Die Fortinet-Woche zusammengefasst (KW25)

Liebe Fortinet-Partner,

hiermit erhalten Sie wieder die Zusammenfassung der letzten Woche:

Releases in the past 7 days (RSS feed)

• FortiOS 5.6.5 (release notes)
• • Azure Stack support
  • Many bug fixes
• FortiMail 5.4.6 (release notes)
• • Fixed issue with delivery to Google Business Email Service
  • Increased max number of IP pools
  • Bug fixes and resolved vulnerabilities

Lifecycle Announcements – End of Orders (RSS feed)

• Ear bracket for rack mounting SP-EAR-FG310B (replace with SP-EAR-FG300D)
  EOO: Sep 20, 2018 / EOS: Sep 20, 2023 (cf. EOO Announcement in the Support Portal)

Vulnerabilities

• PSIRT advisory FG-IR-18-006 (CVE-2018-1351:( XSS vulnerability in device configuration revision history display of FortiManager 6.0.0 and below (low risk)
• PSIRT advisory FG-IR-18-014 (CVE-2018-1354:( Access control vulnerability for avatar picture upload in FortiAnalyzer and FortiManager 6.0.0 and below (low risk)
• PSIRT advisory FG-IR-18-022 (CVE-2018-1355:( Open redirect vulnerability in FortiView of FortiAnalyzer and FortiManager 6.0.0 and below (low risk)
• PSIRT advisory FG-IR-18-027 (CVE-2018-9185:( user credential exposure vulnerability in SSL VPN web portal with SSO for FortiOS 6.0.0 and below (medium risk)

Tools and Documentation 
(Knowledge Base RSS feed, Cookbook RSS feed)

• FortiSandbox SaaS Public Cloud FAQ (Partner portal)
• FortiCast (31:00 min): Security round table led by Alan Newman with Jeannette Jarvis (Director or Product Marketing for FortiGuard Labs), Derek Manky (Threat Strategy), Jonathan Nguyen-Duy (VP Strategy and Analytics) (SoundCloud,FortiCast page, YouTube)
• Fortinet Cookbook: Enterprise 2-tier FortiSwitch architecture with MCLAG (link)
• Fortinet Cookbook: How to prevent SSL inspection certificate warnings with self-signed certificates in FortiOS 6.0 (link)
• Fortinet Cookbook: How to troubleshoot SSL VPN issues (link)
• Fortinet Cookbook (expert): FGCP Virtual Clustering with two and four FortiGates in FortiOS 5.6 (two, four)
• Fortinet Cookbook (expert): FGCP Virtual Clustering with two FortiGates in FortiOS 5.6 (link)
• Technical Note: How to debug FortiAuthenticator services with https:///debug/ (link)
• Technical Note: How to insert special symbol ? in the FortiOS CLI (link)
• Technical Note: Special behavior of event type and event name display fields in FortiSIEM Analytics (link)
• Technical Note: How to manually test SNMP on devices from the FortiSIEM command line (link)
• FortiGate deployment guide for FortiOS 6.0 on Microsoft Azure/Azure Stack (Fortinet Virtualization Document Library)
• New Fortinet Transceivers datasheet (link)

Marketing

• Cool video showing off single channel wifi performance in a FPV car race through a building (2:17 min on YouTube)

Security Research

• Update on Thrip, a cyber espionage group recently discovered and analyzed by Symantec and shared through the Cyber Threat Alliance (Fortinet blog)
• Research report how you can protect your privacy in the Internet using browser plug-ins, VPNs and TOR (Fortinet blog)

News / Blogs

• Overview of this week’s NSE EMEA Xperts Academy in Cannes (Fortinet blog)
• Trends in the wireless market and summary of the three solutions Fortinet offers (Fortinet blog)
• Resolving the challenges of IT and OT convergence (Fortinet blog)
• Darkreading article on automated attack chains and how to defend against (Fortinet blog, Darkreading.com)
• Fortinet Security Fabric Ready Partner Video: Fortinet Security Fabric and Nozomi Demo for Operation Technology (OT) (2:03 min on YouTube)
• Fortinet Security Fabric Ready Partner Video: Fortinet Security Fabric and Ziften Demo (6:35 min on YouTube)
• Fortinet CISO Phil Quade’s insights on why we need a security renaissance to bridge 20th and 21st century security strategy (10:43 min on YouTube)
• FortiOS 6.0 feature demo (5:50 min on YouTube)
• Interview with the CTO of Ubiqube, an MSSP partner of Fortinet, about Security automation and orchestration (3:42 min on YouTube)
• Interview with the CTO of orchestration vendor Cloudify about embedded security from Fortinet in its TOSCA framework (4:12 min on YouTube)

Outlook

• This week is the NSE EMEA Xperts Academy. For those of you attending: Have a good time in Cannes!
• (DE) Fortinet Reseller Webinar - Sales & Tech Update Q2 (Session B) - 25. Juni um 15:00 Uhr
  

* Disclaimer: This summary is based on best effort by the Swiss Fortinet SEs. While we try to get all relevant information of the week into this summary, we might miss some information as we collect it or other mistakes may happen. Therefore, don't base your decisions on this summary, but check the authoritative sources yourself.