Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Same here, 6.2.3 is solid and works great.
Ken Felix
PCNSE
NSE
StrongSwan
We have both on but on all medium size 200 and 300Es, so it looks good for now. Will keep monitor.
Ken Felix
PCNSE
NSE
StrongSwan
ede_pfau wrote:Hi Ede, Today I upgraded to 6.2.3: 2x 81E HA - from version 6.0.8, all without any problems (SSL VPN, IPsec VPN, without UTM) 1x 61E - from version 6.0.8, all without any problems (SSL VPN, IPsec VPN, full UTM)thanks for responding - neither do I, I prefer to use a FAZ instead of an x1 model, better investment even in the short run...
everything is connected to FAZ200D, 6.0.7
only where I had in Custom device group in Policy after the update it changed to "all" - watch it.
Jirka
Hi there,
I have found an issue with 6.2.3 where emails with attachments sent from Outlook using SMTPS (465) were blocked. After disabling the UTM checks on the outbound policy the email functions returned to normal.
This firewall was upgraded Sunday the 12th, and the problem appeared on Monday morning the 13th. No other changes were performed on the firewall apart from the upgrade.
Upgraded FGT-92D from 6.2.2 build 1010 to 6.2.3 build 1066 and had a few issues.
1. SSL management stopped working - there were no logs regarding httpsd startup failiure; system global admin-server-cert was empty - had to reconfigure it from SSH;
2. Ever since the update (and later downgrade to 6.2.2) SSH key is recreated after a reboot. Can't find a log regarding it either;
3. The system is using PPPoE on uplink, had to manually change MTU on an email server behind it; downgrading back to 6.2.2 resolved the issue;
4. Have some issues with ipsec site2site connection, still looking what might be the cause.
Re IPSEC - it might be the same as issue I found - had to add the following to config vpn ipsec phase1-interface
set net-device disable
I think 6.2.3 has an undocumented change in default behavior and now enabled the setting by default
Hi there,
I have found an issue with 6.2.3 where emails with attachments sent from Outlook using SMTPS (465) were blocked. After disabling the UTM checks on the outbound policy the email functions returned to normal.
This firewall was upgraded Sunday the 12th, and the problem appeared on Monday morning the 13th. No other changes were performed on the firewall apart from the upgrade.
sigmasoftcz wrote:Hi Ede, yes, they do
[attachImg]https://forum.fortinet.com/download.axd?file=0;181980&where=message&f=lacp.jpg[/attachImg]
Jirka
Can you check if they now have "Redundant Interfaces" also?
Adding LACP support, that is technically way more complicated, but not simple port redundancy would be illogical.
I am pretty much sure there's an issue or a change in packet processing defaults regarding packet size/mtu/fragmentation between FortiOS 6.2.2 and 6.2.3. I am using FGT92D with PPPoE uplink (8 bytes of overhead) on an ordinary Ethernet link (1500 MTU). The system is a gateway for some TCP baced services (SSH, SMTP, POP3, IMAP, HTTPS, RDP, ...) behind a NAT (RFC1918 network) and when updating from 6.2.2 to 6.2.3 the connection drops when trying to let's say send an email over TLS, or even doing a "show full-configuration" over couple of SSH connections. I opened a ticket and did multiple tests with TAC Engineer and I am able to reproduce the issue every time when upgrading to 6.2.3. I could change tcp-mss-* values in every policy and/or set tcp-mss on an interface, but i'd really like the system would have the same processing of packets as it did in 6.2.2. Could someone that has a lab environment confirm this?
@Jirka:
Hi Ede, yes, they dogreat! Good news for us desktop model users. Thanks a lot for testing.
justme wrote:I am pretty much sure there's an issue or a change in packet processing defaults regarding packet size/mtu/fragmentation between FortiOS 6.2.2 and 6.2.3.
I've the same behaviour with a 100F and PPPoE WAN Connection. Back to 6.2.2 and it's working again.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.