[FortiLightHouse-announcements] Version 1.18 released

[Ondrej Holecek]

Hello,

new version of FortiLightHouse (flhcli) has been released. Version 1.18 can be downloaded <https://fortilighthouse.com/cli/docs/index.html> for all main operating systems.

This is mainly bugfix release for command “ipsectop". Big thanks to Juergen from W&W Informatik for reporting these problems and verifying the fix in deployments with thousands of dialup clients connected to the same hub.

Fixes:
Correctly handle dialup tunnels with thousands of connected clients
In such deployments all phase2 names are the same. This used to cause issues with matching them to count difference statistics. Not any more.
Correctly count statistics during rekeys
During rekeys new SPIs are generated with counters starting from 0, for certain period of time both old and new SAs are present and after few seconds the old one is removed.
Bytes/packets counting was not working correctly during those few seconds during rekeying. It is now mostly fixed. Under certain conditions this might not be precise (during rekeying) but that should only happen rarely.
Phase2 selectors address ranges now understand format of IP/netmask (e.g. “1.2.3.0/255.255.255.0”)
Various versions of FortiOS print it in different formats (IP/CIDR, startIP-endIP, IP/mask) and these 3 are now supported
+ One unrelated change: VDOMs "dmgmt-vdom" and “vsys_hamgmt” are now considered system VDOMs and not shown by default. Full list of system VDOMs now is: "vsys_ha”, "vsys_fgfm”, "dmgmt-vdom”, "vsys_hamgmt”.


Enjoy,
Ondrej
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.holecek.eu/pipermail/fortilighthouse-announcements/attachments/20230119/58c6e5b1/attachment.htm>