storaid
Contributor

FortiOS v5.6.3 is out!

today v5.6.3 has been released...

 

I'm curious...

starting from this version, are you using lazy-loading to improve page loading???

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

1 Solution
rojekj
New Contributor III

Again, new version, new bugs. As always. Again I'm disapointed.

I don't think that it was tested at all.

 

For me it is even more annoying, because I have FG 500E, probably first device in Poland. And 5.6.3 is the first firmware from 5.6 tree, I can't downgrade even if I would want. Another thing, 500E doesn't have internal hard disk and can log only to FAZ, but current GA FAZ release 5.6.0 doesn't cooperate with 500E :D

 

View solution in original post

64 REPLIES 64
SMabille

Hi,

 

Good news for you, 5.4.7 is released and compatible with 500E and should be far more stable.

 

rojekj wrote:

Again, new version, new bugs. As always. Again I'm disapointed.

I don't think that it was tested at all.

 

For me it is even more annoying, because I have FG 500E, probably first device in Poland. And 5.6.3 is the first firmware from 5.6 tree, I can't downgrade even if I would want. Another thing, 500E doesn't have internal hard disk and can log only to FAZ, but current GA FAZ release 5.6.0 doesn't cooperate with 500E :D

 

rojekj
New Contributor III

SMabille wrote:

Good news for you, 5.4.7 is released and compatible with 500E and should be far more stable.

 

The problem is with migrating config from 5.6 to 5.4. As far as I know it's not that simple.. Or is it?

SMabille

How did you configure your 500E originally? Was it running 5.6.2 when delivered and you build your whole config on that?

 

Depending on how complicated (how much 5.6 specific) your config is, it might be easy or hard to convert.

If you are using Policy based NGFW, of course it would be impossible.

 

But otherwise, you are likely to be able to workaround by playing with notepad++ and "diag debug config-error-log" trials and errors pushing config and manually tweaking back....

 

rojekj wrote:

SMabille wrote:

Good news for you, 5.4.7 is released and compatible with 500E and should be far more stable.

 

The problem is with migrating config from 5.6 to 5.4. As far as I know it's not that simple.. Or is it?

rojekj
New Contributor III

SMabille wrote:

How did you configure your 500E originally? Was it running 5.6.2 when delivered and you build your whole config on that?

I didn't configure it at all. I've just imported my previous 5.6.2 config from FortiGate-VM64. Didn't have to change much in the config file besides the headers.

 

I don't think that I will switch back to 5.4, as this 5.6.3 works quite well.. beside the fact that it is terribly annoying :)

storaid

identification detection still is terrible for SoC3 box...

most mobile devices like android, iphone can not be get good identification....

I had a contact with your Tech support....

he told me using forticlient is a better solution for suggestion...

oh my.....

you want me inform end-users..

"yeah, forticlient is better...

come on, just take it..."

 

that's not possible, ok...

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

tanr
Valued Contributor II

@storaid, sorry to hear device type identification is still bad.  I've been running into this in the 5.4.x branch (especially with ios devices) but rarely get a reproducible case to report to TAC. 

 

Have you come up with some repro cases for incorrect device type identification that are consistent enough to report?

storaid

@tanr

I can tell you...

this identification detection its accuracy is chaos...

sometimes it's good, sometimes it's very bad...

I have tested various devices many times, e.g. android, windows ASUS android phone: mostly "Other Network Device" type, bad good identification..

SONY xperia: as the same above ASUS phone Windows 2012/2016 with LBFO enabled: obviously, "Other Network Device" type; it definitely can not recognize this device as "Windows device" type.. other windows devices which includes hyper-v vm, no LBFO/LACP enabled: good, almost Windows device type... other android mobile devices: sometimes "Other Network Device" type, sometimes "android device " type; accuracy it's chaos... I have not yet tested linux device, but I have Synology NAS devices based on linux: delete this from device list and re-detect it several times=> "Other Network Device" type...oops

 

older v5.2, this function is working fine...

but since v5.4, definitely it's bad for what fortinet change something...

 

about soc3 box:

The device identification active scan feature uses the port scanning feature provided by the VCM (Vulnerability and Compliance Management) feature. That implies that device active scanning is/was only supported on models that supported VCM.  The VCM feature was deprecated in FortiOS 5.4 and removed in FortiOS 5.6.  The SOC3 models went through the NPI process during that time and since VCM was being removed then no work was done to enable it to run on the SOC3.  It is by design of V5.6 that active scanning is not support on model which is using SOC3. 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

tanr
Valued Contributor II

Ouch.  Sounds like its even worse on 5.6 with SOC3.  We're using active scanning with 5.4.x 100D and 300D which is reasonably accurate for non-mobile devices.  (Though I've got one Windows PC it insists is a mac, and one mac it insists in a linux box.)  It is the mobile device detection that is quite bad on 5.4.7, even with active scanning.  Maybe it will be improved on the non-SOC3 FortiGates with 5.6.x, but I don't hold out much hope for it.

Antonio_Milanese

Hi All,

 

...another "basic" feature broken:

 

the Guest User Management portal administrators cannot read/decode generated guest user passwords!!

 

Tested on a pre production 100D unit upgraded from 5.6.2 and on a spare 30D unit with a 5.6.2 factory

configuration upgraded to 5.6.3..

 

it's working OK in 5.6.2 and broken upon upgraded :| only regular administrators can read/edit/print passwords

 

 

rojekj wrote:

Again, new version, new bugs. As always. Again I'm disapointed. I don't think that it was tested at all.

Yes really bad bad QA :(( Fortinet you really need to fire some of those QA PM since they are surpassing the industry bad code QA leaders like Cisco/HPE..Hey even Microsoft has learned some hard lessons from Vista epic fail !

 

 

emnoc
Esteemed Contributor III

Will  any news,  is news :)

 

 

PCNSE 

NSE 

StrongSwan