Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hklb
Contributor II

FortiOS 5.2.3 is out

.

4 Solutions
VicAndr
New Contributor III

...discovered another bug with v.5.2.3. Administrators who are restricted to provision guest accounts only, can't actually print those accounts (to hand over login IDs and passwords to relevant users). In attempt to do so a FortiGate responds with "Error 500: Internal Server Error".

 

...didn't have this problem before the upgrade [&:].

View solution in original post

Paul_S

hklb wrote:

 

Change your encoding in your browser (in chrome : option - more tools- encoding - western) and it works.

Support said the encoding error will be fixed in 5.2.4

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

View solution in original post

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
rwpatterson
Valued Contributor III

Also you cannot load the DNS screen.

 

When upgrading to 5.2.3, the admin accounts have changed from 'super_admin' to 'prof_admin'. We had the same issue here. We simply went into a backup, changed the admin types and restored the config. I did this remotely, hoping I wouldn't have to drive in. It worked flawlessly.

 

By the way, we got the answer from support. My guru is better than your guru!

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

View solution in original post

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
TheJaeene
Contributor

@rpetty

 

Hi,

 

 

have you checked the "ALL" Service?

 

Firewall Service Protocol Number Change 2015-04-02 Subject: Firewall Service Protocol Number Change Released: 2015-04-02 Modified: 2015-04-02  Product: FortiGate

Description:

In FortiOS v5.0.8 and v5.0.9 and v5.2.0 through v5.2.2, the default value of the firewall service protocol number was changed from a value of 0 to 6.

The most commonly observed impact of this change is that after upgrading to the affected firmware, the “ALL” service matches only TCP traffic.

Executing a factory-reset on the FortiGate device does NOT change the default value to 6.

Affected Products:

All FortiGate models.

Resolution:

FortiOS v5.0.10 and v5.2.3 has fixed the issue.  Upon upgrading the FortiGate device, the firewall service protocol number is restored to 0.

Workaround:

Those wishing not to upgrade the firmware can modify the affected firewall services to explicitly set the protocol-number to 0.  For example:

config firewall service custom

edit "ALL"

set protocol-number 0

next

 

View solution in original post

56 REPLIES 56
Carl_Wallmark
Valued Contributor

hmm, thanks, mine does not work.

 

What version of FSSO do you have on your server ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
storaid

Selective wrote:

hmm, thanks, mine does not work.

 

What version of FSSO do you have on your server ?

latest version...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
Carl_Wallmark
Valued Contributor

Thank you Storaid,

 

May I ask how your groups are configured and policys using these FSSO groups ?

 

 

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Carl_Wallmark
Valued Contributor

Nevermind,

 

It seems like it doesn´t work when you use LDAP server in the FSSO setup.

 

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
TheJaeene
Contributor

My Lab 80C crashed after 4 Days running 5.2.3

SSH & Telnet frozen... Only a Coldstart brought the Box back to life!

 

Yeah Baby Yeah!

 

storaid
Contributor

system error after a wifi interface has been removed.......

I can not go to any management console, includes CLI......

anyone have this problem????

this problem sucks...

 

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
VicAndr
New Contributor III

storaid wrote:

system error after a wifi interface has been removed...

You shouldn't remove WiFi interface from System > Network > Interfaces GUI section. The right way to remove it is - through WiFi Controller > WiFi Network > SSID - the same place where you created it in the first place.

 

I had a number of issues with WiFi Networks in the past while performing "in-place" upgrade to a major FortiOS version (i.e. 4.3 to 5.0; usually not while applying a patch on the same firmware branch). FortiOS upgrade scripts which transform FG configuration do not always work as expected and sometimes after upgrade you may have a hard time to fix and even remove a broken WiFi interface.

 

The best way to resolve the issue in your case would be...

[ol]
  • downgrade FortiOS to a pre-upgrade version;
  • restore configuration you've backed up right before the upgrade;
  • remove SSID in question;
  • upgrade to v.5.2.3;
  • recreate the SSID (if needed).[/ol]

    Another way to fix it might be...

    [ol]
  • backing up post-upgrade configuration (provided you can access management interface either through GUI or CLI);
  • edit configuration text file manually on your computer - removing troubled WiFi interface/SSID and all relevant dependencies;
  • restore modified configuration to your box;
  • recreate the SSID (if needed).[/ol]

     

  • VicAndr
    New Contributor III

    ...discovered another bug with v.5.2.3. Administrators who are restricted to provision guest accounts only, can't actually print those accounts (to hand over login IDs and passwords to relevant users). In attempt to do so a FortiGate responds with "Error 500: Internal Server Error".

     

    ...didn't have this problem before the upgrade [&:].

    Juan_Torres
    New Contributor

    another problem.

    upgraded fortigate 110c from 5.2.2 to 5.2.3

    wifi controller->managed fortiaps doesn't show any aps (total of 30), thinking an thinking minutes...sometime (1 of 30 times) shows aps normally....aps wifis are working correctly.

    thanks

    The problem I saw is src-vis process, always running 15-30%, is it normal?, thanks

    DJensen99
    New Contributor

    Just had to roll back a handful of 60Ds from 5.2.3 to 5.2.2.  Most iDevices and a handful of other random devices would no longer reliably obtain a DHCP address on WAPs wired directly to the units.  I tried reversing the DHCP service definitions mentioned further up the thread with no effect.  I couldn't duplicate the issue with any equipment that I have.

     

    The units showed a valid IP assigned to the units, but the affected devices all showed as APIPA.  After rolling back the firmware, only a handful of iDevices are having issues, probably related to the bugs in IOS8.  No other issues noted with the new firmware.

    Labels
    Top Kudoed Authors