If you're having connectivity issues, check if DoS sensor is enabled. If so, disable it completely. That should resolve the issue you're seeing.
I had a conversation with an FTNT SE today about 6.2.4 problems. The major issues seem to boil down to below three issues:
1. DoS policy issue: It's still an known issue with 6.2.4 and not resolved, which is in the release notes.
2. IPS engine keeps crashing. A new engine is planned to be released soon. Then this would be resolved.
3. WAD memory leak issue is still not 100% resolved.
6.2.5 will fix these issues and come out relatively shortly although he couldn't tell me any target date. He recommended to wait for 6.2.5. But likely 6.0.10 comes out before 6.2.5.
By the way, FMG/FAZ 6.2.4 was to just fix vulnerabilities. They wanted to release it ASAP without waiting for bug fixes. Then 6.2.5 came out right after that with bug fixes. It was just coincidental they came out one after another.
My issue was that I upgraded 200E to 6.2.4 , 80E to 6.2.4 and FAZ to 6.2.5.
6.2.4 has DoS issue which breaks VIPs
6.2.X changes SSL Inspection w/ SSH which broke DUO 2FA for me, fix was easy, had to exclude url from inspection but took a bit to track down
FAZ 6.2.5 had to have some reliability feature turned off to work with <100E Fortigates
I also patched about 45 windows servers the same weekend. #neveragain
sebastiaan.koopmans@kuiken.nl wrote:We have upgraded our 300D and 500E Clusters and running FOS 6.2.4 now for 4 days without any issue!
sebastiaan.koopmans@kuiken.nl wrote:Can i ask you about services which you have active on 300D? SDWAN, SSLVPN, IPsec are there?We have upgraded our 300D and 500E Clusters and running FOS 6.2.4 now for 4 days without any issue!
Same happens here with one of our 200E Cluster, after a few hours no VIP or VirtualServer connections possible anymore. Even the FG Admin GUI was not available anymore from external, from Internal we could reach it. So we had to go back to 6.2.3 for now.
Error we have seen in the logs:
Date2020/05/17Time03:30:32Virtual DomainrootLog DescriptionApplication crashedSourceDevice ID FG200ETKXXXXXX UserAction Actioncrash SecurityLevel EventMessage Pid: 06054, application: csfd, Firmware: FortiGate-200E v6.2.4,build1112b1112,200511 (GA) (Release), Signal 11 received, Backtrace: [0x0072a98a] [0x00739235] [0x00738bd5] [0x013477f2] [0x01346841] [0x00728d76] [0x004337e0] [0x0043a70f] [0x00437438] [0x004379ee] [0x00439a0d] [0x0043a35f] [0x7fc533d73eaa [0x0043026a] OtherID 6827619440692035612 Time2020-05-17 03:30:29 Log ID 0100032546 TypeeventSub TypesystemLog event original timestamp 1589679033161450200 Timezone+0200csf time2020-05-17 03:30:32 itime_t1589679029
No problems so far on FortiWiFi60E/Fortigate 100D/100E Cluster.
Correction of my post from yesterday:
"No problems so far on FortiWiFi60E/Fortigate 100D/100E Cluster."
The FG100D has the same bug, no VIP's after a few hours.
Wow i cant remember such a huge bug impact for a minor release upgrade...
is there any official statement from Fortinet? wont they bring a quick hotfix?
i mean interruptions on vpn and vip is a realy huge impact and should be fixed asap...
NSE 8
NSE 1 - 7
I've upgraded 2 x FWF50E to 6.2.4 - each unit has 1 x FAP221E as well. I got a report of the SSIDs not being visible on the network and noticed when I logged into both units, that both the 2.4 and 5G radios are showing grey in the Managed FortiAPs section. I've upgraded both 221Es to build 290 with no improvement.
The AP status itself is showing green/online. I haven't had a chance to reboot either FWF yet to see if this solves (restarting FAPs does not make any difference). Does anyone else have FAP issues?
Wayne1 wrote:And today we had the same problem with a FortiWiFi60E! Wan interface was not reachable anymore 2 days after the upgrade from 6.2.3 to 6.2.4. We were even not able to reach the WAN Gateway of the provider, tunnels went down, no access to the Admin GUI from WAN side, from internal we still could log in. So also the FortiWiFi 60E has this troubles with 6.2.4. We had a remote session with Forti Support Engineer and he told us they have plenty of such tickes since 6.2.4 but he had no idea what happens so at the end we went also back to 6.2.3 on this device. from 11 devices we had to downgrade 3 for now, but I'm curious how long the other 60E devices will work without any issue.
Correction "No problems so far on FortiWiFi60E/Fortigate 100D/100E Cluster." The FG100D has the same bug, no VIP's after a few hours.
visk wrote:sebastiaan.koopmans@kuiken.nl wrote:We have upgraded our 300D and 500E Clusters and running FOS 6.2.4 now for 4 days without any issue!
sebastiaan.koopmans@kuiken.nl wrote:Can i ask you about services which you have active on 300D? SDWAN, SSLVPN, IPsec are there?We have upgraded our 300D and 500E Clusters and running FOS 6.2.4 now for 4 days without any issue!
We are using SSLVPN, IPsec, Full utm and Vips, until now no issues notified.
FortiAnalyzer / 6.4.0
FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6
FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0
FortiWeb VM / 6.3.2
FortiManager VM / 6.4.0
peterse wrote:What release would you recommend as most stable atm? We went from 6.0.9 with RDP disconnection bug, otherwise it worked fine.
I upgraded an FG200E from v6.0.9 to v6.0.10 last weekend and no problems ... and that RDP disconnect over SSL VPN connections is fixed (hallelujah) ... I will be staying on v6.0.10 for as long as possible. :)
What version did you upgraded those FWF50Es from? Have you compare the WTP profile for the FAP221E you are using before and after the upgrade?
It seems most folks are working on smaller boxes. Has anyone run this on a 1500D yet?
I've been holding out on 6.0.9 for months now and was really looking forward to getting on 6.2 but I use tons of VIPs and SSL-VPN is one of the most important things we run since COVID, so I can't afford these bugs. Guess I'll have to wait again. :(
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.