Fortinet black logo

Build 558 Release Notes

Home IPS Engine 3.6.0 Build 558 Release Notes

Resolved issues

3.6.0
3.6.0
Copy Link
Copy Doc ID 10a0be7d-00e2-11ea-8977-00505692583a:138654
Download PDF

Resolved issues

The resolved issues listed below do not list every bug that has been corrected with this release. For inquiries about a particular bug, contact Customer Service & Support.

Bug ID

Description
483417 Include SNI cache in HA sync.
483417, 499598 Do not allow forged SNI in TLS traffic for Application Control.
488392 , 511778 , 522196 , 523655 , 526865 , 530449 Backport of SSL session ID cache improvement.
529659 , 540063 Non-SSL traffic cannot pass through IPS engine.

535288

Read over boundary when getting file name from HTTP URL.
540344 , 567923 IPS engine crash.
540902 Reply to FIN+ACK retransmission with seq=0ack=0 pkt&
542818 Unable to use client certificate authentication through a policy with deep inspection and IPS enabled.
546787 , 548413 Crash on certain RTSP interleave data.
550227 Keep getting attackid=0 in FortiGate IPS logs for P2P traffic.
552326 Port IPS tag database improvement patch.
554062 Too long wait time in sniff mode.
554219 Always choose explicitly configured rules over implicit ones.
557379 Do not generate random serial number for resigned server certificate.
557944

Crash when doing CBC HMAC validation.

Avoid padding oracles due to different handling of invalid record mac and invalid paddings.
561936 Web rating override does not work with external proxy.
562419 Certificate inspection profile triggers SSL deep inspection.
562832 Do not filter out application signatures based on application detected in host session.
563177 Incorrect sack.
568328 Botnet database loading crash on Windows and remove garbage strings from database.
569143

CIFS antivirus flow mode allows malware blocked via HTTP.

Change the value of SMB2_OOO_LIMIT to four megabytes.

574745

Revert patch: create different sessions for the same session from different policy.
578282 SSL session stuck if server hello and certificate are in different packets.
584073 Crash on HTTP2 control when getting content disposition.

589653

Crash after upgrade to 3.555.

592618

Do not do URL filter query if SNI is not yet verified.
Previous
Next

Resolved issues

The resolved issues listed below do not list every bug that has been corrected with this release. For inquiries about a particular bug, contact Customer Service & Support.

Bug ID

Description
483417 Include SNI cache in HA sync.
483417, 499598 Do not allow forged SNI in TLS traffic for Application Control.
488392 , 511778 , 522196 , 523655 , 526865 , 530449 Backport of SSL session ID cache improvement.
529659 , 540063 Non-SSL traffic cannot pass through IPS engine.

535288

Read over boundary when getting file name from HTTP URL.
540344 , 567923 IPS engine crash.
540902 Reply to FIN+ACK retransmission with seq=0ack=0 pkt&
542818 Unable to use client certificate authentication through a policy with deep inspection and IPS enabled.
546787 , 548413 Crash on certain RTSP interleave data.
550227 Keep getting attackid=0 in FortiGate IPS logs for P2P traffic.
552326 Port IPS tag database improvement patch.
554062 Too long wait time in sniff mode.
554219 Always choose explicitly configured rules over implicit ones.
557379 Do not generate random serial number for resigned server certificate.
557944

Crash when doing CBC HMAC validation.

Avoid padding oracles due to different handling of invalid record mac and invalid paddings.
561936 Web rating override does not work with external proxy.
562419 Certificate inspection profile triggers SSL deep inspection.
562832 Do not filter out application signatures based on application detected in host session.
563177 Incorrect sack.
568328 Botnet database loading crash on Windows and remove garbage strings from database.
569143

CIFS antivirus flow mode allows malware blocked via HTTP.

Change the value of SMB2_OOO_LIMIT to four megabytes.

574745

Revert patch: create different sessions for the same session from different policy.
578282 SSL session stuck if server hello and certificate are in different packets.
584073 Crash on HTTP2 control when getting content disposition.

589653

Crash after upgrade to 3.555.

592618

Do not do URL filter query if SNI is not yet verified.
Previous
Next