Zones Missing? I very rarely use Zones, now I have an need and it' s missing?

Updated our Fortiwifi 60c and lost some Virtual IP' s. The new Limit Seems to be 50 not the old limit of 500. I opened Ticket. Be Warned: Document your Virtual IP' s before Upgrading!

Getting ready to upgrade on a FG-100D. I had been running 4.3MR3P10 and then beta tested 5GA7. One thing that is nice about the FG-100D is the cache. I have two firewalls. Going to put them in HA, but using one for testing now. So I decided to try something. I went to the auto saved configs and clicked " Revert" and it rebooted back to my previous 4.3MR3P10 build and settings. Man was that easy! Almost too easy. Next I took a copy of my config on my production FG-100D to a USB stick. I then applied it to my FG-100D. They are running the same 4.3MR3P10 build. Worked like a charm. Now I will try to upgrade to 5.0 and see what happens. So far so good.

Upgrade was smooth. I' m going to swap out for 4.0 Production system now. I' m at a new building we are moving to so I can do some testing like this without disrupting main network. Will monitor for a while to see how it goes. New interface features are nice and seem to work well with IE9 unlike older X.0 builds.

So I just booted the 5.0 version of my previously 4.3RM3P10 config and it appears way faster when surfing. Going over config now to see if something is not being filtered. I have tested a few " banned" sites we block and it is blocking based on categories so that is good. It also picked our IPSec VPN right back up as soon as the links between the 4.3 and the 5.0 firewall were swapped so that is also great.

So everything appears to be working with the exception of the vulnerability scanning which is frustrating as that appeared to be working fairly well on the 100D MR3P10 build. When I click Start it just refreshes as if the command fails. Other than that, no complains. I like the device reputation. I was able to define my iPhone based on Wifi MAC so I can create a rule to allow it access to sites we don' t allow on the LAN. I have execs who want to use SMTP email accounts on their iPhones but haven' t easily been able to in the past. We block all SMTP outbound that doesn' t originate from our Exchange Server. So lots to like with little complaints. It should be noted that I had a VERY SIMPLE config going into the upgrade. Only Port 1 (in port mode), and WAN1, with 5 rules and two custom services/VIPs. Now I will configure additional settings to match our older 110C which we are replacing.

I have setup a brand new FortiWifi40c with FortiOS 5.0 and noticed that traffic shapping is no longer support in GUI or CLI. Another thing i noticed was SNMP has been moved from GUI and only configurable in CLI. Traffic shapping was a great feature in 4.3 and dont know why they removed it in the lower end product (40c).