Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
storaid
Contributor

FortiOS v5.6.1 is released...!!

well...

after long time ago, now it's out...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
6 Solutions
storaid
Contributor

annoying bug..

JSON string....=^=

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

View solution in original post

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
emnoc
Esteemed Contributor III

Other problems noted in 5.6

 

 

1: the  diag debug flow show console enable is missing as a option

 

2: still can NOT upload a  x509 certificate via GUI ( pkcs12  or  via pem cert+key )

 

3: a valid certificate self-sign  for admingui access does NOT work no matter how or what type of certificate that we try to craft standard, wildcard or SAN if we paste it in via the cli "config vpn certificate local "

 

More to come ;)

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
emnoc
Esteemed Contributor III

Again my  FWF60D has hungs up.  We thought it crashed but come to find out the  HTTP process is hung.  Since this is a remote hosted FW, I'm downgrading ....Sorry but v5.6.1 is a no-go for me ;(

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
storaid

inexplicable radius server test:

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

View solution in original post

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
pcraponi
Contributor II

Maybe it's a database migration? Have you tried to format log-disk?

Regards, Paulo Raponi

View solution in original post

Regards, Paulo Raponi
thuynh_FTNT

keij wrote:

I can not see Local traffic (Fortigate's self traffic) in Foriview of ver5.6.1. In 5.2 were able to see the fortigate local traffic. Is it no longer visible in the 5.6 series?

Hi Keij, that is correct. We do not show local traffic in FortiView starting 5.6.0

View solution in original post

102 REPLIES 102
bommi

Okay, I am using stateless addresses and the ip6-other-flag for the dns service.

NSE 4/5/7

NSE 4/5/7
storaid

inexplicable radius server test:

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
storaid

the Device detection for FortiOS v5.6 is so bad....

Detection accuracy is very terrible....

I remember active-device-identification-scan function was disabled from v5.6...

it's about that???

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
thuynh_FTNT

storaid wrote:

inexplicable radius server test:

Hi storaid, this behaviour is expected as we do not support testing user credentials against the Radius server just yet. The credentials here is only used to improve the test's speed as described in the dialog. Incorrect credentials will be ignored. We will however add support for credentials testing in future release. Sorry for the confusion.

kallbrandt

Andy Bailey wrote:
bommi wrote:
My IPv6 connectivity using an delegated prefix works on 5.6.1 with my FortiWifi 30E.
Are using stateless IPv6 config? I'm using a stateful config with DHCPv6 and I think the manage flag issue (mentioned earlier by myself and one other person) means the advertisements aren't working as expected. In my config I can see connectivity is there from the Fortigate to other internal and external devices. However most of my devices aren't requesting IPv6 addresses- presumably because they aren't seeing the manage flag correctly? It did all work correctly under 5.6.0. Kind Regards, Andy.

Yes indeed, doesn't seem to be possible to do stateful at all. Too bad.

Richie

NSE7

Richie NSE7
andrewbailey

kallbrandt wrote:

Andy Bailey wrote:
bommi wrote:
My IPv6 connectivity using an delegated prefix works on 5.6.1 with my FortiWifi 30E.
Are using stateless IPv6 config? I'm using a stateful config with DHCPv6 and I think the manage flag issue (mentioned earlier by myself and one other person) means the advertisements aren't working as expected. In my config I can see connectivity is there from the Fortigate to other internal and external devices. However most of my devices aren't requesting IPv6 addresses- presumably because they aren't seeing the manage flag correctly? It did all work correctly under 5.6.0. Kind Regards, Andy.

Yes indeed, doesn't seem to be possible to do stateful at all. Too bad.

For anyone interested I did raise a ticket for this issue. Ticket number is 2306843.

 

It's been confirmed as a bug and is due to be resolved in 5.6.3.

 

I've rolled back to 5.6.0 for now.

 

Kind Regards,

 

 

Andy.

andrewbailey

storaid wrote:

weird ipv6 command display:

 

I've raised a ticket for this issue- it's been reproduced by the first line engineers and is now being escalated for further trouble shooting.

 

Ticket number is 2306843 if anyone is interested.

 

Kind Regards,

 

 

Andy.

storaid

box: 60E

lost npu functions in the CLI console:

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
jnliu_FTNT

storaid wrote:

box: 60E

lost npu functions in the CLI console:

FOS5.6.1 did some NPU code clear, there is no option under "config system npu"for NP6Lite now.

Vanessa6

Hey guys,

 

we are running FortiOS 5.6.1 on a 200D-Cluster (active/standby). Since the upgrade we are experiencing some serious problems with WiFI and cluster synchronisation.

WiFi with radius-authentication doesn't work correctly anymore. It seems that our apple devices (iPhone and mac) are affected much more than android-devices and windows-clients. Some clients can't connect to the WiFI (although authentication on radius server is successful. After switching the iPhone off and on in the morning, it is working for the rest of the day.) Others do have a lot of connection loss and some don't have any problems at all.

As a temporary workaround I set up a second WiFi with PSK authentication which is working for all devices.

 

The second problem with ha synchronization is very annoying. Randomly after configuration changes the slave can't sync with the master anymore. About every minute it logs 'in-sync' and 'out-of-sync'. Sometimes I can fix it via cli command 'execute ha sync stop/start'; the other time the slave needs a reboot to be able to sync again.

Unfortunately 'diag sys ha checksum' and 'diag sys ha hadiff' don't show anything (but I can see on the gui that both checksums differ).

 

With FortiOS 5.4.5 everything was working fine.

Anyone here with ideas how to fix the WiFi and especially the cluster problems? I guess upgrading to 5.6.2 won't help because according to the release notes they just fixed 3 (!) bugs...and no one of these on wifi or cluster setup...

 

Thanks for your time and help

Vanessa

 

 

Labels
Top Kudoed Authors