.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I tried it with 60D by forgetting about our office 60D policies use a zone that includes a physical interface (non-tagged) and multiple VLAN subinterfaces (tagged) after read through the release notes and noticed the caution "all members of the zone would be dropped". Sure enough it did.
After a TT with TAC and some own tests with another test 60D, I decided going back to 5.4.8 for the office 60D. Because only way to restore the zone (original set of policies) with all members is to remove all VLANs on the physical interface and put the phy interface as a sole member of the zone first. Then you can recreate all VLANs I removed then put them in the zone. Not only DHCP servers but some other widgets monitoring usage need to be removed before I can remove VLANs. In the middle trying this process I gave up and decided to wait the next release, 5.6.5. TAC gave me the bug ID but it's not in the "known issues" list in the release notes.
bcpereira wrote:
I open ticket and the response received was: wait the new version 5.6.5 ¬¬
Hello,
normally you should get a bug id then? Can you post it?
Br,
Roman
rswinney99 wrote:Only FortiClient.Is the sslvpn issue related to all ssl vpn connections (forticlient and web)? Or is it just browser based ssl vpn?
romanr wrote:I did not receive this bug id. Does it only affect 600D models?bcpereira wrote:
I open ticket and the response received was: wait the new version 5.6.5 ¬¬
Hello,
normally you should get a bug id then? Can you post it?
Br,
Roman
Hi Bruno,
could you please ask support to provide the bug id (from fortinets mantis)?
Thanx
roman
romanr wrote:I open the ticket: 2701366.Hi Bruno,
could you please ask support to provide the bug id (from fortinets mantis)?
Thanx
roman
rswinney99 wrote:Is the sslvpn issue related to all ssl vpn connections (forticlient and web)? Or is it just browser based ssl vpn?
bcpereira wrote:
Only FortiClient.
Does this prevent you from connecting via forticlient or does it disconnect an already connected session?
SSL VPN via forticlient is pretty important to our organization so I'm not sure if I should upgrade to 5.6.4 even though I've been waiting on it for a different bug fix.
I tried it with 60D by forgetting about our office 60D policies use a zone that includes a physical interface (non-tagged) and multiple VLAN subinterfaces (tagged) after read through the release notes and noticed the caution "all members of the zone would be dropped". Sure enough it did.
After a TT with TAC and some own tests with another test 60D, I decided going back to 5.4.8 for the office 60D. Because only way to restore the zone (original set of policies) with all members is to remove all VLANs on the physical interface and put the phy interface as a sole member of the zone first. Then you can recreate all VLANs I removed then put them in the zone. Not only DHCP servers but some other widgets monitoring usage need to be removed before I can remove VLANs. In the middle trying this process I gave up and decided to wait the next release, 5.6.5. TAC gave me the bug ID but it's not in the "known issues" list in the release notes.
News
Good Afternoon,
There was opened a case (ID 492654) with our Dev team to investigate this issue.
I will keep you updated of any advance.
Hi
I have concerns about upgrading with the Physical interface inclusion in zones problems mentioned in the upgrade information. It states it should only affect users upgrading from 5.6.3 or higher but we are upgrading from 5.4.8 so it should not affect us but someone has already mentioned above they upgraded from this version and it affected them.
The instructions in the release not that clear. it states remove "port1" (leaving the VLANs there). However it does not specify the command. The command to set it would be "set interface port1". However "unset interface port1" on our system gets a command parse error before 'port1'. If you do a ? after unset interface it has enter as the only option (you cannot specify a particular port). So I tired that but it removes the VLAN as well but when I tried to set the interface back up with the set interface command it would only accept the subinterface/vlan such as set interface port 1.1 but not port1.
This step was tried pre-upgrade to make sure we could remove the interface and add it back in. In the end I had to restore our saved config. I now have concerns upgrading because if something goes wrong we cannot wait and log a ticket with Fortinet compile logs and wait to restore the interface, we would need to rollback. Had anyone else experienced issues with these steps?
Hi Bruno, you tried the new version 5.6.5.
http://kb.fortinet.com/kb/documentLink.do?externalID=FD40956
NOTE : Users of v5.6.3 should be aware that these changes also apply to this release. The option is available in v5.6.4
No it's not!!!
BugID 456566 is still included in the known bug list!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.