Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: FortiOS v5.2.4 is out....
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS v5.2.4 is out(Unstable GUI, Bad SSLVPN)....
a little disappointed..
no enhancements..
it's just a bugs fixed release....
[size="5"]definitely 1 of terrible f/w for FOS...[/size]
UNSTABLE GUI
[size="6"]ANNOYING SSL VPN problem..............[/size]
[size="3"]fortinet, I think you must quickly push out next fixed release or give some explains.........[/size]
201508020844, CSB-150730-1-Partial-Config-Loss
FortiGate models listed below may lose configuration pertaining to IPsec interface, virtual access point interface, loopback interface, or virtual-switch interface after a reboot when the FortiGate is deployed with FortiOS 5.2.4 with build number 0688 and time 150722.
FGT20C3X12000161 # get sys stat
Version: FortiGate-20C v5.2.4,build0688,150722 (GA)
Potentially Affected Products:
FortiGate: FG-20C, FG-20C-ADSL, FG-30D, FG-30D-PoE, FG-40C
FortiWiFi: FW-20C, FW-20C-ADSL, FW-30D, FW-30D-PoE, FW-40C
Resolution:
FortiOS 5.2.4 software images for the models above have been rebuilt and re-posted on the customer support web site with build number 0688 and time 150730.
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Solved! Go to Solution.
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Labels:
- Labels:
-
5.2
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why does this keep happening? Fortinet makes such great hardware, but they have seriously burned some of us with bad firmware releases. I'm a constant Fortinet advocate, but this kind of crap demonstrates a lack of QC and concern for the customer environment. These type of issues should definitely be exposed by a good QC system and if the firmware has the potential to wipe a config, for godness sakes it should not be released. Those of us who are long time Fortinet customers have learned to be wary of new releases and to always reboot the appliance, take a back up, and wait for others to expose the bugs, but it doesn't need to be that way with the right internal controls at Fortinet. Pick up the slack guys. You make a great product but you are tripping over your own feet when you release builds like this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dfollis wrote:Why does this keep happening? Fortinet makes such great hardware, but they have seriously burned some of us with bad firmware releases. I'm a constant Fortinet advocate, but this kind of **** demonstrates a lack of QC and concern for the customer environment. These type of issues should definitely be exposed by a good QC system and if the firmware has the potential to wipe a config, for godness sakes it should not be released. Those of us who are long time Fortinet customers have learned to be wary of new releases and to always reboot the appliance, take a back up, and wait for others to expose the bugs, but it doesn't need to be that way with the right internal controls at Fortinet. Pick up the slack guys. You make a great product but you are tripping over your own feet when you release builds like this.
Completely agree!! And this is NOT the first time this happens........
Fortigate <3
Fortigate <3
111 REPLIES 111
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We upgraded a FG300D from v5.2.2 to v5.2.4 last night and it didn't take long to find a policy had stopped working. It is just a simple policy that redirects http/https to a VIP address for a web server. I ran a flow trace on the console and found the traffic was "Denied by forward policy check (policy 0)" after the firmware upgrade, however I couldn't find any reason traffic would not match a policy. I downgraded to v5.2.3 and the policy started working right away.
Reading these posts, I wonder if there is a bug in the https service object, similar to the v5.2.2 "All" service group bug where the protocol number was changed in that release causing the All service group to be ignored. Other policies with https service objects appeared to work fine for me though and afaik it was just the one policy.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Flyshuffle,
Thank you for sharing about your upgrade.
It sounds like your issue might be related to the VIP since your other HTTPS rules worked. do the other HTTPS rules use a VIP?
Did you submit a ticket so the rest of the community can figure this out before we upgrade?
-Paul
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x,
FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM
5.6.5 | Fortimail 5.3.11 Network+, Security+
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Paul S wrote:Flyshuffle,
Thank you for sharing about your upgrade.
It sounds like your issue might be related to the VIP since your other HTTPS rules worked. do the other HTTPS rules use a VIP?
Did you submit a ticket so the rest of the community can figure this out before we upgrade?
-Paul
I think you're right. As far as I could tell other policies with HTTPS worked just fine, though I was pretty focused on a single problem when I was troubleshooting. I have a ticket open with Forticare and they mentioned that what I was seeing could be the result of a known bug in version 5.2.4, but could not say for certain without troubleshooting it with me. I needed to get back into production, so I downgraded to 5.2.3 and moved on.
Tech support also offered to work with me live if I wanted to upgrade to version 5.2.4 again, which I thought was cool. However, I am going to wait a bit longer before I feel comfortable attempting to upgrade again.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Flyshuffle wrote:
I think you're right. As far as I could tell other policies with HTTPS worked just fine, though I was pretty focused on a single problem when I was troubleshooting. I have a ticket open with Forticare and they mentioned that what I was seeing could be the result of a known bug in version 5.2.4, but could not say for certain without troubleshooting it with me. I needed to get back into production, so I downgraded to 5.2.3 and moved on.
Tech support also offered to work with me live if I wanted to upgrade to version 5.2.4 again, which I thought was cool. However, I am going to wait a bit longer before I feel comfortable attempting to upgrade again.
Thanks for the update. let me know if you do figure this one out. I am on version 5.2.3 and I already have a VIP issue with TLS 1.2 . 5.2.4 is suppose to fix it, but I don't want to trade one bug for a worse bug. Perhaps you can send them your entire config and suggest they do the upgrade in their lab. maybe they can determine if it is a bug without affecting your production. They may say no, but it is worth a try. I have had some success with these types of suggestions in the past.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x,
FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM
5.6.5 | Fortimail 5.3.11 Network+, Security+
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Flyshuffle wrote:We upgraded a FG300D from v5.2.2 to v5.2.4 last night and it didn't take long to find a policy had stopped working. It is just a simple policy that redirects http/https to a VIP address for a web server. I ran a flow trace on the console and found the traffic was "Denied by forward policy check (policy 0)" after the firmware upgrade, however I couldn't find any reason traffic would not match a policy. I downgraded to v5.2.3 and the policy started working right away.
Reading these posts, I wonder if there is a bug in the https service object, similar to the v5.2.2 "All" service group bug where the protocol number was changed in that release causing the All service group to be ignored. Other policies with https service objects appeared to work fine for me though and afaik it was just the one policy.
The "All" one was a fun time :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have noticed unstable connectivity to the web interface on models ranging from 60C/D up through 200D using 5.2.4. It is very annoying but if I had to choose an annoying bug over a vulnerability that makes the entire product line fail PCI audits I'd happily take the annoying. Too bad 5.2.4 has both problems.
https://forum.fortinet.com/tm.aspx?m=128617#129954
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgraded my 800c 3 weeks ago and seems to be stable. IE runs like garbage, Chrome is MUCH better. Previous version (5.0.9) would take forever to load my objects, but 5.2.4 seems to load them faster. My only problem is that I lost the capability to filter objects. I can filter policy, but not objects (addresses /services) Also, the new "add policy above/below" adds a disabled any/any rule that has cert inspection and NAT turned on by default, really annoying. I opened a ticket 3 weeks ago about the above and I have heard nothing.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We don't have any 5.2.4 devices, but yesterday I did a support session for a customer's 5.2.4 device. Committing a change like making a new address would take 5 minutes to process, the gui would hang. Absolutely silly.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IDK if that is of any help to you, but I can confirm that object filtering is working as intended on v5.2.3. Filter even are persistent when changing section/global view mode. I'm using FF 40.0.latest.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ede_pfau wrote:IDK if that is of any help to you, but I can confirm that object filtering is working as intended on v5.2.3. Filter even are persistent when changing section/global view mode. I'm using FF 40.0.latest.
It does as TAC is saying that in version 5.2.x they removed filtering for the search bar. However, he is confused as he is referencing page 16(document linked below) that talks about the new search bar for log viewer only.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Chrome Extension for VPN blocked by... 1 View
- Uneven CPU Load Distribution on FortiGate... 26 Views
- New 30G modell - cant activate... 83 Views
- Fortigate Rugged 60F unable to HA... 156 Views
- How is FortiOS 7.4.5 going for... 201 Views
Labels
-
FortiGate
8,475 -
FortiClient
1,718 -
5.2
801 -
FortiManager
713 -
5.4
639 -
FortiAnalyzer
548 -
FortiAP
458 -
FortiSwitch
457 -
6.0
416 -
FortiClient EMS
408 -
5.6
362 -
FortiMail
308 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
222 -
FortiWeb
200 -
5.0
196 -
IPsec
186 -
FortiNAC
177 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
98 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
75 -
Firewall policy
71 -
4.0MR3
64 -
FortiProxy
59 -
Fortivoice
53 -
FortiADC
53 -
High Availability
52 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
DNS
40 -
Routing
39 -
BGP
38 -
LDAP
38 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
33 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
26 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
24 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
SSL SSH inspection
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1661 | |
| 1077 | |
| 752 | |
| 443 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.