Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
storaid
Contributor

FortiOS v5.2.4 is out(Unstable GUI, Bad SSLVPN)....

a little disappointed..

no enhancements..

it's just a bugs fixed release....

[size="5"]definitely 1 of terrible f/w for FOS...[/size]

 

UNSTABLE GUI

[size="6"]ANNOYING SSL VPN problem..............[/size]

 

[size="3"]fortinet, I think you must quickly push out next fixed release or give some explains.........[/size]

 

201508020844, CSB-150730-1-Partial-Config-Loss

FortiGate models listed below may lose configuration pertaining to IPsec interface, virtual access point interface, loopback interface, or virtual-switch interface after a reboot when the FortiGate is deployed with FortiOS 5.2.4 with build number 0688 and time 150722.

FGT20C3X12000161 # get sys stat

Version: FortiGate-20C v5.2.4,build0688,150722 (GA)

Potentially Affected Products:

FortiGate: FG-20C, FG-20C-ADSL, FG-30D, FG-30D-PoE, FG-40C

FortiWiFi: FW-20C, FW-20C-ADSL, FW-30D, FW-30D-PoE, FW-40C

Resolution:

FortiOS 5.2.4 software images for the models above have been rebuilt and re-posted on the customer support web site with build number 0688 and time 150730.

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
2 Solutions
seadave
Contributor III

Why does this keep happening?  Fortinet makes such great hardware, but they have seriously burned some of us with bad firmware releases.  I'm a constant Fortinet advocate, but this kind of crap demonstrates a lack of QC and concern for the customer environment.  These type of issues should definitely be exposed by a good QC system and if the firmware has the potential to wipe a config, for godness sakes it should not be released.  Those of us who are long time Fortinet customers have learned to be wary of new releases and to always reboot the appliance, take a back up, and wait for others to expose the bugs, but it doesn't need to be that way with the right internal controls at Fortinet.  Pick up the slack guys.  You make a great product but you are tripping over your own feet when you release builds like this.

View solution in original post

GusTech

dfollis wrote:

Why does this keep happening?  Fortinet makes such great hardware, but they have seriously burned some of us with bad firmware releases.  I'm a constant Fortinet advocate, but this kind of **** demonstrates a lack of QC and concern for the customer environment.  These type of issues should definitely be exposed by a good QC system and if the firmware has the potential to wipe a config, for godness sakes it should not be released.  Those of us who are long time Fortinet customers have learned to be wary of new releases and to always reboot the appliance, take a back up, and wait for others to expose the bugs, but it doesn't need to be that way with the right internal controls at Fortinet.  Pick up the slack guys.  You make a great product but you are tripping over your own feet when you release builds like this.

Completely agree!! And this is NOT the first time this happens........

Fortigate <3

View solution in original post

Fortigate <3
111 REPLIES 111
GusTech

Jordan_Thompson_FTNT wrote:

BrUz wrote:

+ Google Chrome is unstable on all devices running 5.2.4.

You are likely running into this Google Chrome issue that causes certificate exemptions to be reset:-

 

https://code.google.com/p/chromium/issues/detail?id=513903

https://code.google.com/p/chromium/issues/detail?id=473390

 

It is not a FortiOS bug. Using a trusted certificate would solve the problem.

It happens only in 5.2.4. That does not happen in any of < -5.2.3 .. I login without problems, and after 1-2min I have to log in again.

Fortigate <3

Fortigate <3
Jordan_Thompson_FTNT

BrUz wrote:

 

It happens only in 5.2.4. That does not happen in any of < -5.2.3 .. I login without problems, and after 1-2min I have to log in again.

And that's why I said "likely" the same problem since there was no other information in the original report.

 

Can you provide more information about the problem? Chrome version, operating system, HTTP vs HTTPS access, and the specific symptoms that happens when you are forced to log in again? Errors from Chrome developer tools would be particularly helpful.

GusTech

Jordan_Thompson_FTNT wrote:

BrUz wrote:

 

It happens only in 5.2.4. That does not happen in any of < -5.2.3 .. I login without problems, and after 1-2min I have to log in again.

And that's why I said "likely" the same problem since there was no other information in the original report.

 

Can you provide more information about the problem? Chrome version, operating system, HTTP vs HTTPS access, and the specific symptoms that happens when you are forced to log in again? Errors from Chrome developer tools would be particularly helpful.

I have seen this from different computers at different sites, the last days in:

40C : 5.2.4

60D : 5.2.4

90D : 5.2.4

Computer1 (Win8.1pro_x64)Login to FWF90D: 21:36:?? browsing around in random places, falling out 21:37:50 with this screen:

Computer2 (Win7pro_x64)Login to FGT40C: 21:49:30 browsing around in random places, falling out 21:55:20.

 

It does not happen every time..

 

Then menu at the left side is still working(Can still click the menu), but the big gray window at the right side is failing..

I have not seen this in IE. I can provide more info, if you cannot recreate this.

Fortigate <3

Fortigate <3
Jordan_Thompson_FTNT

BrUz wrote:

 

It does not happen every time..

 

Then menu at the left side is still working(Can still click the menu), but the big gray window at the right side is failing..

I have not seen this in IE. I can provide more info, if you cannot recreate this.

Are you using HTTPS or HTTP? If HTTPS, are you using a self signed certificate or have you uploaded custom certificates to these devices?

 

Can you open developer tools in Chrome and include a screen capture of the "Network" tab when the right side starts failing?

simonpt
New Contributor III

BrUz wrote:

I have seen this from different computers at different sites, the last days in:

40C : 5.2.4

60D : 5.2.4

90D : 5.2.4

Computer1 (Win8.1pro_x64)Login to FWF90D: 21:36:?? browsing around in random places, falling out 21:37:50 with this screen:

Computer2 (Win7pro_x64)Login to FGT40C: 21:49:30 browsing around in random places, falling out 21:55:20.

 

It does not happen every time..

 

Then menu at the left side is still working(Can still click the menu), but the big gray window at the right side is failing..

I have not seen this in IE. I can provide more info, if you cannot recreate this.

I don't think this is caused by 5.2.4. We've been getting this on 5.0.12. We think it coincided with Chrome 44, which broke lots of things for us. We've reverted to using Firefox to log into our FGTs until either Google or Fortinet fix it.

Zulhardy
New Contributor

Another thing I'd like to add.

 

When I upgraded to 5.2.4, I noticed that about 20 WIFI clients were logged onto a single FortiAP 221B. I have five of them around the office where I work at and usually the clients are dispersed among the APs. After downgrading as per TAC advice (for another issue I posted above), the APs then started load balancing them and the usual client dispersal pattern was seen once again.

 

I think so far 5.2.3 is the most stable for me 100D and my FortiAP 221Bs. 

GusTech

Zulhardy wrote:

Another thing I'd like to add.

 

When I upgraded to 5.2.4, I noticed that about 20 WIFI clients were logged onto a single FortiAP 221B. I have five of them around the office where I work at and usually the clients are dispersed among the APs. After downgrading as per TAC advice (for another issue I posted above), the APs then started load balancing them and the usual client dispersal pattern was seen once again.

 

I think so far 5.2.3 is the most stable for me 100D and my FortiAP 221Bs. 

I have similar problems. FAP21B take all users and working fine.. But, no users are able to connect through local radio in fwf90d. 

Fortigate <3

Fortigate <3
seadave

BrUz wrote:

 

I think so far 5.2.3 is the most stable for my 100D and my FortiAP 221Bs. 

 

I agree.  We went from running 5.2.3 on a 100D to running it on a 500D and it is running without any issues that we have been able to detect.  I would say that when I migrated the config, I did it in blocks, by copying and pasting sections of the config file and uploading them via the script import option.  I had to prune/clean the sections with interface name changes using notepad++ but all in all it was a fairly smooth process.

garyxd
New Contributor

Made the huge mistake of upgrading a few customers from 5.2.3 to 5.2.4 last night.  Please do not install this firmware...

 

As some others have hinted, when more than one external interface is used in a load-balanced or virtual-wan-link configuration, external management and SSL VPN traffic stops working.  In one case, it is always asymmetric.  In one external interface, out the other.  No idea.  Fortinet confirmed the bug.  We've also seen lightly used units entering conserve mode.  The ones I upgraded included 100Ds, 300Ds, and 500Ds.

 

I'm not sure why this firmware is still available for download.  Lost some major points with customers today

Diabolicus23

I couldn't agree more...
Top Kudoed Authors