Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
James_G
Contributor III
6 Solutions
emnoc
Esteemed Contributor III

Same here, 6.2.3 is solid and works great. 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

View solution in original post

emnoc
Esteemed Contributor III

We have both on but on all medium size 200 and 300Es, so it looks good for now. Will keep monitor.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

View solution in original post

Jirka1

ede_pfau wrote:

thanks for responding - neither do I, I prefer to use a FAZ instead of an x1 model, better investment even in the short run...

 Hi Ede, Today I upgraded to 6.2.3: 2x 81E HA -  from version 6.0.8, all without any problems (SSL VPN, IPsec VPN, without UTM) 1x 61E - from version 6.0.8, all without any problems (SSL VPN, IPsec VPN, full UTM)

 

everything is connected to FAZ200D, 6.0.7

 

only where I had in Custom device group in Policy after the update it changed to "all" - watch it.

 

 

Jirka

View solution in original post

Jirka1

Hi Ede, yes, they do

 

Jirka

View solution in original post

James_G
Contributor III
JaapHoetmer
New Contributor III

Hi there,

 

I have found an issue with 6.2.3 where emails with attachments sent from Outlook using SMTPS (465) were blocked. After disabling the UTM checks on the outbound policy the email functions returned to normal.

 

This firewall was upgraded Sunday the 12th, and the problem appeared on Monday morning the 13th. No other changes were performed on the firewall apart from the upgrade.

 

Kind regards, Jaap

View solution in original post

40 REPLIES 40
James_G

Ede, do you want me to check on a 51e with 6.2.3 tomorrow?
Jirka1

Hi Ede, yes, they do

 

Jirka

James_G
Contributor III

Awesome!
justme
New Contributor

Upgraded FGT-92D from 6.2.2 build 1010 to 6.2.3 build 1066 and had a few issues.

1. SSL management stopped working - there were no logs regarding httpsd startup failiure; system global admin-server-cert was empty - had to reconfigure it from SSH;

2. Ever since the update (and later downgrade to 6.2.2) SSH key is recreated after a reboot. Can't find a log regarding it either;

3. The system is using PPPoE on uplink, had to manually change MTU on an email server behind it; downgrading back to 6.2.2 resolved the issue;

4. Have some issues with ipsec site2site connection, still looking what might be the cause.

James_G
Contributor III

Re IPSEC - it might be the same as issue I found - had to add the following to config vpn ipsec phase1-interface

 

set net-device disable

 

I think 6.2.3 has an undocumented change in default behavior and now enabled the setting by default

JaapHoetmer
New Contributor III

Hi there,

 

I have found an issue with 6.2.3 where emails with attachments sent from Outlook using SMTPS (465) were blocked. After disabling the UTM checks on the outbound policy the email functions returned to normal.

 

This firewall was upgraded Sunday the 12th, and the problem appeared on Monday morning the 13th. No other changes were performed on the firewall apart from the upgrade.

 

Kind regards, Jaap
rete
New Contributor

sigmasoftcz wrote:

Hi Ede, yes, they do

[attachImg]https://forum.fortinet.com/download.axd?file=0;181980&where=message&f=lacp.jpg[/attachImg]

 

Jirka

Can you check if they now have "Redundant Interfaces" also?

Adding LACP support, that is technically way more complicated, but not simple port redundancy would be illogical.

justme
New Contributor

I am pretty much sure there's an issue or a change in packet processing defaults regarding packet size/mtu/fragmentation between FortiOS 6.2.2 and 6.2.3. I am using FGT92D with PPPoE uplink (8 bytes of overhead) on an ordinary Ethernet link (1500 MTU). The system is a gateway for some TCP baced services (SSH, SMTP, POP3, IMAP, HTTPS, RDP, ...) behind a NAT (RFC1918 network) and when updating from 6.2.2 to 6.2.3 the connection drops when trying to let's say send an email over TLS, or even doing a "show full-configuration" over couple of SSH connections. I opened a ticket and did multiple tests with TAC Engineer and I am able to reproduce the issue every time when upgrading to 6.2.3. I could change tcp-mss-* values in every policy and/or set tcp-mss on an interface, but i'd really like the system would have the same processing of packets as it did in 6.2.2. Could someone that has a lab environment confirm this?

ede_pfau
Esteemed Contributor III

@Jirka:

Hi Ede, yes, they do
great! Good news for us desktop model users. Thanks a lot for testing.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
patrickdg

justme wrote:

I am pretty much sure there's an issue or a change in packet processing defaults regarding packet size/mtu/fragmentation between FortiOS 6.2.2 and 6.2.3. 

I've the same behaviour with a 100F and PPPoE WAN Connection. Back to 6.2.2 and it's working again.