Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
trauthor
New Contributor II

FortiOS 5.0.10 (the FIPS version) Severe / Emergency Bug Fix Pending

The secondary unit in a FortiGate active/passive cluster bricks (i.e., fails closed and must be re-imaged) after FIPS self-tests under certain conditions, two of them being:  when it can't contact the master; when it is given the master's configuration file.  Anyone with a FortiGate 5.0.10 active/passive cluster in FIPS-CC mode will not be able to maintain the cluster.  It was first thought that the issue was limited to "D" series units, but it was later discovered the bug is related to all FortiGate platforms (i.e., it is specific to FortiOS 5.0.10.)

 

An "emergency" code fix of FortiOS 5.0.10 is underway which will be released as 5.0.13.  We were assured by FortiNet this would not affect the FIPS 140 certification of FortiOS.  The fix is expected to be released by the end of the month.

1 REPLY 1
trauthor
New Contributor II

The fix for this issue has been released.  The current fix is not publicly available.  If you are having the previously described issue you can call their support and request a copy.  The timeline for 5.0.13 looks like sometime in August at this point, as it must go through their QA testing and NIST Labs.

 

Cheers