Yesterday i had a issue with 6.4.1 too, after 24 days in my homeoffice my internet access was gone, so i logged in to the 100E and the device shows "conserve mode".
I made a litte research and all the memory was used by "480" tasks with the name "node".
Now after a reboot the memory usage is going slowly straight up, so i think in a few days i must reboot the device again. At the moment i have 186 of the "node" tasks, and every few minutes i can count one more...
Thanks for the report. We are working on a fix for this issue for 6.4.2.
Hi, just updated my lab 60E and it broke DNS. I had to turn off DNS filter to get it to work.
I spoke to tech support. Their advice is to disable fortiguard-anycast and set udp port to 8888.
Apparently the option to change SDNS has been removed in 6.4.1 and disabling anycast re-enables SDNS access.
That's interesting. I had some DNS issues also. I used two Synology NAS as my internal DNS and I thought I was blocking those. I ended up enabling a DNS listener on the LAN interface and setting my Fortigate LAN IP as the forwarder IP for my Synology DNS. That worked. Fortigate is configured with Fortinet DNS IPs.
I've just updated my first FortiGate from 6.4.0 to 6.4.1. Initial testing looks good. Feels like this should have been the 6.4.0 release. New dashboards replace FortiView and the GUI just seems much faster.
Only issue I have found so far is they way SD-WAN is upgraded to SD-WAN Zones. Rather than upgrading the old SD-WAN interface to an SD-WAN Zone, member interfaces are added to separate SD-WAN Zones (virtual-wan-link and upg-zone-wan1 in my case).
This means that the old SD-WAN interface have been replaced with two zones in all policies and Interface Pair View can no longer be activated.
I assume I can just move the secondary interface to the virtual-wan-link zone and delete upg-zone-wan1 from all the rules, but am not certain. Also, the default route is still SD-WAN, so I'm not clear how traffic is now being routed.
In general, this looks like a good update, but I wish Fortinet had provided a bit more guidance around SD-WAN. I'll post again if I experience any issues.
>Only issue I have found so far is they way SD-WAN is upgraded to SD-WAN Zones. Rather than upgrading the old SD-WAN interface to an SD-WAN Zone, member interfaces are added to separate SD-WAN Zones (virtual-wan-link and upg-zone-wan1 in my case).
Hi there, did you use individual SD WAN member in firewall policy before the upgrade? If so, firmware upgrade will detect that and auto-create an "upg-zone-xxx" SD WAN zone for that member interface and move it there. If not, all SD WAN members should stay in a default "virtual-wan-link" zone.
Let me know if that's not the case. If so, please send me your related SD WAN config.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.