Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS 4.3.2 is out
.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
- « Previous
- Next »
39 REPLIES 39
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have 2 firewall clusters running on Version 4 MR2 P8.
According support this was the latest most stable version, but we have some issues with VPN portals that users cannot login..
I see some fixes in the release notes but i' m not sure if we should upgrade or not..
How do you think.. Is it worth upgrading to MR3 P2??
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What issues do you have ?
the MR2 P8 is very stable.
if you need a stable firmware then go with MR2 P8.
If you think MR3 P2 will solve your SSLVPN problems then go with that, just remember its not as stable as the MR2, you could get other issues.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would recommend against going to MR3 patch2. We upgraded our 310B devices to MR3 patch 2 last week, and we experience intermittence SSL and IPSec connection issue. The issue occurred randomly to users. Every time a user attempted to connect to SSL VPN, somehow the firewall not able to find correct policy for the traffic " no match policy found" . In turn, the firewall drop the traffic in the bucket while two other users connect to the same SSL VPN web link and they connected successfully. Same things happen to IPSec VPN, some user are not able to communicate to the VPN gateway " Gateway not reachable" . User have full internet and was able to connect through IPSec the previous day.
One more event we encounter is that the devices goes on conserve mode sporadically.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I attempted to upgrade my 60B, but it would not reboot.
Needed to be formatted and reload via tftp.
I have since downgraded to 4.00 mr2 p8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same problems with SSL VPN as you (Phuoc Ngo).
Also get the error " No Matching Policy"
But i' m still on MR2 P6 (400a) and P2 (500a). both firewalls has the same issue..
Support can' t find the problem either..
Do you have an idea what the problem can be?
Just upgraded the 400a and the 500a to MR2 P8 see what happens.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Remko,
when you see the error message " no_matching_policy" what other information is displayed?
For example, I can see in my logs: reason=" no_matching_policy" msg=" SSL user failed to logged in" action=ssl-login-fail
This is because I typed the password incorrectly.
What msg do you see?
Paul
NSE4
NSE4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Our issue is caused by Microsoft patches. After our users apply the this month Microsoft patches, somehow mysteriously broke both SSL and IPSec. After they roll back the patches, VPN work like a charm. Currently, we are still trying to identify the patch(es) that cause the issue.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For the system conserve mode issue on 4.3.2 for 310B devices, we notice whenever we attempted to view the UTM monitor (graphic) tab, the system goes into conserve mode for a few second.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For the system conserve mode issue on 4.3.2 for 310B devices, we notice whenever we attempted to view the UTM monitor (graphic) tab, the system goes into conserve mode for a few second.i got the exact same problem with smaller units like the 100A
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Another issue we encountered in this release is quotas block page appear on the categories that does not have quotas enable. We went through the profiles configuration and categories configuration and check for quota setting but none can be found. That' s pretty odd..still scratch my head on this issue.
- « Previous
- Next »