FortiOS 6.2.7 is out.
Anyone brave enough to try it out? Is the 6.2.x branch finally stable enough to upgrade from 6.0.11?
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
fortios 6.2 has been out for 14+ months. It should be very stable and specially with the 7th maintenance-release. IMHO
Ken Felix
PCNSE
NSE
StrongSwan
The main thing about this release is that only 6.2.6 and later are not vulnerable to this:[link]https://www.fortiguard.com/psirt/FG-IR-20-068[/link]
but 6.2.6 has this ipsec issue:
FortiOS 6.2.6 IKE process crash2020-11-25 Subject: FortiOS 6.2.6 IKE process crash Released: 2020-11-25 Modified: 2020-11-25 Product: FortiGateDescription:
Upon upgrading to FortiOS 6.2.6, a device with IPsec configured may experience IKE process crashes when any configuration change is made or an address change occur on a dynamic interface.
Potentially Affected Products:
FortiGate
Potentially Affected OS:
FortiOS 6.2.6
Workaround: Use software version 6.2.5 until FortiOS 6.2.7 is available
Resolution:
Fortinet has resolved the issue in the upcoming FortiOS 6.2.7. Contact Fortinet Technical Support to request a 6.2.6 special build hot fix for an interim solution for use until FortiOS 6.2.7 is available.
So upgrading to 6.2.7 would solve both situations.
That bug 668554 is in resolved issue list in the release notes. I'll upgrade ours from the special patch to 6.2.7 this evening to see if it doesn't happen any more permanently. But the crash trigger mechanism didn't seem to be as simple as the description based on other reports for the crash. Please let all of us know who experienced the crash 6.2.6 like me if it doesn't happen to you any more.
Toshi
emnoc wrote:fortios 6.2 has been out for 14+ months. It should be very stable and specially with the 7th maintenance-release. IMHO
Ken Felix
Yeah there have been some show stopper bugs in the 6.2.x branch that has stopped us from upgrading to it. I was hoping 6.2.7 would be stable enough to go up to.
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
We had the IKE crash issue for tunnels with AWS and Cisco devices but not for other Fortigates devices. 6.2.7 has fixed this issue so far. Nothing in the crashlog so far in 3 days. IKE process used to crash at least 5-6 times a day on 6.2.6.
Fortigate : 80E, 80F, 100E, 200F, 300E : 6.4.6
FortiAnalyzer, ForticlientEMS
Ours don't have any iked crash for last 2.5 days. Previously it happened a couple times a day.
Although there seemed to have been many way to trigger it, I'm guessing the direct cause was relatively simple and they must have fixed it right away, which is in this release. When I opened a TT, they sounded really confident and already had a patch available. So probably don't have to worry about it anymore at least with this release.
toshiesumi wrote:Toshi has you gone up to 6.2.7? How has your experience been?Ours don't have any iked crash for last 2.5 days. Previously it happened a couple times a day.
Although there seemed to have been many way to trigger it, I'm guessing the direct cause was relatively simple and they must have fixed it right away, which is in this release. When I opened a TT, they sounded really confident and already had a patch available. So probably don't have to worry about it anymore at least with this release.
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
so far no particular problems we encountered.
Fortios 6.2.7 was pushed out to 6x FGT50E with no issues.
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.