Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
VicAndr
New Contributor III

FortiOS 5.2: should we wait or should we go?

Questions to those who had been brave enough to upgrade their units to FortiOS v5.2.0: How did it handle complex configurations in the course of upgrade (I mean " in-place upgrade" )? Are there any pitfalls to watch for? Does v5.2 work stable? Is there anything to loose in the jump to v5.2? Are you still there on v5.2 or had to go back to v5.0 for one reason or another? What are your overall experiences so far? We have a pure FortiOS v5.0.7 in our environment. It generally works fine but our main headache is new FortiAPs supporting 802.11ac - they are practically unusable on v5.0.7 (we do not want to go with " interim" FortiOS build as it raises a whole bunch of other questions). Thank you all for any feedback, VA
1 Solution
ejhardin
Contributor

By default the SSL profile is " certificate-inspection" . In this mode the FortiGate is basically just reading the dns name from the certificate during the SSL handshake. Question... Has anyone really had an issues with SSL connections while using " certificate-inspection" ? I haven' t had an issue and I like the fact that the " certificate-inspection" is on by default. Other firewall companies are doing the same thing.

View solution in original post

52 REPLIES 52
Diabolicus23
New Contributor

You can also manually disable the SSL inspection but only via CLI with the command unset ssl-ssh-profile The counterpart is that if you open the policy via GUI you still see the button activated and if you change something in that policy... you will have it again. So, if it works, to create a dedicated SSL profile with no ports enabled is a better one.
Silver
New Contributor

Hello Dipen,

 

Can you confirm while you upgrade your 100dD from version 5 patch x to latest version 5.2.2. Did you face any problem while doing the upgrade. Here me while am doing the upgrade from version 5 patch 9 to latest version 5.2.1 or even 5.2.2 after rebooting in console stay at initializing firewall and system is starting for a long time. 

 

Can you help 

 

Thank

Michael_Van_Elslande
New Contributor

5.2 is awesome.

 

A thing we ran into - despite no documentation stating that 80CM's shouldn't run version 5 if they only have 512Mb of ram we ended up having 13 devices go into conserve mode during a national upgrade and feature enhancement.  Most of our sites have larger hardware, however in this instance Fortinet was not willing to RMA our units for one's with a gig of RAM, so we're left with units that cannot run the features we want.  If we were advised from the beginning we totally would have replaced the units.

 

Other than that version 5.2 is stable and slick, for everything the Fortinet can do its hard to find another device that has the same bang for your buck.

Labels
Top Kudoed Authors