Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ITGuy11
New Contributor

When is 5.4.1 going to drop?

Is there an ETA as to when 5.4.1 is going to drop?  I have a brand new 300D that I am waiting to put into production as soon as 5.4.1 is ready.

2 Solutions
FGTuser
New Contributor III

by end of next week (April 15)

View solution in original post

kallbrandt

That amount of clashes is nothing to worry about I'd say. On the LB-vdom I mentioned earlier the log shows 6-digit amounts of clashes. The clash counter is reset at reboot btw, and is not related to the current amount of sessions. It is just an ongoing counter.

 

To my knowledge, all restarts of applications with restart option 11 (segmentation fault) in FortiOS is seen as a crash. It doesn't have to mean anything bad per se. The OS recycles processes all the time using option 15 (graceful restart). When that doesn't work, it moves on to try to restart with option 11 wich will generate a log entry in the syslog. The recycle process continues all the time, buffers needs to be cleared etc etc. However, a constant restarting of the same application can also mean various problems - Memory leaks, buffer overflows etc.

 

I checked your log, but I can't see anything else then the PID and some weird ASCII-signs as application name. It does look kinda odd.

 

Check your logs and keep track of if the application crash log entries correlates with odd behaviour in the firewall, we're talking sudden reboots, functions and features stopping/not working.

 

What does "diagnose debug crashlog read" say?

 

Also, do a  "diagnose sys top", a few times during the day. Do you have processes in Z or D state?

 

Richie

NSE7

View solution in original post

Richie NSE7
104 REPLIES 104
FGTuser
New Contributor III

by end of next week (April 15)

Gianluca_Caldi
New Contributor

Fortinet support just said "...FortiOS 5.4.1, which is scheduled to be released the first half of next month..."

FGT: 50E,100D, 200D, 600D
FMG: VM64

FAZ: VM64

FGT: 50E,100D, 200D, 600DFMG: VM64 FAZ: VM64
ShrewLWD

Are there must-have features in 5.4.x, that you are willing to go into production this soon into 5.4.x?  Most veterans on this site would tell you to wait until patch 3 or 4.  5.2.6/7 is far more stable than 5.4. at this point.

SecurityPlus

I seem to remember someone saying that firmware updates that end in an odd number are mostly bug fixes and that those ending in an even number include enhancements? Is that correct? For example 5.4.1- bug fixes, 5.4.2-enhancements.
AndreaSoliva
Contributor III

Hi

 

my view is following! If you compare to other releases like 5.0 and/or 5.2 it was always in this way that until Patch 3 - 5 there was coming new features this means listed as new feature in the "Whats-New" document. This means not that no bugfixes are done in Patch 3 - 5 this means mostly for me only following: As long as a Release hast some new features listed it is for me not acceptable for production use because new features will bring "probably" also new bugs" (we are talking about Security). As soon as you see for a Release under "Whats-New" nothing anymore listed it is a pure BugFix release. This means also Fortinet did not release new features in higher Patch Level if a lower one did not have new features (was in 5.0 and/or 5.2 in this way). From this point of view as soon as Fortinet releases a Patch with no new features meanig BugFix release you can think about to use this release. Before I would not use this release for production use!

 

My view my opinion.

 

Hope this helps

 

have fun

 

Andrea

ede_pfau
Esteemed Contributor III

If we only had a free choice!

 

Not touching v5.4 for the next 4-5 patches means to wait for 12-15 months. And during this "ripening" period we cannot sell the E series into production environments.

 

After more than 10 years, I'm still hoping to find a customer who buys a Fortigate just to play around with it for a year or so, until FortiOS has stabilized and one can put it into production.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
AndreaSoliva

Hi

 

absolutly right and absolutly not understandable why E serie can not be used with 5.2.x. From this point of view is your comment right and no go for E serie specially we are talking about security. I really would appriciate that Fortinet would launche 5.2.x for the E serie but it seems to me not the case....disappointing me!

 

have fun

 

Andrea

net1

@ Andrea

 

I think it's a chipset compatibility problem with the E series - but i agree with you: It's a shame that these models only work with a buggy 5.4.0 ... still waiting for 5.4.1 to come ...

 

BTW: the GUI is really ugly - it's confusing and unstructured ... and without any colour e.g. the policy-section is really a pain ...

 

@ Ede

 

Yes, after 9 years with Fortinet i'm still waiting for customers like that ;)

 

My personal advice: for all models except of the E-Series: don't touch the 5.4 until patch level 3 or 4 ...

 

Claus

-

300C x1, 200E x4, 240D x2, 200D x4, 101E x2, 100E x4, 100D x12, 80C x2, 70D x2, 61E x2, 60E x2, 60D x30, 60C x24, 60B x9, 50E x20, 50B x17, 40C x17, 30E x3

FortiMail VMs

FortiAnalyzer VMs

FortiSandbox (testrun)

- 300C x1, 200E x4, 240D x2, 200D x4, 101E x2, 100E x4, 100D x12, 80C x2, 70D x2, 61E x2, 60E x2, 60D x30, 60C x24, 60B x9, 50E x20, 50B x17, 40C x17, 30E x3 FortiMail VMs FortiAnalyzer VMs FortiSandbox (testrun)
simonorch

Whilst i agree you shouldn't put a GA release in to production i would also say that stubbonrly waiting 3-4 patches no matter what is a little over the top, you can, potentially hit a show stopping bug with any patch and with the exaception of the 'all' services object having the protocol number changed from 0 to 6 in one of the patches, i forget which, 5.2 has been good to me and my customers for the most part.

 

It all depends on which features you use and a little luck. For example, i have one  customer with 573 FG60D running 5.2.1 that have been in production for over 18 months without one single fortigate related problem. We actually did the POC and pilot on the GA release but with a view to using 5.2.1 in production as it happily came out just as we were about to start large scale roll out. 

NSE8 Fortinet Expert partner - Norway

NSE8 Fortinet Expert partner - Norway
Labels
Top Kudoed Authors