Hi all,
i have 2 FGT 800C running in HA mode Active-Active before 3 days ago i have upgraded the firmware from 5.2.4 to 5.4.2 using proper upgrade path which provided by fortinet 5.2.4 > 5.2.6 > 5.2.9 > 5.4.2, after upgrading the firmware i noticed that FGT GUI is very very slow especially when i navigate to polices page took like 3 to 5 mints to open. i have opened ticket with foritnet support and waiting for their reply, did anyone faced this issue?
Note: i changed the HA mode to Active-Passive, matched HA Hash, and restarted the both units.
Thank you.
Solved! Go to Solution.
i did it, still lagging and glitching specially ( address & policy pages)
Foritnet support team advised:
- How you are accessing Web-GUI either by VPN, Public IP or Internally (LAN). - Also when you are checking keep the "httpsd" on check with multiple browser by clearing there browsing history. - In FGT Web-GUI you are facing slowness with specific page i.e "Policy Page", "Interface Page" or the complete GUI
Please provide the output of below mentioned commands again. # diag debug reset # diag debug disable # diag debug enable # diag web-ui debug enable # diag debug application httpsd -1 Once done collecting logs # di de reset # di de disable ---> to disable # exec tac report ** Run the command di sys top-summary again ** See the process id (PID) for httpsd ** Kill it using the following command and try to access web GUI again, diagnose sys kill 11 <PID> PID RSS CPU% ^MEM% FDS TIME+ NAME 84 78M 0.0 1.0 20 00:13.45 httpsd [x4] Then check the performance again of GUI.
Bump
I had an 800C act strangely but it was tied to improper upgrade both being used by previous technician.
Are you able to backup the configuration, wipe, reload 5.4.2 directly and then reload config?
Mike Pruett
fortinet support advised to "execute formatelogdisk" on both appliance.
Now the GUI is faster and working normally, but still slower more than 5.2.x
Check your setup for errors with "diag debug config-error-log read". If you have errors, try to get rid of them. Usually, these errors are related to non-upgradeble settings in the security profiles. There are a few settings that can't be converted to 5.4.x. Preferred way to check is to connect via console and reboot, and look at the output when the firewall boots. Check output on both firewalls!
The 5.4.2 release solved quite a few bugs in 5.4.1 and 5.4.0. However, it introduced a new string of pretty serious bugs too. I wouldn't use it in production on anything else then an "E" model. Is there a good reason for upgrading to 5.4.x on your 800c cluster? 5.2.10 seems to be good...
One way of fixing weird errors if nothing else helps is to roll back, then install ALL software versions on the way. Tedious, but 100% successful for me when I have encountered similar problems. You might have bumped into something during the upgrade path.
If you find errors in your config and want help with them, post here or send pm.
Richie
NSE7
@kalibrandt,
Just to confirm, you got official word that 5.4.x won't have any more maintenance builds?
Worrying for those of us who have put some time into 5.4.2.
5.4.x progressions should be just bug fixes etc.
5.6 progression from what I HEARD (don't hold me to it though) is supposed to be new features etc.
Mike Pruett
I'm just fine with 5.4.x just getting bug/security fixes instead of new functionality!
What I don't want to hear for quite a while is "we're not going to fix that in 5.4.x, you need to upgrade to 5.6.x"...
I'm sure you'll here it anyway depending on the severity of the bug. We were told they wouldn't implement /31 secondary IP issue with 5.2. Only 5.4 has the fix.
Hello,
I don't know what's official and what's not, so I removed the statement.
Richie
NSE7
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.