FortiOS 5.0.10 (the FIPS version) Severe / Emergency Bug Fix Pending
The secondary unit in a FortiGate active/passive cluster bricks (i.e., fails closed and must be re-imaged) after FIPS self-tests under certain conditions, two of them being: when it can't contact the master; when it is given the master's configuration file. Anyone with a FortiGate 5.0.10 active/passive cluster in FIPS-CC mode will not be able to maintain the cluster. It was first thought that the issue was limited to "D" series units, but it was later discovered the bug is related to all FortiGate platforms (i.e., it is specific to FortiOS 5.0.10.)
An "emergency" code fix of FortiOS 5.0.10 is underway which will be released as 5.0.13. We were assured by FortiNet this would not affect the FIPS 140 certification of FortiOS. The fix is expected to be released by the end of the month.
The fix for this issue has been released. The current fix is not publicly available. If you are having the previously described issue you can call their support and request a copy. The timeline for 5.0.13 looks like sometime in August at this point, as it must go through their QA testing and NIST Labs.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.