Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
boozely25
New Contributor

FortiOS Upgrade to 5.6.3

We upgraded our 500D from 5.6.2 to 5.6.3. In Policy&Objects-->ipv4 Policy we lost all our section labels, there is no Column Name for Seq #,  and no option that I can find to to Create Section Labels. Is this a bug or is there something we need to turn back on?

2 Solutions
bommi
Contributor III

NSE 4/5/7
echo

We upgraded yesterday. Today when I started creating new rules, I was glad that our huge list of about 800 policies in many sections on our 1500D does not load 20 seconds any more -- after every return to the general list, and on the fastest browser that I could find for this (Firefox, and this used my computer's CPU power as it turned out). But the sections were all expanded. Strange. I collapsed them all one by one and few minutes later I found that they were expanded again when I went back to the list of policies. What? Then I found that thankfully, there is a right-click on any group that helps collapsing them all but returning to the list, they are all expanded. I thought we would open a ticket for this. Now, from the above link I saw that it has been written like that deliberately! Also, pgup, pgdown and arrows don't work when viewing policies (I guess they started working at one point but now it is gone) so I have to use mouse every time to scroll the huge list. I am sorry, but I don't understand this. Still, collapsing the list every time is still quicker than waiting for the list to load so there is improvement in time in everyday work.

View solution in original post

9 REPLIES 9
bommi
Contributor III

Fortinet removed the section labels:

http://kb.fortinet.com/kb/documentLink.do?externalID=FD40956

NSE 4/5/7

NSE 4/5/7
boozely25

Thank you

hecht
New Contributor

This is marked as a know issue.

I've got an answere from the support team.

Issue: There is no option to insert section label  Development has made major changes in the back-end of the GUI to fix many GUI related bugs.  Unfortunately, option "insert section label" has been removed from FortiOS v5.6.3.  Development is aware of that and there is a Feature Request already made to get this feature back.  I am afraid nothing much can be done from TAC support point of view, and we do not have an ETA of fix where this is coming back or not.

The bug is list in the release note as known issues (Bug ID 456566)

 

 

Jordan_Thompson_FTNT

This issue has been fixed in 5.4.8. You will also see a fix in 5.6.4 and 6.0.

 

The KB article will be updated to reflect that.

echo

We upgraded yesterday. Today when I started creating new rules, I was glad that our huge list of about 800 policies in many sections on our 1500D does not load 20 seconds any more -- after every return to the general list, and on the fastest browser that I could find for this (Firefox, and this used my computer's CPU power as it turned out). But the sections were all expanded. Strange. I collapsed them all one by one and few minutes later I found that they were expanded again when I went back to the list of policies. What? Then I found that thankfully, there is a right-click on any group that helps collapsing them all but returning to the list, they are all expanded. I thought we would open a ticket for this. Now, from the above link I saw that it has been written like that deliberately! Also, pgup, pgdown and arrows don't work when viewing policies (I guess they started working at one point but now it is gone) so I have to use mouse every time to scroll the huge list. I am sorry, but I don't understand this. Still, collapsing the list every time is still quicker than waiting for the list to load so there is improvement in time in everyday work.

tanr
Valued Contributor II

It's a bug (#458586) because it's a temporary performance workaround. 

They are supposed to fix it in 5.4.8 (out already) and 5.6.4.

 

See https://forum.fortinet.com/tm.aspx?m=155330.

laupin
New Contributor III

Hello,

 

I'm planning upgrade my two HA 1500D to 5.6.3 version. I'm at 5.4.4. I will like to hear about your experience with this version since you're using the same FGT models I have.

Do you use deep-inspection? if yes, have you had any problem with this? (bug 450693)

Is SSLVPN tunnel mode working Ok? (if you have it configured) (bug 441068)

Have you packets drops due it to NPU offload? (bug 436746)

What is your overall experience with this version? is it woth ?

 

Sorry to botehr you with so many questions, but I'm trying to have enough information before to planify the upgrade, and there's a lot of bug in all this versions.

 

Thanks in advance,

 

Laura

 

fortiboy
New Contributor

HI

Kindly advise me best practices to upgrade fortiOS 5.4.3 to 5.4.4 in HA active passive mode.

i have given 20 minutes of time for MW..

Do I need to break HA and upgrade one by one

or any confg alteration to be done to move traffic to secondary ?

thanks in advance !

 

Fortiboy

 

 

 

 

ede_pfau
Esteemed Contributor III

@fortiboy: why bother to hijack a thread? Opening one yourself is free on these forums...

 

Anyway, no, you don't need to do anything of what you suggested.

First, get the backup of both the master and (!) the slave unit - a management port is helpful.

Second, disable HA port monitoring if used. Re-enable ten minutes after the upgrade when everything has settled.

 

Then, in the WebGUI, start the upgrade. First, the slave will be upgraded, then the cluster fails over and the master is upgraded. Depending on your HA settings, the cluster will fail over again.

 

To obtain the shortest possible interruption (in the range of a few seconds) set the HA parameter 'HA priority' equal, and do not enable 'HA override'.

 

Finally, I would not upgrade to v5.4.4 because v5.4.10 is already published. That is, many bug fixes are available beyond v5.4.4.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors