Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FGTuser
New Contributor III

FortiOS 5.0.6

5.0.6 is out share your experience please
64 REPLIES 64
FGTuser
New Contributor III

This is not yet confirmed as a bug, but after upgrade to 5.0.6 we started to have issues with antispam. I opened the ticket. Regular emails are blocked - " This message has been blocked because ASE reports it as spam" . There were no issues with that senders on 5.0.5, their IP is not on any blacklist. Sometimes helps to delete the signature (includes hyperlink) and resend the email. Emails with HTML attachments (invoice) are sometimes blocked as well. Nothing in logs! So it' s difficult to track, what was blocked. We know it just because of senders complaints of returning undelivered emails. Workaround was to disable E-mail Checksum Check, URL Check and Detect Phishing URLs .
TC_Hessen

I have one stupid problem with the 5.0.6. We have 2 110C and on both we have an ssl vpn. When connection to the first FG with disabled split tunneling, everything works fine. But when connecting to the second FG with split tunneling enabled, I cannot access the management of the unit on its internal ips, neither ping nor ssh or https. Flow trace shows " iprope_in_check() check failed, drop" . That works fine 5.0.5. Can anyone confirm it? FG1: 10.10.1.254 FG2: 10.10.2.254 Case 1 (no split tunneling, connected to FG1): my IP=10.11.1.1 -> FG1 and FG2 accessable Case 2 (split tunneling, connected to FG2): my IP=10.11.2.1 -> FG1 accessable, but and FG2 not
best regards, TC
Omar_Hermannsson

I
ORIGINAL: TC_Hessen I have one stupid problem with the 5.0.6. We have 2 110C and on both we have an ssl vpn. When connection to the first FG with disabled split tunneling, everything works fine. But when connecting to the second FG with split tunneling enabled, I cannot access the management of the unit on its internal ips, neither ping nor ssh or https. Flow trace shows " iprope_in_check() check failed, drop" . That works fine 5.0.5. Can anyone confirm it? FG1: 10.10.1.254 FG2: 10.10.2.254 Case 1 (no split tunneling, connected to FG1): my IP=10.11.1.1 -> FG1 and FG2 accessable Case 2 (split tunneling, connected to FG2): my IP=10.11.2.1 -> FG1 accessable, but and FG2 not
I tested split tunnel ssl vpn on a 60D and 200B with no issues connecting to the internal IP of the fortigate. Could this be specific to 110C?
isptools
New Contributor II

I see this day some very nast thing on the GUI (60D/100D/200B) all counters on IPSec-VPNS are 0 (and i know there should be many GB`s going this way). If i look at the tunnel himself i see the traffic ?
Michael Killermann ISP-TOOLS GmbH Kohlenhofstrasse 60 -D 90443 Nuernberg - Germany Fortinet Certified Network & Security Professional #FCP1001
Omar_Hermannsson

ORIGINAL: isptools I see this day some very nast thing on the GUI (60D/100D/200B) all counters on IPSec-VPNS are 0 (and i know there should be many GB`s going this way). If i look at the tunnel himself i see the traffic ?
Sounds like it could be because of hardware acceleration. Do you have npu-offload enabled in your phase-1 settings? If hardware acceleration is enabled, then this is expected behavior. You can disable it, but then you should expect worse performance, higher CPU and such.
TheJaeene

IE 11 ?!? Try FF or Chrome.... On IE11 i get some empty counters on 5.0.6. Regards, Jan
isptools
New Contributor II

since " Years" i allways try Firefox, Chrome and IExx, but there is no difference.
Michael Killermann ISP-TOOLS GmbH Kohlenhofstrasse 60 -D 90443 Nuernberg - Germany Fortinet Certified Network & Security Professional #FCP1001
romanr
Valued Contributor

I see this day some very nast thing on the GUI (60D/100D/200B) all counters on IPSec-VPNS are 0 (and i know there should be many GB`s going this way). If i look at the tunnel himself i see the traffic ?
With policy or interface mode? I just checked with 2 of our 100D clusters with IPSec vpns in interface mode and don' t see any trouble on the counters
isptools
New Contributor II

its all in policy-mode.
Michael Killermann ISP-TOOLS GmbH Kohlenhofstrasse 60 -D 90443 Nuernberg - Germany Fortinet Certified Network & Security Professional #FCP1001
romanr
Valued Contributor

its all in policy-mode.
Did the IPSec counters work properly before on policy mode? I remember the counters often were either 0 or far from realistic in policy mode - Throughout different 3.x and 4.x Firmware versions...