FortiOS 5.4.6 is out!

Carl_Wallmark · ‎10-20-2017

.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

tanr · ‎11-01-2017

Anybody else running into GUI issues with 5.4.6?

The most annoying two I'm hitting are:

[ol]

Security Policy page in Interface Pair View always expands all SrcIntf -> DstIntf groups, regardless of whether I've collapsed them in the past. It used to save their collapsed/expanded state. So now every time I go to that page the section I want to work on is scrolled off the bottom.

Pages aren't fully loaded till you scroll down. So on that Security Policy page, or the Services page, or many other similar ones, it only loads the visible section of the page, nothing below it. Unfortunately, this means that I can't just do a quick Ctrl+F to find the item I want, because the find will fail since the rest of the page hasn't been loaded![/ol]

This is with Chrome on Windows 10, though I see the same behavior in MS Edge browser.

I've tried flushing the browser cache, etc. without any change to the behavior.

Anybody else seeing this? Any thoughts on workarounds, or do I just report it as a bug?

View solution in original post

Mascheroni · ‎11-04-2017

You can find it directly on Fortinet support site.

5.4.6 should be the 5.4 last minor release.

It has been published in order to resolve particular issues, such as npu fragmentation when using capwap encapsulated in ipsec tunnel, for example (problem the I've found in a particular installation and for which Fortinet give me a specific patched 5.4.5 release, not published, patch next integrated into 5.4.6 release).

So I suppose that this is why from 5.4.5 Fortinet indicates as direct upgrade , 5.6.2 release

View solution in original post

tanr · ‎11-08-2017

FYI, I reported the 5.4.6 GUI bug # 458586.

[ol]

Security Policy page in Interface Pair View always expands all SrcIntf -> DstIntf groups, regardless of whether I've collapsed them in the past. It used to save their collapsed/expanded state. So now every time I go to that page the section I want to work on is scrolled off the bottom.[/ol]

View solution in original post

tanr · ‎11-08-2017

FYI, I reported the 5.4.6 GUI bug # 458586.

[ol]

Security Policy page in Interface Pair View always expands all SrcIntf -> DstIntf groups, regardless of whether I've collapsed them in the past. It used to save their collapsed/expanded state. So now every time I go to that page the section I want to work on is scrolled off the bottom.[/ol]

Pacolo · ‎02-09-2018

Hello there,

I have already discovered a workadound for the SSH access, well, one of my customers gave me a hint about it ;-).

The problem: Access through SSH to the mgmt1 interface doesn't work The cause: Fortinet discontinues the use of SSH-DSS, as they advised first on the Release Notes

first as a bug...

364280 User cannot use ssh-dss algorithm to log in to FortiGate via SSH

and later as a discontinuation of the protocol...

In version 5.4.5 and later, using ssh-dss algorithm to log in to FortiGate via SSH is no longer supported

The troubleshooting:

Tested connection to mgmt1 through SecureCRT and Putty, none of them worked.

I changed several things on SecureCRT to not select the algorythm SSH-DSS, but none of the workarounds worked.

https://forums.vandyke.com/showthread.php?t=11514

https://forums.vandyke.com/showthread.php?t=11496

The workaround:

My customer told me that they are not affected by the issue, it appears because they are accesing to the FGT through a not mgmt interface.

Then I enable SSH on a not mgmt interface and I can access the device, then I enable SSH on the mgmt2 and I can access through the mgmt1.

I am going to report the issue to the TAC, so they know there is really a bug with SSH, as it has annoyed me working through the console port more than 2 months.

I do not know if this affects to 5.4.7 and 5.4.8, as I haven't tested this versions.

Regards!

Paco.

Pacolo · ‎02-26-2018

Hello,

Fortinet confirmed me that the issue was caused by a bug (0439068), which is is fixed on 5.4.8.

The problem is that the SSH daemon was not enabled on the mgmt interfaces on some cases.

TAC confirmed me too that I hadn't found any reference to an SSH issue, because not all the bugs are referenced on the public Release Notes.

Regards,

Paco.

Delta · ‎11-24-2017

Yep. All browsers. Gets really annoying after a while. Want it to retain state.

Thought for the day: Advertising (n): the science of arresting the human intelligence for long enough to get money from it. -- Stephen Leacock.

tanr · ‎11-25-2017

I reported the bug "Security Policy GUI Page in Interface Pair View Always Expanded" and support says they've "requested the fixing schedule of this bug to 5.4.7/5.6.3/6.0."

Mascheroni · ‎11-03-2017

I was waiting this relase because of NPU fragmentation issue in CAPWAP traffic passing into IPSEC tunnel.

I've found at the moment only one issue.

All firewall policies are viewd in "expanded" mode in GUI, also if we have collapsed them before logging out.

One of our Fortigate presented an issue after been upgraded from 5.4.4 to 5.4.6.

Open VAP profile stopped working.

The workaround was to modify the open mode into wpa mode with psk and revert them back to open mode.

The Open wireless feature was always enabled, before and after firmware upgrade.