Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alby23
Contributor II

FortiOS 5.2.9 is out

http://docs.fortinet.com/uploaded/files/3285/fortios-v5.2.9-release-notes.pdf

 

The list of the resolved issues is important IMHO, just some tips:

297421 HTTPs traffic is blocked after AV/IPS database update from FortiGuard.

306929 Fortigate memory logging is automatically enabled after reboot.

382828 When trying to access internal server through SSL VPN in web mode, the login page is not

371264 Modify user ran into lock when trying to change user's password during sslvpn connection.

376599 Keep IPSec traffic on the hardware during rekeying causes kernel panic.

1 Solution
ddskier

I ended up opening another ticket with Fortinet because IPS engine 3.0289 still has an issue.

 

They ended up providing me 3.0173.   I would open a ticket and ask for this ips engine.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

View solution in original post

43 REPLIES 43
ddskier

Did you ever open a ticket with support about sslvpn being broken on 5.2.9?

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

FredMB
New Contributor

Same problem here with a 60D with ipsengine crashing many times a day : 

type=event subtype=system level=warning vd="root" logdesc="Application crashed" action=crash msg="Pid: 02321, application: ipsengine 03.170, Firmware: FortiGate-60D v5.2.9,build0736b736,160907 (GA) (Release), Signal 11 received, Backtrace: [0x30d9cb58] [0x30d9790c] [0x30d9ce08] [0x30d86594] [0x30c8cf34] [0x30c9eb28] [0x30c69d3c] [0x008aff60] [0x008b1d98] [0x008b34e0] [0x00039938] [0x008b3980] [0x008b4944] [0x00039938] [0x000393ac] [0x00037450] [0x00038f8c] [0x000368bc] [0x300e3bc4]"

 

From what I see in this post, my ips engien is rather old. Should an update solve this problem ? 

If I downgrade to 5.2.8, can you confirm this should also sovled this problem ?

 

Regards,

 

Fred

Lucascat
New Contributor III

FredMB wrote:

Same problem here with a 60D with ipsengine crashing many times a day : 

type=event subtype=system level=warning vd="root" logdesc="Application crashed" action=crash msg="Pid: 02321, application: ipsengine 03.170, Firmware: FortiGate-60D v5.2.9,build0736b736,160907 (GA) (Release), Signal 11 received, Backtrace: [0x30d9cb58] [0x30d9790c] [0x30d9ce08] [0x30d86594] [0x30c8cf34] [0x30c9eb28] [0x30c69d3c] [0x008aff60] [0x008b1d98] [0x008b34e0] [0x00039938] [0x008b3980] [0x008b4944] [0x00039938] [0x000393ac] [0x00037450] [0x00038f8c] [0x000368bc] [0x300e3bc4]"

 

From what I see in this post, my ips engien is rather old. Should an update solve this problem ? 

If I downgrade to 5.2.8, can you confirm this should also sovled this problem ?

 

Regards,

 

Fred

Downgraded my FGT-60d to 5.2.8. No IPS problem.

colinbutcher

5.2.9 build 736 on FG60D gives frequent IPSengine crashes.

Reverting to 5.2.8 build 727 works fine.

Any news on an updated 5.2.9a that fixes this problem ?

ELwestcoast

We noticed this issue after upgrading from 5.2.8 to 5.2.9 on a number of 60Ds.  While working with Fortinet support, he said it's a known issue with the 60Ds and 90Ds with how the IPS engine in 5.2.9 works with the hardware.

 

The bundled IPS engine version is 3.00170, and when working with support they uploaded a new IPS def to bring the engine to version 3.00172.  That corrected the issue for us, the ipsengine process hasn't crashed for going on 24 hours now (had been crashing every minute).  If you have support, open a ticket to get the new engine.

 

EL

Salas

Have 600c clucter upgraded using recomended upgrade path 5.23->5.2.5->5.2.7->5.2.9

And about 14 60D.

No issues.

mas1971
New Contributor III

IPS engine Update from 3.00170 to 3.00172 will not go automaticly? is there any manual download?

Best wishes out of Germany
ELwestcoast

According to support the engine is only updated manually by uploading the file (or when you upgrade code as it's bundled in).  I'm not sure how granular the def updates are, but this engine is specific to the 60D and 90D models.  Our firewalls check for updates at least every two hours and over 24 hours didn't auto pull the new engine; manually telling it to update didn't update the engine either after waiting about an hour.

 

I haven't found the engine listed on the support site.

 

We run pretty much full UTM on all connections. In our case, the 60Ds we saw the crashing issue at ~1000 sessions, whereas the 60Ds not processing as many sessions either didn't have the crashing issue or it was much less frequent.  You can check for the crashing under Log & Report > System or in an Analyzer if you have one.

ddskier

I ended up opening another ticket with Fortinet because IPS engine 3.0289 still has an issue.

 

They ended up providing me 3.0173.   I would open a ticket and ask for this ips engine.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

storaid

annoying problems:

1. broken internet with IPv6

2. broken SSL-VPN function

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1