Hi to everyone,
we are plan to update our FortiGate 500D in HA Cluster to 5.4, have you a release date for 5.4.2?
We are waiting for this release from May 2016 for a bug fix on CLI.
Thanks
Andrea
Fortinet NSE4
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Updated release notes for 11-17-2016 shows:
2016-11-17 Removed 372770 and updated 373707 in Resolved Issues.
Has anyone noticed that the updated "Whats new with 5.4.2" document shows a table that says IPS is NOT supported with the fortigate configured in Proxy Mode? That has to wrong... I hope.
Regards to the confusion on upgraded a 60D to 4.5.2 there seems to be a disk issue due to the upgrade to 5.4.0/.1. See 11-17-2016 version of the release notes p13 "Model-60D Boot Issue"
Now to figure out if this is an optional step or if all 60D on 5.4.1 have this issue.
Note: I am excited about the resolved "373251" as the inconsistency of category overrides on reboot has been a nightmare. (nothing like a behavior that is consistent when broken - and then you fix it, and on next reboot it breaks on a new URL)
-Neil
I assume you were looking at page 53 which shows which security profile features use which modes? That table is a little misleading because IPS is flow-based regardless of whether the FGT is in proxy or flow mode. Life of a Packet (http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-life-of-packet-54/lop-packet-flow-pro...) shows how the flow-based IPS fits into the proxy sequence.
What other issues are you guys experiencing with these puppies on 5.4.2?
Mike Pruett
In 5.4.2 the SSL-VPN CIFS Bookmarks with SSO dont work anymore.
When creating an cifs bookmark as an user we set SSO to alternate with the username like "domain\username", then we can connect successful to the fileshare.
Removing the domainname from the alternate sso we get the same behaviour as with automatic sso.
In 5.2.7 cifs bookmarks with automatic sso worked without any problems.
NSE 4/5/7
Ugly bug in 5.4.2 on FG60E/61E.
Conserve mode few hours after enabling UTM and box completely frozen - hard reset need.
Support says it's bug, should be fixed in 5.4.3, so several months without UTM...
This bug might affect FG50E/51E also.
OndrejD wrote:Ugly bug in 5.4.2 on FG60E/61E.
Conserve mode few hours after enabling UTM and box completely frozen - hard reset need.
Support says it's bug, should be fixed in 5.4.3, so several months without UTM...
This bug might affect FG50E/51E also.
We had the same issue but weren't sure if it was because of 5.4.2. Fortinet sent us an updated IPS engine that they said would fix this but we have no way of verifying since we only had the conserve mode issue once and weren't able to reproduce even with the old IPS engine.
On 61E as well?
I didn't get new IPS engine, just advice to try:
config ips global set engine-count 2 end
But I'm reluctant to test anything, since it's remote location and customer is quite angry already...
Did support say this was specific to the 60E/61E?
I've had a 100D and a 300D on 5.4.2 for over two weeks now and am seeing slightly lower resource usage than I did with 5.4.1, plus I no longer see the gradual creep in memory usage (about 0.75% a day) that I saw with 5.4.0 and 5.4.1. Both devices are using a number of UTM features, including App Control, Web Filter, SSL Inspection, etc.
Support said this is related to FG60E/61E and FG50/51E.
But I don't have issue on two 51E with UTM so far...perhaps it's only SoC3 issue (FG60E/61E).
OndrejD wrote:Support said this is related to FG60E/61E and FG50/51E.
But I don't have issue on two 51E with UTM so far...perhaps it's only SoC3 issue (FG60E/61E).
Do you have the bug ID ?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.