FortiOS 5.2.3 is out

@rpetty

Hi,

have you checked the "ALL" Service?

Description:

In FortiOS v5.0.8 and v5.0.9 and v5.2.0 through v5.2.2, the default value of the firewall service protocol number was changed from a value of 0 to 6.

The most commonly observed impact of this change is that after upgrading to the affected firmware, the “ALL” service matches only TCP traffic.

Executing a factory-reset on the FortiGate device does NOT change the default value to 6.

Affected Products:

All FortiGate models.

Resolution:

FortiOS v5.0.10 and v5.2.3 has fixed the issue.  Upon upgrading the FortiGate device, the firewall service protocol number is restored to 0.

Workaround:

Those wishing not to upgrade the firmware can modify the affected firewall services to explicitly set the protocol-number to 0.  For example:

config firewall service custom

edit "ALL"

set protocol-number 0

next

I have checked the service change for all.  I ran into the all service protocol change a while ago when upgrading to 5.0.11 but have that fixed.  When I upgrade to 5.2.3 I can no longer ping/connect to the LAN interface on the Fortigate.  I have also tried to connect to websites and ping 8.8.8.8 with no success.  When I run diag sniffer packet any 'host 10.2.95.5' I never see any traffic from my source IP.

I have the same issues of loading the interfaces and DNS screens after the upgrade to 5.2.3Downgraded back to 5.2.2