Skip to main content
Alby23
Alby23
New Member
September 8, 2016
Solved

FortiOS 5.2.9 is out

  • September 8, 2016
  • 4 replies
  • 77681 views

http://docs.fortinet.com/uploaded/files/3285/fortios-v5.2.9-release-notes.pdf

 

The list of the resolved issues is important IMHO, just some tips:

297421 HTTPs traffic is blocked after AV/IPS database update from FortiGuard.

306929 Fortigate memory logging is automatically enabled after reboot.

382828 When trying to access internal server through SSL VPN in web mode, the login page is not

371264 Modify user ran into lock when trying to change user's password during sslvpn connection.

376599 Keep IPSec traffic on the hardware during rekeying causes kernel panic.

    Best answer by ddskier

    I ended up opening another ticket with Fortinet because IPS engine 3.0289 still has an issue.

     

    They ended up providing me 3.0173.   I would open a ticket and ask for this ips engine.

    4 replies

    Ralph1973
    Ralph1973
    New Member
    September 12, 2016

    Hello, anyone who has this version already in production environments? Are there any major issues ?

    This version is only containing bug fixes and no new features , isn't it?

     

    Kind regards,

     

    Ralph Willemsen

    Lucascat
    Lucascat
    New Member
    September 12, 2016

    Upgraded 60D.

    IPS Engine continuosly crash:

     

    Any help?

     

    type=event subtype=system level=warning vd="root" logdesc="Application crashed" action=crash msg="Pid: 00585, application: ipsengine 03.170, Firmware: FortiGate-60D v5.2.9,build0736b736,160907 (GA) (Release), Signal 11 received, Backtrace: [0x30d9cb58] [0x30d9790c] [0x30d9ce08] [0x30d86594] [0x30c8cf34] [0x30c9eb28] [0x30c69d3c] [0x008aff60] [0x008b1d98] [0x008b34e0] [0x00039938] [0x008b3980] [0x008b4944] [0x00039938] [0x000393ac] [0x00037450] [0x00038f8c] [0x000368bc] [0x300e3bc4]"
    bommi
    bommi
    New Member
    September 12, 2016

    Lucascat wrote:

    Upgraded 60D.

    IPS Engine continuosly crash:

     

    Any help?

     

    type=event subtype=system level=warning vd="root" logdesc="Application crashed" action=crash msg="Pid: 00585, application: ipsengine 03.170, Firmware: FortiGate-60D v5.2.9,build0736b736,160907 (GA) (Release), Signal 11 received, Backtrace: [0x30d9cb58] [0x30d9790c] [0x30d9ce08] [0x30d86594] [0x30c8cf34] [0x30c9eb28] [0x30c69d3c] [0x008aff60] [0x008b1d98] [0x008b34e0] [0x00039938] [0x008b3980] [0x008b4944] [0x00039938] [0x000393ac] [0x00037450] [0x00038f8c] [0x000368bc] [0x300e3bc4]"

    Just ask the technical support for ips engine in version 3.0288.

     

    Kind Regards,

    Dominik

    MrGuga
    MrGuga
    New Member
    September 13, 2016

    Yesterday after upgrading, if I enabled DLP in an explicit proxy policy the CPU would stay at 100%. 

    The DLP profile was configured to log all files fingerprinted as "Critical". Fingerprint database had about 350 files (I deleted it to see if that was the problem, but it wasn't).

     

    These process where fighting for cpu (about 50% each):

    dlpfpcache 

    sqldb

     

    I tried again today but it seems to be working correctly now. I will rebuild fingerprint database and see what happens. 

     

    The box is a Fortigate 300C with only one explicit proxy policy and everything enabled on it.

     

    Luckily it is not production environment so that's ok.

     

    Itguy
    Itguy
    New Member
    September 19, 2016

    I take back my statement this version is running fine.

     

    IT'S A DISASTER!  Both units we were testing in production have had serious issues. I will be rolling them back to 5.2.8 tonight, hopefully that goes as planned. But 5.2.9 is a BUGGY MESS. Stick with 5.2.8 if you are on it, and wait this one out.

     

    VPN's not working, IPS crashes, blah blah blah.

    Ralph1973
    Ralph1973
    New Member
    September 19, 2016

    Upgraded a 240d cluster last week, no issues so far.

    ramboris
    ramboris
    New Member
    September 20, 2016

    I do have the same IPS issue on a 60D

    ..... signal 11 (Segmentation fault) received, backtrace....

    I've downgraded back to 5.2.8 for now

     

    Tried also on a 200D which seems fine with 5.2.9

    newnhap
    newnhap
    New Member
    November 7, 2016

    We've also had the problem on all our 60D's and 90D's. I've opened a ticket with Fortinet to get the updated IPS Engine but still waiting. As a quick fix/workaround we stopped the IPS Engine by issuing the following command:

     

    diag test application ipsmonitor 98

     

    Not an ideal solution to stop the IPS Engine but user's couldn't work.

     

    Apparently the issue is fixed in 5.2.10 but no release date yet.

     

    lubyou
    lubyou
    New Member
    November 29, 2016

    For us 5.2.9 broke SSH, HTTPS, and SSL VPN on a Fortigate 60d on the wan1 interface.

    The same services where still available on wan2, SSL VPN did not work, though.

    Reverting to 5.2.8 fixed all mentioned issues.

    Pretty bad experience.

    SMabille
    SMabille
    New Member
    November 29, 2016

    Can confirm related issues on 200D. Broken SSL interception generating random "bad cypher" errors in Chrome. reverted to 5.2.8

    Terms & ConditionsAccessibility statement