Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
storaid
Contributor

Created on ‎07-27-2017 06:32 PM

FortiOS v5.6.1 is released...!!

well...

after long time ago, now it's out...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
106794
0 Kudos
6 Solutions
storaid
Contributor

Created on ‎07-27-2017 06:35 PM

annoying bug..

JSON string....=^=

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

View solution in original post

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
47988
0 Kudos
emnoc
Esteemed Contributor III
In response to SMabille

Created on ‎07-31-2017 10:50 PM

Other problems noted in 5.6

 

 

1: the  diag debug flow show console enable is missing as a option

 

2: still can NOT upload a  x509 certificate via GUI ( pkcs12  or  via pem cert+key )

 

3: a valid certificate self-sign  for admingui access does NOT work no matter how or what type of certificate that we try to craft standard, wildcard or SAN if we paste it in via the cli "config vpn certificate local "

 

More to come ;)

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
47988
0 Kudos
emnoc
Esteemed Contributor III
In response to thuynh_FTNT

Created on ‎08-02-2017 12:43 PM

Again my  FWF60D has hungs up.  We thought it crashed but come to find out the  HTTP process is hung.  Since this is a remote hosted FW, I'm downgrading ....Sorry but v5.6.1 is a no-go for me ;(

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
47987
0 Kudos
storaid
Contributor
In response to bommi

Created on ‎08-05-2017 08:52 PM

inexplicable radius server test:

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

View solution in original post

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
47988
0 Kudos
pcraponi
Contributor II
In response to keij

Created on ‎08-07-2017 02:09 PM

Maybe it's a database migration? Have you tried to format log-disk?

Regards, Paulo Raponi

View solution in original post

Regards, Paulo Raponi
47988
0 Kudos
thuynh_FTNT
Staff
Staff
In response to keij

Created on ‎09-06-2017 12:17 PM

keij wrote:

I can not see Local traffic (Fortigate's self traffic) in Foriview of ver5.6.1. In 5.2 were able to see the fortigate local traffic. Is it no longer visible in the 5.6 series?

Hi Keij, that is correct. We do not show local traffic in FortiView starting 5.6.0

View solution in original post

47988
0 Kudos
102 REPLIES 102
storaid
Contributor
In response to keij

Created on ‎09-05-2017 07:50 AM

annoying...

I must say device detection in v5.6 totally to bad...

really...

in v5.2, the device detection, it's good...

most devices can be recognized.....

android, iphone, windows device...

 

but in v5.6, bad...

too bad....

especially windows device and mobile phone...

many time mostly these devices really cannot get good identification....

 

mostly they all "Unknown"...

just give me "Other Network Device" type....

 

device detection in v5.6, it is terrible I feel...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
3504
0 Kudos
storaid
Contributor
In response to storaid

Created on ‎09-05-2017 08:04 AM

FortiOS™ Handbook - Managing Devices

 

page 8

To configure device monitoring

1. Go to Network > Interfaces.

2. Edit the interface that you want to monitor devices on.

3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.

4. Select OK.

5. Repeat steps 2 through 4 for each interface that will monitor devices

 

#3

where is the Active Scanning???

WHERE??...

I don't find any something about it from CLI and GUI....

do NOT tell me this function is completely removed...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
3504
0 Kudos
thuynh_FTNT
Staff
Staff
In response to storaid

Created on ‎09-18-2017 05:23 PM

storaid wrote:

FortiOS™ Handbook - Managing Devices

 

page 8

To configure device monitoring

1. Go to Network > Interfaces.

2. Edit the interface that you want to monitor devices on.

3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.

4. Select OK.

5. Repeat steps 2 through 4 for each interface that will monitor devices

 

#3

where is the Active Scanning???

WHERE??...

I don't find any something about it from CLI and GUI....

do NOT tell me this function is completely removed...

Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.

3504
0 Kudos
storaid
Contributor
In response to thuynh_FTNT

Created on ‎09-20-2017 03:44 AM

thuynh wrote:

storaid wrote:

FortiOS™ Handbook - Managing Devices

 

page 8

To configure device monitoring

1. Go to Network > Interfaces.

2. Edit the interface that you want to monitor devices on.

3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.

4. Select OK.

5. Repeat steps 2 through 4 for each interface that will monitor devices

 

#3

where is the Active Scanning???

WHERE??...

I don't find any something about it from CLI and GUI....

do NOT tell me this function is completely removed...

Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.

I have opened ticket to ask question about active-scan..

and I got the following reply:

The device identification active scan feature uses the port scanning feature provided by the VCM (Vulnerability and Compliance Management) feature. That implies that device active scanning is/was only supported on models that supported VCM.  The VCM feature was deprecated in FortiOS 5.4 and removed in FortiOS 5.6.  The SOC3 models went through the NPI process during that time and since VCM was being removed then no work was done to enable it to run on the SOC3.  It is by design of V5.6 that active scanning is not support on model which is using SOC3. 

---------------------------------------------------------------------------------------------------------------

plz improve device-identification accuracy for small box units in future FortiOS..

passive scan is so bad...

really...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
3504
0 Kudos
thuynh_FTNT
Staff
Staff
In response to storaid

Created on ‎09-20-2017 02:06 PM

storaid wrote:

thuynh wrote:

storaid wrote:

FortiOS™ Handbook - Managing Devices

 

page 8

To configure device monitoring

1. Go to Network > Interfaces.

2. Edit the interface that you want to monitor devices on.

3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.

4. Select OK.

5. Repeat steps 2 through 4 for each interface that will monitor devices

 

#3

where is the Active Scanning???

WHERE??...

I don't find any something about it from CLI and GUI....

do NOT tell me this function is completely removed...

Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.

I have opened ticket to ask question about active-scan..

and I got the following reply:

The device identification active scan feature uses the port scanning feature provided by the VCM (Vulnerability and Compliance Management) feature. That implies that device active scanning is/was only supported on models that supported VCM.  The VCM feature was deprecated in FortiOS 5.4 and removed in FortiOS 5.6.  The SOC3 models went through the NPI process during that time and since VCM was being removed then no work was done to enable it to run on the SOC3.  It is by design of V5.6 that active scanning is not support on model which is using SOC3. 

---------------------------------------------------------------------------------------------------------------

plz improve device-identification accuracy for small box units in future FortiOS..

passive scan is so bad...

really...

Thanks Storaid. Regarding the passive scan, we had a design change since 5.2 so that is why you see a difference in the behaviour. We are aware of the limitation in the current version and are working on improvements. To help us identify your problem, can you open separate support ticket (if not already) for each of the case where a device is not detected properly by passive scan (active scan is disabled). We will need to look into each case separately (feel free to share your CSS ticket # here). Please provide the following info required for us to debug (especially packet capture of the device traffic during detection) 1. What is the FortiOS version

2. What is the Device/OS Identification database (diagnose autoupdate versions) 3. Is active scan enabled (it uses a different mechanism), if so, please test with active scan disabled, or provide active scan debug:

 

diagnose debug enable

diagnose debug application netscan 31

4. Output of device detection debug when the mis-identification occurs (you may need to delete the device entry in user device list so it can be detected again)

 

diagnose debug application src-vis -1

 

5. Packet capture of the device traffic to the interface during the detection period. Most crucial information.

6. Output of the device list (after detection is done)

dia user device list

 

 

 

 

3514
0 Kudos
storaid
Contributor
In response to thuynh_FTNT

Created on ‎09-20-2017 09:38 PM

thuynh wrote:

storaid wrote:

thuynh wrote:

storaid wrote:

FortiOS™ Handbook - Managing Devices

 

page 8

To configure device monitoring

1. Go to Network > Interfaces.

2. Edit the interface that you want to monitor devices on.

3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.

4. Select OK.

5. Repeat steps 2 through 4 for each interface that will monitor devices

 

#3

where is the Active Scanning???

WHERE??...

I don't find any something about it from CLI and GUI....

do NOT tell me this function is completely removed...

Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.

I have opened ticket to ask question about active-scan..

and I got the following reply:

The device identification active scan feature uses the port scanning feature provided by the VCM (Vulnerability and Compliance Management) feature. That implies that device active scanning is/was only supported on models that supported VCM.  The VCM feature was deprecated in FortiOS 5.4 and removed in FortiOS 5.6.  The SOC3 models went through the NPI process during that time and since VCM was being removed then no work was done to enable it to run on the SOC3.  It is by design of V5.6 that active scanning is not support on model which is using SOC3. 

---------------------------------------------------------------------------------------------------------------

plz improve device-identification accuracy for small box units in future FortiOS..

passive scan is so bad...

really...

Thanks Storaid. Regarding the passive scan, we had a design change since 5.2 so that is why you see a difference in the behaviour. We are aware of the limitation in the current version and are working on improvements. To help us identify your problem, can you open separate support ticket (if not already) for each of the case where a device is not detected properly by passive scan (active scan is disabled). We will need to look into each case separately (feel free to share your CSS ticket # here). Please provide the following info required for us to debug (especially packet capture of the device traffic during detection) 1. What is the FortiOS version

2. What is the Device/OS Identification database (diagnose autoupdate versions) 3. Is active scan enabled (it uses a different mechanism), if so, please test with active scan disabled, or provide active scan debug:

 

diagnose debug enable

diagnose debug application netscan 31

4. Output of device detection debug when the mis-identification occurs (you may need to delete the device entry in user device list so it can be detected again)

 

diagnose debug application src-vis -1

 

5. Packet capture of the device traffic to the interface during the detection period. Most crucial information.

6. Output of the device list (after detection is done)

dia user device list

 

hello, thuynh_FTNT

#5

"Packet capture of the device traffic to the interface during the detection period. Most crucial information."

It's from FortiOS to capture packet????

currently I have no FGT box units which supports Packet Capture have other workaround??

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
3514
0 Kudos
thuynh_FTNT
Staff
Staff
In response to storaid

Created on ‎09-28-2017 01:32 PM

storaid wrote:

 

hello, thuynh_FTNT

#5

"Packet capture of the device traffic to the interface during the detection period. Most crucial information."

It's from FortiOS to capture packet????

currently I have no FGT box units which supports Packet Capture have other workaround??

Hi storaid, in that case, the following debug output is enough. It should contain some packet capture info as well

 

diagnose debug application src-vis -1

  1. disconnect device and delete the entry from device list. 2. use above cmd to start capturing the debug info and connect the device  3. stop capturing when the issue appear

 

 

 

 

3514
0 Kudos
storaid
Contributor
In response to thuynh_FTNT

Created on ‎10-06-2017 04:18 PM

can not access interface of npu-based vdom link.....

bug???

looks like inter vdom communication based on NPU is not working...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
3514
0 Kudos
storaid
Contributor
In response to storaid

Created on ‎10-06-2017 07:38 PM

assigned ip to npu0_vlink0:

FGT60E4Q16068668 (root) # diag ip address li IP=211.72.xx.ooo->211.72.xx.ooo/255.255.255.0 index=5 devname=wan1 IP=10.1.1.16->10.1.1.16/255.255.255.0 index=7 devname=dmz IP=10.1.160.16->10.1.160.16/255.255.255.0 index=15 devname=npu0_vlink0 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=18 devname=root IP=169.254.1.1->169.254.1.1/255.255.255.255 index=19 devname=ssl.root IP=10.2.140.16->10.2.140.16/255.255.255.0 index=23 devname=internal IP=10.2.105.16->10.2.105.16/255.255.255.0 index=24 devname=vlan105 IP=10.2.106.16->10.2.106.16/255.255.255.0 index=25 devname=vlan106 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=26 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=28 devname=vsys_fgfm

FGT60E4Q16068668 (root) # diag ip route li tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.16/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.255/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.16/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.255/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.16/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.255/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.16/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.255/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/8 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.1/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.255.255.255/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.1.1/32 pref=169.254.1.1 gwy=0.0.0.0 dev=19(ssl.root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.xx.ooo/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.255/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=211.72.70.254 flag=04 hops=255 oif=5(wan1) gwy=10.1.1.15 flag=04 hops=254 oif=7(dmz) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 211.72.xx.ooo/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=211.72.70.254 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 10.1.1.16/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/24 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->10.1.2.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/24 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/24 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/24 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->172.16.150.0/24 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.128/26 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.192/27 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.224/28 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.240/29 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->192.168.1.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/24 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1)

 

assigned ip to npu0_vlink1:

FGT60E4Q16068668 (root) # diag ip address li IP=211.72.xx.ooo->211.72.xx.ooo/255.255.255.0 index=5 devname=wan1 IP=10.1.1.16->10.1.1.16/255.255.255.0 index=7 devname=dmz IP=10.1.160.16->10.1.160.16/255.255.255.0 index=16 devname=npu0_vlink1 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=18 devname=root IP=169.254.1.1->169.254.1.1/255.255.255.255 index=19 devname=ssl.root IP=10.2.140.16->10.2.140.16/255.255.255.0 index=23 devname=internal IP=10.2.105.16->10.2.105.16/255.255.255.0 index=24 devname=vlan105 IP=10.2.106.16->10.2.106.16/255.255.255.0 index=25 devname=vlan106 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=26 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=28 devname=vsys_fgfm

FGT60E4Q16068668 (root) # diag ip route li tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.16/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.255/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.0/32 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.16/32 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.255/32 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.16/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.255/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.16/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.255/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) --More-- tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.16/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.255/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/8 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.1/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.255.255.255/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.1.1/32 pref=169.254.1.1 gwy=0.0.0.0 dev=19(ssl.root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.xx.ooo/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.255/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=211.72.70.254 flag=04 hops=255 oif=5(wan1) gwy=10.1.1.15 flag=04 hops=254 oif=7(dmz) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 211.72.xx.ooo/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=211.72.70.254 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 10.1.1.16/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/24 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->10.1.2.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.0/24 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/24 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/24 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/24 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->172.16.150.0/24 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.128/26 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.192/27 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.224/28 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.240/29 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->192.168.1.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/24 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1)

 

I mean the npu0_vlink0 is broken????

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
3514
0 Kudos
Paul_S
Contributor
In response to storaid

Created on ‎10-11-2017 02:35 PM

Are the recent posts in this thread about 5.6.2 or is everyone talking about 5.6.1 like the topic title says?

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
3514
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.