Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

FortiOS 5.2.2 is out!

.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
4 Solutions
simonorch
Contributor

and still packet capture is hidden from the gui on the small boxes.

 

Not a big deal as it's still available by typing the url manually, but it's irritating.

NSE8 Fortinet Expert partner - Norway

View solution in original post

NSE8 Fortinet Expert partner - Norway
ISOffice

techevo wrote:
 

Also on my 100D, Fortiview does not show anything in 5 min, 1 hours and 24 hours, only in now ( and yes I have log to disk enable ).  It was working just fine in 5.2.1 - Any body else in the same boat or it's just me?  

We had a similar issue in that FortiView did not show returns for 5 min, 1 Hour & 24 Hours. A Fortinet engineer recommended that we 'Enable Local reports' on Log Settings. We are now getting returns on all time frames.

 

Hope this helps.

View solution in original post

Carl_Wallmark

ISOffice wrote:

No worries, glad to hear it helped.

To be honest, I cannot see why this made the difference. Credit should really go to AJ in FortiNet Support.

JP

My guess is that FortiView uses the SQLlite database which is activated by "Local Report" feature.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

View solution in original post

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
GusTech

networkingkool wrote:

Hi community,

 

I tried the image 5.2.2 for 80C unit few days ago. But something went wrong. The whole LANs behind the fortigate cannot go to Internet. Only fortigate unit itself can go to Internet.

I recheck my configuration many times but cannot find any error with the configuration. I have to revert back to the image 5.2.1 then LANs can go Internet without any changes in configuration.

I think the fortigate get problem with NAT function.

Does anyone have the same problem with me?

Please advice.

 

Hi,

 

Goto: Policy & Objects -> Objects -> Services -> Open ALL and change Protocol number from 6 to 0

Fortigate <3

View solution in original post

Fortigate <3
46 REPLIES 46
Bunce
New Contributor

Found the bug/fix for the ANY issue..

 

In the service specifications it had the entry ALL with protocol=6, whereas it should have been protocol=0

 

Must have been a strange upgrade glitch..

 

m_raza
New Contributor

We have recently upgrade the FortiOS from 5.2.1 to 5.2.2 in our infrastructure  Right now, we are facing issues with Web Filter Engine and SSL inspection, both of them are heavily malfunctioning and drop our legitimate traffic. Even web filtering is not filtering any web site which is extremely prohibited in our organization.  We created some ipv4 policies where we apply web filtering to block all social sites category with out applying any application filtering because we can't due to some reasons and we created three explicit proxy policies where we applied multiple level of web filtering restriction. The failure we are facing is that in ipv4 policies web filtering is not working at all and in explicit proxy policies web filtering sometime works and some time don't.    Its all happened after upgrading the OS from 5.2.1 to 5.2.2. We are using FortiGate 200D   If any one could help me regarding this issue   Thanks.

vanc
New Contributor

m.raza wrote:

We have recently upgrade the FortiOS from 5.2.1 to 5.2.2 in our infrastructure  Right now, we are facing issues with Web Filter Engine and SSL inspection, both of them are heavily malfunctioning and drop our legitimate traffic. Even web filtering is not filtering any web site which is extremely prohibited in our organization. 

 

You may check the FortiGuard WebFilter License status. Make sure it's still valid.

 

As a matter of fact, WF is working fine for me in 5.2.2. I'm using both IPv4 and IPv6 policies.

 

If you have valid contract, you should contact FTNT support.

m_raza
New Contributor

vanc wrote:

m.raza wrote:

We have recently upgrade the FortiOS from 5.2.1 to 5.2.2 in our infrastructure  Right now, we are facing issues with Web Filter Engine and SSL inspection, both of them are heavily malfunctioning and drop our legitimate traffic. Even web filtering is not filtering any web site which is extremely prohibited in our organization. 

 

You may check the FortiGuard WebFilter License status. Make sure it's still valid.

 

As a matter of fact, WF is working fine for me in 5.2.2. I'm using both IPv4 and IPv6 policies.

 

If you have valid contract, you should contact FTNT support.

WebFilter License status, 

Actually yesterday i notice that web filter engine is not filtering any site starts with HTTPS, thats mean our SSL inspection is not working. i tried it with Forti CA and also tried our local CA. i am inspection all ports in inspection method. 

Zenith
New Contributor

FWIW I also had the boot loop when upgrading a 100D to 5.2.2.  Tried from 5.0.0Patch1 all the way through 5.0.0Patch11, same thing, it wouldn't boot.  I certainly would not be upgrading to 5.2.2 remotely as things stand!  Also tried going from 5.0.11 to 5.2.1 and stuck at the same point...

Bunce
New Contributor

DHCP reservation don't seem to work on a 60C-Wifi for us.  Device can't get an IP after flagging it as a reservation (tried in GUI and CLI).  It's running off a software switch so could be a factor.

 

 

Zenith
New Contributor

OK so the problem we had upgrading from 5.0.x to 5.2.x turned out to be an issue with the boot partition.  We were able to upgrade one 100D no problem, the other wouldn't boot when upgraded.  On Fortinet's advice we formatted the boot partition then tried 5.2.2 again and it is now working perfectly.  Strange that 5.0.2, .4, .6, .8, .11 were all OK, but none of the 5.2.x versions would boot, but there you go!

kablage
New Contributor

What happened to this option??

 

execute ping-options source

 

It is not there any more (100D), only auto and that option is useless in most cases. 

simonorch
Contributor

It's certainly there on the 30D, 60D, 500D, 300C, 600C

NSE8 Fortinet Expert partner - Norway

NSE8 Fortinet Expert partner - Norway
kablage

simonorch wrote:

It's certainly there on the 30D, 60D, 500D, 300C, 600C

 

Version: FortiGate-100D v5.2.2,build0642,141118 (GA) BIOS version: 04000030 System Part-Number: P11510-03 Current HA mode: a-p, backup

 

execute ping-options ?

data-size Integer value to specify datagram size in bytes. df-bit Set DF bit in IP header <yes | no>. interval Integer value to specify seconds between two pings. pattern Hex format of pattern, e.g. 00ffaabb. repeat-count Integer value to specify how many times to repeat PING. timeout Integer value to specify timeout in seconds. tos IP type-of-service option. ttl Integer value to specify time-to-live. validate-reply Validate reply data <yes | no>. view-settings View the current settings for PING option.

 

execute ping-options view-settings Ping Options: Repeat Count: 5 Data Size: 56 Timeout: 2 Interval: 1 TTL: 64 TOS: 0 DF bit: unset Source Address: auto Pattern: Pattern Size in Bytes: 0 Validate Reply: no

Top Kudoed Authors