- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNDR
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RE: FortiOS 5.0.6
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS 5.0.6
5.0.6 is out
share your experience please
64 REPLIES 64
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is not yet confirmed as a bug, but after upgrade to 5.0.6 we started to have issues with antispam. I opened the ticket.
Regular emails are blocked - " This message has been blocked because ASE reports it as spam" .
There were no issues with that senders on 5.0.5, their IP is not on any blacklist.
Sometimes helps to delete the signature (includes hyperlink) and resend the email.
Emails with HTML attachments (invoice) are sometimes blocked as well.
Nothing in logs! So it' s difficult to track, what was blocked. We know it just because of senders complaints of returning undelivered emails.
Workaround was to disable E-mail Checksum Check, URL Check and Detect Phishing URLs .
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have one stupid problem with the 5.0.6. We have 2 110C and on both we have an ssl vpn.
When connection to the first FG with disabled split tunneling, everything works fine.
But when connecting to the second FG with split tunneling enabled, I cannot access the management of the unit on its internal ips, neither ping nor ssh or https. Flow trace shows " iprope_in_check() check failed, drop" . That works fine 5.0.5. Can anyone confirm it?
FG1: 10.10.1.254
FG2: 10.10.2.254
Case 1 (no split tunneling, connected to FG1):
my IP=10.11.1.1 -> FG1 and FG2 accessable
Case 2 (split tunneling, connected to FG2):
my IP=10.11.2.1 -> FG1 accessable, but and FG2 not
best regards, TC
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I
ORIGINAL: TC_Hessen I have one stupid problem with the 5.0.6. We have 2 110C and on both we have an ssl vpn. When connection to the first FG with disabled split tunneling, everything works fine. But when connecting to the second FG with split tunneling enabled, I cannot access the management of the unit on its internal ips, neither ping nor ssh or https. Flow trace shows " iprope_in_check() check failed, drop" . That works fine 5.0.5. Can anyone confirm it? FG1: 10.10.1.254 FG2: 10.10.2.254 Case 1 (no split tunneling, connected to FG1): my IP=10.11.1.1 -> FG1 and FG2 accessable Case 2 (split tunneling, connected to FG2): my IP=10.11.2.1 -> FG1 accessable, but and FG2 notI tested split tunnel ssl vpn on a 60D and 200B with no issues connecting to the internal IP of the fortigate. Could this be specific to 110C?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see this day some very nast thing on the GUI (60D/100D/200B) all counters on IPSec-VPNS are 0 (and i know there should be many GB`s going this way). If i look at the tunnel himself i see the traffic ?
Michael Killermann
ISP-TOOLS GmbH
Kohlenhofstrasse 60 -D
90443 Nuernberg - Germany
Fortinet Certified Network & Security Professional #FCP1001
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: isptools I see this day some very nast thing on the GUI (60D/100D/200B) all counters on IPSec-VPNS are 0 (and i know there should be many GB`s going this way). If i look at the tunnel himself i see the traffic ?Sounds like it could be because of hardware acceleration. Do you have npu-offload enabled in your phase-1 settings? If hardware acceleration is enabled, then this is expected behavior. You can disable it, but then you should expect worse performance, higher CPU and such.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IE 11 ?!?
Try FF or Chrome....
On IE11 i get some empty counters on 5.0.6.
Regards,
Jan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
since " Years" i allways try Firefox, Chrome and IExx, but there is no difference.
Michael Killermann
ISP-TOOLS GmbH
Kohlenhofstrasse 60 -D
90443 Nuernberg - Germany
Fortinet Certified Network & Security Professional #FCP1001
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see this day some very nast thing on the GUI (60D/100D/200B) all counters on IPSec-VPNS are 0 (and i know there should be many GB`s going this way). If i look at the tunnel himself i see the traffic ?With policy or interface mode? I just checked with 2 of our 100D clusters with IPSec vpns in interface mode and don' t see any trouble on the counters
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
its all in policy-mode.
Michael Killermann
ISP-TOOLS GmbH
Kohlenhofstrasse 60 -D
90443 Nuernberg - Germany
Fortinet Certified Network & Security Professional #FCP1001
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
its all in policy-mode.Did the IPSec counters work properly before on policy mode? I remember the counters often were either 0 or far from realistic in policy mode - Throughout different 3.x and 4.x Firmware versions...
Related Posts
- Empty window when I edit a... 62 Views
- P2P category displayed as ICQ. A... 52 Views
- ZTP, Auto-link with FMG and missing... 41 Views
- IPsec VPN - Duplicated Phase 2... 105 Views
- No VPN logs on FortiGate 60E... 157 Views
Labels
-
FortiGate
4,477 -
FortiClient
917 -
5.2
801 -
5.4
639 -
FortiManager
435 -
6.0
416 -
5.6
362 -
FortiAnalyzer
298 -
6.2
251 -
FortiAP
211 -
FortiSwitch
209 -
5.0
196 -
Fortimail
185 -
FortiAuthenticator
182 -
FortiClient EMS
170 -
6.4
128 -
FortiWeb
101 -
FortiGuard
71 -
FortiGateCloud
70 -
4.0MR3
64 -
FortiCloud Products
60 -
FortiSIEM
57 -
FortiNAC
55 -
Customer Service
48 -
FortiToken
45 -
Wireless Controller
36 -
FortiADC
32 -
FortiProxy
30 -
FortiGate v5.4
27 -
Fortivoice
26 -
FortiSwitch v6.4
24 -
FortiDNS
24 -
FortiConnect
24 -
FortiSandbox
21 -
FortiExtender
21 -
FortiEDR
20 -
FortiWAN
15 -
FortiConverter
14 -
FortiSwitch v6.2
12 -
FortiMonitor
11 -
FortiPortal
10 -
FortiCASB
10 -
FortiGate v5.2
9 -
4.0MR2
9 -
FortiGate v5.0
7 -
FortiAnalyzer v5.0
7 -
FortiManager v5.0
7 -
FortiDDoS
7 -
4.0
7 -
FortiSOAR
6 -
FortiRecorder
6 -
RMA Information and Announcements
5 -
FortiBridge
4 -
FortiCarrier
4 -
3.6
4 -
FortiWeb v5.0
3 -
FortiDirector
3 -
FortiCache
3 -
FortiDB
3 -
FortiManager v4.0
3 -
FortiDeceptor
2 -
FortiInsight
2 -
FortiScan
2 -
FortiGate v4.0 MR3
2 -
4.0MR1
1 -
FortiAI
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiHypervisor
1 -
FortiNDR
1 -
FortiTester
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2023 Fortinet, Inc. All Rights Reserved.