Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
storaid
Contributor

Created on ‎07-27-2017 06:32 PM

FortiOS v5.6.1 is released...!!

well...

after long time ago, now it's out...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
104796
0 Kudos
6 Solutions
storaid
Contributor

Created on ‎07-27-2017 06:35 PM

annoying bug..

JSON string....=^=

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

View solution in original post

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
45990
0 Kudos
emnoc
Esteemed Contributor III
In response to SMabille

Created on ‎07-31-2017 10:50 PM

Other problems noted in 5.6

 

 

1: the  diag debug flow show console enable is missing as a option

 

2: still can NOT upload a  x509 certificate via GUI ( pkcs12  or  via pem cert+key )

 

3: a valid certificate self-sign  for admingui access does NOT work no matter how or what type of certificate that we try to craft standard, wildcard or SAN if we paste it in via the cli "config vpn certificate local "

 

More to come ;)

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
45990
0 Kudos
emnoc
Esteemed Contributor III
In response to thuynh_FTNT

Created on ‎08-02-2017 12:43 PM

Again my  FWF60D has hungs up.  We thought it crashed but come to find out the  HTTP process is hung.  Since this is a remote hosted FW, I'm downgrading ....Sorry but v5.6.1 is a no-go for me ;(

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
45989
0 Kudos
storaid
Contributor
In response to bommi

Created on ‎08-05-2017 08:52 PM

inexplicable radius server test:

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

View solution in original post

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
45990
0 Kudos
pcraponi
Contributor II
In response to keij

Created on ‎08-07-2017 02:09 PM

Maybe it's a database migration? Have you tried to format log-disk?

Regards, Paulo Raponi

View solution in original post

Regards, Paulo Raponi
45990
0 Kudos
thuynh_FTNT
Staff
Staff
In response to keij

Created on ‎09-06-2017 12:17 PM

keij wrote:

I can not see Local traffic (Fortigate's self traffic) in Foriview of ver5.6.1. In 5.2 were able to see the fortigate local traffic. Is it no longer visible in the 5.6 series?

Hi Keij, that is correct. We do not show local traffic in FortiView starting 5.6.0

View solution in original post

45990
0 Kudos
102 REPLIES 102
thuynh_FTNT
Staff
Staff
In response to keij

Created on ‎09-06-2017 12:17 PM

keij wrote:

I can not see Local traffic (Fortigate's self traffic) in Foriview of ver5.6.1. In 5.2 were able to see the fortigate local traffic. Is it no longer visible in the 5.6 series?

Hi Keij, that is correct. We do not show local traffic in FortiView starting 5.6.0

45991
0 Kudos
keij
New Contributor
In response to thuynh_FTNT

Created on ‎09-09-2017 01:44 AM

 

Hi Keij, that is correct. We do not show local traffic in FortiView starting 5.6.0

 

Thank you thuynh_FTNT.

I hope that function will be revived at the next revision.

 

4592
0 Kudos
hop_FTNT
Staff
Staff
In response to andrewbailey

Created on ‎08-02-2017 03:32 PM

Hi Andy,

 

"Xfer-fas" refers to FortiCloud. This message means FGT tried to submit files to FortiCloud based on Analytics config in AV profile. Please note, every day a free FortiSandbox account can submit ONLY 10 files to FortiCloud. The rest files will be dropped. I guess that is the reason you see the log every 10 minutes.

 

Would you please provide a full log entry, AV profile config, and FortiCloud account info, if you need further investigation.

 

Andy Bailey wrote:

One is this system log:-

 

"5 files were dropped by quard to xfer-fas: 0 reached max retries, 5 reached TTL." with a reason of "poor-network-condition"

 

These messages are occurring every 10 minutes and have been since the upgrade. There were no changes in config before the upgrade and I wasn't seeing this message previously. A bit of googling and searching these forums suggests it may relate to FortiAnalyer- but I don't have one, so this seems unlikely. Everything else is running well so I don't think this message relates to WAN connectivity. Any ideas anyone?

 

4592
0 Kudos
andrewbailey
Contributor II
In response to hop_FTNT

Created on ‎08-02-2017 11:48 PM

hop wrote:

Hi Andy,

 

"Xfer-fas" refers to FortiCloud. This message means FGT tried to submit files to FortiCloud based on Analytics config in AV profile. Please note, every day a free FortiSandbox account can submit ONLY 10 files to FortiCloud. The rest files will be dropped. I guess that is the reason you see the log every 10 minutes.

 

Would you please provide a full log entry, AV profile config, and FortiCloud account info, if you need further investigation.

 

Andy Bailey wrote:

One is this system log:-

 

"5 files were dropped by quard to xfer-fas: 0 reached max retries, 5 reached TTL." with a reason of "poor-network-condition"

 

These messages are occurring every 10 minutes and have been since the upgrade. There were no changes in config before the upgrade and I wasn't seeing this message previously. A bit of googling and searching these forums suggests it may relate to FortiAnalyer- but I don't have one, so this seems unlikely. Everything else is running well so I don't think this message relates to WAN connectivity. Any ideas anyone?

 

Thanks for the reply.

 

I dont think that is the issue- here.

 

I wasn't sending anything to FortiSandbox immediately after the upgrade to 5.6.1 and was still seeing the alarms. And I do have a fully paid FortiCloud account which supports FortiSandbox.

 

A few days after the upgrade to 5.6.1 I updated my AV profiles to start sending to FortiSandbox- that's working fine now with more than 10 files per day being happily sent and analysed.

 

I'll try and collect the info you are after later- but my FortiCoud (FortiSandbox) account uses the same details (email etc) as I use here if you want to take a look.

 

Kind Regards,

 

 

Andy.

4592
0 Kudos
brycemd
Contributor II
In response to rojekj

Created on ‎07-31-2017 08:33 AM

rojekj wrote:

More annoying bug is that the sslvpn service keeps restarting, breaking all active vpn connections.

THIS FIRMWARE IS SERIOUSLY BUGGY. Unusable for people using SSL VPN.

 

Man.. Does all new versions of FortiOS needs to have bugs that makes it unusable? EVERY?!

No, seriously, now I'm pissed. It has been over a year since we have Forti, and we still cannot use it because every new firmware has some serious bug.

Are you by chance using port 4433?

 

4602
0 Kudos
rojekj
New Contributor III
In response to brycemd

Created on ‎07-31-2017 10:49 PM

brycemd wrote:

rojekj wrote:

More annoying bug is that the sslvpn service keeps restarting, breaking all active vpn connections.

THIS FIRMWARE IS SERIOUSLY BUGGY. Unusable for people using SSL VPN.

 

Man.. Does all new versions of FortiOS needs to have bugs that makes it unusable? EVERY?!

No, seriously, now I'm pissed. It has been over a year since we have Forti, and we still cannot use it because every new firmware has some serious bug.

Are you by chance using port 4433?

 

 Nope, I'm using 443. I have read release notes very carefuly before upgrading and I was aware not to use 4433...

But anyway, changing port is something that wont happen in 800+ users enviroment. What, reconfigure everyones FortiClient? :D

4602
0 Kudos
MikePruett
Valued Contributor

Created on ‎07-31-2017 08:29 PM

Loaded on my personal 61E. So far so good. Fixes a lot of bugs but does still maintain some of the annoying ones I REALLY wish would go away.

Mike Pruett

Fortinet GURU | Fortinet Training Videos

Mike Pruett Fortinet GURU | Fortinet Training Videos
4602
0 Kudos
thuynh_FTNT
Staff
Staff
In response to MikePruett

Created on ‎08-02-2017 01:42 PM

MikePruett wrote:

Loaded on my personal 61E. So far so good. Fixes a lot of bugs but does still maintain some of the annoying ones I REALLY wish would go away.

Hi Mike, can you elaborate (with bug number if you have)? We can review those cases.

4602
0 Kudos
rojekj
New Contributor III

Created on ‎08-01-2017 01:47 AM

Another issue - cannot sync HA cluster in active-passive mode. Slave device always show out of sync.

This is is just too much for me. I've downgraded to 5.6.0, as this one has bugs that I can live with...

4602
0 Kudos
hop_FTNT
Staff
Staff

Created on ‎08-02-2017 02:37 PM

@Andy Bailey @SMabile @brycemd @bommi Send "Suspicious Files Only" option is always available in CLI. It is not available on GUI when create a new AV profile since 5.4.1. However, if you turn it on from CLI, GUI will still display it.

 

BTW, the GUI behavior, an option is shown on GUI only after it is configured from CLI, is adopted in some FOS GUI pages. For example, in proxy mode vdom, when a new AV profile is created on GUI, you WONT be able to see Inspection Mode option and Scan Mode option. Inspection Mode option and Scan Mode option starts to be shown on GUI once inspection-mode is explicitly set to flow from CLI.

4602
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.