Tuesday, July 5, 2011

Software Updates: FortiOS 4.0 MR3 Patch 1 is out

Summary of Enhancements

· BGP AS Overrides
· Central Management Locking/Unloking
· Control and Mitigate Traffic Bypassing SSL Proxy
· Convert Web UI Language Files To Be UTF-8 Standard
· Enlarge Table Size for Firewall Address and Firewall Service on High-End Models
· FMC-C20 and FMC-F20 Support
· FortiClient Connect Licensing Support
· FSSO Sniffer Policy Support
· Geographic Destinations Chart in Default Report
· GTP v1 release 7.15.0 support
· GTP v1 release 8.12.0 support
· Improvements of Usability on Firewall Policy configurations via Web UI
· Improvements and Simplification of Local Ratings & Local Categories Settings in Web Filter Configuration
· Improvements of Usability on Application Control and IPS Sensor configurations via Web UI
· Improvements of Usability on Web Filter Profile configurations via Web UI
· Integration of DNS Service on Interface and Server adminstration
· Increase for Maximum Value of Local Users on FortiGate-50x Serial Models
· Increase for MaximumValue of User Group
· Quick Test Button for Remote Server Reachablilty via Web UI
· Restoration of Function LDAP-Group-Check
· STARTTLS Scanning Over SMTP Proxy
· Web Cache Monitor via Web UI
· Web Mail Logging Support
· Web UI Navigation Menu Reorganization and Improvement
· WiFi Controller on FortiWiFi Models Under Client Mode


werner@hard-soft said...

Anyone out there with some experience with this release?
I have installed it some days ago on a 60C (yeah, the evil box ;-)), seems ok until today, execept one strange error message while saving the configuration of a existing ipsec phase1-interface configuration. But no interruptions, high cpu/memory events until now.

Christian said...

it's running stable and the performance, especially on fg60c is much better than mr2 p7! i'll install it on my fwf60c in the next days! :)

Current94 said...

installed it on 80c two days ago, looks pretty stable.

mcd said...

Hi folks!
Installed the Fortios 4 MR3 Patch1 yesterday.

Much better performance than previous released Firmware. No massive CPU load of IPS Engine so far.


Anonymous said...

It seems like MR3 Patch 1 is quite an improvement over MR3 for CPU and Memory. I've noticed a few weird little things GUI-wise, but function-wise it seems stable so far.

Anonymous said...

Hi, i've found a problem, yesterday i updated firmware and today noticed that i cannot modify policies, seems that doesnt recognize addresses. But when i create a new policy there are no problems at all!. Everything is working exept for this. Any idea??? Forigate 310-B. Thanks in advanced.

Anonymous said...

I have found you need to use the CLI to delete unused policies/profiles which are marked as being used
config firewall profile-group
edit "profile name"
unset AV-profile for example
others can also be unset.
This clears in memory profiles.
Just create new ones

Anonymous said...

If you do have cpu memory issues you can try rebooting the unit via a scheduled restart
config system global
set daily-restart enable
set restart 04:00

This will delete all logs if you are writing to system memory
You can pass logging to a syslog server or forianalyser or something like firewall analyser 7.1

Anonymous said...

It killed my home FortiWifi 60C when I enabled UTM features. My 50B was able to handle the same conig with no problem, but the 60C is crippled with UTM on. Constant conserve mode and connection limit errors.

Anonymous said...

I will try to update to this version again and just kill my 310B. I will not use it any longer, i'm backing to de buil 441 (4.0 mr3 no patch) again if i can make it live again.

ZeeBOB said...

4.0 MR3 Patch 1 has a bug on IPSEC Phase 1 connections bound to VLAN interfaces. This gave me hell but rolling back to MR3 no patch got me back up and running again :)

Fortinet have acknowledged the issue and fixed in Patch 2

Anonymous said...

We've run into major delays on in-bound email when the UTM is on with AV and E-mail Filtering. If we disable every feature within the filtering itself and apply the profile, it still causes major issue when TLS is initiated.