- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- When is 5.4.1 going to drop?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When is 5.4.1 going to drop?
Is there an ETA as to when 5.4.1 is going to drop? I have a brand new 300D that I am waiting to put into production as soon as 5.4.1 is ready.
Solved! Go to Solution.
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
by end of next week (April 15)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That amount of clashes is nothing to worry about I'd say. On the LB-vdom I mentioned earlier the log shows 6-digit amounts of clashes. The clash counter is reset at reboot btw, and is not related to the current amount of sessions. It is just an ongoing counter.
To my knowledge, all restarts of applications with restart option 11 (segmentation fault) in FortiOS is seen as a crash. It doesn't have to mean anything bad per se. The OS recycles processes all the time using option 15 (graceful restart). When that doesn't work, it moves on to try to restart with option 11 wich will generate a log entry in the syslog. The recycle process continues all the time, buffers needs to be cleared etc etc. However, a constant restarting of the same application can also mean various problems - Memory leaks, buffer overflows etc.
I checked your log, but I can't see anything else then the PID and some weird ASCII-signs as application name. It does look kinda odd.
Check your logs and keep track of if the application crash log entries correlates with odd behaviour in the firewall, we're talking sudden reboots, functions and features stopping/not working.
What does "diagnose debug crashlog read" say?
Also, do a "diagnose sys top", a few times during the day. Do you have processes in Z or D state?
Richie
NSE7
Richie
NSE7
- « Previous
- Next »
104 REPLIES 104
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That log looks perfectly ok - Just hope it stays that way!
But this is kind of alarming news, since this is a serious bug. However, there are several fixes in 5.4.1, for example BUG 372706, wich is about how FortiOS handles the abort/close calls for the proxyworker...
Did the TAC suggest an upgrade?
It's good to know, since your issue might not be fixed in 5.4.1...
EDIT: Scrolled back and saw your earlier post about TAC suggesting that...
Richie
NSE7
Richie
NSE7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looking better this AM.
1: 2016-07-06 11:36:54 the killed daemon is /bin/pyfcgid: status=0x0 2: 2016-07-06 11:53:10 the killed daemon is /bin/pyfcgid: status=0x0 3: 2016-07-06 12:01:13 scanunit=manager pid=9306 str="AV database changed (1); restarting workers" 4: 2016-07-06 12:01:13 <09306> scanunit=manager str="Success loading anti-virus database." 5: 2016-07-06 12:37:35 the killed daemon is /bin/pyfcgid: status=0x0 6: 2016-07-06 12:48:20 the killed daemon is /bin/pyfcgid: status=0x100 7: 2016-07-06 13:18:19 scanunit=manager pid=9306 str="AV database changed (1); restarting workers" 8: 2016-07-06 13:18:19 <09306> scanunit=manager str="Success loading anti-virus database." 9: 2016-07-06 13:30:21 <09358> firmware FortiGate-500D v5.4.0,build1011b1011,151221 (GA) (Release) 10: 2016-07-06 13:30:21 <09358> application wad 11: 2016-07-06 13:30:21 <09358> *** signal 11 (Segmentation fault) received *** 12: 2016-07-06 13:30:21 <09358> Register dump: 13: 2016-07-06 13:30:21 <09358> RAX: 0000000000000003 RBX: 00007f570039c7d0 14: 2016-07-06 13:30:21 <09358> RCX: 00000000000000f8 RDX: 00007fffb9a90c10 15: 2016-07-06 13:30:21 <09358> R8: 0000000001359ea0 R9: 00000000000000bd 16: 2016-07-06 13:30:21 <09358> R10: 0000000000000003 R11: 00007f5714865640 17: 2016-07-06 13:30:21 <09358> R12: 0000000000000000 R13: 00007fffb9a90c10 18: 2016-07-06 13:30:21 <09358> R14: 00007f570039c810 R15: 0000000000000003 19: 2016-07-06 13:30:21 <09358> RSI: 00007f5700e49fb0 RDI: 00007fffb9a90c10 20: 2016-07-06 13:30:21 <09358> RBP: 00007fffb9a90bb0 RSP: 00007fffb9a90930 21: 2016-07-06 13:30:21 <09358> RIP: 00000000013865d0 EFLAGS: 0000000000010246 22: 2016-07-06 13:30:21 <09358> CS: 0033 FS: 0000 GS: 0000 23: 2016-07-06 13:30:21 <09358> Trap: 000000000000000e Error: 0000000000000004 24: 2016-07-06 13:30:21 <09358> OldMask: 0000000000000000 25: 2016-07-06 13:30:21 <09358> CR2: 0000000000000098 26: 2016-07-06 13:30:21 <09358> Backtrace: 27: 2016-07-06 13:30:21 <09358> [0x013865d0] => /bin/wad 28: 2016-07-06 13:30:21 <09358> [0x019168af] => /bin/wad 29: 2016-07-06 13:30:21 <09358> [0x019071c1] => /bin/wad 30: 2016-07-06 13:30:21 <09358> [0x0138f48d] => /bin/wad 31: 2016-07-06 13:30:21 <09358> [0x0138fd06] => /bin/wad 32: 2016-07-06 13:30:21 <09358> [0x0139d9c8] => /bin/wad 33: 2016-07-06 13:30:21 <09358> [0x01373b92] => /bin/wad 34: 2016-07-06 13:30:21 <09358> [0x013aee1c] => /bin/wad 35: 2016-07-06 13:30:21 <09358> [0x0043d21c] => /bin/wad 36: 2016-07-06 13:30:21 <09358> [0x0043a42f] => /bin/wad 37: 2016-07-06 13:30:21 <09358> [0x7f571471c475] => /fortidev4-x86_64/lib/libc.so.6 38: 2016-07-06 13:30:21 (__libc_start_main+0x000000f5) liboffset 00021475 39: 2016-07-06 13:30:21 <09358> [0x0043a9f1] => /bin/wad 40: 2016-07-06 13:30:21 <09358> proess=wad type=3 pid=9358 total=7996 free=4955 mmu=173221657 41: 2016-07-06 13:30:21 mu=101865407 m=78131451 f=78032774 r=0 42: 2016-07-06 13:30:21 <09358> current tcp(0x7f5705c2d910) vf=0 session-id=901622 app_type=1 43: 2016-07-06 13:30:21 dyn_type=0 state=2 cur_bank=0x33d30e0 cur_tl=0x37c8480 cur_tm=0x7f5711becd00 44: 2016-07-06 13:32:50 the killed daemon is /bin/pyfcgid: status=0x100 45: 2016-07-06 14:05:24 the killed daemon is /bin/pyfcgid: status=0x100 46: 2016-07-06 14:15:24 scanunit=manager pid=9306 str="AV database changed (1); restarting workers" 47: 2016-07-06 14:15:25 <09306> scanunit=manager str="Success loading anti-virus database." 48: 2016-07-06 14:16:56 the killed daemon is /bin/pyfcgid: status=0x100 49: 2016-07-06 15:01:17 scanunit=manager pid=9306 str="AV database changed (1); restarting workers" 50: 2016-07-06 15:01:17 <09306> scanunit=manager str="Success loading anti-virus database." 51: 2016-07-06 18:01:16 scanunit=manager pid=9306 str="AV database changed (1); restarting workers" 52: 2016-07-06 18:01:17 <09306> scanunit=manager str="Success loading anti-virus database." 53: 2016-07-06 21:01:18 scanunit=manager pid=9306 str="AV database changed (1); restarting workers" 54: 2016-07-06 21:01:19 <09306> scanunit=manager str="Success loading anti-virus database." 55: 2016-07-06 22:57:56 scanunit=manager pid=9306 str="AV database changed (1); restarting workers" 56: 2016-07-06 22:57:56 <09306> scanunit=manager str="Success loading anti-virus database." 57: 2016-07-07 03:46:11 <09308> scanunit=manager str="Success loading anti-virus database." 58: 2016-07-07 05:18:33 scanunit=manager pid=9308 str="AV database changed (1); restarting workers" 59: 2016-07-07 05:18:34 <09308> scanunit=manager str="Success loading anti-virus database." 60: 2016-07-07 06:38:12 scanunit=manager pid=9308 str="AV database changed (1); restarting workers" 61: 2016-07-07 06:38:13 <09308> scanunit=manager str="Success loading anti-virus database."
Previously, I'd have seen thousands of app crashes after 12 hours. Still wondering why there was a segmentation fault, but thinking that seeing these occasionally is not out of the norm.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I like a lot of the newer features in 5.4.1, but the aforementioned SSL Scanning bug in this and other posts is giving me pause. In fact the TAC engineer said he would "never suggest" upgrading to a firmware release only two weeks old.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah, looks a lot cleaner then before.
Segmentation fault is just the name of the (restart)signal 11, so the cause can be everything from FortiOS restarting the service to an actual segmentation fault. All restarts are handled and logged as crashes. As long as the crash log doesn't look like it did before you're probably alright.
Well, tons of bug fixes in 5.4.1, and I suspect some of the new features are there since they obviously had to rewrite a lot of code anyway. But... You know what you have, but not what you'll get...
I will try 5.4.1 out on a A-A HA-pair, 2*600D in a few weeks, will post the result. If it's not stable or too much stuff isn't working as expected I will of course roll back. Those summer weeks in late July is a good time to create a mess since nobody is there to complain (24/7 activity otherwise...).
:)
Richie
NSE7
Richie
NSE7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Who's doing what? I am working here now. The benefits of being a good hairdresser include being able to make a living and help people feel good about themselves. Being a good hairdresser is not easy. It takes a lot of hard work, dedication and patience to be the best at what you do. As with everything in life, the more effort you put into your work, the better it will be for everyone involved.
- « Previous
- Next »
Related Posts
- check if sender MX points to... 172 Views
- what "This can be a challenge... 412 Views
- SSLVPN login fails before 7AM EDT 175 Views
- Which Firewall of Fortigate help me... 224 Views
- Missing Client certificate in Forticlient drop... 322 Views
Labels
-
FortiGate
6,607 -
FortiClient
1,318 -
5.2
801 -
5.4
639 -
FortiManager
572 -
FortiAnalyzer
417 -
6.0
416 -
5.6
362 -
FortiSwitch
339 -
FortiAP
337 -
FortiClient EMS
269 -
6.2
251 -
FortiMail
248 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
152 -
6.4
128 -
FortiNAC
108 -
FortiGuard
103 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
73 -
FortiToken
72 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
63 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
Firewall policy
26 -
SD-WAN
26 -
FortiConnect
24 -
High Availability
22 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiPortal
18 -
FortiAuthenticator
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
Interface
13 -
FortiDDoS
13 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.