FortiOS 6.0.4 is out!

Hosemacht · ‎01-11-2019

lots of bugfixes

https://docs.fortinet.com...release-notes/download

sudo apt-get-rekt

SMabille · ‎01-28-2019

You can get a FAZ license for $1 on AWS for 500Gb and up to 2 "home" Fortigate/VDOM (up to Fortigate 90 and VM-01), still have to pay for AWS usage, I'm at around $25 a month.

(https://aws.amazon.com/marketplace/pp/B06Y1K63ZH?qid=1548667167351&sr=0-1&ref_=srh_res_product_title...)

dfollis wrote:
I have a home setup of the following:

FWF-60E v6.0.4 build0231 (6.0.4)
FSW-108D-POE v3.6.9-build0426 (this model does not support v6)
FortiAP FP221C v6.0-build0027 (just upgraded to build0030, 6.0.4)

Fairly simple setup for home using these devices. I've experienced random outages after ~24 hours after upgrading from 6.0.3 to 6.0.4. Symptom is Wifi will be down and hard wire connection to FWF-60E will not respond without a hard power reset.

I first tried to update my FSW from 3.6.8 to .9 but crash occurred again. This AM after another hard reset was needed, I noticed that 6.0.4 for FP221C was released on 1/25 so I have just updated that. As this is a home setup, I'm not paying for FAZ (considering we spend thousands of dollars on FTNT gear at work sure would be nice for free FAZ with low daily limit for home use/testing, just saying :-)).

I do have a synology though so I'm going to enable SYSLOG and dump to that to see if I can get better system events. When I check events logged to FortiCloud I don't see anything odd. Running "diag debug crashlog read" shows the following:

1: 2019-01-26 22:27:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 2: 2019-01-26 22:27:12 <00152> scanunit=manager str="Success loading anti-virus database." 3: 2019-01-26 22:37:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 4: 2019-01-26 22:37:12 <00152> scanunit=manager str="Success loading anti-virus database." 5: 2019-01-26 22:40:14 the killed daemon is /bin/pyfcgid: status=0x0 6: 2019-01-26 22:59:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 7: 2019-01-26 22:59:12 <00152> scanunit=manager str="Success loading anti-virus database."
8: 2019-01-27 12:33:03 <00152> scanunit=manager str="Success loading anti-virus database."

It is interesting that that last event logged is an AV update until I reset it 12 hours later, see events 7 and 8 above.

Not sure if anyone else is seeing stability issues like this. It is possible I have an odd config that is causing an issue as I have a few VLANs that are trunked over my FSW, but nothing unconventional that I'm aware of. Will update post if I see another crash.

View solution in original post

GusTech · ‎01-11-2019

Nice!

522576 GUI always loading VPN interface when there is over 5k VPN tunnel interfaces.

What a bug.. Who have over 5k VPN tunnel interfaces?

Fortigate <3

mike_dp · ‎01-11-2019

Anyone tried it yet? We plan to try it in the next few days. Lots of bug fixes for sure!

Fortigate : 80E, 80F, 100E, 200F, 300E : 6.4.6

FortiAnalyzer, ForticlientEMS

GusTech · ‎01-11-2019

Tested 2*100e in lab, will test in production next week.

Fortigate <3

SEI · ‎01-12-2019

Had someone a chance to test authentication based on LDAP, which stopped working after 5.6.4 and 6.x.x releases; but works fine in 5.6.3? According to other threads in this forum, it is a confirmed bug and should be resolved in 5.6.8 but 6.0.x ? The LDAP(S) authentication on our 1200D HA did not work on any 6.0.x releases so far. (It does not work as we have a high number of groups user accounts are member of and probably it also dependts on how deep the nested group structure is)

Jirka1 · ‎01-12-2019

Yesterday tested on 2x 200E (LDAP, 12x IPsec, SSL, Radius, deep inspection), 81E, 60E, 60D - not found any problems. Pleasant surprise...

Jirka1 · ‎01-12-2019

ok, the first problem appeared. In version 6.0.4, IP addresses do not translate to DNS names at src address. This is happening in both FortiView and Logs section on all tested boxes.

Jirka

SMabille · ‎01-14-2019

Hi,

Upgraded 60E (home lab) from 6.0.3 to 6.0.4:

- Had a chrome popup requesting access to webcam while moving around admin (device inventory) - not reproduced since.

- Massive amount of admin logging session from 127.0.0.1, only noticed when tried to log in after 20 hours and had warning maximum number of admin sessions (100) reached, checked the system log and attempt to open sessions from 127.0.0.1 about one per 30 sec / 1 minute.

Obviously really worried about firmware contains malware, opened ticker with Fortinet.

Anyone noticed similar behaviour?

bommi · ‎01-14-2019

SMabille wrote:
- Had a chrome popup requesting access to webcam while moving around admin (device inventory) - not reproduced since.
...
Obviously really worried about firmware contains malware, opened ticker with Fortinet.

Anyone noticed similar behaviour?

This is an expected behaviour.

Just go to "User & Device" --> "Custom Devices & Groups" --> Edit a Device --> Press the "Capture Image" Button.

No malware... Only a feature to capture an Image.

Regards

bommi

NSE 4/5/7

SMabille · ‎01-14-2019

Hi,

Except I didn't select Capture image, and it doesn't explain the large number of self-admin logging using my credential from 127.0.0.1 even when not logged.

EDIT: Looks like the admin log ins have been solved upgrading FortiAnalyzer from 6.0.3 to 6.0.4

Thanks,

Stephane

bommi wrote:
SMabille wrote:
- Had a chrome popup requesting access to webcam while moving around admin (device inventory) - not reproduced since.
...
Obviously really worried about firmware contains malware, opened ticker with Fortinet.

Anyone noticed similar behaviour?

This is an expected behaviour.
Just go to "User & Device" --> "Custom Devices & Groups" --> Edit a Device --> Press the "Capture Image" Button.

No malware... Only a feature to capture an Image.

Regards
bommi