- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: FortiOS 5.2.10 - 5.4.1 RMA Claimed
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS 5.2.10 - 5.4.1 RMA Claimed
Hi,
As per the TAC recommendations we had to Flash Format the 100D and eventually it didn't came back up. FortiOS version 5.2.10
So we have got the RMA claimed with FortiOS 5.4.1. Since the support contract was 24x7 but we received the device on 4th day after the claim was initiated and was bit in hurry to live it. So we have imported the config of 5.2.10 to 5.4.1 and started working. This was 3 weeks back. Link Monitor was configured with 2 ISP's
Started facing issues with all the options enabled on a single policy that is UTM, Deep inspection & SSL Certificate that users complaining that Websites are not opening properly "the webpage is unreachable", Error Connection Timeout, Error Connection Closed, DNS Host Suffix issues on three major browsers
As per TAC, The current configuration which you have on the fortigate is corrupted as well. Hence, you will have to flash format the box. Install 5.2.10 and reload configuration of 5.2.10. Then you can go to firmware 5.4.1 following a proper upgrade path. Upgrade path information is present in the support portal. Unfortunately, you will have to redo all the configurations which you had done on 5.4.1 in those 3 weeks
If UTM features in disabled in policy then there is no issue in Browsing
Since their is a lot of configuration done, device was running in Head Office. If we try to redo the complete config than it will take around 3-4 days of downtime which is not possible at all. Further if something missed out than it will be managed afterwards.
Is there any work around for converting the configuration of 5.2.10 to 5.4.1, remove Link-Monitor config part and again configure WAN LLB in order to minimize the downtime to max 1 day.
- « Previous
-
- 1
- 2
- Next »
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ede,
The device currently using was RMAed 4 weeks back. Do u still think I should order a replacement or Flash Format is the last resort
I have syslog configured and all the logs are saved on Syslog server.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I understand you correctly the currently used FGT is a replacement (RMA) unit you got 4 weeks ago.
I think your best bet is to follow the TAC. You are right that the hardware probably is not concerned as it is a replacement unit. But, as the config was 'forced' on it, parts of your original config were not translated correctly. That's why TAC advises you to downgrade to v5.2, restore the original config (without later changes), and upgrade up to v5.4.10. Staying at v5.2 would be possible as well but v5.4 fixes a lot of issues which may or may not be important for you as well. After all, v5.4 brings you SD-WAN, a simple and easy way to provide redundant WAN access.
Rebuilding the latest changes should not be too difficult (and not take a whole day) if you use a tool to show you the diff between
- the original v5.2 config, transformed via upgrade path to v5.4.x
- and the latest backup you took before starting the downgrade
You already stated that it is mainly about address objects and policies. You can paste these into the CLI during live operation without having to reboot.
So, in short, follow TAC, their advice is sound and based on experience.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ede,
it appears its you who hasn't read the original post deep enough ;)
srsiddiqui wrote he got a replacement unit for the corrupt one so he is supposed not to have any more corrupcy.
I don't think Fortinet would replace a broken unit with a broken unit.
So why should he then do the unneccessary flash format on a plain new factory defaulted unit?
I still see no reason...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ede & sw2090,
Since we have uploaded the config of 5.2.10 directly into 5.4.1 and as per TAC this is a wrong method.
The RMAed device came with 5.4.1 and now its not default unit any more
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yep but it' not corrupt either.
just exec factory-reset and it goes back to the config it was shipped with and you can start anew.
The firmware itself on the rma'ed device should be ok (if it were not then fortinet did something wrong in the RMA).
Formatting wold destroy the firmware and require you the reinstall it via tftp wih is completely unneccessary
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For now i am moving forward with solution provided by sw2090
If this didn't work out the Flash Format is the only solution
- « Previous
-
- 1
- 2
- Next »
Labels
-
FortiGate
6,764 -
FortiClient
1,345 -
5.2
801 -
5.4
639 -
FortiManager
580 -
FortiAnalyzer
425 -
6.0
416 -
5.6
362 -
FortiSwitch
347 -
FortiAP
346 -
FortiClient EMS
274 -
FortiMail
263 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
160 -
6.4
128 -
FortiNAC
110 -
FortiGuard
108 -
FortiSIEM
91 -
FortiGateCloud
88 -
IPsec
87 -
FortiCloud Products
85 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
69 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
44 -
FortiEDR
41 -
Fortivoice
41 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
33 -
SD-WAN
33 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
High Availability
24 -
FortiConnect
24 -
VLAN
23 -
FortiAuthenticator
22 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
Certificate
16 -
SAML
15 -
FortiMonitor
14 -
BGP
14 -
DNS
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
FortiDDoS
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
RADIUS
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
Authentication
9 -
SSL SSH inspection
9 -
Traffic shaping
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
FortiSOAR
8 -
SSO
8 -
Application control
8 -
RMA Information and Announcements
7 -
FortiAnalyzer v5.0
7 -
Fortigate Cloud
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
SNMP
6 -
Web profile
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
FortiAP profile
5 -
Web application firewall profile
5 -
FortiTester
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.