Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
storaid
Contributor

FortiOS v5.6.1 is released...!!

well...

after long time ago, now it's out...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
6 Solutions
storaid
Contributor

annoying bug..

JSON string....=^=

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

View solution in original post

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
emnoc
Esteemed Contributor III

Other problems noted in 5.6

 

 

1: the  diag debug flow show console enable is missing as a option

 

2: still can NOT upload a  x509 certificate via GUI ( pkcs12  or  via pem cert+key )

 

3: a valid certificate self-sign  for admingui access does NOT work no matter how or what type of certificate that we try to craft standard, wildcard or SAN if we paste it in via the cli "config vpn certificate local "

 

More to come ;)

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
emnoc
Esteemed Contributor III

Again my  FWF60D has hungs up.  We thought it crashed but come to find out the  HTTP process is hung.  Since this is a remote hosted FW, I'm downgrading ....Sorry but v5.6.1 is a no-go for me ;(

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
storaid

inexplicable radius server test:

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

View solution in original post

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
pcraponi
Contributor II

Maybe it's a database migration? Have you tried to format log-disk?

Regards, Paulo Raponi

View solution in original post

Regards, Paulo Raponi
thuynh_FTNT

keij wrote:

I can not see Local traffic (Fortigate's self traffic) in Foriview of ver5.6.1. In 5.2 were able to see the fortigate local traffic. Is it no longer visible in the 5.6 series?

Hi Keij, that is correct. We do not show local traffic in FortiView starting 5.6.0

View solution in original post

102 REPLIES 102
storaid

annoying...

I must say device detection in v5.6 totally to bad...

really...

in v5.2, the device detection, it's good...

most devices can be recognized.....

android, iphone, windows device...

 

but in v5.6, bad...

too bad....

especially windows device and mobile phone...

many time mostly these devices really cannot get good identification....

 

mostly they all "Unknown"...

just give me "Other Network Device" type....

 

device detection in v5.6, it is terrible I feel...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
storaid

FortiOS™ Handbook - Managing Devices

 

page 8

To configure device monitoring

1. Go to Network > Interfaces.

2. Edit the interface that you want to monitor devices on.

3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.

4. Select OK.

5. Repeat steps 2 through 4 for each interface that will monitor devices

 

#3

where is the Active Scanning???

WHERE??...

I don't find any something about it from CLI and GUI....

do NOT tell me this function is completely removed...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
thuynh_FTNT

storaid wrote:

FortiOS™ Handbook - Managing Devices

 

page 8

To configure device monitoring

1. Go to Network > Interfaces.

2. Edit the interface that you want to monitor devices on.

3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.

4. Select OK.

5. Repeat steps 2 through 4 for each interface that will monitor devices

 

#3

where is the Active Scanning???

WHERE??...

I don't find any something about it from CLI and GUI....

do NOT tell me this function is completely removed...

Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.

storaid

thuynh wrote:

storaid wrote:

FortiOS™ Handbook - Managing Devices

 

page 8

To configure device monitoring

1. Go to Network > Interfaces.

2. Edit the interface that you want to monitor devices on.

3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.

4. Select OK.

5. Repeat steps 2 through 4 for each interface that will monitor devices

 

#3

where is the Active Scanning???

WHERE??...

I don't find any something about it from CLI and GUI....

do NOT tell me this function is completely removed...

Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.

I have opened ticket to ask question about active-scan..

and I got the following reply:

The device identification active scan feature uses the port scanning feature provided by the VCM (Vulnerability and Compliance Management) feature. That implies that device active scanning is/was only supported on models that supported VCM.  The VCM feature was deprecated in FortiOS 5.4 and removed in FortiOS 5.6.  The SOC3 models went through the NPI process during that time and since VCM was being removed then no work was done to enable it to run on the SOC3.  It is by design of V5.6 that active scanning is not support on model which is using SOC3. 

---------------------------------------------------------------------------------------------------------------

plz improve device-identification accuracy for small box units in future FortiOS..

passive scan is so bad...

really...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
thuynh_FTNT

storaid wrote:

thuynh wrote:

storaid wrote:

FortiOS™ Handbook - Managing Devices

 

page 8

To configure device monitoring

1. Go to Network > Interfaces.

2. Edit the interface that you want to monitor devices on.

3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.

4. Select OK.

5. Repeat steps 2 through 4 for each interface that will monitor devices

 

#3

where is the Active Scanning???

WHERE??...

I don't find any something about it from CLI and GUI....

do NOT tell me this function is completely removed...

Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.

I have opened ticket to ask question about active-scan..

and I got the following reply:

The device identification active scan feature uses the port scanning feature provided by the VCM (Vulnerability and Compliance Management) feature. That implies that device active scanning is/was only supported on models that supported VCM.  The VCM feature was deprecated in FortiOS 5.4 and removed in FortiOS 5.6.  The SOC3 models went through the NPI process during that time and since VCM was being removed then no work was done to enable it to run on the SOC3.  It is by design of V5.6 that active scanning is not support on model which is using SOC3. 

---------------------------------------------------------------------------------------------------------------

plz improve device-identification accuracy for small box units in future FortiOS..

passive scan is so bad...

really...

Thanks Storaid. Regarding the passive scan, we had a design change since 5.2 so that is why you see a difference in the behaviour. We are aware of the limitation in the current version and are working on improvements. To help us identify your problem, can you open separate support ticket (if not already) for each of the case where a device is not detected properly by passive scan (active scan is disabled). We will need to look into each case separately (feel free to share your CSS ticket # here). Please provide the following info required for us to debug (especially packet capture of the device traffic during detection) 1. What is the FortiOS version

2. What is the Device/OS Identification database (diagnose autoupdate versions) 3. Is active scan enabled (it uses a different mechanism), if so, please test with active scan disabled, or provide active scan debug:

 

diagnose debug enable

diagnose debug application netscan 31

4. Output of device detection debug when the mis-identification occurs (you may need to delete the device entry in user device list so it can be detected again)

 

diagnose debug application src-vis -1

 

5. Packet capture of the device traffic to the interface during the detection period. Most crucial information.

6. Output of the device list (after detection is done)

dia user device list

 

 

 

 

storaid

thuynh wrote:

storaid wrote:

thuynh wrote:

storaid wrote:

FortiOS™ Handbook - Managing Devices

 

page 8

To configure device monitoring

1. Go to Network > Interfaces.

2. Edit the interface that you want to monitor devices on.

3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.

4. Select OK.

5. Repeat steps 2 through 4 for each interface that will monitor devices

 

#3

where is the Active Scanning???

WHERE??...

I don't find any something about it from CLI and GUI....

do NOT tell me this function is completely removed...

Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.

I have opened ticket to ask question about active-scan..

and I got the following reply:

The device identification active scan feature uses the port scanning feature provided by the VCM (Vulnerability and Compliance Management) feature. That implies that device active scanning is/was only supported on models that supported VCM.  The VCM feature was deprecated in FortiOS 5.4 and removed in FortiOS 5.6.  The SOC3 models went through the NPI process during that time and since VCM was being removed then no work was done to enable it to run on the SOC3.  It is by design of V5.6 that active scanning is not support on model which is using SOC3. 

---------------------------------------------------------------------------------------------------------------

plz improve device-identification accuracy for small box units in future FortiOS..

passive scan is so bad...

really...

Thanks Storaid. Regarding the passive scan, we had a design change since 5.2 so that is why you see a difference in the behaviour. We are aware of the limitation in the current version and are working on improvements. To help us identify your problem, can you open separate support ticket (if not already) for each of the case where a device is not detected properly by passive scan (active scan is disabled). We will need to look into each case separately (feel free to share your CSS ticket # here). Please provide the following info required for us to debug (especially packet capture of the device traffic during detection) 1. What is the FortiOS version

2. What is the Device/OS Identification database (diagnose autoupdate versions) 3. Is active scan enabled (it uses a different mechanism), if so, please test with active scan disabled, or provide active scan debug:

 

diagnose debug enable

diagnose debug application netscan 31

4. Output of device detection debug when the mis-identification occurs (you may need to delete the device entry in user device list so it can be detected again)

 

diagnose debug application src-vis -1

 

5. Packet capture of the device traffic to the interface during the detection period. Most crucial information.

6. Output of the device list (after detection is done)

dia user device list

 

hello, thuynh_FTNT

#5

"Packet capture of the device traffic to the interface during the detection period. Most crucial information."

It's from FortiOS to capture packet????

currently I have no FGT box units which supports Packet Capture have other workaround??

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
thuynh_FTNT

storaid wrote:

 

hello, thuynh_FTNT

#5

"Packet capture of the device traffic to the interface during the detection period. Most crucial information."

It's from FortiOS to capture packet????

currently I have no FGT box units which supports Packet Capture have other workaround??

Hi storaid, in that case, the following debug output is enough. It should contain some packet capture info as well

 

diagnose debug application src-vis -1

  1. disconnect device and delete the entry from device list. 2. use above cmd to start capturing the debug info and connect the device  3. stop capturing when the issue appear

 

 

 

 

storaid

can not access interface of npu-based vdom link.....

bug???

looks like inter vdom communication based on NPU is not working...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
storaid

assigned ip to npu0_vlink0:

FGT60E4Q16068668 (root) # diag ip address li IP=211.72.xx.ooo->211.72.xx.ooo/255.255.255.0 index=5 devname=wan1 IP=10.1.1.16->10.1.1.16/255.255.255.0 index=7 devname=dmz IP=10.1.160.16->10.1.160.16/255.255.255.0 index=15 devname=npu0_vlink0 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=18 devname=root IP=169.254.1.1->169.254.1.1/255.255.255.255 index=19 devname=ssl.root IP=10.2.140.16->10.2.140.16/255.255.255.0 index=23 devname=internal IP=10.2.105.16->10.2.105.16/255.255.255.0 index=24 devname=vlan105 IP=10.2.106.16->10.2.106.16/255.255.255.0 index=25 devname=vlan106 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=26 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=28 devname=vsys_fgfm

FGT60E4Q16068668 (root) # diag ip route li tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.16/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.255/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.16/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.255/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.16/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.255/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.16/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.255/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/8 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.1/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.255.255.255/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.1.1/32 pref=169.254.1.1 gwy=0.0.0.0 dev=19(ssl.root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.xx.ooo/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.255/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=211.72.70.254 flag=04 hops=255 oif=5(wan1) gwy=10.1.1.15 flag=04 hops=254 oif=7(dmz) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 211.72.xx.ooo/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=211.72.70.254 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 10.1.1.16/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/24 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->10.1.2.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/24 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/24 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/24 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->172.16.150.0/24 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.128/26 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.192/27 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.224/28 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.240/29 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->192.168.1.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/24 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1)

 

assigned ip to npu0_vlink1:

FGT60E4Q16068668 (root) # diag ip address li IP=211.72.xx.ooo->211.72.xx.ooo/255.255.255.0 index=5 devname=wan1 IP=10.1.1.16->10.1.1.16/255.255.255.0 index=7 devname=dmz IP=10.1.160.16->10.1.160.16/255.255.255.0 index=16 devname=npu0_vlink1 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=18 devname=root IP=169.254.1.1->169.254.1.1/255.255.255.255 index=19 devname=ssl.root IP=10.2.140.16->10.2.140.16/255.255.255.0 index=23 devname=internal IP=10.2.105.16->10.2.105.16/255.255.255.0 index=24 devname=vlan105 IP=10.2.106.16->10.2.106.16/255.255.255.0 index=25 devname=vlan106 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=26 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=28 devname=vsys_fgfm

FGT60E4Q16068668 (root) # diag ip route li tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.16/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.255/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.0/32 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.16/32 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.255/32 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.16/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.255/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.16/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.255/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) --More-- tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.16/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.255/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/8 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.1/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.255.255.255/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.1.1/32 pref=169.254.1.1 gwy=0.0.0.0 dev=19(ssl.root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.xx.ooo/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.255/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=211.72.70.254 flag=04 hops=255 oif=5(wan1) gwy=10.1.1.15 flag=04 hops=254 oif=7(dmz) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 211.72.xx.ooo/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=211.72.70.254 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 10.1.1.16/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/24 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->10.1.2.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.0/24 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/24 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/24 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/24 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->172.16.150.0/24 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.128/26 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.192/27 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.224/28 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.240/29 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->192.168.1.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/24 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1)

 

I mean the npu0_vlink0 is broken????

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
Paul_S

Are the recent posts in this thread about 5.6.2 or is everyone talking about 5.6.1 like the topic title says?

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors