http://docs.fortinet.com/uploaded/files/3285/fortios-v5.2.9-release-notes.pdf
The list of the resolved issues is important IMHO, just some tips:
297421 HTTPs traffic is blocked after AV/IPS database update from FortiGuard.
306929 Fortigate memory logging is automatically enabled after reboot.
382828 When trying to access internal server through SSL VPN in web mode, the login page is not
371264 Modify user ran into lock when trying to change user's password during sslvpn connection.
376599 Keep IPSec traffic on the hardware during rekeying causes kernel panic.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I ended up opening another ticket with Fortinet because IPS engine 3.0289 still has an issue.
They ended up providing me 3.0173. I would open a ticket and ask for this ips engine.
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Did you ever open a ticket with support about sslvpn being broken on 5.2.9?
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Same problem here with a 60D with ipsengine crashing many times a day :
type=event subtype=system level=warning vd="root" logdesc="Application crashed" action=crash msg="Pid: 02321, application: ipsengine 03.170, Firmware: FortiGate-60D v5.2.9,build0736b736,160907 (GA) (Release), Signal 11 received, Backtrace: [0x30d9cb58] [0x30d9790c] [0x30d9ce08] [0x30d86594] [0x30c8cf34] [0x30c9eb28] [0x30c69d3c] [0x008aff60] [0x008b1d98] [0x008b34e0] [0x00039938] [0x008b3980] [0x008b4944] [0x00039938] [0x000393ac] [0x00037450] [0x00038f8c] [0x000368bc] [0x300e3bc4]"
From what I see in this post, my ips engien is rather old. Should an update solve this problem ?
If I downgrade to 5.2.8, can you confirm this should also sovled this problem ?
Regards,
Fred
FredMB wrote:Downgraded my FGT-60d to 5.2.8. No IPS problem.Same problem here with a 60D with ipsengine crashing many times a day :
type=event subtype=system level=warning vd="root" logdesc="Application crashed" action=crash msg="Pid: 02321, application: ipsengine 03.170, Firmware: FortiGate-60D v5.2.9,build0736b736,160907 (GA) (Release), Signal 11 received, Backtrace: [0x30d9cb58] [0x30d9790c] [0x30d9ce08] [0x30d86594] [0x30c8cf34] [0x30c9eb28] [0x30c69d3c] [0x008aff60] [0x008b1d98] [0x008b34e0] [0x00039938] [0x008b3980] [0x008b4944] [0x00039938] [0x000393ac] [0x00037450] [0x00038f8c] [0x000368bc] [0x300e3bc4]"
From what I see in this post, my ips engien is rather old. Should an update solve this problem ?
If I downgrade to 5.2.8, can you confirm this should also sovled this problem ?
Regards,
Fred
5.2.9 build 736 on FG60D gives frequent IPSengine crashes.
Reverting to 5.2.8 build 727 works fine.
Any news on an updated 5.2.9a that fixes this problem ?
We noticed this issue after upgrading from 5.2.8 to 5.2.9 on a number of 60Ds. While working with Fortinet support, he said it's a known issue with the 60Ds and 90Ds with how the IPS engine in 5.2.9 works with the hardware.
The bundled IPS engine version is 3.00170, and when working with support they uploaded a new IPS def to bring the engine to version 3.00172. That corrected the issue for us, the ipsengine process hasn't crashed for going on 24 hours now (had been crashing every minute). If you have support, open a ticket to get the new engine.
EL
Have 600c clucter upgraded using recomended upgrade path 5.23->5.2.5->5.2.7->5.2.9
And about 14 60D.
No issues.
IPS engine Update from 3.00170 to 3.00172 will not go automaticly? is there any manual download?
According to support the engine is only updated manually by uploading the file (or when you upgrade code as it's bundled in). I'm not sure how granular the def updates are, but this engine is specific to the 60D and 90D models. Our firewalls check for updates at least every two hours and over 24 hours didn't auto pull the new engine; manually telling it to update didn't update the engine either after waiting about an hour.
I haven't found the engine listed on the support site.
We run pretty much full UTM on all connections. In our case, the 60Ds we saw the crashing issue at ~1000 sessions, whereas the 60Ds not processing as many sessions either didn't have the crashing issue or it was much less frequent. You can check for the crashing under Log & Report > System or in an Analyzer if you have one.
I ended up opening another ticket with Fortinet because IPS engine 3.0289 still has an issue.
They ended up providing me 3.0173. I would open a ticket and ask for this ips engine.
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
annoying problems:
1. broken internet with IPv6
2. broken SSL-VPN function
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.