- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiOS 5.2.11 is Out
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS 5.2.11 is Out
I won't be able to test it until next week
http://docs.fortinet.com/uploaded/files/3654/fortios-v5.2.11-release-notes.pdf
but I will :
Resolved Issues
388594 FortiOS local admin password hashes could be obtained.
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We'll be looking to move to this (from v5.2.7) to resolve long standing issues with SSL deep inspection.
I can't see us scheduling the move before the latter part of May / early June due to planned staff absences but I'm keen to get any feedback available from anyone else who makes the jump ahead of us.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Other than https://forum.fortinet.com/tm.aspx?m=148640 I'm not seeing any feedback in this forum.
So is no news good news?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
seems okay after a week w/ 100D HA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have a pair of 3240C that are doing great.
Ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Running on a few 800c and 600D. No issues as far as I know.
Richie
NSE7
Richie
NSE7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CodeMonkey wrote:We'll be looking to move to this (from v5.2.7) to resolve long standing issues with SSL deep inspection.
What's long standing issues with SSL deep inspection in your case ? We using 5.2.7 and hits lot of odd issues at Web Filtering / SSL deep inspection too, can you share with us and advise if the cases can be fixed after v5.2.11 ? Many thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
YNOT wrote:
What's long standing issues with SSL deep inspection in your case ? We using 5.2.7 and hits lot of odd issues at Web Filtering / SSL deep inspection too,
Hi,
we have also seen odd issues with deep inspection and 5.2.7 - but those were already mainly fixed since 5.2.8 as far as i remember. Didn't notice any troubles with 5.2.10 oder 5.2.11 in that area.
5.2.11 fixed some memory leaks for us since 5.2.10...
Br,Roman
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
YNOT wrote:CodeMonkey wrote:We'll be looking to move to this (from v5.2.7) to resolve long standing issues with SSL deep inspection.
What's long standing issues with SSL deep inspection in your case ? We using 5.2.7 and hits lot of odd issues at Web Filtering / SSL deep inspection too, can you share with us and advise if the cases can be fixed after v5.2.11 ? Many thanks.
SSL deep inspection has essentially been unstable and caused connectivity issues both outbound, and inbound. This has been most notable on a TLS 1.2 win2012r2 webserver we host.
All browsers would (at varying points) fail to connect, with Chrome / IE giving ssl handshake errors and Firefox reporting SSL_ERROR_BAD_MAC_ALERT. The Fortigate crashlog would show a signal 11 fault with backtrace to the ipsengine.
Problems started in June 2016 with FortiOS 5.2.7 + IPSEngine 3.0167.
Initially this was diagnosed as Issue # 0372309 to be fixed with a patched IPSEngine v3.00284; this patch failed to fix the issue.
Subsequently we were provided with an IPSEngine 3.0301 patch; this patch also failed.
We declined to disable hardware acceleration which we were told was a workaround
Subsequently a hotfix IPS Engine 3.0301 was provided to fix the issue; it did not fix it due to a dependency on FortiOS.
We were asked to disable hardware acceleration as a workaround but we continued to run with SSL inspection disabled and pushed for a proper fix that wouldn't impact performance.
The bug id that was provided was 0371254, which is apparently fixed in v5.2.9+, however we decided to wait for 5.2.11.
Currently our plan is to implement 5.2.11 on 11th June (barring any horror stories from the community here) and then begin a slow rollout of SSL inspection (both inbound and outbound).
It's not been the greatest customer experience overall.
Related Posts
- Unable to connect to JPIX's V6... 38 Views
- After firmware upgrade, GUI doesn't show... 64 Views
- FortiGate FortiOS7.4.x Webfilter Notificaion Email Template 48 Views
- No instant result after passing an... 90 Views
- HTTP header injection 247 Views
Labels
-
FortiGate
6,581 -
FortiClient
1,310 -
5.2
801 -
5.4
639 -
FortiManager
569 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
338 -
FortiAP
336 -
FortiClient EMS
267 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
62 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
Firewall policy
25 -
SD-WAN
25 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
16 -
FortiMonitor
14 -
Certificate
14 -
SAML
13 -
DNS
13 -
FortiDDoS
13 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SSO
6 -
Application control
6 -
Traffic shaping policy
5 -
SNMP
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
Web application firewall profile
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.