Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tanr
Valued Contributor II
3 Solutions
mjcrevier

If you're having connectivity issues, check if DoS sensor is enabled. If so, disable it completely. That should resolve the issue you're seeing.

 

 

View solution in original post

Toshi_Esumi
Esteemed Contributor II

I had a conversation with an FTNT SE today about 6.2.4 problems. The major issues seem to boil down to below three issues:

1. DoS policy issue: It's still an known issue with 6.2.4 and not resolved, which is in the release notes.

2. IPS engine keeps crashing. A new engine is planned to be released soon. Then this would be resolved.

3. WAD memory leak issue is still not 100% resolved.

6.2.5 will fix these issues and come out relatively shortly although he couldn't tell me any target date. He recommended to wait for 6.2.5. But likely 6.0.10 comes out before 6.2.5.

 

By the way, FMG/FAZ 6.2.4 was to just fix vulnerabilities. They wanted to release it ASAP without waiting for bug fixes. Then 6.2.5 came out right after that with bug fixes. It was just coincidental they came out one after another.

View solution in original post

Kevin_Shanus

My issue was that I upgraded 200E to 6.2.4 , 80E to 6.2.4 and FAZ to 6.2.5. 

 

6.2.4 has DoS issue which breaks VIPs

6.2.X changes SSL Inspection w/ SSH which broke DUO 2FA for me, fix was easy, had to exclude url from inspection but took a bit to track down

FAZ 6.2.5 had to have some reliability feature turned off to work with <100E Fortigates

 

I also patched about 45 windows servers the same weekend. #neveragain

View solution in original post

74 REPLIES 74
Toshi_Esumi
Esteemed Contributor II

GUI slowness is apparently with Firefox (mine is 68.8.0). Chromium  81.0.4044.138 doesn't have the slowness.

Also I set up a VIPs (vipgrp: one for ICMP, another for TCP2200->22) to see it would break after some period.

TheJaeene

toshiesumi wrote:

Also did anyone else notice GUI is slower ("circling" a while when dig into deeper)? It maybe because my 50E is not so powerful. But I didn't notice it when it was running 6.0.9. I saw a similar comment at Reddit as well.

Yep noticed that too, the GUI often seems "stuck" even if the CPU is idle.

James_G

toshiesumi wrote:

Also did anyone else notice GUI is slower ("circling" a while when dig into deeper)? It maybe because my 50E is not so powerful. But I didn't notice it when it was running 6.0.9. I saw a similar comment at Reddit as well.

Toshi, are you making comparison between 6.0.9 and 6.2.4 re performance, or did you use 6.2.3 before

 

I use 6.2.3 everywhere and always thought GUI is not as fast as 6.0.x, think I would loose my cool if it got worse

visk
New Contributor III

on 60F - for now some VIP stopped working, some VPN stopped working.

on 100D after 12 hours Internet interface (on VLANs) also stopped working.

peterse
New Contributor

What release would you recommend as most stable atm? We went from 6.0.9 with RDP disconnection bug, otherwise it worked fine.

Any experience with 6.4.0?

TheJaeene

 

We have many Boxes running 6.2.3 without any Issues here. So I think that´s the way to go right now.

 

6.4.0 is running quite stable for the first GA, although the release was rushed to market. (FOS 6.4.1 is knocking at the door already). But I wouldnt recommend using 6.4.0 in productive environments.

 

peterse

Downgrading from 6.2.4 to 6.2.3 will cause configuration loss, or is it safe?

Or shall I downgrade to 6.2.3 and restore the 6.2.3 config?

When comparing both configs, I see a difference only in ENC password and certificate files.

TheJaeene

peterse wrote:

Downgrading from 6.2.4 to 6.2.3 will cause configuration loss, or is it safe?

Or shall I downgrade to 6.2.3 and restore the 6.2.3 config?

When comparing both configs, I see a difference only in ENC password and certificate files.

I downgraded a Box that was running quite a lot of Services (VPN, WLC, FSSO, Tokens) and the only thing that the diag deb config-error-log brought up was the invalid WTP Profiles for  FAP431F e.g.

 

Running fine after downgrading to 6.2.3 for about 12 Hours now.

 

 

 

emnoc
Esteemed Contributor III

A basic FGT was updated last night outside of it took quite a long time to be able to login back in, the upgrade went with 0 issues

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

Sebastiaan_Koopmans

We have upgraded our 300D and 500E Clusters and running FOS 6.2.4 now for 4 days without any issue!

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0