Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Wow, this release is a true bug fest. I don't even know where to begin.
[ul]
Those are just a few things that I noticed.
Arent's they ashamed of themselves putting something like that out in the wild? I would be.
Yes, we encountered these two issues on a FortiGate 60E. In spite of my previous statement, I think that both errors occurred on the same firewall. We upgraded another ForthGate 60D with no other problems noted.
1. Log & Report / System Events / Application crashed
application: ipsengine 04.021
I was told that this has been reported in bug id: 0506672 and that this requires an upgrade to the IPS engine to version 4.0023
I made the upgrade to 4.0023 but prior to the upgrade the system event crashes stopped appearing
No further issues with this issue have been noticed
2. https://www.gotoassist.me certificate warning. Using deep inspection. Forti_ssl certificate was installed on the browser. The certificate for this website was signed by Fort_CA_untrusted. I was told that the Fortiguard team is working on the certificate bundle. They are saying it will be added in certificate bundle 1.00013.
I was told that I could run:
You can run the following command to update your bundle : execute update-now To check if it is updated then run diagnose autoupdate versions
I have not tested this issue further.
No additional issues with 6.0.2 noticed.
You can now use the packet capture on gui also on small machines without an log-disk!
The packet capture will use an ram-disk.
This is the best new feature so far :D
NSE 4/5/7
Very happy indeed to get packet capture back in the gui on the lower end non-disk boxes.
That one feature has kept some of our customers on 5.2
But not impressed with stability.
FGT60E, IPS Engine (4.021) keep crashing, massive performance issues (even on rules without UTM).
Will have to downgrade to 6.0.1.
Been a long time I haven't been so disappointed by lack of QA so quickly (less than 24 hours) - back to good old buggy Fortinet!
At least on my FWF30E no ips engine crashes are logged in the crashlog.
NSE 4/5/7
Had trouble upgrading a FWF60D with the new image had to rollback, still investigating
PCNSE
NSE
StrongSwan
'sslvpnd' process causes high cpu loading....
PID RSS ^CPU% MEM% FDS TIME+ NAME
* 133 16M 96.9 0.9 31 35:29.83 sslvpnd [x4]
132 16M 19.4 0.9 11 00:01.64 httpclid [x3]
121 28M 8.6 1.5 27 02:17.48 httpsd [x5]
124 323M 7.8 17.3 369 54:50.38 ipsmonitor [x6]
141 12M 4.8 0.7 13 09:57.30 updated
119 39M 0.8 2.1 38 22:51.74 miglogd [x3]
128 14M 0.0 0.8 22 04:32.30 forticron
131 6M 0.0 0.3 24 00:00.43 foauthd
129 7M 0.0 0.4 15 00:24.66 forticldd
136 6M 0.0 0.3 10 00:00.90 guacd
137 808K 0.0 0.0 4 00:00.10 smbcd
138 6M 0.0 0.3 24 00:10.90 voipd
140 66M 0.0 3.5 173 02:25.64 wad [x8]
130 9M 0.0 0.5 47 06:31.97 authd [x3]
142 5M 0.0 0.3 12 01:05.58 snmpd
143 5M 0.0 0.3 23 00:17.17 dhcpd
144 4M 0.0 0.3 8 01:46.27 ipldbd
145 9M 0.0 0.5 17 01:43.32 src-vis
146 4M 0.0 0.3 16 00:08.83 ntpd
147 5M 0.0 0.3 5 00:00.30 sshd
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
So far my FT60E is table and performing normally (although using higher average memory than before the update).
I agree it's great to see Packet Capture back in the GUI.
Wow, this release is a true bug fest. I don't even know where to begin.
[ul]
Those are just a few things that I noticed.
Arent's they ashamed of themselves putting something like that out in the wild? I would be.
Upgraded 60E from 5.6.5 to 6.0.2.
Upgrade was successful the first time.
Twice the ipsengine 04.021 has crashed, 30 minutes apart.
Memory usage is about 60%. CPU utilization is about 3%.
Noticed two errors after the firmware upgrade (diag debug config-error-log read):
1. set type security audit and 2. set location forticloud. The engineer thought that these errors could be ignored and that they were due to changed features in 6.0.2.
Called Fortinet tech support. Was unable to start a GoToAssist session without encountering a security warning. The engineer thought that the security certificate use by GoToAssist was not in the trusted certificates in the FortiGate. This FortiGate is using Full SSL Inspection on the IPv4 policy. He said that he would investigate. Would be curious if others running 6.0.2 and using Full SSL Inspection can open GoToAssist without getting a certificate warning.
Otherwise things seem OK with 6.0.2 so far.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.