Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

FortiOS 5.4.6 is out!

.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
3 Solutions
tanr
Valued Contributor II

Anybody else running into GUI issues with 5.4.6?

 

The most annoying two I'm hitting are:

 

[ol]
  • Security Policy page in Interface Pair View always expands all SrcIntf -> DstIntf groups, regardless of whether I've collapsed them in the past.  It used to save their collapsed/expanded state.  So now every time I go to that page the section I want to work on is scrolled off the bottom.
  • Pages aren't fully loaded till you scroll down.  So on that Security Policy page, or the Services page, or many other similar ones, it only loads the visible section of the page, nothing below it.  Unfortunately, this means that I can't just do a quick Ctrl+F to find the item I want, because the find will fail since the rest of the page hasn't been loaded![/ol]

    This is with Chrome on Windows 10, though I see the same behavior in MS Edge browser.

    I've tried flushing the browser cache, etc. without any change to the behavior.

     

    Anybody else seeing this?  Any thoughts on workarounds, or do I just report it as a bug?

  • View solution in original post

    Mascheroni

    You can find it directly on Fortinet support site.

    5.4.6 should be the 5.4 last minor release.

    It has been published in order to resolve particular issues, such as npu fragmentation when using capwap encapsulated in ipsec tunnel, for example (problem the I've found in a particular installation and for which Fortinet give me a specific patched 5.4.5 release, not published, patch next integrated into 5.4.6 release).

    So I suppose that this is why from 5.4.5 Fortinet indicates as direct upgrade , 5.6.2 release

     

     

     

    View solution in original post

    tanr
    Valued Contributor II

    FYI, I reported the 5.4.6 GUI bug # 458586.

    [ol]
  • Security Policy page in Interface Pair View always expands all SrcIntf -> DstIntf groups, regardless of whether I've collapsed them in the past.  It used to save their collapsed/expanded state.  So now every time I go to that page the section I want to work on is scrolled off the bottom.[/ol]

     

  • View solution in original post

    25 REPLIES 25
    tanr
    Valued Contributor II

    FYI, I reported the 5.4.6 GUI bug # 458586.

    [ol]
  • Security Policy page in Interface Pair View always expands all SrcIntf -> DstIntf groups, regardless of whether I've collapsed them in the past.  It used to save their collapsed/expanded state.  So now every time I go to that page the section I want to work on is scrolled off the bottom.[/ol]

     

  • Pacolo
    New Contributor III

    Hello there,

     

    I have already discovered a workadound for the SSH access, well, one of my customers gave me a hint about it ;-).

     

    The problem: Access through SSH to the mgmt1 interface doesn't work The cause: Fortinet discontinues the use of SSH-DSS, as they advised first on the Release Notes

    first as a bug...

    364280 User cannot use ssh-dss algorithm to log in to FortiGate via SSH

    and later as a discontinuation of the protocol...

    In version 5.4.5 and later, using ssh-dss algorithm to log in to FortiGate via SSH is no longer supported

     

    The troubleshooting:

    Tested connection to mgmt1 through SecureCRT and Putty, none of them worked.

    I changed several things on SecureCRT to not select the algorythm SSH-DSS, but none of the workarounds worked.

    https://forums.vandyke.com/showthread.php?t=11514

    https://forums.vandyke.com/showthread.php?t=11496

     

    The workaround:

    My customer told me that they are not affected by the issue, it appears because they are accesing to the FGT through a not mgmt interface.

    Then I enable SSH on a not mgmt interface and I can access the device, then I enable SSH on the mgmt2 and I can access through the mgmt1.

     

    I am going to report the issue to the TAC, so they know there is really a bug with SSH, as it has annoyed me working through the console port more than 2 months.

    I do not know if this affects to 5.4.7 and 5.4.8, as I haven't tested this versions.

     

    Regards!

    Paco.

    Pacolo
    New Contributor III

    Hello,

     

    Fortinet confirmed me that the issue was caused by a bug (0439068), which is is fixed on 5.4.8.

    The problem is that the SSH daemon was not enabled on the mgmt interfaces on some cases.

     

    TAC confirmed me too that I hadn't found any reference to an SSH issue, because not all the bugs are referenced on the public Release Notes.

     

    Regards,

    Paco.

    Delta
    New Contributor

    Yep.  All browsers.  Gets really annoying after a while.  Want it to retain state.   

    Thought for the day: Advertising (n): the science of arresting the human intelligence for long enough to get money from it. -- Stephen Leacock.
    Thought for the day: Advertising (n): the science of arresting the human intelligence for long enough to get money from it. -- Stephen Leacock.
    tanr
    Valued Contributor II

    I reported the bug "Security Policy GUI Page in Interface Pair View Always Expanded" and support says they've "requested the fixing schedule of this bug to 5.4.7/5.6.3/6.0."

    Mascheroni
    New Contributor II

    I was waiting this relase because of NPU fragmentation issue in CAPWAP traffic passing into IPSEC tunnel.

    I've found at the moment only one issue.

    All firewall policies are viewd in "expanded" mode in GUI, also if we have collapsed them before logging out.

    One of our Fortigate presented an issue after been upgraded from 5.4.4 to 5.4.6.

    Open VAP profile stopped working.

    The workaround was to modify the open mode into wpa mode with psk and revert them back to open mode.

    The Open wireless feature was always enabled, before and after firmware upgrade.

     

     

     

    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors