- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: When is 5.4.1 going to drop?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When is 5.4.1 going to drop?
Is there an ETA as to when 5.4.1 is going to drop? I have a brand new 300D that I am waiting to put into production as soon as 5.4.1 is ready.
Solved! Go to Solution.
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
by end of next week (April 15)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That amount of clashes is nothing to worry about I'd say. On the LB-vdom I mentioned earlier the log shows 6-digit amounts of clashes. The clash counter is reset at reboot btw, and is not related to the current amount of sessions. It is just an ongoing counter.
To my knowledge, all restarts of applications with restart option 11 (segmentation fault) in FortiOS is seen as a crash. It doesn't have to mean anything bad per se. The OS recycles processes all the time using option 15 (graceful restart). When that doesn't work, it moves on to try to restart with option 11 wich will generate a log entry in the syslog. The recycle process continues all the time, buffers needs to be cleared etc etc. However, a constant restarting of the same application can also mean various problems - Memory leaks, buffer overflows etc.
I checked your log, but I can't see anything else then the PID and some weird ASCII-signs as application name. It does look kinda odd.
Check your logs and keep track of if the application crash log entries correlates with odd behaviour in the firewall, we're talking sudden reboots, functions and features stopping/not working.
What does "diagnose debug crashlog read" say?
Also, do a "diagnose sys top", a few times during the day. Do you have processes in Z or D state?
Richie
NSE7
Richie
NSE7
104 REPLIES 104
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgraded our 100D a/p test cluster from 5.2.7->5.4.1. Due to the changes in switch behaviour, hard-switch interfaces (interface-mode) did immediately filter stp bpdu packets and caused the RSTP enabled switches to run in an l2-loop. Excellent 
There's now a GUI option to enable stp on hard-switch interfaces and an undocumented "set stp enable" for nat/route mode hard-switch interfaces.
Does anyone know how to reduce the GUI font size? A 22" monitor isn't large enough anymore.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Don't know a way to reduce the font size just for the GUI, but just changing the browser zoom level (Ctrl+'-') will shrink the fonts and window sizes.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From which version did you do the upgrade?
omega wrote:Fortios 5.4.1 Upgrade killed two of our 60d so far.
We had to format the boot device to get them working again.
Please wait for system to restart.
Any hints? Firmware upgrade in progress ... Fail in creating /etc/cert/local Fail in creating /etc/cert/ca Fail in creating /data/etc/ssh Fail in creating /data/./config/ Done. The system is going down NOW !! EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180507 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180484 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180485 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180486 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180487 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180488 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180489 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180490 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180491 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180492 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180493 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180494 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180495 Please stand by while rebooting the system. Restarting system. FortiGate-60D (10:05-12.14.2015) Ver:05000001 Serial number: FGT60D.... CPU(00): 800MHz Total RAM: 2GB Initializing boot device... Initializing MAC... nplite#0 Please wait for OS to boot, or press any key to display configuration mPlease wait for OS to boot, or press any key to display configuration menu. Booting OS... Boot image open failed. Boot failed. Please check boot device or OS image ... System halted. Please power off or press any key to reboot.
NSE 8
NSE 1 - 7
NSE 8
NSE 1 - 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Omega,
About 60D error messages
--------------------------
Firmware upgrade in progress ... Fail in creating /etc/cert/local Fail in creating /etc/cert/ca Fail in creating /data/etc/ssh Fail in creating /data/./config/ Done.
--------------------------
Thanks for your feedback. We also experienced same issues a few times on 60D and will dig into it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We upgraded from 5.4.0.
From what i see i guess that the update confuses disk partitions. After repairing we have very different mounts between devices. one cluster member wouldnt come up with some hdisk status mismatch.
The 60d seem to have a sdb-device which could be used for logging but should not be in use in our case.
It seems that /var/log and something on sda (e.g. /data?) get mixed up.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@netmin:
BPDU filter behavior has changed between v5.2.3 and v5.2.6 which makes our life hard with 92Ds. FTNT incorporated the 'set stp enable' option in v5.4.1 only as this was the next patch scheduled. We hope that this option (a.k.a. workaround) will be backported to v5.2 as well but this is not yet decided upon.
There will be an updated Release Notes for v5.4.1 soon with more hints towards this issue.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Even after formatting the boot device and installing new firmware from tftp, the devices differ in their partition layout. Some have /dev/sda1 as /data and some sda2. On that devices sda1 is /var/log.
Remaining devices on 5.4.0 all have sda1 as /var/log, so i guess all will fail when updating.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reproducible error. I just installed 5.2.6 for comparison /dev/sda1 247.9M 31.7M 203.3M 14% /data /dev/sda3 3.2G 71.3M 2.9G 2% /data2 /dev/sda3 3.2G 71.3M 2.9G 2% /var/log now sda3 ist mounted under two different locations. Update to 5.4.0: /dev/sda2 247.9M 35.8M 199.2M 15% /data /dev/sda3 3.2G 71.3M 2.9G 2% /data2 /dev/sda1 247.9M 31.7M 203.3M 14% /var/log Update to 5.4.1: Firmware upgrade in progress ... Fail in creating /etc/cert/local Fail in creating /etc/cert/ca Fail in creating /data/etc/ssh Fail in creating /data/cmdb/ Fail in creating /data/./config/ Done. The system is going down NOW !! Please stand by while rebooting the system. Restarting system. FortiGate-60D (10:49-11.12.2014) Ver:04000024 Serial number: FGT60D... CPU(00): 800MHz Total RAM: 2GB Initializing boot device... Initializing MAC... nplite#0 Please wait for OS to boot, or press any key to display configuration menu....... Booting OS... Boot image open failed. Boot failed. Please check boot device or OS image ... System halted. Please power off or press any key to reboot.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
that better make reformat and reimage device from bios rommonitor. better way. Other ways very sad that these heavi issue was not cats before new image relese.
FG-50E/60D/60E, FAP-221B/21D, FortiClient.
FG-50E/60D/60E, FAP-221B/21D, FortiClient.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks like the partition /dev/sda2 is missing, and the update doesn't check or create it. So /data cannot be mounted, producing the error messages.
Bad glitch. I wonder how FTNT will issue a v5.4.1.1 "micropatch"...
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Related Posts
- Which Firewall of Fortigate help me... 92 Views
- Missing Client certificate in Forticlient drop... 279 Views
- VPN intermittent traffic lost, found reverse... 840 Views
- FortiGate/FortiSwitch VLANs 337 Views
- AP-Fail 1057 Views
Labels
-
FortiGate
6,450 -
FortiClient
1,287 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
66 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
Interface
11 -
BGP
10 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.