FortiOS 3.0 MR3

Report Inappropriate Content · ‎09-06-2006

Has anyone (Volunteers) out there upgrade to v3.0 MR3 yet? Please let me know what is the problem with this build and let' s chat it here. Bluepeppe

Report Inappropriate Content · ‎09-16-2006

Hello, MR3 Candidate release looks good. ( Fortigate-3600) I still have the same problems with Aggregated links but the rest look good. I like the new web interface. Unfortunatly, without the main link to my core switch I couldn' t let it run long :\ (3x Gig uplink 803.2ad link) MR3 doesn' t like/use it. MR1 works quite well except for some missing RADIUS features and BGP fixes... Am I the only one using Aggregated links with Fortinet equipment? Cheers, Robert O' Kane

kliew · ‎09-19-2006

Hi Robert, I' m planning to use link aggregation pretty soon -- what switches are you connecting onto? Do you have your 3600' s in some HA mode? I' m planning to use them with pair of FG3000' s in HA A-P. Please share your experiences with link aggregation so far... eg. any performance issues, number of VLANs used, do you use VDOMs, etc...

Prometejas · ‎09-19-2006

OT: Maybe do you use VDOMs?

Fortinet Solutions in Lithuania http://www.beit.lt/fortinet SMS For Free http://www.smsforfree.lt

isptools · ‎09-17-2006

i had some " problems" with the antispam and file-patterns (rbl are now cli only). What i see its running, but now on the dashboard our 7x24 Subscribtion is a 8x5 ? The console is quite nice, but it would be better the console on the bottom and the dashboard where the console is. Michael

Michael Killermann ISP-TOOLS GmbH Kohlenhofstrasse 60 -D 90443 Nuernberg - Germany Fortinet Certified Network & Security Professional #FCP1001

Kevin_Ericson · ‎10-15-2006

I am EXTREMELY disappointed in this release. A week ago I upgraded 4 of our firewalls and the next morning found that two of remote users could no longer VPN in. Fortinet tech support came up with a fix and explained they have some new way of doing VPNs but it can only be done from the CLI. Next thing I discovered is that on two different Fortigates that were protecting email servers you couldn' t send an email attachement bigger than about 2 to 3 megs even with the protection profile turned off. The most distressing problem occured about 5 days after the upgrade. One of our firewalls stopped passing HTTP traffic to our web site but HTTPS was just fine. NO changes were made to the firewall config since the upgrade. I figured that I' d try the Microsoft solution to fix it.. you know... just reboot the darn thing. Did that and it never came back on line. I remotely came in the back door to our web server and found I could still PING the Fortigate so I tried to login. After serveral muffed attempts I found out that I couldn' t log in was because the ADMIN password was now empty! In fact my entire config was gone EXCEPT for the IP addresses configured on my interfaces. Luckily I had a back of my config and I downgraded to build 318, reloaded my config and was back on line. Also found that ANY kind of A/V scanning through the Fortigate was incredibly slow and my CPU would go over 90-95% just sending one email through the firewall. That behavior was seen on two completely seperate systems. I now have almost everything back to build 318 and life is back to normal.

Kevin Ericson, Pres., FCNSP Certified Fortinet Engineer Deadbolt Security Networks 9791 W Stanford Ave #5D Denver, CO 80123

Prometejas · ‎10-15-2006

My one FG is running only on v3 build247, because, last 2 after this updates isn' t working properly

.

Fortinet Solutions in Lithuania http://www.beit.lt/fortinet SMS For Free http://www.smsforfree.lt

Report Inappropriate Content · ‎10-17-2006

Seeing very similiar results on a FG-60 with 3.00 build 400. In particular, email to ONE domain eventually stops being delivered altogether, while other domains specified in the SAME email will still be sent. I escalated it to our email spam team and had them check it out but they weren' t seeing anything and asked if I had a email appliance that might be blocking it. I didn' t have a scan rule setup so I didn' t think that would be the problem but as soon as I removed the Fortigate60 from the picture the email began to start hitting the mail server. I re-connected the Fortigate and found that I could still ping the internal address but the FG-60 refused to deliver any packets out the default route. Rebooted the unit and everything started working again for about 18 hours, and now the same thing is happening again. Downgrading to 318 as I type.

Report Inappropriate Content · ‎10-16-2006

Hey ho - it just shows how different people get different results depending on their config (which is clearly a bad thing) - I upgraded 3 x FGT3000s with much trepidation to MR3 b400 (after trying MR3RC b396 onb one) and had no problems! The only thing that changed was the configuration blocking MSN messenger started working! I am running firewall, AV, IPS and anti-spam in Transparent mode but *not* VPN of any kind on the FGTs (though vpn passed through) <Nomenludi>

Report Inappropriate Content · ‎10-16-2006

Have upgraded 2 FG-100A, 3 FG-200A and 1 FG-800 to MR3 (build 400). Grouping for VIP allowed to cut my policy list from 100 to 30 entries. Everithing works except one-to one NAT on FG-800 (FG-100A and FG-200A has no problem with it). I' m working with Tech Support to resolve it. One-to-one NAT works in old version 2 way (ippools and outgoing policies).