Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Baptiste
Contributor II

5.4.0 is Out

Hey, who is going first ?

 

Some small models like 40C are not support.

Just have a quick look at release notes, there is a loooooot of know issues...

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
2 Solutions
Bipbaep
New Contributor

Any possibility to get old GUI back? New one is seriously ugly and hurt my eyes...

View solution in original post

emnoc
Esteemed Contributor III

IMHO In a production business env you should not upgrade to any new release unless it's a do or die must have feature that you need.

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
69 REPLIES 69
hklb
Contributor II

Hi

 

If I understand correctly, it will not possible to have some profile in flow mode and other in proxy mode in the same VDOM.. Is that correct ?

 

I have a lot of customer with both configured (proxy mode for access to the internet, and flow mode between internal interface).. I don't want to proxy my communication between two internal interface..

 

it is very stupid

pcraponi
Contributor II

you can mix some profiles between proxy and flow in CLI....

It was removed because this kind of conf impact a lot on hardware performance.

 

 

Regards, Paulo Raponi

Regards, Paulo Raponi
osipof
New Contributor

60C is not support, hope they release 5.4.1 for 60C don't want to buy another device yet.

SMabille

Just upgraded 200D:

Policy Based Routing not working since upgrade.

Does anyone using PBR upgraded successfully?

 

Thanks,

Stephane

dpmcintyre

osipof wrote:

60C is not support, hope they release 5.4.1 for 60C don't want to buy another device yet.

Support for almost every C hardware line is EOL'd and not there for 5.4. There are only a couple C level devices with firmware available. With their track record I'm not sure I'd trust true "production" gear to 5.4 for at least a year anyway. 

 

I agree that C hardware had a very short lifespan compared to others in the past. Although I was a bit more peeved at Juniper for my SRX-210. Oh look we have a new one with more memory. And current release is now the last version for the non-memory expanded version of the 210. Even though every release other one than the JTAC recommended version crashes on me every 2-3 days anyways. 

Fahad
New Contributor III

prefer to wait for 5.4.1, lots of known issue in the release notes ...

FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.

FCSNP 5, JNCIS-FW,JNCIA-SSL ,MCSE, ITIL.
SMabille

I would stay away from 5.4.0, experience so far on 200D:

- PBR not working

- CISA applications list disappeared for unknown reason

- Tried to reboot remotely, box seems to be up as ISP show PPPoE session as up but not answering on either WAN interface, so no VPN and a trip planned tomorrow to go and fix remote box. "Glad" it happened during xmas break (except for the 250 miles journey...).

 

So as you might have guessed once on site the plan is to downgrade to 5.2.5, which is a pain in itself as you loose config and need to manually restore it... (would have needed on-site visit anyway).

Jzhang_FTNT

Hi Stephane,

 

For - PBR not working,

Can you please provide PBR part configuration for us to reproduce it? Have you checked output of 'diag firewall proute list'? if proute looks good, did you try to debug the flow?

 

Please help to collect these info,

1. PBR config before and after upgrade

2.'diag firewall proute list' before and after upgrade

3. flow trace, 

diag debug enable

diag debug flow show func enable

diag debug flow show console enable

diag debug flow filter addr <src/dst of traffic>

diag debug flow trace start 10

 

Thanks

 

SMabille

Hi,

 

Due to all the issues on 5.4.0, I had to downgrade to 5.2.4 within 24/48 hrs.

 

I suspect the GA has been pushed out just before quarter end for financial/customer commitment, clearly not because of technical readiness.

 

It is time for people in decision places to realise that publishing something so far from being ready does hurt the brand image and trust far more that they believe. The quality level of 5.4.0 is probably more in line of what is expected of a late alpha or early beta. It rise (even more) serious questions about Fortinet QA processes and quality in general.

 

Are the subscription features (IPS/IDS, etc...) released with the same level of "quality"?  They are far more difficult to test and have to trust Fortinet for them to be correct and working. The SSL interception worker crashing in 5.2.5 for large number of members using the functionality is another example of things that should have been picked up by QA.

 

Best regards,

Stephane

 

 

Jzhang wrote:

Hi Stephane,

 

For - PBR not working,

Can you please provide PBR part configuration for us to reproduce it? Have you checked output of 'diag firewall proute list'? if proute looks good, did you try to debug the flow?

 

Please help to collect these info,

1. PBR config before and after upgrade

2.'diag firewall proute list' before and after upgrade

3. flow trace, 

diag debug enable

diag debug flow show func enable

diag debug flow show console enable

diag debug flow filter addr <src/dst of traffic>

diag debug flow trace start 10

 

Thanks

 

simonorch

We just got a FGT30E to begin testing with as a potential choice for our retail customers. It comes with 5.4 (one of the RC, not the GA) and i see the new E models don't have a 5.2 firmware version for them.

 

Be careful 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors