I have two problems going on that can't seem to get solved. One is the HA cluster breaks randomly where the two devices no longer talk but are sending messages to each other. No switch in between if you're wondering. Direct cable. I was told this is an problem with the code and my chipset ? This is a A-A cluster. Ticket # 3877503.
The other issue Im facing is IPS crashed yesterday, seeing a IPSA driver status error over and over, it took Transparent Proxy along with it. No web browsing. I turned off the proxy settings on my outbound policy to allow my users to browse the web again. After hours I rebooted the firewall cluster and re-applied the Proxy settings back to the Outbound rule. SSL inspection no longer works. DIAG WAD USER LIST is blank/empty. TAC is at a loss as to why its now not working as before. As I sit, no deep inspection at the moment. Ticket # 3888909
Upgrading from 6.0.8 to 6.2.3 was the worst mistake. Anyone else have these type of issues or can provide any insight ? My gear is 100e's
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I agree with you, kubimike, they should not have released 6.2.3. I have issues and techsupport does not seem to be able to fix it. One of my issue is that the GUI quit on me after about three hours no matter if I work on anything or my connection is idle. The timeout set to 480 minutes, but it does not seem to work. I use 61Es, 60Es, and now a 61F. The 61E and the 61F are running 6.2.3 and have issues, like when I got this on the 61F while I worked at the CLI:
upd_cfg_get_host6_by_name[116]-Failed to get ipv6 address for update.fortiguard.net
And this:
[__cmdb_config_write_by_fname:151] fopen(/tmp/cmdb_whole_offload.conf) failed: 2(No such file or directory)
zballa wrote:I agree with you, kubimike, they should not have released 6.2.3. I have issues and techsupport does not seem to be able to fix it. One of my issue is that the GUI quit on me after about three hours no matter if I work on anything or my connection is idle. The timeout set to 480 minutes, but it does not seem to work. I use 61Es, 60Es, and now a 61F. The 61E and the 61F are running 6.2.3 and have issues, like when I got this on the 61F while I worked at the CLI:
upd_cfg_get_host6_by_name[116]-Failed to get ipv6 address for update.fortiguard.net
And this:
[__cmdb_config_write_by_fname:151] fopen(/tmp/cmdb_whole_offload.conf) failed: 2(No such file or directory)
By chance are you using set cfg-revert-timeout ?
Well , I figured it out . Bathroom relaxation trip later Transparent Proxy back online!
Findings/What happened/The Fix
When IPSmonitor / IPSA driver crashed it took Transparent Proxy along with it. No web browsing. I edited the IPV4 Policy for Outbound Internet, turned off the proxy settings made it Flow-Based to allow my users to browse the web again. After hours I rebooted the firewall cluster and re-applied the Proxy settings back to the Outbound rule (Proxy-based Back ON Protocol Options set back to MIA-Proxy). SSL inspection no longer worked. DIAG WAD USER LIST is blank/empty. What caused this was editing the policy to Flow-Based, it removed a VERY important entry. 'Set http-policy-redirect enable' This feature should have not been moved to the IPV4 section. In Version 6.0.x it was in Policy & Objects -Proxy Options - Custom Proxy - 'Http Policy Redirect' Radio button. That way if IPV4 is changed to accommodate for a failure in the Transparent Proxy the feature is left on/unchanged and not removed. I've attached screenshots for you to see. This should most def be patched on the next release, move the option back to Policy & Objects -Proxy Options - 'Http Policy Redirect'
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1666 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.