Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Lucascat
New Contributor III

FortiOS 5.6.7 is out

Lot of BUG FIX

1 Solution
Hosemacht

you are right,

it seems like the "last used" field is no longer updatet till the connection count hits 0

or you reset the statistics.

sudo apt-get-rekt

View solution in original post

sudo apt-get-rekt
11 REPLIES 11
Hosemacht
Contributor II

Fortigate 60D, 60E and a 201E Cluster updated = no issues so far 

sudo apt-get-rekt

sudo apt-get-rekt
lobstercreed

I'm planning to go to it on Friday on my HA pair of 1500D.  We've been running 5.6.3 for about a year now, and apparently the recommended upgrade path is 5.6.3 -> 5.6.6 -> 5.6.7 which seems weird, but I guess I'll be doing a double-upgrade.

Carl_Wallmark

Been running 5.6.7 on 300E HA and a 200D since a few days, seems rock solid. Haven´t found any bugs that affect us.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
echo

We also upgraded our 1500D cluster and 600D cluster to 5.6.7 last week, mostly because 1500D cluster with 5.6.5 and 5.6.6 had a memory leak bug which slowly ate up lots of memory, up to 90% (that after going to proxy-mode from flow-mode, before stayed around 80%). Memory usage has only slowly gone up so far, we'll see how it will be in a month's time.

torisa
New Contributor

I don't know if it's a bug but in 100E there is "bcm.user" process which is using more cpu than in 5.6.5:

PID RSS ^CPU% MEM% FDS TIME+     NAME 93 12M   40.7       0.4     8 1  4:10.67 bcm.user [x3]

 

Have you noticed this and what even is that process?

Ray
New Contributor III

We have a 100E updated to 5.6.7 five days ago. It did not have the bcm.user high cpu problem. CPU usage has been changing between 2 to 4%.

Another 100E running 5.6.6 with 49 days uptime.  bcm.user CPU usage is also between 2 to 4%.

 

Lucascat
New Contributor III

Been running 5.6.7 on low models, 50e 60d 60e 80e, without problem

 

torisa

Update for that "bcm.user" CPU usage. That specific 100E had also degraded network performance. In example traffic going through policies including IPS filtering sometimes were completely dropped. There was 3000ms spikes on the network.

 

Rebooting firewall solved this.

echo
Contributor II

I found something strange on our 1500D and 600D cluster: in the list of firewall rules I have added a column "Last Used" and this column doesn't update anymore with many rules, whereas with many others it is updated. And active sessions + data amount seems to be OK, although I haven't investigated the data amount. The date and time in those problematic rules shows exactly one time and date which is the time and date of firmware upgrade + 48 hours. Nothing too critical but in some cases the correct information or useful feature in debugging is gone. Probably until the next firmware upgrade or restart, who knows.

Top Kudoed Authors