storaid
Contributor

FortiOS v5.6.3 is out!

today v5.6.3 has been released...

 

I'm curious...

starting from this version, are you using lazy-loading to improve page loading???

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

1 Solution
rojekj
New Contributor III

Again, new version, new bugs. As always. Again I'm disapointed.

I don't think that it was tested at all.

 

For me it is even more annoying, because I have FG 500E, probably first device in Poland. And 5.6.3 is the first firmware from 5.6 tree, I can't downgrade even if I would want. Another thing, 500E doesn't have internal hard disk and can log only to FAZ, but current GA FAZ release 5.6.0 doesn't cooperate with 500E :D

 

View solution in original post

64 REPLIES 64
rojekj
New Contributor III

AlexFeren wrote:

> "diag sys top" can be used instead.

 

"diagnose sys top-summary" summarises instances of same process type - "diagnose sys top" cannot.

 

Patient: finger's broken and it hurts

Doctor: we'll snip it off - use others

Of course it cannot. Using "top-summary" I was able to locate a problem with high mem usage, because I knew which process was eating too much. "top" is simply useless.

 

We should all talk loud about stupidity od Fortinet's doings. Maybe then they will release firmware because it had reached stable state and was well tested, and not because the planned release dare was reached. This is a huge problem and it must change. Releasing firmware that has 5 or more pages of known issues in release notes is simply not the way to go, Fortinet. Treat your customers more seriously!

rojekj
New Contributor III

One more probem. This time SNMP.

iso.3.6.1.4.1.12356.101.12.2.3.1.1.1 = INTEGER: 2 iso.3.6.1.4.1.12356.101.12.2.3.1.2.1 = Gauge32: 30 iso.3.6.1.4.1.12356.101.12.2.3.1.3.1 = Counter32: 109 iso.3.6.1.4.1.12356.101.12.2.3.1.4.1 = Gauge32: 44 iso.3.6.1.4.1.12356.101.12.2.3.1.5.1 = Counter32: 70 iso.3.6.1.4.1.12356.101.12.2.3.1.6.1 = Gauge32: 12 iso.3.6.1.4.1.12356.101.12.2.3.1.7.1 = Counter32: 67

 

2.1 is the overall number of connected users, 4.1 is the number of web ssl users, and 6.1 is the number of tunnel users.

How on earth the number of web users can be greater then the overall number of users?

This is a test environment. I know that I have 13 web ssl users connected. And that is the number reported in GUI in SSL-VPN Monitor.

By the way, SSL Web users are not removed from the table when they didn't log out properly but closed the browser window. And those users are shown in GUI and in SNMP overall number of users.

 

SMabille

Hi,

 

Good news, I pushed back on the same reply I got from TAC and got it escalated, engineering came back with agreeing it to be a bug.

 

 

rojekj wrote:

AlexFeren wrote:

> "diag sys top" can be used instead.

 

"diagnose sys top-summary" summarises instances of same process type - "diagnose sys top" cannot.

 

Patient: finger's broken and it hurts

Doctor: we'll snip it off - use others

Of course it cannot. Using "top-summary" I was able to locate a problem with high mem usage, because I knew which process was eating too much. "top" is simply useless.

 

We should all talk loud about stupidity od Fortinet's doings. Maybe then they will release firmware because it had reached stable state and was well tested, and not because the planned release dare was reached. This is a huge problem and it must change. Releasing firmware that has 5 or more pages of known issues in release notes is simply not the way to go, Fortinet. Treat your customers more seriously!

SMabille

I'll play Devil's advocate here...

The fact that there is a list of still outstanding issues shouldn't block a release at some point, otherwise you'll never GA a build. We will be the first ones to shout if Fortinet came back with "5.6.1 only going to be released when we solved all the problems, currently scheduled for mid-2018 if no one report further bugs".

I'm glad that Fortinet even publish that list of outstanding issues while other vendors simply don't. Any bug get prioritised and at some point when enough have been fixed a cut-off is decided, outstanding bug fixes are going to the next minor version branch and the cut-off build goes to QA. QA discovered bugs are prioritised again and either solved or passed to next version branch and at some point there is a decision to release. It's the normal process in software development.

 

Where I see an issue is the amount of regression bugs that appear with this release (and in general). Showing the difference between QA and real world utilisation.

 

I think one way forward that Fortinet could improve the issue is to do short beta cycle of minor versions to grab the most obvious/annoying bugs we are complaining about. 

 

It would make the product looks a lot better, if the 2 or 3 most annoying issues would have been detected before release (top-summary, sections in policies, ...); they aren't (I believe) massive issues to fix and the fact they are so visible has a great impact on the confidence in the product, while realistically, beside those, this build seems far more solid and a big step forward to be honest.

 

 

 

rojekj wrote:

 

... 

We should all talk loud about stupidity od Fortinet's doings. Maybe then they will release firmware because it had reached stable state and was well tested, and not because the planned release dare was reached. This is a huge problem and it must change. Releasing firmware that has 5 or more pages of known issues in release notes is simply not the way to go, Fortinet. Treat your customers more seriously!

storaid

WHERE IS "What's News"??????

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

AlexFeren
New Contributor III

SMabille wrote:

I'll play Devil's advocate here...

The fact that there is a list of still outstanding issues shouldn't block a release at some point, otherwise you'll never GA a build.

The point here is that bug fixing seems to be low priority at Fortinet. Proof is that the "Known Issues" list is almost as large as "Resolved Issues" and that's only what Fortinet had chosen to publish.

 

Additionally, unlike with Cisco, I cannot peruse Fortinet's Bug repository description to determine extent or impact of the known issue on production traffic - tagline isn't sufficient.

hklb

Hello,

 

Is someone use the ICAP feature ? Is it working well ?

 

Lucas

MBR
New Contributor III

Waited long time for this release to speed up loading policy and object pages.

Now we are stuck with 'diag sys top-summary' bug.

 

Always replacing bugs with new bugs :(

And now? we have to wait for a couple of months for 5.6.4 to be released to get this simple bug fixed ?!?!

With every release i'm getting more and more disappointed in FortiOS's stability and starting to look for alternatives.

 

Why isn't it possible to release hotfixes or minor releases more often?

Every ticket i create with supports end with the answer i have to wait en upgrade to the next new release.

That's not support!

 

 

- MBR -

NSE1, NSE2, NSE3

FGT60D/E, FWF60D/E, FGT200D

emnoc
Esteemed Contributor III

FWIW 5.6.3  has causes a lot  of  WebGUI waiting to load upon new   logins, but once in we have no issues.

Strange but I figure it should be posted.

 

Ken

 

PCNSE 

NSE 

StrongSwan  

storaid

after 6~7 days, I'm still waiting for "What's New in v5.6.3" doc....

what happened?

no new features were added????...

no, I don't think so....

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1