Documente Academic
Documente Profesional
Documente Cultură
Technical Documentation
docs.fortinet.com
Knowledge Base
kb.fortinet.com
support.fortinet.com
Training Services
training.fortinet.com
FortiGuard
fortiguard.com
Document Feedback
techdocs@fortinet.com
Table of Contents
Change Log....................................................................................................... 5
Introduction....................................................................................................... 6
Supported models ...................................................................................................
FortiGate ............................................................................................................
FortiWiFi .............................................................................................................
FortiGate VM......................................................................................................
FortiSwitch .........................................................................................................
6
6
6
6
7
FortiOS Carrier.................................................................................................. 8
Supported models ................................................................................................... 8
FortiCarrier ......................................................................................................... 8
11
11
11
12
12
12
12
12
13
13
13
13
13
13
13
13
13
13
14
Upgrade procedure................................................................................................ 14
Page 3
20
20
20
21
Resolved Issues.............................................................................................. 23
High Availability................................................................................................ 23
IPsec VPN ........................................................................................................ 23
System ............................................................................................................. 23
Known Issues.................................................................................................. 24
Logging and Reporting .................................................................................... 24
SSL VPN .......................................................................................................... 24
Limitations....................................................................................................... 25
Citrix XenServer limitations.................................................................................... 25
Open Source Xen limitations ................................................................................. 25
Image Checksum............................................................................................ 26
Appendix A: FortiGate VM ............................................................................. 27
FortiGate VM model information............................................................................ 27
FortiGate VM firmware........................................................................................... 28
Table of Contents
Page 4
Change Log
Date
Change Description
2013-05-16
Initial release.
Page 5
Introduction
This document provides a summary of enhancements, support information, installation
instructions, integration, resolved and known issues in FortiOS v4.0 MR3 Patch Release 14
build 0665.
Supported models
FortiOS v4.0 MR3 Patch Release 14 supports the following models.
FortiGate
FG-20C, FG-20C-ADSL-A, FG-30B, FG-40C, FG-50B, FG-51B, FG-60B, FG-60C,
FG-60C-POE, FG-80C, FG-80CM, FG-82C, FG-100A, FG-100D, FG-110C, FG-111C, FG-200A,
FG-200B, FG-200B-POE, FG-224B, FG-300A, FG-300C, FG-310B, FG-310B-DC, FG-311B,
FG-400A, FG-500A, FG-600C, FG-620B, FG-620B-DC, FG-621B, FG-800, FG-800C, FG-800F,
FG-1000A, FG-1000A-FA2, FG-1000A-LENC, FG-1000C, FG-1240B, FG-3016B, FG-3040B,
FG-3140B, FG-3600, FG-3600A, FG-3810A, FG-3950B, FG-3951B, FG-5001, FG-5001A,
FG-5001B, FG-5001FA2, FG-5002FB2, FG-5005FA2, FG-5101C, and FG-ONE.
FG-3240C
This model is released on a special branch based off of FortiOS v4.0 MR3 Patch Release 14. As
such, the build number found in the System > Dashboard > Status page and the output from the
get system status CLI command displays 6910 as the build number.
To confirm that you are running the proper build, the output from the get system status CLI
command has a Branch point field that should read 0665.
FortiWiFi
FWF-20C, FWF-20C-ADSL-A, FWF-30B, FWF-40C, FWF-50B, FWF-60B, FWF-60C,
FWF-60CM, FWF-60CX-ADSL-A, FWF-80CM, and FWF-81CM.
FortiGate VM
FG-VM32 and FG-VM64.
FG-VM64-XEN
This model is released on a special branch based off of FortiOS v4.0 MR3 Patch Release 14. As
such, the build number found in the System > Dashboard > Status page and the output from the
get system status CLI command displays 5934 as the build number.
To confirm that you are running the proper build, the output from the get system status CLI
command has a Branch point field that should read 0665.
Introduction
Page 6
FortiSwitch
FS-5203B.
See http://docs.fortinet.com/fgt.html for additional documents on FortiOS v4.0 MR3.
Introduction
Page 7
FortiOS Carrier
This chapter provides platform support information for FortiOS Carrier v4.0 MR3 Patch Release
14 build 0665.
Supported models
FortiOS Carrier v4.0 MR3 Patch Release 14 supports the following models.
FortiCarrier
FCR-3810A, FCR-3950B, FCR-3951B, FCR-5001, FCR-5001A, FCR-5001B, FCR-5001FA2,
and FCR-5005FA2.
Firmware image filenames begin with FK.
See http://docs.fortinet.com/fgt.html for additional documents on FortiCarrier v4.0 MR3.
FortiOS Carrier
Page 8
Special Notices
TFTP boot process
The TFTP boot process erases all current firewall configuration and replaces it with the factory
default settings.
Memory logging
Memory logging is available on all FortiGate platforms and is disabled by default, however if the
setting is enabled prior to upgrade, it remains enabled. Memory logging is intended to be used
for troubleshooting. You can enable memory logging in the CLI using the following command:
config log memory setting
set status enable
end
Special Notices
Page 9
Special Notices
Page 10
Upgrade Information
Upgrading from FortiOS v4.0 MR3
FortiOS v4.0 MR3 Patch Release 14 build 0665 officially supports upgrade from FortiOS v4.0
MR3 Patch Release 11 or later.
Please review the Special Notices, Product Integration and Support, Known Issues, and
Limitations chapters prior to upgrading. For more information on upgrading your FortiOS
device, see the FortiOS 4.0 MR3 Handbook at http://docs.fortinet.com.
Disk logging
For optimal performance of your FortiGate unit, disk logging will be disabled during upgrade to
FortiOS v4.0 MR3 Patch Release 14. Fortinet recommends you enable logging to FAMS
(FortiCloud) on this unit to use the extended logging and reporting capabilities. This change
affects the following models:
FG-20C, FWF-20C
FG-20C-ADSL-A, FWF-20C-ADSL-A
FG-40C, FWF-40C
FG-60C, FWF-60C, FG-60C-POE, FWF-60CM, FWF-60CX-ADSL-A
FG-80C, FWF-80C, FG-80CM, FWF-80CM
FG-100D (PN: P09340-04 or earlier)
FG-300C (PN: P09616-04 or earlier)
FG-200B without SSD installed
A limitation in the code specific to the FG-80C, FG-80CM, FWF-80C, and FWF-80CM prevents
a message from being displayed warning users that disk logging has been disabled upon
upgrading to FortiOS v4.0 MR3 Patch Release 14. If you were using FortiCloud prior to
upgrading, the settings are retained and the service continues to operate.
Upgrade Information
Page 11
Please review the Special Notices, Product Integration and Support, Known Issues, and
Limitations chapters prior to upgrading. For more information on upgrading your FortiOS
device, see the FortiOS 4.0 MR3 Handbook at http://docs.fortinet.com.
DDNS
DDNS configurations under interface are moved to global mode config system ddns
after upgrading.
DNS server
The dns-query recursive/non-recursive option under specific interfaces are moved to
the system level per VDOM mode and config system dns-server can be used to
configure the option after upgrading.
Upgrade Information
Page 12
Ping server
The gwdetect related configurations under specific interfaces are moved under router per
VDOM mode and config router gwdetect can be used to configure the option after
upgrading.
Central management
The set auto-backup disable and set authorized-manager-only enable
configurations under config system central-management are removed after upgrading.
SNMP community
A 32-bit network mask will be added to an IP address of SNMP host after upgrading.
Modem settings
The wireless-custom-vendor-id and wireless-custom-product-id are moved from
config system modem to config system 3g-modem custom after upgrading.
URL filter
The action options in the urlfilter configuration have been changed from Allow, Pass,
Exempt, and Block to Allow, Monitor, Exempt, and Block. The Allow action will not
generate a log entry in FortiOS v4 MR3 Patch Release 1 and later. The Monitor action will act
as the function that allows log reporting. The Pass action in FortiOS v4.0 MR2 has been merged
with Exempt in FortiOS v4.0 MR3 Patch Release 1 and the CLI command has been changed
from set action pass to set exempt pass.
Upgrade Information
Page 13
Upgrade procedure
Plan a maintenance window to complete the firmware upgrade to ensure that the upgrade does
not negatively impact your network. Prepare your FortiGate device for upgrade and ensure
other Fortinet devices and software are running the appropriate firmware versions as
documented in Product Integration and Support.
Save a copy of your FortiGate device configuration prior to upgrading. To backup your
configuration, go to System > Dashboard > Status. In the System Information widget select
Backup under System Configuration. Save the configuration file to your management computer.
In VM environments, it is recommended that you take a Snapshot of the VM instance. In the
event of an issue with the firmware upgrade, use the Snapshot Manager to revert to the
Snapshot. To create a Snapshot, right-click the VM instance and select Snapshot > Take
Snapshot.
To upgrade the firmware via the Web-based Manager:
1. Download the .out firmware image file from the Customer Service & Support portal FTP
directory to your management computer.
2. Log into the Web-based Manager as the admin administrative user.
3. Go to System > Dashboard > Status.
4. In the System Information widget, in the Firmware Version field, select Update.
The Firmware Upgrade/Downgrade window opens.
Figure 1: Firmware upgrade/downgrade window
5. Select Browse and locate the firmware image on your management computer and select
Open.
6. Select OK. The FortiGate unit uploads the firmware image file, upgrades to the new firmware
version. The following message is displayed.
Figure 2: Firmware upgrade dialog box
7. Refresh your browser and log back into your FortiGate device. Launch functional modules to
confirm that the upgrade was successful.
For more information on upgrading your FortiGate device, see the FortiOS v4.0 MR3 Handbook
at http://docs.fortinet.com/fgt/handbook/40mr3/fortios-handbook-40-mr3.pdf.
Upgrade Information
Page 14
Upgrade Information
Page 15
FortiManager support
FortiOS v4.0 MR3 Patch Release 14 is supported by FortiManager v4.0 MR3 Patch Release 7 or
later.
FortiAnalyzer support
FortiOS v4.0 MR3 Patch Release 14 is supported by FortiAnalyzer v4.0 MR3 Patch Release 6 or
later.
If you are using a FortiAnalyzer unit running FortiAnalyzer v4.0 MR2, you must upgrade it to
FortiAnalyzer v4.0 MR3. FortiAnalyzer units running FortiAnalyzer v4.0 MR2 will not function
correctly with FortiOS v4.0 MR3 Patch Release 14.
FortiClient support
FortiOS v4.0 MR3 Patch Release 14 is fully compatible with FortiClient v4.0 MR2 Patch Release
8 or later and FortiClient v4.0 MR3 Patch Release 5 or later for the following operating systems:
Microsoft Windows 7 (32-bit & 64-bit)
Microsoft Windows Vista (32-bit & 64-bit)
Microsoft Windows XP (32-bit)
Other operating systems may function correctly, but are not supported by Fortinet.
FortiAP support
FortiOS v4.0 MR3 Patch Release 14 supports the following FortiAP models:
FAP-112B, FAP-210B, FAP-220A, FAP-220B, FAP-221B, FAP-222B, FAP-223B, and
FAP-320B
Page 16
The FortiAP devices must be running FortiAP v5.0 Patch Release 3 build 0032 or later.
The FAP-220A must run FortiAP v4.0 MR3 Patch Release 9 build 0028.
To avoid memory issues, a smaller IPS package with signatures for active and new
vulnerabilities is used by the following FortiGate model series: 30B, 50B, 51B, 60B, and 100A.
Page 17
Language support
The following table lists FortiOS language support information.
Table 1: FortiOS language support
Language
Web-based Manager
Documentation
English
French
Portuguese (Brazil)
Spanish (Spain)
Korean
Chinese (Simplified)
Chinese (Traditional)
Japanese
To change the FortiGate language setting, go to System > Admin > Settings, in View Settings >
Language select the desired language on the drop-down menu.
Module support
FortiOS v4.0 MR3 Patch Release 14 supports Advanced Mezzanine Card (AMC), Fortinet
Mezzanine Card (FMC), Rear Transition Modules (RTM), and Fortinet Storage Module (FSM)
removable modules. These modules are not hot swappable. The FortiGate unit must be turned
off before a module is inserted or removed.
The following table lists supported modules and FortiGate models.
Table 2: Supported modules and FortiGate models
AMC/FMC/FSM/RTM Modules
FortiGate Model
Storage Module
500GB HDD Single-Width AMC (ASM-S08)
Storage Module
64GB SSD Fortinet Storage Module (FSM-064)
FG-3810A, FG-5001A-DW
FG-3810A, FG-5001A-DW
Page 18
Bypass Module
4x10/100/1000 Base-T
Single-Width AMC (ASM-CX4)
FG-3810A, FG-5001A-DW
FG-3810A, FG-5001A-DW
FG-3810A
FG-5001A-DW
FG-310B, FG-311B
FG-5001A-DW
FG-3950B, FG-3951B
FG-3950B, FG-3951B
FG-3950B, FG-3951B
FG-3950B, FG-3951B
FG-3950B
Page 19
Ubuntu 12.0.4
Page 20
Antivirus
Firewall
Antivirus
Firewall
Page 21
Antivirus
Firewall
Page 22
Resolved Issues
The resolved issues tables listed below do not list every bug that has been corrected with
FortiOS v4.0 MR3 Patch Release 14 build 0665. For inquires about a particular bug, please
contact Customer Service & Support.
High Availability
Table 7: Resolved high availability issues
Bug ID
Description
203940
IPsec VPN
Table 8: Resolved IPsec VPN issues
Bug ID
Description
205497
FortiGate should match the phase 2 selector as an exact match and not match a
selector based on the source and destination supernets.
System
Table 9: Resolved system issues
Resolved Issues
Bug ID
Description
189002
Page 23
Known Issues
The known issues listed tables below do not list every bug that has been reported with FortiOS
v4.0 MR3 Patch Release 14 build 0665. For inquires about a particular bug or to report a bug,
please contact Customer Service & Support.
Description
204086
Upon upgrading to FortiOS v4.0 MR3 Patch Release 14, the FortiAnalyzer log
upload option inadvertently is changed from realtime to store-and-upload.
SSL VPN
Table 11: Known SSL VPN issues
Known Issues
Bug ID
Description
203135
Page 24
Limitations
This section outlines the limitations in FortiOS v4.0 MR3 Patch Release 14 build 0665.
Limitations
Page 25
Image Checksum
The MD5 checksums for all Fortinet software and firmware releases are available at the
Customer Service & Support website located at https://support.fortinet.com. After logging in,
click on Download > Firmware Image Checksum, enter the image file including the extension,
and select Get Checksum Code.
Figure 3: Firmware image checksum tool
Image Checksum
Page 26
Appendix A: FortiGate VM
FortiGate VM model information
The following table provides a detailed summary on FortiGate VM models.
Table 12:FortiGate VM model information
Technical
Specification
FGVM-00
Hypervisor Support
Virtual CPU
(Min / Max)
FGVM-01
FGVM-02
FGVM-04
FGVM-08
1/1
Virtual Network
Interfaces
(Min / Max)
1/2
1/4
1/8
2 / 10
Memory Support
(Min / Max)
Storage Support
(Min / Max)
VDOM Support
(Default / Max)
10 / 10
10 / 25
10 / 50
10 / 250
Wireless Access
Points Controlled
32
256
512
512
1,024
HA Support
Yes
For more information see the FortiGate VM product datasheet available on the Fortinet web site,
http://www.fortinet.com/sites/default/files/productdatasheets/FortiGate-VM01.pdf.
FortiGate VM
Page 27
FortiGate VM firmware
Fortinet provides FortiGate VM firmware images for both VMware and Xen VM environments.
VMware
.out: Download either the 32-bit or 64-bit firmware image to upgrade your existing
FortiGate VM installation.
ovf.zip: Download either the 32-bit or 64-bit package for a new FortiGate VM installation.
This package contains Open Virtualization Format (OVF) files for VMware and two Virtual
Machine Disk Format (VMDK) files used by the OVF file during deployment.
Xen
.out: Download the 64-bit firmware image to upgrade your existing FortiGate VM installation.
.out.OpenXen.zip: Download the 64-bit package for a new FortiGate VM installation. This
package contains the QCOW2 file for Open Source Xen.
.out.CitrixXen.zip: Download the 64-bit package for a new FortiGate VM installation. This
package contains the Citrix Xen Virtual Appliance (XVA) and Virtual Hard Disk (VHD) files.
FortiGate VM
Page 28