FortiOS 5.0.10 (the FIPS version) Severe / Emergency Bug Fix Pending

Forum|Forum|10 years ago
June 19, 2015
1 reply
2850 views

The secondary unit in a FortiGate active/passive cluster bricks (i.e., fails closed and must be re-imaged) after FIPS self-tests under certain conditions, two of them being: when it can't contact the master; when it is given the master's configuration file. Anyone with a FortiGate 5.0.10 active/passive cluster in FIPS-CC mode will not be able to maintain the cluster. It was first thought that the issue was limited to "D" series units, but it was later discovered the bug is related to all FortiGate platforms (i.e., it is specific to FortiOS 5.0.10.)

An "emergency" code fix of FortiOS 5.0.10 is underway which will be released as 5.0.13. We were assured by FortiNet this would not affect the FIPS 140 certification of FortiOS. The fix is expected to be released by the end of the month.

trauthorAuthor

New Member

The fix for this issue has been released. The current fix is not publicly available. If you are having the previously described issue you can call their support and request a copy. The timeline for 5.0.13 looks like sometime in August at this point, as it must go through their QA testing and NIST Labs.

Cheers

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded