Anyone have one of these yet? Looking to upgrade from a 40C.
A little skeptical with this new line, I don't want another 60C type product on my hands here...
Just looking to see reviews, stable, good, bad, ugly....
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
cryptochrome wrote:I've been using a 51E for the last couple of weeks and while I am generally happy, I had a few occasions where the box entered conserve mode. Even though we only have very few users here (less than 5), but we always have between 1000 and 1500 sessions. I am not sure whether this could be a bug in FortiOS 5.4.0 (memory leak?) or whether 2 GB of RAM are just not enough.
Hi
FortiOS 5.4.1 has been released. I see that it is released on 8th June. There is a resolved bug about entering conserve mode as below. It may be your occasion.
Service : FSSO
Bug ID :302908
Smbcd continuously requests for memory; this causes the system to enter conserve mode.
Oook.. Why would you down vote facts! Fact is they shipped a product with a major feature not even working! Screwed me around for months with bullS@##$ gathering logs and playing with level 1-2 support. If you had spent the months fighting with support about this while they make you feel like you are the only one in the world having this problem only to find out they know about it.. you'd maybe have a slightly different opinion of the situation. So yes.. all the while I've got a project in remote office that is behind schedule because I have a defective firewall. Sent back that untested junk and got a 60D.
BTW.. my ticket is still open with support.. let me ping the guy and ask if it's resolved yet. Last time I asked, 5-20, it was still not.
So down vote me all you want! I've come on here as a service to other users to prevent them from having to go through what I went through with FN support. I can't even imagine why anyone would down vote that.. but what ever.
300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
I have to agree with bartman10 here. I find I have slowly been migrating over to Cisco Meraki for what my needs are for my clients. We could sit here all day and do pros/cons, I feel that Fortinet is releasing things that seem to be more and more flaky.
It is confusing to me that as a company like Fortinet, I dont need the flashy gui, something normal, yet how is it that with the lines of code, how can you deliver a product that you support all these features, yet seemingly cant have them all on on some products as the hardware will flake out. Engineer your products to handle it, or have some of the lower models not support it if all it will do is go into conserve mode.
I don't need the flashy gui, I need a working product.
Since I have change one of my clients to full Meraki Solution, VPN times between sites have gone from a 150+ms ping time down to an average of +15-40ms which has made VOIP Cisco phones respond much better.
Hi,
one of my 50E boxes has been now in production for a while. Up to now I found no issue and everything is working as expected (single box, no cluster, UTM active + SSL deep inspection). Compared to the old 60C the cpu usage is dramatically lower and memory usage is somewhat 10% higher with same functions active plus the SSL deep inspection (which before stucked the 60C in a couple of sec...). For a reason I still don't understand the number of TCP connections has decreased but somehow the number of TCP errors seems to have increased. Up to now I'm really satisfied by the hardware.
Bye
Gianluca
FGT: 50E,100D, 200D, 600D
FMG: VM64
FAZ: VM64
Hey GC what kind of speed are you pushing through your 50E with SSL inspection?
Oh.. I found out why all 3 FWF-50E hard locks all the time and why some of you have no issue. It's because it's the WiFi unit. If you had the WiFi unit and used the WiFi your unit would hard lock also. Why? Because it's a known defect with the power management on the WiFi and affects ALL FWF-50E's and they think FWF-30E's....
THEY KNEW about it and still sold the device!!! Then spent a month of my time collecting logs and goofing around only to tell me.. oh it's a known issue and they think it'll be fixed in 5.4.1 sometime next month or two!!
ARE YOU FREEKING KIDDING ME! Do you truly expect me to believe QA just missed the fact that the WiFi edition of this device HARD LOCKS if infarct you actually use said WiFi?! How do you miss that!! HOW!
Or... they knew it and said screw it ship it and we'll fix it later! Then I spend a month goofing around with support only to have level 3 tell me it's a known issue! He also wanted to collect more logs after that as if he didn't waste enough of my time.
What's truly amazing is I only discovered this because I took the unit home for training and found it crashed every night. So I would rip apart my home network every time after work to make it crash and get them logs. I was supposed to take this unit and install it in Gary Indianan, which is 5 hours 1 way! Can you imagine the fun I would have had with this thing crashing remotely and taking down the office like this?! How much more fun that month of troubleshooting would have been taking production down instead of my kids watching Youtube at home!
300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
Hi Bartman10
Could you please sharing the configuration of your unit which has hard lock? We will investigate what's root cause?
You can send email to jli@fortinet.com
Thanks,
JLI.. I understand you're trying to be helpful.. but I believe I was quite clear this is a known issue with the WiFi on all FWF-50E units.. Trust me, I've spent plenty of time with TAC messing around with this issue.
Here.. look at the kernel messages. See how the power save mode is being cycled like crazy? That's the issue. You should educate yourself on this so you don't waste other customers time when they call with a crashing unit.
Still don't believe me? Check ticket #1665229
[580.190]vap-00: [f0:99:bf:56:82:e4] power save mode on (1), 1 sta's in ps mode TS 580.190 [580.320]vap-00: [f0:99:bf:56:82:e4] power save mode off(0), 0 sta's in ps mode TS 580.320 [580.360]vap-00: [f0:99:bf:56:82:e4] power save mode on (1), 1 sta's in ps mode TS 580.360 [580.490]vap-00: [f0:99:bf:56:82:e4] power save mode off(0), 0 sta's in ps mode TS 580.490 [580.500]vap-00: rx src f0:99:bf:56:82:e4 dst ff:ff:ff:ff:ff:ff proto 0x0806 ARP pktlen 42 [580.500]vap-00: rx op ARP request(256) Sender f0:99:bf:56:82:e4|192.168.1.110 Target 00:00:00:00:00:00|169.254.255.255 [580.500]vap-00: tx src f0:99:bf:56:82:e4 dst ff:ff:ff:ff:ff:ff proto 0x0806 ARP pktlen 42 [580.500]vap-00: tx op ARP request(256) Sender f0:99:bf:56:82:e4|192.168.1.110 Target 00:00:00:00:00:00|169.254.255.255 [580.530]vap-00: [f0:99:bf:56:82:e4] power save mode on (1), 1 sta's in ps mode TS 580.530 [580.660]vap-00: [f0:99:bf:56:82:e4] power save mode off(0), 0 sta's in ps mode TS 580.660 [580.700]vap-00: [f0:99:bf:56:82:e4] power save mode on (1), 1 sta's in ps mode TS 580.700 [580.830]vap-00: [f0:99:bf:56:82:e4] power save mode off(0), 0 sta's in ps mode TS 580.830 [580.870]vap-00: [f0:99:bf:56:82:e4] power save mode on (1), 1 sta's in ps mode TS 580.870 [581.000]vap-00: [f0:99:bf:56:82:e4] power save mode off(0), 0 sta's in ps mode TS 581.000 [581.040]vap-00: [f0:99:bf:56:82:e4] power save mode on (1), 1 sta's in ps mode TS 581.040 [581.170]vap-00: [f0:99:bf:56:82:e4] power save mode off(0), 0 sta's in ps mode TS 581.170 [581.210]vap-00: [f0:99:bf:56:82:e4] power save mode on (1), 1 sta's in ps mode TS 581.210
300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
We've deployed two 50E's on small branch offices, both have been rock solid for two months. Antivirus, webfilter, ipsec tunnels to private cloud and main site, IPS etc working fine. Throughput and cpu utilisation is also much better than on a 60C that we also have in a branch office (main site has a 100D). New 5.4.1 interface needs some getting used to, but otherwise I can recommend the 50E/51E.
Usually troubles get with device speed at lowers models that have only SoC design. Don’t buy low end devices with SoC – their real speed is about 15-30Mbit/s at full UTM features especial SSL inspections… I had earlier FG-60D – it was very slow. Now there is FG-50E at 400-500usd that must move out all previous models till 92D and 100D (have CPU and SoC separated). In addition, at time of buy it was at similar speed specification with near models from CheckPoint and Sonicwall.
!
I’d like to see updated “Е” upper class models at lower FortiGate segment including something like FG-80E or 90E at similar prices which have PoE ports, can get more AP count (especially Tunnel mode for remote points).
!
About bugs: I worked with famous ASA-5506 FirePower UTM. It much, much less stable and more bugged that FG.
FG-50E/60D/60E, FAP-221B/21D, FortiClient.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.