That amount of clashes is nothing to worry about I'd say. On the LB-vdom I mentioned earlier the log shows 6-digit amounts of clashes. The clash counter is reset at reboot btw, and is not related to the current amount of sessions. It is just an ongoing counter.
To my knowledge, all restarts of applications with restart option 11 (segmentation fault) in FortiOS is seen as a crash. It doesn't have to mean anything bad per se. The OS recycles processes all the time using option 15 (graceful restart). When that doesn't work, it moves on to try to restart with option 11 wich will generate a log entry in the syslog. The recycle process continues all the time, buffers needs to be cleared etc etc. However, a constant restarting of the same application can also mean various problems - Memory leaks, buffer overflows etc.
I checked your log, but I can't see anything else then the PID and some weird ASCII-signs as application name. It does look kinda odd.
Check your logs and keep track of if the application crash log entries correlates with odd behaviour in the firewall, we're talking sudden reboots, functions and features stopping/not working.
What does "diagnose debug crashlog read" say?
Also, do a "diagnose sys top", a few times during the day. Do you have processes in Z or D state?
Are there must-have features in 5.4.x, that you are willing to go into production this soon into 5.4.x? Most veterans on this site would tell you to wait until patch 3 or 4. 5.2.6/7 is far more stable than 5.4. at this point.
I seem to remember someone saying that firmware updates that end in an odd number are mostly bug fixes and that those ending in an even number include enhancements? Is that correct? For example 5.4.1- bug fixes, 5.4.2-enhancements.
my view is following! If you compare to other releases like 5.0 and/or 5.2 it was always in this way that until Patch 3 - 5 there was coming new features this means listed as new feature in the "Whats-New" document. This means not that no bugfixes are done in Patch 3 - 5 this means mostly for me only following: As long as a Release hast some new features listed it is for me not acceptable for production use because new features will bring "probably" also new bugs" (we are talking about Security). As soon as you see for a Release under "Whats-New" nothing anymore listed it is a pure BugFix release. This means also Fortinet did not release new features in higher Patch Level if a lower one did not have new features (was in 5.0 and/or 5.2 in this way). From this point of view as soon as Fortinet releases a Patch with no new features meanig BugFix release you can think about to use this release. Before I would not use this release for production use!
absolutly right and absolutly not understandable why E serie can not be used with 5.2.x. From this point of view is your comment right and no go for E serie specially we are talking about security. I really would appriciate that Fortinet would launche 5.2.x for the E serie but it seems to me not the case....disappointing me!
Whilst i agree you shouldn't put a GA release in to production i would also say that stubbonrly waiting 3-4 patches no matter what is a little over the top, you can, potentially hit a show stopping bug with any patch and with the exaception of the 'all' services object having the protocol number changed from 0 to 6 in one of the patches, i forget which, 5.2 has been good to me and my customers for the most part.
It all depends on which features you use and a little luck. For example, i have one customer with 573 FG60D running 5.2.1 that have been in production for over 18 months without one single fortigate related problem. We actually did the POC and pilot on the GA release but with a view to using 5.2.1 in production as it happily came out just as we were about to start large scale roll out.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.