Beware, as this release has a major bug in SSL VPN. When uer is in multiple groups that grants different access in SSL VPN, only the first group is working. For example:
User x is in group vpn_a, and vpn_b, group vpn_a grants access to 22.214.171.124 and group vpn_b grants access to 126.96.36.199. After upgrading to 5.6.9, user can no longer access 188.8.131.52. After removing him from vpn_a group he can access 184.108.40.206 again.
Once again - our VPN gateway is broken after upgrade.
When it will be fixed? In 6 months? or 7? So I must live with vulnerable VPN till then?
Seriously, I don't have words for fortinets' QA. Because it does not exist!
I am also interesting for Upgrade details and Release notes are for me primary source of knowledge about upgrade. When you look on any firmware upgrade cookbook released by Fortinet there is: make a backup and read the release notes. That why last time I am really dissapointed about 'quality' of release notes. On firmware 5.6.9 release notes was typo with 5.4.11 firmware version and NO informations about what is CVE-2018-13382.....
Yesterday was 5.4.11 release with this same CVE-2018-13382..... and guess what? still no info about that CVE. I checked on the mitre.org and just info about reservation.... So i decided to chat with technican from Fortinet. I wasted 20 minutes on queue and I received following information:
The vulnerability is about: SSL VPN user password modified.
Currently, the CVE is reserved but not published. You should be able to find additional information with that on our PSIRT page [link]https://fortiguard.com/psirt[/link] once the information has been published.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.