Skip to main content
Carl_Wallmark
Carl_Wallmark
New Member
November 19, 2014
Solved

FortiOS 5.2.2 is out!

  • November 19, 2014
  • 28 replies
  • 56821 views

.

    Best answer by simonorch

    and still packet capture is hidden from the gui on the small boxes.

     

    Not a big deal as it's still available by typing the url manually, but it's irritating.

    28 replies

    Show previous replies
    Bunce
    Bunce
    New Member
    February 3, 2015

    DHCP reservation don't seem to work on a 60C-Wifi for us.  Device can't get an IP after flagging it as a reservation (tried in GUI and CLI).  It's running off a software switch so could be a factor.

     

     

    Zenith
    Zenith
    New Member
    February 7, 2015

    OK so the problem we had upgrading from 5.0.x to 5.2.x turned out to be an issue with the boot partition.  We were able to upgrade one 100D no problem, the other wouldn't boot when upgraded.  On Fortinet's advice we formatted the boot partition then tried 5.2.2 again and it is now working perfectly.  Strange that 5.0.2, .4, .6, .8, .11 were all OK, but none of the 5.2.x versions would boot, but there you go!

    kablage
    kablage
    Visitor III
    February 8, 2015

    What happened to this option??

     

    execute ping-options source

     

    It is not there any more (100D), only auto and that option is useless in most cases. 

    simonorch
    simonorch
    Explorer
    February 8, 2015

    It's certainly there on the 30D, 60D, 500D, 300C, 600C

    kablage
    kablage
    Visitor III
    February 8, 2015

    simonorch wrote:

    It's certainly there on the 30D, 60D, 500D, 300C, 600C

     

    Version: FortiGate-100D v5.2.2,build0642,141118 (GA) BIOS version: 04000030 System Part-Number: P11510-03 Current HA mode: a-p, backup

     

    execute ping-options ?

    data-size Integer value to specify datagram size in bytes. df-bit Set DF bit in IP header <yes | no>. interval Integer value to specify seconds between two pings. pattern Hex format of pattern, e.g. 00ffaabb. repeat-count Integer value to specify how many times to repeat PING. timeout Integer value to specify timeout in seconds. tos IP type-of-service option. ttl Integer value to specify time-to-live. validate-reply Validate reply data <yes | no>. view-settings View the current settings for PING option.

     

    execute ping-options view-settings Ping Options: Repeat Count: 5 Data Size: 56 Timeout: 2 Interval: 1 TTL: 64 TOS: 0 DF bit: unset Source Address: auto Pattern: Pattern Size in Bytes: 0 Validate Reply: no

    kablage
    kablage
    Visitor III
    March 11, 2015

    Ok, I found the reason no ping source option is available:

     

    I'm in the backup unit 

    networkingkool
    networkingkool
    New Member
    March 13, 2015

    Hi community,

     

    I tried the image 5.2.2 for 80C unit few days ago. But something went wrong. The whole LANs behind the fortigate cannot go to Internet. Only fortigate unit itself can go to Internet.

    I recheck my configuration many times but cannot find any error with the configuration. I have to revert back to the image 5.2.1 then LANs can go Internet without any changes in configuration.

    I think the fortigate get problem with NAT function.

    Does anyone have the same problem with me?

    Please advice.

       
    GusTech
    GusTech
    New Member
    March 13, 2015

    networkingkool wrote:

    Hi community,

     

    I tried the image 5.2.2 for 80C unit few days ago. But something went wrong. The whole LANs behind the fortigate cannot go to Internet. Only fortigate unit itself can go to Internet.

    I recheck my configuration many times but cannot find any error with the configuration. I have to revert back to the image 5.2.1 then LANs can go Internet without any changes in configuration.

    I think the fortigate get problem with NAT function.

    Does anyone have the same problem with me?

    Please advice.

     

    Hi,

     

    Goto: Policy & Objects -> Objects -> Services -> Open ALL and change Protocol number from 6 to 0

    simonorch
    simonorch
    Explorer
    March 13, 2015

    Yeah, we've seen this several times now with 5.2.2, but it doesn't always occur

    Robin_Svanberg
    Robin_Svanberg
    New Member
    March 16, 2015

    simonorch wrote:

    Yeah, we've seen this several times now with 5.2.2, but it doesn't always occur

    Should only apply if you upgrade from v5.0 build0300 to v5.2 build0642.

     

    #0262415 - "After upgraded to v5.2 build0642 from v5.0 build0300, service custom ALL protocol number changed to 6 from 0"

    simonorch
    simonorch
    Explorer
    March 16, 2015

    Nope, experienced this the other week on new FGT30D POE with 5.2.2, icmp and udp didn't work with all, accept. Our impression is it's model specific.

     

    poor QA?

    Robin_Svanberg
    Robin_Svanberg
    New Member
    March 16, 2015

    simonorch wrote:

    Nope, experienced this the other week on new FGT30D POE with 5.2.2, icmp and udp didn't work with all, accept. Our impression is it's model specific.

     

    poor QA?

    Hmm, maybe.. Haven´t really checked, except from always verifying that the protocol hasn´t changed :)

    We have had the issue with 30D, 40C, 60D and 310B. Never with any of our customers 100D or 620B. Don´t remember the exact upgrade paths done, but everytime according to Fortinet.

     

    Should be fixed in 5.2.3.. :)

     

    BR Robin

    Terms & ConditionsAccessibility statement