Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AragoN
New Contributor
1 Solution
rswinney99

When I asked my Fortinet engineer about that specific thing several releases ago I was told it did not apply to forticlient and only applied to a ssl-vpn only software that has been long depracated.

View solution in original post

12 REPLIES 12
Toshi_Esumi
Esteemed Contributor III

Upgrade path doesn't seem to be updated yet at the support site to include this version.

Toshi_Esumi
Esteemed Contributor III

And this problem is not fixed yet. It's now in the known issue list:

435388 After VLAN interfaces are added under physical interface, the parent interface cannot be added into a zone.

We'll have skip this version again.

tanr
Valued Contributor II

Hi Toshi.  Just curious about your use of a zone with the parent physical interface and child vlan interfaces.  You mentioned you were using it for tagged and untagged traffic?  I wondered if you had the child vlans in a different zone than the zone the parent physical interface was in?  I ask because I had considered something similar a while back to deal with untagged traffic but found a different solution (switch based).

 

No worries if you don't feel like posting about it!  Cheers.

Toshi_Esumi
Esteemed Contributor III

I believe we did it before at least for one customer even if we don't have now to separate corporate subnets/network from non-corp subnets/network and put them into separate zones. FGT just handed off all non-tagged/tagged VLANs over one port to a L2 switch(es) and all devices, including WiFi APs are hanging off from the switch. Obviously only one zone can have the parent interface, and the other one doesn't have it as member interfaces.

To create zones there is no distinction between a parent interface and VLAN subinterfaces, until this problem was introduced.

 

Kenundrum

I updated a 60D this morning from 5.6.4 and it did not go well. After rebooting, none of the interfaces passed traffic and I was unable to log in over console. The error that kept showing up was something along the lines of "unable to lock lockdb".

After rebooting the device a second time, everything was fine. Unfortunately for me, I decided to chance doing an update when I was not onsite with the device and wasn't able to go physically power cycle it until it had been down for a few hours. Lesson learned. And I'll probably be investing in remotely controllable power outlets.

CISSP, NSE4

 

Toshi_Esumi
Esteemed Contributor III

I would never do an upgrade for a new version I never experienced before without staring at console output, often keep it saving into a file so that I can attach it to a ticket in case I need help from TAC, regardless on-site or remote (always have console access via a terminal server if remote). If that's not possible, at least experience the same upgrade with a FGT whatever we have in the lab first. 

I'm just curious but what version did you upgraded the 60D from? 5.4.x?

NotMine
Contributor

Well, this is interesting:

"SSL VPN standalone client no longer supports the following operating systems: Microsoft Windows 7 (32-bit & 64-bit) Microsoft Windows 8/8.1 (32-bit & 64-bit) Microsoft Windows 10 (64-bit) Virtual Desktop for Microsoft Windows 7 SP1 (32-bit)"

Does this refer to the FortiClient, and if so, does  anyone have any idea why is Fortinet dropping the support for it?

NSE 7

All oppinions/statements written here are my own.

Toshi_Esumi
Esteemed Contributor III

It's been on the release notes for some time by now. My assumption was they were moving toward Win App like the current Win App for Win10.

rswinney99

When I asked my Fortinet engineer about that specific thing several releases ago I was told it did not apply to forticlient and only applied to a ssl-vpn only software that has been long depracated.