Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ispcolohost
Contributor

Bug tracker? Or, how to know if a bug fix is relevant in release notes?

Hello, I found this thread:

 

https://forum.fortinet.com/tm.aspx?m=68922

 

from four years ago discussing whether or not there is a bug tracker that is accessible.  I couldn't find one so I have to guess no is still the answer.  That leads to the question, if release notes only tell you the following bugs were fixed, how are you supposed to know if the fixed bugs are actually relevant to your environment, and/or a security concern?  

 

I'm running 2.5.3 and 2.5.4 just came out.  It fixes seven bugs, identified only by ID number.  Are they critical security issues?  Display issues that I could care less about?  Should I schedule an emergency outage now?  Or never since the bugs don't matter to me?

 

How does one make the decision with no information?

 

 

18 REPLIES 18
kernal

Why only for partners? Is Fortinet still believing in security through obscurity? I have currently an issue with Forticlient v6.4.1, which is documented in the release news for v6.0.8 as "Known Issue". The issue is not mentioned anymore in the release notes of the later clients, neither as "Known" nor as "Fixed". But I still *have* the issue.

 

What I have learnt from this is, if an issue is not explicity mentioned in the "Fixed Issues" section of the release notes, the issue is not and maybe will not be fixed.

[ul]
  • FortiGate Active/Passive Cluster w/ FortiOS v6.2.1 build0932 (GA)
  • FortiAnalyzer (FAZVM64) v6.4.1-build2072 200615 (GA)
  • FortiClient EMS 6.4.1 build 1498
  • FortiClient 6.4.1[/ul]
ispcolohost

I can give you an example of why such a public bug tracker would be useful.  I recently purchased and installed FortiAnalyzer VM.  6.4.2 had not come out yet, but was imminent.  I installed 6.4.1.  Unbeknownst to me, there is a bug in 6.4.1 where the stupid thing allocates a ridiculously low number of inodes per gigabyte of storage assigned, and the result was my FortiAnalyzer failing after a month because it had run out of inodes from report generation, while disk space was only at 5%.  Figuring this whole mess out wasted countless hours with support, manual regeneration of the relevant reports that had failed for two weeks, and ultimately a fresh install of 6.4.2 to then backup and restore into.  All because you can't be bothered to release a public bug tracker.  Had there been one, and I saw this relevant bug, I'd have thin-allocated a massive amount of space for the 6.4.1 deployment to not later have an outage as a result, then I could have downsized into a backup/restore 6.4.2 instance at my leisure.

cswitzer_FTNT

Public bug reporting can be done here:

https://www.fortiguard.com/faq/psirt-contact 

See more reporting options here:

https://www.fortiguard.com/contactus

 

 

 

ispcolohost

We aren't trying to report bugs, we're trying to see what bugs exist, the level of severity, and when they're fixed.  Hiding this information means your customers waste endless hours troubleshooting things that could be an easily found known bug, or making decisions that have undesirable future ramifications because of open bugs, such as my installing FortiAnalyzer 6.4.1 when it had a known inode-related bug.  Other vendors make this easy; Cisco, RedHat, Vmware, etc. 

emnoc
Esteemed Contributor III

agreed we need a bug track or PR search tool to check various platforms versions for problems. CSCO and JNPR have mastered this for decades now.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

pgo_imtf
New Contributor

+1 for this requirement - but with due care with regards to not exposing zero days or other vulnerabilities.

We're a software development company with in-house network experts, having to rely on fortinet partners adds just extra time, cost and dissatisfaction. 

--

Peter

Head of IT and Infrastructure @ imtf.com
CZ_FTNT
Staff
Staff

Hello Team,

 

Here's the bug tracker but as mentioned, it is only available to Partners today.

https://support.fortinet.com/ticket/BugList.aspx   When you login, you can go to the Support menu, look under the FortiCare heading and you should see Bug Tracker. Hope this helps!

hklb
Contributor II

CZ wrote:

Hello Team,

 

Here's the bug tracker but as mentioned, it is only available to Partners today.

https://support.fortinet.com/ticket/BugList.aspx When you login, you can go to the Support menu, look under the FortiCare heading and you should see Bug Tracker. [attachImg]https://forum.fortinet.com/download.axd?file=0;195075&where=message&f=Bug-Tracker.jpg[/attachImg] Hope this helps!

Hello,

 

Yes, there is a list of bugs... but : no description, just the title of the issue (the one you have in Mantis). But it doesn't explain what is exactly the problem is or it referring only on the customer's problem who opened the case and not the issue in globality, so it's often useless.. In addition, the list is not complete ! Even the release notes are not complete. The documentation for partner/customer are really poor..

 

The only way we have to have a full list of current issue is to subscribe a TAM (Technical Account Manager) and ask for a bug scrub (https://kb.fortinet.com/kb/documentLink.do?externalID=FD43649  - Software upgrade recommendation). But this is a little expensive just to have a list of current issue.

 

Regards

 

Lucas

lokutus25
New Contributor

hklb wrote:

CZ wrote:

Hello Team,

 

Here's the bug tracker but as mentioned, it is only available to Partners today.

https://support.fortinet.com/ticket/BugList.aspx When you login, you can go to the Support menu, look under the FortiCare heading and you should see Bug Tracker. [attachImg]https://forum.fortinet.com/download.axd?file=0;195075&where=message&f=Bug-Tracker.jpg[/attachImg] Hope this helps!

Hello,

 

Yes, there is a list of bugs... but : no description, just the title of the issue (the one you have in Mantis). But it doesn't explain what is exactly the problem is or it referring only on the customer's problem who opened the case and not the issue in globality, so it's often useless.. In addition, the list is not complete ! Even the release notes are not complete. The documentation for partner/customer are really poor..

 

The only way we have to have a full list of current issue is to subscribe a TAM (Technical Account Manager) and ask for a bug scrub (https://kb.fortinet.com/kb/documentLink.do?externalID=FD43649  - Software upgrade recommendation). But this is a little expensive just to have a list of current issue.

 

Regards

 

Lucas

Hi, could it be that partnership level is an issue? We are partner too but I don't have the bug tracker button.

Thx

Davo