- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: When is 5.4.1 going to drop?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When is 5.4.1 going to drop?
Is there an ETA as to when 5.4.1 is going to drop? I have a brand new 300D that I am waiting to put into production as soon as 5.4.1 is ready.
Solved! Go to Solution.
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
by end of next week (April 15)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That amount of clashes is nothing to worry about I'd say. On the LB-vdom I mentioned earlier the log shows 6-digit amounts of clashes. The clash counter is reset at reboot btw, and is not related to the current amount of sessions. It is just an ongoing counter.
To my knowledge, all restarts of applications with restart option 11 (segmentation fault) in FortiOS is seen as a crash. It doesn't have to mean anything bad per se. The OS recycles processes all the time using option 15 (graceful restart). When that doesn't work, it moves on to try to restart with option 11 wich will generate a log entry in the syslog. The recycle process continues all the time, buffers needs to be cleared etc etc. However, a constant restarting of the same application can also mean various problems - Memory leaks, buffer overflows etc.
I checked your log, but I can't see anything else then the PID and some weird ASCII-signs as application name. It does look kinda odd.
Check your logs and keep track of if the application crash log entries correlates with odd behaviour in the firewall, we're talking sudden reboots, functions and features stopping/not working.
What does "diagnose debug crashlog read" say?
Also, do a "diagnose sys top", a few times during the day. Do you have processes in Z or D state?
Richie
NSE7
Richie
NSE7
104 REPLIES 104
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
80D confirmed bug with 5.4.1 vlan tags do not work correctly. Instructed to fix requires format and tftp image back on. have not tried yet.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@borderland: Can you describe the issue you are seeing with 5.4.1 and vlan tags?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tanr wrote:Well in short vLANs do not work at all after the update. They have confirmed it a bug and added it to the updated release notes today.@borderland: Can you describe the issue you are seeing with 5.4.1 and vlan tags?
"FG-80D and VLAN Interfaces
Customers with 80D units and VLAN interfaces should not upgrade to 5.4.1. Moreover, in order to restore functionality of the VLAN interfaces, it is not enough to just boot from the original partition as found in QA testing and experienced in the field. It is necessary to format flash and reload the image."
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ouch. Hope they can get a patch out for that.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all
today was released a new release notes addressing the 60D issue. It confirms for me again following:
--> Do not use a brand new release for FGT until approx patch 4 - 5 specially as long as in the Whats-New document new features are added.
Following was noted in the new release notes:
Model-60 D Boot Issue
The following 60D models have an issue upon upgrading to FortiOS 5.4.1. The second disk (flash) is unformatted
and results in the /var/log/ directory being mounted to an incorrect partition used exclusively for storing the
firmware image and booting.
[LEFT][size="2"]FG-60D-POE[/size][/LEFT][LEFT][size="2"]FG-60D[/size][/LEFT][LEFT][size="2"]FWF-60D-POE[/size][/LEFT]
[size="2"]FWF-60D[/size]
To fix the problem, follow these steps. If you have not upgraded yet, you only need to perform step 6, otherwise
start with step 1.
[LEFT]1. [size="2"]Backup your configuration.[/size][/LEFT][LEFT]2. [size="2"]Connect to the console port of the FortiGate device.[/size][/LEFT][LEFT]3. [size="2"]Reboot the system and enter the BIOS menu.[/size][/LEFT][LEFT]4. [size="2"]Format the boot device.[/size][/LEFT][LEFT]5. [size="2"]Burn the firmware image to the primary boot device.[/size][/LEFT][LEFT]6. [size="2"]Once the system finishes rebooting, from the CLI run "execute disk format 16". This will format the second flash [/size]disk.[/LEFT]
7. [size="2"]Restore your configuration[/size]
[size="2"]have fun...[/size]
[size="2"]Andrea[/size]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there,
I tried to Upgrade from 5.2.7 to 5.4.1 -> Didn't work. My mgmt interface wasn't reachable
Tried first to upgrade to 5.4.0, same problem. Any ideas ?
Using a 140D. Here's the part of the interface config. I'm using the mgmt Interface as internal.
edit "mgmt" set vdom "root" set ip 10.0.1.1 255.255.0.0 set allowaccess ping https ssh fgfm capwap set broadcast-forward enable set vlanforward enable set type physical set explicit-web-proxy enable set explicit-ftp-proxy enable set device-identification enable set snmp-index 6 set secondary-IP enable config secondaryip edit 2 set ip 10.0.0.1 255.255.0.0 set allowaccess ping next end next
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Matze,
We tried to reproduce the issue with 140D and your config, failed to reproduce. If you still can see the issue, could you please send the config file and "get sys status" to beta@fortinet.com ? Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So unfortunate that 5.4.1 doesn't appear to be more stable. I have a two 500Ds. One testing, one production. We upgraded to 5.4.0 after much testing in March. We are not using Spam filter, HA or VLANs. Traditional firewalling, but we do use almost all scanning services, DPI, DLP, IPS, IDS, AV, VIPs. Was rock solid until about two weeks ago, the firewall randomly dropped to kernel conserve mode (of course right in the middle of a big meeting!!!). Fortinet didn't have an answer and I sent them lots of logs and configs. I'm not sure but it really appears that this happened after AV engine or definition update. I've been using scheduled reboots nightly to mitigate and tested 5.4.1 on our backup device but have not put it under load yet.
Today the problem occurred again:
16:16:14 Performance statistics: average CPU: 0, memory: 33, concurrent sessions: 2568, setup-rate: 29 16:21:14 Performance statistics: average CPU: 69, memory: 81, concurrent sessions: 2227, setup-rate: 29 16:21:21 The system has activated session fail mode, Scan services session failed 16:21:32 Kernel enters conserve mode
Ticket Number: 1787724
Only a hard power reset is able to get things flowing again. Of course it then complains that it wasn't shutdown properly and wants to do a disc check. SNMP monitor shows CPU and mem spike to >70% which halts system. Sessions are staying constant at <4K at peak, 1.8K minimum.
I'd like to turn on SYSLOG or see if I can increase what is being logged to the FAZ we use but not finding easily the right info on how to do that. I can find the CLI with all of the commands but info on how to configure filters is limited.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My 1000c has extreme problems with FortiOS 5.4.1, the SSL scan engine is very unstable. All ssl connections on policies with ssl inspection does not working after one hour, i need an full reboot for work again for one hour.
The support says the IPS engine is the problem, ok the IPS engine crash permanently, but that is not the worst problem ;)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you try to restart some services like :
diag test application sslacceptor 99 diag test application sslworker 99
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Related Posts
- check if sender MX points to... 173 Views
- what "This can be a challenge... 416 Views
- SSLVPN login fails before 7AM EDT 178 Views
- Which Firewall of Fortigate help me... 231 Views
- Missing Client certificate in Forticlient drop... 324 Views
Labels
-
FortiGate
6,610 -
FortiClient
1,318 -
5.2
801 -
5.4
639 -
FortiManager
572 -
FortiAnalyzer
417 -
6.0
416 -
5.6
362 -
FortiSwitch
339 -
FortiAP
337 -
FortiClient EMS
269 -
6.2
251 -
FortiMail
248 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
152 -
6.4
128 -
FortiNAC
108 -
FortiGuard
103 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
74 -
FortiToken
72 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
63 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
Firewall policy
26 -
SD-WAN
26 -
FortiConnect
24 -
High Availability
22 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiPortal
18 -
FortiAuthenticator
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.