Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

Created on ‎08-17-2017 11:22 AM

FortiOS 5.6.2 is out...

They fixed the SSLVPN bug! :)

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
19453
0 Kudos
3 Solutions
emnoc
Esteemed Contributor III
In response to Kenundrum

Created on ‎08-18-2017 08:49 PM

UPDATE

 

In v5.6.2 , my cert { pfx }  import issues went away. Also I can now use the certificate for admin-gui access also.

 

Ken

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
7577
0 Kudos
emnoc
Esteemed Contributor III
In response to x_member

Created on ‎08-25-2017 11:25 AM

That's a fair assumption. I would wait til at least  4 sub version came out

 

e.g v5.6.5

 

And even then, don't expect all to be fixed. I rolled all of my  personal stuff and lab gear back to a stable 5.4.x version.

 

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
7576
0 Kudos
MikePruett
Valued Contributor
In response to emnoc

Created on ‎08-28-2017 10:11 AM

I'm avoiding it for production for a while. I will just be happy when NGFW style policies actually work right (and when they support it with zones, the central NAT goes stupid currently)

Mike Pruett

Fortinet GURU | Fortinet Training Videos

View solution in original post

Mike Pruett Fortinet GURU | Fortinet Training Videos
7576
0 Kudos
12 REPLIES 12
gsarica
Contributor

Created on ‎08-17-2017 11:57 AM

Nice, we were waiting for 5.6.2 due to all the bugs that were reported but only three fixes and five pages worth of known issues, maybe we'll wait a while longer...

5588
0 Kudos
emnoc
Esteemed Contributor III
In response to gsarica

Created on ‎08-17-2017 01:08 PM

That's good news, let's see what comes up

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
5588
0 Kudos
storaid
Contributor
In response to emnoc

Created on ‎08-17-2017 06:31 PM

sslvpn policy with window-device identification enabled issue is still NOT be fixed....

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
5588
0 Kudos
MikePruett
Valued Contributor
In response to storaid

Created on ‎08-17-2017 07:15 PM

Bummer that it only fixes 3 bugs or so. Would have really liked to see some of the NGFW policy issues worked out

Mike Pruett

Fortinet GURU | Fortinet Training Videos

Mike Pruett Fortinet GURU | Fortinet Training Videos
5588
0 Kudos
Kenundrum
Contributor III
In response to MikePruett

Created on ‎08-18-2017 06:13 AM

On FWF60E running 5.6.0, the firmware update is not showing up as available from fortiguard, only states 5.6.1 is available. Downloaded firmware from the support page and verified the checksum- firmware update fails. It detects the correct version information when you upload, but when you try to actually perform the update an error just shows up saying it failed.

CISSP, NSE4

 

CISSP, NSE4
5588
0 Kudos
emnoc
Esteemed Contributor III
In response to Kenundrum

Created on ‎08-18-2017 08:49 PM

UPDATE

 

In v5.6.2 , my cert { pfx }  import issues went away. Also I can now use the certificate for admin-gui access also.

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
7578
0 Kudos
jmalhenzie
New Contributor II
In response to emnoc

Created on ‎08-19-2017 02:21 PM

Is anyone else having trouble getting NGFW / policy based mode to work as one would expect? I have been trying to make policies allowing only the applications I want, but yet other applications still get allowed on those policies. I would like to only use applications and leave service set to some flavor of all due to the fact that applications can still open on non standard ports. In the example below I am still able to telnet ssh and ftp without ever having my session dropped. Those three examples fall under the middle policy. 

 

- Justin

- Justin
ngfw.JPG
Preview file
63 KB
5588
0 Kudos
storaid
Contributor
In response to jmalhenzie

Created on ‎08-19-2017 10:21 PM

DO NOT USE NGFW policy-based mode to configure policy...

for current firmware build, it's very unstable....

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
5588
0 Kudos
neonbit
Valued Contributor
In response to storaid

Created on ‎08-20-2017 10:25 PM

I've noticed that when creating a new AP profile, if you change the country to be anything other than US or Canada, the default channels for 2.4GHz are 1,7,13 instead of 1,6,11. They cant be changed in the GUI. I can change it manually via the CLI.

5588
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.