Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SecurityPlus
Contributor II

FortiOS 6.0.8 Is Out

I notice that 6.0.8 is available. Has anyone installed it yet? Any issues discovered?

 

I see a note that there is a change to the FortiGuard protocol and port number.

 

I see a message in the Release Notes that says:

 

FortiOS 6.0.8 is no longer vulnerable to the following CVE Reference:

[ul]CVE-2018-9195[/ul]
7 REPLIES 7
kd007
New Contributor III

I am running into some significant issues with RDP since the install. RDP sessions will frequently fail to connect, or will constantly disconnect after a very short period. Happening on multiple clients, both on and off of VPN, where the FortiOS update is the only common denominator.

tanr
Valued Contributor II

We've been running 6.0.8 for a couple months now.  No issues that weren't in the release notes so far.

 

@kd007, we use Windows RDP semi-regularly, between vlans, and across our IPsec VPN.  Haven't had any failures that I've seen.  Have you been able to pull the logs for some of these failures?

TecnetRuss

We've also been running 6.0.8 on all our FortiGates since December and have moved most of our clients' devices to 6.0.8.  There are VPNs and RDP/RDS Gateway clients connected nearly 24/7 and we haven't heard any complaints at all.

 

The CVE-2018-9195 fix is pretty important.  Note that the 6.0.8 upgrade adds HTTPS as a FortiGuard protocol option but doesn't enable it (unless you start fresh with a 6.0.8 factory reset config), so to be protected from the CVE-2018-9195 vulnerability you have to set the FortiGuard protocol to HTTPS after you upgrade to 6.0.8.

 

https://docs.fortinet.com/document/fortigate/6.0.8/fortios-release-notes/901852/fortiguard-protocol-...

 

Russ

kd007
New Contributor III

tanr wrote:

@kd007, we use Windows RDP semi-regularly, between vlans, and across our IPsec VPN.  Haven't had any failures that I've seen.  Have you been able to pull the logs for some of these failures?

tanr and Russ, thanks for the reply. Working on this again tonight trying to sort it out and hoping I don't have to get on the phone with support on Monday. What we're seeing is frequent action="timeout" messages in the log. I'm working on setting up packet captures right now to see if that tells me anything.

Here is the pattern I've noticed:

[ol]
  • First attempt to connect = enter in RDP creds, tries to connect but fails.
  • Second attempt to connect = enter RDP creds, Windows login screen starts to log you in and then you're disconnected before you hit the desktop.
  • Third attempt to connect = enter RDP creds, make it all the way to the desktop. Usually it will kick you out after a minute or two, but less frequently it stays connected for longer periods.[/ol]

    These issues were absolutely not present before the 6.0.8 update - hardware is a FG-500D a/p cluster. We have other hardware on 6.0.6 that I'm not updating until I sort this out.

    If you care, here's an example log message that we see:

    Jan 18 21:42:53 1.2.3.4 date=2020-01-18 time=21:42:53 devname="FG500D" devid="FGT5HDxxxxxxxxxx" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1579408973 srcip=5.6.7.8 srcport=7276 srcintf="ssl.root" srcintfrole="undefined" dstip=1.2.3.5 dstport=3389 dstintf="SERVER" dstintfrole="lan" poluuid="7ebdf02a-39b0-51ea-a6c4-9b3ea3471f8f" sessionid=77601623 proto=6 action="timeout" user="me" group="SSLVPN" authserver="LDAP" policyid=1000 policytype="policy" service="RDP" dstcountry="Reserved" srccountry="Reserved" trandisp="noop" duration=1 sentbyte=12052 rcvdbyte=8248 sentpkt=52 rcvdpkt=48 fctuid="12345678901234567890abcdefghijkl" unauthuser="me" unauthusersource="forticlient" appcat="unscanned" crscore=5 craction=262144 crlevel="low"

     

    More to come... or if you just want me to be quiet that is fine too 

  • kd007
    New Contributor III

    We haven't solved this yet; but interestingly enough a new bug popped up with the recent release of v6.0.9:

    SSL VPN

    Bug ID

    Description

    582265

    RDP sessions terminate (disconnect) unexpectedly.

     

    Our issue happens with any connection and not just VPN but I have a feeling that it is related.

    Toshi_Esumi
    Esteemed Contributor III

    You should open a case with TAC if you haven't done yet. We did that and had two co-op debugging sessions so far with TAC and our customer who is experiencing RDP drops relatively consistently, if not always, via SSL VPN. We just upgraded the SSL VPN server FG1500D to 6.0.8 without checking this thread (too late). The TAC is suspecting our case is the same as the one with the BUG ID.  We're now waiting for their outcome after analyzing the log data captured through the tests.

    Toshi_Esumi
    Esteemed Contributor III

    TAC identified our symptom same as the bug report. What TAC explained to us is when authd handles a timeout event related to the host, but unrelated to RDP, it unexpectedly drop sessions with the host, in our case the RDP process.

    This customer uses LDAP authentication for SSL VPN and FSSO as well. So the event to authd can be related to either of them. And there is no workaround. And the fix will be implemented with 6.0.10.

    Since 6.0.9 just came out last week, I would guess the next version would be out in early March.

    Labels
    Top Kudoed Authors