Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alby23
Contributor II
1 Solution
wcbenyip
New Contributor III

I just upgraded our box (200D, 100D, 80CM..) with the latest v5.6.0, and also upgraded the FA with the latest v5.4.2 (it needs to rebuild the DB for 2 days..) Everything seems good and the IPSec VPN, SSLVPN without any dropping after the upgrading.

 

I noticed that the "Threat Map" in v5.4.4 is gone once upgraded to v5.6.0... even it's somehow a gimmick, but it's nice if can keep in v5.6~

 

The Physical / Logical Topology is nice but I found it recognized the host in the wrong side... like an internal host located at the side of WAN1... I am not sure but I set the role as LAN for internal ports and the DMZ...

 

For the CSF (Cooperative Security Fabric).. seems I have to enable the FortiTelementry on interfaces and must to use OSPF rather than static routing.... still not yet fully experience the benefit / beauty of Security Fabric....

Protect yourself~ http://www.secunia.com MBCS CEH FCNSA

View solution in original post

23 REPLIES 23
MikePruett
Valued Contributor

Hurts that you can't use NGFW style policies with zones right now. It forces you to use the NAT table when you do that but it kinda doesn't work with zones. Spits out an error in the gui and the zone interface isn't even an option in the CLI.

Jordan_Thompson_FTNT

We are reviewing support for Zones in central NAT rules (for NGFW) to see if it can be supported in a future release.

MikePruett

Thanks Jordan, Hopefully it can be as I use zones almost exclusively to consolidate and reduce policy counts.

PDG
New Contributor

I'm also waiting for the 200E/201E.

wcbenyip
New Contributor III

I just upgraded our box (200D, 100D, 80CM..) with the latest v5.6.0, and also upgraded the FA with the latest v5.4.2 (it needs to rebuild the DB for 2 days..) Everything seems good and the IPSec VPN, SSLVPN without any dropping after the upgrading.

 

I noticed that the "Threat Map" in v5.4.4 is gone once upgraded to v5.6.0... even it's somehow a gimmick, but it's nice if can keep in v5.6~

 

The Physical / Logical Topology is nice but I found it recognized the host in the wrong side... like an internal host located at the side of WAN1... I am not sure but I set the role as LAN for internal ports and the DMZ...

 

For the CSF (Cooperative Security Fabric).. seems I have to enable the FortiTelementry on interfaces and must to use OSPF rather than static routing.... still not yet fully experience the benefit / beauty of Security Fabric....

Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
NotMine

Hello,

 

Can you please confirm that FortiAnalyzer 5.4.2 is able to collect logs from FortiOS 5.6? There's no such info in the Release Notes and compatibility matrix.

 

Thank you,

Slavko

NSE 7

All oppinions/statements written here are my own.

Sharoness

It does not collect logs! You have to wait till the GA of Forti OS 5.6 for Analyzer

hello

dominikw

Hello,

 

I cannot find how to setup different ntp server than Fortiguard (i.e. pool.ntp.org). In GUI (FG 60D) custom is greyed out and info I should do this in CLI. But in CLI I can see only those options :

 

FGT-DW # config system ntp

FGT-DW (ntp) # show full-configuration

config system ntp    

set ntpsync enable    

set type fortiguard    

set syncinterval 60    

set source-ip 0.0.0.0    

set server-mode disable

end

FGT-DW (ntp) # set type ? 

fortiguard    FortiGuard.

custom        Custom server.

FGT-DW (ntp) # set type custom  <Enter>

FGT-DW (ntp) # set ? 

ntpsync         Enable/disable synchronization with NTP Server.

type            FortiGuard or custom NTP Server.

syncinterval    NTP synchronization interval.

source-ip       Source IP for communications to NTP server.

server-mode     Enable/disable NTP Server Mode.

 

Dominik Weglarz, IT System Engineer

Alby23

config system ntp set ntpsync enable set type custom set syncinterval 60 config ntpserver edit 1 set server "ntp1.inrim.it" next end end

dominikw

Thank you.

 

Dominik Weglarz, IT System Engineer