Firewall

Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page.

Firewall Slowdown in Cyberom 

Clock Signal Degrades Over Time

2017-02-15

A problem has been identified with a specific component used in some FortiGate devices, whereby the clock signal may degrade over time.

Subject: Clock Signal Degrades Over Time
Released: 2017-02-15
Modified: 2017-02-15
Product: FortiGate 90E, FortiGate 91E, and FortiHypervisor 90E

Description:

FortiGate devices, whereby the clock signal may degrade over time.  This can lead to system boot failure or operating errors.  Devices which use these components have an increased possibility of needing replacement after about 3 years.

 

Possibly Affected Products:

In certain instances this component may affect the earliest deliveries of the following products with the specific part number AND rework (EX4893-xx) not yet applied:

FortiGates 90E:              P19061-03
FortiGate 91E:                P19071-03
FortiHypervisor 90E:        P19078-03 *

(* Correction of part number as hightlighted.  It was P19079-03 in the 2017-02-08 release.)

A unit with the above mentioned part number with rework EX4893-xx label is NOT affected.

To verify the part number and work label:

(1)    Part number can be can be identified by issuing “get sys status” command:

FGT90E4Q16000020 # get sys status
Version: FortiGate-90E v5.4.1,build5461,160627 (GA)
--- abbreviated---
System Part-Number: P19061-03

(2)    A rework label with rework number (EX4893-xx), if applied, can be seen in the bottom of the unit alongside of the big Fortinet product sticker with model, serial number, and other pertinent information about the unit.

 

Remedy:

Immediate replacement is not necessary, however Fortinet stands by its commitments in all active support agreements; wherever there is a covered issue related to continued operation of these units based on the above, we will work with our supported customers to plan appropriate remedial measures and an appropriate path forward.

LTE MODEM interfaces may fail to come up

2017-02-22

The LTE MODEM interface may fail to come up on USB interfaces of certain FortiGate E series models running FortiOS 5.4.4.
Subject: LTE MODEM interfaces may fail to come up
Released: 2017-02-22
Modified: 2017-02-22
Product: Certain FortiGate E Series Models

Description:

The LTE MODEM interface may fail to come up on USB interfaces of certain FortiGate E series models running FortiOS 5.4.4.

Possibly Affected Products:

The following FortiGate / FortiWiFi platform:
FGT-60E, FGT-61E, FWF-60E, FWF-61E, FGT-80E, FGT-80E-POE, FGT-81E, FGT-81E-POE, FGT-100E, FGT-101E, FGT-100EF

Affected OS:

FortiOS 5.4.4.

To verify your applicable build, type the following commands.
FGT61E4Q16001181 # get sys status
Version: FortiGate-61E v5.4.4,build6003,170207 (GA)
FGT61E4Q16001181 # diag sys lte-modem info
LTE Modem configuration enabled!
LTE Modem device initialized.
Manufacturer: Novatel Wireless Incorporated
Model: Ovation MC679 Card
MEID: 012798005296558
USB Modem Interface: down

 

Remedy:

 

The potential issue has been resolved with a new 5.4.4 GA build. Customers may contact Fortinet Technical Support to obtain a new 5.4.4 build for their specific E model platform. To verify the build once installed, verify with the following commands.


FGT61E4Q16001181 # get sys status
Version: FortiGate-61E v5.4.4,build6046,170217 (GA)


FGT61E4Q16001181 # diag sys lte-modem info
LTE Modem configuration enabled!
LTE Modem device initialized.
Manufacturer: Novatel Wireless Incorporated
Model: Ovation MC679 Card
MEID: 012798005296558
USB Modem Interface: up