Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
storaid
Contributor

NOW! FortiOS v5.2.5...

build701

Appeared in the download portal....

but [size="5"]no enhancements?????[/size]

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
2 Solutions
ede_pfau
Esteemed Contributor III

Jeez....

 

no enhancements! Fortinet finally keeps it's promise and just fixes things. Lo and behold. Keep up the good work, give us a rock solid v5.2 and put all the fancy new stuff into v5.4.

 

just my 2ct


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Ede"Kernel panic: Aiee, killing interrupt handler!"
HA
Contributor

Hello,

 

Problems occurs with SSL Inspection on 5.2.5. If you use SSL Inspection, it's better to run 5.2.3 (stable).

 

Regards,

 

HA

 

View solution in original post

69 REPLIES 69
mlohmiller
New Contributor

Wildcards work fine.  I don't even have a * in them.  

See attached picture. It has been working for all sub domains.

storaid

FortiOS v5.2.5 does not support the wildcard FQDN...

now only v5.4.x can do this....

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
mlohmiller

That might be something to discuss with support.  I am doing it on my 5.2.5 system based on my supplied screenshot. 

fdm
New Contributor

We have a 1000D's and we had some issues with 5.2.5 version.We have UTM policies applied but we are not doing a lot of traffic.  It crashed a couple of times. Initially you can see a lot of timeouts in the logs and  finally the firewall stopped processing the DPI traffic. Everything that was inspected was dropped. Disabling all the DPI/UTM/WEB everything that is related to inspection fixed the issue. 

 

My question is if you have experience the same issues and what was you fix? Rolling back to 5.2.4?

dvdsmith
New Contributor

Have a 200B running 5.2.2. SSL inspection not on.  I held off on 5.2.3 and 5.2.4 because of all the problems people reported. 

 

GUI shows 5.2.5 as version to upgrade to. However, looking at release notes, says recommended upgrade path from 5.2.3 and above. Do I trust GUI that path 5.2.5 is safe, or should I manually upgrade to 5.2.3 first? 

Fortigate-200B 5.2.8 Build 727

Fortigate-200B 5.2.8 Build 727
Paul_S

dvdsmith wrote:

Have a 200B running 5.2.2. SSL inspection not on.  I held off on 5.2.3 and 5.2.4 because of all the problems people reported. 

 

GUI shows 5.2.5 as version to upgrade to. However, looking at release notes, says recommended upgrade path from 5.2.3 and above. Do I trust GUI that path 5.2.5 is safe, or should I manually upgrade to 5.2.3 first? 

always obey the release notes!

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
romanr
Valued Contributor

Hey,

 

i got build 707 from support - which is supposed to fix the ssl issues and we did install it on some boxes.

 

after some days of uptime, we did not see any errors .... ssl interception and offloading in the load-balancers seems stable...

 

Br

Roman

Baptiste
Contributor II

Hi,

 

5.2.6 is available

some bug fix :

304566 When [size="2"]ssl inspect[/size][size="2"]-all is set to [/size][size="2"]deep-inspection[/size][size="2"], the proxyworker stops working.[/size]

306415 The SSL traffic causes the proxyworker to stop working.

 

http://docs.fortinet.com/uploaded/files/2861/fortios-v5.2.6-release-notes.pdf

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Paul_S

I hope 5.2.6 fixes my weird issues today:

 

youtube.com won't load properly today. net::ERR_INSECURE_RESPONSE in google chrome console. only caused when webfiltering is enabled. I am using certificate inspection mode only.

 

 screenshot of console errors included. disabling webfiltering on the policy rule resolves the issues.

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Chris

Hi Baptist,

 

in this case it is better to upgrade to 5.2.3 an finally to 5.2.5.

I know Fortigate for years and in every case it is even better to do this.

It also does not cost much time but saves nerves ;)

Besides the V5.2.4 have an crazy sslVPN bug the 5.2.3 maybe in some cases but it works so far.

 

Baptiste wrote:

Hello, I'm running 100D on 5.2.2, I saw on release notes that upgrade to 5.2.5 is only support from 5.2.3.

My question : is upgrade to 5.2.3 buggy ? or I can safely upgrade to 5.2.3 and then to 5.2.5 ? 

Labels
Top Kudoed Authors