Alby23
Contributor II

FortiOS 5.2.9 is out

http://docs.fortinet.com/uploaded/files/3285/fortios-v5.2.9-release-notes.pdf

 

The list of the resolved issues is important IMHO, just some tips:

297421 HTTPs traffic is blocked after AV/IPS database update from FortiGuard.

306929 Fortigate memory logging is automatically enabled after reboot.

382828 When trying to access internal server through SSL VPN in web mode, the login page is not

371264 Modify user ran into lock when trying to change user's password during sslvpn connection.

376599 Keep IPSec traffic on the hardware during rekeying causes kernel panic.

1 Solution
ddskier

I ended up opening another ticket with Fortinet because IPS engine 3.0289 still has an issue.

 

They ended up providing me 3.0173.   I would open a ticket and ask for this ips engine.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

View solution in original post

43 REPLIES 43
Ralph1973
Contributor

Hello, anyone who has this version already in production environments? Are there any major issues ?

This version is only containing bug fixes and no new features , isn't it?

 

Kind regards,

 

Ralph Willemsen

Lucascat
New Contributor III

Upgraded 60D.

IPS Engine continuosly crash:

 

Any help?

 

type=event subtype=system level=warning vd="root" logdesc="Application crashed" action=crash msg="Pid: 00585, application: ipsengine 03.170, Firmware: FortiGate-60D v5.2.9,build0736b736,160907 (GA) (Release), Signal 11 received, Backtrace: [0x30d9cb58] [0x30d9790c] [0x30d9ce08] [0x30d86594] [0x30c8cf34] [0x30c9eb28] [0x30c69d3c] [0x008aff60] [0x008b1d98] [0x008b34e0] [0x00039938] [0x008b3980] [0x008b4944] [0x00039938] [0x000393ac] [0x00037450] [0x00038f8c] [0x000368bc] [0x300e3bc4]" 
bommi
Contributor III

Lucascat wrote:

Upgraded 60D.

IPS Engine continuosly crash:

 

Any help?

 

type=event subtype=system level=warning vd="root" logdesc="Application crashed" action=crash msg="Pid: 00585, application: ipsengine 03.170, Firmware: FortiGate-60D v5.2.9,build0736b736,160907 (GA) (Release), Signal 11 received, Backtrace: [0x30d9cb58] [0x30d9790c] [0x30d9ce08] [0x30d86594] [0x30c8cf34] [0x30c9eb28] [0x30c69d3c] [0x008aff60] [0x008b1d98] [0x008b34e0] [0x00039938] [0x008b3980] [0x008b4944] [0x00039938] [0x000393ac] [0x00037450] [0x00038f8c] [0x000368bc] [0x300e3bc4]" 

Just ask the technical support for ips engine in version 3.0288.

 

Kind Regards,

Dominik

NSE 4/5/7

Itguy

Ralph1973 wrote:

Hello, anyone who has this version already in production environments? Are there any major issues ?

This version is only containing bug fixes and no new features , isn't it?

 

Kind regards,

 

Ralph Willemsen

We've upgraded 2 of the 400 or so units we manage to 5.2.9.. No issues so far. We were forced to do it on a major production unit because of the known HTTP/S flow bug in 5.2X series prior to this. One got upgraded by a field tech not realizing he should have upgraded to 5.2.8 instead. So that gives us our two production units to test this on. (20D and 100D)

 

No issues noted so far, the logs look clean.

kckong
New Contributor III

Have tried on FWF-90D with 2 WAN lines,  from 5.2.8.

 

After upgrade, the traffic became unstable, connection will lost frequency

 

Then roll back to 5.2.8, everything back to normal

 

Danny

 

Lucascat
New Contributor III

@Danny, probably the same problem of IPS engine crashing every web request

kckong
New Contributor III

I'm afraid not, as many users said the telnet session also disconnected frequency

 

May be I need to roll-back all 10 units back to 5.2.8 first for safety

 

 

 

Chris

Saddly i can also confirm Crash of IPSEngine in 5.2.9 on a FWF60D

 

15356: 2016-09-16 02:05:54 <00119> application ipsengine 03.170 15357: 2016-09-16 02:05:54 <00119> *** signal 11 (Segmentation fault) received *

 

Unfortunately my contract has expired 5 days ago. All I can do is to disable ips or to roll-back.

 

vgatti
New Contributor

kckong wrote:

Have tried on FWF-90D with 2 WAN lines,  from 5.2.8.

After upgrade, the traffic became unstable, connection will lost frequency

Then roll back to 5.2.8, everything back to normal

Danny

Same problem here, FGT-90D

I'll downgrade to a previous version and see if the problem is solved.