I had a conversation with an FTNT SE today about 6.2.4 problems. The major issues seem to boil down to below three issues:
1. DoS policy issue: It's still an known issue with 6.2.4 and not resolved, which is in the release notes.
2. IPS engine keeps crashing. A new engine is planned to be released soon. Then this would be resolved.
3. WAD memory leak issue is still not 100% resolved.
6.2.5 will fix these issues and come out relatively shortly although he couldn't tell me any target date. He recommended to wait for 6.2.5. But likely 6.0.10 comes out before 6.2.5.
By the way, FMG/FAZ 6.2.4 was to just fix vulnerabilities. They wanted to release it ASAP without waiting for bug fixes. Then 6.2.5 came out right after that with bug fixes. It was just coincidental they came out one after another.
Same happens here with one of our 200E Cluster, after a few hours no VIP or VirtualServer connections possible anymore. Even the FG Admin GUI was not available anymore from external, from Internal we could reach it. So we had to go back to 6.2.3 for now.
I've upgraded 2 x FWF50E to 6.2.4 - each unit has 1 x FAP221E as well. I got a report of the SSIDs not being visible on the network and noticed when I logged into both units, that both the 2.4 and 5G radios are showing grey in the Managed FortiAPs section. I've upgraded both 221Es to build 290 with no improvement.
The AP status itself is showing green/online. I haven't had a chance to reboot either FWF yet to see if this solves (restarting FAPs does not make any difference). Does anyone else have FAP issues?
"No problems so far on FortiWiFi60E/Fortigate 100D/100E Cluster."
The FG100D has the same bug, no VIP's after a few hours.
And today we had the same problem with a FortiWiFi60E! Wan interface was not reachable anymore 2 days after the upgrade from 6.2.3 to 6.2.4. We were even not able to reach the WAN Gateway of the provider, tunnels went down, no access to the Admin GUI from WAN side, from internal we still could log in. So also the FortiWiFi 60E has this troubles with 6.2.4. We had a remote session with Forti Support Engineer and he told us they have plenty of such tickes since 6.2.4 but he had no idea what happens so at the end we went also back to 6.2.3 on this device. from 11 devices we had to downgrade 3 for now, but I'm curious how long the other 60E devices will work without any issue.
What release would you recommend as most stable atm? We went from 6.0.9 with RDP disconnection bug, otherwise it worked fine.
I upgraded an FG200E from v6.0.9 to v6.0.10 last weekend and no problems ... and that RDP disconnect over SSL VPN connections is fixed (hallelujah) ... I will be staying on v6.0.10 for as long as possible. :)
It seems most folks are working on smaller boxes. Has anyone run this on a 1500D yet?
I've been holding out on 6.0.9 for months now and was really looking forward to getting on 6.2 but I use tons of VIPs and SSL-VPN is one of the most important things we run since COVID, so I can't afford these bugs. Guess I'll have to wait again. :(
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.