Explorer III

Solved

FortiOS 5.4.8 Is Out?

Forum|Forum|8 years ago
January 19, 2018
3 replies
66276 views

In the process of upgrading a FortiGate 60E from 5.4.6 to 5.4.7. It looks as though I need to get a special build to do this as the upgrade page of the UI says that I can not upgrade from FortiOS v5.4.7 build1167 from FortiOS v5.4.6 build6408. I presume that I need to download FortiOS v5.4.7 build6453. Is this correct?

While looking for the correct image to download I noticed a listing for 5.4.8.

https://support.fortinet....ad/FirmwareImages.aspx

Has this been released? Has anyone tried 5.4.8 yet?

Best answer by ddskier

Update on IPv6 BGP Issue. Fortinet support was able to finally repro the issue in their labs and they were able to suggest a fix for the issue. Added the following line to config router bgp:

set network-import-check disable

SecurityPlusAuthor

Explorer III

I see the FortiOS 5.4.8 Release Notes.

I don't see the What's New in 5.4.8 yet.

ede_pfau

SuperUser

Resolved issues...lo and behold!

458586 In the Policy list page, Interface Pair View always displays as expand-all.

@SecurityPlus: I think it's build 6501 for the 60E, available for download (at 13:20 CET).

SecurityPlusAuthor

Explorer III

I will check again. Thanks.

danilo_cardoso

New Member

Well.

I´m planning to upgrade my 100D to that version from the old 5.0.9.

Just taking some courage.

SecurityPlusAuthor

Explorer III

Are you planning to follow the supported upgrade path cookbook? http://cookbook.fortinet....-upgrade-paths-fortios What features of the 100D are you using? Is this firewall under support should you encounter any problems?

danilo_cardoso

New Member

SecurityPlus wrote:
Are you planning to follow the supported upgrade path cookbook? http://cookbook.fortinet....-upgrade-paths-fortios What features of the 100D are you using? Is this firewall under support should you encounter any problems?

These are the enable features on global config

config system global set admin-concurrent enable set admin-https-redirect enable set admin-maintainer enable set allow-traffic-redirect enable set auth-policy-exact-match enable set batch-cmdb enable set csr-ca-attribute enable set dst enable set endpoint-control-fds-access enable set fds-statistics enable set gui-antivirus enable set gui-ap-profile enable set gui-application-control enable set gui-certificates enable set gui-client-reputation enable set gui-dynamic-routing enable set gui-endpoint-control enable set gui-explicit-proxy enable set gui-implicit-policy enable set gui-ips enable set gui-multiple-utm-profiles enable set gui-vpn enable set gui-vulnerability-scan enable set gui-webfilter enable set ipsec-hmac-offload enable set phase1-rekey enable set registration-notification enable set remoteauthtimeout 5 set send-pmtu-icmp enable set sslvpn-cipher-hardware-acceleration enable set sslvpn-kxp-hardware-acceleration enable set strict-dirty-session-check enable set wireless-controller enable

ddskier

New Member

I believe I have also identified another bug with SSLVPN using IPV6. The LDAP audentication fails on IPv6 but works normally on IPv4. Strange.

Fortinet is also researching this bug as well.

ddskierAnswer

New Member

Update on IPv6 BGP Issue. Fortinet support was able to finally repro the issue in their labs and they were able to suggest a fix for the issue. Added the following line to config router bgp:

set network-import-check disable

NeilG

New Member

ddskier wrote:
Update on IPv6 BGP Issue. Fortinet support was able to finally repro the issue in their labs and they were able to suggest a fix for the issue. Added the following line to config router bgp:

set network-import-check disable

Thanks for updating us on your resolution!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded