FortiOS 5.2.3 is out

I don't see any release notes in download dir or anywhere else.

Just checked, and release notes are in the download directory. Search for fortios-v5.2.3-release-notes.pdf. 

First impressions after upgrading from 5.2.2 on a FortiGate 1000C with a few hundred policies and objects:

FortiView received some performance refinements and searching is more consistent throughout.

We had a few policies which used an SSL inspection object with "protect SSL server" enabled. These stopped working with 5.2.3 until I removed the SSL inspection object on them. I will properly investigate when time permits, but it's not a big issue for us now. 

Log viewing has received a significant overhaul. Reverse DNS is showing up consistently for sources and search results will no longer randomly come up empty. I had to chuckle a bit, as I was praising the FortiOS platform to a potential adopter the other week, but had to voice some frustration about the so-so log viewer performance.

Still testing some of our web filtering policies that previously worked better with flow-based vs proxy and vice versa, but so far everything seems stable and consistent. Fingers crossed....

Yesterday I upgraded an FG-80C (1 G) from 5.0.11 first to 5.2.2 and then to 5.2.3 (as I didn't know of the new release in the morning).

On both occasions, the FGT behaved way too slow after the reboot. The GUI was sluggish and really a pain. Operation though was fine, except for the "custom service" in 5.2.2 which was wrong (this has been on the forums quite often now).

Additionally, the FortiGuard status was wrong: hardware 'licensed' but AV and IPS 'not registered' which clearly was wrong. An inspection with 'get sys fortiguard-service status' showed an AV engine version '1.000', the log was full of messages 'FortiGuard servers unreachable' and an 'exec update-now' produced 'error 6'.

I ran a 'exec formatlogdisk' with a reboot and after that everything worked fine.

After 'exec update-now' the engine and signatures were up-to-date.

This was repeated after the upgrade from 5.2.2 to 5.2.3. 'exec formatlogdisk', reboot and Bliss!

The update to 5.2.3 corrected several minor config errors, such as

firewall services custom

'set tcp-portrange 0' is replaced by 'unset tcp-portrange' in services

ALL, ALL_UDP, DHCP, IKE, QUAKE, RAUDIO, RIP, SIP, SYSLOG, TALK, TFTP, MGCP, DHCP6, RADIUS, RADIUS-OLD, TRACEROUTE, LDAP_UDP, NetBios-NS, NetBios-DS

in 'ALL_CUSTOM', 'set protocol-number 6' was added

in 'NONE', 'set tcp-portrange 0' was added.

So for admins still running 5.2.2 and having upgraded from 5.0.x you should have a look at these service definitions.

One last observation:

I had a static route defined for a dial-in IPsec VPN. The upgrade to 5.2.3 removed it rightfully as the dial-in VPN will create a dynamic route entry according to the (dynamic) proxy addresses.

Does anyone have FSSO working with 5.2.3 ?

hmm, thanks, mine does not work.

What version of FSSO do you have on your server ?

Thank you Storaid,

May I ask how your groups are configured and policys using these FSSO groups ?

Nevermind,

It seems like it doesn´t work when you use LDAP server in the FSSO setup.

storaid wrote:

system error after a wifi interface has been removed...

I had a number of issues with WiFi Networks in the past while performing "in-place" upgrade to a major FortiOS version (i.e. 4.3 to 5.0; usually not while applying a patch on the same firmware branch). FortiOS upgrade scripts which transform FG configuration do not always work as expected and sometimes after upgrade you may have a hard time to fix and even remove a broken WiFi interface.

The best way to resolve the issue in your case would be...