Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

FortiOS 5.2.1 is out

.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

46 REPLIES 46
FatalHalt

While I agree that logging to smaller boxes isn' t necessarily a great idea, removing it completely does hurt those of us who did understand that it was a temporary space for troubleshooting. Now it' s memory only, which can be less than a minute in many cases.
emnoc
Esteemed Contributor III

Sorry fail - not sure. Is the mechanism of sending logs to forticloud documented somewhere? Believe me or not, we lost several messages during internet line congestion comparing to local logging. BTW. Do you think that plain syslog over TCP is the remedy for lost messages? Unfortunately not: link
Not saying you lost logs, but the transmission path is ssl over tcp and it' s documented here and i believe all logging is done with 514/tcp ( you can diagnose sniffer it and see that ) https://www.forticloud.com/com.fortinet.gwt.Main/help.jsp?locale=en_US%EF%BB%BF#communication Also depending on FortiOS you can use the diag test app miglogd 6 and verify counts for logging details being sent.
Company which is not listening to customers can' t be successful in long term.
tell that to cisco and juniper they seem still be around It ( forticloud ) isn' t the best but it does have some benefits. Fortinet has provide numerous alternatives some free , some local, some are via syslog. You have to pick what' s best for your setup.

PCNSE 

NSE 

StrongSwan  

FGTuser
New Contributor III

You have to pick what' s the best for your setup.
I did already. Local logging on device , but I would be happy if the device could last longer than about one year...
tell that to cisco and juniper they seem still be around
Yes and no. I' m not involved in Juniper too much/too long. Cisco shines in routing&switching. But load balancers - gone. SIMS and MARS - gone. Firewalls - OK unless you need UTM or SSL VPN, than it' s different story (and price). Anyway, end of OT. Peace.
Phuoc_Ngo
New Contributor

We just upgrade our devices to 5.2.1 and discover the following issue and one confirmed bug.  We are on 600C devices.

 

1.  Web Rating Overrides completely not working, no showing up under GUI or command line  Support provide me the bug ID but I completely write it down.

 

Issues.

 

1. Full SSL inspection does not function properly for secure web site filtering.  IE Browser will display page can't be display or missing cert under Chrome browser.

2. Hardware show two Fans status as failure.

 

Will play with more functions for now.

 

Regards,

 

Phuoc_Ngo
New Contributor

Here are the two known bug ID for 5.2.1

 

Web override page is blank Bug ID : 0243897

Fan failures: Bug ID : 0240650

 

Another items that does work well is Full SSL inspection.  It doesn't work well with Office365, LYNC or proprietary secure site.

storaid
Contributor

hello, Fortinet guys..

this week the v5.2.2 patch will be available on the f/w portal???

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

storaid
Contributor

anyone know the ETA for v5.2.2????

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1