No problems with 90DWifi resolved many issues I had. On the 80CMWifi though had a major issue " ehci_hcd 5035" which caused the device to keep cycling through the boot process, I had to select boot from previous firmware and I got back up. Anyone else with this issue?
Forti OS 4.0:
Forti OS 5.0:
Does anyone know if the device detection is updated along with UTM downloads? The documentation calls it the Device Visibility Database, but I can' t find anything about how frequently that gets updated.
Reason I ask is, in 5.2.1 (on a 100D not yet attached to the internet, and a FAP210B) it is detecting an iPhone5 with iOS8 and a laptop with Windows 8.1, as ' Other Network Device'
It is detecting a Lenovo workstation and a laptop, both with Windows 7, correctly.
It is detecting a Samsung Galaxy phone as a Linux PC (I know, Android is Linux, but it shouldn' t detect it as a Linux PC).
If it is embedded in the firmware, that would be pretty bad, to have to wait for a firmware update.
Do the categorizations for the devices stay the same over time? Are all of them browsing the web?
Device Identification makes use of MAC manufacturer codes, VCI identifiers in DHCP broadcasts, information in SYN packets, and HTTP user-agent strings.
Obviously, not all of this information is available at once. If a host connects, but never generates HTTP port 80 traffic, then all you would have to go on are MAC addresses, if the manufacturer is well-known and matches the brand of the device, and any leaked identity information from NetBIOS traffic, the DHCP broadcast, etc.
Are any devices connecting from behind a Layer-3 device where others connect more directly? Another limitation is that the MAC address is how the FortiGate references each device, so if more than one device is sourced from behind the same MAC (i.e., from a router or L3 switch), then the FortiGate has no way of knowing who is ultimately generating the traffic.
Best to move this thread to a new topic eventually, if it goes beyond simple answers.
one thing I was wondering:
I configured on 5.2.1 a IPSec FortiClient based on template. All fine. If I would like to do a IP pool static route to the phase1 interface I recognized there is not anymore a ipsec phase1 interface to be used for the static route. If I look to the monitor no routing. From this point of view I tried to connect with the 5.2 client latest version and all is working fine. On the client the route is for splitting there as on lan the client can be reached by icmp. Because I do not like such autom. configuration (like SSL VPN) I disable this stuff by default. I looked to the cli for phase1-interface and could only find the opton " add-route" . I tried to set to disable which was possible but as soon as you give the write commend with " end" there is a funny error which indicates must be a /30 sunbet defined for IP Pool....what the hell....a /30 Subnet for IP Pool?
Using a 60D for tests....anyonelse noticed this behaviour?
as you know in FortiOS 5.2 all what is smaller as 100D Disk for logging is not anymore available except 90D etc. ref to Software Matrix. Anyway for my 60D I configured memory logging which means:
# config log memory setting
# set status enable
# set diskfull overwrite
# config log memory filter
# set severity information
# set forward-traffic enable
# set local-traffic enable
# set multicast-traffic enable
# set sniffer-traffic enable
# set anomaly enable
# set netscan-discovery enable
# set netscan-vulnerability enable
# set voip enable
# set dlp-archive enable
# config log gui-display
# set location memory
# set resolve-hosts enable
# set resolve-apps enable
# config log setting
# set fwpolicy-implicit-log enable
# set local-in-allow disable
# set local-in-deny-unicast disable
# set local-in-deny-broadcast disable
# set local-out disable
# set resolve-ip enable
# set resolve-port enable
# set user-anonymize disable
# set daemon-log enable
# set neighbor-event disable
# set brief-traffic-format disable
First thing which I do not understand is the filter and not even for memory meaning all filter for syslogd (local0), for faz as for memory are by default on " warning" which means at all even all right configured no logging only for warning which is nonsense. Anyway I used information which means everything. Now I can see the logs but the behaviour ON A FORTI WHICH HAS NOTHING TO DO meaning less traffic etc. the traffic appreas in the forward log and after 1 minute dissapears.
Second thing is absolutly no logging for SSL-VPN....nothing absolut nothing!
Both issues seems to me a bug? Anyone else recognized this?
Anyone had any success managing a 5.2.1 unit from a 5.2.0 FortiManager?
Release notes say it' s supported but I' ve seen issues in the past using a FortiGate that is ahead of the FMG, and I' m a little worried about testing it.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.