Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

FortiOS 5.2.2 is out!

.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
4 Solutions
simonorch
Contributor

and still packet capture is hidden from the gui on the small boxes.

 

Not a big deal as it's still available by typing the url manually, but it's irritating.

NSE8 Fortinet Expert partner - Norway

View solution in original post

NSE8 Fortinet Expert partner - Norway
ISOffice

techevo wrote:
 

Also on my 100D, Fortiview does not show anything in 5 min, 1 hours and 24 hours, only in now ( and yes I have log to disk enable ).  It was working just fine in 5.2.1 - Any body else in the same boat or it's just me?  

We had a similar issue in that FortiView did not show returns for 5 min, 1 Hour & 24 Hours. A Fortinet engineer recommended that we 'Enable Local reports' on Log Settings. We are now getting returns on all time frames.

 

Hope this helps.

View solution in original post

Carl_Wallmark

ISOffice wrote:

No worries, glad to hear it helped.

To be honest, I cannot see why this made the difference. Credit should really go to AJ in FortiNet Support.

JP

My guess is that FortiView uses the SQLlite database which is activated by "Local Report" feature.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

View solution in original post

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
GusTech

networkingkool wrote:

Hi community,

 

I tried the image 5.2.2 for 80C unit few days ago. But something went wrong. The whole LANs behind the fortigate cannot go to Internet. Only fortigate unit itself can go to Internet.

I recheck my configuration many times but cannot find any error with the configuration. I have to revert back to the image 5.2.1 then LANs can go Internet without any changes in configuration.

I think the fortigate get problem with NAT function.

Does anyone have the same problem with me?

Please advice.

 

Hi,

 

Goto: Policy & Objects -> Objects -> Services -> Open ALL and change Protocol number from 6 to 0

Fortigate <3

View solution in original post

Fortigate <3
46 REPLIES 46
Matthijs
New Contributor II

Just upgraded my home FWF60D. Seems to be running fine after the upgrade.

Matthew_Mollenhauer
New Contributor III

From the release notes:

FortiOS v5.2.2 support: FortiManager: 5.2.1 or later

 

I wonder how long it will take for that to be released, still unable to upgrade our 1500D units to any 5.2 release as they aren't supported yet on the current 5.2.0 FMG release.

 

Regards,

Matthew

 

emnoc
Esteemed Contributor III

Same here b642 earlier  this AM on a FWF60D. Took awhile for it to come back up. Will be testing the MF667 modem shortly

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
simonorch
Contributor

and still packet capture is hidden from the gui on the small boxes.

 

Not a big deal as it's still available by typing the url manually, but it's irritating.

NSE8 Fortinet Expert partner - Norway

NSE8 Fortinet Expert partner - Norway
GusTech

simonorch wrote:

and still packet capture is hidden from the gui on the small boxes.

 

Not a big deal as it's still available by typing the url manually, but it's irritating.

agree! Stop removing practical GUI features from the small boxes... That is just stupid..

Fortigate <3

Fortigate <3
BWiebe
Contributor

Updated two smaller boxes so far.

 

FortiWifi 60C from 5.2.1 to 5.2.2 - no issues.

Fortigate 60D from 5.2.1 to 5.2.2 - some of the config (the firewall policies and the static routes), were removed for some reason.  Luckily a backup config was able to bring them back, but it was very strange.  Never seen that happen with a firmware update before and I've been playing with firmware upgrades since 2.8 on various models.

 

 

Matthew_Mollenhauer
New Contributor III

Patch notes say that the ADSL interface should now work, I'll need to test on my lab FWF60CX-ADSL-A to confirm. Won't be able to roll it out to our offices until the FMG is updated though...

Carl_Wallmark
Valued Contributor

I have now been trying 5.2.2 for a couple of days, and I must say the quality of the firmware is MUCH higher than before.

 

@Fortinet: Whatever you are doing...keep doing it! Well done!

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
techevo
New Contributor

Upgraded a few box and it's over all good.  But be careful with SSL deep inspection ... read the release note if you have a ssh/ssl profile named "default" ... it will be replaced ( I have one customer that learned the hard way ).

 

Here is the info from the release note :

 

Bug ID 0255603 Remove the default profile in deep-inspection-option / ssl-ssh-profile if it is not used. Otherwise, it will be renamed to deep-inspection-5-0.

 

Also found that addresses need to be defined on the ANY interface to show in ssl inspection ( that was not the case in 5.2.1 ).  I had a group that included addresses defined on the wan interface and this prevented the group to show in the gui ( it was there in cli ).  After moving all addresses to ANY it showed up in gui.  Also if you want to add any new address in the gui it need to be from ANY interface.

 

Also on my 100D, Fortiview does not show anything in 5 min, 1 hours and 24 hours, only in now ( and yes I have log to disk enable ).  It was working just fine in 5.2.1 - Any body else in the same boat or it's just me?  

 

Hope it helps someone else.

Labels
Top Kudoed Authors