Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
James_G
Contributor III

FortiOS 6.4.2 is out!

15 REPLIES 15
James_G
Contributor III

Lots (and lots) of bug fixes, no landslide new features, comes with IPS engine 6.032 that is designed to reduce memory usage by 50% on ips demons. Need to get testing!

andrewbailey

Hi folks,

 

I've pushed it out on a 60E.

 

The immediate impact I have noticed is the drop in memory usage- 68% before upgrade (6.4.1) and 48% after upgrade (6.4.2). Smae config, similar number of sessions before and after.

 

There are a huge number of bug fixes and looks like improvements from the IPS engine as James_G suggests. So far looks like a good move forward.

 

Kind Regards,

 

 

Andy.

Jirka1

Hi guys, what is the recommended upgrade path? Can I go to 6.4.2 directly from 6.2.4? On the support portal in the "Upgrade Patch" section version 6.4.2. miss. Thanks Jirka

TheJaeene

AAAAARGHHHHHH!!!!! FORTINET WHAT ARE YOU DOING!??!?

 

After upgrading my Lab 81E-PoE from 6.4.1 to 6.4.2 the hostapd daemon keeps crashing.

 

Edit: WPA3 SAE SSIDs will crash the hostapd process every time a WPA3 client tries to connect. Strangely when using WPA3 SAE Transition on the SSID the process does not crash, although the client connects via WPA3.

 

Fortinet: FIX IT!!!!! What happened to you QC? 

thuynh_FTNT

Edit: WPA3 SAE SSIDs will crash the hostapd process every time a WPA3 client tries to connect. Strangely when using WPA3 SAE Transition on the SSID the process does not crash, although the client connects via WPA3.

Hi there, sorry for the trouble and thank you for reporting the issue. We were able to track down the issue and fixed it for the next release. We'll update our Release Note to reflect this as well.

 

Tri

PeterK

We are currently on 6.0.9 and looking to upgrade.  Need to be able to wildcard policies which is in versions 6.2.2 and above.  Thinking of doing a double firmware jump up to 6.4.2.  Worried as this is our production environment in a hospital and would normally jump to higher revision of the previous firmware branch.  However the 6.2.x range seems to have had awful reviews, especially 6.2.4.

 

On the while 6.4.x in generally seems to be a lot better reviewed than previous branches.  On the whole would people recommend this firmware despite still being in an early release?  If we do a double jump though we will not be able to downgrade the standard way of switching partitions.  But if we are going to upgrade I cannot see the benefits of moving to 6.2.x.  I assume 6.4.x has been released so close to it due to issues with that branch.

 

James_G
Contributor III

peterkoszarek@nhs.net wrote:

We are currently on 6.0.9 and looking to upgrade.  Need to be able to wildcard policies which is in versions 6.2.2 and above.  Thinking of doing a double firmware jump up to 6.4.2.  Worried as this is our production environment in a hospital and would normally jump to higher revision of the previous firmware branch.  However the 6.2.x range seems to have had awful reviews, especially 6.2.4.

 

On the while 6.4.x in generally seems to be a lot better reviewed than previous branches.  On the whole would people recommend this firmware despite still being in an early release?  If we do a double jump though we will not be able to downgrade the standard way of switching partitions.  But if we are going to upgrade I cannot see the benefits of moving to 6.2.x.  I assume 6.4.x has been released so close to it due to issues with that branch.

 

I think 6.4.2 is better then 6.2.4, but possibly neither a ideal

 

Be careful about the wildcard policies, they might not work as you expect, they don't work for all traffic

PeterK
New Contributor

Thanks, unfortunately Microsoft have listed some wildcards so need to try but they are messy then can often negate other policies.

James_G
Contributor III

Have you looked into ISDB entries - we had some success with then for MS sources / destinations.

Labels
Top Kudoed Authors