Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alex_Libenson
New Contributor

2.80 MR6 is back again

Now available with full Release Notes. 3.11 Enhancements provided by MR6 3.11.1 AV/NIDS Updates • Fortinet Protection System server connection reliability Description: To improve reliability of the scheduled AV/NIDS update during busy network periods (e.g. after a Push Update Notification is received by the FortiGate unit), the ' minute' field of the scheduled update is assigned a random value. The ' minute' field can still be configured through the CLI. Any ' minute' value (0-59) is now allowed and a value of 60 means to choose a random value. • Improved update logs Description: Modified the AV/NIDS update log message to include the version of the updates. e.g.: Fortigate updated <AV database version> <IDS database version> <AV Engine version> <IDS Engine version> <FortiShield Database status> 3.11.2 WebUI Enhancements • Persistent log columns GUI Description: When customizing the columns of the log message display, the order is stored in a browser “cookie” so that when returning to the log display webpage the column arrangement is retained for the current WebUI session. • FortiShield Anti-Spam Description: FortiShield Anti-Spam is the new name for the Fortinet DNSBL subscription service available in late Q4-2004. (DNS-BL is also commonly know as “RBL” or real-time black list.) • Policy ID in session monitor Description: The session monitor page in the WebUI now shows the corresponding firewall policy ID number. 4 MR6 Release Issues 4.1 Resolved Issues AntiVirus 4.1.1 Large POP3 message may not download Description: With AV scanning enabled, when a POP3 mail message reaches the oversize file limit with the action set to “pass”, the FortiGate firewall will send a NOOP command to the POP3 mail server while transferring the partial message to the client. The FortiGate attempts to resume the message download from the server, but the server has timed out and closed the connection. Models Affected: All. Bug ID: 11298 Status: Fixed in MR6. 4.1.2 AV sessions do not use session ttl timeout Description: In transparent mode, AV scanned HTTP sessions time out in 40 seconds even though the session_ttl timeout has been configured through the CLI to a longer time period. Models Affected: All. Bug ID:16632 Status: Fixed in MR6. 4.1.3 Secure sites or login pages load slowly Description: When AV scanning enabled for HTTP, access is very slow to certain secure (HTTPS) sites or to login pages using scripting. Models Affected: All. Bug ID: 17309 Status: Fixed in MR6. 4.1.4 Quarantine name display missing or incorrect Description: The file names for quarantined virus files may be missing or be displayed incorrectly after capturing multiple instances of the same virus file. Models Affected: All. Bug ID: 14870, 17133 Status: Fixed in MR6. Firewall 4.1.5 H.323 UDP traffic sometimes dropped Description: UDP (video) traffic sometimes gets dropped when carried over H.323 protocol when end points switch from the standard ports to high ports for the UDP streams Models Affected: All. Bug ID: 15121 Status: Fixed in MR6 4.1.6 Authenticated policy timeout during active traffic Description: A firewall policy with authentication enabled will timeout after the global authentication idle period (System -> Config -> Options -> Timeout Settings – Auth timeout) even when there is active policy traffic. Models Affected: All. Bug ID: 16231 Status: Fixed in MR6 November 18, 2004 16 Fortinet Inc. Release Notes: FortiOS™ v2.80-MR6 4.1.7 NetBIOS forwarding fails when broadcast flag set Description: NetBIOS/WINS forwarding does not work when broadcast flag set in the packet. Unicast or hybrid mode NetBIOS traffic is unaffected and is forwarded correctly. Models Affected: All. Bug ID: 16490 Status: Fixed in MR6 4.1.8 WINS Server IP address change requires reboot Description: When NetBIOS/WINS forwarding is enabled, a WINS server IP address change requires a reboot to take effect. Models Affected: All. Bug ID: 16826 Status: Fixed in MR6. 4.1.9 Active FTP sessions and VIP Description: When using VIP port-forwarding to an internal FTP server , some FTP clients cannot establish the connection to the server when using active FTP. In active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server' s command port, port 21. Then, the client starts listening to port N+1and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client' s specified data port from its local data port, which is port 20. Models Affected: All. Bug ID: 18020 Status: Fixed in MR6. IPS 4.1.10 MSN Messenger not blocked Description: For a NAT outgoing policy with AV and IPS enabled in the protection profile, clients still can log in to MSN Messenger and initiate a chat session though the FortiGate firewall. Models Affected: All. Bug ID: 16141 Status: Fixed in MR5. High Availability 4.1.11 Grayware settings not synchronized Description: Select or deselect grayware items on Master from HA cluster webUI but checking configuration of a slave from CLI shows the items are deselected. Workaround was to reboot the slave unit to force a full synchronization of configuration settings. Models Affected: All. Bug ID: 16452 Status: Fixed in MR6. 4.1.12 HA Master status change does not generate an alert email Description: HA Master unit status changes (slave becomes master or dead master detected) do not generate an alert email message. Models Affected: All. Bug ID: 17010 Status: Fixed in MR6. Alert email now sent from new Master unit. (Note: Alert mails for Slave events are not generated. See Bug ID #10259) November 18, 2004 17 Fortinet Inc. Release Notes: FortiOS™ v2.80-MR6 4.1.13 Slave failed to clear some settings after reset to factory defaults Description: Clear slave' s configuration setting by the CLI command " exec factorydefaults" , but after rebooting the slave is still in HA cluster and reports " slave is not sync with master" . Models Affected: All. Bug ID: 16277, 16196 Status: Fixed in MR6. 4.1.14 AV/NIDS signature synchronization on slave unit Description: Update error in slave unit' s event log: “FortiGate update failed”; yet synchronization of signatures appears to be working properly (AV packages are up-to-date on slave). Models Affected: All. Bug ID: 16455 Status: Fixed in MR6. Content Filtering 4.1.15 Spam filter lists Disable/Enable All from WebUI does not take effect Description: From the WebUI, “uncheck all” or “check all” does not take effect. Workaround is to disable/enable list entries individually, or after a reboot the “disable/enable all” will take effect. Models Affected: All. Bug ID: 16781, 15913 Status: Fixed in MR6. 4.1.16 Email address filter case sensitive Description: Email address filter entries are case sensitive when they should be case insensitive. For example, Abc@nowhere.com should be equivalent to any combination of upper and lower-case letters: aBC@Nowhere.com, aBc@nOWHERe.Com, etc. Models Affected: All. Bug ID: 3499 Status: Fixed in MR6. 4.1.17 Return email address domain check Description: Some e-mail messages failed the return e-mail DNS check and yet “FROM:” e-mail domain passes DNS check using a different DNS server. Models Affected: All. Bug ID: 17737 Status: Fixed in MR6. VPN 4.1.18 FortiClient VPN software connecting to FortiGate hub cannot connect Description: The dial-up tunnel from a FortiClient endpoint in a concentrator configuration does not come up. Models Affected: All. Bug ID: 16903 Status: Fixed in MR6. Must use “wildcard selector” in Phase 2 setting. 4.1.19 Similarly named Dial-up IPSec tunnels do not establish Description: Dialup IPSec policies cannot match the correct Phase2 configuration when multiple Phase2 names share the same base name string and only differ by a numeric suffix: e.g. “p2” and “p22” are not distinguished. Models Affected: All. Bug ID: 15265 Status: Fixed in MR6. November 18, 2004 18 Fortinet Inc. Release Notes: FortiOS™ v2.80-MR6 4.1.20 PPTP authentication fails after adding new user Description: PPTP authentication will fail for all users after a new user is added to an existing User Group. Workaround requires a system reboot after the new user is added. Models Affected: All. Bug ID: 17736 Status: Fixed in MR6. 4.1.21 Encrypt policies for Dialup IPsec tunnels do not work with address groups Description: When an address group is used in an encrypt policy for an IPSec dialup server only the first subnet belonging to this address group can be accessed from peer subnet. Models Affected: All. Bug ID: 16762, 15265 Status: Fixed in MR6. Log and Report 4.1.22 Traffic log messages do not show interface information Description: All ' source interface ' and ' destination interface' fields in traffic log messages became ' n/a' . Models Affected: All. Bug ID: 16547 Status: Fixed in MR6. 4.1.23 Traffic log in v2.80 is not consistent with v2.50 Description: In FortiOS v2.50 the protocol is a number and the service is the port/protocol. Models Affected: All. Bug ID: 16870 Status: Fixed in MR6. System 4.1.24 Update Center settings cannot be changed from WebUI Description: The Update Center WebUI does not accept any changes. Clicking “Apply” or “Update Now” displays the error message “CFG_CLI_INTERNAL_ERR”. Workaround is to use the CLI commands to modify the Update Center settings: config system autoupdate <pushupdate/schedule> Models Affected: All. Bug ID: 16454 Status: Fixed in MR6. 4.1.25 IPS anomaly page in Web slow to display Description: When accessing the IPS anomaly screen through the WebUI, the page display is very slow and could take 2-3 minutes to fully render. Repeated clicking on the Anomaly menu link increases the delay since each click is a new request to redraw the page. Models Affected: All. Bug ID: 16809 Status: Fix in MR6 4.1.26 FortiGate DHCP client renewal stops Description: After few (less than 3 times) successful DHCP IP address renewals, the FortiGate DHCP client will stop sending a DHCP renew message. Workaround is to change the interface mode to static and then change back to DHCP mode again. Models Affected: All. Bug ID: 15725, 16554 November 18, 2004 19 Fortinet Inc. Release Notes: FortiOS™ v2.80-MR6 Status: Fixed in MR6. 4.1.27 Modem interface does not back-up WAN2 interface. Description: The Modem interface can be set as a back-up should another interface fail. When WAN2 interface goes down the Modem interface does not automatically connect as the back-up connection. Models Affected: FortiWiFi-60. Bug ID: 16872 Status: Fixed in MR6. 4.1.28 Certain SNMP traps functional Description: Several SNMP traps are not working: portscan, syn_flood, virus detection, cpu overusage, low memory, warm start, cold start, link up, link down. Only 5 types of traps that are successfully generated are: interface ip change, management ip change, vpn tunnel up, vpn tunnel down, ha status change Models Affected: All. Bug ID: 16624 Status: Fix in MR6. 4.1.29 Setting for “web pattern block” not cleared Description: Executing a reset factory defaults does not clear the web pattern block settings of the previous configuration. Models Affected: All. Bug ID: 16275 Status: Fixed in MR6. 4.1.30 Secondary IP subnet cannot overlap Primary IP address Description: Cannot assign secondary IP & primary IP addresses that belong to the same subnet on an interface. Models Affected: All. Bug ID: 15933 Status: Fixed in MR6. 4.1.31 Alert Email address changes through WebUI Description: Any changes to the email address settings in the Alert Email screen causes an error message pop-up and the change is not applied. Workaround is to use the CLI. Models Affected: All models running 2.80-MR4 or MR5. Bug ID: 16179 Status: Fixed in MR6. 4.1.32 Ping server requires a static route Description: In cases where an interface automatically acquires an IP address (e.g. DHCP or PPPoE) and ping server is on a connected network (same subnet), the ping server function does not work since a static route (e.g. Default route) to the target server is required. Models Affected: All. Bug ID: 16470 Status: Fixed in MR6. 4.1.33 RIP advertisements incorrect when secondary IP addresses defined Description: The secondary IP address is being used in RIP v2 packets of the primary IP address even though the network for secondary IP address has not been added into RIP network configuration. Models Affected: All. Bug ID: 16515 Status: Fixed in MR6. November 18, 2004 20 Fortinet Inc. Release Notes: FortiOS™ v2.80-MR6 4.1.34 Alert email messages sometimes rejected by SMTP mail servers Description: Certain SMTP mail servers require a non-empty “Reply-to” email header. Current Alert email messages leave this header empty causing a rejection of the email message. Models Affected: All models. Bug ID: 17561 Status: Fixed in MR6. Added “reply-to” header 4.1.35 Ping server with PPPoE interfaces and policy routing Description: The ping server does not support policy routing with PPPoE interfaces as outgoing interface. Models Affected: All models. Bug ID: 17892 Status: Fixed in MR6. 4.1.36 Multiple DHCP relay or servers on the same port Description: If multiple DHCP relays or servers that were all accessed through the same interface of the FortiGate unit, only the first relay or server would work. Models Affected: All models. Bug ID: 16409, 17195 Status: Fixed in MR6. 4.1.37 DHCP relay ARP with external IP Description: DHCP relay would ARP DHCP server with address of the DHCP relay interface instead of the FortiGate interface closest to the DHCP server. This could cause problems for hosts which do not honour ARP requests from outside the local link. Models Affected: All models. Bug ID: 16783 Status: Fixed in MR6. 4.1.38 SNMP responses Description: SNMP interface GET requests are not completed. Models Affected: FortiWiFi-60. Bug ID: 16473 Status: Fixed in MR6. Description: FortiManager specific SNMP trap is not sent for PPPoE and DHCP address changes, Models Affected: All models. Bug ID: 16892, 16873, 16833, 16330 Status: Fixed in MR6. Description: Some SNMP agents cannot perform snmp-walk due to dependency on successive indexes being larger than the previous. Sort routing table first and then return the requested entry thus ensuring the order expected by snmpwalk. Models Affected: All models. Bug ID: E91 Status: Fixed in MR6. 4.1.39 WebUI Fixes Description: Display of the IPS anomaly page is very slow. Models Affected: All models running v2.80-MR5. Bug ID: 16809 Status: Fixed in MR6.
1 REPLY 1
Not applicable

Hi, I want to notice, SPLICE (SMTP) is a default option now, so after the upgarde you will get splice enabled on all profiles. After the upgarde my Exchange 2003 failed to receive emails from mail relay server because of splice...(I did the upgrade two times - to build 290 and to build 292 and SPLICE has been enabled after both upgardes, so after the upgrades you should unset it if you don' t want to use it)
Labels
Top Kudoed Authors