Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tanr
Valued Contributor II
3 Solutions
mjcrevier

If you're having connectivity issues, check if DoS sensor is enabled. If so, disable it completely. That should resolve the issue you're seeing.

 

 

View solution in original post

Toshi_Esumi
Esteemed Contributor II

I had a conversation with an FTNT SE today about 6.2.4 problems. The major issues seem to boil down to below three issues:

1. DoS policy issue: It's still an known issue with 6.2.4 and not resolved, which is in the release notes.

2. IPS engine keeps crashing. A new engine is planned to be released soon. Then this would be resolved.

3. WAD memory leak issue is still not 100% resolved.

6.2.5 will fix these issues and come out relatively shortly although he couldn't tell me any target date. He recommended to wait for 6.2.5. But likely 6.0.10 comes out before 6.2.5.

 

By the way, FMG/FAZ 6.2.4 was to just fix vulnerabilities. They wanted to release it ASAP without waiting for bug fixes. Then 6.2.5 came out right after that with bug fixes. It was just coincidental they came out one after another.

View solution in original post

Kevin_Shanus

My issue was that I upgraded 200E to 6.2.4 , 80E to 6.2.4 and FAZ to 6.2.5. 

 

6.2.4 has DoS issue which breaks VIPs

6.2.X changes SSL Inspection w/ SSH which broke DUO 2FA for me, fix was easy, had to exclude url from inspection but took a bit to track down

FAZ 6.2.5 had to have some reliability feature turned off to work with <100E Fortigates

 

I also patched about 45 windows servers the same weekend. #neveragain

View solution in original post

74 REPLIES 74
James_G
Contributor III

High hopes

 

Will await feedback to see if Fortinet got it right this time

Sebastiaan_Koopmans

Tonight we have upgraded our 300D and 500E Fortigate clusters to 6.2.4 (previous 6.0.8).

 

Keep you posted :)

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

emnoc
Esteemed Contributor III

We will do a few FGT100E and FWF51E in the next few days.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

James_G
Contributor III

I am hearing that it might have a nasty bug with VIPs stopping working after a few hours. From other forum.
visk

Everything works ok after upgrade 300D cluster to 6.2.4? I want to upgrade 300D and 60E cluster this weekend.

Yesterday just upgraded FG-60F standalone, today i discovered problem with partially stopping traffic (some VPN connections was down and problem reachable DNS serwers). I don't know the issue, after rebooting Fortigate problem was fixed.

Phuoc_Ngo
New Contributor

went through the update yesterday.  The first few hour everything run smoothly.  Come morning policies with VIP broke and VOIP no audio.  everything go haywire and had to revert back.

James_G

Yes same issue as I reported above, so confirmed. Everyone stay away from this release!

Jirka1
Contributor III

200E-(NAT, SDWAN, IPsec, BGP, SSL, Radius, FSSO, VIP) - no issues 60E + 81E (NAT, SDWAN, IPsec, SSL, Radius, FSSO) - no issues runtime 26 hours

visk
New Contributor III

Today i upgraded 100D, 50E - no issues so far.

As i noticed before was one issue with 60F today, but exactly i don't known the reason - probably ISP problem. Now just looking for (on 60F model i use: SSLVPN, dynamic routing like BGP or OSPF, few VPN tunnels, SDWAN, multiple secure profiles, VIP, NAT).

This weekend i will upgrade another 60F, cluster of 60E models, 30E, FG-60E and FWF-60E and maybe FG-300E.

If everything will be ok on next week many other models...