Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Release Notes
v4.0 MR1
01-410-84420-20090828
Release Notes FortiOS v4.0 MR1
Table of Contents
1 FortiOS v4.0 MR1..............................................................................................................................................1
1.1 Summary of Enhancements Provided by v4.0 MR1...................................................................................1
2 Special Notices....................................................................................................................................................3
2.1 General........................................................................................................................................................3
2.2 Configuration Files Backups.......................................................................................................................3
2.3 External Modem Support............................................................................................................................3
2.4 SSL-VPN Notes..........................................................................................................................................3
2.5 Logging to FortiAnalyzer using AMC Hard Disk......................................................................................4
2.6 AV Scanning Of Archived Files.................................................................................................................4
2.7 WCCP Multi-VDom Support......................................................................................................................4
2.8 Endpoint Control.........................................................................................................................................4
2.9 Identity Based Policy..................................................................................................................................4
2.10 Supported Character Sets..........................................................................................................................5
2.11 ASM-SAS Module Support......................................................................................................................5
2.12 AntiSpam Engine Support.........................................................................................................................5
2.13 Wireless Control Support for FWF-80CM...............................................................................................5
2.14 FortiGuard support for IPv6......................................................................................................................5
3 Upgrade Information...........................................................................................................................................6
3.1 Upgrading from FortiOS v3.00 MR6/MR7................................................................................................6
3.2 Upgrading from FortiOS v4.0.....................................................................................................................9
4 Downgrading to FortiOS v3.00.........................................................................................................................12
5 Fortinet Product Integration and Support.........................................................................................................13
5.1 FortiManager Support...............................................................................................................................13
5.2 FortiAnalyzer Support...............................................................................................................................13
5.3 FortiClient Support....................................................................................................................................13
5.4 Fortinet Server Authentication Extension (FSAE) Support......................................................................13
5.5 AV Engine and IPS Engine Support.........................................................................................................13
5.6 3G MODEM Support................................................................................................................................13
5.7 AMC Module Support...............................................................................................................................14
5.8 SSL-VPN Support.....................................................................................................................................15
5.8.1 SSL-VPN Standalone Client.............................................................................................................15
5.8.2 SSL-VPN Web Mode........................................................................................................................15
5.9 SSL-VPN Host Compatibility List............................................................................................................15
6 Resolved Issues in FortiOS v4.0 MR1..............................................................................................................17
6.1 Command Line Interface (CLI)................................................................................................................17
6.2 Web User Interface...................................................................................................................................17
6.3 System.......................................................................................................................................................17
6.4 High Availability.......................................................................................................................................18
6.5 Router........................................................................................................................................................18
6.6 Firewall.....................................................................................................................................................18
6.7 VPN...........................................................................................................................................................18
6.8 Web Filter..................................................................................................................................................19
6.9 Data Leak Prevention................................................................................................................................19
6.10 Instant Message.......................................................................................................................................19
6.11 Endpoint Control.....................................................................................................................................20
6.12 Log & Report..........................................................................................................................................20
Change Log
2009-08-25 Removed ASM-SAS Module Support for FGT-3600A, FGT-3016B, FGT-620B, and FGT-310B models.
Added bug 108672 to Known Issues section.
Trademarks
Copyright© 2009 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein
may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were
attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may affect performance results, and
Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the
identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal
conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this
publication without notice, and the most current version of the publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600.
Support will be provided to customers who have purchased a valid support contract. All registered customers with valid support contracts may enter their support
tickets via the support site:
https://support.fortinet.com
FGT-3810A This model is released on a special branch based off of FortiOS v4.0 MR1 –
FGT-5001A fg_4-1_fortinpu_rel/build_tag_5032. As such, the build number in the System > Status page and the
FGT-3016B output from the "get system status" CLI command displays 5032 as the build number. To
confirm that you are running the proper build, the output from the "get system status" CLI command has
a "Branch point:" field. This should read 178.
Note: The ASM-CE4, ADM-XE2, and RTM-XD2 modules are supported on these FortiGate models.
FGT-30B, FGT-50B, All models are supported on the regular v4.0 MR1 branch.
FWF-50B, FGT-60B,
FWF-60B, FGT-100A,
FGT-110C, FGT-200A,
FGT-224B, FGT-300A,
FGT-310B, FGT-311B,
FGT-310B-DC,
FGT-400A, FGT-500A,
FGT-620B, FGT-620B-
DC, FGT-800, FGT-800F,
FGT-1000A, FGT-1000A-
FA2, FGT-3600,
FGT-3600A, FGT-5001,
FGT-5001-FA2, and
FGT-5005-FA2.
Please visit http://docs.forticare.com/fgt.html for additional documents on FortiOS v4.0 MR1 release.
• SSL-VPN Enhancements
• Supports Reliable Syslog
• Supports Multiple Schedule Objects per Firewall Policy
• LDAP Authentication Improvements
• Enhanced Application Control Statistics
• Supports IPv6 AV scanning and Management Access
• Supports Reporting based on SQL Logs
• Supports Cookie-based Overrides on FortiCarrier Platforms
• Supports SIP over IPv6
• DLP Archive
• SIP Enhancements
• Log Reduction & Optimization
• Supports Wireless Controller
• Easy FortiCare and FortiGuard Services Registration and Renewal
• Endpoint Control Enhancements
• Supports Per-VDom Replacement Messages
• Alert Message Console Enhancements
• Interface Status Detection for Gateway Load Balancing
• Dynamic Profile Enhancements for FortiCarrier Platforms
2 Special Notices
2.1 General
The TFTP boot process erases all current firewall configuration and replaces it with the factory default settings.
IMPORTANT!
• Fortinet recommends setting your monitor to a screen resolution of 1280x1024. This allows for all objects in the Web UI to
be viewed properly.
• Microsoft Internet ExplorerTM 6.0/7.0 and FireFox 3.0x are fully supported.
• [FortiGate Configuration] Save a copy of your FortiGate unit configuration (including replacement messages) prior to
upgrading.
• [WebUI Display] If you are using the Web UI, clear the browser cache prior to login on the FortiGate to ensure proper
display of the Web UI screens.
• [Update the AV/IPS definitions] The AV/IPS signature included with an image upgrade may be older than ones currently
available from the Fortinet's FortiGuard system. Fortinet recommends performing an "Update Now" as soon as possible
after upgrading. Consult the FortiGate User Guide for detailed procedures.
• The "RDP to Host" option web mode can accept a keyboard layout setting as a parameter when the client connects to a
server.
• In the "RDP to Host" field type:
• <IP address or FQDN of the server> -m <language>
• <language> is one of the following:
• ar Arabic
• da Danish
• de German
• en-gb English - Great Britain
• en-us English - US
• es Spanish
• fi Finnish
• fr French
• fr-be Belgian French
• fr-ca French (Canada)
• fr-ch French (Switzerland)
• hr Croatian
• it Italian
• ja Japanese
• lt Lithuanian
• lv Latvian
• mk Macedonian
• no Norwegian
• pl Polish
• pt Portuguese
• pt-br Brazilian Portuguese
• ru Russian
• sl Slovenian
• sv Sedanese
• tk Turkmen
• tr Turkish
• Japanese
• jisx0201
• jisx0208
• jisx0212
• sjis
• euc_jp
• ISO 2022_jp
• ISO 2022_jp1
• ISO 2022_jp2
• ISO 2022_jp3
• Chinese
• gb2312
• euc_cn
• ces_gbk
• ces_big5
• hz
• Korean
• ksc5601_ex
• euc_kr
• Thai
• tis620
• cp874
• Latin (French, German, Spanish and Italian)
• ISO 8859_1
• cp1252
• Serbian, Macedonian, Bulgarian and Russian
• cp1251
• FGT-5001A
• FGT-3810A
3 Upgrade Information
[MR6]
The upgrade is supported from FortiOS v3.00 B0678 Patch Release 6 or later.
After every upgrade, ensure that the build number and branch point match the image that was loaded.
[MR7]
The upgrade is supported from FortiOS v3.00 B0744 Patch Release 6 or later.
After every upgrade, ensure that the build number and branch point match the image that was loaded.
[FG-3016B Upgrade]
Interface names on the FGT-3016B have been changed in FortiOS v4 to match the port names on the face plate. After upgrading
from FortiOS v3.0 MR6 to FortiOS v4.0 MR1, all port names in the FortiGate configuration are changed as per the following port
mapping.
Old port names before upgrading New port names after upgrading
port1 mgmt1
port2 mgmt2
port3 port1
port4 port2
port5 port3
port6 port4
port7 port5
port8 port6
port9 port7
port10 port8
port11 port9
port12 port10
port13 port11
port14 port12
port15 port13
port16 port14
port17 port15
port18 port16
Note: After the release of FortiOS v3.00 MR6 firmware a new revision of the FGT-3016B included a name change to two ports on
the left side of the faceplate. Previously, they were labeled 1 and 2. Now they are called MGMT 1 MGMT 2. However, the BIOS
still refers to the MGMT 1 and MGMT 2 ports as port 1 and port 2.
[System Settings]
In FortiOS v4.0.0, the p2p-rate-limit setting under 'config system settings' has been removed, therefore any
related configuration is lost upon upgrading from FortiOS MR6/MR7 to FortiOS v4.0 MR1.
[Router Access-list]
All configuration under 'config router access-list' may be lost after upgrading from FortiOS v3.0.0 MR6/MR7 to
FortiOS v4.0 MR1.
next
end
next
edit 2
set action accept
set service TELNET
next
end
In FortiOS v4.0 MR1, the TELNET policy is never hit because of the implicit DENY ALL at the bottom of Identity Based Policy. To
correct the behaviour, you must move the non-Identity Based Policy (TELNET policy) above the Identity Based Policy.
[IPv6 Tunnel ]
All configuration under 'config system ipv6-tunnel' may be lost after upgrading from FortiOS v3.0.0 MR7 to FortiOS
v4.0 MR1.
[User Group]
In FortiOS v3.00 a protection profile can be assigned to an user group from web UI, but in FortiOS v4.0 it can only be assigned from
CLI.
[Zone Configuration]
In FortiOS v3.00 a Zone name could be up to 32 characters but in v4 it has changed to up to 15 characters. Any Zone names in
FortiOS v3.00 with more than 15 characters will be lost after upgrading to FortiOS v4.0 MR1.
[VIP Settings]
'set http-ip-header' setting under VIP configuration will inadvertently get set to disable after upgrading from FortiOS
v3.00 MR6/MR7 to FortiOS v4.0 MR1.
The content archive summary related configuration will be lost after upgrading to FortiOS v4.0 MR1.
[SSL-VPN Bookmarks]
Some SSLVPN bookmarks may be lost after upgrading to FortiOS v4.0 MR1.
[FortiOS v4.0]
The upgrade is supported from FortiOS v4.0.3 B0106 Patch Release 3 or later.
After every upgrade, ensure that the build number and branch point match the image that was loaded.
In FortiOS v4.0.3
edit "goodword1"
set status enable
next
edit "goodword2"
set status enable
next
end
set name "ExemptWordList"
next
end
Before upgrading, backup your configuration, parse the webfilter exempt list entries, and merge them into the webfilter content list
after the upgrade.
After merging the exempt list from v4.0.3 to the webfilter content list
[VoIP Settings]
FortiOS v4.0 MR1 adds functionality to archive message and files as caught by the Data Leak Prevention feature, which includes
some VoIP messages. However, some scenarios have an implication configuration retention on the upgrading. Consider the
following:
Upon upgrading to FortiOS v4.0 MR1, the VoIP settings are not moved into the DLP archive feature.
• operation modes
• interface IP/management IP
• route static table
• DNS settings
• VDom parameters/settings
• admin user account
• session helpers
• system access profiles
Description: SSL-VPN web UI page does not get translated to french language correctly.
Bug ID: 78640
Status: Fixed in v4.0 MR1.
Description: UTM > Application Control > Statistics web UI poage does not get translated to korean language correctly.
Bug ID: 93020
Status: Fixed in v4.0 MR1.
6.3 System
Description: The FortiGate doesn not ignore broadcast flag in DHCPDISCOVER or DHCPREQUEST messages.
Bug ID: 99765
Status: Fixed in v4.0 MR1.
Description: WAN-Optimization and Load Balance SSL Offloading does not support 4096-bit certificate.
Bug ID: 91535
Status: Fixed in v4.0 MR1.
Description: Wan2 interface of the FortiGate-111C does not receive STP packets.
Bug ID: 100596
Status: Fixed in v4.0 MR1.
Models Affected: FGT-111C and FGT-110C
Description: Authentication daemon (authd) may crash if keepalive is enabled and the original URL is longer than 127 characters.
Bug ID: 96601
Status: Fixed in v4.0 MR1.
Description: merged_daemons may cause memory leak when LDAP user authentication is configured.
Bug ID: 98457
Description: Slave FortiGate's console may show unexpected sync messages while syncing with the master.
Bug ID: 90341
Status: Fixed in v4.0 MR1.
Description: HA slave cannot sync firewall address with associated interface set to an IPSec interface.
Bug ID: 97029
Status: Fixed in v4.0 MR1.
Description: The output of some commands, like 'get system status', are not correct when retrieving information from
another member using 'exe ha manage'.
Bug ID: 56258
Status: Fixed in v4.0 MR1.
6.5 Router
Description: IPv6 static route cannot be added to kernel if route is configured before ipv6 interface address configuration.
Bug ID: 90495
Status: Fixed in v4.0 MR1.
Description: IPv6 static routes exists in kernel even if gateway is unable to route.
Bug ID: 90473
Status: Fixed in v4.0 MR1.
6.6 Firewall
Description: User is unable to access web pages, hosted on Zope server, when traffic is going through FortiGate's http proxy.
Bug ID: 78246
Status: Fixed in v4.0 MR1.
Description: If a policy has authentication disclaimer and shaper enabled then the session is authenticated by the shaper is not
applied.
Bug ID: 100747
Status: Fixed in v4.0 MR1.
Description: FortiGate inadvertently deletes third party cookies if they happen to be on the same line as the FortiGate server
cookie.
Bug ID: 101070
Status: Fixed in v4.0 MR1.
6.7 VPN
Description: Renaming an IPSec phase1-interface entry may cause partial loss of firewall policy and network configuration.
Bug ID: 94373
Status: Fixed in v4.0 MR1.
Description: SSL host third-party antivirus check plug-in does not detect AVG antivirus scanner.
Description: SSL-VPN web mode does not allow HTTP login on 2 units simultaneously.
Bug ID: 93974
Status: Fixed in v4.0 MR1.
Description: DLP does not block emails encoded with non UTF-8 charset.
Bug ID: 85945
Status: Fixed in v4.0 MR1.
Description: The following table lists the known issues with each of the IMs supported by FortiOS v4.0 MR1.
Models Affected: All
Bug ID: See table
Description: If the difference between the time on the FortiGate and the PC is more than one minute then FortiGate will block all
traffic from that PC.
Bug ID: 91471
Status: Fixed in v4.0 MR1.
Description: A false "Connect to FortiAnalyzer" and "Disconnect from FortiAnalyzer" log is shown when logging to FortiAnalyzer is
enabled and a vdom is deleted.
Bug ID: 90686
Status: Fixed in v4.0 MR1.
Description: Logging does not work for 'Rouge AP' and 'Wireless Controller' features.
Bug ID: 82934
Status: Fixed in v4.0 MR1.
Description: 'get report database schema' command does not show the full schema for the SQL database.
Bug ID: 107209
Status: To be fixed in a future release.
Description: The 'Top Viruses' and 'Top Attacks' widget in the System > Status web UI page in Simplified Chinese and Traditional
Chinese language using FireFox 2.0 browser may not display the heading properly.
Bug ID: 78344
Status: To be fixed in a future release.
Description: The web UI does not warn the user that an SMTP signature is too long and consequently truncates the signature
to 1000 characters.
Bug ID: 65422
Status: To be fixed in a future release.
Description: "Disclaimer and Redirect URL to" setting cannot be seen from web UI after "Identity Based Policy" is disabled.
Bug ID: 108589
Status: To be fixed in a future release.
Description: System > Network > Interface web UI page does not display link status for wlan interface.
Bug ID: 78221
Status: To be fixed in a future release.
Description: The System > Network > Interface web UI page displays incorrect MTU value after override is disabled.
Bug ID: 70688
Status: To be fixed in a future release.
Description: Web UI shows an error when an user group is created with the same name as a pki user.
Bug ID: 90499
Status: To be fixed in a future release.
Description: Auto refresh does not work for UTM > Application Control > Statistics page.
Bug ID: 91846
Status: To be fixed in a future release.
Description: "aps_chk_rolebased_perm_i: entry not found -> no access" error message may be displayed on
the FortiGate's console when a VDom admin logs in via web UI. This bug does not affect the login permission of the user or impede
the functionality of the FortiGate.
Bug ID: 108651
Status: To be fixed in a future release.
7.3 System
Description: If a FortiGate using ASM-CX4/FX2 module has multiple VDoms configured and at least one of the VDom is in TP
mode then user is allowed to enable amc bypass mode even if all ASM-CX4/FX2 interfaces are assigned to NAT VDom.
Bug ID: 91519
Status: To be fixed in a future release.
Description: ASM-FB4/FB8 interfaces with fiber SFP may not work when interface speed is set to 1000full.
Bug ID: 90674
Status: To be fixed in a future release.
Description: Traffic going through ASM-FX2 card keeps getting bypassed when ASM-CX4 card is used in slot1 and ASM-FX2 card
is used in slot2 and bypass-mode is set to disable.
Bug ID: 90017
Status: To be fixed in a future release.
Description: "Dashboard Statistics" settings in protection profile are selected by default and can cause performance issues when
antivirus is not enabled.
Bug ID: 84234
Status: To be fixed in a future release.
Description: "Run image without saving" option may fail when tftp burning an image to FortiGate from BIOS menu.
Bug ID: 91310
Status: To be fixed in a future release.
Description: vsd daemon may randomly crash when under heavy load.
Bug ID: 90877
Status: To be fixed in a future release.
Description: The MAC address of the next hop stored in NP2 session is not updated when software ARP cache entry is updated.
Bug ID: 99645
Status: To be fixed in a future release.
Description: FTP proxy closes the connection if a multiline response happens in more than one packet.
Bug ID: 94779
Status: To be fixed in a future release.
Description: The master FortiGate's console may display '[ha_auth.c:200]: unsupported auth_sync type 16' error message when
upgrading from FortiOS v4.0.0 or any subsequent patch to FortiOS v4.0 MR1.
Bug ID: 96380
Status: To be fixed in a future release.
Description: In HA A-A mode, FTP session helper may fail to translate the client IP address to the NATed IP address causing the
slave FortiGate to drop FTP traffic.
Bug ID: 98337
Status: To be fixed in a future release.
Description: In an HA cluster a member without AMC module can become master, over a member with an AMC module, if it has a
higher priority.
Bug ID: 91001
Status: To be fixed in a future release.
7.5 Firewall
Description: Protection profile is not effective when in SSL offload mode.
Bug ID: 97704
Status: To be fixed in a future release.
Description: Live streaming radio traffic from www.live365.com does not pass through the FortiGate if http proxy is enabled.
Bug ID: 70963
Status: To be fixed in a future release.
Description: Traffic count on firewall policy will get reset to zero after an HA failover.
Bug ID: 83105
Status: To be fixed in a future release.
Description: Firewall protection profile may not work when in SSL offload mode.
Bug ID: 97704
Status: To be fixed in a future release.
Description: HTTP POST data may be lost if firewall authentication timeout in middle of a session.
Bug ID: 76311
Status: To be fixed in a future release.
Workaround: Enable auth-keepalive
7.6 Antivirus
Description: The FortiGate fails to block HTTP POST operations when the protection profile is configured to block banned
words.
Bug ID: 61940
Status: To be fixed in a future release.
Description: File pattern list is not effective if the list exceeds 125 entries.
Bug ID: 90096
Status: To be fixed in a future release.
Description: If a server requires client-side certificate and SSL inspection feature is enabled then the connection will be blocked by
the FortiGate. SSL Inspection should not play man-in-the-middle for sessions which uses client certificate.
7.7 IPS
Description: Offloaded traffic to ASM-CE4, ADM-XE2, and RTM-XD2 modules may not get scanned by IPS engine.
Bug ID: 108714
Status: To be fixed in a future release.
Models Affected: FGT-3016B, FGT3810A, and FGT-5001A.
Description: Some traffic may be dropped by ASM-CE4, ADM-XE2, and RTM-XD2 modules if IPS scanning is enabled.
Bug ID: 108685
Status: To be fixed in a future release.
Models Affected: FGT-3016B, FGT3810A, and FGT-5001A.
Description: The following table lists the known issues with each of the IMs supported by FortiOS v4.0 MR1.
Models Affected: All
Bug ID: See table
Description: IM, P2P & VoIP > Statistics > Summary page may not show accurate P2P usage statistics.
Bug ID: 76943
Status: To be fixed in a future release.
Description: P2P blocking and ratelimiting does not work for clients using EMULE (v0.40 or higher) to connect to both the eDonkey
network and the Kad network.
Bug ID: 84692
Status: To be fixed in a future release.
7.12 VPN
Description: SSL-VPN login may fail if the usergroup name contains an "&" character.
Bug ID: 97170
Status: To be fixed in a future release.
Description: SSL-VPN TELNET and SSH applet only supports ISO/IEC 8859-1 encoding. Characters with other encodings may
freeze the applet.
Bug ID: 90642
Status: To be fixed in a future release.
Description: User cannot login into the SSL-VPN portal if the policy is using FQDN as the source address.
Bug ID: 87339
Status: To be fixed in a future release.
Description: HTTPS deep scanning may consume excessive memory causing the FortiGate to go in conserve mode.
Bug ID: 101447
Status: To be fixed in a future release.
Description: User cannot specify a distance or priority for routes added dynamically for IPSec interface.
Bug ID: 108672
Status: To be fixed in a future release.
Description: Maximum number of concurrent sessions cannot exceed 49,991 when wan optimization is enabled.
Bug ID: 98118
Status: To be fixed in a future release.
Description: wad may crash after auto-detect mode for WANOPT rule is changed from passive to active.
Bug ID: 95168
Status: To be fixed in a future release.
Description: Content archiving of NNTP files is not supported in FortiOS v3.00 MR6 even though the option appears as
grayed out implying it may be enabled through another configured option.
Bug ID: 44510
Status: To be fixed in a future release.
Description: All default SQL reports are lost after changing opmode from NAT to TP.
Models Affected: FGT-3600A
Bug ID: 108188
Status: To be fixed in a future release.
Description: "Buffer to hard disk and upload" feature may not work when archiving to FAMS.
Bug ID: 108522
Status: To be fixed in a future release.
8 Image Checksums
a119c63dce88671b09669989bdf5a3ff *FGT_1000A-v400-build0178-FORTINET.out
b43bf168de19ef5cfa1ce256cbe60f93 *FGT_1000AFA2-v400-build0178-FORTINET.out
24075821de01465a6485896d5b42b854 *FGT_1000A_LENC-v400-build0178-FORTINET.out
f69876de07033be9e5b3a28e27b4423a *FGT_100A-v400-build0178-FORTINET.out
7da66a2db3d0a3e0bce5621b3519818a *FGT_110C-v400-build0178-FORTINET.out
43c487ba5fd1893a16cf10d417bb80bb *FGT_111C-v400-build0178-FORTINET.out
6ca03c4b59abee57eeb55ac5df539b4c *FGT_200A-v400-build0178-FORTINET.out
620fc7cc4b6fc9bf770239c45340635a *FGT_224B-v400-build0178-FORTINET.out
5b21618eb3e0a2d809a7869ee6e4f1c7 *FGT_300A-v400-build0178-FORTINET.out
57c6ccbab4c507f4e82ebecc18c98995 *FGT_30B-v400-build0178-FORTINET.out
59be51e82d2c425fce7ebb0cb1f4b0f6 *FGT_310B-v400-build0178-FORTINET.out
456fbd7de8003cd6a1aef462e50d5774 *FGT_310B_DC-v400-build0178-FORTINET.out
9d040eaf9c741ee8bb45f2e0e22af5f3 *FGT_311B-v400-build0178-FORTINET.out
333ea7cb53d5f939f71cfb9ae5245e8c *FGT_3600-v400-build0178-FORTINET.out
61b720ba8f78c651d951c265bb3f55de *FGT_3600A-v400-build0178-FORTINET.out
8ae3f48765b688885055478e3b9a07ff *FGT_400A-v400-build0178-FORTINET.out
667fec4764fcc36e90afad9e83d68d6f *FGT_5001-v400-build0178-FORTINET.out
956a0af001ea2d4173ce501c344a79bc *FGT_5001FA2-v400-build0178-FORTINET.out
6f82cefc63d18afafe1956eb578957e1 *FGT_5005FA2-v400-build0178-FORTINET.out
863ea9c967a1366e826a6489e80ef2d5 *FGT_500A-v400-build0178-FORTINET.out
b5c2ce666582d758f3a82baea080fe23 *FGT_50B-v400-build0178-FORTINET.out
a678bf3bc8217d4f76667bab1ff68723 *FGT_51B-v400-build0178-FORTINET.out
f6b63ef0695cdc4acd3325f0a563df4a *FGT_60B-v400-build0178-FORTINET.out
787ec2c00a3ddeb3708b4d8a940d00fc *FGT_620B-v400-build0178-FORTINET.out
5d9c2811973e14888505ce9660300ee3 *FGT_620B_DC-v400-build0178-FORTINET.out
2ccad6850d93e55e08feddf566fc8e02 *FGT_800-v400-build0178-FORTINET.out
66463f7ce160f01ab5f7f9fef2eefbf1 *FGT_800F-v400-build0178-FORTINET.out
0ef5b8f72dcdfd192ea2811655215a69 *FGT_80C-v400-build0178-FORTINET.out
1547f61643db0ad8b86164c7d713e61a *FGT_80CM-v400-build0178-FORTINET.out
efe16465485a027a1c44f51bc04ca5ad *FGT_82C-v400-build0178-FORTINET.out
1e6538b33ef4c3d0a9dce008122f1a7c *FWF_30B-v400-build0178-FORTINET.out
26e344ce7849c7dac17b996c5c9ff683 *FWF_50B-v400-build0178-FORTINET.out
86d02f7fa3dfbff9e76f08601c11f6ee *FWF_60B-v400-build0178-FORTINET.out
d464e01866ea7f47309f4164f33d574f *FWF_80CM-v400-build0178-FORTINET.out
6cdc20b5dc40980db0a0bb4366c72760 *FGT_3016B-v400-build0178-FORTINET.out
5c49e85525921dd537d45ad688073fd1 *FGT_3810A-v400-build0178-FORTINET.out
d7583539855a221f46671a7e546529e8 *FGT_5001A-v400-build0178-FORTINET.out
Note: As some P2P clients use encrypted connections, the FortiGate may not succeed in blocking the traffic from traversing the
firewall.
Skype Kazaa BearShare Shareaza BitComet eMule Azureus LimeWire iMesh DC++ Winny
3.8 3.2.7 7.0 4.1 1.0.7 0.49b 4.0.0.2 4.18.8 8.0 0707 728
Standard Ports
Direct Internet Connection
Pass N/A N/A OK OK OK OK OK OK OK OK OK
Block N/A N/A OK OK OK OK OK OK OK OK OK
Rate Limit N/A N/A Bug ID: OK OK Bug ID: OK Bug ID: 77852 OK N/A OK
86147 86452
Standard Ports
Proxy Internet Connection
Pass N/A N/A OK N/A N/A OK OK OK N/A N/A N/A
Block N/A N/A OK N/A N/A OK OK OK N/A N/A N/A
Rate Limit N/A N/A OK N/A N/A Bug ID: OK OK N/A N/A N/A
86452
Non-standard Ports
Direct Internet Connection
Pass OK OK N/A OK OK OK OK OK OK N/A N/A
Block Bug ID: 37845 OK N/A OK OK OK OK OK OK N/A N/A
Rate Limit N/A OK N/A OK OK Bug ID: OK Bug ID: 77852 OK N/A N/A
86452
Non-standard Ports
Proxy Internet Connection
Pass OK OK N/A N/A N/A OK OK OK N/A N/A N/A
Block Bug ID: 37845 OK N/A N/A N/A OK OK OK N/A N/A N/A
Rate Limit N/A OK N/A N/A N/A Bug ID: OK Bug ID: 77852 N/A N/A N/A
86452
• An article on "Communication between FortiManager v4.0 and FortiGate" can be access through the following link:
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30157
end