Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
...discovered another bug with v.5.2.3. Administrators who are restricted to provision guest accounts only, can't actually print those accounts (to hand over login IDs and passwords to relevant users). In attempt to do so a FortiGate responds with "Error 500: Internal Server Error".
...didn't have this problem before the upgrade [&:].
hklb wrote:
Change your encoding in your browser (in chrome : option - more tools- encoding - western) and it works.
Support said the encoding error will be fixed in 5.2.4
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Also you cannot load the DNS screen.
When upgrading to 5.2.3, the admin accounts have changed from 'super_admin' to 'prof_admin'. We had the same issue here. We simply went into a backup, changed the admin types and restored the config. I did this remotely, hoping I wouldn't have to drive in. It worked flawlessly.
By the way, we got the answer from support. My guru is better than your guru!
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
@rpetty
Hi,
have you checked the "ALL" Service?
Firewall Service Protocol Number Change 2015-04-02 Subject: Firewall Service Protocol Number Change Released: 2015-04-02 Modified: 2015-04-02 Product: FortiGate
Description:
In FortiOS v5.0.8 and v5.0.9 and v5.2.0 through v5.2.2, the default value of the firewall service protocol number was changed from a value of 0 to 6.
The most commonly observed impact of this change is that after upgrading to the affected firmware, the “ALL” service matches only TCP traffic.
Executing a factory-reset on the FortiGate device does NOT change the default value to 6.
Affected Products:
All FortiGate models.
Resolution:
FortiOS v5.0.10 and v5.2.3 has fixed the issue. Upon upgrading the FortiGate device, the firewall service protocol number is restored to 0.
Workaround:
Those wishing not to upgrade the firmware can modify the affected firewall services to explicitly set the protocol-number to 0. For example:
config firewall service custom
edit "ALL"
set protocol-number 0
next
Upgraded 100D running 5.2.2 to 5.2.3. For the most part, running without issue, but I'm getting the following error (see attached JPEG) when I look at address lists:
Invalid octet in UTF-8 sequence when decoding 'string'
Overlong 2 byte UTF-8 sequence detected when decoding 'string'
At the bottom it says:
One or more addresses in this group are associated with an interface (wan1). Only addresses that are not associated with an interface, or are associated with wan1 can be added.
I kind of understand this, but wonder why it didn't show up in 5.2.2? I tend to use ANY for the interface when I'm creating an IP or FQDN address that I will be using for blocking. I'm guessing I should be methodically using WAN1 instead? I wish there was a way to select in the GUI and say change all to WAN1. I downloaded the config, but when you use ANY, the line:
set associated-interface "X"
is not present for the address definition so I cannot do a simple find/replace. Ugh.
dfollis wrote:There's a very simple solution for this: Clear your browser cache.
Invalid octet in UTF-8 sequence when decoding 'string'Overlong 2 byte UTF-8 sequence detected when decoding 'string'
dfroe wrote:dfollis wrote:There's a very simple solution for this: Clear your browser cache.
Invalid octet in UTF-8 sequence when decoding 'string'Overlong 2 byte UTF-8 sequence detected when decoding 'string'
Clearing my browser cache did not fix this decoding string error. I cleared everything and switched browsers. Still getting error. Opening another ticket. sigh.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Paul S wrote:dfroe wrote:dfollis wrote:There's a very simple solution for this: Clear your browser cache.
Invalid octet in UTF-8 sequence when decoding 'string'Overlong 2 byte UTF-8 sequence detected when decoding 'string'
Clearing my browser cache did not fix this decoding string error. I cleared everything and switched browsers. Still getting error. Opening another ticket. sigh.
Change your encoding in your browser (in chrome : option - more tools- encoding - western) and it works.
hklb wrote:
Change your encoding in your browser (in chrome : option - more tools- encoding - western) and it works.
Support said the encoding error will be fixed in 5.2.4
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Paul S wrote:Thanks for sharing this information.hklb wrote:Support said the encoding error will be fixed in 5.2.4Change your encoding in your browser (in chrome : option - more tools- encoding - western) and it works.
Hopefully we'll have a stable and reliable 5.2 someday before 5.0 is going EoL..
dfroe wrote:Hopefully we'll have a stable and reliable 5.2 someday before 5.0 is going EoL..
5.2 updates have been coming out every three months, it appears. If it's another three months before 5.2.4 comes out, that doesn't give much time before 5.0 goes EOL on 1st Nov. And that's assuming that 5.2.4 is stable and reliable. 5.0 didn't start to get truly stable until update 5 or 6.
simonpt wrote:5.2 updates have been coming out every three months, it appears. If it's another three months before 5.2.4 comes out, that doesn't give much time before 5.0 goes EOL on 1st Nov. And that's assuming that 5.2.4 is stable and reliable. 5.0 didn't start to get truly stable until update 5 or 6.
well, 5.2.3 came out 3/18/15 so 3 months from that date gives us 6/18/15 which is about 4 weeks from now. That matches the release estimate that I have heard fairly closely.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
immediately after my last post, I went to reproduce the string decoding error, but it would not happen any more. Not sure why it happened after clearing browser cache, but not now. either it only happens sometimes or it happens once after clearing the cache.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
now the error is happening again.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.