Skip to main content
storaid
storaid
New Member
December 4, 2015
Solved

NOW! FortiOS v5.2.5...

  • December 4, 2015
  • 6 replies
  • 88817 views

build701

Appeared in the download portal....

but [size="5"]no enhancements?????[/size]

 

Best answer by HASimac

Hello,

 

Problems occurs with SSL Inspection on 5.2.5. If you use SSL Inspection, it's better to run 5.2.3 (stable).

 

Regards,

 

HA

 

6 replies

Carl_Wallmark
Carl_Wallmark
New Member
December 4, 2015

it´s a patch release, enhancements are not to be expected.

simonpt
simonpt
New Member
December 4, 2015

No image checksums except for FGR_100C. Consistent with the RSS feed announcement that only mentioned FGR_100C.

I've asked supportadmin to generate the missing checksums.

ede_pfau
SuperUser
ede_pfau
SuperUser
December 4, 2015

Jeez....

 

no enhancements! Fortinet finally keeps it's promise and just fixes things. Lo and behold. Keep up the good work, give us a rock solid v5.2 and put all the fancy new stuff into v5.4.

 

just my 2ct

dpmcintyre
dpmcintyre
New Member
December 6, 2015

storaid wrote:

but [size="5"]no enhancements?????[/size]

As others have stated, it is a patch release, just fixing things. I have high hopes that it finally stabilizes the 5.2.x train, I've had "oddness" in every other 5.2.x release so far. Some are livable, sometimes not. I do purposely keep some customers back on 5.0.x as I think they'll have more problems with 5.2.x than 5.0.x. Even if there are security issues (ie. SSL security) in 5.0

While I've been around since the 2.80 days. Definitely in the past, features did creep in at random points in the trains, Fortinet lately has moved to a more structured release. In talking to my SE and support, features are only in the new even minor number releases (ie. 5.0.0, 5.2.0, 5.4.0), they have feature/code freeze on the line to do only patches now for the patch  release.

 

Ie. I was one (apparently of many) pushing for client DHCPv6 IA_PD feature, but they only relented to work on it after 5.2.0 was frozen, so it had to wait until 5.4 comes out, whenever that may be. (since the virtual image has been out a few weeks, but no hardware). 

 

Paul_S
Paul_S
New Member
December 7, 2015

I am trying to decide how soon to install 5.2.5. The bugs in 5.2.3 have been bothering me for a very long time now.

 

I'll wait a couple weeks and then go to 5.2.5.

ecsupport
ecsupport
New Member
December 8, 2015

Yea 5.2.3 & 5.2.4 have been buggy. HTTPS access issues on WAN2, horrible SSL VPN, comeon guys thats microsoft per service pack 1 level silliness! Agreed on too many known issues and a few scary ones too.

 

Wait for dust to settle too...

jerryliou
jerryliou
New Member
December 17, 2015

NP6 can work for TCP syn-proxy in v5.2.5 now.

VicAndr
VicAndr
New Member
December 17, 2015

After upgrading FortiOS from v.5.2.3 to v.5.2.5, I see authentication issues on WPA2-Enterprise WiFi networks with remote RADIUS. Some clients/devices can connect to the wireless networks and others - cannot. ...did not have this problem while our FG/FWF units were on v.5.2.3. 

 

I see the same problem on different boxes: FWF80-CM, FG110C. Has anyone experienced the same problem?

Chris
Chris
New Member
December 20, 2015

VicAndr wrote:

After upgrading FortiOS from v.5.2.3 to v.5.2.5, I see authentication issues on WPA2-Enterprise WiFi networks with remote RADIUS. Some clients/devices can connect to the wireless networks and others - cannot. ...did not have this problem while our FG/FWF units were on v.5.2.3. 

 

I see the same problem on different boxes: FWF80-CM, FG110C. Has anyone experienced the same problem?

I have activated RadiusAuth (via QNAP) on a FWF60D (v5.2.5) since 2 Weeks.

Actually I detected no problems.

Currently connected devices are HTCOne (m7), Apple Ipad2 (IOS9.2), Lenovo TAB, ASUS Tab.

Paul_S
Paul_S
New Member
December 21, 2015

Will someone running 5.2.5 please create a new object from a policy edit screen and see if this known issue affects them. Thank you.

 

BUG#286226 - Users may not be able to create new address objects from the Firewall Policy.

ISOffice
ISOffice
New Member
December 22, 2015

Hi Paul S,

 

We have a couple of 100D Appliances (v5.2.5, build 701), running Active-Passive. I was able to create an address object on-the-fly from within the Firewall Policy without any issues.

 

Hope this helps,

 

John P

Paul_S
Paul_S
New Member
December 22, 2015

ISOffice wrote:

Hi Paul S,

 

We have a couple of 100D Appliances (v5.2.5, build 701), running Active-Passive. I was able to create an address object on-the-fly from within the Firewall Policy without any issues.

 

Hope this helps,

 

John P

Thank you! I asked my SE about this bug too. Apparently the bug just means you cannot hit enter, you have to click the create button to the right. a minor issue in my opinion compared to not being able to create an object from that screen at all.

IAC
IAC
New Member
September 1, 2016

We upgraded our 2 FG500D (3000k users, 200Mbps Internet traffic, HA A-P, IPS, AV, Web Filtering, Application Control, SSL/SSH inspection) last week from 5.2.3 to 5.2.5. Configuration file did not change. Just after the upgrade we noticed http/http traffic problems (from and to Internet) related to SSH/SSL inspection feature.

 

To get the http/https traffic back, we had first to activate SSH/SSL inspection in the policies affected (no SSH/SSL inspection activated before the upgrade). With other policies this workaround did not work. In the end we had to avoid any IPS, AV, Application control, SSH/SSL inspection configuration. Web Filtering was fine.

 

One week later (yesterday) we upgraded from 5.2.5 to 5.2.7. So far, so good. No problems noticed.

IAC
IAC
New Member
September 6, 2016

Sorry. Just 3K users!!

Terms & ConditionsAccessibility statement