Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
storaid
Contributor

FortiOS v5.2.4 is out(Unstable GUI, Bad SSLVPN)....

a little disappointed..

no enhancements..

it's just a bugs fixed release....

[size="5"]definitely 1 of terrible f/w for FOS...[/size]

 

UNSTABLE GUI

[size="6"]ANNOYING SSL VPN problem..............[/size]

 

[size="3"]fortinet, I think you must quickly push out next fixed release or give some explains.........[/size]

 

201508020844, CSB-150730-1-Partial-Config-Loss

FortiGate models listed below may lose configuration pertaining to IPsec interface, virtual access point interface, loopback interface, or virtual-switch interface after a reboot when the FortiGate is deployed with FortiOS 5.2.4 with build number 0688 and time 150722.

FGT20C3X12000161 # get sys stat

Version: FortiGate-20C v5.2.4,build0688,150722 (GA)

Potentially Affected Products:

FortiGate: FG-20C, FG-20C-ADSL, FG-30D, FG-30D-PoE, FG-40C

FortiWiFi: FW-20C, FW-20C-ADSL, FW-30D, FW-30D-PoE, FW-40C

Resolution:

FortiOS 5.2.4 software images for the models above have been rebuilt and re-posted on the customer support web site with build number 0688 and time 150730.

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
2 Solutions
seadave
Contributor III

Why does this keep happening?  Fortinet makes such great hardware, but they have seriously burned some of us with bad firmware releases.  I'm a constant Fortinet advocate, but this kind of crap demonstrates a lack of QC and concern for the customer environment.  These type of issues should definitely be exposed by a good QC system and if the firmware has the potential to wipe a config, for godness sakes it should not be released.  Those of us who are long time Fortinet customers have learned to be wary of new releases and to always reboot the appliance, take a back up, and wait for others to expose the bugs, but it doesn't need to be that way with the right internal controls at Fortinet.  Pick up the slack guys.  You make a great product but you are tripping over your own feet when you release builds like this.

View solution in original post

GusTech

dfollis wrote:

Why does this keep happening?  Fortinet makes such great hardware, but they have seriously burned some of us with bad firmware releases.  I'm a constant Fortinet advocate, but this kind of **** demonstrates a lack of QC and concern for the customer environment.  These type of issues should definitely be exposed by a good QC system and if the firmware has the potential to wipe a config, for godness sakes it should not be released.  Those of us who are long time Fortinet customers have learned to be wary of new releases and to always reboot the appliance, take a back up, and wait for others to expose the bugs, but it doesn't need to be that way with the right internal controls at Fortinet.  Pick up the slack guys.  You make a great product but you are tripping over your own feet when you release builds like this.

Completely agree!! And this is NOT the first time this happens........

Fortigate <3

View solution in original post

Fortigate <3
111 REPLIES 111
YtseJam
New Contributor III

Hi everyone,

 

Can I ask if you can recommend already v5.2.4 for production as a new firmware? Or is it already advisable to upgrade to this version because as I back read those comments here, it seems that it's still full of bugs and errors that needs fix. Thank you for your replies.

 

Regards,

JAM

 

 

 

SecurityPlus

We've been running 5.2.4 on about 4 FortiGate and FortiWiFi 60D units for a while now with no known issues. We had a 5.2.3 unit running at 100% CPU. Support suggested upgrading firmware to 5.2.4 and so far it has been running well. None of the upgraded units use dual WAN connections which is one possible issue that I was warned about.

YtseJam
New Contributor III

thank you for your info. But most of my clients are using dual wan connections and others is in wan link load  balancing configuration. I'll just upgrade their firmware to v5.2.4 and observe for any issues stated on this forum. :)

Thank you.

andygfunk

Has anyone tried 5.2.4 on a 1500D or similar?

 

Have planned an upgrade of production env. this weekend. Have done some testing on a second cluster which are not in production yet, but fear the tests are of little relevance since there are almost no traffic there.

seadave

I'm waiting to do so on a 500D so interested in what you see.  I'm also hesitant based on what others have reported here.  We were getting updates quite often, but seems to have stalled on 5.2.4.  Maybe Fortinet is focusing on 5.4?  Thanks for any feedback you can provide.

Lucascat
New Contributor III

What about 5.2.5??!!

Paul_S

Lucascat wrote:

What about 5.2.5??!!

I heard the ETA for 5.2.5 is November.

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
andygfunk

Hi,

 

We updated our main 1500D cluster to 5.2.4 on Saturday. We have a fair amount of traffic on it.

 

So far we have not seen any major problems. It seams to be running smoothly, GUI works nicely with chrome again. In 5.2.2 it didn't work properly. Only trouble we have had, and that's probably caused by fortimanager upgrade to 5.2.4, is 4 UDP service objects being corrupted by some unexplained changes.  Memory utilization seems to be lower, but I do not have trending for this at the moment. 

 

We run the following on our boxes:

Statefull firewall in NAT/Route

Transparent VDOM

Antivirus

IPS

Web Filtering

Application Control

IPSEC tunnels

IPv6

 

We have not tested:

E-mail filtering

Wifi ctrl

DLP

Deep SSL inspection

FGTuser
New Contributor III

So 5.2.x barely usable for critical production (perhaps for brave people). I used to be brave, but I'm not anymore.

5.0.x oficially End of Support.

 

Quite hard to understand...

romanr
Valued Contributor

OndrejD wrote:

So 5.2.x barely usable for critical production (perhaps for brave people). I used to be brave, but I'm not anymore.

5.0.x oficially End of Support.

 

Hey,

 

hard for me to follow this discussion here. As I really don't see that many major issues with FOS 5.2.4

 

We run at least 100 boxes ranging from 30D to 800C with every major plattform inbetween being used on 5.2.4 for different customers... So every major feature of the Gates is being used - Besides the Virtual WAN or Wan link load balancing features, which we never use!

 

As far as I remember, we only had a few of issues - which I do not classify as major software troubles (like):

- some earlier boxes have memory issues (just because they don'#t have enough memory for 5.2.4) - like 1st gen 80Cs

- SSLVPN Deamon gets stuck and is not recoverable, after 4-8 weeks of uptime on some 200Bs - reboot needed

- wccp enabled policy is being completely ignored after some weeks of uptime - only a reboot fixed this (happened exactly once)

 

And there are some annoying GUI glitches here and there, like getting Data from the wrong VDOM or rarely getting logged out without a reason - but that doesn't happen very often and it also does not have impact on production traffic...

Labels
Top Kudoed Authors