Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Hosemacht
Contributor II

FortiOS 6.0.4 is out!

lots of bugfixes

 

https://docs.fortinet.com...release-notes/download

sudo apt-get-rekt

sudo apt-get-rekt
1 Solution
SMabille

You can get a FAZ license for $1 on AWS for 500Gb and up to 2 "home" Fortigate/VDOM (up to Fortigate 90 and VM-01), still have to pay for AWS usage, I'm at around $25 a month.

(https://aws.amazon.com/marketplace/pp/B06Y1K63ZH?qid=1548667167351&sr=0-1&ref_=srh_res_product_title...)

 

dfollis wrote:

I have a home setup of the following:

 

FWF-60E v6.0.4 build0231 (6.0.4)

FSW-108D-POE v3.6.9-build0426 (this model does not support v6)

FortiAP FP221C v6.0-build0027 (just upgraded to build0030, 6.0.4)

 

Fairly simple setup for home using these devices.  I've experienced random outages after ~24 hours after upgrading from 6.0.3 to 6.0.4.  Symptom is Wifi will be down and hard wire connection to FWF-60E will not respond without a hard power reset.

 

I first tried to update my FSW from 3.6.8 to .9 but crash occurred again.  This AM after another hard reset was needed, I noticed that 6.0.4 for FP221C was released on 1/25 so I have just updated that.  As this is a home setup, I'm not paying for FAZ  (considering we spend thousands of dollars on FTNT gear at work sure would be nice for free FAZ with low daily limit for home use/testing, just saying :-)).

 

I do have a synology though so I'm going to enable SYSLOG and dump to that to see if I can get better system events.  When I check events logged to FortiCloud I don't see anything odd.  Running "diag debug crashlog read" shows the following:

 

1: 2019-01-26 22:27:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 2: 2019-01-26 22:27:12 <00152> scanunit=manager str="Success loading anti-virus database." 3: 2019-01-26 22:37:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 4: 2019-01-26 22:37:12 <00152> scanunit=manager str="Success loading anti-virus database." 5: 2019-01-26 22:40:14 the killed daemon is /bin/pyfcgid: status=0x0 6: 2019-01-26 22:59:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 7: 2019-01-26 22:59:12 <00152> scanunit=manager str="Success loading anti-virus database."

8: 2019-01-27 12:33:03 <00152> scanunit=manager str="Success loading anti-virus database."

 

It is interesting that that last event logged is an AV update until I reset it 12 hours later, see events 7 and 8 above.

 

Not sure if anyone else is seeing stability issues like this.  It is possible I have an odd config that is causing an issue as I have a few VLANs that are trunked over my FSW, but nothing unconventional that I'm aware of.  Will update post if I see another crash.

View solution in original post

52 REPLIES 52
SMabille

You can get a FAZ license for $1 on AWS for 500Gb and up to 2 "home" Fortigate/VDOM (up to Fortigate 90 and VM-01), still have to pay for AWS usage, I'm at around $25 a month.

(https://aws.amazon.com/marketplace/pp/B06Y1K63ZH?qid=1548667167351&sr=0-1&ref_=srh_res_product_title...)

 

dfollis wrote:

I have a home setup of the following:

 

FWF-60E v6.0.4 build0231 (6.0.4)

FSW-108D-POE v3.6.9-build0426 (this model does not support v6)

FortiAP FP221C v6.0-build0027 (just upgraded to build0030, 6.0.4)

 

Fairly simple setup for home using these devices.  I've experienced random outages after ~24 hours after upgrading from 6.0.3 to 6.0.4.  Symptom is Wifi will be down and hard wire connection to FWF-60E will not respond without a hard power reset.

 

I first tried to update my FSW from 3.6.8 to .9 but crash occurred again.  This AM after another hard reset was needed, I noticed that 6.0.4 for FP221C was released on 1/25 so I have just updated that.  As this is a home setup, I'm not paying for FAZ  (considering we spend thousands of dollars on FTNT gear at work sure would be nice for free FAZ with low daily limit for home use/testing, just saying :-)).

 

I do have a synology though so I'm going to enable SYSLOG and dump to that to see if I can get better system events.  When I check events logged to FortiCloud I don't see anything odd.  Running "diag debug crashlog read" shows the following:

 

1: 2019-01-26 22:27:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 2: 2019-01-26 22:27:12 <00152> scanunit=manager str="Success loading anti-virus database." 3: 2019-01-26 22:37:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 4: 2019-01-26 22:37:12 <00152> scanunit=manager str="Success loading anti-virus database." 5: 2019-01-26 22:40:14 the killed daemon is /bin/pyfcgid: status=0x0 6: 2019-01-26 22:59:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 7: 2019-01-26 22:59:12 <00152> scanunit=manager str="Success loading anti-virus database."

8: 2019-01-27 12:33:03 <00152> scanunit=manager str="Success loading anti-virus database."

 

It is interesting that that last event logged is an AV update until I reset it 12 hours later, see events 7 and 8 above.

 

Not sure if anyone else is seeing stability issues like this.  It is possible I have an odd config that is causing an issue as I have a few VLANs that are trunked over my FSW, but nothing unconventional that I'm aware of.  Will update post if I see another crash.

seadave

@SMaBille you changed my life.  It is funny how you can be so advanced at somethings, and be aware of other solutions that you at the time do not use, until someone says "hey dummy, try this!"  I stood up a FAZ in AWS today.  My first AWS VM by the way, and it works great.  I went with the $1, t2.tiny instance, already had IAM configured for Glacier, created my ssh keys, applied a firewall policy, and I was able to sync my FWF-60E to it on the first try.  Awesome.  Amazon suggests it will cost $17/month which is fine by me considering what I paid previously for a FAZ VM license on my home network.  So now that it is running, I am seeing a ton of messages similar to what was reported above:

 

Destination IP127.0.0.1 Source IP127.0.0.1 Device IDFWF60E4Q1####### Device NameGATE Useradmin User Interfacehttps(127.0.0.1) Methodhttps Sub Typesystem Typeevent Actionlogin Levelalert Reasonpasswd_invalid Log DescriptionAdmin login failed Log ID0100032002 MessageAdministrator admin login failed from https(127.0.0.1) because of invalid password SN0 Statusfailed Virtual Domainroot Date/Time00:29:50 Destination End User ID0 Destination Endpoint ID3 Device Time2019-01-29 00:29:50 End User ID3 Endpoint ID3 Event Time1548750590 Time Stamp2019-01-29 00:29:50 bid1365 dvid1026 idseq205745199928836098 logver60

 

This makes no sense to me as I am not logging into a local host address?  I also do not have the HTML5 console open for extended periods.  This is repeated every 60 seconds, whether I am logged into the UI or not.

 

My FWF-60E has been crashing after ~12 hours it seems.  Hard reset brings it back.  Now that it is talking to FAZ I should be able to get better telemetry if it happens again.  Before I setup the FAZ I was logging to memory and a syslog device.  I have both of those options disabled now.  Will see if that helps.

SMabille

Hi,

 

You are welcome, I came across it by chance, not something published / promoted enough. Might have been mentioned on fndn.

 

For the error below, download the FortiAnalyzer 6.0.4 image "FAZ_VM64_AWSOnDemand-v6-build0292-FORTINET.out" from support site and apply it to your AWS. Had the same issue.

 

 

dfollis wrote:

@SMaBille you changed my life.  It is funny how you can be so advanced at somethings, and be aware of other solutions that you at the time do not use, until someone says "hey dummy, try this!"  I stood up a FAZ in AWS today.  My first AWS VM by the way, and it works great.  I went with the $1, t2.tiny instance, already had IAM configured for Glacier, created my ssh keys, applied a firewall policy, and I was able to sync my FWF-60E to it on the first try.  Awesome.  Amazon suggests it will cost $17/month which is fine by me considering what I paid previously for a FAZ VM license on my home network.  So now that it is running, I am seeing a ton of messages similar to what was reported above:

 

Destination IP127.0.0.1 Source IP127.0.0.1 Device IDFWF60E4Q1####### Device NameGATE Useradmin User Interfacehttps(127.0.0.1) Methodhttps Sub Typesystem Typeevent Actionlogin Levelalert Reasonpasswd_invalid Log DescriptionAdmin login failed Log ID0100032002 MessageAdministrator admin login failed from https(127.0.0.1) because of invalid password SN0 Statusfailed Virtual Domainroot Date/Time00:29:50 Destination End User ID0 Destination Endpoint ID3 Device Time2019-01-29 00:29:50 End User ID3 Endpoint ID3 Event Time1548750590 Time Stamp2019-01-29 00:29:50 bid1365 dvid1026 idseq205745199928836098 logver60

 

This makes no sense to me as I am not logging into a local host address?  I also do not have the HTML5 console open for extended periods.  This is repeated every 60 seconds, whether I am logged into the UI or not.

 

My FWF-60E has been crashing after ~12 hours it seems.  Hard reset brings it back.  Now that it is talking to FAZ I should be able to get better telemetry if it happens again.  Before I setup the FAZ I was logging to memory and a syslog device.  I have both of those options disabled now.  Will see if that helps.

seadave

@SMabille, are you saying the 6.0.4 FAZ update fixes the localhost failed login events or Gate crashing?  I can see now with my FAZ that my Gate stopped passing traffic at 2:20AM last night until I hard rebooted it this AM.  I can't find any events coinciding with the drop.  In fact it looks like system CPU and memory usage were nominal at the time.  So I guess my next step is to connect a machine with Putty on it to the console to see if I can log a crash event.  Very frustrating.  I have to trouble shoot stuff at work all day, would be nice if I didn't have to do so at home also.  As another test I attempted to reset my FS108DPOE, but that didn't bring things up so the issue is definitely with the FWF60E.

SMabille

The 6.0.4 FAZ update will fix the multiple 127.0.0.1 login errors, since then I also haven't noticed further complete crash. I suspect reaching maximum logging sessions (and keeping trying) might impact resource and possibly cause crash.

 

Everything not fantastic either, I have performance issues that are difficult to pin point to anything particular. I suspect DNS server and/or DNS helper to be involved but very difficult to troubleshoot/pinpoint the root cause (I already noticed the issue on 6.0.3). No failed session but increased latency and what looks like reduced bandwidth.

 

dfollis wrote:

@SMabille, are you saying the 6.0.4 FAZ update fixes the localhost failed login events or Gate crashing?  I can see now with my FAZ that my Gate stopped passing traffic at 2:20AM last night until I hard rebooted it this AM.  I can't find any events coinciding with the drop.  In fact it looks like system CPU and memory usage were nominal at the time.  So I guess my next step is to connect a machine with Putty on it to the console to see if I can log a crash event.  Very frustrating.  I have to trouble shoot stuff at work all day, would be nice if I didn't have to do so at home also.  As another test I attempted to reset my FS108DPOE, but that didn't bring things up so the issue is definitely with the FWF60E.

streeb2021

I would be interested to know now that the dust has settled on this release how people feel about it. Currently my suite of Fortigate clusters are sitting on 5.6.8 and I am considering a move to 6.0.4. but wonder whether it is worth moving onto the 6.0.x train if you are not actively leveraging the security fabric side of things. 

SecurityPlus

I would be interested in feedback from others too.
Frosty

I haven't tested at all with v6.0.anything but as a matter of principle I'm going to wait for v6.2.n (probably v6.2.4 or later) before I even consider leaving v5.6.n ... no particular features that I need in v6 and there was only 1 bug that I have seen in v5.6 that impacted on me; was able to work around it, so no urgency to upgrade for me.

TiagoTanno

SMabille wrote:

You can get a FAZ license for $1 on AWS for 500Gb and up to 2 "home" Fortigate/VDOM (up to Fortigate 90 and VM-01), still have to pay for AWS usage, I'm at around $25 a month.

(https://aws.amazon.com/marketplace/pp/B06Y1K63ZH?qid=1548667167351&sr=0-1&ref_=srh_res_product_title...)

 

dfollis wrote:

I have a home setup of the following:

 

FWF-60E v6.0.4 build0231 (6.0.4)

FSW-108D-POE v3.6.9-build0426 (this model does not support v6)

FortiAP FP221C v6.0-build0027 (just upgraded to build0030, 6.0.4)

 

Fairly simple setup for home using these devices.  I've experienced random outages after ~24 hours after upgrading from 6.0.3 to 6.0.4.  Symptom is Wifi will be down and hard wire connection to FWF-60E will not respond without a hard power reset.

 

I first tried to update my FSW from 3.6.8 to .9 but crash occurred again.  This AM after another hard reset was needed, I noticed that 6.0.4 for FP221C was released on 1/25 so I have just updated that.  As this is a home setup, I'm not paying for FAZ  (considering we spend thousands of dollars on FTNT gear at work sure would be nice for free FAZ with low daily limit for home use/testing, just saying :-)).

 

I do have a synology though so I'm going to enable SYSLOG and dump to that to see if I can get better system events.  When I check events logged to FortiCloud I don't see anything odd.  Running "diag debug crashlog read" shows the following:

 

1: 2019-01-26 22:27:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 2: 2019-01-26 22:27:12 <00152> scanunit=manager str="Success loading anti-virus database." 3: 2019-01-26 22:37:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 4: 2019-01-26 22:37:12 <00152> scanunit=manager str="Success loading anti-virus database." 5: 2019-01-26 22:40:14 the killed daemon is /bin/pyfcgid: status=0x0 6: 2019-01-26 22:59:10 scanunit=manager pid=152 str="AV database changed; restarting workers" 7: 2019-01-26 22:59:12 <00152> scanunit=manager str="Success loading anti-virus database."

8: 2019-01-27 12:33:03 <00152> scanunit=manager str="Success loading anti-virus database."

 

It is interesting that that last event logged is an AV update until I reset it 12 hours later, see events 7 and 8 above.

 

Not sure if anyone else is seeing stability issues like this.  It is possible I have an odd config that is causing an issue as I have a few VLANs that are trunked over my FSW, but nothing unconventional that I'm aware of.  Will update post if I see another crash.

FAZ on AWS costs 1$ ? (license)

i dont understand this question about license

seadave

It is a pay as you go model.  So instead of paying $1300 upfront with a ~$600/year renewal, you pay for usage over the course of a year.  I'm storing ~4TB of data on Glacier and have a FAZ instance running and I'm being charged ~$30 a month.  Plus I don't have to worry about devoting onsite hardware to running the FAZ which I was running as a HyperV VM beforehand.  AWS also has a Bring Your Own License (BYOL) model which is a better fit in some situations.

 

It is important to note, the price is so low for me because I have a very low log ingestion rate.  If you did this for a company of 100 folks, you FAZ DB would grow faster and you would most likely be charged more depending on your data retention settings.

 

The link I posted above provides more info.  The Amazon model is pay less per month to preserve cash flow, but end up paying more over the course of a year compared to paying up front.  Not dissimilar to any other type of lease.

Labels
Top Kudoed Authors