FortiOS 5.2.7 is out

Carl_Wallmark · ‎03-28-2016

.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

vladimircze · ‎04-14-2016

Hi,

12 hours ago upgraded 100D cluster from 5.2.3 to 5.2.7 (using 5.2.5 as intermediate version in upgrade path).

Features used:

A-A cluster,

web filter,

IPS,A/V, APPL Sensors, content SSL Inspection

WiFi (WPA2-enterprise and WPA2-Personal)

SSL VPN, IPSEC VPN

OSPF, LACP

5 VDOM.

So far so good.

Vladimir, Prague, Czech Republic.

View solution in original post

netmin · ‎04-19-2016

I don't believe this is a bug. I remember having seen a changelog or release note referring to the built-in account "FGT_ha_admin", which was originally used for exec ha manage:

"You log into the subordinate unit using the FGT_ha_admin administrator account. This built-in administrator account gives you read and write permission on the subordinate unit. Normally this built-in administrative account is not visible, however FGT_ha_admin does appear in event log messages."

I think the account was removed (for security reasons) ... [strike]I can't find the corresponding document anymore, maybe a later document revision had this piece of information removed as well.[/strike]

Edit: found it - the release notes downloaded from the support portal provide(d) this information.

View solution in original post

x_member · ‎05-16-2016

FYI:

5.2.7 contains ipsengine 3.0164 that does not play well with deep packet inspection and Chrome browser: https://forum.fortinet.com/tm.aspx?m=137615

View solution in original post

Baptiste · ‎03-28-2016

Release notes : http://docs.fortinet.com/uploaded/files/2967/fortios-v5.2.7-release-notes.pdf

2 FGT 100D + FTK200

3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E

storaid · ‎03-29-2016

some known issues are annoying..=_="

* Users may not be able to create new address objects from the Firewall Policy.

* All sessions: filter application, threat, and threat type, may not work as expected

* If the client is connecting to an SSID with WPA-Enterprise and User-group, it may not be able to pass the traffic policy.

* When creating an id_based policy with SSL enabled, and the set gui-multipleutm disable is applied, an Entry not found error message may appear.

* When navigating FortiView > Application some security action filters may not work.

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

pcraponi · ‎03-29-2016

I think these "know issues" are not 5.2.7 only. I have some of these bugs in previous versions. Apparently they are all 5.2.x bugs opened.

Regards, Paulo Raponi

JohnAgora · ‎03-30-2016

Anyone found the file "What’s New for FortiOS 5.2.7 "?

Thanks!

emnoc · ‎03-30-2016

Here's the link & click on 5.2

http://docs.fortinet.com/fortigate/release-information

Ken

PCNSE

NSE

StrongSwan

JohnAgora · ‎03-30-2016

I just found the one on 5.2.5.

Cheers!

donnat · ‎03-31-2016

Maybe there will be no new features in 5.2, but only bug fixes... and the new features will be to v5.4 ... I hope ... and thank you advance to correct any bugs in 5.2.8... Pleeeeeeeaaaaaaaaaase

Cluster Active/Passive Fortigate-1500D 6.0.9 (AV, DLP, AppCtrl & IPS, DHCP, AlertMail, Fortiguard Web & AS, OSPF & RIPv2, SSL-VPN Portal Web and Tunnel) FortiAnalyzer-3000D 6.0.8 (Log, Syslog, Alert event, Quarantine & Report)

vladimircze · ‎04-14-2016

Hi,

12 hours ago upgraded 100D cluster from 5.2.3 to 5.2.7 (using 5.2.5 as intermediate version in upgrade path).

Features used:

A-A cluster,

web filter,

IPS,A/V, APPL Sensors, content SSL Inspection

WiFi (WPA2-enterprise and WPA2-Personal)

SSL VPN, IPSEC VPN

OSPF, LACP

5 VDOM.

So far so good.

Vladimir, Prague, Czech Republic.

AtiT · ‎04-19-2016

I updated an A-P cluster from 5.2.4 to 5.2.7 (via 5.2.6). Now when I want to connect to the subordinary unit with command #execute ha manage <id> the username and password needed to be entered. Is it a new feature? I did not find it in the release notes or I missed something?

It could be a problem on an A-P cluster when external user authentication is used for admins like LDAP etc. as the passive unit will not authenticate the user.

AtiT