Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

FortiOS 5.2.7 is out

.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
3 Solutions
vladimircze
New Contributor III

Hi,

12 hours ago upgraded 100D cluster from 5.2.3 to 5.2.7 (using 5.2.5 as intermediate version in upgrade path).

Features used:

A-A cluster,

web filter,

IPS,A/V, APPL Sensors, content SSL Inspection

WiFi (WPA2-enterprise and WPA2-Personal)

SSL VPN, IPSEC VPN

OSPF, LACP

5 VDOM.

 

So far so good.

 

Vladimir, Prague, Czech Republic.

View solution in original post

netmin
Contributor II

I don't believe this is a bug. I remember having seen a changelog or release note referring to the built-in account "FGT_ha_admin", which was originally used for exec ha manage:

 

"You log into the subordinate unit using the FGT_ha_admin administrator account. This built-in administrator account gives you read and write permission on the subordinate unit. Normally this built-in administrative account is not visible, however FGT_ha_admin does appear in event log messages."

 

I think the account was removed (for security reasons) ... [strike]I can't find the corresponding document anymore, maybe a later document revision had this piece of information removed as well.[/strike]

 

Edit: found it - the release notes downloaded from the support portal provide(d) this information.

 

View solution in original post

x_member

FYI:

5.2.7 contains ipsengine 3.0164 that does not play well with deep packet inspection and Chrome browser: https://forum.fortinet.com/tm.aspx?m=137615

 

View solution in original post

19 REPLIES 19
Baptiste
Contributor II

Release notes : http://docs.fortinet.com/uploaded/files/2967/fortios-v5.2.7-release-notes.pdf

 

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
storaid

some known issues are annoying..=_="

* Users may not be able to create new address objects from the Firewall Policy.

* All sessions: filter application, threat, and threat type, may not work as expected

* If the client is connecting to an SSID with WPA-Enterprise and User-group, it may not be able to pass the traffic policy.

* When creating an id_based policy with SSL enabled, and the set gui-multipleutm disable is applied, an Entry not found error message may appear.

* When navigating FortiView > Application some security action filters may not work.

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
pcraponi

I think these "know issues" are not 5.2.7 only. I have some of these bugs in previous versions. Apparently they are all 5.2.x bugs opened.

Regards, Paulo Raponi

Regards, Paulo Raponi
JohnAgora

Anyone found the file "What’s New for FortiOS 5.2.7 "?

 

Thanks!

emnoc
Esteemed Contributor III

Here's the link & click on 5.2

 

http://docs.fortinet.com/fortigate/release-information

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
JohnAgora

I just found the one on 5.2.5.

Cheers!

donnat
New Contributor III

Maybe there will be no new features in 5.2, but only bug fixes... and the new features will be to v5.4 ... I hope ... and thank you advance to correct any bugs in 5.2.8... Pleeeeeeeaaaaaaaaaase

Cluster Active/Passive Fortigate-1500D 6.0.9 (AV, DLP, AppCtrl & IPS, DHCP, AlertMail, Fortiguard Web & AS, OSPF & RIPv2, SSL-VPN Portal Web and Tunnel) FortiAnalyzer-3000D 6.0.8 (Log, Syslog, Alert event, Quarantine & Report)

Cluster Active/Passive Fortigate-1500D 6.0.9 (AV, DLP, AppCtrl & IPS, DHCP, AlertMail, Fortiguard Web & AS, OSPF & RIPv2, SSL-VPN Portal Web and Tunnel) FortiAnalyzer-3000D 6.0.8 (Log, Syslog, Alert event, Quarantine & Report)
vladimircze
New Contributor III

Hi,

12 hours ago upgraded 100D cluster from 5.2.3 to 5.2.7 (using 5.2.5 as intermediate version in upgrade path).

Features used:

A-A cluster,

web filter,

IPS,A/V, APPL Sensors, content SSL Inspection

WiFi (WPA2-enterprise and WPA2-Personal)

SSL VPN, IPSEC VPN

OSPF, LACP

5 VDOM.

 

So far so good.

 

Vladimir, Prague, Czech Republic.

AtiT
Valued Contributor

I updated an A-P cluster from 5.2.4 to 5.2.7 (via 5.2.6). Now when I want to connect to the subordinary unit with command #execute ha manage <id> the username and password needed to be entered. Is it a new feature? I did not find it in the release notes or I missed something?

It could be a problem on an A-P cluster when external user authentication is used for admins like LDAP etc. as the passive unit will not authenticate the user.

AtiT

AtiT
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors