Professional Documents
Culture Documents
FortiOS v4.0 MR2 Patch Release 4 Release Notes
FortiOS v4.0 MR2 Patch Release 4 Release Notes
Release Notes
v4.0 MR2
Patch Release 4
01-424-84420-20110315
Release Notes FortiOS v4.0 MR2 - Patch Release 4
Table of Contents
1 FortiOS v4.0 MR2 - Patch Release 4..................................................................................................................1
2 Special Notices....................................................................................................................................................2
2.1 General........................................................................................................................................................2
2.2 FMC-XG2 Module Support........................................................................................................................2
2.3 FMC-C20 and FMC-F20 Module Support................................................................................................. 2
2.4 Cross-Card Fastpath Feature Support on NP4 Interfaces........................................................................... 2
2.5 New Session Per Second ............................................................................................................................2
3 Upgrade Information...........................................................................................................................................3
3.1 Upgrading from FortiOS v4.0.....................................................................................................................3
3.2 Upgrading from FortiOS v4.0 MR1............................................................................................................5
4 Downgrading to FortiOS v4.0 MR1................................................................................................................... 6
5 Fortinet Product Integration and Support........................................................................................................... 7
5.1 Fortinet Server Authentication Extension (FSAE) Support........................................................................7
5.2 AV Engine and IPS Engine Support...........................................................................................................7
5.3 SSL-VPN Support.......................................................................................................................................7
5.3.1 SSL-VPN Standalone Client............................................................................................................... 7
6 Resolved Issues in FortiOS v4.0 MR2 - Patch Release 4...................................................................................9
6.1 Web UI........................................................................................................................................................9
6.2 System.........................................................................................................................................................9
6.3 High Availability.........................................................................................................................................9
6.4 IPS.............................................................................................................................................................10
6.5 Web Filter..................................................................................................................................................10
7 Known Issues in FortiOS v4.0 MR2 - Patch Release 4.................................................................................... 11
7.1 Web Proxy.................................................................................................................................................11
7.2 IPS.............................................................................................................................................................11
8 Image Checksums............................................................................................................................................. 12
Change Log
2011-03-15 Added FMC-C20 and FMC-F20 Module support information into Section 1 and Section 2.
Trademarks
Copyright© 2011 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein
may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were
attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may affect performance results, and
Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the
identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal
conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this
publication without notice, and the most current version of the publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600.
Support will be provided to customers who have purchased a valid support contract. All registered customers with valid support contracts may enter their support
tickets via the support site:
https://support.fortinet.com
FGT-30B, FWF-30B, FGT-50B, FGT-51B, FWF-50B, All models are supported on the regular v4.0 MR2 - Patch Release 4 branch.
FGT-60B, FWF-60B, FGT-80C, FGT-80CM, FWF-
80CM, FWF-81CM, FGT-82C, FGT-100A, FGT-
110C, FGT-111C, FGT-200A, FGT-200B, FGT-
200B-POE, FGT-224B, FGT-300A, FGT-310B, FGT-
311B, FGT-310B-DC, FGT-400A, FGT-500A, FGT-
620B, FGT-620B-DC, FGT-621B, FGT-800, FGT-
800F, FGT-1000A, FGT-1000A-FA2, FGT-1000A-
LENC, FGT-1240B, FGT-3016B, FGT-3040B, FGT-
3600, FGT-3600A, FGT-3810A, FGT-3950B, FGT-
3951B, FGT-5001A, FGT-5001, FGT-5001FA2, and
FGT-5005FA2.
FGT-60C This model is released on a special branch based off of FortiOS v4.0 MR2 -
FWF-60C Patch Release 4--fg_4-2_60c/build_tag_5422. As such, the build number in
the System > Dashboard > Status page and the output from the "get
system status" CLI command displays 5422 as the build number. To
confirm that you are running the proper build, the output from the "get
system status" CLI command has a "Branch point:" field. This should
read 313.
FGT-3950B to support the FMC-C20 or FMC-F20. The images to support the FMC-C20 and FMC-F20 are from a special
FGT-3951B to support the FMC-C20 or FMC-F20. branch based off of FortiOS v4.0 MR2 - Patch Release 4 –
fg_4-2_fmc_c20/build_tag_5423.
The build number for this image in the System > Status page and the output
from the "get system status" CLI command displays 5423. To confirm that
you are running the proper build, the output from the "get system status"
CLI command has a "Branch point:" field. This should read 313.
Please visit http://docs.forticare.com/fgt.html for additional documents on FortiOS v4.0 MR2 release.
2 Special Notices
2.1 General
The TFTP boot process erases all current firewall configuration and replaces it with the factory default settings.
IMPORTANT!
• Fortinet recommends setting your monitor to a screen resolution of 1280x1024. This allows for all objects in the Web UI to
be viewed properly.
• Microsoft Internet ExplorerTM 8.0 (IE8) and FireFox 3.5 or later are fully supported.
• [FortiGate Configuration] Save a copy of your FortiGate unit configuration (including replacement messages) prior to
upgrading.
• [WebUI Display] If you are using the Web UI, clear the browser cache prior to login on the FortiGate to ensure proper
display of the Web UI screens.
• [Update the AV/IPS definitions] The AV/IPS signature included with an image upgrade may be older than ones currently
available from the Fortinet's FortiGuard system. Fortinet recommends performing an "Update Now" as soon as possible
after upgrading. Consult the FortiGate User Guide for detailed procedures.
3 Upgrade Information
3.1 Upgrading from FortiOS v4.0
FortiOS v4.0 MR2 Patch Release 4 officially supports upgrade from the FortiOS v4.0 Patch Release 4 or later. See the upgrade path
below. The arrows indicate "upgrade to".
[FortiOS v4.0]
The upgrade is supported from FortiOS v4.0.4 B0113 or later.
After every upgrade, ensure that the build number and branch point match the image that was loaded.
In FortiOS v4.0.4
Before upgrading, backup your configuration, parse the webfilter exempt list entries, and merge them into the webfilter content list
after the upgrade.
After merging the exempt list from v4.0.4 to the webfilter content list
[VoIP Settings]
FortiOS v4.0 MR2 has functionality to archive message and files as caught by the Data Leak Prevention feature, which includes some
VoIP messages. However, some scenarios have an implication configuration retention on the upgrading. Consider the following:
Upon upgrading to FortiOS v4.0 MR2 Patch Release 4, the VoIP settings are not moved into the DLP archive feature.
After every upgrade, ensure that the build number and branch point match the image that was loaded.
[DLP Rule]
A DLP rule with subprotocol setting set to 'sip simple sccp' will be lost upon upgrading to FortiOS v4.0 MR2 Patch Release 4.
• operation modes
• interface IP/management IP
• route static table
• DNS settings
• VDom parameters/settings
• admin user account
• session helpers
• system access profiles
Note: FSAE images can be downloaded from the support site using the given link:
ftp://support.fortinet.com/FortiGate/v4.00/4.0MR2/MR2/FSAE/
6.1 Web UI
Description: When a vdom-admin is enabled, the global scope incorrectly shows the Router > Static web UI page.
Bug ID: 135159
Status: Fixed in v4.0 MR2 - Patch Release 4.
Description: Some websites may not be fully loaded when IPS and AV are enabled on the effective firewall policy simultaneously.
Bug ID: 137972
Status: Fixed in v4.0 MR2 - Patch Release 4.
6.2 System
Description: The reserved bits field has an incorrect default value for the Encoded-Group address in the PIM-SM Candidate-RP-
Advertisement message.
Bug ID: 129705
Status: Fixed in v4.0 MR2 - Patch Release 4.
Description: Size of MAC address table has been increased to enhance performance.
Bug ID: 131770, 135414, 137153
Status: Fixed in v4.0 MR2 - Patch Release 4.
Description: The master unit may inadvertently use an unusual virtual MAC address on VLAN interfaces.
Bug ID: 136830
Status: Fixed in v4.0 MR2 - Patch Release 4.
6.4 IPS
Description: Some offloaded attacks may not be detected by the modules specified below.
Model Affected: FortiGate models that support the FMC-XG2, ASM-CE4, ADM-XE2, ADM-FE8 modules.
Bug ID: 138464
Status: Fixed in v4.0 MR2 - Patch Release 4.
Description: Traffic throughput may fluctuate when IPS is enabled on XLR interfaces.
Model Affected: FortiGate models that support the FMC-XG2, ASM-CE4, ADM-XE2, ADM-FE8 modules.
Bug ID: 138757
Status: Fixed in v4.0 MR2 - Patch Release 4.
7.2 IPS
Description: Traffic through the FortiGate device may be experience an increase in latency for a short period when an IPS signature
update is performed.
Bug ID: 135825
Status: To be fixed in a future release.
8 Image Checksums
The MD5 checksums for the firmware images are available at the Fortinet Customer Support website
(https://support.fortinet.com). After login, click on the "Firmware Images Checksum Code" link in the left
frame.