- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS 5.6.0 GA is Out
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just upgraded our box (200D, 100D, 80CM..) with the latest v5.6.0, and also upgraded the FA with the latest v5.4.2 (it needs to rebuild the DB for 2 days..) Everything seems good and the IPSec VPN, SSLVPN without any dropping after the upgrading.
I noticed that the "Threat Map" in v5.4.4 is gone once upgraded to v5.6.0... even it's somehow a gimmick, but it's nice if can keep in v5.6~
The Physical / Logical Topology is nice but I found it recognized the host in the wrong side... like an internal host located at the side of WAN1... I am not sure but I set the role as LAN for internal ports and the DMZ...
For the CSF (Cooperative Security Fabric).. seems I have to enable the FortiTelementry on interfaces and must to use OSPF rather than static routing.... still not yet fully experience the benefit / beauty of Security Fabric....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hurts that you can't use NGFW style policies with zones right now. It forces you to use the NAT table when you do that but it kinda doesn't work with zones. Spits out an error in the gui and the zone interface isn't even an option in the CLI.
Mike Pruett
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are reviewing support for Zones in central NAT rules (for NGFW) to see if it can be supported in a future release.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Jordan, Hopefully it can be as I use zones almost exclusively to consolidate and reduce policy counts.
Mike Pruett
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm also waiting for the 200E/201E.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just upgraded our box (200D, 100D, 80CM..) with the latest v5.6.0, and also upgraded the FA with the latest v5.4.2 (it needs to rebuild the DB for 2 days..) Everything seems good and the IPSec VPN, SSLVPN without any dropping after the upgrading.
I noticed that the "Threat Map" in v5.4.4 is gone once upgraded to v5.6.0... even it's somehow a gimmick, but it's nice if can keep in v5.6~
The Physical / Logical Topology is nice but I found it recognized the host in the wrong side... like an internal host located at the side of WAN1... I am not sure but I set the role as LAN for internal ports and the DMZ...
For the CSF (Cooperative Security Fabric).. seems I have to enable the FortiTelementry on interfaces and must to use OSPF rather than static routing.... still not yet fully experience the benefit / beauty of Security Fabric....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Can you please confirm that FortiAnalyzer 5.4.2 is able to collect logs from FortiOS 5.6? There's no such info in the Release Notes and compatibility matrix.
Thank you,
Slavko
NSE 7
All oppinions/statements written here are my own.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It does not collect logs! You have to wait till the GA of Forti OS 5.6 for Analyzer
hello
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I cannot find how to setup different ntp server than Fortiguard (i.e. pool.ntp.org). In GUI (FG 60D) custom is greyed out and info I should do this in CLI. But in CLI I can see only those options :
FGT-DW # config system ntp
FGT-DW (ntp) # show full-configuration
config system ntp
set ntpsync enable
set type fortiguard
set syncinterval 60
set source-ip 0.0.0.0
set server-mode disable
end
FGT-DW (ntp) # set type ?
fortiguard FortiGuard.
custom Custom server.
FGT-DW (ntp) # set type custom <Enter>
FGT-DW (ntp) # set ?
ntpsync Enable/disable synchronization with NTP Server.
type FortiGuard or custom NTP Server.
syncinterval NTP synchronization interval.
source-ip Source IP for communications to NTP server.
server-mode Enable/disable NTP Server Mode.
Dominik Weglarz, IT System Engineer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
config system ntp set ntpsync enable set type custom set syncinterval 60 config ntpserver edit 1 set server "ntp1.inrim.it" next end end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you.
Dominik Weglarz, IT System Engineer