Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
londonnet
New Contributor III

Correct firmware image file for a FortiWiFi 60D-POE

Can I ask what the correct and latest firmware file name is for a FortiWiFi 60D-POE? Can you post a link to it?

 

My unit is currently running FW60DP-5.02-FW-build670-150318 which I can see by typing "diagnose sys flash list" in the console.

 

In the main the unit is running well but there are few bugs. For exable:

When I use the debug command with filters on IP addresses it breaks my voip services

The packet capture tab is missing from the GUI (Does this need to be enabled?)

When I delete a policy traffic continues to pass.

 

In short it feels a bit flacky.

4 REPLIES 4
ede_pfau
Esteemed Contributor III

Currently, v5.0.12 is the latest patch for v5.0 and v5.2.4 for v5.2.

You are running v5.2.3 which - at the moment - is the most stable release for that branch.

So I recommend staying with it.

 

The correct filename is "FWF_60D_POE-v5-build0670-FORTINET.out".

 

Seeing that the firmware is stored on your FGT does not tell you that you are already running it. Check that in the CLI with

get sys stat

Deleting policies should invoke a session purge for sessions allowed by that policy. I am not sure that this is done. Policies are only scanned when a session is established. Further traffic is directly offloaded if allowed. So this might be a bug or at least an oversight (but I doubt it).

 

 


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
emnoc
Esteemed Contributor III

On the debug and filters issues, can you explain what's being broken in the voip stream?

 

We seen the same thing, but for  Wifi traffic. I was hesitate to say it was the debug command usage but after read this in this post I think  I have the same issue. We had wifi traffic totally stop and now we have wifi hanging up, no beacon & flat out bad performance.

 

btw; this ALL was found on  b670 we didn't stay in 5.2.4 long enough to build any statistics ( FWF60D and FWF90D )

 

I have to agreed with ede, that  b670 under 5.2.3 is probably the best thing for you now. I heard thru the grapevine that we might have a new release by the end of sept or 1st week of oct.

 

What I would suggest; "Open a ticket for all of the issues"

 

This would probably help tac either in  pure number of issues that are similar or for them to lab this up.

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Bono
New Contributor

emnoc wrote:

On the debug and filters issues, can you explain what's being broken in the voip stream?

 

We seen the same thing, but for  Wifi traffic. I was hesitate to say it was the debug command usage but after read this in this post I think  I have the same issue. We had wifi traffic totally stop and now we have wifi hanging up, no beacon & flat out bad performance.

 

btw; this ALL was found on  b670 we didn't stay in 5.2.4 long enough to build any statistics ( FWF60D and FWF90D )

 

I have to agreed with ede, that  b670 under 5.2.3 is probably the best thing for you now. I heard thru the grapevine that we might have a new release by the end of sept or 1st week of oct.

 

What I would suggest; "Open a ticket for all of the issues"

 

This would probably help tac either in  pure number of issues that are similar or for them to lab this up.

 

 

 

This is probably related to DHCP lease, if I connect new client to wifi which is in network, clients gets lease but it cannot even ping gateway or do anything, only solution is to reboot the fortigate.

I asked in support but they don't have a clue how to solve this, and I noticed on other models too that DHCP server cannot keep leases, almost everyday they lease IP again and again, and sometimes it happens that client also has IP but cannot ping anything in network. Only solution again, this time is restart clients PC.

So I wouldn't go so far and say 5.2.3 is stable and reading comments regarding 5.2.4 It doesn't seem like that one is also much better.

I need to node that on 4.x firmware and on 5.x firmware I didn't had problems with leases on fortigate, but 5.2 is just disaster when client cannot ping anything in network like Fortigate bans him.

I have most the problems on Fortiwifi 60D POE and I experience DHCP problems also on 92D, I have two of those so I'm atm monitoring which firmware works better 5.2.3 or 5.2.4. On 5.2.3 everyday almost 100 machines get new lease time even though I have set it to 99 days.

londonnet
New Contributor III

Yes total loss of trafic to the IP address I was filtering on and the only way I could recover was to reboot the firewall. disabling the feature didn't resolve the isse.

 

The commands I used are as follows:

 

diagnose debug disable diagnose debug flow show console disable diagnose debug flow filter clear diagnose debug enable diagnose debug flow show console enable diagnose debug flow filter add 109.239.96.133 diagnose debug flow trace start 100

Labels
Top Kudoed Authors