Yes, we encountered these two issues on a FortiGate 60E. In spite of my previous statement, I think that both errors occurred on the same firewall. We upgraded another ForthGate 60D with no other problems noted.
1. Log & Report / System Events / Application crashed
application: ipsengine 04.021
I was told that this has been reported in bug id: 0506672 and that this requires an upgrade to the IPS engine to version 4.0023
I made the upgrade to 4.0023 but prior to the upgrade the system event crashes stopped appearing
No further issues with this issue have been noticed
2. https://www.gotoassist.me certificate warning. Using deep inspection. Forti_ssl certificate was installed on the browser. The certificate for this website was signed by Fort_CA_untrusted. I was told that the Fortiguard team is working on the certificate bundle. They are saying it will be added in certificate bundle 1.00013.
I was told that I could run:
You can run the following command to update your bundle :
To check if it is updated then run
diagnose autoupdate versions
Twice the ipsengine 04.021 has crashed, 30 minutes apart.
Memory usage is about 60%. CPU utilization is about 3%.
Noticed two errors after the firmware upgrade (diag debug config-error-log read):
1. set type security audit and 2. set location forticloud. The engineer thought that these errors could be ignored and that they were due to changed features in 6.0.2.
Called Fortinet tech support. Was unable to start a GoToAssist session without encountering a security warning. The engineer thought that the security certificate use by GoToAssist was not in the trusted certificates in the FortiGate. This FortiGate is using Full SSL Inspection on the IPv4 policy. He said that he would investigate. Would be curious if others running 6.0.2 and using Full SSL Inspection can open GoToAssist without getting a certificate warning.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.