well...
after long time ago, now it's out...
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
annoying bug..
JSON string....=^=
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Other problems noted in 5.6
1: the diag debug flow show console enable is missing as a option
2: still can NOT upload a x509 certificate via GUI ( pkcs12 or via pem cert+key )
3: a valid certificate self-sign for admingui access does NOT work no matter how or what type of certificate that we try to craft standard, wildcard or SAN if we paste it in via the cli "config vpn certificate local "
More to come ;)
PCNSE
NSE
StrongSwan
Again my FWF60D has hungs up. We thought it crashed but come to find out the HTTP process is hung. Since this is a remote hosted FW, I'm downgrading ....Sorry but v5.6.1 is a no-go for me ;(
PCNSE
NSE
StrongSwan
inexplicable radius server test:
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Maybe it's a database migration? Have you tried to format log-disk?
Regards, Paulo Raponi
keij wrote:I can not see Local traffic (Fortigate's self traffic) in Foriview of ver5.6.1. In 5.2 were able to see the fortigate local traffic. Is it no longer visible in the 5.6 series?
Hi Keij, that is correct. We do not show local traffic in FortiView starting 5.6.0
annoying...
I must say device detection in v5.6 totally to bad...
really...
in v5.2, the device detection, it's good...
most devices can be recognized.....
android, iphone, windows device...
but in v5.6, bad...
too bad....
especially windows device and mobile phone...
many time mostly these devices really cannot get good identification....
mostly they all "Unknown"...
just give me "Other Network Device" type....
device detection in v5.6, it is terrible I feel...
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
FortiOS™ Handbook - Managing Devices
page 8
To configure device monitoring
1. Go to Network > Interfaces.
2. Edit the interface that you want to monitor devices on.
3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.
4. Select OK.
5. Repeat steps 2 through 4 for each interface that will monitor devices
#3
where is the Active Scanning???
WHERE??...
I don't find any something about it from CLI and GUI....
do NOT tell me this function is completely removed...
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
storaid wrote:Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.FortiOS™ Handbook - Managing Devices
page 8
To configure device monitoring
1. Go to Network > Interfaces.
2. Edit the interface that you want to monitor devices on.
3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.
4. Select OK.
5. Repeat steps 2 through 4 for each interface that will monitor devices
#3
where is the Active Scanning???
WHERE??...
I don't find any something about it from CLI and GUI....
do NOT tell me this function is completely removed...
thuynh wrote:storaid wrote:Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.FortiOS™ Handbook - Managing Devices
page 8
To configure device monitoring
1. Go to Network > Interfaces.
2. Edit the interface that you want to monitor devices on.
3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.
4. Select OK.
5. Repeat steps 2 through 4 for each interface that will monitor devices
#3
where is the Active Scanning???
WHERE??...
I don't find any something about it from CLI and GUI....
do NOT tell me this function is completely removed...
I have opened ticket to ask question about active-scan..
and I got the following reply:
The device identification active scan feature uses the port scanning feature provided by the VCM (Vulnerability and Compliance Management) feature. That implies that device active scanning is/was only supported on models that supported VCM. The VCM feature was deprecated in FortiOS 5.4 and removed in FortiOS 5.6. The SOC3 models went through the NPI process during that time and since VCM was being removed then no work was done to enable it to run on the SOC3. It is by design of V5.6 that active scanning is not support on model which is using SOC3.
---------------------------------------------------------------------------------------------------------------
plz improve device-identification accuracy for small box units in future FortiOS..
passive scan is so bad...
really...
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
storaid wrote:thuynh wrote:storaid wrote:Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.FortiOS™ Handbook - Managing Devices
page 8
To configure device monitoring
1. Go to Network > Interfaces.
2. Edit the interface that you want to monitor devices on.
3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.
4. Select OK.
5. Repeat steps 2 through 4 for each interface that will monitor devices
#3
where is the Active Scanning???
WHERE??...
I don't find any something about it from CLI and GUI....
do NOT tell me this function is completely removed...
I have opened ticket to ask question about active-scan..
and I got the following reply:
The device identification active scan feature uses the port scanning feature provided by the VCM (Vulnerability and Compliance Management) feature. That implies that device active scanning is/was only supported on models that supported VCM. The VCM feature was deprecated in FortiOS 5.4 and removed in FortiOS 5.6. The SOC3 models went through the NPI process during that time and since VCM was being removed then no work was done to enable it to run on the SOC3. It is by design of V5.6 that active scanning is not support on model which is using SOC3.
---------------------------------------------------------------------------------------------------------------
plz improve device-identification accuracy for small box units in future FortiOS..
passive scan is so bad...
really...
Thanks Storaid. Regarding the passive scan, we had a design change since 5.2 so that is why you see a difference in the behaviour. We are aware of the limitation in the current version and are working on improvements. To help us identify your problem, can you open separate support ticket (if not already) for each of the case where a device is not detected properly by passive scan (active scan is disabled). We will need to look into each case separately (feel free to share your CSS ticket # here). Please provide the following info required for us to debug (especially packet capture of the device traffic during detection) 1. What is the FortiOS version
2. What is the Device/OS Identification database (diagnose autoupdate versions) 3. Is active scan enabled (it uses a different mechanism), if so, please test with active scan disabled, or provide active scan debug:
diagnose debug enable
diagnose debug application netscan 31
4. Output of device detection debug when the mis-identification occurs (you may need to delete the device entry in user device list so it can be detected again)
diagnose debug application src-vis -1
5. Packet capture of the device traffic to the interface during the detection period. Most crucial information.
6. Output of the device list (after detection is done)
dia user device list
thuynh wrote:hello, thuynh_FTNTstoraid wrote:thuynh wrote:storaid wrote:Hi Storaid, not all models have support for active scan. For example, FGT_80C does not but FWF_60D should.FortiOS™ Handbook - Managing Devices
page 8
To configure device monitoring
1. Go to Network > Interfaces.
2. Edit the interface that you want to monitor devices on.
3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.
4. Select OK.
5. Repeat steps 2 through 4 for each interface that will monitor devices
#3
where is the Active Scanning???
WHERE??...
I don't find any something about it from CLI and GUI....
do NOT tell me this function is completely removed...
I have opened ticket to ask question about active-scan..
and I got the following reply:
The device identification active scan feature uses the port scanning feature provided by the VCM (Vulnerability and Compliance Management) feature. That implies that device active scanning is/was only supported on models that supported VCM. The VCM feature was deprecated in FortiOS 5.4 and removed in FortiOS 5.6. The SOC3 models went through the NPI process during that time and since VCM was being removed then no work was done to enable it to run on the SOC3. It is by design of V5.6 that active scanning is not support on model which is using SOC3.
---------------------------------------------------------------------------------------------------------------
plz improve device-identification accuracy for small box units in future FortiOS..
passive scan is so bad...
really...
Thanks Storaid. Regarding the passive scan, we had a design change since 5.2 so that is why you see a difference in the behaviour. We are aware of the limitation in the current version and are working on improvements. To help us identify your problem, can you open separate support ticket (if not already) for each of the case where a device is not detected properly by passive scan (active scan is disabled). We will need to look into each case separately (feel free to share your CSS ticket # here). Please provide the following info required for us to debug (especially packet capture of the device traffic during detection) 1. What is the FortiOS version
2. What is the Device/OS Identification database (diagnose autoupdate versions) 3. Is active scan enabled (it uses a different mechanism), if so, please test with active scan disabled, or provide active scan debug:
diagnose debug enable
diagnose debug application netscan 31
4. Output of device detection debug when the mis-identification occurs (you may need to delete the device entry in user device list so it can be detected again)
diagnose debug application src-vis -1
5. Packet capture of the device traffic to the interface during the detection period. Most crucial information.
6. Output of the device list (after detection is done)
dia user device list
#5
"Packet capture of the device traffic to the interface during the detection period. Most crucial information."
It's from FortiOS to capture packet????
currently I have no FGT box units which supports Packet Capture have other workaround??
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
storaid wrote:
hello, thuynh_FTNT
#5
"Packet capture of the device traffic to the interface during the detection period. Most crucial information."
It's from FortiOS to capture packet????
currently I have no FGT box units which supports Packet Capture have other workaround??
Hi storaid, in that case, the following debug output is enough. It should contain some packet capture info as well
diagnose debug application src-vis -1
1. disconnect device and delete the entry from device list. 2. use above cmd to start capturing the debug info and connect the device 3. stop capturing when the issue appear
can not access interface of npu-based vdom link.....
bug???
looks like inter vdom communication based on NPU is not working...
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
assigned ip to npu0_vlink0:
FGT60E4Q16068668 (root) # diag ip address li IP=211.72.xx.ooo->211.72.xx.ooo/255.255.255.0 index=5 devname=wan1 IP=10.1.1.16->10.1.1.16/255.255.255.0 index=7 devname=dmz IP=10.1.160.16->10.1.160.16/255.255.255.0 index=15 devname=npu0_vlink0 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=18 devname=root IP=169.254.1.1->169.254.1.1/255.255.255.255 index=19 devname=ssl.root IP=10.2.140.16->10.2.140.16/255.255.255.0 index=23 devname=internal IP=10.2.105.16->10.2.105.16/255.255.255.0 index=24 devname=vlan105 IP=10.2.106.16->10.2.106.16/255.255.255.0 index=25 devname=vlan106 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=26 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=28 devname=vsys_fgfm
FGT60E4Q16068668 (root) # diag ip route li tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.16/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.255/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.16/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.255/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.16/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.255/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.16/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.255/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/8 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.1/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.255.255.255/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.1.1/32 pref=169.254.1.1 gwy=0.0.0.0 dev=19(ssl.root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.xx.ooo/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.255/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=211.72.70.254 flag=04 hops=255 oif=5(wan1) gwy=10.1.1.15 flag=04 hops=254 oif=7(dmz) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 211.72.xx.ooo/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=211.72.70.254 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 10.1.1.16/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/24 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->10.1.2.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/24 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/24 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/24 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->172.16.150.0/24 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.128/26 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.192/27 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.224/28 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.240/29 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->192.168.1.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/24 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1)
assigned ip to npu0_vlink1:
FGT60E4Q16068668 (root) # diag ip address li IP=211.72.xx.ooo->211.72.xx.ooo/255.255.255.0 index=5 devname=wan1 IP=10.1.1.16->10.1.1.16/255.255.255.0 index=7 devname=dmz IP=10.1.160.16->10.1.160.16/255.255.255.0 index=16 devname=npu0_vlink1 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=18 devname=root IP=169.254.1.1->169.254.1.1/255.255.255.255 index=19 devname=ssl.root IP=10.2.140.16->10.2.140.16/255.255.255.0 index=23 devname=internal IP=10.2.105.16->10.2.105.16/255.255.255.0 index=24 devname=vlan105 IP=10.2.106.16->10.2.106.16/255.255.255.0 index=25 devname=vlan106 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=26 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=28 devname=vsys_fgfm
FGT60E4Q16068668 (root) # diag ip route li tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.16/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.255/32 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.0/32 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.16/32 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.255/32 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.16/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.255/32 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.16/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.255/32 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) --More-- tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.16/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.255/32 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/8 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.1/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.255.255.255/32 pref=127.0.0.1 gwy=0.0.0.0 dev=18(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.1.1/32 pref=169.254.1.1 gwy=0.0.0.0 dev=19(ssl.root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.xx.ooo/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.255/32 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=211.72.70.254 flag=04 hops=255 oif=5(wan1) gwy=10.1.1.15 flag=04 hops=254 oif=7(dmz) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 211.72.xx.ooo/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=211.72.70.254 dev=5(wan1) tab=254 vf=0 scope=0 type=1 proto=17 prio=0 10.1.1.16/255.255.255.255/0->8.8.8.8/32 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.1.0/24 pref=10.1.1.16 gwy=0.0.0.0 dev=7(dmz) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->10.1.2.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.1.160.0/24 pref=10.1.160.16 gwy=0.0.0.0 dev=16(npu0_vlink1) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.105.0/24 pref=10.2.105.16 gwy=0.0.0.0 dev=24(vlan105) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.106.0/24 pref=10.2.106.16 gwy=0.0.0.0 dev=25(vlan106) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.2.140.0/24 pref=10.2.140.16 gwy=0.0.0.0 dev=23(internal) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->172.16.150.0/24 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.128/26 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.192/27 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.224/28 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=17 prio=10 0.0.0.0/0.0.0.0/0->172.16.150.240/29 pref=0.0.0.0 gwy=0.0.0.0 dev=19(ssl.root) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->192.168.1.0/24 pref=0.0.0.0 gwy=10.1.1.15 dev=7(dmz) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->211.72.70.0/24 pref=211.72.xx.ooo gwy=0.0.0.0 dev=5(wan1)
I mean the npu0_vlink0 is broken????
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Are the recent posts in this thread about 5.6.2 or is everyone talking about 5.6.1 like the topic title says?
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.