Helpful ReplyHot!FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2

Page: 12 > Showing page 1 of 2
Author
HyperGhost
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/25 03:13:23
  • Location: Egypt
  • Status: offline
2016/11/25 04:35:57 (permalink)
0

FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2

Hi all,
 
i have 2 FGT 800C running in HA mode Active-Active before 3 days ago i have upgraded the firmware from 5.2.4 to 5.4.2 using proper upgrade path which provided by fortinet 5.2.4 > 5.2.6 > 5.2.9 > 5.4.2, after upgrading the firmware i noticed that FGT GUI is very very slow especially when i navigate to polices page took like 3 to 5 mints to open. i have opened ticket with foritnet support and waiting for their reply, did anyone faced this issue?
 
Note: i changed the HA mode to Active-Passive, matched HA Hash, and restarted the both units.
 
Thank you.
#1
FortiOSman
Bronze Member
  • Total Posts : 29
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/08/03 10:14:57
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/02 07:42:47 (permalink)
0
Bump
#2
MikePruett
Platinum Member
  • Total Posts : 674
  • Scores: 13
  • Reward points: 0
  • Joined: 2014/01/08 19:39:40
  • Location: Montgomery, Al
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/02 09:24:01 (permalink)
0
I had an 800C act strangely but it was tied to improper upgrade both being used by previous technician.
 
Are you able to backup the configuration, wipe, reload 5.4.2 directly and then reload config?

Mike Pruett
Fortinet GURU
#3
HyperGhost
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/25 03:13:23
  • Location: Egypt
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/04 00:23:56 (permalink)
0
fortinet support advised to "execute formatelogdisk" on both appliance. 
 
Now the GUI is faster and working normally, but still slower more than 5.2.x
#4
kallbrandt
Silver Member
  • Total Posts : 76
  • Scores: 18
  • Reward points: 0
  • Joined: 2016/05/21 11:21:05
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/04 12:06:19 (permalink)
0
Check your setup for errors with "diag debug config-error-log read". If you have errors, try to get rid of them. Usually, these errors are related to non-upgradeble settings in the security profiles. There are a few settings that can't be converted to 5.4.x. Preferred way to check is to connect via console and reboot, and look at the output when the firewall boots. Check output on both firewalls!
 
The 5.4.2 release solved quite a few bugs in 5.4.1 and 5.4.0. However, it introduced a new string of pretty serious bugs too. I wouldn't use it in production on anything else then an "E" model. Is there a good reason for upgrading to 5.4.x on your 800c cluster? 5.2.10 seems to be good...
 
One way of fixing weird errors if nothing else helps is to roll back, then install ALL software versions on the way. Tedious, but 100% successful for me when I have encountered similar problems. You might have bumped into something during the upgrade path.
 
If you find errors in your config and want help with them, post here or send pm.
 
post edited by kallbrandt - 2016/12/08 00:52:52

Richie
NSE7
#5
tanr
Gold Member
  • Total Posts : 384
  • Scores: 12
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/04 14:11:13 (permalink)
0
@kalibrandt,
 
Just to confirm, you got official word that 5.4.x won't have any more maintenance builds?  
Worrying for those of us who have put some time into 5.4.2.
#6
MikePruett
Platinum Member
  • Total Posts : 674
  • Scores: 13
  • Reward points: 0
  • Joined: 2014/01/08 19:39:40
  • Location: Montgomery, Al
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/05 11:08:24 (permalink)
0
5.4.x progressions should be just bug fixes etc.
 
5.6 progression from what I HEARD (don't hold me to it though) is supposed to be new features etc.

Mike Pruett
Fortinet GURU
#7
tanr
Gold Member
  • Total Posts : 384
  • Scores: 12
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/07 15:20:25 (permalink)
0
I'm just fine with 5.4.x just getting bug/security fixes instead of new functionality!
 
What I don't want to hear for quite a while is "we're not going to fix that in 5.4.x, you need to upgrade to 5.6.x"...
#8
Toshi Esumi
Platinum Member
  • Total Posts : 485
  • Scores: 26
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/07 15:26:21 (permalink)
0
I'm sure you'll here it anyway depending on the severity of the bug. We were told they wouldn't implement /31 secondary IP issue with 5.2. Only 5.4 has the fix.
#9
kallbrandt
Silver Member
  • Total Posts : 76
  • Scores: 18
  • Reward points: 0
  • Joined: 2016/05/21 11:21:05
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/08 00:57:36 (permalink)
0
Hello,
 
I don't know what's official and what's not, so I removed the statement.
 

Richie
NSE7
#10
HyperGhost
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/25 03:13:23
  • Location: Egypt
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/08 02:02:28 (permalink)
0
@kallbrandt
 
i ran this command "diag debug config-error-log read". i didn't  found any error
 
5.4.2 still lagging and glitching it really pissing me off. i will downgrade to 5.2.10
 
FortiOS has features more than any vendor but more bugs as well.
 
i wish Fortinet team focus on fixing bugs instead of introducing more features or at least focus on both equally 
 
last point: Fortinet support is very bad they really need to enhance the service
#11
mahesh secure
New Member
  • Total Posts : 18
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/12/10 01:04:48
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/08 02:59:34 (permalink)
0
Hai
 
 
Can you plz run the below commands
 
diagnose sys top


and try to restart the httpsd process 
 
 
Regards
Mahesh
#12
HyperGhost
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/25 03:13:23
  • Location: Egypt
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/12 02:35:30 (permalink) ☄ Helpfulby mahesh secure 2017/04/24 01:52:31
0
mahesh secure
 
i did it, still lagging and glitching specially ( address & policy pages) 
 
 Foritnet support team advised:
- How you are accessing Web-GUI either by VPN, Public IP or Internally (LAN). 
- Also when you are checking keep the "httpsd" on check with multiple browser by clearing there browsing history. 
- In FGT Web-GUI you are facing slowness with specific page i.e "Policy Page", "Interface Page" or the complete GUI
 
Please provide the output of below mentioned commands again. 

# diag debug reset 
# diag debug disable 
# diag debug enable 
# diag web-ui debug enable 
# diag debug application httpsd -1 


Once done collecting logs 
# di de reset 
# di de disable ---> to disable 

# exec tac report 

** Run the command di sys top-summary again 
** See the process id (PID) for httpsd 
** Kill it using the following command and try to access web GUI again, 

diagnose sys kill 11 <PID> 

PID RSS CPU% ^MEM% FDS TIME+ NAME 
84 78M 0.0 1.0 20 00:13.45 httpsd [x4] 

Then check the performance again of GUI. 
#13
HyperGhost
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/25 03:13:23
  • Location: Egypt
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/12 02:37:00 (permalink)
0
i have another 4 FGTs at remote sites, they working perfectly with 5.2.x 
 
#14
HyperGhost
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/25 03:13:23
  • Location: Egypt
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2016/12/12 06:27:53 (permalink)
0
after i sent the logs to fortinet: they point the issue to:
 
httpsd 14767 - 1481537449] api_monitor_handler[454] -- received api_monitor_request from '10.2.24.124' 
[httpsd 14767 - 1481537449] aps_init_process_vdom[1200] -- initialized process vdom to 'NPC-VDOM' (cookie='NPC-VDOM') 
[httpsd 14767 - 1481537449] handle_req_vdom[387] -- new API request (action='select',path='system',name='debug',vdom='NPC-VDOM',user='mrazik') 
[httpsd 14767 - 1481537449] build_system_debug[2592] -- JavaScript error -- https://10.2.2.1:31994/cc...c2f3/qed_list_all.js:4 -- Uncaught TypeError: Cannot read property 'name' of undefined 
[httpsd 14767 - 1481537449] ap_invoke_handler[594] -- request completed (handler='api_monitor-handler' result==0) 
[httpsd 14767 - 1481537449] ap_invoke_handler[571] -- new request (handler='api_monitor-handler', uri='/api/monitor?path=system&name=debug', method='POST') 
[httpsd 14767 - 1481537449] ap_invoke_handler[575] -- User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
 
#15
MBR
Bronze Member
  • Total Posts : 48
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/06/20 04:13:26
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2017/02/03 10:39:00 (permalink)
0
Have the same problem with FortiOS 5.4.3 on several different devices.
Our FortiGate-200D cluster is worse of all. It contains 200+ policies and it's a hell right now if we want to look into or change policies using the GUI. (Om 5.2.8 it was 10x faster)
 
There are no config errors and log disks are already formatted.
Any of you having tips or solutions?

- MBR -
#16
smari
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/11/10 01:11:11
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2017/05/09 04:37:04 (permalink)
0
I can officially say that running FortiGate 900d with around 2k policies is the slowest gui I have ever seen ...
I am having problems on several boxes running 5.4.4.
 
Including 1500d, 900d, 300d etc.
 
I opened a tac case one time because of my 1500d cluster and the answer was that this was a bug in progress
and until they fixed it the solution was to set the gui to display only 20 lines.
 
"The bug is still under progress, As a workaround you can reduce the no of shown policies to 20 per page, then log-out and log-in again, 

to do that please execute the below commands 

# config system global 
# set gui-lines-per-page 20 
# end 
"
20 lines per page is still slow so I am hoping 5.6 will be better .
 
Has anyone had the balls to try out 5.6 on production ? :)

NSE7, FMG, FAC, FAZ .
1500D's, 1200D's, 900D's, 300D's, 200D's, 100D's and bunch of small stuff.
 
#17
MBR
Bronze Member
  • Total Posts : 48
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/06/20 04:13:26
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2017/05/09 06:19:16 (permalink)
0
Hi Smari,
 
5.6.0 doesn't fix this bug :(
Fortinet told me the fix will be released in (5.6.1), which is scheduled to be launched starting Q3
 
I'm very disappointed again in the Fortinet way of resolving such huge issues. I don't get it why the let customers wait so long (until some next release) before resolving urgent issues. In my opinion the should consider urgent patches or private hotfixes in these cases.
 
The 20 lines per page is indeed still way to slow... (I don't get it how it's possible these versions pass Q&A testing)
I hope this bug will also be fixed in a new 5.4.x release because I really don't want to get on the 5.6 release cycle this early.

- MBR -
#18
Toshi Esumi
Platinum Member
  • Total Posts : 485
  • Scores: 26
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2017/05/09 08:59:45 (permalink)
0
Could you share the bug ID?
#19
MBR
Bronze Member
  • Total Posts : 48
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/06/20 04:13:26
  • Status: offline
Re: FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2 2017/05/09 10:54:03 (permalink)
0
I didn't received the Bug ID but you may refer to ticket nr. 2108453

- MBR -
#20
Page: 12 > Showing page 1 of 2
Jump to:
© 2017 APG vNext Commercial Version 5.5