...discovered another bug with v.5.2.3. Administrators who are restricted to provision guest accounts only, can't actually print those accounts (to hand over login IDs and passwords to relevant users). In attempt to do so a FortiGate responds with "Error 500: Internal Server Error".
...didn't have this problem before the upgrade [&:].
hklb wrote:
Change your encoding in your browser (in chrome : option - more tools- encoding - western) and it works.
Support said the encoding error will be fixed in 5.2.4
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Also you cannot load the DNS screen.
When upgrading to 5.2.3, the admin accounts have changed from 'super_admin' to 'prof_admin'. We had the same issue here. We simply went into a backup, changed the admin types and restored the config. I did this remotely, hoping I wouldn't have to drive in. It worked flawlessly.
By the way, we got the answer from support. My guru is better than your guru!
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
@rpetty
Hi,
have you checked the "ALL" Service?
Firewall Service Protocol Number Change 2015-04-02 Subject: Firewall Service Protocol Number Change Released: 2015-04-02 Modified: 2015-04-02 Product: FortiGate
Description:
In FortiOS v5.0.8 and v5.0.9 and v5.2.0 through v5.2.2, the default value of the firewall service protocol number was changed from a value of 0 to 6.
The most commonly observed impact of this change is that after upgrading to the affected firmware, the “ALL” service matches only TCP traffic.
Executing a factory-reset on the FortiGate device does NOT change the default value to 6.
Affected Products:
All FortiGate models.
Resolution:
FortiOS v5.0.10 and v5.2.3 has fixed the issue. Upon upgrading the FortiGate device, the firewall service protocol number is restored to 0.
Workaround:
Those wishing not to upgrade the firmware can modify the affected firewall services to explicitly set the protocol-number to 0. For example:
config firewall service custom
edit "ALL"
set protocol-number 0
next
hmm, thanks, mine does not work.
What version of FSSO do you have on your server ?
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Thank you Storaid,
May I ask how your groups are configured and policys using these FSSO groups ?
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Nevermind,
It seems like it doesn´t work when you use LDAP server in the FSSO setup.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
system error after a wifi interface has been removed.......
I can not go to any management console, includes CLI......
anyone have this problem????
this problem sucks...
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
storaid wrote:You shouldn't remove WiFi interface from System > Network > Interfaces GUI section. The right way to remove it is - through WiFi Controller > WiFi Network > SSID - the same place where you created it in the first place.system error after a wifi interface has been removed...
I had a number of issues with WiFi Networks in the past while performing "in-place" upgrade to a major FortiOS version (i.e. 4.3 to 5.0; usually not while applying a patch on the same firmware branch). FortiOS upgrade scripts which transform FG configuration do not always work as expected and sometimes after upgrade you may have a hard time to fix and even remove a broken WiFi interface.
The best way to resolve the issue in your case would be...
[ol]Another way to fix it might be...
[ol]
...discovered another bug with v.5.2.3. Administrators who are restricted to provision guest accounts only, can't actually print those accounts (to hand over login IDs and passwords to relevant users). In attempt to do so a FortiGate responds with "Error 500: Internal Server Error".
...didn't have this problem before the upgrade [&:].
another problem.
upgraded fortigate 110c from 5.2.2 to 5.2.3
wifi controller->managed fortiaps doesn't show any aps (total of 30), thinking an thinking minutes...sometime (1 of 30 times) shows aps normally....aps wifis are working correctly.
thanks
The problem I saw is src-vis process, always running 15-30%, is it normal?, thanks
Just had to roll back a handful of 60Ds from 5.2.3 to 5.2.2. Most iDevices and a handful of other random devices would no longer reliably obtain a DHCP address on WAPs wired directly to the units. I tried reversing the DHCP service definitions mentioned further up the thread with no effect. I couldn't duplicate the issue with any equipment that I have.
The units showed a valid IP assigned to the units, but the affected devices all showed as APIPA. After rolling back the firmware, only a handful of iDevices are having issues, probably related to the bugs in IOS8. No other issues noted with the new firmware.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.