the build number found at System > Dashboard > Status and the output from the get system status CLI command displays 5919 as the build number. To confirm that you are running the proper build, the output from the get system status CLI command has a Branch point: field that should read 0349. This model is released on a special branch based off of FortiOS v4.0 MR2 Patch Release 13: fg_4-2_one/build_tag_5917. As such, the build number found at System > Dashboard > Status and the output from the get system status CLI command displays 5917 as the build number. To confirm that you are running the proper build, the output from the get system status CLI command has a Branch point: field that should read 0349.
FortiGate-One
Page 6
FortiOS Carrier
This chapter provides platform support information for FortiOS Carrier v4.0 MR2 Patch Release 13 build 0349. Table 2 outlines the release status for these models. Table 2: Supported models FortiCarrier Models FCR-3810A, FCR-3950B, FCR-3951B, FCR-5001A, and FCR-5001B. Firmware image filenames begin with FK. FortiOS Carrier v4.0 MR2 Patch Release 13 All models are supported on the regular v4.0 MR2 Patch Release 13 branch.
Page 7
Special Notices
General
The TFTP boot process erases all current firewall configuration and replaces it with the factory default settings.
Important
Monitor settings for Web-based Manager access
Fortinet recommends setting your monitor to a screen resolution of 1280x1024. This allows for all the objects in the Web-based Manager to be viewed properly.
Page 8
Upgrade Information
Upgrading from FortiOS v4.0
FortiOS v4.0 MR2 Patch Release 13 officially supports upgrade from the FortiOS v4.0 Patch Release 4 or later. See the upgrade path below.
FortiOS v4.0
The upgrade is supported from FortiOS v4.0.4 build 0113 or later. v4.0.4 build 0113 (or later)
v4.0 MR2 Patch Release 13 build 0349 After every upgrade, ensure that the build number and branch point match the image that was loaded.
In FortiOS v4.0.4:
config webfilter bword edit 1 config entries edit "badword1" set status enable next edit "badword2" set status enable next end set name "BannedWordList" next end
Page 9
config webfilter exmword edit 1 config entries edit "goodword1" set status enable next edit "goodword2" set status enable next end set name "ExemptWordList" next end
Page 10
After merging the exempt list from v4.0.4 to the webfilter content list:
config webfilter content edit 1 config entries edit "goodword1" set status enable next edit "goodword2" set action exempt set status enable next edit "badword1" set status enable next edit "badword2" set action exempt set status enable next end set name "BannedWordList" next end
VoIP settings
FortiOS v4.0 MR2 has the functionality to archive messages and files caught by the Data Leak Prevention (DLP) feature, which includes some VoIP messages. However, some scenarios have an implication configuration retention on the upgrading. Consider the following: FortiGate in v4.0.4 has two protection profiles: PP1 and PP2. PP1 contains: DLP sensor: DLP1 Application control list: APP1 which archives SIP messages PP2 contains: DLP sensor: DLP1 Application control list: APP2 which has content-summary enabled for SIMPLE Upon upgrading to FortiOS v4.0 MR2 Patch Release 13, the VoIP settings are not moved into the DLP archive feature.
Page 11
v4.0 MR2 Patch Release 13 build 0349 After every upgrade, ensure that the build number and branch point match the image that was loaded.
DLP rule
A DLP rule with subprotocol setting set to 'sip simple sccp' will be lost upon upgrading to FortiOS v4.0 MR2 Patch Release 13.
Page 12
Product Integration
Fortinet Single Sign-On (FSSO) support
FortiOS v4.0 MR2 Patch Release 13 is supported by FSSO (formerly FSAE) v4.3.0 build 0117 for the following: Microsoft Windows Server 2003 R2 32-bit Microsoft Windows Server 2003 R2 64-bit Microsoft Windows Server 2008 Server 32-bit Microsoft Windows Server 2008 64-bit Microsoft Windows Server 2008 R2 64-bit Novell sDirectory 8.8. IPv6 currently is not supported by FSSO.
FortiOS v4.0 MR2 Patch Release 13 also supports AV Engine 4.00398 and IPS Engine 1.00250. When connected to FDS, the AV Engine and IPS Engine will be updated.
SSL-VPN support
SSL-VPN standalone client
FortiOS v4.0 MR2 Patch Release 13 supports the SSL-VPN tunnel client standalone installer build 2270 for the following: Windows in .exe and .msi format Linux in .tar.gz format Mac OS in .dmg format Virtual Desktop in .jar format for Windows 7, XP, and Vista
Page 13
Table 3 lists the supported operating systems. Table 3: Supported operating systems Windows
Windows XP 32-bit SP 3 Windows 7 32-bit SP 1 Windows 7 64-bit SP 1
Linux
CentOS 5.6
Mac OS X
Lion 10.7
FortiAP support
The following table lists which FortiAP devices and FortiOS operating systems are supported in FortiOS v4.0 MR2 Patch Release 13 build 0349. Table 4 outlines supported models Table 4: Supported models FortiAP Model FortiAP 210B FortiAP 220A FortiAP 221B FortiAP 222B FortiOS v4.0 MR2
For wireless controller support in FortiOS v4.0 MR2 the following firmware image is required: fg_4-2_fortiap/build_tag_6670. The build number for these images in the System > Status page and the output from the get system status CLI command displays 6670 To confirm that you are running the proper build, the output from the get system status CLI command has a Branch point: field. This should read 0349. This firmware image is available under the following directory in the Firmware Images page of the Customer Support site after you login: FortiAP/v4.00/4.0MR2/MR2_Patch_13/Wireless_controller/
FortiAP v4.0 MR3 Patch Release 7 These models are supported on the regular v4.0 MR3 branch.
Page 14
Resolved Issues
The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Customer Service & Support.
Resolved issues
Table 5: Resolved issues Bug ID 173399 Description Ports on certain models may inadvertently shutdown after the system has been running for 248 days. Please see Customer Service Bulletin CSB-120813-1. Firewall Policy is not installed properly when applied via FortiManager.
175110
Page 15
Limitations
This section outlines the limitations in FortiOS v4.0 MR2 Patch Release 13.
Page 16
Image Checksums
The MD5 checksums for all Fortinet software and firmware releases are available at the Customer Service & Support website located at https://support.fortinet.com. After logging in, click on Download > Firmware Image Checksum, enter the image file, including the extension, and select Get Checksum Code. Figure 1: Customer Service & Support image checksum tool