Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

FortiOS 5.2.2 is out!

.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
4 Solutions
simonorch
Contributor

and still packet capture is hidden from the gui on the small boxes.

 

Not a big deal as it's still available by typing the url manually, but it's irritating.

View solution in original post

ISOffice

techevo wrote:
 

Also on my 100D, Fortiview does not show anything in 5 min, 1 hours and 24 hours, only in now ( and yes I have log to disk enable ).  It was working just fine in 5.2.1 - Any body else in the same boat or it's just me?  

We had a similar issue in that FortiView did not show returns for 5 min, 1 Hour & 24 Hours. A Fortinet engineer recommended that we 'Enable Local reports' on Log Settings. We are now getting returns on all time frames.

 

Hope this helps.

View solution in original post

Carl_Wallmark

ISOffice wrote:

No worries, glad to hear it helped.

To be honest, I cannot see why this made the difference. Credit should really go to AJ in FortiNet Support.

JP

My guess is that FortiView uses the SQLlite database which is activated by "Local Report" feature.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

View solution in original post

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
GusTech

networkingkool wrote:

Hi community,

 

I tried the image 5.2.2 for 80C unit few days ago. But something went wrong. The whole LANs behind the fortigate cannot go to Internet. Only fortigate unit itself can go to Internet.

I recheck my configuration many times but cannot find any error with the configuration. I have to revert back to the image 5.2.1 then LANs can go Internet without any changes in configuration.

I think the fortigate get problem with NAT function.

Does anyone have the same problem with me?

Please advice.

 

Hi,

 

Goto: Policy & Objects -> Objects -> Services -> Open ALL and change Protocol number from 6 to 0

Fortigate <3

View solution in original post

Fortigate <3
46 REPLIES 46
arshadm
New Contributor

How can I get hold of a release note document

techevo

arshadm wrote:

How can I get hold of a release note document

It's in the same folder as where you get the firmware. ( under download when you sign in with your user and password on fortinet support site ). Look for a pdf in the main folder of release 5.2.2

Petras
New Contributor

Hey,

 

So what about:

"Bug ID 0255603 Remove the default profile in deep-inspection-option /ssl-ssh-profile if it is not used. Otherwise, it will be renamed to deep-inspection-5-0. "

 

We use default ssl inspection profile in some fw policys (FGT 800c). What will be the impact of this? How do I nee to prepare for upgrade?

BWiebe

Petras wrote:

Hey,

 

So what about:

"Bug ID 0255603 Remove the default profile in deep-inspection-option /ssl-ssh-profile if it is not used. Otherwise, it will be renamed to deep-inspection-5-0. "

 

We use default ssl inspection profile in some fw policys (FGT 800c). What will be the impact of this? How do I nee to prepare for upgrade?

From the bug notes above, it sounds like it only removes it if it's not in use.  If you're using it, it just renames it to deep-inspection-5-0.

 

 

techevo
New Contributor

BWiebe wrote:

Petras wrote:

Hey,

 

So what about:

"Bug ID 0255603 Remove the default profile in deep-inspection-option /ssl-ssh-profile if it is not used. Otherwise, it will be renamed to deep-inspection-5-0. "

 

We use default ssl inspection profile in some fw policys (FGT 800c). What will be the impact of this? How do I nee to prepare for upgrade?

From the bug notes above, it sounds like it only removes it if it's not in use.  If you're using it, it just renames it to deep-inspection-5-0.

 

 

Hi,

   Not exactly ... that's what I was warning you about.  It's not as described in the bug ID!

If you do use a profile called default it will be erased and it will be replaced with the new name deep-inspection-5-0 ( but with the default settings so you will loose all your customs settings ).  So please rename your profile to whatever you feel like before doing the upgrade or you will end up with a bad surprise !

 

ISOffice
Contributor

No worries, glad to hear it helped.

To be honest, I cannot see why this made the difference. Credit should really go to AJ in FortiNet Support.

JP

Carl_Wallmark

ISOffice wrote:

No worries, glad to hear it helped.

To be honest, I cannot see why this made the difference. Credit should really go to AJ in FortiNet Support.

JP

My guess is that FortiView uses the SQLlite database which is activated by "Local Report" feature.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Lucascat
New Contributor III

What about memory usage on small model (40c, 60c, 60d) compared with 5.0.9?

GusTech

Lucascat wrote:

What about memory usage on small model (40c, 60c, 60d) compared with 5.0.9?

Hi, i check out some of my 60c`s, the memory is around 50 - 65% with no UTM, and normal small use. 100+ days uptime.

 

Im also running a fwf60D with 5.2.2 "testmode" this is using 18%mem

Fortigate <3

Fortigate <3
Bunce
New Contributor

In a policy, setting a service to 'ALL' wont pass any traffic for me.  After defining each service manually it then succeeds.

 

Tried setting in GUI and CLI - same result.

 

60C Wifi - 5.2.2 - rule is applied to a software switch..   Haven't tried it on standard interface.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors