Poco a poco, si dejan de sacar versiones nuevas, terminaremos de actualizar estos equipos, hoy toca subir de la 5.0.3 a la 5.0.4. Todavía dos por debajo de lo recomendado.
La lista de correcciones se puede consultar en las release notes.
Te avisan de que:
– Si usas el portal cautivo han cambiado las cosas y no te aseguran que con el update siga funcionando, así que haz un backup antes (en mi caso no lo uso).
y la lista de cosas que corrige (para el firewall).
143961 FortiGate in HA A-A mode failed to connect with an ICAP server when the traffic falls on the slave FortiGate.
169930 Fix inaccurate DoS policy counters.
196907, 208885 SSL exempt problems when SSL inspect-all is enabled and SSL server-name cache.
201003 FortiGate unable to install full firewall policy when the firewall policy’s address range has exceed the system size limit.
203335 204081 Fix VIP health check session is blocked because of extra ICMP reply packets that trigger the anti-reply function.
204388 FortiGate continues to increment duration in the Traffic log even though the session does not exists anymore after session timeout.
204398 Correct user credentials are required to input twice after wrong user name and password are input with auth-http-basic enabled.
205931 H.225 RAS’s location requests are not natted by session-helper in the IP address field.
208630 Unable to set the broadcast address in the multicast address configuration.
208759 The authd daemon may experience high CPU usage for a long time if there are hundreds of firewall policies.
209370 Traffic can pass device based firewall policies when an empty device group is used.
210438 FortiGate keeps using IPsec VPN to connect to FortiAnalyzer after setting encrypt to disable.
211790 Port number is missing in the redirected URL after authentication on non-standard HTTP port with auth-secure-http enabled.
El parche se instala bien. El equipo reinicia sin problemas, deja crear objetos y todo parece correcto.
2 Mas y terminamos de una puñetera vez.