.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
and still packet capture is hidden from the gui on the small boxes.
Not a big deal as it's still available by typing the url manually, but it's irritating.
techevo wrote:
Also on my 100D, Fortiview does not show anything in 5 min, 1 hours and 24 hours, only in now ( and yes I have log to disk enable ). It was working just fine in 5.2.1 - Any body else in the same boat or it's just me?
We had a similar issue in that FortiView did not show returns for 5 min, 1 Hour & 24 Hours. A Fortinet engineer recommended that we 'Enable Local reports' on Log Settings. We are now getting returns on all time frames.
Hope this helps.
ISOffice wrote:No worries, glad to hear it helped.
To be honest, I cannot see why this made the difference. Credit should really go to AJ in FortiNet Support.
JP
My guess is that FortiView uses the SQLlite database which is activated by "Local Report" feature.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
networkingkool wrote:Hi,Hi community,
I tried the image 5.2.2 for 80C unit few days ago. But something went wrong. The whole LANs behind the fortigate cannot go to Internet. Only fortigate unit itself can go to Internet.
I recheck my configuration many times but cannot find any error with the configuration. I have to revert back to the image 5.2.1 then LANs can go Internet without any changes in configuration.
I think the fortigate get problem with NAT function.
Does anyone have the same problem with me?
Please advice.
Goto: Policy & Objects -> Objects -> Services -> Open ALL and change Protocol number from 6 to 0
Fortigate <3
Found the bug/fix for the ANY issue..
In the service specifications it had the entry ALL with protocol=6, whereas it should have been protocol=0
Must have been a strange upgrade glitch..
We have recently upgrade the FortiOS from 5.2.1 to 5.2.2 in our infrastructure Right now, we are facing issues with Web Filter Engine and SSL inspection, both of them are heavily malfunctioning and drop our legitimate traffic. Even web filtering is not filtering any web site which is extremely prohibited in our organization. We created some ipv4 policies where we apply web filtering to block all social sites category with out applying any application filtering because we can't due to some reasons and we created three explicit proxy policies where we applied multiple level of web filtering restriction. The failure we are facing is that in ipv4 policies web filtering is not working at all and in explicit proxy policies web filtering sometime works and some time don't. Its all happened after upgrading the OS from 5.2.1 to 5.2.2. We are using FortiGate 200D If any one could help me regarding this issue Thanks.
m.raza wrote:We have recently upgrade the FortiOS from 5.2.1 to 5.2.2 in our infrastructure Right now, we are facing issues with Web Filter Engine and SSL inspection, both of them are heavily malfunctioning and drop our legitimate traffic. Even web filtering is not filtering any web site which is extremely prohibited in our organization.
You may check the FortiGuard WebFilter License status. Make sure it's still valid.
As a matter of fact, WF is working fine for me in 5.2.2. I'm using both IPv4 and IPv6 policies.
If you have valid contract, you should contact FTNT support.
vanc wrote:m.raza wrote:We have recently upgrade the FortiOS from 5.2.1 to 5.2.2 in our infrastructure Right now, we are facing issues with Web Filter Engine and SSL inspection, both of them are heavily malfunctioning and drop our legitimate traffic. Even web filtering is not filtering any web site which is extremely prohibited in our organization.
You may check the FortiGuard WebFilter License status. Make sure it's still valid.
As a matter of fact, WF is working fine for me in 5.2.2. I'm using both IPv4 and IPv6 policies.
If you have valid contract, you should contact FTNT support.
WebFilter License status,
Actually yesterday i notice that web filter engine is not filtering any site starts with HTTPS, thats mean our SSL inspection is not working. i tried it with Forti CA and also tried our local CA. i am inspection all ports in inspection method.
FWIW I also had the boot loop when upgrading a 100D to 5.2.2. Tried from 5.0.0Patch1 all the way through 5.0.0Patch11, same thing, it wouldn't boot. I certainly would not be upgrading to 5.2.2 remotely as things stand! Also tried going from 5.0.11 to 5.2.1 and stuck at the same point...
DHCP reservation don't seem to work on a 60C-Wifi for us. Device can't get an IP after flagging it as a reservation (tried in GUI and CLI). It's running off a software switch so could be a factor.
OK so the problem we had upgrading from 5.0.x to 5.2.x turned out to be an issue with the boot partition. We were able to upgrade one 100D no problem, the other wouldn't boot when upgraded. On Fortinet's advice we formatted the boot partition then tried 5.2.2 again and it is now working perfectly. Strange that 5.0.2, .4, .6, .8, .11 were all OK, but none of the 5.2.x versions would boot, but there you go!
What happened to this option??
execute ping-options source
It is not there any more (100D), only auto and that option is useless in most cases.
It's certainly there on the 30D, 60D, 500D, 300C, 600C
simonorch wrote:It's certainly there on the 30D, 60D, 500D, 300C, 600C
Version: FortiGate-100D v5.2.2,build0642,141118 (GA) BIOS version: 04000030 System Part-Number: P11510-03 Current HA mode: a-p, backup
execute ping-options ?
data-size Integer value to specify datagram size in bytes. df-bit Set DF bit in IP header <yes | no>. interval Integer value to specify seconds between two pings. pattern Hex format of pattern, e.g. 00ffaabb. repeat-count Integer value to specify how many times to repeat PING. timeout Integer value to specify timeout in seconds. tos IP type-of-service option. ttl Integer value to specify time-to-live. validate-reply Validate reply data <yes | no>. view-settings View the current settings for PING option.
execute ping-options view-settings Ping Options: Repeat Count: 5 Data Size: 56 Timeout: 2 Interval: 1 TTL: 64 TOS: 0 DF bit: unset Source Address: auto Pattern: Pattern Size in Bytes: 0 Validate Reply: no
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.