stay away from 5.2.8 if you are using IPV6
We have seen multiple crashes (kernel panics) during linux system upgrades (yum update, apt-get update) on ipv6 enabled servers.
Could be related to apply ctrl / ips / web filtering , but so far Fortinet was not really helpful in explaining why the crashes occurred. Fortinet answer (referring to a fixed bug in 5.4.1 that should be related):
>> The kernel panic is not related to yum specifically.. >> It is related to ipv6 traffic and from the notes is caused by kernel NULL pointer dereference for ipv6 traffic. >> Now, it was remarked during the investigation that (at least in that case), the crash was caused when ftp
>> session helper was used by the traffic (which was tftp traffic). As soon as the tftp session helper was
>> removed the crash was not observed anymore.
But we didn't do any tftp at the time of the crashes, so in my opinion the problem is worse
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I think we hit the same issue. We upgraded our FGT 310B cluster to 5.2.8 about two weeks ago. Then It started crashing 1 to two times a day. As we had problems with SIP on this Cluster before the upgrade we first suspected a hardware fault and started planning a migration to new hardware. Yesterday we now found the trigger point.
We could open a ftp URL which is reachable over IPv6 in a web browser and the Cluster crashes immediately.
Fortunately yesterday Fortinet Released 5.2.9. I just upgraded to it a few minutes ago and the problem seams to be solved in this release.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.