Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Baptiste
Contributor II

5.4.0 is Out

Hey, who is going first ?

 

Some small models like 40C are not support.

Just have a quick look at release notes, there is a loooooot of know issues...

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
2 Solutions
Bipbaep
New Contributor

Any possibility to get old GUI back? New one is seriously ugly and hurt my eyes...

View solution in original post

emnoc
Esteemed Contributor III

IMHO In a production business env you should not upgrade to any new release unless it's a do or die must have feature that you need.

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
69 REPLIES 69
Baptiste
Contributor II

What's new is now available (122 pages !!!) : http://docs.fortinet.com/uploaded/files/2801/fortigate-whats-new-54.pdf

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
natech
New Contributor

Took the 5.4 plunge and was pleasantly surprised to see everything generally working. New interface is slick and fast, but still has some growing pains and idiosyncrasies. Switched from the default monochrome theme, as my eyes didn't appreciate everything being blurred together. :)

 

FGT 1000C previously running 5.2.5, with a few hundred policies along with dozens of objects and SSL VPN portals, FSSO authentication for two AD domains along with RADIUS accounting enabled from our wireless system, multiple VLANs running off an LACP trunk, two ipsec tunnels to Azure, and heavily utilizing application inspection, web filtering, IPS, and captive portals.

 

So far so good, but I will update if I hit any snags.

discoscott
New Contributor III

Can anyone shed any more light on the new feature Virtual Wire Pair and whether its possible to bring a Layer 2 (pseudowire) VPN between two sites ? Or is it more a port grouping technology ?

Carl_Wallmark

discoscott wrote:

Can anyone shed any more light on the new feature Virtual Wire Pair and whether its possible to bring a Layer 2 (pseudowire) VPN between two sites ? Or is it more a port grouping technology ?

It´s more like "transparent vdom" between two interfaces but inside a NAT vdom.

 

There is no pseudowire in FortiOS, however they have added something called VXLAN, that could be used for L2 networks (I think), but it needs VXLAN headers in the packets, (vmware support it).

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Greg_Hennessy

Way to go Fortinet, Almost the entirety of the 'C' product line orphaned by this release. 

No attempt to port FortiOS 'lite' as listed for the 30E 

 

Bravo... 

emnoc
Esteemed Contributor III

Way to go Fortinet, Almost the entirety of the 'C' product line orphaned by this release

 

 

This is not new or something to be alarm about. It was the same thing with A & B models, these lower end devices are going to be EoL/EoS so FTNT is not going to  draft them into the latest greatest FortiOS and specially if end of support is so close or near.

 

Remember if you take the standard  with FTNT we have  a 3 year life-cycle per fortios major release.

 

http://socpuppet.blogspot.com/2014/07/understanding-fortinet-lifecycle.html

 

FWIW , Most hardware that's a  A/B or earlier models,  have reached the final firmware release ( FFR ) and the Cs are nearing the same thing in the next 1/2 nears.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
neonbit
Valued Contributor

Works great so far on VM and 100D, interface is alot more polished than the beta.

 

The supported models has FWF30D but I can't find the image for it online. Does anyone know when this will be released?

discoscott
New Contributor III

Up and running on a 300D in my lab - new GUI looks good. Nice and fast

neonbit
Valued Contributor

I'm having some troubles with ssl deep packet inspection. After the upgrade all the sites are now being signed by the default Fortinet_SSLProxy certificate instead of the one I imported. Is anyone else seeing this?

 

### Edit ###

I created a new CSR, signed it with my CA, re-imported and changed the SSL/SSH profile to use this new certificate. The FortiGate is now using this new certificate correctly. If I go back in the SSL/SSH profile and select the old custom certificate it uses the Fortinet_SSLProxy one instead. Not sure why this is..

Top Kudoed Authors