Hi after an upgrade attempt all traffic stopped flowing.
Upon investigation I found the OSPF interface section has changed considerably and OSPF authentication commands were removed.
Is this known? Has anyone had it confirmed as a bug?
Rule base section headers were also removed. I'm concerned there are other features config elements that get removed. I reverted so can't easily check.
Any date for the next release of 5.6?
An example before and after:
edit "ospf_int_1" set interface "FM_1" set authentication md5 set md5-key 2 "ENC fasdfasdfsadfsadfqi/T8q3xQ9" set cost 6000 set dead-interval 40 set hello-interval 10
edit "ospf_int_1" set interface "FM_1" set ip 0.0.0.0 set authentication none set prefix-length 0 set retransmit-interval 5 set transmit-delay 1 set cost 6000 set priority 1 set dead-interval 40 set hello-interval 10 set hello-multiplier 0 set database-filter-out disable set mtu 0 set mtu-ignore disable set network-type broadcast set bfd global set status enable set resync-timeout 40 next
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It might be related to this bug:
435124 Cannot establish IPsec phase1 tunnel after upgrading from version 5.4.5 to 5.6.0. Workaround: After upgrading to 5.6.0, reconfigure all IPsec phase1 psksecret settings.
Probably OSPF key is lost as well during upgrade.
ETA for 5.6.3 was November 22, then November 30,...should be out soon.
Thanks @FGTuser for the info.
Looking at the release notes (out yesterday) that bug reference isn't included. I assume this means it didn't make this release?
https://docs.fortinet.com/uploaded/files/4088/fortios-v5.6.3-release-notes.pdf
It would be useful if anyone had a support ticket relating to this bug if they had confirmation either way. It might be missed from the release notes but included in the firmware. I can't readily test in a lab.
I just noticed this as well. I am building out a new location with a pair of 200E. I upgraded to the latest firmware (5.6.3, build 1547) and noticed it was not in the OSPF section.
I can revert to 5.4.x, but i would like to put this into production with the latest version. Plus, our other environments will eventually need to be upgraded to 5.6.x and I dont want to break them. It sounds like the MD5 gets stripped out and OSPF just breaks.
Hi, When I encountered this bug I removed OSPF auth from an adjacent router and traffic passed. This means that the MD5 hash deletion was the only issue (with OSPF). So I guess until a fix is in place it would be possible to remove OSPF auth in advance from all adjacencies and therefore not encounter during an upgrade.
That said, other posts on this forum suggest 5.6.3 could cause problems in other areas so we won't be using it in production.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.