Is there an ETA as to when 5.4.1 is going to drop? I have a brand new 300D that I am waiting to put into production as soon as 5.4.1 is ready.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
by end of next week (April 15)
That amount of clashes is nothing to worry about I'd say. On the LB-vdom I mentioned earlier the log shows 6-digit amounts of clashes. The clash counter is reset at reboot btw, and is not related to the current amount of sessions. It is just an ongoing counter.
To my knowledge, all restarts of applications with restart option 11 (segmentation fault) in FortiOS is seen as a crash. It doesn't have to mean anything bad per se. The OS recycles processes all the time using option 15 (graceful restart). When that doesn't work, it moves on to try to restart with option 11 wich will generate a log entry in the syslog. The recycle process continues all the time, buffers needs to be cleared etc etc. However, a constant restarting of the same application can also mean various problems - Memory leaks, buffer overflows etc.
I checked your log, but I can't see anything else then the PID and some weird ASCII-signs as application name. It does look kinda odd.
Check your logs and keep track of if the application crash log entries correlates with odd behaviour in the firewall, we're talking sudden reboots, functions and features stopping/not working.
What does "diagnose debug crashlog read" say?
Also, do a "diagnose sys top", a few times during the day. Do you have processes in Z or D state?
Richie
NSE7
Upgraded our 100D a/p test cluster from 5.2.7->5.4.1. Due to the changes in switch behaviour, hard-switch interfaces (interface-mode) did immediately filter stp bpdu packets and caused the RSTP enabled switches to run in an l2-loop. Excellent
There's now a GUI option to enable stp on hard-switch interfaces and an undocumented "set stp enable" for nat/route mode hard-switch interfaces.
Does anyone know how to reduce the GUI font size? A 22" monitor isn't large enough anymore.
Don't know a way to reduce the font size just for the GUI, but just changing the browser zoom level (Ctrl+'-') will shrink the fonts and window sizes.
From which version did you do the upgrade?
omega wrote:Fortios 5.4.1 Upgrade killed two of our 60d so far.
We had to format the boot device to get them working again.
Please wait for system to restart.
Any hints? Firmware upgrade in progress ... Fail in creating /etc/cert/local Fail in creating /etc/cert/ca Fail in creating /data/etc/ssh Fail in creating /data/./config/ Done. The system is going down NOW !! EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180507 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180484 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180485 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180486 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180487 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180488 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180489 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180490 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180491 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180492 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180493 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180494 EXT2-fs error (device sd(8,1)): ext2_free_blocks: bit already cleared for block 180495 Please stand by while rebooting the system. Restarting system. FortiGate-60D (10:05-12.14.2015) Ver:05000001 Serial number: FGT60D.... CPU(00): 800MHz Total RAM: 2GB Initializing boot device... Initializing MAC... nplite#0 Please wait for OS to boot, or press any key to display configuration mPlease wait for OS to boot, or press any key to display configuration menu. Booting OS... Boot image open failed. Boot failed. Please check boot device or OS image ... System halted. Please power off or press any key to reboot.
NSE 8
NSE 1 - 7
Hi Omega,
About 60D error messages
--------------------------
Firmware upgrade in progress ... Fail in creating /etc/cert/local Fail in creating /etc/cert/ca Fail in creating /data/etc/ssh Fail in creating /data/./config/ Done.
--------------------------
Thanks for your feedback. We also experienced same issues a few times on 60D and will dig into it.
We upgraded from 5.4.0.
From what i see i guess that the update confuses disk partitions. After repairing we have very different mounts between devices. one cluster member wouldnt come up with some hdisk status mismatch.
The 60d seem to have a sdb-device which could be used for logging but should not be in use in our case.
It seems that /var/log and something on sda (e.g. /data?) get mixed up.
@netmin:
BPDU filter behavior has changed between v5.2.3 and v5.2.6 which makes our life hard with 92Ds. FTNT incorporated the 'set stp enable' option in v5.4.1 only as this was the next patch scheduled. We hope that this option (a.k.a. workaround) will be backported to v5.2 as well but this is not yet decided upon.
There will be an updated Release Notes for v5.4.1 soon with more hints towards this issue.
Even after formatting the boot device and installing new firmware from tftp, the devices differ in their partition layout. Some have /dev/sda1 as /data and some sda2. On that devices sda1 is /var/log.
Remaining devices on 5.4.0 all have sda1 as /var/log, so i guess all will fail when updating.
Reproducible error. I just installed 5.2.6 for comparison /dev/sda1 247.9M 31.7M 203.3M 14% /data /dev/sda3 3.2G 71.3M 2.9G 2% /data2 /dev/sda3 3.2G 71.3M 2.9G 2% /var/log now sda3 ist mounted under two different locations. Update to 5.4.0: /dev/sda2 247.9M 35.8M 199.2M 15% /data /dev/sda3 3.2G 71.3M 2.9G 2% /data2 /dev/sda1 247.9M 31.7M 203.3M 14% /var/log Update to 5.4.1: Firmware upgrade in progress ... Fail in creating /etc/cert/local Fail in creating /etc/cert/ca Fail in creating /data/etc/ssh Fail in creating /data/cmdb/ Fail in creating /data/./config/ Done. The system is going down NOW !! Please stand by while rebooting the system. Restarting system. FortiGate-60D (10:49-11.12.2014) Ver:04000024 Serial number: FGT60D... CPU(00): 800MHz Total RAM: 2GB Initializing boot device... Initializing MAC... nplite#0 Please wait for OS to boot, or press any key to display configuration menu....... Booting OS... Boot image open failed. Boot failed. Please check boot device or OS image ... System halted. Please power off or press any key to reboot.
that better make reformat and reimage device from bios rommonitor. better way. Other ways very sad that these heavi issue was not cats before new image relese.
FG-50E/60D/60E, FAP-221B/21D, FortiClient.
Looks like the partition /dev/sda2 is missing, and the update doesn't check or create it. So /data cannot be mounted, producing the error messages.
Bad glitch. I wonder how FTNT will issue a v5.4.1.1 "micropatch"...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.