El viernes, aprovechando que era fiesta… soltaron una nueva versión del soft para los fortigate … 5.0.5. Soluciona una buena cantidad de bugs.
Yo creo que a mi me afectan los siguientes …
170136 The instant messaging (IM) daemon (imd) crashes when processing IM based SIP traffic, such as Yahoo messenger SIP.
173140 The instant messaging (IM) daemon (imd) crashes when deleting a VDOM and SIP traffic is running.
207808 Traffic can now pass through an IP in IP tunnel created using loopback interface IP address.
209269 If an IP address (v4 or v6) is configured on a dynamic IPsec interface then when a peer connects, attach this IP address to the dynamically created interface.
209609 When Xauth is not used, certificate information is now correctly reported in IPSec VPN logs.
209618 Corrected an issue that caused the IPsec Monitor to truncate user names if certificate subject is greater than 64 characters.
212713 Improved the IKE negotiation performance for dial up peers.
212924 IKEv2 rekeying when on a busy FortiGate unit no longer causes the IKE daemon to crash.
213432 IPsec dialup connections are now offloaded to NPx processors after an HA failover.
213591 IKEv2 work correctly when phase2 proposal authentication is NULL.
214310 Redundant interfaces now correctly send gratuitous ARP packets if there is a transient link failure.
215173 HA failover if IPsec packets works correctly for PPPoE interfaces.
215399 IPsec VPN event log messages are correctly recorded when dead peer detection detects that a peer has failed.
215961 Windows XP VPN clients can work correctly with NAT Traversal.
216655 Remote gateway addresses are no longer changed to 0.0.0.0 after rekeying an IKE SA.
216715 IPsec packets are no longer lost during a rekey sequence with NPx offloading enabled.
217036 IPsec packets are no longer lost when NPx offload is disabled.
145227 Resolved an issue that caused the IKEv2 queue to wait for a pending request that never gets started.
La verdad es que estamos teniendo muchos problemas con las VPN’s. Acostumbrado a las de checkpoint que funcionaban sin problemas…ahora tocan mucho las narices. Sobre todo cuando hay equipos viejos de cisco en el otro extremo…
A ver si consigo ventana para actualizarlos … si alguien lo hace y quiere comentar como le ha ido, se agradecerá..