Created on 05-12-2020 04:53 PM
If you're having connectivity issues, check if DoS sensor is enabled. If so, disable it completely. That should resolve the issue you're seeing.
Created on 05-26-2020 05:57 PM
I had a conversation with an FTNT SE today about 6.2.4 problems. The major issues seem to boil down to below three issues:
1. DoS policy issue: It's still an known issue with 6.2.4 and not resolved, which is in the release notes.
2. IPS engine keeps crashing. A new engine is planned to be released soon. Then this would be resolved.
3. WAD memory leak issue is still not 100% resolved.
6.2.5 will fix these issues and come out relatively shortly although he couldn't tell me any target date. He recommended to wait for 6.2.5. But likely 6.0.10 comes out before 6.2.5.
By the way, FMG/FAZ 6.2.4 was to just fix vulnerabilities. They wanted to release it ASAP without waiting for bug fixes. Then 6.2.5 came out right after that with bug fixes. It was just coincidental they came out one after another.
My issue was that I upgraded 200E to 6.2.4 , 80E to 6.2.4 and FAZ to 6.2.5.
6.2.4 has DoS issue which breaks VIPs
6.2.X changes SSL Inspection w/ SSH which broke DUO 2FA for me, fix was easy, had to exclude url from inspection but took a bit to track down
FAZ 6.2.5 had to have some reliability feature turned off to work with <100E Fortigates
I also patched about 45 windows servers the same weekend. #neveragain
Tonight we have upgraded our 300D and 500E Fortigate clusters to 6.2.4 (previous 6.0.8).
Keep you posted :)
FortiAnalyzer / 6.4.0
FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6
FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0
FortiWeb VM / 6.3.2
FortiManager VM / 6.4.0
Everything works ok after upgrade 300D cluster to 6.2.4? I want to upgrade 300D and 60E cluster this weekend.
Yesterday just upgraded FG-60F standalone, today i discovered problem with partially stopping traffic (some VPN connections was down and problem reachable DNS serwers). I don't know the issue, after rebooting Fortigate problem was fixed.
went through the update yesterday. The first few hour everything run smoothly. Come morning policies with VIP broke and VOIP no audio. everything go haywire and had to revert back.
200E-(NAT, SDWAN, IPsec, BGP, SSL, Radius, FSSO, VIP) - no issues 60E + 81E (NAT, SDWAN, IPsec, SSL, Radius, FSSO) - no issues runtime 26 hours
Today i upgraded 100D, 50E - no issues so far.
As i noticed before was one issue with 60F today, but exactly i don't known the reason - probably ISP problem. Now just looking for (on 60F model i use: SSLVPN, dynamic routing like BGP or OSPF, few VPN tunnels, SDWAN, multiple secure profiles, VIP, NAT).
This weekend i will upgrade another 60F, cluster of 60E models, 30E, FG-60E and FWF-60E and maybe FG-300E.
If everything will be ok on next week many other models...