Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
storaid
Contributor

FortiOS v5.2.4 is out(Unstable GUI, Bad SSLVPN)....

a little disappointed..

no enhancements..

it's just a bugs fixed release....

[size="5"]definitely 1 of terrible f/w for FOS...[/size]

 

UNSTABLE GUI

[size="6"]ANNOYING SSL VPN problem..............[/size]

 

[size="3"]fortinet, I think you must quickly push out next fixed release or give some explains.........[/size]

 

201508020844, CSB-150730-1-Partial-Config-Loss

FortiGate models listed below may lose configuration pertaining to IPsec interface, virtual access point interface, loopback interface, or virtual-switch interface after a reboot when the FortiGate is deployed with FortiOS 5.2.4 with build number 0688 and time 150722.

FGT20C3X12000161 # get sys stat

Version: FortiGate-20C v5.2.4,build0688,150722 (GA)

Potentially Affected Products:

FortiGate: FG-20C, FG-20C-ADSL, FG-30D, FG-30D-PoE, FG-40C

FortiWiFi: FW-20C, FW-20C-ADSL, FW-30D, FW-30D-PoE, FW-40C

Resolution:

FortiOS 5.2.4 software images for the models above have been rebuilt and re-posted on the customer support web site with build number 0688 and time 150730.

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
2 Solutions
seadave
Contributor III

Why does this keep happening?  Fortinet makes such great hardware, but they have seriously burned some of us with bad firmware releases.  I'm a constant Fortinet advocate, but this kind of crap demonstrates a lack of QC and concern for the customer environment.  These type of issues should definitely be exposed by a good QC system and if the firmware has the potential to wipe a config, for godness sakes it should not be released.  Those of us who are long time Fortinet customers have learned to be wary of new releases and to always reboot the appliance, take a back up, and wait for others to expose the bugs, but it doesn't need to be that way with the right internal controls at Fortinet.  Pick up the slack guys.  You make a great product but you are tripping over your own feet when you release builds like this.

View solution in original post

GusTech

dfollis wrote:

Why does this keep happening?  Fortinet makes such great hardware, but they have seriously burned some of us with bad firmware releases.  I'm a constant Fortinet advocate, but this kind of **** demonstrates a lack of QC and concern for the customer environment.  These type of issues should definitely be exposed by a good QC system and if the firmware has the potential to wipe a config, for godness sakes it should not be released.  Those of us who are long time Fortinet customers have learned to be wary of new releases and to always reboot the appliance, take a back up, and wait for others to expose the bugs, but it doesn't need to be that way with the right internal controls at Fortinet.  Pick up the slack guys.  You make a great product but you are tripping over your own feet when you release builds like this.

Completely agree!! And this is NOT the first time this happens........

Fortigate <3

View solution in original post

Fortigate <3
111 REPLIES 111
storaid

https://support.fortinet.com/Information/Bulletin.aspx?section=46

Improvements to minimize this issue will be included in FortiOS 5.2.5 patch release and 5.4.0 minor release, the current ETA for release of both versions is December 2015.

Fortinet recommend customers to upgrade to FortiOS 5.2.5 or later as soon as it is available in order to minimize flash wear. Not doing so may result in a reduced life time of the device and cause high RMA return rates.

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
simonorch

The flash storage issue has me wondering if returning to the first design of the 60C might be a solution?

 

ie. having swapable SDHC cards. 

NSE8 Fortinet Expert partner - Norway

NSE8 Fortinet Expert partner - Norway
nping

simonorch wrote:

The flash storage issue has me wondering if returning to the first design of the 60C might be a solution?

 

ie. having swapable SDHC cards. 

Swapable flash would be great.

 

By the way, thanks for the hint. I had old end-of-support 60C with corrupted flash. I was not able to restore image and replacing it with new 60d was cheaper so it was just waiting for miracle to happen. Which just did!

 

I checked if my 60C had swapable flash after reading your post. It did not, but it turns out that you can plugin USB stick and install FortiOS to the stick. All you have to do is remove jumpers from the motherboard and restore image. After that the USB stick will be /dev/sda. Hard disk or USB Flash is not available anymore but it is otherwise running fine.

 

I would not use it for production tho :)

 

test60C # get hardware status Model name: FortiGate-60C ASIC version: CP0 ASIC SRAM: 64M CPU: FortiSOC Number of CPUs: 1 RAM: 439 MB Compact Flash: 3840 MB /dev/sda Hard disk: not available USB Flash: not available

 

 

 

seadave
Contributor III

That's an awesome hack!  Nice work.

storaid

anyone have confirmed release date for 5.2.5 again???

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
simonpt
New Contributor III

It's available now :)

GusTech

simonpt wrote:

It's available now :)

Is it safe? :D

Fortigate <3

Fortigate <3
Gerald_Gaugusch

Version 5.2.5 did not solve the SSL VPN Problem but i found a solution to fix it.

As I noticed that the Local-In Policy was not created I tried to play around with it.

 

My solution was to set multiple interfaces to listen on in the SSL - Settings menu.

After this it created the Local-In Policy automatically.

The SSL VPN worked.

Then I removed the unneeded interfaces and everything left fine.

 

I hope this trick works for you too.

 

kind regards

Gerald

Zulhardy
New Contributor

I've a 100D with WAN load balancing and noticed that my WAN2 GUI is not accessible if the weight is lower than my WAN1 connection. 

 

Submitted a support ticket and was told to downgrade back to 5.2.3. The GUI was than accessible on the WAN2 interface.

Zulhardy

TAC replied to my ticket about inaccesible GUI on low weight WAN Interface with WAN Linked Load Balanced configurations.

 

The bug (bug ID:0287871) will be fixed in the following patch release, which is 5.2.5. 

Top Kudoed Authors