Skip to main content
greenmug
greenmug
New Member
December 1, 2017
Question

Upgrade from 5.4 to 5.6 strips OSPF authentication

  • December 1, 2017
  • 1 reply
  • 7866 views

Hi after an upgrade attempt all traffic stopped flowing.

Upon investigation I found the OSPF interface section has changed considerably and OSPF authentication commands were removed.

 

Is this known? Has anyone had it confirmed as a bug?

Rule base section headers were also removed. I'm concerned there are other features config elements that get removed. I reverted so can't easily check.

 

Any date for the next release of 5.6?

 

 

An example before and after:

 

edit "ospf_int_1" set interface "FM_1" set authentication md5 set md5-key 2 "ENC fasdfasdfsadfsadfqi/T8q3xQ9" set cost 6000 set dead-interval 40 set hello-interval 10

 

 

 

edit "ospf_int_1" set interface "FM_1" set ip 0.0.0.0 set authentication none set prefix-length 0 set retransmit-interval 5 set transmit-delay 1 set cost 6000 set priority 1 set dead-interval 40 set hello-interval 10 set hello-multiplier 0 set database-filter-out disable set mtu 0 set mtu-ignore disable set network-type broadcast set bfd global set status enable set resync-timeout 40 next

    1 reply

    FGTuser
    FGTuser
    New Member
    December 1, 2017

    It might be related to this bug:

     

    435124 Cannot establish IPsec phase1 tunnel after upgrading from version 5.4.5 to 5.6.0. Workaround: After upgrading to 5.6.0, reconfigure all IPsec phase1 psksecret settings.

     

    Probably OSPF key is lost as well during upgrade.

     

    ETA for 5.6.3 was November 22, then November 30,...should be out soon.

    greenmug
    greenmugAuthor
    New Member
    December 6, 2017

    Thanks @FGTuser for the info.

    Looking at the release notes (out yesterday) that bug reference isn't included. I assume this means it didn't make this release?

     

    https://docs.fortinet.com/uploaded/files/4088/fortios-v5.6.3-release-notes.pdf

     

    It would be useful if anyone had a support ticket relating to this bug if they had confirmation either way. It might be missed from the release notes but included in the firmware. I can't readily test in a lab.

    doslager
    doslager
    New Member
    January 7, 2018

    I just noticed this as well. I am building out a new location with a pair of 200E. I upgraded to the latest firmware (5.6.3, build 1547) and noticed it was not in the OSPF section. 

     

    I can revert to 5.4.x, but i would like to put this into production with the latest version. Plus, our other environments will eventually need to be upgraded to 5.6.x and I dont want to break them. It sounds like the MD5 gets stripped out and OSPF just breaks. 

    Terms & ConditionsAccessibility statement