Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you're having connectivity issues, check if DoS sensor is enabled. If so, disable it completely. That should resolve the issue you're seeing.
I had a conversation with an FTNT SE today about 6.2.4 problems. The major issues seem to boil down to below three issues:
1. DoS policy issue: It's still an known issue with 6.2.4 and not resolved, which is in the release notes.
2. IPS engine keeps crashing. A new engine is planned to be released soon. Then this would be resolved.
3. WAD memory leak issue is still not 100% resolved.
6.2.5 will fix these issues and come out relatively shortly although he couldn't tell me any target date. He recommended to wait for 6.2.5. But likely 6.0.10 comes out before 6.2.5.
By the way, FMG/FAZ 6.2.4 was to just fix vulnerabilities. They wanted to release it ASAP without waiting for bug fixes. Then 6.2.5 came out right after that with bug fixes. It was just coincidental they came out one after another.
My issue was that I upgraded 200E to 6.2.4 , 80E to 6.2.4 and FAZ to 6.2.5.
6.2.4 has DoS issue which breaks VIPs
6.2.X changes SSL Inspection w/ SSH which broke DUO 2FA for me, fix was easy, had to exclude url from inspection but took a bit to track down
FAZ 6.2.5 had to have some reliability feature turned off to work with <100E Fortigates
I also patched about 45 windows servers the same weekend. #neveragain
@rpedrica, I think that grey icons are intentional. I thought you meant the entire row was greyed/dimmed out. I have 2.4Ghz disabled on my FAP221B. As the result both R1 and R2 are grey but R2 is dimmed. So if it's not dimmed, it's active.
If you're having connectivity issues, check if DoS sensor is enabled. If so, disable it completely. That should resolve the issue you're seeing.
I had a conversation with an FTNT SE today about 6.2.4 problems. The major issues seem to boil down to below three issues:
1. DoS policy issue: It's still an known issue with 6.2.4 and not resolved, which is in the release notes.
2. IPS engine keeps crashing. A new engine is planned to be released soon. Then this would be resolved.
3. WAD memory leak issue is still not 100% resolved.
6.2.5 will fix these issues and come out relatively shortly although he couldn't tell me any target date. He recommended to wait for 6.2.5. But likely 6.0.10 comes out before 6.2.5.
By the way, FMG/FAZ 6.2.4 was to just fix vulnerabilities. They wanted to release it ASAP without waiting for bug fixes. Then 6.2.5 came out right after that with bug fixes. It was just coincidental they came out one after another.
My issue was that I upgraded 200E to 6.2.4 , 80E to 6.2.4 and FAZ to 6.2.5.
6.2.4 has DoS issue which breaks VIPs
6.2.X changes SSL Inspection w/ SSH which broke DUO 2FA for me, fix was easy, had to exclude url from inspection but took a bit to track down
FAZ 6.2.5 had to have some reliability feature turned off to work with <100E Fortigates
I also patched about 45 windows servers the same weekend. #neveragain
Kevin Shanus wrote:I almost had a stroke reading your comment. Man, that makes for a long weekend.My issue was that I upgraded 200E to 6.2.4 , 80E to 6.2.4 and FAZ to 6.2.5.
6.2.4 has DoS issue which breaks VIPs
6.2.X changes SSL Inspection w/ SSH which broke DUO 2FA for me, fix was easy, had to exclude url from inspection but took a bit to track down
FAZ 6.2.5 had to have some reliability feature turned off to work with <100E Fortigates
I also patched about 45 windows servers the same weekend. #neveragain
Mike Pruett
Kevin Shanus wrote:My issue was that I upgraded 200E to 6.2.4 , 80E to 6.2.4 and FAZ to 6.2.5.
6.2.4 has DoS issue which breaks VIPs
6.2.X changes SSL Inspection w/ SSH which broke DUO 2FA for me, fix was easy, had to exclude url from inspection but took a bit to track down
FAZ 6.2.5 had to have some reliability feature turned off to work with <100E Fortigates
I also patched about 45 windows servers the same weekend. #neveragain
Hi @Kevin Shanus
Can you give more specifics about the faz feature that needed to be turned off?
Robby
rpedrica wrote:Kevin Shanus wrote:My issue was that I upgraded 200E to 6.2.4 , 80E to 6.2.4 and FAZ to 6.2.5.
6.2.4 has DoS issue which breaks VIPs
6.2.X changes SSL Inspection w/ SSH which broke DUO 2FA for me, fix was easy, had to exclude url from inspection but took a bit to track down
FAZ 6.2.5 had to have some reliability feature turned off to work with <100E Fortigates
I also patched about 45 windows servers the same weekend. #neveragain
Hi @Kevin Shanus
Can you give more specifics about the faz feature that needed to be turned off?
Robby
Second this request. Having a fit ATM trying to track down why logs from a pair of 61Es and a 60F running 6.2.4 sending logs to a FAZ running 6.2.5 are not showing up.
sanderl wrote:Genuine question: is this a supported/monitored forum by FTNT staff, or just happens to be here?
Ok, so now again trouble after 2 hours of previous post update. Rebooting was only solution. 50% mem and 4% cpu nothing unusual but couldn't have too much downtime... fortinet, please advise!
I think the answer from the community is roll back, and I'd raise a support ticket to TAC so you can get the official answer too.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.