Posted by: Fabrizio | April 16, 2009

Fortinet VPN & SSLVPN Issue in MR6

Resolved Issues in FortiOS MR6 – Patch Release 5

Description: Outlook Web Access 2007 does not work correctly when used through SSL-VPN web mode.

Models Affected: All

Bug ID: 83106 Status: Fixed in MR6 – Patch Release 5.

Description: The SSLVPN web portal page does not return to the login prompt after the SSL connection idle time expires.

Models Affected: All

Bug ID: 85059 Status: Fixed in MR6 – Patch Release 5.

 

Resolved Issues in FortiOS MR6 – Patch Release 4

Description: SSLVPN daemon (sslvpnd) may crash during PKI authentication if sslvpn groups containing PKI users areused.

Models Affected: All

Bug ID: 79064 Status: Fixed in MR6 – Patch Release 4.

Description: FortiGate may crash or hang when IPSec is configured on an NPU2 interface and the tunnel setup-rate is high.

Models Affected: All

Bug ID: 79511 Status: Fixed in MR6 – Patch Release 4.

Description: IKE daemon may crash on receiving out of order packets.

Models Affected: All

Bug ID: 70857 Status: Fixed in MR6 – Patch Release 4.

Models Affected: All

Bug ID: 81134, 77558, 80006 Status: Fixed in MR6 – Patch Release 4.

Description: FortiGate may intermittently drop all SSLVPN tunnel mode connections.

Models Affected: All

Bug ID: 81406, 78746, 81239 Status: Fixed in MR6 – Patch Release 4.

Description: SSLVPN connection may unexpectedly drop some packets.

Models Affected: All

Bug ID: 82491 Status: Fixed in MR6 – Patch Release 4.

Description: SSLVPN tunnel client does not automatically reconnect in an event of network failure.

Models Affected: All

Bug ID: 81977 Status: Fixed in MR6 – Patch Release 4.

Description: SSLVPN client plug in does not work with FireFox 3.

Models Affected: All

Bug ID: 77274 Status: Fixed in MR6 – Patch Release 4.

Description: SSLVPN tunnel may not connect if the FortiGate and the workstation (running windows vista service pack 1)is on the same subnet .

Models Affected: All

Bug ID: 73924 Status: Fixed in MR6 – Patch Release 4.

Description: When SSLVPN tunnel mode session times out the portal page should get redirected to login page.

Models Affected: All

Bug ID: 70902 Status: Fixed in MR6 – Patch Release 4.

Description: SSLVPN cipher suites with anonymous authentication algorithms are enabled by default.

Models Affected: All

Bug ID: 82865 Status: Fixed in MR6 – Patch Release 4.

 

Resolved Issues in FortiOS MR6 – Patch Release 3

Description: SSLVPN daemon (sslvpnd) may crash if user tries to make any changes to SSLVPN web UI page aftersession has expired.

Models Affected: All

Bug ID: 74002 Status: Fixed in MR6 – Patch Release 3.

Description: SSLVPN proxy may insert Javascript script outside HTML section of a web page when browsed using SSLVPN web mode.

Models Affected: All

Bug ID: 72410 Status: Fixed in MR6 – Patch Release 3.

Description: The FortiGate may not be able to connect to HTTPS sites through SSL-VPN Web mode if the server is usingcipher

suite with Diffie-Hallman method.

Models Affected: All

Bug ID: 74891 Status: Fixed in MR7.

Description: The FortiGate’s event log shows INVALID-SPI messages every time IPSec SA is re-negotiated.

Models Affected: All

Bug ID: 71707 Status: Fixed in MR6 – Patch Release 3.

Description: IKE daemon (iked) may cause memory leak when using aggressive-mode IPSec connection.

Models Affected: All

Bug ID: 77676 Status: Fixed in MR6 – Patch Release 3.

Description: SSLVPN tunnel connection to the FortiGate may change physical interface’s TCP MSS value to 964.

Models Affected: All

Bug ID: 76724 Status: Fixed in MR6 – Patch Release 3.

Description: Users using IPSecuritas VPN client software may not be able to establish an IPSec tunnel with FortiGate ifXauth is enabled.

Models Affected: All

Bug ID: 77467 Status: Fixed in MR6 – Patch Release 3.

Description: CPU usage of SSLVPN daemon may get stuck at high 90ies, even if no sslvpn user is connected.

Models Affected: All

Bug ID: 77702 Status: Fixed in MR6 – Patch Release 3.

 

Resolved Issues in FortiOS MR6 – Patch Release 2

Description: If a FortiGate has a high number (over 20,000) of VPN tunnels using NP2 ports , the FortiGate may crash.

Models Affected: FGT-3600A (FB4 card), FGT-3810A (FB4 card) , FGT-3016B

Bug ID: 73116 Status: Fixed in MR6 – Patch Release 2.

Description: After upgrading to MR6 Patch Release 1, the SSLVPN daemon (sslvpnd) may silently restart without addingan entry in the crashlog.

Models Affected: All

Bug ID: 73000 Status: Fixed in MR6 – Patch Release 2 .

Description: If url-obscuration is set to disable, a user cannot search for email contacts when composing an emailusing SSLVPN with Internet Explorer Browser.

Models Affected: All

Bug ID: 72829 Status: Fixed in MR6 – Patch Release 2 .

Description: The web UI fails to load the FortiGate Status page in SSL Web mode.

Models Affected: All

Bug ID: 71659 Status: Fixed in MR6 – Patch Release 2.

Description: FortiGate may fail to reconnect an IPSec connection if an IPSec peer that is behind a NAT device disconnectswithout notifying the FortiGate and tries to reconnect before DPD times out.

Models Affected: All

Bug ID: 73474 Status: Fixed in MR6 – Patch Release 2.

Description: Clients using XAuth v6 may not be able to connect to the FortiGate acting as an XAuth server.

Models Affected: All

Bug ID: 73267, 73647 Status: Fixed in MR6 – Patch Release 2.

Description: The GRE tunnel physical interface settings may not be inherited from the gre-tunnel configuration.

Models Affected: All

Bug ID: 73727 Status: Fixed in MR6 – Patch Release 2.

Last Updated ( Monday, 08 March 2010 16:08 )

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: