- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: v6.0 is here
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
v6.0 is here
I hope it 's all good ;)
PCNSE
NSE
StrongSwan
Solved! Go to Solution.
PCNSE
NSE
StrongSwan
Labels:
- Labels:
-
6.0
3 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Andy Bailey wrote:I've getting a "Failed to save some changes: Input value is invalid" message (showing in the attachment) when I try and modify a policy (for example add an anti-spam to an existing policy).
Hey,
I don't have that problem - works fine for me since Beta 3.
Can you run the following on a Command Line, while you try to modify a policy:
diag deb reset
diag deb ena
diag deb cli 8
... and post the output
Br,
Roman
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
romanr wrote:Andy Bailey wrote:I've getting a "Failed to save some changes: Input value is invalid" message (showing in the attachment) when I try and modify a policy (for example add an anti-spam to an existing policy).
Can you run the following on a Command Line, while you try to modify a policy:
diag deb reset
diag deb ena
diag deb cli 8
... and post the output
In addition, please enable "diag debug app httpsd -1" and include that output.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Andy Bailey wrote:I've attached the output your requested Roman and Jordan. Thanks for your help.
Nothing really obvious for me. I tried opening the policy and then clicking ok (no changes) and again (no changes) same result both times. I tried Edge instread of Firefox too- no changes there either.
The key lines seem to be:-
[httpsd 9510 - 1522869450 error] cmdb_commit_from_json[1426] -- error saving request object to CLI (-651) [httpsd 9510 - 1522869450 error] _api_cmdb_v2_config[1137] -- error editing object (nret=-651) [httpsd 9510 - 1522869450 error] api_return_http_result[516] -- API error -651 raised
Interestingly I can delete policies- I just tried deleting a couple of unused policies and that worked fine (highlighted from the "IPv4 Policy" list and then just delete.
Any other ideas?
Hi Andy, we've tried with several FGTs and were unable to reproduce your issue. Looks like it's specific to your config after upgrade. From your CLI debug output, the CLI is rejecting the change (any policy edit save) from the GUI.
0: config firewall policy 0: edit 15 0: set ssl-ssh-profile "SSL Certs-Block Untrusted\\Invalid" -651: end
Here are a few other things to try:
1. Can you use the CLI to edit a policy? You can use the above commands to see further error reported by the CLI
2. Can you use the GUI to create new Policy? if not, please also include CLI and httpsd debug message
3. Does this happen to any policy edit via the GUI? 4. Can you check if your interfaces are correctly upgraded?
5. Which FGT model are you using? if possible, can you share your full config with us? you can email me the config at thuynh@fortinet.com
Tri
60 REPLIES 60
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Stephane,
The proxy mode works well on my ENV. What is exact version of v6?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
FortiGate-60E v6.0.0,build0076,180329 (GA)
help.netlfix.com appeared as if it was wrongly categorised on Fortiguard, at least on the cached data.
Tried to add it to web rating override without luck. I didn't had the time to troubleshoot further, such as attempting to flush cache... so the override might just not invalidate the cache?
If needed I could do some more testing and open a ticket if needed.
kurtli_FTNT wrote:Hi Stephane,
The proxy mode works well on my ENV. What is exact version of v6?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks. I will reproduce in lab with the same version and target, will go back to you later.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Stephane,
So first, I suppose there is a typo in your post, 'netlfix' vs 'netflix'. No website is taking response for "help.netlfix.com". Thus, the category for that is 'General Interest - Business'. If correct it with 'help.netflix.com', then the category becomes to 'Bandwidth Consuming' and sub-cate is 'streaming media and download', which makes sense.
And the rating override works well against 'help.netflix.com' on proxy-mode. I override it to 'gambling' and can see it's blocked.
1: date=2018-04-19 time=16:19:08 logid="0316013056" type="utm" subtype="webfilter" eventtype="ftgd_blk" level="warning" vd="root" eventtime=1524179948 policyid=4 sessionid=1897 srcip=10.1.100.211 srcport=57073 srcintf="port5" srcintfrole="undefined" dstip=52.38.152.174 dstport=80 dstintf="port12" dstintfrole="undefined" proto=6 service="HTTP" hostname="help.netflix.com" profile="k" action="blocked" reqtype="direct" url="/" sentbyte=80 rcvdbyte=0 direction="outgoing" msg="URL belongs to a denied category in policy" method="domain" cat=11 catdesc="Gambling" crscore=30 crlevel="high"
We do have a known issue on flow-mode and it will be fixed on the next release.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The LDAP diag test auth ldap is working from cli-cmd but fails via the WebGui FortiOS v6.0
Who all here is seeing the same issues?
Ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Ken,
Can you please share some more configuration details ?
Also when you do the test from GUI can you enable HTTPS debug.
To obtain debug:
1. Open Command Line Interface for FortiGate
2. Type in
diagnose debug enable
diagnose application httpsd -1
3. Conduct Test from GUI and copy the debug information
Thanks !
Farazi
emnoc wrote:The LDAP diag test auth ldap is working from cli-cmd but fails via the WebGui FortiOS v6.0
Who all here is seeing the same issues?
Ken
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Confirmed SANs cert with 8k bit key does NOT working for the admin-server for the FortiOS. It was tried into 2 FGTs btw
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all.
We have upgraded same Fortigates to 6.0 FortiOS and users fail to login when use LDAP. Radius authentication with windows NPS work fine and we have configured as alternative.
If I create a new user in Active Directory works fine with LDAP authentication, but existing users fail to login.
Is there any solution to this issue?
Thank you in advance.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Accionet
Did you do any diag from the cli for test authentication and with LDAP? Since you said new users, I expect something is wrong from the AD side of things.
Start with basic level diagnostics
diag test authserver ldap diag test authserver ldap-search I'm on JumpCloud and have no users auth with LDAPS and v6.0 fwiw ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello emnoc.
diag test authserver ldap
authenticate 'old_user' against 'LDAP_xxxx' succeeded!
Do not show groups, but
authenticate 'new_user' against 'LDAP_xxxx' succeeded!
Group membership(s) - CN=Mobile Users,OU=Security Groups,OU=MyBusiness,DC=xxxxxxx,DC=local
CN=Usuarios Terminal Server,CN=Users,DC=xxxxxxx,DC=local CN=Remote Web Workplace Users,OU=Security Groups,OU=MyBusiness,DC=xxxxxxx,DC=local CN=GRUPOADMINISTRACION,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=xxxxxxx,DC=local CN=AccesoSSLVPN,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=xxxxxxx,DC=local CN=Usuarios del dominio,CN=Users,DC=xxxxxxx,DC=local
Show all grups for this user.
It seems a problemm with permissions in AD. But in 5.6.3 work fine.
Thanks.
Related Posts
- Dysfunctional "Monitor Wifi Login Failures", Widget 29 Views
- Phishing false positive affects my domain 78 Views
- BGP Peering - My Fortigate -... 129 Views
- FortiClient Automatisierung (PAM) 77 Views
- GeoIP Block Not working 138 Views
Labels
-
FortiGate
6,491 -
FortiClient
1,295 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
413 -
5.6
362 -
FortiSwitch
331 -
FortiAP
331 -
FortiClient EMS
260 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
104 -
FortiGuard
102 -
FortiGateCloud
87 -
FortiSIEM
86 -
FortiCloud Products
82 -
IPsec
70 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
57 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
18 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
FortiAuthenticator
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSID
6 -
SSL SSH inspection
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Security profile
5 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
NAC policy
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.