Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

FortiOS 5.2.2 is out!

.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
4 Solutions
simonorch
Contributor

and still packet capture is hidden from the gui on the small boxes.

 

Not a big deal as it's still available by typing the url manually, but it's irritating.

View solution in original post

ISOffice

techevo wrote:
 

Also on my 100D, Fortiview does not show anything in 5 min, 1 hours and 24 hours, only in now ( and yes I have log to disk enable ).  It was working just fine in 5.2.1 - Any body else in the same boat or it's just me?  

We had a similar issue in that FortiView did not show returns for 5 min, 1 Hour & 24 Hours. A Fortinet engineer recommended that we 'Enable Local reports' on Log Settings. We are now getting returns on all time frames.

 

Hope this helps.

View solution in original post

Carl_Wallmark

ISOffice wrote:

No worries, glad to hear it helped.

To be honest, I cannot see why this made the difference. Credit should really go to AJ in FortiNet Support.

JP

My guess is that FortiView uses the SQLlite database which is activated by "Local Report" feature.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

View solution in original post

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
GusTech

networkingkool wrote:

Hi community,

 

I tried the image 5.2.2 for 80C unit few days ago. But something went wrong. The whole LANs behind the fortigate cannot go to Internet. Only fortigate unit itself can go to Internet.

I recheck my configuration many times but cannot find any error with the configuration. I have to revert back to the image 5.2.1 then LANs can go Internet without any changes in configuration.

I think the fortigate get problem with NAT function.

Does anyone have the same problem with me?

Please advice.

 

Hi,

 

Goto: Policy & Objects -> Objects -> Services -> Open ALL and change Protocol number from 6 to 0

Fortigate <3

View solution in original post

Fortigate <3
46 REPLIES 46
vanc
New Contributor II

techevo wrote:

Also on my 100D, Fortiview does not show anything in 5 min, 1 hours and 24 hours, only in now ( and yes I have log to disk enable ).  It was working just fine in 5.2.1 - Any body else in the same boat or it's just me?  

It's working fine on my 100D and 300D. I can see all the time tabs are populated. Yes, I've run 5.2.2 for more than a day.

 

ISOffice

techevo wrote:
 

Also on my 100D, Fortiview does not show anything in 5 min, 1 hours and 24 hours, only in now ( and yes I have log to disk enable ).  It was working just fine in 5.2.1 - Any body else in the same boat or it's just me?  

We had a similar issue in that FortiView did not show returns for 5 min, 1 Hour & 24 Hours. A Fortinet engineer recommended that we 'Enable Local reports' on Log Settings. We are now getting returns on all time frames.

 

Hope this helps.

techevo

Thanks ! I would never have guessed that !

 

It does work! I now have all historical data in fortiview.

 

Nihas
New Contributor

Upgraded a 200D to 5.2.2 seems fine.

Main attraction is fortiview has improved, and gui is bit faster than the previous ones.

 

However,I have found a few issues.

1. Still the IPSec VPN monitor Module provides wrong Data ( in one day 250 GB which is not possible)

2. I have upgraded FAP221B also, The clients IP's are not showing in the "Client Monitor" module. I think its an issue with Controller.

 

 

 

Nihas [\b]
Nihas [\b]
Baptiste
Contributor II

is it just a joke ???

Pay for FAZ and lost logs ???????

 

FGT 5.2.2 release notes

Table 28:

[LEFT][size="2"]Known log & report issues[/size][/LEFT]

Bug ID Description

0260101 The log loss rate to FortiAnalyzer is higher than on previous builds.

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
tojoe
New Contributor

I'm having severe issues with any 5.2.x on my 80C.

Depending on whether I flash it or just run it without saving the image to flash it either hangs at "System is starting..." or crashes with "ehci_hcd 5035: fatal error".

 

dfroe
New Contributor

I can also confirm that FortiOS 5.2.2 image for FortiGate 80C is broken.

Do not install it on a productive device, especially not on remotely located units, wihout further testing!

When trying to boot the image, my device gets caught in an infinite boot loop.

 

Press any key to display configuration menu...
......
Reading boot image 1431271 bytes.
ehci_hcd 5035: fatal error

 

I had to revert back to 5.2.1 by using the backup image via bootloader, which required direct serial connection.

I tried the upgrade process twice, ending up in the same fatal error boot loop each time.

techevo
New Contributor

dfroe wrote:

I can also confirm that FortiOS 5.2.2 image for FortiGate 80C is broken.

Do not install it on a productive device, especially not on remotely located units, wihout further testing!

When trying to boot the image, my device gets caught in an infinite boot loop.

 

Press any key to display configuration menu...
......
Reading boot image 1431271 bytes.
ehci_hcd 5035: fatal error

 

I had to revert back to 5.2.1 by using the backup image via bootloader, which required direct serial connection.

I tried the upgrade process twice, ending up in the same fatal error boot loop each time.

 

I had the same problem with some 80C in 5.2.1.  Some would work and some not.  I believe it depends on the specific hardware revision.  The funny thing is it was reported to Fortinet and they told me they were aware if the issue ( bug id: 245139 ) and it would be fix in 5.2.2!  I wonder if the ones that did not work in 5.2.1 are now working and the one that used to work are now broken?

dfroe
New Contributor

techevo wrote:
I had the same problem with some 80C in 5.2.1.  Some would work and some not.  I believe it depends on the specific hardware revision.  The funny thing is it was reported to Fortinet and they told me they were aware if the issue ( bug id: 245139 ) and it would be fix in 5.2.2!  I wonder if the ones that did not work in 5.2.1 are now working and the one that used to work are now broken?

Surprisingly I myself had no problems at all upgrading my 80C to 5.2.0 or 5.2.1.

The update from 5.2.1 to 5.2.2 is the first time I encounter this issue.

 

So it seems not be a general problem with the image file.

Instead the problem occurs "under certain conditions".

According to this former thread this particular error also occured with 5.0:

https://forum.fortinet.com/tm.aspx?m=95861

This sounds like upgrading via TFTP instead of Web-GUI might work but I haven't tested it yet.

dfroe
New Contributor

dfroe wrote:
I can also confirm that FortiOS 5.2.2 image for FortiGate 80C is broken.

[...]

Press any key to display configuration menu...
......
Reading boot image 1431271 bytes.
ehci_hcd 5035: fatal error

 

To give you a recent feedback, I just installed the new 5.2.2 image (MD5sum 469d775b772d3a3fb2feacfcdc264bc6) during a maintenance window on the same FG 80C which I bricked the last time.

Good news: With the new 5.2.2 image I was actually able to successfully upgrade my FG 80C! Just uploaded it through webgui, i.e. no need to do a manual tftp flash procedure.

So everybody else having similiar problems with a 80C: Give the new 5.2.2 image a try. It looks like Fortinet actually fixed it.

I hoped that such boot loops would be identified by QA before releasing a public firmware. Especially because we already had a similiar problem with 5.2.0 and FG 30D.

However, I am now happy with the 5.2.2 - and awaiting the upcoming 5.2.3 with just a couple of more bug fixes.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors