Helpful ReplyHot!FortiOS v5.6.1 is released...!!

Page: 12345.. > >> Showing page 1 of 6
Author
storaid
Platinum Member
  • Total Posts : 746
  • Scores: 13
  • Reward points: 0
  • Joined: 2012/09/24 20:19:19
  • Status: offline
2017/07/27 18:32:42 (permalink)
0

FortiOS v5.6.1 is released...!!

well...
after long time ago, now it's out...

FWF60D x2
FWF60C x3
FGT80C rev.2
FGT200B-POE
FAP220B x3
FAP221B x2
FSW224B x1
#1
storaid
Platinum Member
  • Total Posts : 746
  • Scores: 13
  • Reward points: 0
  • Joined: 2012/09/24 20:19:19
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/27 18:35:26 (permalink) ☄ Helpfulby sfareg 2017/08/02 12:40:28
0
annoying bug..

JSON string....=^=

FWF60D x2
FWF60C x3
FGT80C rev.2
FGT200B-POE
FAP220B x3
FAP221B x2
FSW224B x1
#2
bommi
Silver Member
  • Total Posts : 80
  • Scores: 8
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/27 23:43:57 (permalink)
0
Installed it on my FortiWifi 30E, no issues so far.
My Traffic Shaping Policys doesnt show these weird JSON strings.
 
Regards
bommi
#3
storaid
Platinum Member
  • Total Posts : 746
  • Scores: 13
  • Reward points: 0
  • Joined: 2012/09/24 20:19:19
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/28 05:45:51 (permalink)
0
80C:

the same problem..

FWF60D x2
FWF60C x3
FGT80C rev.2
FGT200B-POE
FAP220B x3
FAP221B x2
FSW224B x1
#4
bommi
Silver Member
  • Total Posts : 80
  • Scores: 8
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/28 06:34:04 (permalink)
0
Cant verify this on my FortiWifi 30E.
#5
storaid
Platinum Member
  • Total Posts : 746
  • Scores: 13
  • Reward points: 0
  • Joined: 2012/09/24 20:19:19
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/28 23:23:09 (permalink)
0
bommi
Cant verify this on my FortiWifi 30E.


disabling all utm features by Feature Visibility menu may experience this problem...

FWF60D x2
FWF60C x3
FGT80C rev.2
FGT200B-POE
FAP220B x3
FAP221B x2
FSW224B x1
#6
rojekj
Bronze Member
  • Total Posts : 26
  • Scores: 4
  • Reward points: 0
  • Joined: 2017/03/24 03:31:23
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 04:32:22 (permalink)
0
More annoying bug is that the sslvpn service keeps restarting, breaking all active vpn connections.
THIS FIRMWARE IS SERIOUSLY BUGGY. Unusable for people using SSL VPN.
 
Man.. Does all new versions of FortiOS needs to have bugs that makes it unusable? EVERY?!
No, seriously, now I'm pissed. It has been over a year since we have Forti, and we still cannot use it because every new firmware has some serious bug.
#7
romanr
Platinum Member
  • Total Posts : 852
  • Scores: 14
  • Reward points: 0
  • Joined: 2004/06/08 08:29:56
  • Location: Vienna/Austria
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 05:08:13 (permalink)
0
Hey,
 
@storaid - Have you cleared your browser cache - Can't reproduce?
 
@rojekj - Which hardware? Can you post the output of "diag deb crashlog read" of that box?
 
We only run different test boxes or half productive systems with 5.6.1 - Seen a couple of fixed things - but hoping for input :)
 
cheers.R
#8
rojekj
Bronze Member
  • Total Posts : 26
  • Scores: 4
  • Reward points: 0
  • Joined: 2017/03/24 03:31:23
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 05:22:39 (permalink)
0
My setup is 2x 200D in HA. Crash log below.
 
16193: 2017-07-31 12:45:30 sslvpnd crashed 5 times. The last crash was at 2017-07-31 12:45:30
16194: 2017-07-31 12:45:30 <08568> firmware FortiGate-200D v5.6.1,build1484b1484,170727 (GA) (Release)
16195: 2017-07-31 12:45:30 <08568> application sslvpnd
16196: 2017-07-31 12:45:30 <08568> *** signal 11 (Segmentation fault) received ***
16197: 2017-07-31 12:45:30 <08568> Register dump:
16198: 2017-07-31 12:45:30 <08568> RAX: 0000000000000000   RBX: 0000002a9a53b058
16199: 2017-07-31 12:45:30 <08568> RCX: 0000000000004000   RDX: 68746170203b3d45
16200: 2017-07-31 12:45:30 <08568> R8:  0000002a9a5411ba   R9:  0000002a9624b957
16201: 2017-07-31 12:45:30 <08568> R10: 5754454e4e505653   R11: 494b4f4f434b524f
16202: 2017-07-31 12:45:30 <08568> R12: 0000002a9a538c00   R13: 0000000000000000
16203: 2017-07-31 12:45:30 <08568> R14: 0000002a9a53b058   R15: 0000000000000012
16204: 2017-07-31 12:45:30 <08568> RSI: 0000002a9a541108   RDI: 0000002a9a541180
16205: 2017-07-31 12:45:30 <08568> RBP: 0000007fbfffcda0   RSP: 0000007fbfffcd70
16206: 2017-07-31 12:45:30 <08568> RIP: 000000000127b6bb   EFLAGS: 0000000000010246
16207: 2017-07-31 12:45:30 <08568> CS:  0033   FS: 0000   GS: 0000
16208: 2017-07-31 12:45:30 <08568> Trap: 000000000000000e   Error: 0000000000000004
16209: 2017-07-31 12:45:30 <08568> OldMask: 0000000000000000
16210: 2017-07-31 12:45:30 <08568> CR2: 0000000000000014
16211: 2017-07-31 12:45:30 <08568> stack: 0x7fbfffcd70 - 0x7fbffffe80
16212: 2017-07-31 12:45:30 <08568> Backtrace:
16213: 2017-07-31 12:45:30 <08568> [0x0127b6bb] => /bin/sslvpnd  
16214: 2017-07-31 12:45:30 <08568> [0x0123eca7] => /bin/sslvpnd  
16215: 2017-07-31 12:45:30 <08568> [0x01249ff4] => /bin/sslvpnd  
16216: 2017-07-31 12:45:30 <08568> [0x012c8921] => /bin/sslvpnd  
16217: 2017-07-31 12:45:30 <08568> [0x012cb01d] => /bin/sslvpnd  
16218: 2017-07-31 12:45:30 <08568> [0x012cc15f] => /bin/sslvpnd  
16219: 2017-07-31 12:45:30 <08568> [0x012cd22d] => /bin/sslvpnd  
16220: 2017-07-31 12:45:30 <08568> [0x012cdf42] => /bin/sslvpnd  
16221: 2017-07-31 12:45:30 <08568> [0x0042a2d0] => /bin/sslvpnd  
16222: 2017-07-31 12:45:31 <08568> [0x00430984] => /bin/sslvpnd  
16223: 2017-07-31 12:45:31 <08568> [0x0042deb1] => /bin/sslvpnd  
16224: 2017-07-31 12:45:31 <08568> [0x0042fbf1] => /bin/sslvpnd  
16225: 2017-07-31 12:45:31 <08568> [0x00430531] => /bin/sslvpnd  
16226: 2017-07-31 12:45:31 <08568> [0x2a96143475] => /fortidev4-x86_64/lib/libc.so.6 (__libc_start_main+0x
16227: 2017-07-31 12:45:31 000000f5) liboffset 00021475
16228: 2017-07-31 12:45:31 <08568> [0x004277c9] => /bin/sslvpnd  
16229: 2017-07-31 12:45:31 the killed daemon is /bin/sslvpnd: status=0xb
16230: 2017-07-31 12:45:31 sslvpnd crashed 6 times. The last crash was at 2017-07-31 12:45:31
16231: 2017-07-31 12:45:31 <08612> firmware FortiGate-200D v5.6.1,build1484b1484,170727 (GA) (Release)
16232: 2017-07-31 12:45:31 <08612> application sslvpnd
16233: 2017-07-31 12:45:31 <08612> *** signal 11 (Segmentation fault) received ***
16234: 2017-07-31 12:45:31 <08612> Register dump:
16235: 2017-07-31 12:45:31 <08612> RAX: 0000000000000000   RBX: 0000002a9a414058
16236: 2017-07-31 12:45:31 <08612> RCX: 6c6e6f7074746820   RDX: 0000000000796c6e
16237: 2017-07-31 12:45:31 <08612> R8:  0000002a9a437890   R9:  0000002a9624b8a5
16238: 2017-07-31 12:45:31 <08612> R10: 0000002a9a434010   R11: 3b65727563657320
16239: 2017-07-31 12:45:31 <08612> R12: 0000002a9a413000   R13: 0000000000000000
16240: 2017-07-31 12:45:31 <08612> R14: 0000002a9a414058   R15: 0000000000000012
16241: 2017-07-31 12:45:31 <08612> RSI: 0000002a9a43787a   RDI: 0000002a9a4378f2
16242: 2017-07-31 12:45:31 <08612> RBP: 0000007fbfffcda0   RSP: 0000007fbfffcd70
16243: 2017-07-31 12:45:31 <08612> RIP: 000000000127b6bb   EFLAGS: 0000000000010246
16244: 2017-07-31 12:45:31 <08612> CS:  0033   FS: 0000   GS: 0000
16245: 2017-07-31 12:45:31 <08612> Trap: 000000000000000e   Error: 0000000000000004
16246: 2017-07-31 12:45:31 <08612> OldMask: 0000000000000000
16247: 2017-07-31 12:45:31 <08612> CR2: 0000000000000014
16248: 2017-07-31 12:45:31 <08612> stack: 0x7fbfffcd70 - 0x7fbffffe80
16249: 2017-07-31 12:45:31 <08612> Backtrace:
16250: 2017-07-31 12:45:31 <08612> [0x0127b6bb] => /bin/sslvpnd  
16251: 2017-07-31 12:45:31 <08612> [0x0123eca7] => /bin/sslvpnd  
16252: 2017-07-31 12:45:31 <08612> [0x01249ff4] => /bin/sslvpnd  
16253: 2017-07-31 12:45:31 <08612> [0x012c8921] => /bin/sslvpnd  
16254: 2017-07-31 12:45:31 <08612> [0x012cb01d] => /bin/sslvpnd  
16255: 2017-07-31 12:45:31 <08612> [0x012cc15f] => /bin/sslvpnd  
16256: 2017-07-31 12:45:31 <08612> [0x012cd22d] => /bin/sslvpnd  
16257: 2017-07-31 12:45:31 <08612> [0x012cdf42] => /bin/sslvpnd  
16258: 2017-07-31 12:45:31 <08612> [0x0042a2d0] => /bin/sslvpnd  
16259: 2017-07-31 12:45:31 <08612> [0x00430984] => /bin/sslvpnd  
16260: 2017-07-31 12:45:31 <08612> [0x0042deb1] => /bin/sslvpnd  
16261: 2017-07-31 12:45:31 <08612> [0x0042fbf1] => /bin/sslvpnd  
16262: 2017-07-31 12:45:31 <08612> [0x00430531] => /bin/sslvpnd  
16263: 2017-07-31 12:45:31 <08612> [0x2a96143475] => /fortidev4-x86_64/lib/libc.so.6 (__libc_start_main+0x
16264: 2017-07-31 12:45:31 000000f5) liboffset 00021475
16265: 2017-07-31 12:45:31 <08612> [0x004277c9] => /bin/sslvpnd  
16266: 2017-07-31 12:45:31 the killed daemon is /bin/sslvpnd: status=0xb
16267: 2017-07-31 12:45:33 sslvpnd crashed 7 times. The last crash was at 2017-07-31 12:45:33
16268: 2017-07-31 12:45:33 <08616> firmware FortiGate-200D v5.6.1,build1484b1484,170727 (GA) (Release)
16269: 2017-07-31 12:45:33 <08616> application sslvpnd
16270: 2017-07-31 12:45:33 <08616> *** signal 11 (Segmentation fault) received ***
16271: 2017-07-31 12:45:33 <08616> Register dump:
16272: 2017-07-31 12:45:33 <08616> RAX: 0000000000000000   RBX: 0000002a9a414058
16273: 2017-07-31 12:45:33 <08616> RCX: 6c6e6f7074746820   RDX: 0000000000796c6e
16274: 2017-07-31 12:45:33 <08616> R8:  0000002a9a446c90   R9:  0000002a9624b8a5
16275: 2017-07-31 12:45:33 <08616> R10: 0000002a9a445010   R11: 3b65727563657320
16276: 2017-07-31 12:45:33 <08616> R12: 0000002a9a413000   R13: 0000000000000000
16277: 2017-07-31 12:45:33 <08616> R14: 0000002a9a414058   R15: 0000000000000012
16278: 2017-07-31 12:45:33 <08616> RSI: 0000002a9a446c7a   RDI: 0000002a9a446cf2
16279: 2017-07-31 12:45:33 <08616> RBP: 0000007fbfffcda0   RSP: 0000007fbfffcd70
16280: 2017-07-31 12:45:33 <08616> RIP: 000000000127b6bb   EFLAGS: 0000000000010246
16281: 2017-07-31 12:45:33 <08616> CS:  0033   FS: 0000   GS: 0000
16282: 2017-07-31 12:45:33 <08616> Trap: 000000000000000e   Error: 0000000000000004
16283: 2017-07-31 12:45:33 <08616> OldMask: 0000000000000000
16284: 2017-07-31 12:45:33 <08616> CR2: 0000000000000014
16285: 2017-07-31 12:45:33 <08616> stack: 0x7fbfffcd70 - 0x7fbffffe80
16286: 2017-07-31 12:45:33 <08616> Backtrace:
16287: 2017-07-31 12:45:33 <08616> [0x0127b6bb] => /bin/sslvpnd  
16288: 2017-07-31 12:45:33 <08616> [0x0123eca7] => /bin/sslvpnd  
16289: 2017-07-31 12:45:33 <08616> [0x01249ff4] => /bin/sslvpnd  
16290: 2017-07-31 12:45:34 <08616> [0x012c8921] => /bin/sslvpnd  
16291: 2017-07-31 12:45:34 <08616> [0x012cb01d] => /bin/sslvpnd  
16292: 2017-07-31 12:45:34 <08616> [0x012cc15f] => /bin/sslvpnd  
16293: 2017-07-31 12:45:34 <08616> [0x012cd22d] => /bin/sslvpnd  
16294: 2017-07-31 12:45:34 <08616> [0x012cdf42] => /bin/sslvpnd  
16295: 2017-07-31 12:45:34 <08616> [0x0042a2d0] => /bin/sslvpnd  
16296: 2017-07-31 12:45:34 <08616> [0x00430984] => /bin/sslvpnd  
16297: 2017-07-31 12:45:34 <08616> [0x0042deb1] => /bin/sslvpnd  
16298: 2017-07-31 12:45:34 <08616> [0x0042fbf1] => /bin/sslvpnd  
16299: 2017-07-31 12:45:34 <08616> [0x00430531] => /bin/sslvpnd  
16300: 2017-07-31 12:45:34 <08616> [0x2a96143475] => /fortidev4-x86_64/lib/libc.so.6 (__libc_start_main+0x
16301: 2017-07-31 12:45:34 000000f5) liboffset 00021475
16302: 2017-07-31 12:45:34 <08616> [0x004277c9] => /bin/sslvpnd  
16303: 2017-07-31 12:45:34 the killed daemon is /bin/sslvpnd: status=0xb
16304: 2017-07-31 12:45:43 sslvpnd crashed 8 times. The last crash was at 2017-07-31 12:45:43
16305: 2017-07-31 12:45:43 <08619> firmware FortiGate-200D v5.6.1,build1484b1484,170727 (GA) (Release)
16306: 2017-07-31 12:45:43 <08619> application sslvpnd
16307: 2017-07-31 12:45:43 <08619> *** signal 11 (Segmentation fault) received ***
16308: 2017-07-31 12:45:43 <08619> Register dump:
16309: 2017-07-31 12:45:43 <08619> RAX: 0000000000000000   RBX: 0000002a9a485058
16310: 2017-07-31 12:45:43 <08619> RCX: 0000000000004000   RDX: 68746170203b3d45
16311: 2017-07-31 12:45:43 <08619> R8:  0000002a9a48a5ba   R9:  0000002a9624b957
16312: 2017-07-31 12:45:43 <08619> R10: 5754454e4e505653   R11: 494b4f4f434b524f
16313: 2017-07-31 12:45:43 <08619> R12: 0000002a9a484000   R13: 0000000000000000
16314: 2017-07-31 12:45:43 <08619> R14: 0000002a9a485058   R15: 0000000000000012
16315: 2017-07-31 12:45:43 <08619> RSI: 0000002a9a48a508   RDI: 0000002a9a48a580
16316: 2017-07-31 12:45:43 <08619> RBP: 0000007fbfffcda0   RSP: 0000007fbfffcd70
16317: 2017-07-31 12:45:43 <08619> RIP: 000000000127b6bb   EFLAGS: 0000000000010246
16318: 2017-07-31 12:45:43 <08619> CS:  0033   FS: 0000   GS: 0000
16319: 2017-07-31 12:45:43 <08619> Trap: 000000000000000e   Error: 0000000000000004
16320: 2017-07-31 12:45:43 <08619> OldMask: 0000000000000000
16321: 2017-07-31 12:45:43 <08619> CR2: 0000000000000014
16322: 2017-07-31 12:45:43 <08619> stack: 0x7fbfffcd70 - 0x7fbffffe80
16323: 2017-07-31 12:45:43 <08619> Backtrace:
16324: 2017-07-31 12:45:43 <08619> [0x0127b6bb] => /bin/sslvpnd  
16325: 2017-07-31 12:45:43 <08619> [0x0123eca7] => /bin/sslvpnd  
16326: 2017-07-31 12:45:43 <08619> [0x01249ff4] => /bin/sslvpnd  
16327: 2017-07-31 12:45:43 <08619> [0x012c8921] => /bin/sslvpnd  
16328: 2017-07-31 12:45:43 <08619> [0x012cb01d] => /bin/sslvpnd  
16329: 2017-07-31 12:45:43 <08619> [0x012cc15f] => /bin/sslvpnd  
16330: 2017-07-31 12:45:43 <08619> [0x012cd22d] => /bin/sslvpnd  
16331: 2017-07-31 12:45:43 <08619> [0x012cdf42] => /bin/sslvpnd  
16332: 2017-07-31 12:45:43 <08619> [0x0042a2d0] => /bin/sslvpnd  
16333: 2017-07-31 12:45:44 <08619> [0x00430984] => /bin/sslvpnd  
16334: 2017-07-31 12:45:44 <08619> [0x0042deb1] => /bin/sslvpnd  
16335: 2017-07-31 12:45:44 <08619> [0x0042fbf1] => /bin/sslvpnd  
16336: 2017-07-31 12:45:44 <08619> [0x00430531] => /bin/sslvpnd  
16337: 2017-07-31 12:45:44 <08619> [0x2a96143475] => /fortidev4-x86_64/lib/libc.so.6 (__libc_start_main+0x
16338: 2017-07-31 12:45:44 000000f5) liboffset 00021475
16339: 2017-07-31 12:45:44 <08619> [0x004277c9] => /bin/sslvpnd  
16340: 2017-07-31 12:45:44 the killed daemon is /bin/sslvpnd: status=0xb
16341: 2017-07-31 12:49:00 the killed daemon is /bin/pyfcgid: status=0x0
16342: 2017-07-31 13:00:52 sslvpnd crashed 9 times. The last crash was at 2017-07-31 13:00:52
16343: 2017-07-31 13:00:52 <08622> firmware FortiGate-200D v5.6.1,build1484b1484,170727 (GA) (Release)
16344: 2017-07-31 13:00:52 <08622> application sslvpnd
16345: 2017-07-31 13:00:52 <08622> *** signal 11 (Segmentation fault) received ***
16346: 2017-07-31 13:00:52 <08622> Register dump:
16347: 2017-07-31 13:00:52 <08622> RAX: 0000000000000000   RBX: 0000002a9a51cc58
16348: 2017-07-31 13:00:52 <08622> RCX: 6c6e6f7074746820   RDX: 0000000000796c6e
16349: 2017-07-31 13:00:52 <08622> R8:  0000002a9a5a5090   R9:  0000002a9624b8a5
16350: 2017-07-31 13:00:52 <08622> R10: 0000002a9a5a1010   R11: 3b65727563657320
16351: 2017-07-31 13:00:52 <08622> R12: 0000002a9a51b400   R13: 0000000000000000
16352: 2017-07-31 13:00:52 <08622> R14: 0000002a9a51cc58   R15: 0000000000000012
16353: 2017-07-31 13:00:52 <08622> RSI: 0000002a9a5a507a   RDI: 0000002a9a5a50f2
16354: 2017-07-31 13:00:52 <08622> RBP: 0000007fbfffcda0   RSP: 0000007fbfffcd70
16355: 2017-07-31 13:00:52 <08622> RIP: 000000000127b6bb   EFLAGS: 0000000000010246
16356: 2017-07-31 13:00:52 <08622> CS:  0033   FS: 0000   GS: 0000
16357: 2017-07-31 13:00:52 <08622> Trap: 000000000000000e   Error: 0000000000000004
16358: 2017-07-31 13:00:52 <08622> OldMask: 0000000000000000
16359: 2017-07-31 13:00:52 <08622> CR2: 0000000000000014
16360: 2017-07-31 13:00:52 <08622> stack: 0x7fbfffcd70 - 0x7fbffffe80
16361: 2017-07-31 13:00:52 <08622> Backtrace:
16362: 2017-07-31 13:00:52 <08622> [0x0127b6bb] => /bin/sslvpnd  
16363: 2017-07-31 13:00:52 <08622> [0x0123eca7] => /bin/sslvpnd  
16364: 2017-07-31 13:00:52 <08622> [0x01249ff4] => /bin/sslvpnd  
16365: 2017-07-31 13:00:52 <08622> [0x012c8921] => /bin/sslvpnd  
16366: 2017-07-31 13:00:52 <08622> [0x012cb01d] => /bin/sslvpnd  
16367: 2017-07-31 13:00:52 <08622> [0x012cc15f] => /bin/sslvpnd  
16368: 2017-07-31 13:00:52 <08622> [0x012cd22d] => /bin/sslvpnd  
16369: 2017-07-31 13:00:52 <08622> [0x012cdf42] => /bin/sslvpnd  
16370: 2017-07-31 13:00:52 <08622> [0x0042a2d0] => /bin/sslvpnd  
16371: 2017-07-31 13:00:52 <08622> [0x00430984] => /bin/sslvpnd  
16372: 2017-07-31 13:00:52 <08622> [0x0042deb1] => /bin/sslvpnd  
16373: 2017-07-31 13:00:52 <08622> [0x0042fbf1] => /bin/sslvpnd  
16374: 2017-07-31 13:00:52 <08622> [0x00430531] => /bin/sslvpnd  
16375: 2017-07-31 13:00:52 <08622> [0x2a96143475] => /fortidev4-x86_64/lib/libc.so.6 (__libc_start_main+0x
16376: 2017-07-31 13:00:52 000000f5) liboffset 00021475
16377: 2017-07-31 13:00:52 <08622> [0x004277c9] => /bin/sslvpnd  
16378: 2017-07-31 13:13:15 scanunit=manager pid=89 str="AV database changed (1); restarting workers"
16379: 2017-07-31 13:13:16 <00089> scanunit=manager str="Success loading anti-virus database."
16380: 2017-07-31 13:20:07 the killed daemon is /bin/pyfcgid: status=0x0
16381: 2017-07-31 13:56:35 scanunit=manager pid=89 str="AV database changed (1); restarting workers"
16382: 2017-07-31 13:56:35 <00089> scanunit=manager str="Success loading anti-virus database."
16383: 2017-07-31 13:56:53 the killed daemon is /bin/pyfcgid: status=0x0
16384: 2017-07-31 14:09:58 the killed daemon is /bin/pyfcgid: status=0x0
Crash log interval is 3600 seconds
sslvpnd crashed 40 times. The lastest crash was at 2017-07-31 14:04:10
#9
Andy Bailey
Bronze Member
  • Total Posts : 27
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/06/27 11:21:22
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 05:23:35 (permalink)
5 (1)
Hi guys and girls,
 
I've updated to 5.6.1 on a FG-60E and it seems to be running pretty well. No showstoppers so far.
 
I've notice two issues to far. 
 
One is this system log:-
 
"5 files were dropped by quard to xfer-fas: 0 reached max retries, 5 reached TTL." with a reason of "poor-network-condition"
 
These messages are occurring every 10 minutes and have been since the upgrade. There were no changes in config before the upgrade and I wasn't seeing this message previously. A bit of googling and searching these forums suggests it may relate to FortiAnalyer- but I don't have one, so this seems unlikely. Everything else is running well so I don't think this message relates to WAN connectivity. Any ideas anyone?
 
The second issue is:-
 
Existing anti-virus profiles seem to have lost their "Suspicious Files Only" for "Send Files to FortiSandbox Cloud for Inspection". It looks like I need to recreate the AV profiles and update all the policies currently using the old profile.
 
Not sure why that would be?
 
I have however noticed my first file ever being sent to FortiSandbox Cloud- which I guess is positive?
 
Kind Regards,
 
 
Andy.
 
 
post edited by Andy Bailey - 2017/07/31 05:33:04
#10
SMabille
Bronze Member
  • Total Posts : 38
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/03/31 15:39:51
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 06:44:46 (permalink)
0
My 2 cents rant:
 
FG-200D, no HA, no VDOM, upgraded from 5.4.5:
- FortiView / Cloud App:
      . Without FAZ: FortiView / Cloud app: httpsd crash often and 100% reproductible when trying to dig YouTube
      . With FAZ: No crash but YouTube completely ignored
- xfer-fas file drops still unclear what files: IPS upload off, Fortisandbox cloud working, issue present with or without FAZ, (looks like a widespread issue)
- httpsd and wad unstable (crashlog). FAZ improve httpsd stability vs local disk logging. 
- unclear when/how internet service database is updated and support process is. Netflix addresses already out of date.
- FAZ mandatory to be able to enforce FortiClient telemetry (was not the casse under 5.4.x)
 
Upgrade process relatively painful (lots of entries on diag debug config-error read):
- Conversion from multiple CASI profiles not/badly supported
- Wildcard FQDN part of address group used on policies, not enforced/checked under 5.4.x and now rejected)
But also basic configuration options:
>>> "set" "service-expire-notification" "disable" @ global.system.global:command parse error (error -61)
>>> "set" "enc-offload-antireplay" "enable" @ global.system.npu:command parse error (error -61)
>>> "set" "offload-ipsec-host" "enable" @ global.system.npu:command parse error (error -61)
>>> "set" "polling-id" "1" @ root.user.adgrp.CN=Domain Users,CN=Users,DC=....:command parse error (error -61)
>>> "set" "polling-id" "2" @ root.user.adgrp.CN=Domain Admins,CN=Users,DC=...:command parse error (error -61)
>>> "config" "webfilter" "override-user" @ root:command parse error (error 1)
>>> "config" "webfilter" "ftgd-warning" @ root:command parse error (error 1)
>>> "set" "certname" "Fortinet_SSLProxy" @ root.firewall.ssl-ssh-profile.deep-inspection:command parse error (error -61)
>>> "set" "certname" "Fortinet_SSLProxy" @ root.firewall.ssl-ssh-profile.certificate-inspection:command parse error (error -61)
 
 
In my opinion still nowhere close to production ready (and some widespread issues should have been picked up by QA), still unsure if I'll downgrade my home lab.
 
Rant over!
post edited by SMabille - 2017/07/31 06:47:32
#11
brycemd
Bronze Member
  • Total Posts : 43
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/12/03 11:24:30
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 08:08:02 (permalink)
0
Andy Bailey
 
The second issue is:-
 
Existing anti-virus profiles seem to have lost their "Suspicious Files Only" for "Send Files to FortiSandbox Cloud for Inspection". It looks like I need to recreate the AV profiles and update all the policies currently using the old profile.
 
Not sure why that would be?
 
I have however noticed my first file ever being sent to FortiSandbox Cloud- which I guess is positive?
 
Kind Regards,
 
 
Andy.


I believe that was removed earlier than this firmware. At least I don't have the option on 5.6.0, maybe a legacy policy would have. If the fortigate is sending files it already deems suspicious it kind of defeats the purpose of the sandbox. The sandbox is supposed to catch files the fortigate missed/didn't know about.
 
post edited by brycemd - 2017/07/31 08:12:26
#12
brycemd
Bronze Member
  • Total Posts : 43
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/12/03 11:24:30
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 08:33:11 (permalink)
0
rojekj
More annoying bug is that the sslvpn service keeps restarting, breaking all active vpn connections.
THIS FIRMWARE IS SERIOUSLY BUGGY. Unusable for people using SSL VPN.
 
Man.. Does all new versions of FortiOS needs to have bugs that makes it unusable? EVERY?!
No, seriously, now I'm pissed. It has been over a year since we have Forti, and we still cannot use it because every new firmware has some serious bug.




Are you by chance using port 4433?
 
#13
storaid
Platinum Member
  • Total Posts : 746
  • Scores: 13
  • Reward points: 0
  • Joined: 2012/09/24 20:19:19
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 08:34:54 (permalink)
0
weird ipv6 command display:

 

FWF60D x2
FWF60C x3
FGT80C rev.2
FGT200B-POE
FAP220B x3
FAP221B x2
FSW224B x1
#14
emnoc
Expert Member
  • Total Posts : 4400
  • Scores: 249
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 09:18:01 (permalink)
5 (1)
My FWF60D  crashed and need  a hard reboot.Very sad that it seems like every upgrade leads into bigger problems.
 
ken

 
 

PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
#15
Andy Bailey
Bronze Member
  • Total Posts : 27
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/06/27 11:21:22
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 09:21:47 (permalink)
0
brycemd
Andy Bailey
 
The second issue is:-
 
Existing anti-virus profiles seem to have lost their "Suspicious Files Only" for "Send Files to FortiSandbox Cloud for Inspection". It looks like I need to recreate the AV profiles and update all the policies currently using the old profile.
 
Not sure why that would be?
 
I have however noticed my first file ever being sent to FortiSandbox Cloud- which I guess is positive?
 
Kind Regards,
 
 
Andy.


I believe that was removed earlier than this firmware. At least I don't have the option on 5.6.0, maybe a legacy policy would have. If the fortigate is sending files it already deems suspicious it kind of defeats the purpose of the sandbox. The sandbox is supposed to catch files the fortigate missed/didn't know about.
 




Interesting! I hadn't spotted that being the case in 5.6.0?
 
Certainly the new "default" AV Profile in 5.6.1 includes the "Suspicious Files Only" option. Has it been added back again perhaps?
 
Kind Regards,
 
 
Andy.
#16
brycemd
Bronze Member
  • Total Posts : 43
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/12/03 11:24:30
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 09:35:05 (permalink)
0
Hm, I'm not sure then. On my 60E on both 5.6.0 and now 5.6.1 the only options I have are 'None' or 'All Supported Files'
#17
bommi
Silver Member
  • Total Posts : 80
  • Scores: 8
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 09:36:42 (permalink)
0
The option to only send "suspicious files" has been removed in 5.4.x.
 
Regards
bommi
#18
Antonio Milanese
Bronze Member
  • Total Posts : 53
  • Scores: 4
  • Reward points: 0
  • Joined: 2012/12/15 06:11:02
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 11:06:01 (permalink)
0
Hi All,

segfault 11 on sslvpnd even here with a 50E and 51E..i'll try a spare 100D tomorrow but this build has some really serios QA issues!

I'm really disappointed with the course of things..every new release seems to include a step forward and two backwards with big regression on basic features!

Regards
#19
SMabille
Bronze Member
  • Total Posts : 38
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/03/31 15:39:51
  • Status: offline
Re: FortiOS v5.6.1 is released...!! 2017/07/31 14:32:37 (permalink)
0
Hi,  
 
You definitely still can add it via CLI
>con antivirus profiles
>edit XXXX
>set ftgd-analytics suspicious
 
But even on 5.4.5 hasn't sent any file ever... but I discovered that heuristic is disabled by default, re-enabled it 24 hours ago, but no submission to fsbt cloud. 
 
 
 
Andy Bailey
brycemd
Andy Bailey
 
The second issue is:-
 
Existing anti-virus profiles seem to have lost their "Suspicious Files Only" for "Send Files to FortiSandbox Cloud for Inspection". It looks like I need to recreate the AV profiles and update all the policies currently using the old profile.
 
Not sure why that would be?
 
I have however noticed my first file ever being sent to FortiSandbox Cloud- which I guess is positive?
 
Kind Regards,
 
 
Andy.


I believe that was removed earlier than this firmware. At least I don't have the option on 5.6.0, maybe a legacy policy would have. If the fortigate is sending files it already deems suspicious it kind of defeats the purpose of the sandbox. The sandbox is supposed to catch files the fortigate missed/didn't know about.
 




Interesting! I hadn't spotted that being the case in 5.6.0?

Certainly the new "default" AV Profile in 5.6.1 includes the "Suspicious Files Only" option. Has it been added back again perhaps?

Kind Regards,


Andy.




#20
Page: 12345.. > >> Showing page 1 of 6
Jump to:
© 2017 APG vNext Commercial Version 5.5