Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you're having connectivity issues, check if DoS sensor is enabled. If so, disable it completely. That should resolve the issue you're seeing.
I had a conversation with an FTNT SE today about 6.2.4 problems. The major issues seem to boil down to below three issues:
1. DoS policy issue: It's still an known issue with 6.2.4 and not resolved, which is in the release notes.
2. IPS engine keeps crashing. A new engine is planned to be released soon. Then this would be resolved.
3. WAD memory leak issue is still not 100% resolved.
6.2.5 will fix these issues and come out relatively shortly although he couldn't tell me any target date. He recommended to wait for 6.2.5. But likely 6.0.10 comes out before 6.2.5.
By the way, FMG/FAZ 6.2.4 was to just fix vulnerabilities. They wanted to release it ASAP without waiting for bug fixes. Then 6.2.5 came out right after that with bug fixes. It was just coincidental they came out one after another.
My issue was that I upgraded 200E to 6.2.4 , 80E to 6.2.4 and FAZ to 6.2.5.
6.2.4 has DoS issue which breaks VIPs
6.2.X changes SSL Inspection w/ SSH which broke DUO 2FA for me, fix was easy, had to exclude url from inspection but took a bit to track down
FAZ 6.2.5 had to have some reliability feature turned off to work with <100E Fortigates
I also patched about 45 windows servers the same weekend. #neveragain
GUI slowness is apparently with Firefox (mine is 68.8.0). Chromium 81.0.4044.138 doesn't have the slowness.
Also I set up a VIPs (vipgrp: one for ICMP, another for TCP2200->22) to see it would break after some period.
toshiesumi wrote:Also did anyone else notice GUI is slower ("circling" a while when dig into deeper)? It maybe because my 50E is not so powerful. But I didn't notice it when it was running 6.0.9. I saw a similar comment at Reddit as well.
Yep noticed that too, the GUI often seems "stuck" even if the CPU is idle.
toshiesumi wrote:Also did anyone else notice GUI is slower ("circling" a while when dig into deeper)? It maybe because my 50E is not so powerful. But I didn't notice it when it was running 6.0.9. I saw a similar comment at Reddit as well.
Toshi, are you making comparison between 6.0.9 and 6.2.4 re performance, or did you use 6.2.3 before
I use 6.2.3 everywhere and always thought GUI is not as fast as 6.0.x, think I would loose my cool if it got worse
on 60F - for now some VIP stopped working, some VPN stopped working.
on 100D after 12 hours Internet interface (on VLANs) also stopped working.
What release would you recommend as most stable atm? We went from 6.0.9 with RDP disconnection bug, otherwise it worked fine.
Any experience with 6.4.0?
We have many Boxes running 6.2.3 without any Issues here. So I think that´s the way to go right now.
6.4.0 is running quite stable for the first GA, although the release was rushed to market. (FOS 6.4.1 is knocking at the door already). But I wouldnt recommend using 6.4.0 in productive environments.
Downgrading from 6.2.4 to 6.2.3 will cause configuration loss, or is it safe?
Or shall I downgrade to 6.2.3 and restore the 6.2.3 config?
When comparing both configs, I see a difference only in ENC password and certificate files.
peterse wrote:Downgrading from 6.2.4 to 6.2.3 will cause configuration loss, or is it safe?
Or shall I downgrade to 6.2.3 and restore the 6.2.3 config?
When comparing both configs, I see a difference only in ENC password and certificate files.
I downgraded a Box that was running quite a lot of Services (VPN, WLC, FSSO, Tokens) and the only thing that the diag deb config-error-log brought up was the invalid WTP Profiles for FAP431F e.g.
Running fine after downgrading to 6.2.3 for about 12 Hours now.
A basic FGT was updated last night outside of it took quite a long time to be able to login back in, the upgrade went with 0 issues
Ken Felix
PCNSE
NSE
StrongSwan
We have upgraded our 300D and 500E Clusters and running FOS 6.2.4 now for 4 days without any issue!
FortiAnalyzer / 6.4.0
FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6
FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0
FortiWeb VM / 6.3.2
FortiManager VM / 6.4.0
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.