FortiOS v404 Release Notes

7/28/2019 FortiOS v404 Release Notes

1/21

Release Notesv4.0.4

01-404-84420-20100827

FortiGate Multi-Threat Securit S stem


2/21

Release Notes FortiOS v4.0.4

Table of Contents1 FortiOS v4.0.4.....................................................................................................................................................1

2 Special Notices....................................................................................................................................................2

2.1 General........................................................................................................................................................2

2.2 Application Control Category Field............................................................................................................22.3 AMC Module Support.................................................................................................................................2

3 Upgrade Information...........................................................................................................................................4

3.1 Upgrading from FortiOS v4.0.0..................................................................................................................43.2 Upgrading from FortiOS v3.00 MR6/MR7................................................................................................4

4 Downgrading to FortiOS v3.00..........................................................................................................................8

5 Fortinet Product Integration and Support..........................................................................................................95.1 FortiManager Support.................................................................................................................................9

5.2 AV Engine and IPS Engine Support...........................................................................................................9

5.3 Fortinet Server Authentication Extension (FSAE) Support........................................................................9

6 Resolved Issues in FortiOS v4.0.4...................................................................................................................106.1 Command Line Interface (CLI)................................................................................................................10

6.2 Web User Interface...................................................................................................................................10

6.3 System.......................................................................................................................................................106.4 High Availability.......................................................................................................................................13

6.5 Router........................................................................................................................................................13

6.6 Firewall.....................................................................................................................................................136.7 Web Filter..................................................................................................................................................13

6.8 Instant Message.........................................................................................................................................14

6.9 VPN...........................................................................................................................................................146.10 WAN Optimization.................................................................................................................................16

6.11 Log & Report..........................................................................................................................................16

7 Known Issues in FortiOS v4.0.4.......................................................................................................................17

7.1 VPN...........................................................................................................................................................178 Image Checksums.............................................................................................................................................18

Change Log

Date Change Description

2009-12-03 Initial Release.

2009-12-14 Updated 'Image Checksums' section.

2010-01-15 Added [IPS DoS Sensor Configuration] note under section 3.2.

2010-08-27 Added bug 114610 to the Known Issues section.

Copyright 2009 Fortinet Inc. All rights reserved.


Trademarks

Copyright 2009 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard, are registered trademarks of Fortinet, Inc., and other Fortinet names herein

may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were

attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may affect performance results, andFortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the

identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal

i August 27, 2010


3/21


conditions as in Fortinets internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this

publication without notice, and the most current version of the publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600.

Support will be provided to customers who have purchased a valid support contract. All registered customerswith valid support contracts may enter their support tickets via the support site:

https://support.fortinet.com

ii August 27, 2010
https://suppport.fortinet.com/https://suppport.fortinet.com/


4/21


1 FortiOS v4.0.4This document outlines resolved issues of FortiOSTM v4.0.4 B0113 firmware for the Fortinet FortiGate Multi-threat Security System.

Please reference the full version of the FortiOS v4.0.0 release notes for new features and known issues. The following outlines the

release status for several models.

Model FortiOS v4.0.4 Release Status

FGT-80CFGT-80CM

FWF-80CM

FWF-81CM

The officially released images for these models are based off of FortiOS v4.0.4 fg_4-0_80c/build_tag_5102 and is located in the same directory as the models supported on the regular v4.0.4

branch.

The build number for these images in the System > Status page and the output from the "get system

status" CLI command displays 5102. To confirm that you are running the proper build, the output from

the "get system status" CLI command has a "Branch point:" field. This should read 113.

Note: The FWF-80CM and FWF-81CM currently does not support Rogue AP Detection feature.

FGT-3016BFGT-3810A

FGT-5001A

The officially released images for these models are based off of FortiOS v4.0.4 fg_4-0_fortinpu_xlr/build_tag_5104 and is located in the same directory as the models supported on the

regular v4.0.4 branch.

The build number for these images in the System > Status page and the output from the "get system

status" CLI command displays 5104. To confirm that you are running the proper build, the output from

the "get system status" CLI command has a "Branch point:" field. This should read 113.

FGT-ONE The officially released image for this OS is based off of v4.0.4 fg_4-0_one /build_5103 and is located

in the same directory as the models supported on the regular v4.0.4 branch.

The build number for this image in the System > Status page and the output from the "get system status"

CLI command displays 5103. To confirm that you are running the proper build, the output from the "get

system status" CLI command has a "Branch point:" field. This should read 113.

The FortiGate-ONE operating system is supported on the Hewlett Packard (HP) ProCurve ZL seriesmodule of the ProCurve ONE product line.

FGT-30B, FGT-50B, FGT-

51B, FWF-50B, FGT-60B,

FWF-60B, FGT-100A,

FGT-111C, FGT-110C,FGT-200A, FGT-224B,

FGT-300A, FGT-310B,

FGT-400A, FGT-500A,

FGT-620B, FGT-800,

FGT-800F, FGT-1000A,

FGT-1000A-FA2, FGT-

3600, FGT-3600A,FGT-5001, FGT-5001-FA2 and FGT-5005-FA2.

All these models are supported on the regular v4.0.4 branch.

Please visit http://docs.forticare.com/fgt.htmlfor additional documents on FortiOS v4.0 release.

1 August 27, 2010
http://docs.forticare.com/fgt.htmlhttp://docs.forticare.com/fgt.htmlhttp://docs.forticare.com/fgt.html


5/21


2 Special Notices

2.1 General

The TFTP boot process erases all current firewall configuration and replaces it with the factory default settings.

IMPORTANT!

Monitor Settings for Web User Interface Access:

Fortinet recommends setting your monitor to a screen resolution of 1280x1024. This allows for all objects in the Web UI to

be viewed properly.

Web Browser Support

Microsoft Internet ExplorerTM 7.0/8.0 and FireFox 3.0x are fully supported.

BEFORE any upgrade,

[FortiGate Configuration] Save a copy of your FortiGate unit configuration (including replacement messages) prior toupgrading.

AFTERany upgrade, [WebUI Display] If you are using the Web UI, clear the browser cache prior to login on the FortiGate to ensure proper

display of the Web UI screens.

[Update the AV/IPS definitions] The AV/IPS signature included with an image upgrade may be older than ones currently

available from the Fortinet's FortiGuard system. Fortinet recommends performing an "Update Now" as soon as possible after

upgrading. Consult the FortiGate User Guide for detailed procedures.

2.2 Application Control Category Field

The Category field under the UTM > Application Control > Black/White List web UI page contains no entries. This is due to

outdated IPS signatures that come loaded on the following FortiGate devices:

FGT-3016B

FGT-3810A

FGT-5001A

FCR-3810A

FCR-5001A

This field is populated after FortiGate device receives an updated IPS signature package. This requires it to have a valid IPS contract.

To force the FortiGate device to request an updated IPS signature package, you may use the "Update Now" button in the System >

Maintenance > FortiGuard web UI page.

2.3 AMC Module Support

FortiOS v4.0.4 supports AMC removable modules. These modules are not hot swappable. The FortiGate must be turned off before

the module is inserted or removed.

AMC Modules FortiGate Support

AMC Security Processing Engine Modules (ASM-CE4) FGT-3016B

2 August 27, 2010


6/21


AMC Modules FortiGate Support

FGT-3810AFGT-5001A-SW

AMC Security Processing Engine Modules (ADM-XE2) FGT-3810A

FGT-5001A-DW

Internal Hard Drive (ASM-S08) FGT-310BFGT-620B

FGT-3016B

FGT-3600A

FGT-3810A

FGT-5001A-SW

Single Width 4-port 1Gbps Ethernet interface (ASM-FB4) FGT-310B

FGT-620BFGT-3016B

FGT-3600A

FGT-3810A

FGT-5001A-SW

Dual Width 2-port 10Gbps Ethernet interface (ADM-XB2) FGT-3810A

FGT-5001A-DW

Dual Width 8-port 1Gbps Ethernet interface (ADM-FB8) FGT-3810A

FGT-5001A-DW

Single Width 2-port Fiber 1Gbps bypass interface (ASM-FX2) FGT-310B

FGT-620B

FGT-3016BFGT-3600A

FGT-3810A

Single Width 4-port Ethernet bypass interface (ASM-CX4) FGT-310B

FGT-620B

FGT-3016B

FGT-3600AFGT-3810A

FGT-5001A-SW

Rear Transition Module (RTM-XD2) FGT-5001A

Accelerated Interface Module (ADM-XD4) FGT-3810A

FGT-5001A

3 August 27, 2010


7/21


3 Upgrade Information

3.1 Upgrading from FortiOS v4.0.0

FortiOS v4.0.4 supports upgrade from the v4.0.0. See the upgrade path below.

[v4.0.0]

The upgrade is supported from FortiOS v4.0.0 B0092.

v4.0.0 B0092 (or later)

v4.0.4 B0113

3.2 Upgrading from FortiOS v3.00 MR6/MR7

FortiOS v4.0.4 supports upgrade from the most recent Patch Release in MR6 or MR7. See the upgrade path below.

[MR6]

The upgrade is supported from FortiOS v3.00 B0673 Patch Release 4 or later.

MR6 B0673 Patch Release 4 (or later)

v4.0.4 B0113

After every upgrade, ensure that the build number and branch point match the image that was loaded.

[MR7]

The upgrade is supported from FortiOS v3.00 B0733 Patch Release 2 or later.

MR7 B0733 Patch Release 2 (or later)

v4.0.4 B0113

After every upgrade, ensure that the build number and branch point match the image that was loaded.

[Log Settings Changes]

In FortiOS v4.0.4, the option to configure rule under 'config log trafficfilter' has been removed, therefore any related

configuration is lost upon upgrading from FortiOS MR6 to FortiOS v4.0.4.

[FG-3016B Upgrade]Interface names on the FGT-3016B have been changed in FortiOS v4.0.4 to match the port

names on the face plate. After upgrading from FortiOS MR6 to FortiOS v4.0.4, all port names in the FortiGate

configuration are changed as per the following port mapping.

Old port names before upgrading New port names after upgrading

port1 mgmt1

port2 mgmt2

port3 port1

port4 port2

port5 port3

4 August 27, 2010


8/21


port6 port4

port7 port5

port8 port6

port9 port7

port10 port8

port11 port9

port12 port10

port13 port11

port14 port12

port15 port13

port16 port14

port17 port15

port18 port16

Note: After the release of FortiOS v3.00 MR6 firmware a new revision of the FGT-3016B included a name change to two ports on the

left side of the faceplate. Previously, they were labeled 1 and 2. Now they are called MGMT 1 MGMT 2. However, the BIOS stillrefers to the MGMT 1 and MGMT 2 ports as port 1 and port 2.

[System Settings]

In FortiOS v4.0.4, the p2p-rate-limit setting under'config system settings' has been removed, therefore any

related configuration is lost upon upgrading from FortiOS MR6/MR7 to FortiOS v4.0.4.

[Identity Based Policy]

Firewall policy authentication has been reworked in FortiOS v4. Any firewall policy that requires authentication is now known as anIdentity Based Policy. Previously, a separate authentication firewall policy had to be created for different schedules, services, and

traffic shaping settings but in FortiOS v4 all firewall authentication settings are configured in the Identity Based Policy section of a

firewall policy. If no traffic matches any of the Identity Based Policies, the traffic is subjected to an implicit DENY ALL. For

example:

In FortiOS v3.00 MR6/MR7

config firewall policyedit 1

set action acceptset groups grp1 grp2

set service HTTP

...

nextedit 2

set action acceptset service TELNET

next

...end

After upgrading to FortiOS v4.0.4


set action acceptset identity-based enable

5 August 27, 2010


9/21


config identity-based-policy

edit 1

set groups grp1 grp2set service HTTP

nextend

next

edit 2set action accept

set service TELNET

nextend

In FortiOS v4.0.4, the TELNET policy is never hit because of the implicit DENY ALL at the bottom of Identity Based Policy. To

correct the behaviour, you must move the non-Identity Based Policy (TELNET policy) above the Identity Based Policy.

Reorganized policy in FortiOS v4.0.4


set action accept

set service TELNET

nextedit 1

set action acceptset identity-based enable

config identity-based-policy

edit 1

set groups grp1 grp2set service HTTP

nextend

nextend

[IPv6 Tunnel ]

All configuration under'config system ipv6-tunnel' may be lost after upgrading from FortiOS v3.0.0 MR7 to FortiOS

v4.0.4.

[User Group]

In FortiOS v3.00 a protection profile can be assigned to an user group from web UI, but in FortiOS v4.0 it can only be assigned from

CLI.

[Zone Configuration]

In FortiOS v3.00 a Zone name could be upto 32 characters but in v4 it has changed to up to 15 characters. Any Zone names in

FortiOS v3.00 with more than 15 characters will be lost after upgrading to FortiOS v4.0.4.

[IPv6 Vlan Interfaces]Vlan interface with ipv6-address configured will be lost after upgrading from FortiOS v3.00 to FortiOS v4.0.4.

[FDS Push-update Settings]

The address and port settings under'config system autoupdate push-update' may be lost after upgrading to FortiOS

v4.0.4.

[Content Archive Summary]

The content archive summary related configuration will be lost after upgrading to FortiOS v4.0.4.

6 August 27, 2010


10/21


[RTM Interface Configuration]

Upon upgrading from FortiOS v3.00 MR6/MR7 to v4.0.4, the RTM interface and some of the configuration that uses RTM objects are

not retained. In FortiOS v3.00, RTM objects used upper-case letters, such as "RTM/1". FortiOS v4.0.4 uses lower-case letters for

RTM objects.

[HA IPSec Session Pickup]

When upgrading from FortiOS MR6 to FortiOS v4.0.4, the IPSec sessions are not picked up.

[VIP Group Member]

When upgrading from FortiOS MR7 to FortiOS v4.0.4, the VIP group members who's type is not 'static-nat' may be lost.

[IPS DoS Sensor Configuration]

When upgrading from FortiOS v3.00 MR6/MR7 to FortiOS v4.0.4, the IPS DoS Sensor configuration in v3.00 is not converted to

corresponding DoS policy. Hence, the DoS Sensor related configuration may be lost.

7 August 27, 2010


11/21


4 Downgrading to FortiOS v3.00Downgrading to FortiOS v3.00 results in configuration loss on ALL models. Only the following settings are retained:

1. operation modes2. interface IP/management IP

3. route static table4. DNS settings

5. VDom parameters/settings

6. admin user account

7. session helpers

8. system access profiles

8 August 27, 2010


12/21


5 Fortinet Product Integration and Support

5.1 FortiManager Support

FortiOS v4.0.4 is supported by FortiManager v4.0.3.

5.2 AV Engine and IPS Engine SupportFortiOS v4.0.4 is supported by AV Engine 3.00011 and IPS Engine 1.00125.

5.3 Fortinet Server Authentication Extension (FSAE) Support

FortiOS v4.0.4 is supported by FSAE v3.00 B043 (FSAE collector agent 3.5.043) for the following:

32-bit version of Microsoft Windows 2003 Server




Novell E-directory 8.8.

IPv6 currently is not supported by FSAE.

9 August 27, 2010


13/21


6 Resolved Issues in FortiOS v4.0.4The resolved issues section does not list every bug that has been fixed with this release. For inquires about a particular bug, contact

Customer Support.

6.1 Command Line Interface (CLI)

Description: The image list displayed after executing 'diag fortiguard-management info" command is not in the correct

format.

Bug ID: 101392Status: Fixed in v4.0.4.

6.2 Web User Interface

Description: Delete icon may get displayed in the interface list when column view is changed.Bug ID: 100260

Status: Fixed in v4.0.4.

Description: When configuring an identity based policy from web UI, the option for selecting a traffic shaper should not be available

when the policy action is set to SSL-VPN.Bug ID: 110381


Description: The FortiGate logon page is not displayed correctly when using Internet Explorer 8 browser.Bug ID: 95224


Description: The 'Top Sessions' chart does not display accurate data when the FortiGate is in HA A-A mode.


6.3 System

Description: ICMP Type 3 Code 4 messages are randomly dropped by the FortiGate.Bug ID: 97746Status: Fixed in v4.0.4.

Description: The FortiGate DHCP relay agent drops DHCPINFORM message if the server identifier is not set.


Description: Authentication daemon (authd) may crash if keepalive is enabled and an URL longer than 127 characters is

visited.Bug ID: 96601 and 98578


Description: FGT-110C, FGT-310B, FGT-60B and FGT-620B may randomly hang and kernel crash message is printed on

the console.Models Affected: FGT-110C, FGT-310B, FGT-60B and FGT-620B


Description: Network zone configuration may stop working after multiple IPSec interfaces are enabled.Bug ID: 98658

10 August 27, 2010


14/21



Description: UDP live streaming traffic may sometime get dropped by the FortiGate when using VIP.Bug ID: 94955Status: Fixed in v4.0.4.

Description: Add device hostname in the FGFM message exchange with the FortiManager.


Description: IPS engine may randomly crash when the number of VDoms configured are near the maximum allowed.Bug ID: 97323


Description: The FortiGate CPU usage may unexpectedly increase when using one-arm IDS configuration.Bug ID: 98350, 95663Status: Fixed in v4.0.4.

Description: Fix FortiGate hang and kernal panic issues.Bug ID: 98939, 100433


Description: Pre-defined service definition of SSH is incorrect.


Description: Fix merged_daemons memory leak issue.

Bug ID: 98457


Description: The FortiGate may hang if next hop MAC address does not exist.Bug ID: 108628Status: Fixed in v4.0.4.

Description:scanunit may crash when parsing malformed MMS messages.


Description:httpd daemon may crash if the maximum number of VDom's are added and the FortiGate is rebooted while

http traffic is passing thru the last three VDoms.Bug ID: 97880


Description: "unregister_netdevice:" error message may get printed on the CLI after restoring a configuration file.

Bug ID: 110585


Description: The FortiGate's HTTP proxy may prevent skype to sign in via an external proxy.


Description: Changing administrative status of a busy Broadcom Tigon3 port to down may cause all network related CLI commandsor web UI pages to hang.

Bug ID: 111601

11 August 27, 2010


15/21



Description: The FortiGate may fail to pass through certain emails when SMTP content archive is enabled.Bug ID: 92664Status: Fixed in v4.0.4.

Description: VIP name length in the cmdb and kernel does not match.


Description: FTP proxy closes the connection if a multiline response happens in more than one packet.Bug ID: 94779


Description:scanunit may crash if the HTTP POST headers are bigger than deflate POST body.


Description: STUN sessions are unexpectedly deleted by the FortiGate after few minutes.


Description: The FortiGate may continuously request for full AV update once the delta update fails.


Description: Unexpected output may be displayed on the CLI after connecting to the FortiGate using SSH.Bug ID: 109783


Description: An administrator with read-only permission is able to view full configuration using 'show' or 'show full' command.Bug ID: 98294Status: Fixed in v4.0.4.

Description: Add support for Franklin USB CDU-680 3G modem.


Description: If a pipelined quit command comes after CRLF, the mail signature may not appear in the email and email may get

dropped.Bug ID: 98251


Description: NP2 accelerated sessions get frozen when the MAC address of the next hop changes.Models Affected: All models with NPU interfacesBug ID: 99645


Description: "Bad certificates in BIOS" error message is displayed during bootup.Models Affected: FGT-400ABug ID: 100832Status: Fixed in v4.0.4.

12 August 27, 2010


16/21


6.4 High Availability

Description: HA slave member in A-A mode may not forward sessions to updated MAC in an event of MAC address change.Bug ID: 108701Status: Fixed in v4.0.4.

Description: The FortiGate in HA A-A mode may crash if AV scanning is enabled and traffic passes through both NP2 and FA2

ports.Bug ID: 113707


Description: An unexpected 'HA lost neighbor' information log message is generated if the HA heartbeat timers are set to very low

values.Bug ID: 111011


6.5 Router

Description: OSFP routing over IPSec tunnel may not work between one FortiGate running in MR7 and other running in

MR6 build, if IPSec interface is explicitly listed under ospf-interface list.

Bug ID: 79416Status: Fixed in v4.0.4.Workaround: Set mtu-ignore to enable on both sides.

Description: The FortiGate incorrectly allows user to configure more than one access list for each protocol under ospfdistriubte-list.


Description: rtcatch table may incorrectly forward packet to the default route instead of pushing it through the IPSec tunnel.


Description: Remote address of point-to-point interface is not advertised in router LSA.Bug ID: 97567


6.6 Firewall

Description: HTTP VIP cookie support deletes third-party cookies.


Description:imd daemon may crash if a configuration change is made to a VIP and then the same VIP is deleted.


Description: Certificate check for firewall policy authentication may not work when auth-secure-http is enabled.


6.7 Web Filter

Description: The FortiGuard webfilter overrides may persist after being removed.Bug ID: 97622

13 August 27, 2010


17/21



Description: The FortiGate always uses default web filter override page, even when a custom override page is configured.Bug ID: 111934


6.8 Instant Message

The following IMs and their versions were tested in FortiOS v4.0.4. As some IM clients use encrypted connections, the FortiGate

may not succeed in blocking the traffic from traversing the firewall.

IM Client Versions Comment

AIM 6.8.14.6 This IM version uses SSL communication and FortiGate can only Block or

Allow it using firewall policy.

AIM Classic 5.9.6089 none

ICQ 6.5 Build 1005 none

Yahoo! Messenger 9.0.0.2112 none

MSN Live Messenger 8.5.1302.1018 none

Description:The following table lists the known issues with each of the IMs supported by FortiOS v4.0.0.ModelsAffected: AllBug ID: See table

Clients Affected Versions Description/Models Affected/Status/BugID

ICQ 6.5 Build

1005

Description: If an ICQ connection request is malformed then the FortiGate may go into

conserve mode due to imd daemon allocating all available memory.

Status: Fixed in v4.0.4.Bug ID: 107513

6.9 VPN

Description: IKE daemon may cause memory leak when XAUTH or Diffie-Hellman is used. FGT with xauth

client configured fails to connect to Cisco ASA serverBug ID: 96775Status: Fixed in v4.0.4.

Description: The FortiGate with XAUTH client configured may fail to connect with Cisco ASA server.

then the IPsec traffic will be blockedBug ID: 110492Status: Fixed in v4.0.4.

Description: When close to 2^32 IPSec (and SSL VPN) packets are encrypted/decrypted then the IPSec traffic may start gettingdropped.


Description: IPSec interface may show status as down while the tunnel is actually up.Bug ID: 114114


14 August 27, 2010


18/21


Description: User may not be able to login when SSL-VPN with "Require Client Cert" is configured.Bug ID: 113322, 113442, 113453Status: Fixed in v4.0.4.

Description: If "ssl-send-empty-frags" support is disabled then this causes the virtual server daemon to crash during

configuration initialization and thus all traffic through the virtual server is blocked.Bug ID: 100543Status: Fixed in v4.0.4.

Description: The FortiGate's IKE daemon rejects a quick-mode response from a sidewinder because sidewinder re-numbers

the proposals and the FortiGate only accepts a response if the proposal has the same number.


Description: HA slave members may not be able to sync firewall address with associated interface set to an IPSec interface.Bug ID: 97029


Description: SSL-VPN daemon (sslvpnd) may randomly crash in tunnel mode.

Bug ID: 107020, 110635Status: Fixed in v4.0.4.

Description: The FortiGate may hang when multiple IPSec dialup tunnels are used.


Description: SSL-VPN login may not work if "&" character is used in the usergroup name.


Description: SSL-VPN tunnel may get disconnected when downloading a big file from a FTP server.


Description: SSL-VPN process (sslvpnd) may get stuck in uninterruptible state 'D' if a lot of IPSec traffic is traversing through the

FortiGate.


Description: SSL-VPN authentication with RSA new pin mode may fail when in multiple cpu mode.Bug ID: 109593Status: Fixed in v4.0.4.

Description: Fix memory corruption related issues on SSL-VPN (sslvpnd) daemon.


Description: SSL-VPN client can still connect even after tunnel widget has been removed from the portal.


Description: When using SSLVPN tunnel, uploading a file through CIFS can be very slow.Bug ID: 94727

15 August 27, 2010


19/21



Description: User cannot retrieve SSL-Proxy CA certificate via CLI or web UI.Bug ID: 94595


Description: Some URLs cannot be accessed through SSL-VPN web mode.


6.10 WAN Optimization

Description: Fix various wad crashes and bugs.

Bug ID: 95094, 95097, 95129, 95149, 95219, 95755Status: Fixed in v4.0.4.

6.11 Log & Report

Description: Alert email is not sent for FDS updates.Bug ID: 94152


Description: Change the factorydefault setting for the event log.Bug ID: 99829Status: Fixed in v4.0.4.

Description: Full content archive link is missing for all MMS messages sent with a blank subject.


Description: The FortiGate incorrectly inserts false 'connect/disconnect to FortiAnalyzer' log messages when adding or deletingVDoms.

Bug ID: 90686


Description: Full content archive to FAMS does not work for IMAP, POP3, and SMTP.Bug ID: 113017Status: Fixed in v4.0.4.

16 August 27, 2010


20/21


7 Known Issues in FortiOS v4.0.4This section lists the known issues of this release, but is NOT a complete list. For enquiries about a particular bug not

listed here, contact Customer Support.

7.1 VPN

Description: Our SSL VPN web portal code does not allow enough flexibility for specific/complex URL access' therefore certain

applications may not be fully supported via the SSL web portal.Bug ID: 114610Status: To be fixed in a future release.

17 August 27, 2010


21/21


8 Image Checksums

The MD5 checksums for the firmware images are available at the Fortinet Customer Support website

(https://support.fortinet.com). After login, click on the "Firmware Images Checksum Code" link in the left

frame.

(End of Release Notes.)

18 August 27, 2010

Documents

FortiOS v404 Release Notes