Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
When I asked my Fortinet engineer about that specific thing several releases ago I was told it did not apply to forticlient and only applied to a ssl-vpn only software that has been long depracated.
Upgrade path doesn't seem to be updated yet at the support site to include this version.
And this problem is not fixed yet. It's now in the known issue list:
435388 After VLAN interfaces are added under physical interface, the parent interface cannot be added into a zone.
We'll have skip this version again.
Hi Toshi. Just curious about your use of a zone with the parent physical interface and child vlan interfaces. You mentioned you were using it for tagged and untagged traffic? I wondered if you had the child vlans in a different zone than the zone the parent physical interface was in? I ask because I had considered something similar a while back to deal with untagged traffic but found a different solution (switch based).
No worries if you don't feel like posting about it! Cheers.
I believe we did it before at least for one customer even if we don't have now to separate corporate subnets/network from non-corp subnets/network and put them into separate zones. FGT just handed off all non-tagged/tagged VLANs over one port to a L2 switch(es) and all devices, including WiFi APs are hanging off from the switch. Obviously only one zone can have the parent interface, and the other one doesn't have it as member interfaces.
To create zones there is no distinction between a parent interface and VLAN subinterfaces, until this problem was introduced.
I updated a 60D this morning from 5.6.4 and it did not go well. After rebooting, none of the interfaces passed traffic and I was unable to log in over console. The error that kept showing up was something along the lines of "unable to lock lockdb".
After rebooting the device a second time, everything was fine. Unfortunately for me, I decided to chance doing an update when I was not onsite with the device and wasn't able to go physically power cycle it until it had been down for a few hours. Lesson learned. And I'll probably be investing in remotely controllable power outlets.
CISSP, NSE4
I would never do an upgrade for a new version I never experienced before without staring at console output, often keep it saving into a file so that I can attach it to a ticket in case I need help from TAC, regardless on-site or remote (always have console access via a terminal server if remote). If that's not possible, at least experience the same upgrade with a FGT whatever we have in the lab first.
I'm just curious but what version did you upgraded the 60D from? 5.4.x?
Well, this is interesting:
"SSL VPN standalone client no longer supports the following operating systems: Microsoft Windows 7 (32-bit & 64-bit) Microsoft Windows 8/8.1 (32-bit & 64-bit) Microsoft Windows 10 (64-bit) Virtual Desktop for Microsoft Windows 7 SP1 (32-bit)"
Does this refer to the FortiClient, and if so, does anyone have any idea why is Fortinet dropping the support for it?
NSE 7
All oppinions/statements written here are my own.
It's been on the release notes for some time by now. My assumption was they were moving toward Win App like the current Win App for Win10.
When I asked my Fortinet engineer about that specific thing several releases ago I was told it did not apply to forticlient and only applied to a ssl-vpn only software that has been long depracated.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.