Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

wp_fg_FortiOS_v2.80_MR3_release_notes

VIEWS: 334 PAGES: 24

									http://laptop1.blogbus.com/




     FortiGate™ Antivirus Firewall



              Release Notes
           FortiOS™ v2.80-MR3




                 July 15, 2004




             This is trial version
             www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                                                                  Release Notes: FortiOS™ v2.80-MR3




                                                              Table of Contents
    1 FortiOS v2.80 Maintenance Release 3...................................................................................................................... 3
    2 Upgrade Information................................................................................................................................................. 3
       2.1 General............................................................................................................................................................... 3
       2.2 Special Notices................................................................................................................................................... 4
       2.3 Downgrade Notice..............................................................................................................................................4
    3 FortiOS v2.80 Features..............................................................................................................................................5
       3.1 System................................................................................................................................................................ 6
       3.2 Firewall...............................................................................................................................................................7
       3.3 Antivirus............................................................................................................................................................. 9
       3.4 VPN.................................................................................................................................................................. 10
       3.5 Spam Filter....................................................................................................................................................... 11
       3.6 High Availability.............................................................................................................................................. 11
       3.7 IPS functionality...............................................................................................................................................12
       3.8 Web Content Filtering...................................................................................................................................... 12
       3.9 Enhancements provided by MR3..................................................................................................................... 12
    4 MR3 Release Issues.................................................................................................................................................14
       4.1 Resolved Issues................................................................................................................................................ 14
       4.2 Known Issues....................................................................................................................................................21
    5 Image Checksums....................................................................................................................................................24




    Fortinet Technical Support Email Contacts:
    amer_support@fortinet.com for the Americas
    eu_support@fortinet.com for EMEA
    apac_support@fortinet.com for Asia Pacific




    July 15, 2004                                                                                                                                                               2
                                                      This is trial version
                                                      www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                             Release Notes: FortiOS™ v2.80-MR3




    1 FortiOS v2.80 Maintenance Release 3
    This document outlines the features of FortiOS v2.80 Maintenance Release 2 (MR3) firmware for the FortiGate
    Antivirus Firewall.


    2 Upgrade Information

                    2.1 General
    All FortiGate units must be upgraded to v2.50-MR9 or higher prior to upgrading to v2.80-MR3. If this procedure is
    not followed, some configuration settings will be lost or set to the factory default values. Save a copy of your
    FortiGate unit configuration (including replacement messages and content filtering lists) prior to upgrading.

    Note: The TFTP upgrade erases all current firewall configuration and replaces it with the Factory Default settings.

    After upgrading,
    • if you are using the GUI, clear the browser cache prior to login to the FortiGate unit to ensure proper display of
       the GUI screens.

    •   Update the AV/NIDS definitions. This can be done through the Update feature or by manually uploading the
        AV signature package to the FortiGate unit. (Consult the FortiGate User Guide for detailed procedures.)

    2.1.1    Upgrading FortiOS v2.50
    Additional caveats when upgrading from v2.50.

    •   Admin password
    The Admin password is reset to blank when upgrading from v2.50. Configure a new admin password from the GUI
    or CLI. This is because the password is stored as a hash value and v2.50 and v2.80 use different algorithms to
    calculate the hash value.

    •   Transparent mode High-end Models (FortiGate-3000 and up)
    When upgrading from v2.50-MR9 (v2.80-b269), if there are more than 1 Virtual Domains defined the management
    IP and static route are assigned to an added VDom. (BugID: 13738)

    •   Transparent mode Virtual Domains
    Only 2 Virtual Domains are allowed in the standard v2.80-MR3 images. Any additional VDom configurations after
    the first two in the configuration file are deleted when upgrading to v2.80. Only FortiGate-3000 and higher models
    can support more than 2 Vdoms and is a licensed feature. (BugID: 14070)

    •  Configuration file
    FortiOS v2.50 CLI commands are incompatible with the FortiOS v2.80 CLI commands. Attempts to restore a
    configuration file from FortiOS v2.50 will fail. An existing FortiOS v2.50 configuration can be upgraded, or a new
    configuration must be entered via the FortiOS v2.80 CLI or WebUI.

    •   Web and Email Content Block List files
    The format of the Web and Email content block list files (e.g. banword.dat) have changed and a v2.50 version list
    file cannot be uploaded into v2.80. Existing block list entries in the FortiGate unit at the time of upgrade will be
    converted. Contact Fortinet Technical Support for help with block list file upgrading.

    •   CLI command hierarchy
    In FortiOS v2.80 the CLI commands are now hierarchical. In general, a configuration area must be specified first
    (e.g. config system interface), then an item (e.g. edit port1) before a set or unset command can
    be issued.


    July 15, 2004                                                                                                          3
                                      This is trial version
                                      www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                              Release Notes: FortiOS™ v2.80-MR3


    A CLI prompt or command followed by <TAB> will cycle through the possible options; “? <ENTER>” displays a
    list of all possible options.

    •   CLI “set” command behaviour
    The CLI “set” behaviour has changed from FortiOS v2.50. For a given “set” command, all the parameters to be
    modified or enabled must be entered on the same line. This differs from FortiOS 2.50 that allowed separate “set”
    lines to be additive in constructing the command parameters.
    e.g. “set a b c” followed by “set b” results in only parameter “b” invoked.


    2.1.2    Upgrading FortiOS v2.80
    Additional caveats when upgrading from v2.80.

    •   Spam Filter Lists
    The Spam Filter List format has changed in 2.80-MR3 and upgrading from previous versions of v2.80 requires
    clearing the Spam Filter List and re-entering the list. (v2.50 Spam Filter lists are upgraded automatically to v2.80-
    MR3 format.) Contact Fortinet Technical Support for help with Spam Filter list file upgrading.

    •   User Domain and Firewall Policies
    The User Domain function has been removed. Any firewall policies that use User Domain will be deleted from the
    configuration when upgrading to v2.80-MR3.The User Domain function has been replaced by an expanded User
    Group function that allows a User Group to be associated with a Protection Profile. See the Enhancements Section
    for further details.



                    2.2 Special Notices

    •   Cerberian Web Filter Users

    Cerberian Web Filter functionality is removed in v2.80-MR3 and will no longer be supported. This is being
    replaced by the FortiGuard Web Rating System. Current Cerberian license holders are eligible for a free upgrade to
    the FortiGuard Web Rating System and should contact their local Fortinet Sales representative.




                    2.3 Downgrade Notice
    NOTE: All configuration settings are lost and set to Factory Defaults when a downgrade is performed (TFTP
    reload or WebUI Downgrade).




    July 15, 2004                                                                                                       4
                                      This is trial version
                                      www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                           Release Notes: FortiOS™ v2.80-MR3




    3 FortiOS v2.80 Features
    A short summary of the features in FortiOS v2.80 appears below, followed by sections providing further details.

        ·   System
               1) Role Based Administration
               2) Configuration file backup improvements
               3) Redesigned WebUI
               4) Redesigned CLI
               5)   Improved “out-of-the-box” usability for SOHO models
               6) Support extended characters in username/password
               7) Improved Technical Support


        ·   Firewall
               1) Virtual Domain support in NAT and Transparent modes
               2) Improved Custom TCP/IP support pre-defined services including new SIP support
               3) Policy configuration enhancements for NAT: IP address ranges, multiple IP Pools, and DiffServ
                    settings
               4) Multiple Secondary IP addresses per interface
               5) IPv6 traffic forwarding
               6) Enhanced RIP routing protocol support
               7) OSPF routing protocol support
               8) ADSL (PPPoE ) Connection idle timeout support
        ·   Antivirus
               1) Heuristic Virus Detection
               2) Scan Large Files on Hard drive
               3) Submit quarantined virus sample to Fortinet
               4) HTML link for scanned virus detection
               5) Append Customized text to email messages
               6) PPTP and L2TP AV scanning


        ·   VPN
               1) IPSec tunnel in Transparent mode
               2) DHCP support over IPSec
               3) User Authentication via RSA SecureIDTM
               4) Redundant dial-up tunnels
               5) Overlapping address support
               6) VIP over IPSec
               7) Central site Internet access

    July 15, 2004                                                                                                     5
                                     This is trial version
                                     www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                            Release Notes: FortiOS™ v2.80-MR3


               8) Dynamic DNS


        ·    Spam Filter
               1) Check & Mark Messages with Signs of SPAM:
                      -Keywords & phrases in message body and subject line
                      -Blacklist of known bad spam senders test
               2) Invalid return email address (Reverse DNS lookups)
               3) Spoofing (MIME header check)
               4) Block SMTP Messages based on:
                    -IP address Black/White list
                    -IP-based checks against the Real-time Black Hole list (RBL) and the Open Relay Database
                    (ORDB)
        ·   High Availability
               1) Non-dedicated HA port
               2) Link Fail-over
               3) Firmware upgrade and Configuration upload
               4) HA link security
               5) Support for FortiGate-60/100/200 and FortiWiFi-60 models
        ·    IPS functionality
        ·   Enhanced Web Content Filtering




                    3.1 System
    3.1.1   Role Based Administration
    Description: Prior to the FortiOS v2.80 release, we allow for multiple system administrators to be created per
    FortiGate unit, with each assigned different access rights from read only to read/write. More granularity has been
    added in FortiOS v2.80 to expand the access rights from the system level to the object level. With FortiOS v2.80,
    the following objects within a FortiGate unit can be configured for each system administrator as “Not Accessible”,
    “Read Only”, and “Read/write”:
                 § Device status
                 § Log and report
                 § Device configuration
                 § Users
                 § Security Policy
                 § Administrator

    This permits definition of multiple administrator users with varying read and write capabilities based on
    administrator profiles. For example, a Cryptographic officer may be assigned an administration user profile with
    only read-write capabilities for the VPN area of the firewall. The enhanced role based system administration will
    also be used in conjunction with Virtual Domain functionality allowing system administrators to be associated with
    specific Virtual Domains.




    July 15, 2004                                                                                                    6
                                     This is trial version
                                     www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                               Release Notes: FortiOS™ v2.80-MR3


    3.1.2    Configuration file backup improvements
    Description: FortiOS v2.80 provides a consolidated backup function, enabling backup for system configuration,
    content filtering URL list, content filtering key words, content filtering exempt list, email filtering black and white
    list as well as key words, and NIDS/IDP settings, in a single place on the WebUI.

    3.1.3    Redesigned WebUI
    Description: The WebUI has been extensively redesigned for improved usability and convenience.

    3.1.4    Redesigned CLI
    Description: The new CLI is now multilevel, providing improved organization and consistency. As well, all
    functionality can now be invoked through the CLI. Type “tree” to view the entire CLI command tree of commands
    and options (This is a long list.).

    Note: FortiOS v2.50 CLI commands are incompatible with the FortiOS v2.80 CLI commands. Attempts to restore
    a configuration file from FortiOS v2.50 will fail. An existing FortiOS v2.50 configuration can be upgraded, or a
    new configuration must be entered via the FortiOS v2.80 CLI or WebUI.

    3.1.5     Improved “out-of-the-box” usability for SOHO models
    Description: For FortiGate-100 models and lower, the following features make set-up easier and quicker:
    • HTTP is enabled by default on the Internal interface and
    • DNS Forwarding – The client PC sets its DNS server address the local FortiGate interface and all DNS requests
       sent to FortiGate unit are relayed to the DNS server configured in Fortigate unit (GUI: System > Network >
       DNS).

    3.1.6    Support extended characters in username/password
    Description: Non-alphanumeric characters such as underscore (“_”) and “@”are now supported in the Username
    and Password fields.

    3.1.7    One-button transmission of FortiGate system info for troubleshooting
    Description: FortiOS v2.80 provides a handy button on the WebUI for system administrators to send
    troubleshooting information to Fortinet and partner support personnel, including the current version of the FortiOS
    system, the version of the AV and NIDS definition files, system configuration, etc.



                    3.2 Firewall
    3.2.1    Virtual Domain support in NAT and Transparent modes
    Description: Virtual Domain (VDOM) is used in conjunction with VLAN technology to allow customers to create
    multiple, independently managed security domains, either to secure discrete departments within an enterprise or as
    the basis for a service provider’s managed security service.

    FortiOS v2.36 and v2.50 releases support 802.1q VLAN processing, a pre-requisite of Virtual Domain (VDOM)
    functionality. VDOM functionality extends these capabilities to provide more complete and granular
    virtualization, with the following key features:
         § Multi-tier security domain design concept: One FortiGate unit can have multiple VDOMs, and within each
              VDOM, multiple security zones plus interfaces can be defined – each zone further made of physical
              interfaces as well as sub-interfaces mapped to VLAN tags; no traffic is allowed between VDOMs
         § Firewall policies and addresses configurable on a per VDOM basis
         § Role-based administration to provide delegated administration based on VDOM
         § Logging and reporting on a per VDOM basis
         § 802.1Q VLAN trunking.



    July 15, 2004                                                                                                         7
                                       This is trial version
                                       www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                              Release Notes: FortiOS™ v2.80-MR3


        §    802.1Q VLAN tagged packet processing.
        §    AV profiles, firewall services, system times, etc. are shared across all VDOMs.
        §    Virtual router support on a per VDOM basis in NAT/Route mode, so that overlapping IP addresses
             defined in different VDOMs are supported.
        §    2 VDOMs are supported in all FortiGate models with the standard FortiOS v2.80 firmware. (In MR3, this
             applies to NAT and Transparent mode operation, but in future releases additional Transparent mode
             Vdoms will be supported in the standard v2.80 firmware.)
        §    Greater than 2 VDOM support requires a special version of FortiOS available as an extra-cost option on
             the FortiGate-3000 and higher models, and is dependant the number of VDOMs supported.


    3.2.2    Improved Custom TCP/IP support and pre-defined services
    Description: Custom TCP/IP services can now be defined for ICMP in addition to TCP and UDP. The SIP
    protocol for VoIP networks is now supported in FortiOS v2.80 as well as for new pre-defined services for traffic
    types such as AOL and MSN Messenger,

    3.2.3    IP address ranges
    Description: The IP addresses for firewall policies may now be specified as a range as well as the typical subnet
    groupings. The range is limited to span 256 addresses. However, Encrypt (IPSec) firewall polices must continue to
    use subnet ranges.

    3.2.4    Multiple IP Pools
    Description: Multiple IP pools per interface are now supported and for NAT-enabled policies the assigned NAT-
    source address is randomly selected from the IP pool rather than being limited to the IP address of the destination
    interface. The IP Pools can also contain IP addresses belonging to subnets that are different from the subnet of the
    interface on which the IP Pools are defined.

    3.2.5    DiffServ settings
    Description: The DiffServ bits (DSCP – differentiated services code/control point) of incoming and outgoing
    packets can be overwritten to specific values to support the QOS policies of a network. The default behaviour is to
    pass the DiffServ bits from source to destination packets unchanged..

    3.2.6    Multiple Secondary IP addresses per interface
    Description: An interface can now be assigned multiple secondary IP addresses. In FortiOS v2.50 only a single
    secondary IP address was allowed; FortiOS v2.80 allows up to 32 secondary IP addresses. This is a CLI-only
    command.

    3.2.7    IPv6 traffic forwarding
    Description: FortiOS v2.80 provides forwarding of IPv6 traffic and is configured through the CLI. (Other
    FortiGate functions such as firewall polices, content filtering, AV scanning, etc. are currently not available for IPv6
    traffic.)

    3.2.8     Enhanced RIP routing protocol support
    Description: RIP routing protocol support has been enhanced to include
            • Classful and Classless subnet support
            • Keychain security
            • Offset, distribution, and redistribution lists
            • Access, prefix, and router map lists
            • Split horizon
            • database and status viewing




    July 15, 2004                                                                                                        8
                                      This is trial version
                                      www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                              Release Notes: FortiOS™ v2.80-MR3


    3.2.9    OSPF routing protocol support
    Description: OSPF routing protocol support has been added in FortiOS 2.80 with the following features:
            • OSPF Version 2 Support
            • OSPF Area Support (50 maximum)
            • Route Redistribution with Type
            • Multiple Instances Support (ospf per virtual domain)
            • Opaque LSA Support
            • Database Overflow Support
            • Simple Password Authentication
            • MD5 authentication (has configuration issue that has a workaroud 0013749)
            • OSPF Hello Parameter Configuration
            • OSPF Interface Configuration (100 maximum)
            • OSPF NSSA
            • Type 1 and Type 2 External
            • Virtual Links Support



    3.2.10 ADSL (PPPoE ) Connection idle timeout support
    Description: To support better ADSL environments using PPPoE and where service providers bill based on
    connection time, an idle timeout option can be configured to automatically disconnect the connection after a period
    of inactivity.

                    3.3 Antivirus
    3.3.1    Heuristic Virus Detection
    Description: FortiOS v2.80 release includes heuristic detection of virus, worm, and Trojan attacks, which
    complements existing signature-based detection and is also especially effective at detecting new, or so-called “Zero
    Day” attacks. In this first phase, binary executable files are scanned for the common techniques used by malicious
    code to take control of program flow execution.

    3.3.2    Scan Large Files on Hard drive
    Description: FortiGate models equipped with hard drives can now scan files up to 1GB.

    3.3.3    Submit quarantined virus sample to Fortinet
    Description: FortiOS v2.80 allows system administrators to submit files that have been quarantined by their
    FortiGate units to Fortinet’s Threat Response Team through a simple, one-button click from the FortiGate web
    administrative GUI.

    3.3.4    HTML link for scanned virus detection
    Description: In the event that log records are generated for virus and worm detection, an HTML link will be
    provided that points to the Fortinet virus encyclopedia definition available on the Fortinet website.

    3.3.5    Append Customized text to email messages
    Description: FortiOS v2.80 release allows the system administrator to define a message that will be appended to
    email messages that are destined towards destinations outside of the network protected by a FortiGate unit, For
    example, for a law firm, this user definable message could be a disclaimer for the firm; for another firm, the
    message can state that this particular mail is virus free as inspected by a FortiGate Antivirus Firewall. This feature
    adds more flexibility to the system administrator for managing their corporate messaging policy.




    July 15, 2004                                                                                                        9
                                      This is trial version
                                      www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                              Release Notes: FortiOS™ v2.80-MR3


    3.3.6    PPTP and L2TP AV scanning
    Description: When the FortiGate is a terminating end-point to a PPTP or L2TP tunnel, the tunnel contents can
    now be AV scanned. This compliments the ability to scan IPSec tunnel traffic supported by previous FortiOS
    releases.

                    3.4 VPN
    3.4.1    IPSec tunnel support in Transparent mode
    Description: FortiOS v2.80 supports IPSec VPNs constructed in Transparent mode as well as NAT or Route
    mode. All features of IPSec VPN that are available in NAT/Route mode except for Concentrator (hub & spoke) are
    available in Transparent mode.

    3.4.2    DHCP support over IPSec
    Description: In many remote access scenarios, a mechanism for making the remote host appear to be present on
    the local corporate network is useful. This may be accomplished by assigning the host a “virtual” address from the
    corporate network, and then tunnelling traffic via IPSec from the host's ISP-assigned address to the corporate
    security gateway. In FortiOS v2.80, DHCP over IPSec is supported by DHCP relay for an external DHCP server
    (configured from the CLI).

    3.4.3    User Authentication via RSA SecureIDTM
    Description: FortiOS v2.80 supports user authentication for IPSec tunnels using RSA SecureID. The user must be
    configured in a RADIUS server to require SecureID authentication.

    3.4.4    Redundant dial-up IPSec tunnels
    Description: At the VPN gateway end (i.e. Central Hub Site), FortiOS v2.80 supports redundant dial-up IPSec
    tunnels from a client end-point.

    3.4.5    Overlapping address support
    Description: FortiOS v2.80 supports site-to-site VPN configurations in which the addresses overlap between the
    two sides of the tunnel. This is supported by adding address mapping (configuring outbound NAT for the two
    subnets on two sides that have the same addressing scheme) to support address overlap on the two sides.

    3.4.6    Support VIP over IPSec VPN
    Description: To support connectivity across an IPSec VPN tunnel between two overlapping subnets (i.e. both
    sides of the VPN tunnel are in the same subnet), VIP addresses can be used to map the hosts on either side of the
    tunnel.
    For example, to allow host1 to access host2 in the following scenario:
     host1--------FG1---------FG2---host2
    10.0.0.1                                       10.0.0.2

    Set a VIP on FG1 that resolves to the host2 address, and a VIP on FG2 that points at host1.
    (This method is distinct from using outbound NAT on an encrypt policy to support VPN connectivity between two
    overlapping subnets.)

    3.4.7    Central site Internet access
    Description: For IPSec tunnels, all traffic including Internet-bound traffic can be sent through the tunnel to the
    central site VPN Gateway. This allows consistent application of traffic filtering policies to be extended to the
    remote sites.




    July 15, 2004                                                                                                        10
                                      This is trial version
                                      www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                                Release Notes: FortiOS™ v2.80-MR3


    3.4.8     IPSec Dynamic DNS support
    Description: Using DynDNS, IPSec VPN tunnels can be constructed even when dynamic IP addresses are being
    used on the termination points of the tunnel. FortiOS 2.8 provides full support for Dynamic DNS, enabling the
    FortiGate unit to be able to automatically register itself with a number of available “Dynamic DNS” services
    whenever the external interface IP address changes, either via a user-initiated change or through dynamic
    addressing schemes implemented by IP service providers.

                    3.5 Spam Filter
    Description: Email content filtering features first provided in FortiOS v2.50 have been significantly enhanced to
    provide a much more powerful anti-spam function that includes the following features:

        §    Email content filtering support for SMTP, IMAP, and POP3 protocols
        §    Verification against RBL (Real-time Black Lists) or ORDB (Open Relay Database)
        §    Reverse DNS lookup
        §    Action for spam email: providing options to Reject / Delete
        §    Support for content-based lists
        §    MIME Header Checking
        §    Reporting capabilities

    RBL and ORDB lists act as domain name servers that match the domain of incoming email to a list of IP addresses
    known to send spam or allow spam to pass through. The FortiGate unit compares the IP address or domain name of
    the sender to any database lists you configure in sequence. If a match is found, the corresponding action is taken. If
    no match is found, the email is passed on to the next spam filter.

    Reverse DNS look-up helps to counter email address spoofing by checking the SMTP mail server’s reported
    HELO domain declaration with the result of a DNS look-up and comparing the IP address of the SMTP server. The
    return email address can also be checked for a valid domain with Reverse DNS look-up.

    Keyword and phrase lists have been improved to allow wildcards and Perl regular expressions as well as the ability
    to specify which part of the email message to scan (header, body, or all).

    A MIME headers list can be used to block or clear email from certain programs or with certain types of content.
    The Spam Filter compares the MIME header key-value pair of the sender to the list pair in sequence. If a match is
    found, the corresponding action is taken. If no match is found, the email is passed on to the next spam filter.



                    3.6 High Availability
    3.6.1    Non-dedicated HA port
    Description: HA cluster communication can now be configured for one or more interfaces. Enabling cluster
    communication for more interfaces increases reliability. If an interface fails, cluster communicate can be diverted
    to other interfaces. By default, HA cluster communication is enabled for two interfaces: the DMZ or HA interface
    and the normal external interface.

    3.6.2    Link Fail-over
    Description: If a monitored cluster member interface detects a link failure, the cluster member reports the status of
    its links to the primary unit. The primary unit attempts to re-balance traffic according to the link failure status of all
    cluster members. If an interface on the primary unit detects a link failure, the primary with the next highest HA
    score becomes the primary unit.




    July 15, 2004                                                                                                          11
                                       This is trial version
                                       www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                             Release Notes: FortiOS™ v2.80-MR3


    3.6.3    Firmware upgrade and Configuration upload
    Description: To improve ease of maintenance, HA in v2.80 supports firmware upgrade and configuration upload
    while in operation. Once the master unit has been updated, then the slave cluster members will be automatically
    updated.

    3.6.4    HA link security
    Description: HA data is now encrypted between members of an HA cluster. This reduces the effectiveness of a
    malicious attack through re-play or spoofed data using the HA interfaces.

    3.6.5    Support for FortiGate-60/100/200 and FortiWiFi-60 models
    Description: HA is now supported on FortiGate-60, FortiGate-100, FortiGate-200 and FortiWiFi-60 models. For
    the FortiWiFi-60, the WLAN interface is not a supported HA interface.

                    3.7 IPS functionality
    Description: In FortiOS v2.80, the existing Intrusion Detection and Prevention functions have been merged and
    expanded to provide a new Dynamic Threat Prevention System. IPS can be applied on a per-firewall policy basis
    through the Protection Profiles. All current NIDS signatures (now approximately 1400) will include the option for
    an action to be taken to prevent the attack being detected. Signatures are arranged into groups based on the type of
    attack. Some signature groups also include additional configuration parameters in addition to the actions to take in
    response to a positive signature match: pass, drop, reset or clear packets or sessions. The detection signatures and
    prevention actions are updated automatically in real time via the FortiProtect Network.

    New in FortiOS v2.80 are “anomalies” to identify network traffic that does not fit known or preset traffic patterns.
    The FortiGate IPS identifies the four statistical anomaly types for the TCP, UDP, and ICMP protocols. Each
    anomaly comes with a recommended configuration that can be modified as required. Note that new anomaly lists
    are only provided in new firmware releases.



                    3.8 Web Content Filtering
    Description: In FortiOS v2.80, category based filtering is supported with the FortiGuard Web Rating System,
    Fortinet's high performance, server-based categorized URL filtering system. With the appropriate FortiGuard
    license, the administrator now has the ability to define and choose the categories of URLs that can be blocked per
    firewall policy. (This is a separately licensed product. Contact you local Fortinet Sales Representative for
    information.) FortiGuard capabilities include:
         § 52 content categories.
         § Granular policy enforcement.
         § URL rating cache for high performance.
         § Ability to monitor or deny users access to specific categories.
         § Comprehensive historical statistics for all categories by profile
         § Log of all requests for websites in monitored or denied categories.



                    3.9 Enhancements provided by MR3
    3.9.1    RBL/ORDBL protection for POP3
    RBLs (Real-time Blackhole Lists) and ORDBLs (Open Relay Database Lists) are probably the most powerful of
    the Anti-SPAM features. But for customers who do not own and manage their own mail server, the feature was
    unavailable since only SMTP and IMAP were supported. With v2.80-MR3, this feature is now available to
    environments where email is received via POP3. The Firewall Protection Profiles now support RBL/ORDBL for
    POP3 traffic.



    July 15, 2004                                                                                                     12
                                      This is trial version
                                      www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                             Release Notes: FortiOS™ v2.80-MR3


    3.9.2    High-end models AV optimize command
    On high-end models (FortiGate-3000and higher) an AV optimize feature is available to achieve best AV scanning
    performance. The CLI commands “config system global” > “set optimize antivirus” will optimize FortiGate
    operation for AV. Note that this command will reboot the FortiGate unit.

    3.9.3    Antivirus scan support for ARJ compression format
    The ARJ compression format is now supported for antivirus scanning.

    3.9.4    HA Active-Active mode now can load balance non-AV traffic
    HA Active-Active mode can now load-balance other TCP sessions that are not being AV scanned. Previously, only
    AV scanned traffic (e.g. HTTP, SMTP, POP3, etc.) would have the sessions distributed among the HA Cluster
    members.

    3.9.5    IEEE 802.11 WLAN client mode supported
    On the FortiWiFi-60, IEEE 802.11b/g client mode is now supported. Previous FortiOS versions only supported
    access point mode. This is configured from the WLAN GUI or CLI commands.

    3.9.6    User Group supports Protection Profile
    An expanded User Group function allows a User Group to be associated with a Protection Profile. This replaces
    the User Domain function in earlier v2.80 releases.

    The new simplified method for configuring authentication groups is:

     1. Configure local user
     2. Configure local user group, selecting the protection profile associated with this group
     3. In policy configuration when authentication is enabled, select multiple groups to the allowed authentication
    group

    3.9.7    Logging enhancements
    The FortiGate logging functionality has been enhanced with the following changes:
    • Per user log/report for Web Filtering
    • Traffic Log reports group and user for firewall policy authenticated traffic
    • SNMP support for dial-up VPN tunnel monitoring (requires updated 2.80-MR3 version MIB)
    • Alert Email now contain the FortiGate serial number information for identifying the FortiGate unit.

    3.9.8    GUI enhancements
    The FortiGate GUI functionality has been enhanced with the following changes:
    • Remove IP-MAC binding removed from GUI
    This rarely used feature has been removed from the Firewall section GUI but remains accessible through the CLI.

    •  Browser title shows FortiGate host name
    The web browser window title or tab title area now shows the FortiGate hostname setting.

    3.9.9    CLI enhancements
    The FortiGate GUI functionality has been enhanced with the following changes:
    • Basic HA information is added to the output of “get system status”
    • DHCP and PPPoE information is now displayed in CLI “get system interface”




    July 15, 2004                                                                                                      13
                                     This is trial version
                                     www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                             Release Notes: FortiOS™ v2.80-MR3




    4 MR3 Release Issues

                    4.1 Resolved Issues
    AntiVirus
    4.1.1    Heuristics detected files not quarantined
    Description: Files that are detected by the AV heuristics (for either 'pass' or 'block' mode) for FTP, HTTP, SMTP,
    POP3 and IMAP are not quarantined. Although these files are being logged as 'suspicious'. There is no
    enable/disable control on the GUI. Workaround is to enable from the CLI: “config antivirus quarantine”, “set
    store_heuristic ...”.
    Models Affected: All.
    Bug ID: 12158
    Status: Fixed in MR3.

    4.1.2    Large files not quarantined
    Description: Large files that are detected by the HTTP AV scan are not quarantined although the scan is
    successful and a block message is displayed. The size of the file depends on the system memory and the maximum
    AV file size limit.
    Models Affected: All with a hard disk.
    Bug ID: 12873
    Status: Fixed in MR3.

    4.1.3    Some POP3 mail blocked when SMTP pass-fragmented and Add Signature enabled
    Description: POP3 mail download can be blocked when SMTP pass-fragmented mail and Add Signature is
    enabled. The signature is added to each fragment instead of just to the final mail segment.
    Models Affected: All.
    Bug ID: 12716
    Status: Fixed in MR3. (Note “pass fragmented mail” is not a recommended setting.)


    4.1.4    HTTP POST scanning failed detection for compressed zip, gz and tgz files
    Description: Uploaded HTTP files that were compressed as zip, gzip, or tar gzip could not be scanned for viruses.
    Models Affected: All.
    Bug ID: 11290, 12060
    Status: Fixed in MR3.

    4.1.5    No logging for HTTP upload for a 'suspicious' file by Heuristic Detection
    Description: A file marked as “suspicious” by AV Heuristic Detection for HTTP POST actions would not be
    logged.
    Bug ID: 11794
    Status: Fixed in MR3.

    4.1.6    Rebooting cause the loss of grayware settings
    Description: Enable settings for detection of grayware is lost when unit if rebooted.
    Models Affected: All.
    Bug ID:11348
    Status: Fixed in MR3.




    July 15, 2004                                                                                                  14
                                      This is trial version
                                      www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                              Release Notes: FortiOS™ v2.80-MR3


    4.1.7    Email address block, MIME header, and oversize file buffer not working for IMAP
    Description: Email Address and MIME header blocking working for POP3 and SMTP but not for IMAP.
    Models Affected: All.
    Bug ID:9161, 10576
    Status: Fixed in MR3.

    4.1.8    Missing CLI command to disable email pass fragment option
    Description: There is no CLI command for disabling the email pass fragment option in a Protection Profile.
    However, the GUI allows the administrator to uncheck the "pass fragmail" option.
    Models Affected: All.
    Bug ID:8179
    Status: Fixed in MR3.

    Firewall
    4.1.9    IP pool setting in firewall policy will be lost after system reboot
    Description: A specific IP pool setting in a firewall policy is set to “ANY” after a system reboot. This affects
    configurations that use multiple IP pools on an interface or where the IP pool is in a different subnet or range from
    the policy destination interface. The FortiGate unit chooses the first IP pool in the same range as the policy
    destination interface when the IP pool setting is “ANY”.
    Models Affected: All.
    Bug ID: 12605
    Status: Fixed in MR3.

    4.1.10 Some IP addresses could not be assigned to an interface
    Description: Certain IP addresses that were on the boundaries of classfull IP subnets could not be assigned to
    interfaces or sub-interfaces (VLANs).
    Models Affected: All.
    Bug ID:12799
    Status: Fixed in MR3.

    4.1.11 IP Pool setting in firewall policy will be lost after system reboot
    Description: A firewall policy will change its dynamic IP pool setting to ANY, not the designated IP pool after a
    reboot.
    Models Affected: All.
    Bug ID:12605
    Status: Fixed in MR3.

    4.1.12 User authentication contacts first RADIUS server only
    Description: When two or more RADIUS servers are defined in a User Group, only the first RADIUS server in the
    list is used.
    Models Affected: All.
    Bug ID:12491
    Status: Fixed in MR3.

    4.1.13 Port forwarding VIP supports static interface IP address only
    Description: When creating a port forwarding VIP, he GUI accepts 0.0.0.0 (wildcard notation) to specify the IP
    address when and interface is using DHCP or PPPoE. However, the incoming packets are not forwarded to the
    VIP-mapped trusted IP address.
    Models Affected: All.
    Bug ID:11671, 12193
    Status: Fixed in MR3.



    July 15, 2004                                                                                                      15
                                      This is trial version
                                      www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                            Release Notes: FortiOS™ v2.80-MR3


    4.1.14   Cannot limit MAC addresses on WLAN interface
    Feature: To control IP/MAC binding behavior per interface based is required.
    Models Affected: All.
    Bug ID:8503
    Status: Fixed in MR3.

    High Availability
    4.1.15   Some HA synchronization problems
    Description: Some configuration and running data is not synchronized between Master and Slave cluster members
    causing HA operation failures to forward packets, session pick-up, and failover. Items that do not synchronize are:
    -interface status (9306)
    -routing table (11917)
    -monitored interface change (10628)
    -group ID change (11880)
    -VLAN configuration of more than 120 sub-interfaces (10756)
    Models Affected: All.
    Bug ID: Various. (Noted in parentheses in above list.)
    Status: Fixed in MR3.

    4.1.16   HA Priority setting has no effect
    Description: HA Priority setting has no effect on the master selection. Only the serial number and override setting
    are used to select the HA Cluster master. Once an HA Cluster is operational, attempts to modify a Slave HA
    priority results in an error message.
    Models Affected: All.
    Bug ID: 12698, 12014
    Status: Fixed in MR3.

    4.1.17    TCP session pick-up fails
    Description: In Active-Active configuration with AV scanning enabled, any TCP sessions (e.g. TELNET, ssh,
    HTTP) on a cluster member that fails will not be picked-up by the other Cluster members.
    Models Affected: All.
    Bug ID: 10389, 11818
    Status: Fixed in MR3.

    4.1.18   Quarantine only on Master
    Description: In Active-Active configuration, AV quarantine is only functional on the Master unit. The Slave units
    can scan and detect viruses but cannot quarantine the files.
    Models Affected: All.
    Bug ID: 11328
    Status: Fixed in MR3.

    4.1.19 Enable FortiManager caused the slave keep rebooting
    Description: In any HA configuration where the FortiManager setting is enabled causes the slave to continuously
    reboot.
    Models Affected: All units supporting HA.
    Bug ID:12551
    Status: Fixed in MR3.




    July 15, 2004                                                                                                   16
                                     This is trial version
                                     www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                            Release Notes: FortiOS™ v2.80-MR3


    4.1.20 HA A-P mode IPSec session pickup occurs but traffic (over IPSec) blocked
    Description: In Active-Passive HA configurations, IPSec session pick-up is successful but traffic through the
    tunnel is blocked until the session is cleared and re-established.
    Models Affected: All units supporting HA.
    Bug ID:12493
    Status: Fixed in MR3.

    4.1.21 HA load-balance-all does not distribute session if destination address is learned from RIP
    Description: TCP sessions that would otherwise qualify for load-balancing are always handled by the HA cluster
    master unit if the destination for that session uses a route learned from RIP.
    Models Affected: All units supporting HA..
    Bug ID:11964
    Status: Fixed in MR3.

    4.1.22 HA override ignored if master unit reboot
    Description: If HA override is configured on a the master unit, this unit will not regain mastership of the HA
    cluster after a reboot. The override function does work for a linkfail recovery.
    Models Affected: All units supporting HA.
    Bug ID:11858
    Status: Fixed in MR3.

    4.1.23 Cannot restore configure in HA A-A mode
    Description: After the configuration file is uploaded, the master reboots and a slave unit becomes the master
    overwriting the uploaded configuration.
    Models Affected: All units supporting HA.
    Bug ID: 4345
    Status: Fixed in MR3.

    IPS
    4.1.24   ICMP sweep signature not triggered
    Description: The ICMP sweep signature is not triggered and will pass undetected.
    Models Affected: All.
    Bug ID: 12863
    Status: Fixed in MR3.

    4.1.25   Some anomalies logged but not blocked
    Description: Some anomalous traffic is logged but not blocked if configured to block: udp_dst_session and
    udp_src_session , tcp_src_session and tcp_dst_session , win_nuke
    Models Affected: All.
    Bug ID: 12853, 12502, 12548
    Status: Fixed in MR3.

    Web Filter
    4.1.26   URL Blocking fails if enabling web pattern or URL exempt
    Description: If Web Pattern Block is enabled with URL block in the protection profile that is applied to a firewall
    policy, then all URLs will be blocked. If URL exempt and URL block are enabled in the protection profile, then
    any link starting on the exempt webpage to a blocked URL will pass. Workaround is to disable Web Pattern block.
    Models Affected: All models running 2.80-MR2 only.
    Bug ID: 12545, 12555
    Status: Fixed in MR3.


    July 15, 2004                                                                                                    17
                                     This is trial version
                                     www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                           Release Notes: FortiOS™ v2.80-MR3



    VPN
    4.1.27    IKE negotiation fails when network latency > 100ms
    Description: If the network latency is more than 100 ms, the IKE negotiation may fail and an IPSec tunnel cannot
    be set-up.
    Models Affected: All models running 2.80-MR2 only.
    Bug ID: 13515, 12254
    Status: Fixed in MR3.

    4.1.28 XAUTH with User prompt timing issue
    Description: If XAUTH is configured in a Phase 1 definition, the corresponding VPN client uses XAUTH login
    prompt, the FortiGate unit will time-out before a response can be typed in. If the VPN client uses XAUTH without
    the login prompt (i.e. Pre-configured username and password), the XAUTH authentication can succeed.
    Models Affected: All models running 2.80-MR2 only.
    Bug ID: 12817
    Status: Workaround is to use “no prompt” XAUTH login on the VPN client. Fixed in MR3.

    4.1.29 Transparent mode IPSec tunnel is not established
    Description: An IPSec tunnel cannot be established to a FortiGate unit in Transparent mode.
    Models Affected: All.
    Bug ID: 12105
    Status: Fixed in MR3.

    System
    4.1.30 NIDS update must be done Manually
    Description: Automatic NIDS updates fail, but AV update succeeds even though a “generic failure” message is
    displayed in the GUI after the update completion.
    Models Affected: FortiGate-50A.
    Bug ID: 12596
    Status: Fixed in MR3.

    4.1.31 Wireless Security Password cannot be changed on GUI
    Description: The GUI does not accept any change to the WEP64 or WEP128 wireless security passwords and
    returns the error message "Invalid encryption key". Workaround is to use the CLI: “config system wireless wlan”,
    “set security ...”, “set key ...”
    Models Affected: FortiWiFi-60.
    Bug ID: 12479
    Status: Fixed in MR3.

    4.1.32   No IP address shown from CLI for PPPoE interface
    Description: The CLI does not display the obtained IP address for a PPPoE interface. The GUI does display the IP
    address.
    Models Affected: All.
    Bug ID:13221
    Status: Fixed in MR3.




    July 15, 2004                                                                                                 18
                                     This is trial version
                                     www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                            Release Notes: FortiOS™ v2.80-MR3


    4.1.33 CLI only for IP pool function,
    Description: The IP Pool function allowing different IP range and IP pool per policy is only available on the CLI.
    There is no GUI control for this feature.
    Models Affected: All.
    Bug ID:9880
    Status: Fixed in MR3.

    4.1.34 New maximum levels
    Description: Maximum levels have been updated for v2.80 running on FortiGate models 50A, 60, 100 and
    FortiWiFi-60.
                 Parameter                Maximum no.          Bug ID
    Router Access-list                             32                  13202
    Policy route                                   16                  13192
    Static routes for IPv6                          8                  13191
    Static routes for IPv4                         32                  13190
    Session-helpers ( for NAT support
    for certain protocols – H.323, SIP,
    FTP, etc.)                                    256                  13189
    DHCP exclude ranges                            16                  13188
    DHCP Servers per Virtual Domain                 8                  13186
    Zone                                           20                  13182
    IPv6 tunnel                                     4                  13178

    Models Affected: FortiGate-50A, 60, 100, FortiWiFi-60.
    Bug ID: (see table)

    4.1.35 DHCP relay problem on VLAN interface
    Description: A VLAN interface cannot relay DHCP requests.
    Models Affected: All.
    Bug ID:12667
    Status: Fixed in MR3.

    4.1.36 Rip advertisements did not support contiguous subnet environment
    Description:: The FortiGate RIP function does not advertise subnetwork routing information that is compatible
    with a contiguous subnet environment. This affects interoperability with other devices such as Cisco routers.
    Models Affected: All.
    Bug ID:12154
    Status: Fixed in MR3.

    4.1.37   Modem cannot be disabled
    Description: Neither GUI ”Enable USB Modem” nor CLI ”set status disable” could disable modem interface
    operation.
    Models Affected: All models supporting a modem interface (e.g. FortiWiFi-60, FortiGate-60, 800)
    Bug ID:11646
    Status: Fixed in MR3.




    July 15, 2004                                                                                                   19
                                     This is trial version
                                     www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                           Release Notes: FortiOS™ v2.80-MR3


    4.1.38 Limit the number of telnet and ssh management sessions
    Description: The number of CLI management sessions was not controlled leading to possible resource hogging.
    Now limit to 5 telnet and 5 ssh concurrent management sessions
    Models Affected: All.
    Bug ID:9885
    Status: Fixed in MR3.

    4.1.39 RIP key-chain send lifetime not sent
    Description: For RIP configurations using key-chain arrangements, the RIP key-chain lifetime is not sent.
    Models Affected: All.
    Bug ID:8966
    Status: Fixed in MR3.

    4.1.40 Internet Browsing over Dialup IPSec problem
    Description: When a IPSec tunnel is set up with Phase2 using “wildcard policy selector”, then Internet browsing
    does not work.
    Models Affected: All.
    Bug ID:11288
    Status: Fixed in MR3.

    4.1.41   Syslog messages not sent through IPSec tunnel
    Description: Syslog server cannot be located at the other end of an IPSec tunnel. Syslog messages are not routed
    through a IPSec tunnel.
    Models Affected: All.
    Bug ID:10498
    Status: Fixed in MR3.




    July 15, 2004                                                                                                  20
                                     This is trial version
                                     www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                            Release Notes: FortiOS™ v2.80-MR3




                    4.2 Known Issues
    AntiVirus
    4.2.1    Alert Mail does not use Replacement Message
    Description: When Alert Mail is enabled and a virus is detected, the content of the message is always the standard
    “syslog” type message even if the Replacement Message is selected in the configuration.
    Models Affected: All.
    Bug ID: 11792
    Status: Workaround is to enable from the CLI

    4.2.2    AV database fails to load when “set optimize antivirus”
    Description: When a unit is configured for “set optimize antivirus”, the firewall reboots and the console displays
    the following message before the login prompt:
    Failed to load anti-virus database. Trying to fetch the last known good
    database...
    Failed.
    Models Affected: FortiGate-5020.
    Bug ID: 12750
    Status: Workaround is run “exec formatlogdisk” from CLI. Then manually load the AV package. (Note:
    Formatting the hard drive may erase all log and quarantine files.)

    4.2.3    Replacement message not shown for upload oversized HTTP file condition
    Description: When attempting to upload an oversized HTTP file, the operation is successfully blocked but the
    replacement message is not displayed..
    Models Affected: All.
    Bug ID: 13686
    Status: Fix in MR4.

    Firewall
    4.2.4    LDAP authentication fails for HTTP authenticated Firewall Policies
    Description: The FortiGate unit will prompt for authentication as per the firewall policy with HTTP authenication
    enabled, but correct username and password does not pass LDAP authentication.
    Models Affected: All.
    Bug ID: 13734
    Status: Fix in MR4. Workaround is to authenicate with another protocol first such as TELNET or FTP.

    4.2.5    OSPF Area authentication (MD5) key indexing incorrect for Cisco interoperability
    Description: When interoperating with Cisco routers, the OSPF MD5 key authentication with the Cisco router will
    fail. The FortiGate MD5 key index as configured is actually decremented by 1 in the OSPF authentication packets.
    Models Affected: All.
    Bug ID: 13749
    Status: Fix in MR4. Workaround is to renumber the Cisco OSPF MD5 keys consecutively starting from 0 instead
    of 1.




    July 15, 2004                                                                                                    21
                                     This is trial version
                                     www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                              Release Notes: FortiOS™ v2.80-MR3


    High Availability
    4.2.6    SNMP trap is not sent when HA cluster status changed
    Description: When the HA Cluster status changes (e.g. Unit fail-over), a corresponding SNMP trap is not sent by
    the Master unit.
    Models Affected: All.
    Bug ID: 11049
    Status: Fix in MR4.

    IPS
    4.2.7    TCP/UDP_src_session limit threshold value keeps default
    Description: For the TCP or UDP_src_session limit thresholds, the new value changes on the GUI and CLI, but
    the default value continues to be used.
    Models Affected: All.
    Bug ID: 12811
    Status: Workaround is to enter the CLI command: “diag ips anomaly clear”. Fix in MR4.

    Content Filtering
    4.2.8    POP3 messages not tagged with banned word in message body
    Description: With the Spam Filter enabled, POP3 messages are not tagged as [SPAM] if the email subject header
    is empty and there is a banned word in the email body.
    Models Affected: All.
    Bug ID: 13981
    Status: Fix in MR4.

    VPN
    4.2.9    IPSec IKE rekey within before key lifetime
    Description: When a IPSec tunnel is established to a FortiGate interface with a DHCP or PPPoE assigned IP
    address, the IKE rekey occurs at short (less than 1 minute) intervals.
    Models Affected: All.
    Bug ID:14062
    Status: Fix in MR4.

    4.2.10 Only a single subnet of dial-up address group applies to encrypt firewall policy
    Description: When a IPSec dial-up client is using an address group for the source address, the FortiGate VPN
    Gateway firewall policy applies only to the last entry in the dial-up client address group.
    e.g. On the FortiGate dial-up server, the encrypt policy source-to-destination is :192.168.2.0->all. On dialup client:
    192.168.4.0+192.168.22.0(address group)->192.168.2.0. Then, the resulting dial-up encrypt firewall policy is:
    192.168.2.0-> 192.168.22.0
    Models Affected: All.
    Bug ID:13786
    Status: Fix in MR4. Workaround is to create a dedicated tunnel on the VPN Gateway just for this client (with a
    matching policy), or make the client initiate separate tunnels for each address subnet.




    July 15, 2004                                                                                                      22
                                      This is trial version
                                      www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                                             Release Notes: FortiOS™ v2.80-MR3


    Log and Report
    4.2.11 Syslog messages sent at wrong facility level if changed from default level7
    Description: When the CLI is used to configuring a custom log facility level (such as local2) the actual facility
    used is incorrect. For example, when the the log facility configuration is for local5, the generated syslog messages
    will be received at local0; if configured for local2, then the syslog message itself has a facility of “unknown”.
    Models Affected: All.
    Bug ID:14057
    Status: Fix in MR4.

    System
    4.2.12 DHCP over IPSEC uses old IP address after change of interface IP address
    Description: The DHCP relay agent for IPSec tunnels continues to use the old interface IP address after changing
    the IP address of the interface connected to the external DHCP server.
    Models Affected: All.
    Bug ID: 14061
    Status: Fix in MR4. Workaround is to disable and then re-enable the DHCP relay function after changing the
    interface IP address.

    4.2.13 No apparent output when connecting with “ssh -T”
    Description: Delayed buffered output when using ssh -T option makes it appear that there is no output or that the
    management connection has failed.
    Models Affected: All.
    Bug ID: 13023
    Status: Fix in MR4.

    4.2.14 Dynamic IP GUI sometimes displays incorrect data
    Description: The first time a PC client gets its DHCP address from FortiGate DHCP server, the Dynamic IP page
    is blank. But after PC releases and renews the IP address, the DHCP address can be displayed. The lease expiry
    shown is also incorrect but the PC client does receive the correct lease expiry.
    Models Affected: All.
    Bug ID: 8282, 13743
    Status: Fix in MR4.

    4.2.15 Proxy tunneling for AV/NIDS updates is not available
    Description: Using a HTTP proxy for requesting and receiving AV/NIDS update is not available. This applies to
    both automatic and on-demand (“Update Now”) updates.
    Models Affected: All.
    Bug ID: 13758
    Status: Fix in MR4.




    July 15, 2004                                                                                                     23
                                      This is trial version
                                      www.adultpdf.com
http://laptop1.blogbus.com/
    Fortinet Inc.                                           Release Notes: FortiOS™ v2.80-MR3




    5 Image Checksums
    MD5 Checksums:

    c384384f4d745c419a80dafbee3fba65   *FGT_100-v280-build184-FORTINET.out
    47e635a5ad397bc9cd93a14444985233   *FGT_1K-v280-build184-FORTINET.out
    c1a4ac310ba0a7d0a6a0353ca66984f3   *FGT_200-v280-build184-FORTINET.out
    6e52174f23dc9a9d42a76255cfa395d5   *FGT_3000-v280-build184-FORTINET-100vd.out
    bdde5d99644097fa96b57544646fe9bd   *FGT_3000-v280-build184-FORTINET-250vd.out
    e43d61b9b2f9081635503fe57cfc0f1a   *FGT_3000-v280-build184-FORTINET-25vd.out
    6c58fc4f34fd4328f1d5794f5a75a344   *FGT_3000-v280-build184-FORTINET-50vd.out
    9d47e7c7654660995d1c7dd3e2986570   *FGT_3000-v280-build184-FORTINET-5vd.out
    386d7926655961ee0d2e40686931dc8c   *FGT_3000-v280-build184-FORTINET.out
    f667148a28f71e4991e50173faf5a0c4   *FGT_300-v280-build184-FORTINET.out
    eb345327aceaa968112e4ea78d7821b2   *FGT_3600-v280-build184-FORTINET-100vd.out
    0d3377542f71a91f6138158e127f1fb1   *FGT_3600-v280-build184-FORTINET-250vd.out
    36def195e8f69e2937f7f931bba8cea4   *FGT_3600-v280-build184-FORTINET-25vd.out
    f3567149bae44be27e2238482554abdc   *FGT_3600-v280-build184-FORTINET-50vd.out
    76ef2306726776c6fa3d78ec2b303978   *FGT_3600-v280-build184-FORTINET-5vd.out
    fe452d1b2e7d2924d3b3dc11832e09cf   *FGT_3600-v280-build184-FORTINET.out
    fe2e8eaa660ac2eb6366543501fb54aa   *FGT_4000-v280-build184-FORTINET-100vd.out
    eb2d815ede960fcb46082eafdc39cc82   *FGT_4000-v280-build184-FORTINET-25vd.out
    a4c19bc13c44702e18319ec5e278f8ac   *FGT_4000-v280-build184-FORTINET-50vd.out
    81789f3c310f38acef5c20e39992c286   *FGT_4000-v280-build184-FORTINET-5vd.out
    9da39fc1ce957bb9d280f919aa7bdb38   *FGT_4000-v280-build184-FORTINET.out
    46e756935414aa870dedd1fe4530ec6f   *FGT_400-v280-build184-FORTINET.out
    ae72c26cf26b7f6ec39495902226a55c   *FGT_5000-v280-build184-FORTINET-100vd.out
    c3305a7dfab11fbc6fff1c0b350c0a45   *FGT_5000-v280-build184-FORTINET-25vd.out
    68b5033f6e622240b2e39a0cfc31bdd7   *FGT_5000-v280-build184-FORTINET-50vd.out
    3f10600d94ecb55c358901d140267bed   *FGT_5000-v280-build184-FORTINET-5vd.out
    a32ee3a6306982f0f3e8e92e1e79ae78   *FGT_5000-v280-build184-FORTINET.out
    0f78b5f7f4a81ffc2133c8d8b6d2e6fb   *FGT_500-v280-build184-FORTINET.out
    9b2f809b10e9e866b5fa492b1dc1b84b   *FGT_50A-v280-build184-FORTINET.out
    f4630bb72b4cef4b12b58f9a085e3814   *FGT_60-v280-build184-FORTINET.out
    7a76744a359b814ba21c26f285407635   *FGT_800-v280-build184-FORTINET.out
    4d2d0c11eb5720334ffda25c5b64f3a4   *FWF_60-v280-build184-FORTINET.out




                                  (End of Release Notes.)




    July 15, 2004                                                                         24
                          This is trial version
                          www.adultpdf.com

								
To top