Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Baptiste
Contributor II

5.4.0 is Out

Hey, who is going first ?

 

Some small models like 40C are not support.

Just have a quick look at release notes, there is a loooooot of know issues...

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
2 Solutions
Bipbaep
New Contributor

Any possibility to get old GUI back? New one is seriously ugly and hurt my eyes...

View solution in original post

emnoc
Esteemed Contributor III

IMHO In a production business env you should not upgrade to any new release unless it's a do or die must have feature that you need.

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
69 REPLIES 69
NotMine

jbeunel wrote:

Hi

We have a lot of problem with this firmware 5.4.

We updated our 300D cluter in 5.4 and we have a big problem with HA it crash the cluster and be have to go in our datacenter to restart fortigate manually.

This is interesting, it happened to me yesterday on a 500D cluster. The master device just went "dead". We had to manually power cycle the device in order to get it online. This is a production environment but, fortunately, a new one, still in the testing phase.

 

All in all, I think that 5.4.0 is a step in good direction, but is far from acceptable in the production.

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
SecurityPlus

Upgraded a FortiWiFi 60D from 5.2.5 to 5.4.0. So far it seems to be working OK. Will know more after running the new firmware for a few days. The new FortiView / Device Topology looks interesting. Some glitches that may be operator error, configuration issues, or may be addressed in future 5.2 releases.

SecurityPlus

Well I spoke too soon. Shortly after I posted the message above I lost access to the network. Come to find out that after a while the policies all disappeared (except for the implicit deny policy). With suggestion from Fortinet tech support I restored to a backup of the configuration that I made shortly after upgrading to the 5.4.0 firmware. This temporary restored the policies. The policies then disappeared again a little while later.

 

I'm wondering if running the Wizard through to the Configuration / Summary could somehow be a factor in the policies disappearing. I did not make firewall configuration changes after upgrading to 5.4.0 but I did run through a lot of the pages of the new UI and ran the Wizard both times that I lost the policies. Could just be coincidence.

 

Tech support found a lot of errors in the crash logs and thought it might be a drive problem that is causing the issue. They are RMA'ng the unit.

SecurityPlus

I ran through the Wizard at the top right corner of the GUI, next to the Videos button. At the end of the Wizard it displays three errors:

System Switch Interface: Entry not found.

System Interface: Entry not found.

Policy: Input value is invalid.

 

After running this Wizard the policies once again disappeared. I would be curious if someone else wants to test this to see if the same thing happens on another firewall or not. I have been able to restore the policies with a backup that I made shortly after the upgrade to 5.4.0.

seadave

This is so disappointing. You think after the 5.2.4/5 issues they would have striven to put out something more stable.  I have yet to test (I have two 500Ds, one test, one production), but after reading these posts it almost seems like a waste of time.  Why are firmware releases put out that disable critical functions???  These aren't obscure features.

 

I know this is a "new" release, but that indicates to me that the QC process at Fortinet is severely lacking.  I have been with Fortinet for a very long time and we have invested substantial resources with them over the years, but I'm beginning to look at other options.  Bugs should be the exception, not the rule.  I feel like I'm watching a good friend slowly die.  Is it time to start a petition to get the person in charge of software quality replaced?  Customers don't deserve this kind of grief.  I install patches on different systems/appliances monthly and they are almost NEVER as problem prone and unstable as Fortinet's firmware seems to consistently be.  What is the root of the problem:

[ul]
  • A system that is TOO flexible and allows customers to create wild configs that never upgrade consistently?
  • Too many different hardware configurations for them to reliably test and support?
  • Indifference when obvious bugs are noted by the user community and not patched for multiple weeks if not months?
  • Internal cutbacks and outsourcing for QC and software development (wild speculation)?[/ul]

    I do agree with all of the comments about the following:

    [ul]
  • You should NOT expect a firewall to last more than 3 years.  Threats evolve too rapidly and Fortinet is VERY affordable compared to nearly every other vendor.  You should be budgeting for replacement funds from the minute you purchase a new firewall for this reason.[/ul][ul]
  • You should NEVER upgrade a production system to new firmware without having either a test unit to work on first or without having spent time reading these forums and knowing what is likely to break (although I guess we do owe some thanks to those that "take the plunge" and find these bugs the hard way).  It would be nice if Fortinet allowed a VM for testing only to see if that might expose some of these issues before they hit a production system, but not sure how Apples to Apples this might be.[/ul]

     

    I really hope things get better sooner than later or I will need to move on.

  • storaid

    beta=> RC2~3=> GA

    too fast...

     

    FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

    FSW224B x1

    FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
    simonorch

    I'm sure the push to get 5.4 GA out the door in 2015 was not from the technical people.

     

    I can't even use it on my test network at home as we picked up a bug in RC2 that dropped all L3 traffic going over an ethernet over power link to one of the switch ports, dhcp and capwap seemed to be ok but no layer3. (FWF60D POE)

     

    There are a lot of nice new features in 5.4 but with a 'what's new' doc running at 151 pages you just know it's going to take some time to iron out the bugs, perhaps by the end of the year it might be worth taking a serious look at.

     

    Until then it's a 'concept car', nice to look at and shows the direction fortios is heading but not something you could take out on the road.

    NSE8 Fortinet Expert partner - Norway

    NSE8 Fortinet Expert partner - Norway
    Jordan_Thompson_FTNT

    SecurityPlus wrote:

    I ran through the Wizard at the top right corner of the GUI, next to the Videos button. At the end of the Wizard it displays three errors:

    System Switch Interface: Entry not found.

    System Interface: Entry not found.

    Policy: Input value is invalid.

     

    Can you provide your config via private message so we can reproduce the issue?

     

    SecurityPlus wrote:

    After running this Wizard the policies once again disappeared. I would be curious if someone else wants to test this to see if the same thing happens on another firewall or not. I have been able to restore the policies with a backup that I made shortly after the upgrade to 5.4.0.

     

    The wizard is intended to be used for initial setup, and so it replaces most of the configuration so that the unit is in working state. This includes policies, as the wizard will create additional policies based on the options you choose.

    SecurityPlus

    Thanks for letting me know of the intended operation of the Wizard. In some computer programs you can run through the Wizard again to check or modify settings. I assumed that this was the case. It seems that there should be a warning that an admin could loose some or all of the policies. Had we not had a backup I would have been very disappointed.

     

    I uploaded the config backup to the ticket that Fortinet tech support created.

     

    Thanks again!

    bdickie_FTNT

    SecurityPlus wrote:

    Thanks for letting me know of the intended operation of the Wizard. In some computer programs you can run through the Wizard again to check or modify settings. I assumed that this was the case. It seems that there should be a warning that an admin could loose some or all of the policies. Had we not had a backup I would have been very disappointed.

     

    I uploaded the config backup to the ticket that Fortinet tech support created.

     

    Thanks again!

    We will add a note about this to the Getting Started chapter of the FortiOS handbook (that should be out in a week or two).

    Labels
    Top Kudoed Authors