bommi
Contributor III
2 Solutions
cryptochrome

Wow, this release is a true bug fest. I don't even know where to begin.

 

[ul]
  • DNAT Static NAT without port forwarding (e.g. 1:1 NAT) not working, broken
  • Enable a rule with URL Filtering: Firewall doesn't forward traffic for other rules (packets disappear in Nirvana)
  • Rule with URL Filtering set to DENY logs completely unrelated allowed traffic (it logs session close for allowed traffic of other rules)
  • Web Filter log is not working (it logs nothing) - blocked/allowed URLs appear in App Filter log instead[/ul]

     

    Those are just a few things that I noticed. 

    Arent's they ashamed of themselves putting something like that out in the wild? I would be.

  • View solution in original post

    SecurityPlus

    Yes, we encountered these two issues on a FortiGate 60E. In spite of my previous statement, I think that both errors occurred on the same firewall. We upgraded another ForthGate 60D with no other problems noted.

     

    1. Log & Report / System Events / Application crashed

    application: ipsengine 04.021

    I was told that this has been reported in bug id: 0506672 and that this requires an upgrade to the IPS engine to version 4.0023

    I made the upgrade to 4.0023 but prior to the upgrade the system event crashes stopped appearing

    No further issues with this issue have been noticed

     

    2. https://www.gotoassist.me certificate warning. Using deep inspection. Forti_ssl certificate was installed on the browser. The certificate for this website was signed by Fort_CA_untrusted. I was told that the Fortiguard team is working on the certificate bundle. They are saying it will be added in certificate bundle 1.00013.

    I was told that I could run:

    You can run the following command to update your bundle : execute update-now To check if it is updated then run diagnose autoupdate versions

    I have not tested this issue further.

     

    No additional issues with 6.0.2 noticed.

    View solution in original post

    25 REPLIES 25
    tanr
    Valued Contributor II

    @SecurityPlus, thanks for being a test subject!  Let us know how it goes.

     

    If you're running IPsec VPN or Application Control I'd love to hear how they work on 6.0.x.

     

    SecurityPlus

    No running IPsec VPN on the upgraded firewall.

     

    Application Control looks to be running normally per the Log & Report / Application Control logs.

     

    I do see some Application crashed errors under Log & Report / System Events. On 4 occasions over about 2 hours I see Application crashed, ipsengine 04.021.

    SecurityPlus

    Ironically, even though I was getting crash notifications about every 30 minutes for a few days after the 6.0.2 upgrade, the crash notifications seemed to have subsided in recent days.

     

    Before the crash notifications stopped, I reported this issue to Fortinet Support. They said that this issue has been reported through bug id: 0506672. Fortinet Support provided a newer IPS engine. I upgraded from IPS Engine Version 4.00021 to 4.00023.

     

    I'm not aware of any issues caused by 6.0.2 on this firewall.

     

    I upgraded another firewall to 6.0.2 and thus far things seem fine on this second firewall as well.

     

     

    Ashik_Sheik

    Hi,

     

    We have configured SSL VPN and IPSEC site to site .There is no much change almost same compared to old versions .Only they have introduced  new feature called one click VPN in 6.0  which i have not tried .

     

    I will report if i encounter any issue .

     

    Regds,

     

    Ashik

    Ashu 

     

    cryptochrome

    SecurityPlus wrote:

    I'm not aware of any issues caused by 6.0.2 on this firewall.

     

    Tons of issues if you switch to the new NGFW policy mode. 

    LBM
    New Contributor III

    I'm planning to upgrade from 5.6.3. Anyone else having issues or it is stable version?

     

    Thanks in advance.

    SecurityPlus

    We have two firewalls running 6.0.2. They are both running well. We had a different issue with each of them initially that Fortinet support addressed. I presume that with each update (i.e. 6.0.3, 6.0.4, etc.) that more and more issues will be addressed.

    LBM
    New Contributor III

    SecurityPlus wrote:

    We have two firewalls running 6.0.2. They are both running well. We had a different issue with each of them initially that Fortinet support addressed. I presume that with each update (i.e. 6.0.3, 6.0.4, etc.) that more and more issues will be addressed.

    What kind of issue? Could you please share? Thank you!

    SecurityPlus

    Yes, we encountered these two issues on a FortiGate 60E. In spite of my previous statement, I think that both errors occurred on the same firewall. We upgraded another ForthGate 60D with no other problems noted.

     

    1. Log & Report / System Events / Application crashed

    application: ipsengine 04.021

    I was told that this has been reported in bug id: 0506672 and that this requires an upgrade to the IPS engine to version 4.0023

    I made the upgrade to 4.0023 but prior to the upgrade the system event crashes stopped appearing

    No further issues with this issue have been noticed

     

    2. https://www.gotoassist.me certificate warning. Using deep inspection. Forti_ssl certificate was installed on the browser. The certificate for this website was signed by Fort_CA_untrusted. I was told that the Fortiguard team is working on the certificate bundle. They are saying it will be added in certificate bundle 1.00013.

    I was told that I could run:

    You can run the following command to update your bundle : execute update-now To check if it is updated then run diagnose autoupdate versions

    I have not tested this issue further.

     

    No additional issues with 6.0.2 noticed.

    Danté

    Hi,

     

    FortiGate 100E

    I found 6.0.2 had many bugs, the biggest ones for us were:

     

    -Logs not working and wrong bandwidth accumulation on reports and widgets. Streaming same sessions gets summed to each other and forms a huge amount of bandwidth but is not the true bandwidth going over the interface.

     

    -DHCP client list just loading forever under interface.

     

    Went back to 6.0.1 no issues.