build701
Appeared in the download portal....
but [size="5"]no enhancements?????[/size]
FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2
FSW224B x1
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Jeez....
no enhancements! Fortinet finally keeps it's promise and just fixes things. Lo and behold. Keep up the good work, give us a rock solid v5.2 and put all the fancy new stuff into v5.4.
just my 2ct
Hello,
Problems occurs with SSL Inspection on 5.2.5. If you use SSL Inspection, it's better to run 5.2.3 (stable).
Regards,
HA
Baptiste wrote:My 100d's are running 5.2.3 (dunno what they upgraded from, probably in the 5.0 range) but the upgrade went fine and they run 5.2.3 just fine. I've not had any specific bugs with 5.2.3 on them that I know about.Hello, I'm running 100D on 5.2.2, I saw on release notes that upgrade to 5.2.5 is only support from 5.2.3.
My question : is upgrade to 5.2.3 buggy ? or I can safely upgrade to 5.2.3 and then to 5.2.5 ?
Rn34 wrote:
My 100d's are running 5.2.3 (dunno what they upgraded from, probably in the 5.0 range) but the upgrade went fine and they run 5.2.3 just fine. I've not had any specific bugs with 5.2.3 on them that I know about.
do you get UTF errors when editing a firewall address group?
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Paul S wrote:Rn34 wrote:
My 100d's are running 5.2.3 (dunno what they upgraded from, probably in the 5.0 range) but the upgrade went fine and they run 5.2.3 just fine. I've not had any specific bugs with 5.2.3 on them that I know about.
do you get UTF errors when editing a firewall address group?
No, but most changes are through Fortimanager so something like that probably wouldn't apply.
Ok so I just completed update from 5.2.4 to 5.2.5 yesterday and today all our web rating overrides seem to not be working. We use a custome web rating category and mark that category exempt in ssl_ssh inspection. Even though it's marked exempt in that rating it was still being decrypted. After 2 support technicians and 2 hours on the phone. One of them believed it was a bug in 5.2.5. This isn't the first time I had an issue with local categories and web rating overrides but it wasn't as big of an impact. Right now we are using objects added to an object group to exempt the most critical sites. In the past there we had an issue and the system (on 5.2.4) would identify the site as "Found in cache" I have been trying to find how to purge and reload the web CATEGORIES. NOT the web cache. I only have actual web proxy cache testing on one rule using 40MBytes. If that's were it's stored, please let me know. Please let me know if anyone else is having any issues or can recommend any course of action. I asked for my ticket to be escalated, the tech seemed to ignore that request.
Everything else seems to functional in 5.2.5 for those not using web filtering.
I just read the previous post reguarding ssl inspection. I never ran on 5.2.3 and last I asked reverting would require us per the tech. To backup the config, wipe the device, downgrade, and reload the config. Not really anxious to do that.
ok noted HA thanks.
can i just remove ( temporary ) the ssl inspection from the policy filtering ?
You can remove it but you will not be able to filter websites and application control for MOST sites without it. Along with any DLP requirements. If you don't have that issue, go ahead and remove it.
so if i don't need the ssl inspection is bettere to choose 5.2.4 or the 5.2.5?
hi...
i have reverted from 5.2.5 to 5.2.4 build688
because yesterday night we are having internet access issue due to bugs in 5.2.5 ( ssl inspection error )
i have checked through command line that the ssl inspection already disable
but suddenly my clients can't get into internet access, the firewall seems working fine and successfully ping to internet.
access to https and also http not working.
so, i can't detect either the my client is having internet problem.
can u guys guide me on how to create a logs notifications for this kind of error. thanks
Ok ladies and gentlement. I just got off the phone with a great Level 2 TAC. I am on 5.2.5 and our custom web categories are working properly. There is a KNOWN bug slated for fix in 5.2.6 where the SSL_SSH Inspect engine is not progressing custome web categories in it's exemption list. Our work around is exempting an OBJECT GROUP, creating FQDN objects and adding them to that group. Let me know if any one has any questions regarding this.
Hello,
Do we need to defined full FQN (like update.microsoft.com) or can we use wildcard (*.microsoft.com) ?
Regards,
HA
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.