https://docs.fortinet.com/product/fortigate/6.4
It's dropped support for the 30e / 50e, so I wont be able try and load into test lab :(
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Philippe,
Most of the monitor pages have been moved to the dashboard and can be added as widgets. This change is mentioned in the release notes here: https://docs.fortinet.com/document/fortigate/6.4.0/fortios-release-notes/743723/new-features-or-enha...
550911: Consolidate Monitor and FortiView pages.
FortiView and Monitor entries have been removed from the navigation bar. Most of the pages under them now show up as widgets in several newly added default dashboards. Exceptions being:
- WiFi Client Monitor, which has been renamed to WiFi Clients and moved to the WiFi & Switch Controller section.
- Modem and WAN OPT pages which will still show up under Monitor if the feature is enabled.
Hi all,
I've had 6.4 running on a 60E for 18 days now. No issues with the upgrade and very stable. I quite like some of the GUI rearragnements and the upgrade has resolved a few issues I was seeing in 6.2.3 so I'm impressed so far.
As others have commented I think a short list of features and known issues gives me more condidence in the 6.4 release going forward. Hope others have similar experience.
However, I had noticed today that memory usage had climbed a bit. Memory use was around 67% initialy but had crept up to 80% today- so not serious, but would have triggered "Conserve Mode" in another day or two.
I had seen some comments (Reddit I think?) of someone else reporting similar issues which they believed were caused by the IOT daemon.
So quick diag check of the iotd:-
diag test app iotd 2 iotd_mem_stats: alloc 2484424 free 734627 fail 0 now 258984944 max 258984944
.........
and then a iod restart:-
diag test app iotd 99
gave me the following post-restart iotd memory stats:-
diag test app iotd 2 iotd_mem_stats: alloc 1611 free 1 fail 0 now 253268 max 253268
.........
This dropped the overall memory use from 80% back to 67% again.
So might be one to look for, and may indicate a slow memory leak in the iotd process?
I'll keep an eye on it and raise a ticket if I see it continue.
Kind Regards,
Andy.
Hello.
I have same problem with 6.4 on 60E and VLAN with PPPoE on WAN interface. IP not received from Internet Provider.
I´ve downgrade to 6.2.
Bye.
Tipdrill wrote:- Vlan do not work, everything is configured correctly. I have vlans with realy dhcp for avaya phones and the traffic no longer passes. The policies are correct.
Likely encountered a known issue mentioned in the release notes here: https://docs.fortinet.com/document/fortigate/6.4.0/fortios-release-notes/236526/known-issues
VLANs on a FortiLink interface configured to use a hardware switch interface may fail to come up after upgrading or rebooting.
Can you disable `monitor-bandwidth` for the interface from the CLI (instructions below), remove the widget for it from the GUI and add it again and let me know if that helps? If it does work, then it is likely an issue that we are looking to fix in a subsequent patch.- The new GUI does not load the interface bandwidth widgets. They remain in continuous loading.
To disable `monitor-bandwidth` for an interface:
> config system interface
> edit [insert port you want to edit]
> set monitor-bandwidth disable
> end
Magnitude 8 wrote:I've upgraded a customer's 200E to FortiOS 6.4.0 and have found that iOS devices will no longer pass HTTP/HTTPS traffic when connected to a guest VLAN. The logs indicate DNS lookups are working, but no web traffic. Strange thing is that everything works fine on the corporate VLAN.
A packet capture on the guest VLAN doesn't reveal any web traffic is hitting the firewall, but this issue coincides with the firmware upgrade, so I find it hard to believe the issue is elsewhere.
Has anyone come across any issues with iOS devices on FortiOS 6.4.0?
See bug 622812: https://docs.fortinet.com/document/fortigate/6.4.0/fortios-release-notes/236526/known-issues
Bug 622812 doesn't describe the issue. FortiLink is not used.
brizvi wrote:
VLANs on a FortiLink interface configured to use a hardware switch interface may fail to come up after upgrading or rebooting.
Yep, i hit this on my lab setup, 60F with a couple of FSW 108E on 6.4.1, both on upgrade and reboot. Delete and reconfigure the vlans worked.
found an interesting little effect whilst doing so. If you delete references to a native vlan via network -> ref. in the gui, which works fine for objects and policies, you in fact delete the entire managed switch.
Update: downgrading to 6.2.2 resolved the issue for me.
I have previously downgraded these firewalls from 6.2.3 to 6.2.2 due to other bugs. The number of bugs in new firmware seems to have increased recently. Not sure if this is generally a problem, or related to the 200E models.
JasonXue_FTNT wrote:Hi Jason, Sure, happy to help. I’ve got a small script restarting the iotd each day- but I can stop that and let the memory use build up and pull those diag logs? What’s the best way to share the output? Kind Regards, Andy.
For Andy Bailey, Your case has been recorded in mantis 628489. Developer would like to get your input if possible: We will review the iotd code carefully to identify the issue. However, is it possible to collect log from the "diag debug app iotd -1" when observing mem leak? Thanks, Jason
Hi Andy,
You can either attach the log in this post, or you can email me with the attachment: jxue@fortinet.com.
As long as you see the memory is up significantly, you can send the log. Then developer can take a look.
Thanks,
Jason
Hi Magnitude 8,
"I've upgraded a customer's 200E to FortiOS 6.4.0 and have found that iOS devices will no longer pass HTTP/HTTPS traffic when connected to a guest VLAN. The logs indicate DNS lookups are working, but no web traffic. Strange thing is that everything works fine on the corporate VLAN."
So the issue is DNS traffic can pass through FGT200E but http/https can't? Could you kindly describe your topology and config of FGT200E (Or send mail to glli@fortinet.com)?
Thanks
Guanglei
Hi Andrew,
Developer has identified the root cause: FGT can’t resolve one of Iotd server so it keep consuming memory.
This function requires two server:
globaldevcollect.fortinet.net -- 173.243.138.31
globaldevquery.fortinet.net – can’t be resolved by 208.91.112.53
As for now, you can use following way to avoid memory increase. In the meanwhile FortiOS will make the fix to avoid memory increase upon server is not reachable.
Once both DNS and Fortiguard server (globaldevquery.fortinet.net) are ready, you also need to subscribe a contract “IOTH” to make the query work. Currently Fortinet support hasn’t made this contract (SKU) available.
Thanks,
Jason
FortiGate-301E # sh sys dns-database
config system dns-database
edit "1"
set domain "fortinet.net"
set authoritative disable
config dns-entry
edit 1
set hostname "globaldevquery"
set ip 173.243.138.31
next
end
next
end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.