Fortinet FortiDDoS Series Release Notes
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiDDoS Series
  6. Release notes
Fortinet FortiDDoS Series Release Notes

Fortinet FortiDDoS Series Release Notes

Fortiddos cm 5.3.0
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
FortiDDoS and FortiDDoS CM 5.3.0
Release Notes

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiDDoS Series and is the answer not in the manual?

Questions and answers

Related Manuals for Fortinet FortiDDoS Series

Summary of Contents for Fortinet FortiDDoS Series

  • Page 1 FortiDDoS and FortiDDoS CM 5.3.0 Release Notes...
  • Page 2 FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com  http://cookbook.fortinet.com/how-to-work-with-fortinet-support/ FORTIGATE COOKBOOK http://cookbook.fortinet.com FORTINET TRAINING SERVICES http://www.fortinet.com/training FORTIGUARD CENTER http://www.fortiguard.com END USER LICENSE AGREEMENT http://www.fortinet.com/doc/legal/EULA.pdf FEEDBACK techdocs@fortinet.com Email: Tuesday, February 4, 2020 FortiDDoS & FortiDDoS CM 5.3.0 Release Notes Revision 1...

  • Page 3: Table Of Contents

    TABLE OF CONTENTS Change Log Introduction Introduction to FortiDDoS Introduction to FortiDDoS Central Manager (FortiDDoS-CM) What’s new Image checksums FortiDDoS Hardware support Updating firmware on HA cluster Upgrading Section 1: Upgrading using GUI Section 2: Upgrading via CLI Section 3: Upgrading via BIOS Sample console log Downgrading Factory reset Resolved issues...

  • Page 4: Change Log

    Change Log Change Log Date Change Description 01/07/2020 Initial version of FortiDDoS 5.3.0 Release notes. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 5: Introduction

    This document provides a list of new features and known issues for FortiDDoS-CMVM 5.3.0 build 0204 FortiDDoS-CM is designed to manage multiple FortiDDoS appliances with shared management attributes. For specific FortiDDoS-CM information, proceed to the section - FortiDDoS-CM http://docs.fortinet.com/fortiddos For additional documentation, please visit: FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 6: What's New

    - Any global or SPP IP or subnet ACL - Any Do Not Track / Track and Allow ACL Note: This function is not available via the FortiDDoS Central Mangement GUI. You must login directly to the appliance to use it. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 7: Image Checksums

    To verify the integrity of the firmware file, use a checksum tool to compute the firmware file’s MD5 checksum. Compare it with the checksum indicated by Fortinet. If the checksums match, the file is intact. MD5 checksums for software releases are available from Fortinet Customer Service & Support: https://support.fortinet.com...

  • Page 8: Fortiddos

    Section 1: Upgrading using GUI Section 2: Upgrading via CLI Section 3: Upgrading via BIOS Sample console log Downgrading Factory reset Resolved issues Common Vulnerabilities Known issues For topics specific to FortiDDoS Central Manager, see FortiDDoS-CM. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 9: Hardware Support

    This release supports the following hardware models: FortiDDoS 1500E FortiDDoS 2000E FortiDDoS 200B FortiDDoS 400B FortiDDoS 600B FortiDDoS 800B FortiDDoS 900B FortiDDoS 1000B FortiDDoS 1000B-DC FortiDDoS 1200B FortiDDoS 2000B FortiDDoS 2000B-USG NOTE: FortiDDoS A series models are not supported. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 10: Updating Firmware On Ha Cluster

    Master system that is not in the Slave. When the Slave sees this configuration mismatch, it will reboot in order to synchronize its configuration with the Master. This is normal and will only occur once. Once both units are synchronized, changes in the Master are synchronized to the Slave without further reboots. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 11: Upgrading

    Use the following instructions to upgrade to FortiDDoS 5.3.0. Steps Current Release Upgrade method Upgrade path 1. Upgrade directly to 5.3.0. 5.0.0 to 5.2.0 GUI/CLI/BIOS Refer to sections 1, 2 or 3 detailed upgrade procedure. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.
  • Page 12 The procedures explain the upgrade from 4.2.3 or higher. If your system is not at 4.2.3, refer to the above and follow the instructions. Download the correct 5.3.0 firmware file for your model from the Fortinet Technical Support website: https://support.fortinet.com/. Check that the upgrade info file is available on your FortiDDoS system: On the Dashboard page, click the CLI Console window to connect and see the command (#) prompt.
  • Page 13 10,000. After the new System Recommended Thresholds have been set, it is recommended that the SPPs affected be placed in Detection Mode for a few days to check for false-positives and tune if needed. If in doubt, contact Fortinet Support for assistance. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 14: Section 1: Upgrading Using Gui

    TP2 firmware is persistent and will only change with a further upgrade. It is very important the system not be disturbed or power cycled during this process. A power cycle will result in an unusable system FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.
  • Page 15 The Console will display the messages below, if successful: 100% complete Created rrd cmd files If any error message occurs during this process, contact Fortinet Support . If the 100% Complete message is seen, proceed to other actions. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 16: Section 2: Upgrading Via Cli

    <filename_str> is the name of the firmware image file <tftp_ipv4> is the IP address of the TFTP server. For example, if the firmware image file name is FDD_200B-v5.3.0-build0204-FORTINET.out and the IP address of the TFTP server is 172.30.153.105, enter: FI900B3915000043 # execute restore image tftp FDD_200B-v5.3.0-build0204- FORTINET.out 172.30.153.105...
  • Page 17 HA configured mode: active-passive HA effective mode: Master Distribution: International License Type: Uptime: 0 days 0 hours 37 minutes Last reboot: Thu Apr 25 15:35:18 PDT 2019 System time: Thu Apr 25 16:25:00 PDT 2019 FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 18: Section 3: Upgrading Via Bios

    CPU(06:000306a9 bfebfbff): MP initialization CPU(07:000306a9 bfebfbff): MP initialization Total RAM: 8192MB Enabling cache...Done. Scanning PCI bus...Done. Allocating PCI resources...Done. Enabling PCI resources...Done. Zeroing IRQ settings...Done. Verifying PIRQ tables...Done. Boot up, boot device capacity: 15272MB. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.
  • Page 19 Please connect TFTP server to Ethernet port "MGMT". Enter TFTP server address [192.168.1.168]: 192.168.1.168 <---- enter TFTP server IP Enter local address [192.168.1.188]: 192.168.1.188 <--- Enter FortiDDoS IP Enter firmware image file name [image.out]: FDD_1000B-v5.3.0-build0204-FORTINET.out <--- Enter Image Name MAC:085B0E9F061C ######################################################################### Total 76694566 bytes data downloaded.

  • Page 20: Sample Console Log

    FortiDDoS Sample console log Sample console log Sample console log while upgrading from 5.0.0 to 5.3.0: FI200B3914000035 # execute restore image tftp FDD_200B-v5.3.0-build0204-FORTINET.out 172.30.153.105 This operation will replace the current firmware version! Do you want to continue? (y/n)y Connect to tftp server 172.30.153.105 ...
  • Page 21 CPU(04:000306a9 bfebfbff): MP initialization CPU(05:000306a9 bfebfbff): MP initialization CPU(06:000306a9 bfebfbff): MP initialization CPU(07:000306a9 bfebfbff): MP initialization Total RAM: 8192MB Enabling cache...Done. Scanning PCI bus...Done. Allocating PCI resources...Done. Enabling PCI resources...Done. Zeroing IRQ settings...Done. Verifying PIRQ tables...Done. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.
  • Page 22 FortiDDoS Sample console log Boot up, boot device capacity: 15272MB. Press any key to display configuration menu..Reading boot image 3713003 bytes. Initializing FortiDDoS...\ufffd System is started. FI200B3914000081 login: FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 23: Downgrading

    (downgraded) firmware release, build number and date, and restore that configuration file. If you are unsure of this step, contact Fortinet Support.
  • Page 24 WARNING : Reboot or power fail during this process may result in unusable product, requiring RMA. 4. Once the system is up, assign the IP address and restore the saved configuration. System will reboot and apply the configuration. The system should be ready to use. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 25: Factory Reset

    If you want to restore a system to factory defaults with no customer configuration or traffic data, do the following from CLI: # execute formatlogdisk - removes all traffic data. # execute factoryreset - removes all configurations. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 26: Resolved Issues

    FortiDDoS Resolved issues Resolved issues The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about Fortinet Customer Service & Support a particular bug, please contact Mantis Id Description 520891 "Possible UDP Reflection Flood" Ports were not displayed in Exec Summary > DDoS Attack Log > Top Attacked UDP Ports Changes to System >...

  • Page 27: Common Vulnerabilities

    Common Vulnerabilities FortiDDoS Common Vulnerabilities Fortinet Customer Service & Support For inquires about a particular bug, please contact Mantis Id Description 602295 FortiDDoS is no longer vulnerable to CVE-2004-1653. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 28: Known Issues

    FortiDDoS Known issues Known issues This section lists the known issues in FortiDDoS 5.3.0 release. For inquires about a particular bug, please contact Fortinet Customer Service & Support Mantis Id Description 310258 The system does not send RSTs to DNS server under some L7 DNS TCP floods (DNS Query/Src, DNS Packet - Track/Src).
  • Page 29 SPP. This was design-intent but will be changed in a future release. 473089 If you leave pages with progress meters, while they are actively displaying progress, when you return, the progress information is lost. Examples are Factory Reset and Generate Traffic Statistics. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.
  • Page 30 GUI may still show the customer certificate. From GUI, select factory Certificate and Save, then select customer certificate and Save to restore the customer certificate. 608424 Drop Packet Capture is not available for DNS Response Code drops. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 31: Fortiddos-Cm

    Special Notes for CM What’s new in FortiDDoS-CM FortiDDoS-CM hardware support Installing FortiDDoS-CM Upgrading FortiDDoS CM Downgrading FortiDDoS-CM Resolved issues in FortiDDoS-CM Common Vulnerabilities Known issues in FortiDDoS-CM For topics specific to FortiDDoS, see FortiDDoS. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 32: Introduction To Fortiddos-Cm

    While individual appliances can be set to automatically backup their configurations, only manual appliance configuration backup can be done from the FortiDDoS-CM. Appliance configuration restoral and firmware upgrades must be done via direct logon to the appliance. http://docs.fortinet.com/fortiddos. For additional documentation, see FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 33: Special Notes For Cm

    All SPP Policies (subnets) must be identical and assigned to the same SPPs. Some subnets may not be used in some appliances but they will appear in the SPP Policy List in all appliances. Before attempting to configure FortiDDoS-CM with several FortiDDoS Appliances, contact Fortinet Support or your local CSE for assistance.

  • Page 34: What's New In Fortiddos-Cm

    FortiDDoS-CM supports all new features from FortiDDoS with the exception of Log & Report > Diagnostics > ACL Search which must be done via a direct login to each appliance. new features from FortiDDoS FortiDDoS-CM supports all FortiDDoS-CM Online Help For more details, refer to FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 35: Fortiddos-Cm Hardware Support

    This release of FortiDDoS-CM supports the following hardware models: FortiDDoS 200B FortiDDoS 400B FortiDDoS 800B FortiDDoS 1000B FortiDDoS 1000B-DC FortiDDoS 1200B FortiDDoS 2000B FortiDDoS 2000B-USG FortiDDoS-1500E FortiDDoS-2000E NOTE: FortiDDoS A series and 600B/900B models are not supported. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 36: Installing Fortiddos-Cm

    FortiDDoS-CM Installing FortiDDoS-CM Installing FortiDDoS-CM FortiDDoS Central Manager VM Installation Guide here Refer to for deploying a new VM. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 37: Upgrading Fortiddos Cm

    5. Clear your browser cache to avoid potential issues that can be caused by caching. During upgrade, the VM console will show upgrade progress information. 6. Login and from Dashboard , confirm that the firmware version is correct. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.
  • Page 38 WARNING : While upgrading to 5.3.0 the VM may reboot twice 5. During upgrade, the VM console will show upgrade progress information. 6. Once the system is up login and verify the firmware version using get system status FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 39: Downgrading Fortiddos-Cm

    (downgraded) firmware release, build number and date, and restore that configuration file. If you are unsure of this step, contact Fortinet Support.
  • Page 40 5. During downgrade, the VM console will show progress information. 6. Login on the console and assign the IP address, default gateway and DNS. 7. Verify the firmware version using get system status FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 41: Resolved Issues In Fortiddos-Cm

    Resolved issues in FortiDDoS-CM FortiDDoS-CM Resolved issues in FortiDDoS-CM Common Vulnerabilities Fortinet Customer Service & Support For inquires about a particular bug, please contact Mantis Id Description 602295 FortiDDoS is no longer vulnerable to CVE-2004-1653. FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.

  • Page 42: Known Issues In Fortiddos-Cm

    FortiDDoS-CM Known issues in FortiDDoS-CM Known issues in FortiDDoS-CM This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, Fortinet Customer Service & Support please contact Mantis Id Description...
  • Page 43 Known issues in FortiDDoS-CM FortiDDoS-CM FortiDDoS 5.3.0 Release Notes Fortinet Technologies Inc.
  • Page 44 Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features, or development, and circumstances may change such that any forward-looking statements herein are not accurate.

This manual is also suitable for:

Fortiddos 1500eFortiddos 2000eFortiddos 200bFortiddos 400bFortiddos 600bFortiddos 800b ... Show all

Table of Contents