Deny Traffic Flow

Question

i have upgraded my fortigate from firmware version 5.6.10 to version 5.6.11 and fortiguard and webfiltering services are unavailbale and hence no internet or Related services available. i have tried to reload the firmware tried to do some configurations, tried to restore the configs but nothing happens.. is there a problem with this firmware??

currently i am offline using other 3rd party services to have internet..

done lot of research on this and foud the following article " there Seems with 5.6.11 there's a known bug. Traffic keeps going through the DENY NGFW policy configured with URL category. Page 29 of the https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/49ac0eca-bfa1-11e9-8977-00505692583a/fortios-v5.6.11-release-notes.pdf

should i skip this and update to version 5.6.12 ??

help

Dave_Hall · Answer

Using a 80D, the upgrade path does show you can go from 5.6.10 directly to 5.6.12.

But depending on the fgt model you have (or use a 3rd party diff tool), you may want to first do a diff compare on the config to see what has changed.

Alternately, if you still a backup config from the 5.6.10 firmware and have already loaded it on the 5.6.11 firmware, I suggest doing it again then on the first reboot perform on the CLI the following commands to see if there are any errors: diagnose debug config-error-log read

If your fgt has a valid subscription and there are no errors found in the config, you may want to wait until the fgt can reach/contact the fortiguard servers. Then again perhaps upgrading to 5.6.12 is in order.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded