Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
krdoor
New Contributor

FortiOS 5.2.8 crashing with ipv6

stay away from 5.2.8 if you are using IPV6

We have seen multiple crashes (kernel panics) during linux system upgrades (yum update, apt-get update) on ipv6 enabled servers.

Could be related to apply ctrl / ips / web filtering , but so far Fortinet was not really helpful in explaining why the crashes occurred. Fortinet answer (referring to a fixed bug in 5.4.1 that should be related):

>> The kernel panic is not related to yum specifically.. >> It is related to ipv6 traffic and from the notes is caused by kernel NULL pointer dereference for ipv6 traffic. >> Now, it was remarked during the investigation that (at least in that case), the crash was caused when ftp

>> session helper was used by the traffic (which was tftp traffic). As soon as the tftp session helper was

>> removed the crash was not observed anymore.

But we didn't do any tftp at the time of the crashes, so in my opinion the problem is worse

1 REPLY 1
Matthias_Cramer
New Contributor

I think we hit the same issue. We upgraded our FGT 310B cluster to 5.2.8 about two weeks ago. Then It started crashing 1 to two times a day. As we had problems with SIP on this Cluster before the upgrade we first suspected a hardware fault and started planning a migration to new hardware. Yesterday we now found the trigger point.

We could open a ftp URL which is reachable over IPv6 in a web browser and the Cluster crashes immediately.

 

Fortunately yesterday Fortinet Released 5.2.9. I just upgraded to it a few minutes ago and the problem seams to be solved in this release.

Labels
Top Kudoed Authors