Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

FortiOS 5.6.4 is out.

.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
1 Solution
Toshi_Esumi
Esteemed Contributor III

I tried it with 60D by forgetting about our office 60D policies use a zone that includes a physical interface (non-tagged) and multiple VLAN subinterfaces (tagged) after read through the release notes and noticed the caution "all members of the zone would be dropped". Sure enough it did.

After a TT with TAC and some own tests with another test 60D, I decided going back to 5.4.8 for the office 60D. Because only way to restore the zone (original set of policies) with all members is to remove all VLANs on the physical interface and put the phy interface as a sole member of the zone first. Then you can recreate all VLANs I removed then put them in the zone. Not only DHCP servers but some other widgets monitoring usage need to be removed before I can remove VLANs. In the middle trying this process I gave up and decided to wait the next release, 5.6.5. TAC gave me the bug ID but it's not in the "known issues" list in the release notes.

View solution in original post

40 REPLIES 40
romanr

bcpereira wrote:

 

I open ticket and the response received was: wait the new version 5.6.5 ¬¬

 

Hello,

 

normally you should get a bug id then? Can you post it?

 

Br,

Roman

Bruno_Pereira
New Contributor III

rswinney99 wrote:

Is the sslvpn issue related to all ssl vpn connections (forticlient and web)? Or is it just browser based ssl vpn?

Only FortiClient.

 

romanr wrote:

bcpereira wrote:

 

I open ticket and the response received was: wait the new version 5.6.5 ¬¬

 

Hello,

 

normally you should get a bug id then? Can you post it?

 

Br,

Roman

I did not receive this bug id. Does it only affect 600D models?

romanr

Hi Bruno,

 

could you please ask support to provide the bug id (from fortinets mantis)?

 

Thanx

roman

Bruno_Pereira
New Contributor III

romanr wrote:

Hi Bruno,

 

could you please ask support to provide the bug id (from fortinets mantis)?

 

Thanx

roman

I open the ticket: 2701366.

rswinney99

 

rswinney99 wrote:

Is the sslvpn issue related to all ssl vpn connections (forticlient and web)? Or is it just browser based ssl vpn?

 

bcpereira wrote:
Only FortiClient.

Does this prevent you from connecting via forticlient or does it disconnect an already connected session?

 

SSL VPN via forticlient is pretty important to our organization so I'm not sure if I should upgrade to 5.6.4 even though I've been waiting on it for a different bug fix.

 

Toshi_Esumi
Esteemed Contributor III

I tried it with 60D by forgetting about our office 60D policies use a zone that includes a physical interface (non-tagged) and multiple VLAN subinterfaces (tagged) after read through the release notes and noticed the caution "all members of the zone would be dropped". Sure enough it did.

After a TT with TAC and some own tests with another test 60D, I decided going back to 5.4.8 for the office 60D. Because only way to restore the zone (original set of policies) with all members is to remove all VLANs on the physical interface and put the phy interface as a sole member of the zone first. Then you can recreate all VLANs I removed then put them in the zone. Not only DHCP servers but some other widgets monitoring usage need to be removed before I can remove VLANs. In the middle trying this process I gave up and decided to wait the next release, 5.6.5. TAC gave me the bug ID but it's not in the "known issues" list in the release notes.

Bruno_Pereira

News

 

Good Afternoon,

There was opened a case (ID 492654) with our Dev team to investigate this issue.

I will keep you updated of any advance.
PeterK

Hi

 

I have concerns about upgrading with the Physical interface inclusion in zones problems mentioned in the upgrade information.  It states it should only affect users upgrading from 5.6.3 or higher but we are upgrading from 5.4.8 so it should not affect us but someone has already mentioned above they upgraded from this version and it affected them.

 

The instructions in the release not that clear.  it states remove "port1" (leaving the VLANs there).  However it does not specify the command.  The command to set it would be "set interface port1".  However "unset interface port1" on our system gets a command parse error before 'port1'.  If you do a ? after unset interface it has enter as the only option (you cannot specify a particular port).  So I tired that but it removes the VLAN as well but when I tried to set the interface back up with the set interface command it would only accept the subinterface/vlan such as set interface port 1.1 but not port1.  

 

This step was tried pre-upgrade to make sure we could remove the interface and add it back in.  In the end I had to restore our saved config.  I now have concerns upgrading because if something goes wrong we cannot wait and log a ticket with Fortinet compile logs and wait to restore the interface, we would need to rollback.  Had anyone else experienced issues with these steps?    

AragoN

Hi Bruno, you tried the new version 5.6.5.

hecht
New Contributor

http://kb.fortinet.com/kb/documentLink.do?externalID=FD40956

NOTE : Users of v5.6.3 should be aware that these changes also apply to this release.  The option is available in v5.6.4 

No it's not!!!

 

BugID 456566 is still included in the known bug list!

Top Kudoed Authors