Hi All, In our primary production site we're running a HA cluster of
100D's that are over 6 years old. Everything is running well (6.0.10)
but my Foritguard subscription is up for renewal so Im debating if it's
worth it to replace with a pair of 100F...
Hi, I have a FGT100D HA Cluster. After upgrading to 5.6.12 from 5.6.11
we're finding the a WAN port will just suddenly stop processing any
traffic until the cluster is rebooted. This has happened on both WAN1
and WAN2. The routing table shows the por...
Hi, I just upgraded a HA pair of 100D's from 5.2.13 to 5.6.5 and for
some reason Im now sporadically getting "ERR_CONNECTION_RESET" browsers
errors (chrome) on the initial inbound connections to various web
servers (VIP) when I have IPS enabled (trie...
Hi, We tried to upgrade a cluster of FGT100D's from 5.2.3 to 5.2.10 (by
going .5,.7,.9 then .10)Everything went well, minus the fact I lost all
inbound traffic over BGP. Both of my neighbours were up and established
and everything looked fine when I ...
bobm wrote:I have a 100E running 5.6.11, IPv4, and am having the same
issue. This is a known issue in 5.6.11 and .12 with the link monitor.
Upgrade to 6.0.10, its very
stablehttps://forum.fortinet.com/tm.aspx?m=182995https://forum.fortinet.com/tm.asp...
I upgraded my 100D HA cluster (Firewall, BGP Routing, VPN, IDS) to 6.0.9
from 5.6.12 and it was probably one of the smoothest upgrades i've seen
in 15 years of using FGTs. 5.6.12 has a critical bug with link
montoring, so if you're using multi links ...
So I think I may have figured out the issue. It appears that my original
customized v5.2 IPS policy which was upgraded may have been causing
issues. I created a new policy from scratch and applied it and now it
seems to be much more robust and stable...
looks like:IPS Attack Engine Version: 3.00532AV Engine Version:
5.00361I've confirmed it's the same on both units. The issues occurs on
INBOUND http/https connections from the WAN zone (via VIP), not
outbound.