- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiAP
- FortiClient
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiExtender
- FortiEDR
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: FortiOS 5.2.11 is Out
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS 5.2.11 is Out
I won't be able to test it until next week
http://docs.fortinet.com/uploaded/files/3654/fortios-v5.2.11-release-notes.pdf
but I will :
Resolved Issues
388594 FortiOS local admin password hashes could be obtained.
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We'll be looking to move to this (from v5.2.7) to resolve long standing issues with SSL deep inspection.
I can't see us scheduling the move before the latter part of May / early June due to planned staff absences but I'm keen to get any feedback available from anyone else who makes the jump ahead of us.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Other than https://forum.fortinet.com/tm.aspx?m=148640 I'm not seeing any feedback in this forum.
So is no news good news?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
seems okay after a week w/ 100D HA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have a pair of 3240C that are doing great.
Ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Running on a few 800c and 600D. No issues as far as I know.
Richie
NSE7
Richie
NSE7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CodeMonkey wrote:We'll be looking to move to this (from v5.2.7) to resolve long standing issues with SSL deep inspection.
What's long standing issues with SSL deep inspection in your case ? We using 5.2.7 and hits lot of odd issues at Web Filtering / SSL deep inspection too, can you share with us and advise if the cases can be fixed after v5.2.11 ? Many thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
YNOT wrote:
What's long standing issues with SSL deep inspection in your case ? We using 5.2.7 and hits lot of odd issues at Web Filtering / SSL deep inspection too,
Hi,
we have also seen odd issues with deep inspection and 5.2.7 - but those were already mainly fixed since 5.2.8 as far as i remember. Didn't notice any troubles with 5.2.10 oder 5.2.11 in that area.
5.2.11 fixed some memory leaks for us since 5.2.10...
Br,Roman
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
YNOT wrote:CodeMonkey wrote:We'll be looking to move to this (from v5.2.7) to resolve long standing issues with SSL deep inspection.
What's long standing issues with SSL deep inspection in your case ? We using 5.2.7 and hits lot of odd issues at Web Filtering / SSL deep inspection too, can you share with us and advise if the cases can be fixed after v5.2.11 ? Many thanks.
SSL deep inspection has essentially been unstable and caused connectivity issues both outbound, and inbound. This has been most notable on a TLS 1.2 win2012r2 webserver we host.
All browsers would (at varying points) fail to connect, with Chrome / IE giving ssl handshake errors and Firefox reporting SSL_ERROR_BAD_MAC_ALERT. The Fortigate crashlog would show a signal 11 fault with backtrace to the ipsengine.
Problems started in June 2016 with FortiOS 5.2.7 + IPSEngine 3.0167.
Initially this was diagnosed as Issue # 0372309 to be fixed with a patched IPSEngine v3.00284; this patch failed to fix the issue.
Subsequently we were provided with an IPSEngine 3.0301 patch; this patch also failed.
We declined to disable hardware acceleration which we were told was a workaround
Subsequently a hotfix IPS Engine 3.0301 was provided to fix the issue; it did not fix it due to a dependency on FortiOS.
We were asked to disable hardware acceleration as a workaround but we continued to run with SSL inspection disabled and pushed for a proper fix that wouldn't impact performance.
The bug id that was provided was 0371254, which is apparently fixed in v5.2.9+, however we decided to wait for 5.2.11.
Currently our plan is to implement 5.2.11 on 11th June (barring any horror stories from the community here) and then begin a slow rollout of SSL inspection (both inbound and outbound).
It's not been the greatest customer experience overall.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- SSLVPN - split tunel dns vs... 96 Views
- Advice Needed: FortiGate 30E End-of-Life and... 93 Views
- FortiSwitch setup - best practices for... 99 Views
- GUI, cli window - how to... 181 Views
- Improve SSL VPN Security / Reduce... 287 Views
Labels
-
fortigate
7,026 -
FortiClient
1,383 -
5.2
801 -
5.4
639 -
FortiManager
610 -
FortiAnalyzer
445 -
6.0
416 -
FortiAP
369 -
FortiSwitch
368 -
5.6
362 -
FortiClient EMS
285 -
FortiMail
272 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
171 -
6.4
128 -
FortiNAC
123 -
FortiGuard
112 -
IPsec
103 -
FortiGateCloud
93 -
SSL-VPN
93 -
FortiSIEM
92 -
FortiCloud Products
88 -
FortiToken
76 -
Customer Service
71 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
SD-WAN
43 -
Fortivoice
43 -
FortiEDR
42 -
FortiDNS
37 -
FortiExtender
36 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiAuthenticator
32 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
VLAN
28 -
High Availability
28 -
FortiConnect
24 -
FortiWAN
23 -
ZTNA
21 -
DNS
21 -
FortiConverter
21 -
BGP
19 -
FortiGate v5.2
19 -
Certificate
19 -
SAML
18 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
VDOM
16 -
FortiMonitor
14 -
Authentication
14 -
FortiLink
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
Fortigate Cloud
13 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
RADIUS
11 -
NAT
11 -
Web profile
11 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
Application control
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
WAN optimization
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Proxy policy
6 -
Security profile
6 -
Traffic shaping policy
6 -
Static route
6 -
IPS signature
5 -
Packet capture
5 -
FortiAP profile
5 -
Automation
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
Antivirus profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
Web rating
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
System settings
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
FortiDB
3 -
Intrusion prevention
3 -
Protocol option
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
FortiAI
2 -
VoIP profile
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
4.0MR1
1 -
TACACS
1 -
Subscription Renewal Policy
1 -
Replacement messages
1 -
FortiCWP
1 -
FortiNDR
1 -
Schedule
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
DLP sensor
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1039 | |
| 862 | |
| 509 | |
| 441 | |
| 146 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.