Helpful ReplyFortiOS 5.2.2 is out!

Page: 123 > Showing page 1 of 3
Author
Selective
Expert Member
  • Total Posts : 2741
  • Scores: 115
  • Reward points: 0
  • Joined: 2007/07/03 10:44:56
  • Location: Gothenburg - Sweden
  • Status: offline
2014/11/18 23:11:23 (permalink)
0

FortiOS 5.2.2 is out!

.
#1
Matthijs
Gold Member
  • Total Posts : 342
  • Scores: 15
  • Reward points: 0
  • Joined: 2010/05/26 04:58:32
  • Location: Aalsmeer, The Netherlands
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/18 23:50:49 (permalink)
0
Just upgraded my home FWF60D. Seems to be running fine after the upgrade.

--------------
FCNSA
FCNSP
FCESP
#2
Matthew Mollenhauer
Silver Member
  • Total Posts : 69
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/07/07 20:06:48
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/19 03:29:49 (permalink)
0
From the release notes:
FortiOS v5.2.2 support: FortiManager: 5.2.1 or later
 
I wonder how long it will take for that to be released, still unable to upgrade our 1500D units to any 5.2 release as they aren't supported yet on the current 5.2.0 FMG release.
 
Regards,
Matthew
 
#3
emnoc
Expert Member
  • Total Posts : 5160
  • Scores: 333
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/19 03:42:05 (permalink)
0
Same here b642 earlier  this AM on a FWF60D. Took awhile for it to come back up. Will be testing the MF667 modem shortly
 
 

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#4
simonorch
Gold Member
  • Total Posts : 319
  • Scores: 12
  • Reward points: 0
  • Joined: 2009/06/05 00:05:08
  • Location: Norway
  • Status: online
Re: FortiOS 5.2.2 is out! 2014/11/19 03:49:55 (permalink) ☄ Helpfulby BrUz 2014/12/11 00:32:42
5 (1)
and still packet capture is hidden from the gui on the small boxes.
 
Not a big deal as it's still available by typing the url manually, but it's irritating.

NSE8
Fortinet platinum partner - Norway
#5
BWiebe
Silver Member
  • Total Posts : 78
  • Scores: 1
  • Reward points: 0
  • Joined: 2012/06/07 07:54:42
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/19 10:40:12 (permalink)
0
Updated two smaller boxes so far.
 
FortiWifi 60C from 5.2.1 to 5.2.2 - no issues.
Fortigate 60D from 5.2.1 to 5.2.2 - some of the config (the firewall policies and the static routes), were removed for some reason.  Luckily a backup config was able to bring them back, but it was very strange.  Never seen that happen with a firmware update before and I've been playing with firmware upgrades since 2.8 on various models.
 
 
#6
Matthew Mollenhauer
Silver Member
  • Total Posts : 69
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/07/07 20:06:48
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/19 13:55:01 (permalink)
0
Patch notes say that the ADSL interface should now work, I'll need to test on my lab FWF60CX-ADSL-A to confirm. Won't be able to roll it out to our offices until the FMG is updated though...
#7
Selective
Expert Member
  • Total Posts : 2741
  • Scores: 115
  • Reward points: 0
  • Joined: 2007/07/03 10:44:56
  • Location: Gothenburg - Sweden
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/20 01:53:49 (permalink)
0
I have now been trying 5.2.2 for a couple of days, and I must say the quality of the firmware is MUCH higher than before.
 
@Fortinet: Whatever you are doing...keep doing it! Well done!
#8
techevo
Bronze Member
  • Total Posts : 30
  • Scores: 0
  • Reward points: 0
  • Joined: 2010/04/02 08:20:51
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/20 09:28:05 (permalink)
0
Upgraded a few box and it's over all good.  But be careful with SSL deep inspection ... read the release note if you have a ssh/ssl profile named "default" ... it will be replaced ( I have one customer that learned the hard way ).
 
Here is the info from the release note :
 
Bug ID 0255603 Remove the default profile in deep-inspection-option /
ssl-ssh-profile if it is not used. Otherwise, it will be renamed to
deep-inspection-5-0.
 
Also found that addresses need to be defined on the ANY interface to show in ssl inspection ( that was not the case in 5.2.1 ).  I had a group that included addresses defined on the wan interface and this prevented the group to show in the gui ( it was there in cli ).  After moving all addresses to ANY it showed up in gui.  Also if you want to add any new address in the gui it need to be from ANY interface.
 
Also on my 100D, Fortiview does not show anything in 5 min, 1 hours and 24 hours, only in now ( and yes I have log to disk enable ).  It was working just fine in 5.2.1 - Any body else in the same boat or it's just me?  
 
Hope it helps someone else.
post edited by techevo - 2014/11/20 09:33:11
#9
vanc
optimizzz
  • Total Posts : 937
  • Scores: 5
  • Reward points: 0
  • Joined: 2004/03/07 21:30:03
  • Location: The most beautiful place in the world
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/20 15:04:51 (permalink)
0
techevo
Also on my 100D, Fortiview does not show anything in 5 min, 1 hours and 24 hours, only in now ( and yes I have log to disk enable ).  It was working just fine in 5.2.1 - Any body else in the same boat or it's just me?  

It's working fine on my 100D and 300D. I can see all the time tabs are populated. Yes, I've run 5.2.2 for more than a day.
 
#10
Nihas
Gold Member
  • Total Posts : 182
  • Scores: 3
  • Reward points: 0
  • Joined: 2014/07/17 04:07:02
  • Location: God's Own Country
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/20 22:55:56 (permalink)
0
Upgraded a 200D to 5.2.2 seems fine.
Main attraction is fortiview has improved, and gui is bit faster than the previous ones.
 
However,I have found a few issues.
1. Still the IPSec VPN monitor Module provides wrong Data ( in one day 250 GB which is not possible)
2. I have upgraded FAP221B also, The clients IP's are not showing in the "Client Monitor" module. I think its an issue with Controller.
 
 
 
#11
Baptiste
Gold Member
  • Total Posts : 153
  • Scores: 13
  • Reward points: 0
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/21 05:56:34 (permalink)
0
is it just a joke ???
Pay for FAZ and lost logs ???????
 
FGT 5.2.2 release notes
Table 28:
Known log & report issues
Bug ID Description
0260101 The log loss rate to FortiAnalyzer is higher than on previous builds.

FGT 100D 6.0.5 + FTK200
FGT 60E 5.6.7 & 6.0.4
FGT 40C 5.0.13
FAZ VM 6.2.0
FAP 210B/221C/223C/321C/421E
#12
tojoe
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/11/23 02:15:12
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/23 02:31:08 (permalink)
0
I'm having severe issues with any 5.2.x on my 80C.
Depending on whether I flash it or just run it without saving the image to flash it either hangs at "System is starting..." or crashes with "ehci_hcd 5035: fatal error".
 
#13
dfroe
New Member
  • Total Posts : 9
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/11/17 13:20:13
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/23 14:08:31 (permalink)
0
I can also confirm that FortiOS 5.2.2 image for FortiGate 80C is broken.
Do not install it on a productive device, especially not on remotely located units, wihout further testing!
When trying to boot the image, my device gets caught in an infinite boot loop.
 
Press any key to display configuration menu...
......
Reading boot image 1431271 bytes.
ehci_hcd 5035: fatal error

 
I had to revert back to 5.2.1 by using the backup image via bootloader, which required direct serial connection.
I tried the upgrade process twice, ending up in the same fatal error boot loop each time.
post edited by dfroe - 2014/11/23 14:11:40
#14
arshadm
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/11/19 08:52:42
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/23 20:59:55 (permalink)
0
How can I get hold of a release note document
#15
techevo
Bronze Member
  • Total Posts : 30
  • Scores: 0
  • Reward points: 0
  • Joined: 2010/04/02 08:20:51
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/23 21:46:10 (permalink)
0
arshadm
How can I get hold of a release note document




It's in the same folder as where you get the firmware. ( under download when you sign in with your user and password on fortinet support site ). Look for a pdf in the main folder of release 5.2.2
#16
techevo
Bronze Member
  • Total Posts : 30
  • Scores: 0
  • Reward points: 0
  • Joined: 2010/04/02 08:20:51
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/23 21:57:17 (permalink)
0
dfroe
I can also confirm that FortiOS 5.2.2 image for FortiGate 80C is broken.
Do not install it on a productive device, especially not on remotely located units, wihout further testing!
When trying to boot the image, my device gets caught in an infinite boot loop.
 
Press any key to display configuration menu...
......
Reading boot image 1431271 bytes.
ehci_hcd 5035: fatal error

 
I had to revert back to 5.2.1 by using the backup image via bootloader, which required direct serial connection.
I tried the upgrade process twice, ending up in the same fatal error boot loop each time.




 
I had the same problem with some 80C in 5.2.1.  Some would work and some not.  I believe it depends on the specific hardware revision.  The funny thing is it was reported to Fortinet and they told me they were aware if the issue ( bug id: 245139 ) and it would be fix in 5.2.2!  I wonder if the ones that did not work in 5.2.1 are now working and the one that used to work are now broken?
#17
dfroe
New Member
  • Total Posts : 9
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/11/17 13:20:13
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/24 01:34:17 (permalink)
0
techevoI had the same problem with some 80C in 5.2.1.  Some would work and some not.  I believe it depends on the specific hardware revision.  The funny thing is it was reported to Fortinet and they told me they were aware if the issue ( bug id: 245139 ) and it would be fix in 5.2.2!  I wonder if the ones that did not work in 5.2.1 are now working and the one that used to work are now broken?


Surprisingly I myself had no problems at all upgrading my 80C to 5.2.0 or 5.2.1.
The update from 5.2.1 to 5.2.2 is the first time I encounter this issue.
 
So it seems not be a general problem with the image file.
Instead the problem occurs "under certain conditions".
According to this former thread this particular error also occured with 5.0:
https://forum.fortinet.com/tm.aspx?m=95861
This sounds like upgrading via TFTP instead of Web-GUI might work but I haven't tested it yet.
#18
Petras
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/09/02 22:43:14
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/25 22:42:14 (permalink)
0
Hey,
 
So what about:
"Bug ID 0255603 Remove the default profile in deep-inspection-option /ssl-ssh-profile if it is not used. Otherwise, it will be renamed to deep-inspection-5-0. "
 
We use default ssl inspection profile in some fw policys (FGT 800c). What will be the impact of this? How do I nee to prepare for upgrade?
#19
BWiebe
Silver Member
  • Total Posts : 78
  • Scores: 1
  • Reward points: 0
  • Joined: 2012/06/07 07:54:42
  • Status: offline
Re: FortiOS 5.2.2 is out! 2014/11/26 07:06:51 (permalink)
0
Petras
Hey,
 
So what about:
"Bug ID 0255603 Remove the default profile in deep-inspection-option /ssl-ssh-profile if it is not used. Otherwise, it will be renamed to deep-inspection-5-0. "
 
We use default ssl inspection profile in some fw policys (FGT 800c). What will be the impact of this? How do I nee to prepare for upgrade?




From the bug notes above, it sounds like it only removes it if it's not in use.  If you're using it, it just renames it to deep-inspection-5-0.
 
 
#20
Page: 123 > Showing page 1 of 3
Jump to:
© 2019 APG vNext Commercial Version 5.5