...discovered another bug with v.5.2.3. Administrators who are restricted to provision guest accounts only, can't actually print those accounts (to hand over login IDs and passwords to relevant users). In attempt to do so a FortiGate responds with "Error 500: Internal Server Error".
...didn't have this problem before the upgrade [&:].
hklb wrote:
Change your encoding in your browser (in chrome : option - more tools- encoding - western) and it works.
Support said the encoding error will be fixed in 5.2.4
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Also you cannot load the DNS screen.
When upgrading to 5.2.3, the admin accounts have changed from 'super_admin' to 'prof_admin'. We had the same issue here. We simply went into a backup, changed the admin types and restored the config. I did this remotely, hoping I wouldn't have to drive in. It worked flawlessly.
By the way, we got the answer from support. My guru is better than your guru!
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
@rpetty
Hi,
have you checked the "ALL" Service?
Firewall Service Protocol Number Change 2015-04-02 Subject: Firewall Service Protocol Number Change Released: 2015-04-02 Modified: 2015-04-02 Product: FortiGate
Description:
In FortiOS v5.0.8 and v5.0.9 and v5.2.0 through v5.2.2, the default value of the firewall service protocol number was changed from a value of 0 to 6.
The most commonly observed impact of this change is that after upgrading to the affected firmware, the “ALL” service matches only TCP traffic.
Executing a factory-reset on the FortiGate device does NOT change the default value to 6.
Affected Products:
All FortiGate models.
Resolution:
FortiOS v5.0.10 and v5.2.3 has fixed the issue. Upon upgrading the FortiGate device, the firewall service protocol number is restored to 0.
Workaround:
Those wishing not to upgrade the firmware can modify the affected firewall services to explicitly set the protocol-number to 0. For example:
config firewall service custom
edit "ALL"
set protocol-number 0
next
my FG300D is on 5.2.2.
what benefit do I get from upgrading to 5.2.3 ?
kinmun wrote:my FG300D is on 5.2.2.
what benefit do I get from upgrading to 5.2.3 ?
emnoc is right about reading the release notes. Also, consider opening a support ticket and asking for all the known bugs that are affecting 5.2.3. I have recently installed 5.2.3 and I am affecting by two bugs in that release.
if the bugs are in areas you do not consider critical, then you should probably installed 5.2.3, if the bugs are in critical areas, then wait for 5.2.4.
5.2.3 does patch some vulnerabilities discovered recently: http://www.fortiguard.com/advisory/CVE-2014-8730--Poodle-for-TLS--vulnerability/
Reducing risk (improving security) is often an organizations biggest motivation when deciding when to upgrade a system.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Paul S wrote:emnoc is right about reading the release notes. Also, consider opening a support ticket and asking for all the known bugs that are affecting 5.2.3.
They don't update the release notes with the new know bug ?
hklb wrote:
They don't update the release notes with the new know bug ?
I made the assumption that they do not. However, after looking closer I am partially wrong. The release notes download page shows a document date of 3/20/15, but the document itself shows a date of 4/16/15. There is a known issues section that does appear to list more bugs than I would guess were listed on the 5.2.3 GA release date. So, they appear to update the release notes with known bugs, but not for every bug. Maybe just significant bugs or maybe they add bugs to the release notes every so many weeks/months. Both bugs I am affected by, are not listed in the release notes.
bug ID: 275724 Desc: B670 : IE fail to access to server behind Load Balance server (fortinet description) bug ID: 0273255 desc: GUI issue when editing a firewall address group, invalid octet in UTF-8 sequence when decoding string (my description)
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Hi,
in 5.2.3 we facing issue with address objects which haves "not shown in list" attribute test.
created two address objects, created policy with these objects in destination or source.
config firewall address
edit "00TEST1"
set uuid 96a18994-0054-51e5-2b1a-11e70e3d16f2
set subnet 1.2.3.4 255.255.255.255
next
end
config firewall address
edit "00TEST2"
set uuid a0d35c30-0054-51e5-5fc7-95b2a39119e4
set subnet 4.5.6.7 255.255.255.255
next
end
config firewall policy
edit 250
set uuid 0e6e075e-0055-51e5-9d43-fabfa629d8cd
set srcintf "port5"
set dstintf "VL_ITOPS"
set srcaddr "all"
set dstaddr "00TEST1" "00TEST2"
set action accept
set schedule "always"
set service "PING"
set nat enable
next
end
then changed visibility of one object.
config firewall address
edit "00TEST1"
set uuid 96a18994-0054-51e5-2b1a-11e70e3d16f2
set visibility disable
set subnet 1.2.3.4 255.255.255.255
next
end
then in GUI do edit of policy. only one address object shown in destination/source.
click okay, now "hidden" object missed from policy completely.
config firewall policy
edit 250
set uuid 0e6e075e-0055-51e5-9d43-fabfa629d8cd
set srcintf "port5"
set dstintf "VL_ITOPS"
set srcaddr "all"
set dstaddr "00TEST2"
set action accept
set schedule "always"
set service "PING"
set nat enable
next
end
Created support ticket (#1407923).
anybody haves similar problems?
quick add: downloaded latest VM64 trial, default configuration repeated same steps and got same problem.
Read the release notes for 5.2.3, everything that's fix or new or open items should be listed in the release notes.
[link]http://docs.[/link]fortinet.com/d/fortios-5.2.3-release-notes
PCNSE
NSE
StrongSwan
hello, anyone know the released date about next release????
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
storaid wrote:hello, anyone know the released date about next release????
6/12/15 - a comment from Fortinet on one of my support tickets indicated late july for the release of 5.2.4.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
I've been upgrading the FW with no issues for around 3 years on our FGT 110C unit, until going from 5.2.2 to 5.2.3.
Now I can no longer see the interface page on the GUI and I'm also experiencing the 'invalid octet in UTF-8 sequence when decoding 'string'' when viewing groups.
It would seem the firmware screws up our config, for now I've had to downgrade back to 5.2.2. Fortinet support have asked me to reset the unit and try again but no luck.
I've attached some screen grabs of the problems.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.