Dear partner We would like to inform you about the upcoming scheduled maintenance of our Virtual Firewall platform, which is planned for November 24th, between 06:00 and 09:00.
What's the maintenance about? The maintenance involves updating the firmware on our FortiGate Virtual Firewall platform.
Risk assessment: Our evaluation indicates a low risk of impact. We will adhere to Fortinet’s recommended upgrade procedures, which have been successfully tested in our environment.
Impact: During the firmware upgrade, a few interruptions to traffic will occure, the interruptions wil be 1-2 minutes each.
Fallback plan: In the event of any issues, we have a fallback plan in place, allowing us to rollback to the previous firmware/software.
Fortinet has addressed CVE-2024-3596, which requires that your Radius server must support the message-authenticator attribute. As part of the Virtual Firewall upgrade preparations, we noticed some partners are using Radius connections. We will reach out to impacted partners individually regarding issues with Radius servers. Link to FortiNet documentation: https://docs.fortinet.com/document/fortigate/7.4.5/fortios-release-notes/5880/radius-vulnerability
Fix for Windows NPS: On the Windows Server that runs Radius, run this PowerShell Command: Set-NpsRadiusClient -Name -AuthAttributeRequired $True On the Windows NPS server, Message Authentication and MSChapV2 needs to be enabled. To verify that it is working, run the following command: diagnose test authserver radius mschap2