Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
James_G
Contributor III

FortiOS 6.0.9 is out

3 Solutions
simonpt
New Contributor III

ValentinoD wrote:

 

Did you experience any more issues after the last update? Did the issue that you were seeing in 6.0.8 only see for RDP coming from SSLVPN?

 

Still seeing the occasional issue with RDP over SSL VPN in 6.0.9, but not nearly as often.

 

ValentinoD wrote:

We are thinking of going to 6.0.9, and while we do not have any SSL VPN on Fortigate, we do have RDP sessions going over IPSec VPN tunnels or other directly connected links.

 

If you don't use SSL VPN, you'll be fine. RDP works okay over IPsec and other links.

View solution in original post

simonpt
New Contributor III

Another issue with 6.0.9 (and perhaps earlier versions) is where a client browsing securely to a FGT virtual server will get disconnected as soon as they send a ClientHello. This isn't reproducible on all our standard virtual servers -- only on one that I'm experimenting on with some advanced features enabled.

 

Further analysis shows that the wad process is crashing. The TAC engineer matched this to a known bug (590039) and advised me that it has been fixed in 6.2.3. When I asked if it would be backported to 6.0, I was told no, it won't, and to upgrade to 6.2.3. I've asked for an explanation on why it won't be backported and haven't heard yet. That was over three weeks ago.

 

According to Fortinet's product life cycle, FOS 6.0's engineering support doesn't end until 29 March 2021. If a daemon is crashing, I don't understand why they don't fix it. I'm certainly not keen to upgrade to a new version like 6.2 just yet.

View solution in original post

Sebastiaan_Koopmans

After upgrading it looks like (currently investigation) that we have random connectivity issues to on premise Exchange servers. They loose connection/outlook freezes sometimes with no reason.

 

Tonight we have downgraded to 6.0.8 to see if this the cause.

Keep you updated

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

View solution in original post

21 REPLIES 21
nostalia_nse7
New Contributor

Definitely looks promising!  I have my first client upgrade happening tomorrow morning.  Then rollout to many others over the coming weeks for those that we haven't had maintenance windows yet for 6.0.8.  Hopefully the list stays short.  Also the shortest list I have seen in forever -- possibly ever.

 

Carl_Wallmark

If you are able to, test the RDP through SSLVPN (in the known issue section), because that is a deal breaker for me and probably most of the firewall admins out there.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

jim3cantos

There are also bugfixes in CDR, but I think they didn't corrected the one I indicated here as support said it was "594202 - AVEN Error when doing CDR for certain PDF" and I can't find it in the list of solved issues. Nobody is using CDR?

José Ignacio Martín Jiménez
jim3cantos

Selective wrote:

If you are able to, test the RDP through SSLVPN (in the known issue section), because that is a deal breaker for me and probably most of the firewall admins out there.

In which version was introduced this one? 6.0.7 or 6.0.8?

José Ignacio Martín Jiménez
Carl_Wallmark

Don´t know, I don´t run 6.0.7 or 6.0.8. It might have been introduced in 6.0.9, but if RDP fails I would stay away from that version.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

Kenundrum

That bug is not listed in any prior release notes, so perhaps introduced in 6.0.9?

CISSP, NSE4

 

simonpt

Selective wrote:

Don´t know, I don´t run 6.0.7 or 6.0.8. It might have been introduced in 6.0.9, but if RDP fails I would stay away from that version.

I experienced the RDP over SSL VPN issue in 6.0.8. (I never tried it with 6.0.7.) When I saw it listed in the 6.0.9 known issues, I asked FortiTAC when it will be fixed and they said:

 

FortiOS v6.4.0 --Expected release date: last week of March, 2020 FortiOS v6.2.4 --Expected release date: last week of April, 2020 FortiOS v6.0.10 --No ETA but I think it will be released in April, 2020 along with v6.2.4

 

Funny thing is, I've now upgraded to 6.0.9 and my RDP sessions seem stable. As I write, they've been running fine now for about 20 minutes, whereas they would disconnect in less than a minute with 6.0.8. Maybe they fixed it after all.

ValentinoD

simonpt wrote:

Selective wrote:

Don´t know, I don´t run 6.0.7 or 6.0.8. It might have been introduced in 6.0.9, but if RDP fails I would stay away from that version.

I experienced the RDP over SSL VPN issue in 6.0.8. (I never tried it with 6.0.7.) When I saw it listed in the 6.0.9 known issues, I asked FortiTAC when it will be fixed and they said:

 

FortiOS v6.4.0 --Expected release date: last week of March, 2020 FortiOS v6.2.4 --Expected release date: last week of April, 2020 FortiOS v6.0.10 --No ETA but I think it will be released in April, 2020 along with v6.2.4

 

Funny thing is, I've now upgraded to 6.0.9 and my RDP sessions seem stable. As I write, they've been running fine now for about 20 minutes, whereas they would disconnect in less than a minute with 6.0.8. Maybe they fixed it after all.

Did you experience any more issues after the last update? Did the issue that you were seeing in 6.0.8 only see for RDP coming from SSLVPN?

 

We are thinking of going to 6.0.9, and while we do not have any SSL VPN on Fortigate, we do have RDP sessions going over IPSec VPN tunnels or other directly connected links.

simonpt
New Contributor III

ValentinoD wrote:

 

Did you experience any more issues after the last update? Did the issue that you were seeing in 6.0.8 only see for RDP coming from SSLVPN?

 

Still seeing the occasional issue with RDP over SSL VPN in 6.0.9, but not nearly as often.

 

ValentinoD wrote:

We are thinking of going to 6.0.9, and while we do not have any SSL VPN on Fortigate, we do have RDP sessions going over IPSec VPN tunnels or other directly connected links.

 

If you don't use SSL VPN, you'll be fine. RDP works okay over IPsec and other links.