- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiGate 800c GUI is very slow after upgrading fr...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiGate 800c GUI is very slow after upgrading from 5.2.4 to 5.4.2
Hi all,
i have 2 FGT 800C running in HA mode Active-Active before 3 days ago i have upgraded the firmware from 5.2.4 to 5.4.2 using proper upgrade path which provided by fortinet 5.2.4 > 5.2.6 > 5.2.9 > 5.4.2, after upgrading the firmware i noticed that FGT GUI is very very slow especially when i navigate to polices page took like 3 to 5 mints to open. i have opened ticket with foritnet support and waiting for their reply, did anyone faced this issue?
Note: i changed the HA mode to Active-Passive, matched HA Hash, and restarted the both units.
Thank you.
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i did it, still lagging and glitching specially ( address & policy pages)
Foritnet support team advised:
- How you are accessing Web-GUI either by VPN, Public IP or Internally (LAN). - Also when you are checking keep the "httpsd" on check with multiple browser by clearing there browsing history. - In FGT Web-GUI you are facing slowness with specific page i.e "Policy Page", "Interface Page" or the complete GUI
Please provide the output of below mentioned commands again. # diag debug reset # diag debug disable # diag debug enable # diag web-ui debug enable # diag debug application httpsd -1 Once done collecting logs # di de reset # di de disable ---> to disable # exec tac report ** Run the command di sys top-summary again ** See the process id (PID) for httpsd ** Kill it using the following command and try to access web GUI again, diagnose sys kill 11 <PID> PID RSS CPU% ^MEM% FDS TIME+ NAME 84 78M 0.0 1.0 20 00:13.45 httpsd [x4] Then check the performance again of GUI.
22 REPLIES 22
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bump
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had an 800C act strangely but it was tied to improper upgrade both being used by previous technician.
Are you able to backup the configuration, wipe, reload 5.4.2 directly and then reload config?
Mike Pruett
Mike Pruett
Fortinet GURU | Fortinet Training Videos
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
fortinet support advised to "execute formatelogdisk" on both appliance.
Now the GUI is faster and working normally, but still slower more than 5.2.x
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check your setup for errors with "diag debug config-error-log read". If you have errors, try to get rid of them. Usually, these errors are related to non-upgradeble settings in the security profiles. There are a few settings that can't be converted to 5.4.x. Preferred way to check is to connect via console and reboot, and look at the output when the firewall boots. Check output on both firewalls!
The 5.4.2 release solved quite a few bugs in 5.4.1 and 5.4.0. However, it introduced a new string of pretty serious bugs too. I wouldn't use it in production on anything else then an "E" model. Is there a good reason for upgrading to 5.4.x on your 800c cluster? 5.2.10 seems to be good...
One way of fixing weird errors if nothing else helps is to roll back, then install ALL software versions on the way. Tedious, but 100% successful for me when I have encountered similar problems. You might have bumped into something during the upgrade path.
If you find errors in your config and want help with them, post here or send pm.
Richie
NSE7
Richie
NSE7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@kalibrandt,
Just to confirm, you got official word that 5.4.x won't have any more maintenance builds?
Worrying for those of us who have put some time into 5.4.2.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
5.4.x progressions should be just bug fixes etc.
5.6 progression from what I HEARD (don't hold me to it though) is supposed to be new features etc.
Mike Pruett
Mike Pruett
Fortinet GURU | Fortinet Training Videos
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm just fine with 5.4.x just getting bug/security fixes instead of new functionality!
What I don't want to hear for quite a while is "we're not going to fix that in 5.4.x, you need to upgrade to 5.6.x"...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm sure you'll here it anyway depending on the severity of the bug. We were told they wouldn't implement /31 secondary IP issue with 5.2. Only 5.4 has the fix.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I don't know what's official and what's not, so I removed the statement.
Richie
NSE7
Richie
NSE7
Related Posts
- DoS policy in FortiGate 5 Views
- #FortianalyzerCloud #License 9 Views
- FortiGate system time and log timestamp... 35 Views
- IPSec tunnel error : no SA... 59 Views
- After upgrade to authenticator 6.5.4 issues... 43 Views
Labels
-
FortiGate
6,511 -
FortiClient
1,300 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiGateCloud
87 -
FortiSIEM
86 -
FortiCloud Products
83 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.