- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiOS 6.0.5 is out!
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS 6.0.5 is out!
Many Bugfixes but no TLS 1.3 mentioned.
https://docs.fortinet.com.../fortios-release-notes
sudo apt-get-rekt
Solved! Go to Solution.
sudo apt-get-rekt
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ich verstehen Sie, aber meine Deutsch ist sehr schlecht!
So I just got off the phone with the TAC. Did lots of testing. We thought the issue was with our FAZ, but after doing some more checking we decided to check the miglogd process.
If you log into the CLI
diag sys top-summary
look for the miglogd process and note the process ID (PID)
[style="background-color: #ffff00;"]197 [/style] 320M 0.0 2.0 73 09:19.30 miglogd [x5]
Press "q" to quit the monitoring of sys top.
Now that you have the PID of the miglogd process, enter the following to kill and restart it:
dig sys kill 11 197
Note in my case the PID was 197 as highlighted above. Once we did this, we saw this in the crashlog:
diag debug crashlog read
509: 2019-06-05 13:36:40 <00197> application miglogd 510: 2019-06-05 13:36:40 <00197> *** signal 11 (Segmentation fault) received *** 511: 2019-06-05 13:36:40 <00197> Register dump: 512: 2019-06-05 13:36:40 <00197> RAX: fffffffffffffffc RBX: 0000000000ed19e0 513: 2019-06-05 13:36:40 <00197> RCX: ffffffffffffffff RDX: 0000000000000400 514: 2019-06-05 13:36:40 <00197> R08: 0000000000000000 R09: 0000000000000008 515: 2019-06-05 13:36:40 <00197> R10: 00000000000006d6 R11: 0000000000000246 516: 2019-06-05 13:36:40 <00197> R12: 00007fff4adca950 R13: 0000000000000000 517: 2019-06-05 13:36:40 <00197> R14: 00007fff4adca950 R15: 0000000015477b10 518: 2019-06-05 13:36:40 <00197> RSI: 00000000151a9550 RDI: 000000000000000a 519: 2019-06-05 13:36:40 <00197> RBP: 00007fff4adca5f0 RSP: 00007fff4adca5b8 520: 2019-06-05 13:36:40 <00197> RIP: 00007f1ff42bbba0 EFLAGS: 0000000000000246 521: 2019-06-05 13:36:40 <00197> CS: 0033 FS: 0000 GS: 0000 522: 2019-06-05 13:36:40 <00197> Trap: 0000000000000000 Error: 0000000000000000 523: 2019-06-05 13:36:40 <00197> OldMask: 0000000000000000 524: 2019-06-05 13:36:40 <00197> CR2: 0000000000000000 525: 2019-06-05 13:36:40 <00197> stack: 0x7fff4adca5b8 - 0x7fff4adcb800 526: 2019-06-05 13:36:40 <00197> Backtrace: [size="1"]527: 2019-06-05 13:36:40 <00197> [0x7f1ff42bbba0] => /usr/lib/x86_64-linux-gnu/libc.so.6[/size] 528: 2019-06-05 13:36:40 (epoll_pwait+0x00000020) liboffset 000f4ba0 [size="1"]529: 2019-06-05 13:36:40 <00197> [0x01dfb8d1] => /bin/miglogd[/size] [size="1"]530: 2019-06-05 13:36:40 <00197> [0x00ed25fa] => /bin/miglogd[/size] [size="1"]531: 2019-06-05 13:36:40 <00197> [0x0042ea44] => /bin/miglogd[/size] [size="1"]532: 2019-06-05 13:36:40 <00197> [0x0043529f] => /bin/miglogd[/size] [size="1"]533: 2019-06-05 13:36:40 <00197> [0x004321e8] => /bin/miglogd[/size] [size="1"]534: 2019-06-05 13:36:40 <00197> [0x004326de] => /bin/miglogd[/size] [size="1"]535: 2019-06-05 13:36:40 <00197> [0x00434584] => /bin/miglogd[/size] [size="1"]536: 2019-06-05 13:36:40 <00197> [0x00434ee7] => /bin/miglogd[/size] [size="1"]537: 2019-06-05 13:36:40 <00197> [0x7f1ff41e7eaa] => /usr/lib/x86_64-linux-gnu/libc.so.6[/size] 538: 2019-06-05 13:36:40 (__libc_start_main+0x000000ea) liboffset 00020eaa [size="1"]539: 2019-06-05 13:36:40 <00197> [0x0042b7da] => /bin/miglogd[/size] 540: 2019-06-05 13:38:40 the killed daemon is /bin/miglogd: status=0x0 Crash log interval is 3600 seconds miglogd crashed 1 times. The last crash was at 2019-06-05 13:36:40
After that DNS records started flowing and populating in FAZ again! We are not sure of the cause or how to replicate. But it appears to be resolved. We will monitor to see if the logs keep flowing as they should now.
23 REPLIES 23
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any further feedback on 6.0.5? Does the community feel that this stable enough? (SSLVPN, BGP, AV, etc.)
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Patched a couple of FGT50e units that I had issues with hitting conserve mode on 6.0.4, after 48 hours memory is still 37% on the units, so looking good.
Will be scheduling in patching the rest of the estate to from 6.0.4 to 6.0.5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have hit an issue with matching on multiple RADIUS fortinet-groups returned from a FortiAuthenticator instance for SSL VPN users. Basically 6.0.5 appears to be only accepting one group and ignoring the rest. FTNT has reproduced on their side and tied it to known bug 0554529 seen in 6.2.0 and fixed in 6.2.1.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi streeb2021.
So the bug is only if a single user gets multiple fortinet-groups returned?
Wanted to clarify as I'm planning to move us from 5.6.9 to 6.0.5 soon.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tanr wrote:Hi streeb2021.
So the bug is only if a single user gets multiple fortinet-groups returned?
Wanted to clarify as I'm planning to move us from 5.6.9 to 6.0.5 soon.
I'm interested to, as 5.6.9 has a new vulnerability with the only known resolution is to go to 6+
https://fortiguard.com/psirt/FG-IR-19-034
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ddskier wrote:How come I have no option to upgrade to 6.0.5 from 5.6.9 , only those with invalid upgrade paths appeartanr wrote:Hi streeb2021.
So the bug is only if a single user gets multiple fortinet-groups returned?
Wanted to clarify as I'm planning to move us from 5.6.9 to 6.0.5 soon.
I'm interested to, as 5.6.9 has a new vulnerability with the only known resolution is to go to 6+
https://fortiguard.com/psirt/FG-IR-19-034
Is there something I am doing wrong?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you checking the valid upgrade paths shown by the widget at https://support.fortinet.com/Download/FirmwareImages.aspx?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We moved to 6.0.5 from 6.0.3 for an A-P HA pair of 501Es. We did this mainly because of the CVE notice related to SSL access vulns:
FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests
https://fortiguard.com/psirt/FG-IR-18-384
Unauthenticated SSL VPN users password modification
https://fortiguard.com/psirt/FG-IR-18-389
We are using most features related to advanced routing and NGFW proxy mode, but not switch/wifi controller, Device ID, or spam filtering. Two things I have seen:
My security rating went from +85 to -425. Seems mainly to be related to logging which relates to our other issue.
We were logging all DNS traffic via a DNS filter applied to traffic from our DNS servers. This worked fine in 6.0.3, but has stopped cold in 6.0.5. I have tried to disable/re-enable but no logs. FAZ shows last event received right after update. Using Splunk and a timechart I can clearly see a decrease in the amount and specific types of logs.
Release notes indicate there is a similar bug: 412649 In NGFW Policy mode, FortiGate does not create web filter logs.
but we still see webfilter logs. We have a decrease in all logs, but mainly the subtypes:
app-ctrl
dns-query
dns-response
I have opened ticket 3316524 with the TAC.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
we moved our AA Cluster from 5.6.8 to 6.0.5 last week, no issues regarding dns filter logs.
the only issue i saw was about a decreased forti ap performance after we moved them to 6.0.5 too.
The solution was to disable on-wire Rouge ap scanning.
Maybe you mixed something up regarding NGFW Policy and DNS Filter, if you did not set your Cluster in FLOW mode you
cannot create NGFW Policies.
Anyway this is a known issue since 5.6 i guess and still an issue even in 6.2.
sudo apt-get-rekt
sudo apt-get-rekt
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm. That is interesting. It was working fine for us in 6.0.3. We had a very clean config as we had to move from 500D to 501E and thus we upgraded our 500D from 5.6 to 6.03 and then diffed, importing policy stanzas into the 501E before deploying in HA. We monitor our logs in splunk. Before upgrading to 6.0.5, we were logging ~2G/day. Now ~1G/day. Will see what TAC says as I have sent them our config.
I don't understand this statement:
"Maybe you mixed something up regarding NGFW Policy and DNS Filter, if you did not set your Cluster in FLOW mode you cannot create NGFW Policies."
We do not use flow and have always used NGFW policies. We are in AP and not AA mode, so perhaps that is the difference?
Related Posts
- No instant result after passing an... 83 Views
- HTTP header injection 208 Views
- SSL VPN 215 Views
- Setting Up NAT64 to handle 64:ff9b::... 80 Views
- When connecting VPN from FortiClient getting... 204 Views
Labels
-
FortiGate
6,560 -
FortiClient
1,308 -
5.2
801 -
5.4
639 -
FortiManager
566 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
336 -
FortiAP
336 -
FortiClient EMS
266 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
61 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
25 -
Firewall policy
24 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
15 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
Virtual IP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
IP address management - IPAM
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
Traffic shaping policy
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Web profile
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiDB
3 -
Port policy
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
Fortinet Engage Partner Program
2 -
TACACS
1 -
4.0MR1
1 -
Schedule
1 -
Users
1 -
SDN connector
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Web rating
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Multicast routing
1 -
Email filter profile
1 -
Zone
1 -
Internet Service Database
1 -
Explicit proxy
1 -
System settings
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.