Skip to main content
Best answer by James_G
Awesome!

3 replies

simonorch
simonorch
Explorer
January 2, 2020

But not for the 100F and 60F so far

James_G
James_GAuthor
New Member
January 2, 2020
Hopefully any day I hear that at 6.2.4 it will be combined into the main release build, so no waiting after that
James_G
James_GAuthor
New Member
January 2, 2020

Personal view - I have updated 3 HA firewall pairs to 6.2.3 and no issues found with a week of running (OK is was xmas, but still been running a week no issues). Devices upgraded are 50e and 80d units.

 

Memory usage is down across all of them.

 

I know similar thread on reddit is saying people are having issues with netflix streaming sticks in TVs - but I don't have any such devices at work! And, I have double checked netflix from phone to be sure anyway.

Hosemacht
Hosemacht
Explorer
January 14, 2020

Hi there,

 

are there any news about the device enforcement in Policies for FortiOS 6.2.3 or higher?

Jirka1
Jirka1
Explorer II
January 14, 2020

the_giraffe_that_wasnt_president wrote:

Hi there,

 

are there any news about the device enforcement in Policies for FortiOS 6.2.3 or higher?

Unfortunately, no

Jannik
Jannik
New Member
January 23, 2020

So how is your experience with 6.2.3 so far? I run it on an active-active 61E HA Cluster. I notcied DNS Filter Server is "unreachable" under Network>DNS. This occured on several FG models with customers units... FG61E, FG30E, FG80E, I have an open case with fortinet about that. Also very high memory usage while cpu is very low, <5% most of the time. FG enters conserve mode frequently.

Magnitude_8
Magnitude_8
Explorer
January 24, 2020

My experience with 6.2.3 hasn't been great.  I've upgraded two customers with 200E clusters from 6.2.2 and had intermittent issues with web pages not loading and Outlook disconnections from Exchange Online.  Have rolled one back to 6.2.2, which resolved the issues.  Might roll back the other one as well, but this will reintroduce issues with RDP of SSL VPN, so I'm a little reluctant.

justme
justme
New Member
January 25, 2020

This is a response for my open ticket regarding connection drops on pppoe links... As the one I manage is a production system there's a procedure to deploy the solution, it's gonna take some time to upgrade from 6.2.2 to 6.2.3 (for the third or fifth attempt).

 

I have analyzed the logs provided and noticed the following(and I am also attaching the wireshark captures ) : - for FortiOS 6.2.3 the packet length increases so you have 1514 packet size which is not being fragmented by FGT. - in both captures the flag of the packets sent is set to 1 : Don't fragment. - in both 6.2.2 and 6.2.3 the option # set honor-df is enabled on FGT however it seems to be working as expected only on 6.2.3 So my conclusion would be that Honor-df was not working as expected in 6.2.2 but it does in 6.2.3(that's why the packets are not being transmitted anymore). If enabled, "set honor-df" honors the information already set on DF-Bit and not change it. If the honor-df is set to disable, then FortiOS will ignore the packet’s DF flag by encapsulating and encrypting it. I have researched internally for similar situation and and found a few known issues related to # set honor-df but on previous versions : 6.0. and 5.4 If you want to upgrade to 6.2.3 you will have to disable this option in order to avoid any error.

Terms & ConditionsAccessibility statement