Hey, who is going first ?
Some small models like 40C are not support.
Just have a quick look at release notes, there is a loooooot of know issues...
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Any possibility to get old GUI back? New one is seriously ugly and hurt my eyes...
IMHO In a production business env you should not upgrade to any new release unless it's a do or die must have feature that you need.
PCNSE
NSE
StrongSwan
Hi
If I understand correctly, it will not possible to have some profile in flow mode and other in proxy mode in the same VDOM.. Is that correct ?
I have a lot of customer with both configured (proxy mode for access to the internet, and flow mode between internal interface).. I don't want to proxy my communication between two internal interface..
it is very stupid
you can mix some profiles between proxy and flow in CLI....
It was removed because this kind of conf impact a lot on hardware performance.
Regards, Paulo Raponi
60C is not support, hope they release 5.4.1 for 60C don't want to buy another device yet.
Just upgraded 200D:
Policy Based Routing not working since upgrade.
Does anyone using PBR upgraded successfully?
Thanks,
Stephane
osipof wrote:60C is not support, hope they release 5.4.1 for 60C don't want to buy another device yet.
Support for almost every C hardware line is EOL'd and not there for 5.4. There are only a couple C level devices with firmware available. With their track record I'm not sure I'd trust true "production" gear to 5.4 for at least a year anyway.
I agree that C hardware had a very short lifespan compared to others in the past. Although I was a bit more peeved at Juniper for my SRX-210. Oh look we have a new one with more memory. And current release is now the last version for the non-memory expanded version of the 210. Even though every release other one than the JTAC recommended version crashes on me every 2-3 days anyways.
prefer to wait for 5.4.1, lots of known issue in the release notes ...
FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.
I would stay away from 5.4.0, experience so far on 200D:
- PBR not working
- CISA applications list disappeared for unknown reason
- Tried to reboot remotely, box seems to be up as ISP show PPPoE session as up but not answering on either WAN interface, so no VPN and a trip planned tomorrow to go and fix remote box. "Glad" it happened during xmas break (except for the 250 miles journey...).
So as you might have guessed once on site the plan is to downgrade to 5.2.5, which is a pain in itself as you loose config and need to manually restore it... (would have needed on-site visit anyway).
Hi Stephane,
For - PBR not working,
Can you please provide PBR part configuration for us to reproduce it? Have you checked output of 'diag firewall proute list'? if proute looks good, did you try to debug the flow?
Please help to collect these info,
1. PBR config before and after upgrade
2.'diag firewall proute list' before and after upgrade
3. flow trace,
diag debug enable
diag debug flow show func enable
diag debug flow show console enable
diag debug flow filter addr <src/dst of traffic>
diag debug flow trace start 10
Thanks
Hi,
Due to all the issues on 5.4.0, I had to downgrade to 5.2.4 within 24/48 hrs.
I suspect the GA has been pushed out just before quarter end for financial/customer commitment, clearly not because of technical readiness.
It is time for people in decision places to realise that publishing something so far from being ready does hurt the brand image and trust far more that they believe. The quality level of 5.4.0 is probably more in line of what is expected of a late alpha or early beta. It rise (even more) serious questions about Fortinet QA processes and quality in general.
Are the subscription features (IPS/IDS, etc...) released with the same level of "quality"? They are far more difficult to test and have to trust Fortinet for them to be correct and working. The SSL interception worker crashing in 5.2.5 for large number of members using the functionality is another example of things that should have been picked up by QA.
Best regards,
Stephane
Jzhang wrote:Hi Stephane,
For - PBR not working,
Can you please provide PBR part configuration for us to reproduce it? Have you checked output of 'diag firewall proute list'? if proute looks good, did you try to debug the flow?
Please help to collect these info,
1. PBR config before and after upgrade
2.'diag firewall proute list' before and after upgrade
3. flow trace,
diag debug enable
diag debug flow show func enable
diag debug flow show console enable
diag debug flow filter addr <src/dst of traffic>
diag debug flow trace start 10
Thanks
We just got a FGT30E to begin testing with as a potential choice for our retail customers. It comes with 5.4 (one of the RC, not the GA) and i see the new E models don't have a 5.2 firmware version for them.
Be careful
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.