FortiOS v4.0 MR3 Patch Release 14 Release Notes

FortiOS v4.0 MR3 Patch Release 14Release Notes

FortiOS v4.0 MR3 Patch Release 14 Release Notes

May 16, 2013

01-4314-205832-20130516

Copyright 2013 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

Technical Documentation docs.fortinet.com

Knowledge Base kb.fortinet.com

Customer Service & Support support.fortinet.com

Training Services training.fortinet.com

FortiGuard fortiguard.com

Document Feedback [email protected]

URL filter .......................................................................................................... 13FortiGuard log filter .......................................................................................... 13

FortiGuard log setting ...................................................................................... 14

Upgrade procedure................................................................................................ 14Table of Contents

Change Log....................................................................................................... 5

Introduction....................................................................................................... 6Supported models ................................................................................................... 6

FortiGate ............................................................................................................ 6FortiWiFi ............................................................................................................. 6FortiGate VM...................................................................................................... 6FortiSwitch ......................................................................................................... 7

FortiOS Carrier.................................................................................................. 8Supported models ................................................................................................... 8

FortiCarrier ......................................................................................................... 8

Special Notices................................................................................................. 9TFTP boot process .................................................................................................. 9

Monitor settings for Web-based Manager access .................................................. 9

Before any upgrade ................................................................................................. 9

After any upgrade .................................................................................................... 9

Memory logging ....................................................................................................... 9

FortiGate 1240B upgrade and downgrade limitations........................................... 10

Upgrade Information ...................................................................................... 11Upgrading from FortiOS v4.0 MR3 ........................................................................ 11

FortiAnalyzer log upload option ....................................................................... 11Disk logging ..................................................................................................... 11Historical reports upgrade limitation................................................................ 12SQL logging upgrade limitation ....................................................................... 12

Upgrading from FortiOS v4.0 MR2 ........................................................................ 12DDNS ............................................................................................................... 12DNS server....................................................................................................... 12Ping server ....................................................................................................... 13Central management........................................................................................ 13SNMP community ............................................................................................ 13Modem settings ............................................................................................... 13AMC slot settings............................................................................................. 13Wireless radio settings..................................................................................... 13Web filter overrides .......................................................................................... 13Firewall policy settings..................................................................................... 13Page 3

Downgrading to previous FortiOS versions........................................................... 15

Product Integration and Support .................................................................. 16Web browser support ............................................................................................ 16

FortiManager support ............................................................................................ 16

FortiAnalyzer support............................................................................................. 16

FortiClient support ................................................................................................. 16

FortiAP support...................................................................................................... 16

Virtualization software support .............................................................................. 17

Fortinet Single Sign-On (FSSO) support................................................................ 17

FortiExplorer support (Microsoft Windows/Mac OS X).......................................... 17

AV Engine and IPS Engine support ....................................................................... 17

Language support.................................................................................................. 18

Module support...................................................................................................... 18

SSL VPN support................................................................................................... 20SSL VPN standalone client .............................................................................. 20SSL VPN web mode ........................................................................................ 20SSL VPN host compatibility list ....................................................................... 21

Explicit web proxy browser support ...................................................................... 22

Resolved Issues.............................................................................................. 23High Availability................................................................................................ 23IPsec VPN ........................................................................................................ 23System ............................................................................................................. 23

Known Issues.................................................................................................. 24Logging and Reporting .................................................................................... 24SSL VPN .......................................................................................................... 24

Limitations....................................................................................................... 25Citrix XenServer limitations.................................................................................... 25

Open Source Xen limitations ................................................................................. 25

Image Checksum............................................................................................ 26

Appendix A: FortiGate VM ............................................................................. 27FortiGate VM model information............................................................................ 27

FortiGate VM firmware........................................................................................... 28Table of Contents Page 4 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Change Log

Date Change Description

2013-05-16 Initial release.Page 5

Introduction

This document provides a summary of enhancements, support information, installation instructions, integration, resolved and known issues in FortiOS v4.0 MR3 Patch Release 14 build 0665.

Supported models

FortiOS v4.0 MR3 Patch Release 14 supports the following models.

FortiGate

FG-20C, FG-20C-ADSL-A, FG-30B, FG-40C, FG-50B, FG-51B, FG-60B, FG-60C, FG-60C-POE, FG-80C, FG-80CM, FG-82C, FG-100A, FG-100D, FG-110C, FG-111C, FG-200A, FG-200B, FG-200B-POE, FG-224B, FG-300A, FG-300C, FG-310B, FG-310B-DC, FG-311B, FG-400A, FG-500A, FG-600C, FG-620B, FG-620B-DC, FG-621B, FG-800, FG-800C, FG-800F, FG-1000A, FG-1000A-FA2, FG-1000A-LENC, FG-1000C, FG-1240B, FG-3016B, FG-3040B, FG-3140B, FG-3600, FG-3600A, FG-3810A, FG-3950B, FG-3951B, FG-5001, FG-5001A, FG-5001B, FG-5001FA2, FG-5002FB2, FG-5005FA2, FG-5101C, and FG-ONE.

FortiWiFi

FWF-20C, FWF-20C-ADSL-A, FWF-30B, FWF-40C, FWF-50B, FWF-60B, FWF-60C, FWF-60CM, FWF-60CX-ADSL-A, FWF-80CM, and FWF-81CM.

FortiGate VM

FG-VM32 and FG-VM64.

FG-3240C

This model is released on a special branch based off of FortiOS v4.0 MR3 Patch Release 14. As such, the build number found in the System > Dashboard > Status page and the output from the get system status CLI command displays 6910 as the build number.To confirm that you are running the proper build, the output from the get system status CLI command has a Branch point field that should read 0665.

FG-VM64-XEN

This model is released on a special branch based off of FortiOS v4.0 MR3 Patch Release 14. As such, the build number found in the System > Dashboard > Status page and the output from the get system status CLI command displays 5934 as the build number.To confirm that you are running the proper build, the output from the get system status CLI command has a Branch point field that should read 0665.Introduction Page 6 FortiOS v4.0 MR3 Patch Release 14 Release Notes

FortiSwitch

FS-5203B.

See http://docs.fortinet.com/fgt.html for additional documents on FortiOS v4.0 MR3.Introduction Page 7 FortiOS v4.0 MR3 Patch Release 14 Release Notes

FortiOS Carrier

This chapter provides platform support information for FortiOS Carrier v4.0 MR3 Patch Release 14 build 0665.

Supported models

FortiOS Carrier v4.0 MR3 Patch Release 14 supports the following models.

FortiCarrier

FCR-3810A, FCR-3950B, FCR-3951B, FCR-5001, FCR-5001A, FCR-5001B, FCR-5001FA2, and FCR-5005FA2.

Firmware image filenames begin with FK.

See http://docs.fortinet.com/fgt.html for additional documents on FortiCarrier v4.0 MR3.FortiOS Carrier Page 8 FortiOS v4.0 MR3 Patch Release 14 Release Notes

set status enableendSpecial Notices

TFTP boot process

The TFTP boot process erases all current firewall configuration and replaces it with the factory default settings.

Monitor settings for Web-based Manager access

Fortinet recommends setting your monitor to a screen resolution of 1280x1024. This allows for all the objects in the Web-based Manager to be viewed properly.

Before any upgrade

Save a copy of your FortiGate unit configuration prior to upgrading. To backup your FortiGate unit configuration go to System > Dashboard > Status. In the System Information widget select Backup under System Configuration. Save the configuration file to your local hard drive.

After any upgrade

If you are using the Web-based Manager, clear your browser cache prior to login on the FortiGate to ensure the Web-based Manager screens are displayed properly.

The virus and attack definitions included with an image upgrade may be older than ones currently available from the FortiGuard Distribution Server. Fortinet recommends performing an Update Now (System > Config > FortiGuard > Antivirus and IPS Options) after upgrading. Consult the FortiOS 4.0 MR3 Handbook or FortiOS Carrier 4.0 MR3 Handbook for detailed procedures.

Memory logging

Memory logging is available on all FortiGate platforms and is disabled by default, however if the setting is enabled prior to upgrade, it remains enabled. Memory logging is intended to be used for troubleshooting. You can enable memory logging in the CLI using the following command:

config log memory setting

In VM environments, it is recommended that you take a Snapshot of the VM instance. In the event of an issue with the firmware upgrade, use the Snapshot Manager to revert to the Snapshot. To create a Snapshot, right-click the VM instance and select Snapshot > Take Snapshot.Special Notices Page 9 FortiOS v4.0 MR3 Patch Release 14 Release Notes

FortiGate 1240B upgrade and downgrade limitations

With the release of FortiOS v4.0 MR3 Patch Release 2 and later, the FortiGate 1240B will run a 64-bit version of FortiOS. This has introduced certain limitations on upgrading firmware in a high availability (HA) environment and downgrading.

When performing an upgrade from a 32-bit FortiOS version to a 64-bit FortiOS version and the FortiGate 1240Bs are running in a HA environment with the uninterruptable-upgrade option enabled, the upgrade process may fail on the primary device after the subordinate devices have been successfully upgraded. To work around this situation, users may disable the option to allow all HA members to be successfully upgraded. Without the feature enabled, several minutes of service unavailability should be expected.

Downgrading a FortiGate 1240B from FortiOS v4.0 MR3 Patch Release 2 is not supported due to technical limitations between 64-bit and 32-bit versions of FortiOS. The only procedure to downgrade firmware is by using the TFTP server and BIOS menu to perform the downgrade. In this case the configuration will need to be restored from a previously backed up version.Special Notices Page 10 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Upgrade Information

Upgrading from FortiOS v4.0 MR3

FortiOS v4.0 MR3 Patch Release 14 build 0665 officially supports upgrade from FortiOS v4.0 MR3 Patch Release 11 or later.

FortiAnalyzer log upload option

Upon upgrading to FortiOS v4.0 MR3 Patch Release 14, the FortiAnalyzer log upload option inadvertently is changed from realtime to store-and-upload.Use the following CLI syntax to change the upload option to realtime:

config log fortianalyzer settingset upload-option realtime

end

Disk logging

For optimal performance of your FortiGate unit, disk logging will be disabled during upgrade to FortiOS v4.0 MR3 Patch Release 14. Fortinet recommends you enable logging to FAMS (FortiCloud) on this unit to use the extended logging and reporting capabilities. This change affects the following models:

FG-20C, FWF-20C

FG-20C-ADSL-A, FWF-20C-ADSL-A

FG-40C, FWF-40C

FG-60C, FWF-60C, FG-60C-POE, FWF-60CM, FWF-60CX-ADSL-A

FG-80C, FWF-80C, FG-80CM, FWF-80CM

FG-100D (PN: P09340-04 or earlier)

FG-300C (PN: P09616-04 or earlier)

FG-200B without SSD installed

Please review the Special Notices, Product Integration and Support, Known Issues, and Limitations chapters prior to upgrading. For more information on upgrading your FortiOS device, see the FortiOS 4.0 MR3 Handbook at http://docs.fortinet.com.

A limitation in the code specific to the FG-80C, FG-80CM, FWF-80C, and FWF-80CM prevents a message from being displayed warning users that disk logging has been disabled upon upgrading to FortiOS v4.0 MR3 Patch Release 14. If you were using FortiCloud prior to upgrading, the settings are retained and the service continues to operate.Upgrade Information Page 11 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Historical reports upgrade limitation

For the following units, historical reports from previous builds will not be retained after upgrading to FortiOS v4.0 MR3 Patch Release 14:

FG-20C, FWF-20C

FG-40C, FWF-40C

FG-60C, FWF-60C

FG-80C

FWF-60CM

FWF-60CX-ADSL-A

FWF-81CM

Workaround: Download the historical reports to a local hard drive before performing the upgrade.

SQL logging upgrade limitation

For the following units, after upgrading to FortiOS v4.0 MR3 Patch Release 14 SQL logging will be retained based on the total size of the RAM available on the device. Logs will use up to maximum of 10% of the devices RAM and once passed that threshold, any new logs will start to overwrite the older logs. The historical report generation will also be affected based on the SQL logs that are available for query.

FG-100D

FG-300C

Upgrading from FortiOS v4.0 MR2

Please upgrade to the latest FortiOS v4.0 MR2 patch release prior to upgrading to v4.0 MR3 Patch Release 14. For more information, see the respective FortiOS v4.0 MR2 Patch Release Notes.

DDNS

DDNS configurations under interface are moved to global mode config system ddns after upgrading.

DNS server

The dns-query recursive/non-recursive option under specific interfaces are moved to the system level per VDOM mode and config system dns-server can be used to configure the option after upgrading.

Please review the Special Notices, Product Integration and Support, Known Issues, and Limitations chapters prior to upgrading. For more information on upgrading your FortiOS device, see the FortiOS 4.0 MR3 Handbook at http://docs.fortinet.com.Upgrade Information Page 12 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Ping server

The gwdetect related configurations under specific interfaces are moved under router per VDOM mode and config router gwdetect can be used to configure the option after upgrading.

Central management

The set auto-backup disable and set authorized-manager-only enable configurations under config system central-management are removed after upgrading.

SNMP community

A 32-bit network mask will be added to an IP address of SNMP host after upgrading.

Modem settings

The wireless-custom-vendor-id and wireless-custom-product-id are moved from config system modem to config system 3g-modem custom after upgrading.

AMC slot settings

The default value of ips-weight under config system amc-slot will be changed from balanced to less-fw after upgrading.

Wireless radio settings

Wireless radio settings excluding SSID, Security Mode, and authentication settings, will be lost after upgrading.

Web filter overrides

The contents of web filter overrides will be lost after upgrading from FortiOS v4.0 MR2 Patch Release 4 build 0313 to FortiOS v4.0 MR2 Patch Release 14.

Firewall policy settings

If the source interface or destination interface is set as the amc-XXX interface, the default value of ips-sensor under config firewall policy is changed from all_default to default after upgrading.

URL filter

The action options in the urlfilter configuration have been changed from Allow, Pass, Exempt, and Block to Allow, Monitor, Exempt, and Block. The Allow action will not generate a log entry in FortiOS v4 MR3 Patch Release 1 and later. The Monitor action will act as the function that allows log reporting. The Pass action in FortiOS v4.0 MR2 has been merged with Exempt in FortiOS v4.0 MR3 Patch Release 1 and the CLI command has been changed from set action pass to set exempt pass.

FortiGuard log filter

The settings of config log fortiguard filter are removed after upgrading. Upgrade Information Page 13 FortiOS v4.0 MR3 Patch Release 14 Release Notes

FortiGuard log setting

The options quotafull and use-hdd in config log fortiguard setting are removed upon upgrading.

Upgrade procedure

Plan a maintenance window to complete the firmware upgrade to ensure that the upgrade does not negatively impact your network. Prepare your FortiGate device for upgrade and ensure other Fortinet devices and software are running the appropriate firmware versions as documented in Product Integration and Support.

Save a copy of your FortiGate device configuration prior to upgrading. To backup your configuration, go to System > Dashboard > Status. In the System Information widget select Backup under System Configuration. Save the configuration file to your management computer.

To upgrade the firmware via the Web-based Manager:

1. Download the .out firmware image file from the Customer Service & Support portal FTP directory to your management computer.

2. Log into the Web-based Manager as the admin administrative user.3. Go to System > Dashboard > Status.

4. In the System Information widget, in the Firmware Version field, select Update.

The Firmware Upgrade/Downgrade window opens.

Figure 1: Firmware upgrade/downgrade window

5. Select Browse and locate the firmware image on your management computer and select Open.

6. Select OK. The FortiGate unit uploads the firmware image file, upgrades to the new firmware version. The following message is displayed.

Figure 2: Firmware upgrade dialog box

7. Refresh your browser and log back into your FortiGate device. Launch functional modules to confirm that the upgrade was successful.

For more information on upgrading your FortiGate device, see the FortiOS v4.0 MR3 Handbook at http://docs.fortinet.com/fgt/handbook/40mr3/fortios-handbook-40-mr3.pdf.

In VM environments, it is recommended that you take a Snapshot of the VM instance. In the event of an issue with the firmware upgrade, use the Snapshot Manager to revert to the Snapshot. To create a Snapshot, right-click the VM instance and select Snapshot > Take Snapshot.Upgrade Information Page 14 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Downgrading to previous FortiOS versions

Downgrading to previous FortiOS versions results in configuration loss on all models. Only the following settings are retained:

operation modes

interface IP/management IP

route static table

DNS settings

VDOM parameters/settings

admin user account

session helpers

system access profiles.Upgrade Information Page 15 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Product Integration and Support

Web browser support

FortiOS v4.0 MR3 Patch Release 14 supports the following web browsers:

Microsoft Internet Explorer versions 8 and 9

Mozilla Firefox versions 15, 16, and 17

Other web browsers may function correctly, but are not supported by Fortinet.

FortiManager support

FortiOS v4.0 MR3 Patch Release 14 is supported by FortiManager v4.0 MR3 Patch Release 7 or later.

FortiAnalyzer support

FortiOS v4.0 MR3 Patch Release 14 is supported by FortiAnalyzer v4.0 MR3 Patch Release 6 or later.

If you are using a FortiAnalyzer unit running FortiAnalyzer v4.0 MR2, you must upgrade it to FortiAnalyzer v4.0 MR3. FortiAnalyzer units running FortiAnalyzer v4.0 MR2 will not function correctly with FortiOS v4.0 MR3 Patch Release 14.

FortiClient support

FortiOS v4.0 MR3 Patch Release 14 is fully compatible with FortiClient v4.0 MR2 Patch Release 8 or later and FortiClient v4.0 MR3 Patch Release 5 or later for the following operating systems:

Microsoft Windows 7 (32-bit & 64-bit)

Microsoft Windows Vista (32-bit & 64-bit)

Microsoft Windows XP (32-bit)

Other operating systems may function correctly, but are not supported by Fortinet.

FortiAP support

FortiOS v4.0 MR3 Patch Release 14 supports the following FortiAP models:

FAP-112B, FAP-210B, FAP-220A, FAP-220B, FAP-221B, FAP-222B, FAP-223B, and FAP-320BProduct Integration and Support Page 16 FortiOS v4.0 MR3 Patch Release 14 Release Notes

The FortiAP devices must be running FortiAP v5.0 Patch Release 3 build 0032 or later.

Virtualization software support

FortiOS v4.0 MR3 Patch Release 14 supports the following virtualization software:

VMware ESX/ESXi versions 4.0, 4.1, 5.0 and 5.1

Citrix XenServer versions 5.6 Service Pack 2 and 6.0

Open Source Xen versions 3.4.3 and 4.1

See Limitations on page 25 and FortiGate VM on page 27 for more information.

Fortinet Single Sign-On (FSSO) support

FortiOS v4.0 MR3 Patch Release 14 is supported by FSSO v4.0 MR3 build 0129 for the following:

Microsoft Windows Server 2012 Standard Edition

Microsoft Windows Server 2008 32-bit

Microsoft Windows Server 2008 64-bit

Microsoft Windows Server 2008 R2 64-bit



Novell eDirectory 8.8

FSSO does not currently support IPv6.

Other server environments may function correctly, but are not supported by Fortinet.

FortiExplorer support (Microsoft Windows/Mac OS X)

FortiOS v4.0 MR3 Patch Release 14 is supported by FortiExplorer v2.2 build 1046 or later.

AV Engine and IPS Engine support

FortiOS v4.0 MR3 Patch Release 14 is supported by AV Engine v4.398 and IPS Engine v2.137 or later.

The FAP-220A must run FortiAP v4.0 MR3 Patch Release 9 build 0028.

To avoid memory issues, a smaller IPS package with signatures for active and new vulnerabilities is used by the following FortiGate model series: 30B, 50B, 51B, 60B, and 100A.Product Integration and Support Page 17 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Language support

The following table lists FortiOS language support information.

To change the FortiGate language setting, go to System > Admin > Settings, in View Settings > Language select the desired language on the drop-down menu.

Module support

FortiOS v4.0 MR3 Patch Release 14 supports Advanced Mezzanine Card (AMC), Fortinet Mezzanine Card (FMC), Rear Transition Modules (RTM), and Fortinet Storage Module (FSM) removable modules. These modules are not hot swappable. The FortiGate unit must be turned off before a module is inserted or removed.

The following table lists supported modules and FortiGate models.

Table 1: FortiOS language support

Language Web-based Manager Documentation

English

French -

Portuguese (Brazil) -

Spanish (Spain) -

Korean -

Chinese (Simplified) -

Chinese (Traditional) -

Japanese -

Table 2: Supported modules and FortiGate models

AMC/FMC/FSM/RTM Modules FortiGate Model

Storage Module 500GB HDD Single-Width AMC (ASM-S08)

FG-310B, FG-620B, FG-621B, FG-3016B, FG-3600A, FG-3810A, FG-5001A-SW

Storage Module 64GB SSD Fortinet Storage Module (FSM-064)

FG-200B, FG-311B, FG-1240B, FG-3040B, FG-3140B, FG-3951B

Accelerated Interface Module 4xSFP Single-Width AMC (ASM-FB4)

FG-310B, FG-311B, FG-620B, FG-621B, FG-1240B, FG-3016B, FG-3600A, FG-3810A, FG-5001A-SW

Accelerated Interface Module 2x10-GbE XFP Double-Width AMC (ADM-XB2)

FG-3810A, FG-5001A-DW

Accelerated Interface Module 8xSFP Double-Width AMC (ADM-FB8)

FG-3810A, FG-5001A-DWProduct Integration and Support Page 18 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Bypass Module 2x1000 Base-SX Single-Width AMC (ASM-FX2)


Bypass Module 4x10/100/1000 Base-T Single-Width AMC (ASM-CX4)


Security Processing Module 2x10/100/1000 SP2 Single-Width AMC (ASM-CE4)

FG-1240B, FG-3810A, FG-3016B, FG-5001A-SW

Security Processing Module 2x10-GbE XFP SP2Double-Width AMC (ADM-XE2)

FG-3810A, FG-5001A-DW

Security Processing Module 4x10-GbE SFP+Double-Width AMC (ADM-XD4)

FG-3810A, FG-5001A-DW

Security Processing Module 8xSFP SP2Double-Width AMC (ADM-FE8)

FG-3810A

Rear Transition Module 10-GbE backplane fabric (RTM-XD2)

FG-5001A-DW

Security Processing Module (ASM-ET4) FG-310B, FG-311B

Rear Transition Module 10-GbE backplane fabric (RTM-XB2)

FG-5001A-DW

Security Processing Module 2x10-GbE SFP+ (FMC-XG2)

FG-3950B, FG-3951B

Accelerated Interface Module 2x10-GbE SFP+ (FMC-XD2)

FG-3950B, FG-3951B

Accelerated Interface Module 20xSFP (FMC-F20)

FG-3950B, FG-3951B

Accelerated Interface Module 20x10/100/1000 (FMC-C20)

FG-3950B, FG-3951B

Security Processing Module (FMC-XH0) FG-3950B

Table 2: Supported modules and FortiGate models (continued)Product Integration and Support Page 19 FortiOS v4.0 MR3 Patch Release 14 Release Notes

SSL VPN support

SSL VPN standalone client

FortiOS v4.0 MR3 Patch Release 14 supports the SSL VPN tunnel client standalone installer build 2287 for the following:

Microsoft Windows XP, Windows 7, and Windows 8 in .exe and .msi format

Linux CentOS and Ubuntu in .tar.gz format

Virtual Desktop in .jar format for Microsoft Windows 7

Mac OS X v10.7 Lion in .dmg format.

Other operating systems may function correctly, but are not supported by Fortinet.

SSL VPN web mode

The following web browsers are supported by FortiOS v4.0 MR3 Patch Release 14 for the SSL VPN web mode feature:


Mozilla Firefox version18

Apple Safari version 6


Table 3: Supported operating systems

Operating System Support

Microsoft Windows 8 64-bit Linux CentOS 5.6 Mac OS X v10.7 Lion

Microsoft Windows 7 32-bit SP1 Ubuntu 12.0.4

Microsoft Windows 7 64-bit SP1

Microsoft Windows XP 32-bit SP3

Virtual Desktop Support

Microsoft Windows 7 32-bit SP1Product Integration and Support Page 20 FortiOS v4.0 MR3 Patch Release 14 Release Notes

SSL VPN host compatibility list

The following tables list the antivirus and firewall client software packages that are supported.

Table 4: Supported Microsoft Windows XP antivirus and firewall software

Product Antivirus Firewall

Symantec Endpoint Protection v11

Kaspersky Antivirus 2009

McAfee Security Center v8.1

Trend Micro Internet Security Pro

F-Secure Internet Security 2009

Table 5: Supported Microsoft Windows 7 32-bit antivirus and firewall software


CA Internet Security Suite Plus Software

AVG Internet Security 2011


Kaspersky Internet Security 2011

McAfee Internet Security 2011

Norton 360 Version 4.0

Norton Internet Security 2011

Panda Internet Security 2011

Sophos Security Suite

Trend Micro Titanium Internet Security

ZoneAlarm Security Suite

Symantec Endpoint Protection Small Business Edition 12.0

Product Integration and Support Page 21 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Explicit web proxy browser support

The following web browsers are supported on FortiOS v4.0 MR3 Patch Release 14 for the explicit web proxy feature:


Mozilla Firefox version 18.1

Google Chrome version 26

Apple Safari version 5.1.7


Table 6: Supported Microsoft Windows 7 64-bit antivirus and firewall software


CA Internet Security Suite Plus Software

AVG Internet Security 2011


Kaspersky Internet Security 2011

McAfee Internet Security 2011

Norton 360 Version 4.0

Norton Internet Security 2011

Panda Internet Security 2011

Sophos Security Suite

Trend Micro Titanium Internet Security

ZoneAlarm Security Suite

Symantec Endpoint Protection Small Business Edition 12.0

Product Integration and Support Page 22 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Resolved Issues

The resolved issues tables listed below do not list every bug that has been corrected with FortiOS v4.0 MR3 Patch Release 14 build 0665. For inquires about a particular bug, please contact Customer Service & Support.

High Availability

IPsec VPN

System

Table 7: Resolved high availability issues

Bug ID Description

203940 Ensure aggregate MAC address is propagated to aggregated devices when configured in HA mode.

Table 8: Resolved IPsec VPN issues

Bug ID Description

205497 FortiGate should match the phase 2 selector as an exact match and not match a selector based on the source and destination supernets.

Table 9: Resolved system issues

Bug ID Description

189002 Improve memory handling in XLP.Resolved Issues Page 23 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Known Issues

The known issues listed tables below do not list every bug that has been reported with FortiOS v4.0 MR3 Patch Release 14 build 0665. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Logging and Reporting

SSL VPN

Table 10: Known logging and reporting issues

Bug ID Description

204086 Upon upgrading to FortiOS v4.0 MR3 Patch Release 14, the FortiAnalyzer log upload option inadvertently is changed from realtime to store-and-upload.

Table 11: Known SSL VPN issues

Bug ID Description

203135 Issues accessing a specific site internally which returns cookie errors.Known Issues Page 24 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Limitations

This section outlines the limitations in FortiOS v4.0 MR3 Patch Release 14 build 0665.

Citrix XenServer limitations

The following limitations apply to Citrix XenServer installations:

XenTools installation is not supported.

FortiGate VM can be imported or deployed in only the following three formats:

XVA (recommended)

VHD

OVF

The XVA format comes pre-configured with default configurations for VM name, virtual CPU, memory, and virtual NIC. Other formats will require manual configuration before the first power on process.

Open Source Xen limitations

When using Ubuntu version 11.10, Xen version 4.1.0, and libvir version 0.9.2, importing issues may arise when using the QCOW2 format and existing HDA issues.Limitations Page 25 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Image Checksum

The MD5 checksums for all Fortinet software and firmware releases are available at the Customer Service & Support website located at https://support.fortinet.com. After logging in, click on Download > Firmware Image Checksum, enter the image file including the extension, and select Get Checksum Code.

Figure 3: Firmware image checksum tool Image Checksum Page 26 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Appendix A: FortiGate VM

FortiGate VM model information

The following table provides a detailed summary on FortiGate VM models.

For more information see the FortiGate VM product datasheet available on the Fortinet web site, http://www.fortinet.com/sites/default/files/productdatasheets/FortiGate-VM01.pdf.

Table 12:FortiGate VM model information

Technical Specification

FGVM-00 FGVM-01 FGVM-02 FGVM-04 FGVM-08

Hypervisor Support VMware ESX / ESXi versions 4.0, 4.1, 5.0, and 5.1Citrix XenServer versions 5.6 SP2 and 6.0Open Source Xen versions 3.4.3 and 4.1

Virtual CPU (Min / Max)

1 / 1 1 / 1 1 / 2 1 / 4 1 / 8

Virtual Network Interfaces(Min / Max)

2 / 10

Memory Support(Min / Max)

512 MB / 512 MB 512 MB / 1 GB 512 MB / 3 GB 512 MB / 4 GB 512 MB / 12 GB

Storage Support(Min / Max)

30 GB / 2 TB

VDOM Support(Default / Max)

1 10 / 10 10 / 25 10 / 50 10 / 250

Wireless Access Points Controlled

32 256 512 512 1,024

HA Support YesFortiGate VM Page 27 FortiOS v4.0 MR3 Patch Release 14 Release Notes

FortiGate VM firmware

Fortinet provides FortiGate VM firmware images for both VMware and Xen VM environments.

VMware

.out: Download either the 32-bit or 64-bit firmware image to upgrade your existing FortiGate VM installation.

ovf.zip: Download either the 32-bit or 64-bit package for a new FortiGate VM installation. This package contains Open Virtualization Format (OVF) files for VMware and two Virtual Machine Disk Format (VMDK) files used by the OVF file during deployment.

Xen

.out: Download the 64-bit firmware image to upgrade your existing FortiGate VM installation.

.out.OpenXen.zip: Download the 64-bit package for a new FortiGate VM installation. This package contains the QCOW2 file for Open Source Xen.

.out.CitrixXen.zip: Download the 64-bit package for a new FortiGate VM installation. This package contains the Citrix Xen Virtual Appliance (XVA) and Virtual Hard Disk (VHD) files.FortiGate VM Page 28 FortiOS v4.0 MR3 Patch Release 14 Release Notes

Table of ContentsChange LogIntroductionSupported modelsFortiGateFortiWiFiFortiGate VMFortiSwitch

FortiOS CarrierSupported modelsFortiCarrier

Special NoticesTFTP boot processMonitor settings for Web-based Manager accessBefore any upgradeAfter any upgradeMemory loggingFortiGate 1240B upgrade and downgrade limitations

Upgrade InformationUpgrading from FortiOS v4.0 MR3FortiAnalyzer log upload optionDisk loggingHistorical reports upgrade limitationSQL logging upgrade limitation

Upgrading from FortiOS v4.0 MR2DDNSDNS serverPing serverCentral managementSNMP communityModem settingsAMC slot settingsWireless radio settingsWeb filter overridesFirewall policy settingsURL filterFortiGuard log filterFortiGuard log setting

Upgrade procedureDowngrading to previous FortiOS versions

Product Integration and SupportWeb browser supportFortiManager supportFortiAnalyzer supportFortiClient supportFortiAP supportVirtualization software supportFortinet Single Sign-On (FSSO) supportFortiExplorer support (Microsoft Windows/Mac OS X)AV Engine and IPS Engine supportLanguage supportModule supportSSL VPN supportSSL VPN standalone clientSSL VPN web modeSSL VPN host compatibility list

Explicit web proxy browser support

Resolved IssuesHigh AvailabilityIPsec VPNSystem

Known IssuesLogging and ReportingSSL VPN

LimitationsCitrix XenServer limitationsOpen Source Xen limitations

Image ChecksumAppendix A: FortiGate VMFortiGate VM model informationFortiGate VM firmware

Documents

FortiOS v4.0 MR3 Patch Release 14 Release Notes