Can I ask what the correct and latest firmware file name is for a FortiWiFi 60D-POE? Can you post a link to it?
My unit is currently running FW60DP-5.02-FW-build670-150318 which I can see by typing "diagnose sys flash list" in the console.
In the main the unit is running well but there are few bugs. For exable:
When I use the debug command with filters on IP addresses it breaks my voip services
The packet capture tab is missing from the GUI (Does this need to be enabled?)
When I delete a policy traffic continues to pass.
In short it feels a bit flacky.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Currently, v5.0.12 is the latest patch for v5.0 and v5.2.4 for v5.2.
You are running v5.2.3 which - at the moment - is the most stable release for that branch.
So I recommend staying with it.
The correct filename is "FWF_60D_POE-v5-build0670-FORTINET.out".
Seeing that the firmware is stored on your FGT does not tell you that you are already running it. Check that in the CLI with
get sys stat
Deleting policies should invoke a session purge for sessions allowed by that policy. I am not sure that this is done. Policies are only scanned when a session is established. Further traffic is directly offloaded if allowed. So this might be a bug or at least an oversight (but I doubt it).
On the debug and filters issues, can you explain what's being broken in the voip stream?
We seen the same thing, but for Wifi traffic. I was hesitate to say it was the debug command usage but after read this in this post I think I have the same issue. We had wifi traffic totally stop and now we have wifi hanging up, no beacon & flat out bad performance.
btw; this ALL was found on b670 we didn't stay in 5.2.4 long enough to build any statistics ( FWF60D and FWF90D )
I have to agreed with ede, that b670 under 5.2.3 is probably the best thing for you now. I heard thru the grapevine that we might have a new release by the end of sept or 1st week of oct.
What I would suggest; "Open a ticket for all of the issues"
This would probably help tac either in pure number of issues that are similar or for them to lab this up.
PCNSE
NSE
StrongSwan
emnoc wrote:On the debug and filters issues, can you explain what's being broken in the voip stream?
We seen the same thing, but for Wifi traffic. I was hesitate to say it was the debug command usage but after read this in this post I think I have the same issue. We had wifi traffic totally stop and now we have wifi hanging up, no beacon & flat out bad performance.
btw; this ALL was found on b670 we didn't stay in 5.2.4 long enough to build any statistics ( FWF60D and FWF90D )
I have to agreed with ede, that b670 under 5.2.3 is probably the best thing for you now. I heard thru the grapevine that we might have a new release by the end of sept or 1st week of oct.
What I would suggest; "Open a ticket for all of the issues"
This would probably help tac either in pure number of issues that are similar or for them to lab this up.
This is probably related to DHCP lease, if I connect new client to wifi which is in network, clients gets lease but it cannot even ping gateway or do anything, only solution is to reboot the fortigate.
I asked in support but they don't have a clue how to solve this, and I noticed on other models too that DHCP server cannot keep leases, almost everyday they lease IP again and again, and sometimes it happens that client also has IP but cannot ping anything in network. Only solution again, this time is restart clients PC.
So I wouldn't go so far and say 5.2.3 is stable and reading comments regarding 5.2.4 It doesn't seem like that one is also much better.
I need to node that on 4.x firmware and on 5.x firmware I didn't had problems with leases on fortigate, but 5.2 is just disaster when client cannot ping anything in network like Fortigate bans him.
I have most the problems on Fortiwifi 60D POE and I experience DHCP problems also on 92D, I have two of those so I'm atm monitoring which firmware works better 5.2.3 or 5.2.4. On 5.2.3 everyday almost 100 machines get new lease time even though I have set it to 99 days.
Yes total loss of trafic to the IP address I was filtering on and the only way I could recover was to reboot the firewall. disabling the feature didn't resolve the isse.
The commands I used are as follows:
diagnose debug disable diagnose debug flow show console disable diagnose debug flow filter clear diagnose debug enable diagnose debug flow show console enable diagnose debug flow filter add 109.239.96.133 diagnose debug flow trace start 100
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.