FortiOS 5.4.2 release date

andreadg88 · ‎10-24-2016

Hi to everyone,

we are plan to update our FortiGate 500D in HA Cluster to 5.4, have you a release date for 5.4.2?

We are waiting for this release from May 2016 for a bug fix on CLI.

Thanks

Andrea

Fortinet NSE4

NeilG · ‎11-17-2016

Updated release notes for 11-17-2016 shows:

2016-11-17 Removed 372770 and updated 373707 in Resolved Issues.

Has anyone noticed that the updated "Whats new with 5.4.2" document shows a table that says IPS is NOT supported with the fortigate configured in Proxy Mode? That has to wrong... I hope.

Regards to the confusion on upgraded a 60D to 4.5.2 there seems to be a disk issue due to the upgrade to 5.4.0/.1. See 11-17-2016 version of the release notes p13 "Model-60D Boot Issue"

Now to figure out if this is an optional step or if all 60D on 5.4.1 have this issue.

Note: I am excited about the resolved "373251" as the inconsistency of category overrides on reboot has been a nightmare. (nothing like a behavior that is consistent when broken - and then you fix it, and on next reboot it breaks on a new URL)

-Neil

tanr · ‎11-17-2016

I assume you were looking at page 53 which shows which security profile features use which modes? That table is a little misleading because IPS is flow-based regardless of whether the FGT is in proxy or flow mode. Life of a Packet (http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-life-of-packet-54/lop-packet-flow-pro...) shows how the flow-based IPS fits into the proxy sequence.

MikePruett · ‎11-20-2016

What other issues are you guys experiencing with these puppies on 5.4.2?

Mike Pruett

Fortinet GURU | Fortinet Training Videos

bommi · ‎11-23-2016

In 5.4.2 the SSL-VPN CIFS Bookmarks with SSO dont work anymore.

When creating an cifs bookmark as an user we set SSO to alternate with the username like "domain\username", then we can connect successful to the fileshare.

Removing the domainname from the alternate sso we get the same behaviour as with automatic sso.

In 5.2.7 cifs bookmarks with automatic sso worked without any problems.

NSE 4/5/7

FGTuser · ‎12-15-2016

Ugly bug in 5.4.2 on FG60E/61E.

Conserve mode few hours after enabling UTM and box completely frozen - hard reset need.

Support says it's bug, should be fixed in 5.4.3, so several months without UTM...

This bug might affect FG50E/51E also.

gsarica · ‎12-15-2016

OndrejD wrote:
Ugly bug in 5.4.2 on FG60E/61E.
Conserve mode few hours after enabling UTM and box completely frozen - hard reset need.

Support says it's bug, should be fixed in 5.4.3, so several months without UTM...
This bug might affect FG50E/51E also.

We had the same issue but weren't sure if it was because of 5.4.2. Fortinet sent us an updated IPS engine that they said would fix this but we have no way of verifying since we only had the conserve mode issue once and weren't able to reproduce even with the old IPS engine.

FGTuser · ‎12-15-2016

On 61E as well?

I didn't get new IPS engine, just advice to try:

config ips global set engine-count 2 end

But I'm reluctant to test anything, since it's remote location and customer is quite angry already...

tanr · ‎12-15-2016

Did support say this was specific to the 60E/61E?

I've had a 100D and a 300D on 5.4.2 for over two weeks now and am seeing slightly lower resource usage than I did with 5.4.1, plus I no longer see the gradual creep in memory usage (about 0.75% a day) that I saw with 5.4.0 and 5.4.1. Both devices are using a number of UTM features, including App Control, Web Filter, SSL Inspection, etc.

FGTuser · ‎12-15-2016

Support said this is related to FG60E/61E and FG50/51E.

But I don't have issue on two 51E with UTM so far...perhaps it's only SoC3 issue (FG60E/61E).

hklb · ‎12-15-2016

OndrejD wrote:
Support said this is related to FG60E/61E and FG50/51E.
But I don't have issue on two 51E with UTM so far...perhaps it's only SoC3 issue (FG60E/61E).

Do you have the bug ID ?