Skip to main content
Carl_Wallmark
Carl_Wallmark
New Member
March 29, 2019
Solved

FortiOS 6.2.0 is out!

  • March 29, 2019
  • 3 replies
  • 97796 views

.

    Best answer by ThomasK

    Very strange, they also stop Fortigate telemetry functionality from Fortigate and removed the feature. Are they crazy? (sorry for the wording). Should we really install EMS (including necessary Windows license) just for compliance enforcement? And the paid telemetry license and maintenance fees are for nothing? https://docs.fortinet.com...oint-telemetry-license

    3 replies

    Cls
    Cls
    New Member
    March 29, 2019

    Quick note from first impressions on my test device:

    As read in Release Notes / Changes in default behavior:

    -FortiOS 6.2.0 removes any use of device enforcement from various FortiGate features.

     

    This means that all policies and setups that are using Devices or Devices-Groups in policy will have "open" policies after upgrading to 6.2.0.

    I cannot find any obvious replacemens for Device feature per now.

     

    If anyone has more info on what Fortinet's plan on this is, I would appreciate a shoutout.. :)

     

     

    Best Regards,

    Runar

    SMabille
    SMabille
    New Member
    March 30, 2019

    Indeed, not clear warning (beside small note in default behaviour). Likely to caught lots of customers (I'm using devices for IoT devices, but also to disable SSL inspection for specific applications on iOS that refuse custom CA). There is no documentation or recommendation on best approach to replace this. It's very very disappointing to say the least. Hopefully the feature will be back or credible alternative provided. Until then I can't really see any practical way to solve the issue. The only way I can imagine is to reserve MAC in DHCP in specific range for specific device but: - Would run out of address quickly - Impractical for BYOB scenario or large estate of iOS devices Can't think of a good reason to suppress the feature. Upgrade shouldn't be about deprecate feature without clear notice. 

     

    Really three steps backward for IoT management.

     

     

    Cls wrote:

    Quick note from first impressions on my test device:

    As read in Release Notes / Changes in default behavior:

    -FortiOS 6.2.0 removes any use of device enforcement from various FortiGate features.

     

    This means that all policies and setups that are using Devices or Devices-Groups in policy will have "open" policies after upgrading to 6.2.0.

    I cannot find any obvious replacemens for Device feature per now.

     

    If anyone has more info on what Fortinet's plan on this is, I would appreciate a shoutout.. :)

     

     

    Best Regards,

    Runar

    ThomasK
    ThomasKAnswer
    New Member
    March 30, 2019

    Very strange, they also stop Fortigate telemetry functionality from Fortigate and removed the feature. Are they crazy? (sorry for the wording). Should we really install EMS (including necessary Windows license) just for compliance enforcement? And the paid telemetry license and maintenance fees are for nothing? https://docs.fortinet.com...oint-telemetry-license

    PeterK
    PeterK
    Visitor III
    April 16, 2019

    I agree more should be done to address bug fixes in the existing firmware before major firmware jumps, as a member has stated above it is too risky to go with the first release of a new major firmware.

     

    I am on 6.04 and have noticed that release has stopped you amending some pf the policies from the top screen and you now have to edit them. Another bug that has come in is Internet Explorer no longer works for the SSL Web VPN login.  Chrome and Firefox work but you run into trouble with organisations using IE.  I would have like a patch for this latter problem before doing another major firmware update or as they have done in previous ones if they are going to do a major one run some patches to fix at least some of the patches with the existing firmware for instance 6.0.x

    brizvi_FTNT
    Staff
    brizvi_FTNT
    Staff
    April 24, 2019

    peterkoszarek@nhs.net wrote:
     

    I am on 6.04 and have noticed that release has stopped you amending some pf the policies from the top screen and you now have to edit them. 

    Are you trying to make changes from the policy list page? Which policies are you unable to make changes to?

     

    PeterK
    PeterK
    Visitor III
    May 7, 2019

    Having trouble now replicating this which is odd.  Defo still having a big issue with Internet Explorer (we are using 11) being able to log into the SSL VPN Web mode and even to the Fortigate to manage.  I tend to not use IE as much but we cannot tell staff not to.  Has this been resolved in 6.2.0 as they do not seem to be doing more patches after 6.0.4?

    anujdalal
    anujdalal
    New Member
    June 12, 2019

    Hi,

     

    I'm having high memory usage issues (memory leak?) since the release of this firmware. I have 2 Azure FG-VM02s running in Active/Active HA. I removed one of them from the Azure Loadbalancer back-end pool ("cluster") at 64% memory usage. Even with close to no traffic going through it, the memory usage stayed at 64% constantly. The usage gradually climbs when the ipsengine is in use. diagnose sys top shows ipsengine using lots of memory, and not releasing it. I also can't seem to downgrade the firmware; the fortigate fails to download the file from FortiGuard.

     

    I wonder if you're experiencing (or have experienced) something similar?

     

    Thanks.

    sullimd
    sullimd
    New Member
    July 10, 2019

    Same here on the memory issues. Experienced the same thing with 2 customers - today.  It's the wad service using all the memory, device goes into conserve mode, then I get a call that the internet is down.  It was the wad service on both customers. 

     

    Pid: 00195, application: wad, Firmware: FortiGate-100E v6.2.0,build0866b0866,190328 (GA) (Release), Signal 11 received, Backtrace: [0x36c0aba6] [0x36c8b2a5] [0x36c8b4e9] [0x00a166d3] [0x00a44085] [0x00033979] [0x00037587] [0x36c0a971] [0x00031cc9]

     

    One customer, ah, just a fluke.  Two customers, within 6 hours of each other - stay away for now.  Both of these customers wanted to upgrade for some of the new SD-WAN functionality, but I won't be upgrading any customers for a while.

    Frank_Baschin
    Frank_Baschin
    New Member
    July 12, 2019

    Yesterday we also had memory issues. The memory load grows to 100% in 5-10 minutes. With network down situation.

    Firmware: FortiGate-100E v6.2.0,build0866b0866,190328 (GA)

     

    We temp. could resolve it with disable all service policy. It seems, that the IPS Prevention had high memory load.

    Terms & ConditionsAccessibility statement