Is there an ETA as to when 5.4.1 is going to drop? I have a brand new 300D that I am waiting to put into production as soon as 5.4.1 is ready.
Solved! Go to Solution.
by end of next week (April 15)
That amount of clashes is nothing to worry about I'd say. On the LB-vdom I mentioned earlier the log shows 6-digit amounts of clashes. The clash counter is reset at reboot btw, and is not related to the current amount of sessions. It is just an ongoing counter.
To my knowledge, all restarts of applications with restart option 11 (segmentation fault) in FortiOS is seen as a crash. It doesn't have to mean anything bad per se. The OS recycles processes all the time using option 15 (graceful restart). When that doesn't work, it moves on to try to restart with option 11 wich will generate a log entry in the syslog. The recycle process continues all the time, buffers needs to be cleared etc etc. However, a constant restarting of the same application can also mean various problems - Memory leaks, buffer overflows etc.
I checked your log, but I can't see anything else then the PID and some weird ASCII-signs as application name. It does look kinda odd.
Check your logs and keep track of if the application crash log entries correlates with odd behaviour in the firewall, we're talking sudden reboots, functions and features stopping/not working.
What does "diagnose debug crashlog read" say?
Also, do a "diagnose sys top", a few times during the day. Do you have processes in Z or D state?
Richie
NSE7
by end of next week (April 15)
Fortinet support just said "...FortiOS 5.4.1, which is scheduled to be released the first half of next month..."
FGT: 50E,100D, 200D, 600D
FMG: VM64
FAZ: VM64
Are there must-have features in 5.4.x, that you are willing to go into production this soon into 5.4.x? Most veterans on this site would tell you to wait until patch 3 or 4. 5.2.6/7 is far more stable than 5.4. at this point.
Hi
my view is following! If you compare to other releases like 5.0 and/or 5.2 it was always in this way that until Patch 3 - 5 there was coming new features this means listed as new feature in the "Whats-New" document. This means not that no bugfixes are done in Patch 3 - 5 this means mostly for me only following: As long as a Release hast some new features listed it is for me not acceptable for production use because new features will bring "probably" also new bugs" (we are talking about Security). As soon as you see for a Release under "Whats-New" nothing anymore listed it is a pure BugFix release. This means also Fortinet did not release new features in higher Patch Level if a lower one did not have new features (was in 5.0 and/or 5.2 in this way). From this point of view as soon as Fortinet releases a Patch with no new features meanig BugFix release you can think about to use this release. Before I would not use this release for production use!
My view my opinion.
Hope this helps
have fun
Andrea
If we only had a free choice!
Not touching v5.4 for the next 4-5 patches means to wait for 12-15 months. And during this "ripening" period we cannot sell the E series into production environments.
After more than 10 years, I'm still hoping to find a customer who buys a Fortigate just to play around with it for a year or so, until FortiOS has stabilized and one can put it into production.
Hi
absolutly right and absolutly not understandable why E serie can not be used with 5.2.x. From this point of view is your comment right and no go for E serie specially we are talking about security. I really would appriciate that Fortinet would launche 5.2.x for the E serie but it seems to me not the case....disappointing me!
have fun
Andrea
@ Andrea
I think it's a chipset compatibility problem with the E series - but i agree with you: It's a shame that these models only work with a buggy 5.4.0 ... still waiting for 5.4.1 to come ...
BTW: the GUI is really ugly - it's confusing and unstructured ... and without any colour e.g. the policy-section is really a pain ...
@ Ede
Yes, after 9 years with Fortinet i'm still waiting for customers like that ;)
My personal advice: for all models except of the E-Series: don't touch the 5.4 until patch level 3 or 4 ...
Claus
-
300C x1, 200E x4, 240D x2, 200D x4, 101E x2, 100E x4, 100D x12, 80C x2, 70D x2, 61E x2, 60E x2, 60D x30, 60C x24, 60B x9, 50E x20, 50B x17, 40C x17, 30E x3
FortiMail VMs
FortiAnalyzer VMs
FortiSandbox (testrun)
Whilst i agree you shouldn't put a GA release in to production i would also say that stubbonrly waiting 3-4 patches no matter what is a little over the top, you can, potentially hit a show stopping bug with any patch and with the exaception of the 'all' services object having the protocol number changed from 0 to 6 in one of the patches, i forget which, 5.2 has been good to me and my customers for the most part.
It all depends on which features you use and a little luck. For example, i have one customer with 573 FG60D running 5.2.1 that have been in production for over 18 months without one single fortigate related problem. We actually did the POC and pilot on the GA release but with a view to using 5.2.1 in production as it happily came out just as we were about to start large scale roll out.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.