Fullmoon
Contributor III
5 Solutions
simonorch

Upgraded my lab 60E and noticed either a deliberate change in behaviour or a bug but i couldn't find it in the notes.

 

when dhcp dns settings are at default (same as system dns) and the WAN/internet connection retrieves dns servers from dhcp, the previous behaviour was for the dhcp aquired dns servers to be used in internal dhcp scopes. Now it uses the configured system dns (fortiguard by default), which could be fatal for users if you have restricted dns traffic in your policies

 

I haven't tested this on any other boxes to confirm so i could be mistaken but be aware

NSE8 Fortinet Expert partner - Norway

View solution in original post

bascheew
New Contributor III

Another bug.  In IPS, the severity column is blank!  You can't filter on severity as a result.

 

View solution in original post

neonbit
Valued Contributor

bascheew wrote:

Another bug.  In IPS, the severity column is blank!  You can't filter on severity as a result.

 

I can confirm I'm seeing the same thing. No severity or targets are populated in the GUI for IPS signatures so you can't filter on them.

 

*edit* Yup it's a known bug, scheduled to be fixed in 6.2.3.

View solution in original post

bascheew
New Contributor III

thuynh wrote:

Hi bascheew, we could not reproduce the issue in our lab. Can you provide more details on your config (FGT model, FAP model, how's the FAP profile is setup, etc). Does it happen to new FAP profile? Your gif also doesnt work. 

 

The Fortigate is 500e, APs are 421E.  I cloned the profile and the same thing happened on the cloned profile.  Let's see if this GIF works:

 

View solution in original post

thuynh_FTNT

Hi Richard, this is just a display issue. You should still be able to configure IPS profile and the feature still works as before.

View solution in original post

27 REPLIES 27
richinnz

neonbit wrote:

bascheew wrote:

Another bug.  In IPS, the severity column is blank!  You can't filter on severity as a result.

 

I can confirm I'm seeing the same thing. No severity or targets are populated in the GUI for IPS signatures so you can't filter on them.

 

*edit* Yup it's a known bug, scheduled to be fixed in 6.2.3.

Does anyone know if this is just a display/GUI bug, or is this affecting the signature selection for the IPS profile if you have severity based signature filters?

thuynh_FTNT

Hi Richard, this is just a display issue. You should still be able to configure IPS profile and the feature still works as before.

AlexFeren
New Contributor III

sigmasoftcz wrote:
Finally add support for wildcard FQDN addresses in firewall policy!

After being removed in 5.4?

simonorch

Possible bug seen in both 6.2.1 and 6.2.2

 

diag traffictest client-intf  seems to be stuck on port1 even if you can define another port, wan1 for example. When trying to run the test i get an error saying port1 could not be found, which isn't surprising on a 60E.

 

tried on 300E with 6.2.1 and a 400D with 6.0.6 and it works fine

 

tried using 6.2.1 and 6.2.2 on two different 60E, same result.

 

Edit: same thing on a 60D with 6.0.6, so is traffictest not supported on smaller boxes?

NSE8 Fortinet Expert partner - Norway

snobs

As this issue exists (https://fortiguard.com/psirt/FG-IR-18-100) and the only way to fix it is upgrading to FortiOS 6.2.x can you recommend using 6.2 right now?

boneyard
Valued Contributor

snobs wrote:

can you recommend using 6.2 right now?

who are you asking specifically? fortinet usually doesnt give such advise based on no further information and even then they cant with a hard guarantee say it will be fine.

 

as a fellow user i would wait, you are running the lastest code with many new features, i will wait a while longer. the issue reported on PSIRT FG-IR-18-100 doesnt feel worth the added risk in production. if you have a test / development environment sure see how it goes.

boneyard
Valued Contributor

oh a fun one i noticed, the red GUI theme is gone in 6.2.2

 

wondering if it returns in 6.2.3

thuynh_FTNT

>wondering if it returns in 6.2.3 Negative :) it has been replaced with a much cooler "Neutrino" theme inspired from our Accelerate 19 conference.

boneyard

thanks for the answer, could you perhaps share anything about this choice? it feels so random to remove a theme on a minor upgrade.

thuynh_FTNT

>thanks for the answer, could you perhaps share anything about this choice? it feels so random to remove a theme on a minor upgrade. Hi Boneyard, for sure. As I mentioned, this was a new theme we introduced during Accelerate this year and it got many positive feedbacks so we decided to add it to our latest patch so everyone can enjoy it. The removal of the old theme is part of our continuous effort to improve the user interface as old themes become outdated with newer GUI design.