a little disappointed..
no enhancements..
it's just a bugs fixed release....
[size="5"]definitely 1 of terrible f/w for FOS...[/size]
UNSTABLE GUI
[size="6"]ANNOYING SSL VPN problem..............[/size]
[size="3"]fortinet, I think you must quickly push out next fixed release or give some explains.........[/size]
201508020844, CSB-150730-1-Partial-Config-Loss
FortiGate models listed below may lose configuration pertaining to IPsec interface, virtual access point interface, loopback interface, or virtual-switch interface after a reboot when the FortiGate is deployed with FortiOS 5.2.4 with build number 0688 and time 150722.
FGT20C3X12000161 # get sys stat
Version: FortiGate-20C v5.2.4,build0688,150722 (GA)
Potentially Affected Products:
FortiGate: FG-20C, FG-20C-ADSL, FG-30D, FG-30D-PoE, FG-40C
FortiWiFi: FW-20C, FW-20C-ADSL, FW-30D, FW-30D-PoE, FW-40C
Resolution:
FortiOS 5.2.4 software images for the models above have been rebuilt and re-posted on the customer support web site with build number 0688 and time 150730.
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Why does this keep happening? Fortinet makes such great hardware, but they have seriously burned some of us with bad firmware releases. I'm a constant Fortinet advocate, but this kind of crap demonstrates a lack of QC and concern for the customer environment. These type of issues should definitely be exposed by a good QC system and if the firmware has the potential to wipe a config, for godness sakes it should not be released. Those of us who are long time Fortinet customers have learned to be wary of new releases and to always reboot the appliance, take a back up, and wait for others to expose the bugs, but it doesn't need to be that way with the right internal controls at Fortinet. Pick up the slack guys. You make a great product but you are tripping over your own feet when you release builds like this.
dfollis wrote:Why does this keep happening? Fortinet makes such great hardware, but they have seriously burned some of us with bad firmware releases. I'm a constant Fortinet advocate, but this kind of **** demonstrates a lack of QC and concern for the customer environment. These type of issues should definitely be exposed by a good QC system and if the firmware has the potential to wipe a config, for godness sakes it should not be released. Those of us who are long time Fortinet customers have learned to be wary of new releases and to always reboot the appliance, take a back up, and wait for others to expose the bugs, but it doesn't need to be that way with the right internal controls at Fortinet. Pick up the slack guys. You make a great product but you are tripping over your own feet when you release builds like this.
Completely agree!! And this is NOT the first time this happens........
Fortigate <3
Hi everyone,
Can I ask if you can recommend already v5.2.4 for production as a new firmware? Or is it already advisable to upgrade to this version because as I back read those comments here, it seems that it's still full of bugs and errors that needs fix. Thank you for your replies.
Regards,
JAM
We've been running 5.2.4 on about 4 FortiGate and FortiWiFi 60D units for a while now with no known issues. We had a 5.2.3 unit running at 100% CPU. Support suggested upgrading firmware to 5.2.4 and so far it has been running well. None of the upgraded units use dual WAN connections which is one possible issue that I was warned about.
thank you for your info. But most of my clients are using dual wan connections and others is in wan link load balancing configuration. I'll just upgrade their firmware to v5.2.4 and observe for any issues stated on this forum. :)
Thank you.
Has anyone tried 5.2.4 on a 1500D or similar?
Have planned an upgrade of production env. this weekend. Have done some testing on a second cluster which are not in production yet, but fear the tests are of little relevance since there are almost no traffic there.
I'm waiting to do so on a 500D so interested in what you see. I'm also hesitant based on what others have reported here. We were getting updates quite often, but seems to have stalled on 5.2.4. Maybe Fortinet is focusing on 5.4? Thanks for any feedback you can provide.
What about 5.2.5??!!
Lucascat wrote:What about 5.2.5??!!
I heard the ETA for 5.2.5 is November.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Hi,
We updated our main 1500D cluster to 5.2.4 on Saturday. We have a fair amount of traffic on it.
So far we have not seen any major problems. It seams to be running smoothly, GUI works nicely with chrome again. In 5.2.2 it didn't work properly. Only trouble we have had, and that's probably caused by fortimanager upgrade to 5.2.4, is 4 UDP service objects being corrupted by some unexplained changes. Memory utilization seems to be lower, but I do not have trending for this at the moment.
We run the following on our boxes:
Statefull firewall in NAT/Route
Transparent VDOM
Antivirus
IPS
Web Filtering
Application Control
IPSEC tunnels
IPv6
We have not tested:
E-mail filtering
Wifi ctrl
DLP
Deep SSL inspection
So 5.2.x barely usable for critical production (perhaps for brave people). I used to be brave, but I'm not anymore.
5.0.x oficially End of Support.
Quite hard to understand...
OndrejD wrote:So 5.2.x barely usable for critical production (perhaps for brave people). I used to be brave, but I'm not anymore.
5.0.x oficially End of Support.
Hey,
hard for me to follow this discussion here. As I really don't see that many major issues with FOS 5.2.4
We run at least 100 boxes ranging from 30D to 800C with every major plattform inbetween being used on 5.2.4 for different customers... So every major feature of the Gates is being used - Besides the Virtual WAN or Wan link load balancing features, which we never use!
As far as I remember, we only had a few of issues - which I do not classify as major software troubles (like):
- some earlier boxes have memory issues (just because they don'#t have enough memory for 5.2.4) - like 1st gen 80Cs
- SSLVPN Deamon gets stuck and is not recoverable, after 4-8 weeks of uptime on some 200Bs - reboot needed
- wccp enabled policy is being completely ignored after some weeks of uptime - only a reboot fixed this (happened exactly once)
And there are some annoying GUI glitches here and there, like getting Data from the wrong VDOM or rarely getting logged out without a reason - but that doesn't happen very often and it also does not have impact on production traffic...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.