Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ddskier
Contributor

FortiOS 6.2.7 Out

FortiOS 6.2.7 is out.

 

Anyone brave enough to try it out?   Is the 6.2.x branch finally stable enough to upgrade from 6.0.11?

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
10 REPLIES 10
emnoc
Esteemed Contributor III

fortios 6.2 has been out for 14+ months. It should be very stable and specially with the 7th maintenance-release. IMHO

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
tioeudes

The main thing about this release is that only 6.2.6 and later are not vulnerable to this:[link]https://www.fortiguard.com/psirt/FG-IR-20-068[/link]

 

but 6.2.6 has this ipsec issue:

FortiOS 6.2.6 IKE process crash2020-11-25 Subject: FortiOS 6.2.6 IKE process crash Released: 2020-11-25 Modified: 2020-11-25 Product: FortiGate

Description:

Upon upgrading to FortiOS 6.2.6, a device with IPsec configured may experience IKE process crashes when any configuration change is made or an address change occur on a dynamic interface.

Potentially Affected Products:

FortiGate

Potentially Affected OS:

FortiOS 6.2.6

Workaround: Use software version 6.2.5 until FortiOS 6.2.7 is available

Resolution:

Fortinet has resolved the issue in the upcoming FortiOS 6.2.7. Contact Fortinet Technical Support to request a 6.2.6 special build hot fix for an interim solution for use until FortiOS 6.2.7 is available.

 

 

So upgrading to 6.2.7 would solve both situations.

 

 

 

 

 

Toshi_Esumi
Esteemed Contributor III

That bug 668554 is in resolved issue list in the release notes. I'll upgrade ours from the special patch to 6.2.7 this evening to see if it doesn't happen any more permanently. But the crash trigger mechanism didn't seem to be as simple as the description based on other reports for the crash. Please let all of us know who experienced the crash 6.2.6 like me if it doesn't happen to you any more.

 

Toshi

ddskier

emnoc wrote:

fortios 6.2 has been out for 14+ months. It should be very stable and specially with the 7th maintenance-release. IMHO

 

Ken Felix

Yeah there have been some show stopper bugs in the 6.2.x branch that has stopped us from upgrading to it.  I was hoping 6.2.7 would be stable enough to go up to.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
mike_dp

We had the IKE crash issue for tunnels with AWS and Cisco devices but not for other Fortigates devices. 6.2.7 has fixed this issue so far. Nothing in the crashlog so far in 3 days. IKE process used to crash at least 5-6 times a day on 6.2.6.

Fortigate : 80E, 80F, 100E, 200F, 300E : 6.4.6

FortiAnalyzer, ForticlientEMS

Fortigate : 80E, 80F, 100E, 200F, 300E : 6.4.6 FortiAnalyzer, ForticlientEMS
Toshi_Esumi
Esteemed Contributor III

Ours don't have any iked crash for last 2.5 days. Previously it happened a couple times a day.

Although there seemed to have been many way to trigger it, I'm guessing the direct cause was relatively simple and they must have fixed it right away, which is in this release. When I opened a TT, they sounded really confident and already had a patch available. So probably don't have to worry about it anymore at least with this release.

ddskier

toshiesumi wrote:

Ours don't have any iked crash for last 2.5 days. Previously it happened a couple times a day.

Although there seemed to have been many way to trigger it, I'm guessing the direct cause was relatively simple and they must have fixed it right away, which is in this release. When I opened a TT, they sounded really confident and already had a patch available. So probably don't have to worry about it anymore at least with this release.

Toshi has you gone up to 6.2.7?  How has your experience been?

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Toshi_Esumi
Esteemed Contributor III

so far no particular problems we encountered.

emnoc
Esteemed Contributor III

Fortios 6.2.7 was pushed out to 6x FGT50E with no issues.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Top Kudoed Authors