Helpful ReplyHot!FortiOS 5.4.6 is out!

Page: 12 > Showing page 1 of 2
Author
Selective
Expert Member
  • Total Posts : 2714
  • Scores: 104
  • Reward points: 0
  • Joined: 2007/07/03 10:44:56
  • Location: Gothenburg - Sweden
  • Status: offline
2017/10/20 05:15:44 (permalink)
0

FortiOS 5.4.6 is out!

.
#1
Sebastiaan Koopmans
Silver Member
  • Total Posts : 62
  • Scores: 6
  • Reward points: 0
  • Joined: 2016/04/12 01:29:43
  • Location: Netherlands
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/10/20 07:00:07 (permalink)
0
Still SSL VPN throughput not fixed ...(thet are working on an backport from 5.6.x)
#2
Kenundrum
Silver Member
  • Total Posts : 110
  • Scores: 6
  • Reward points: 0
  • Joined: 2008/05/15 10:25:50
  • Location: Rhode Island, US
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/10/20 07:14:34 (permalink)
0
i just updated a device. There's some subtle UI changes in the way some tables are rendered.
They did successfully fix a pet peeve of mine that i opened a case on- address objects with a space in their name now correctly display their references.

NSE4 (at Accelerate2017!)
Some FGT500Ds, 60Ds at work
FWF60E, FWF80CM, FGT60C, and FWF60B at home
#3
emnoc
Expert Member
  • Total Posts : 4360
  • Scores: 249
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/10/20 08:38:51 (permalink)
0
cool  , hopefully 5.6.3  will be out soon
 
Ken
 

PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
#4
tanr
Gold Member
  • Total Posts : 345
  • Scores: 12
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/10/20 09:16:01 (permalink)
0
Looks like they got (more of) the npu over ipsec issues worked out:
 
416102 Traffic over IPsec VPN getting dropped after 2 pings when it is getting offloaded to NPU.
416950 NP6 stop process traffic through IPsec tunnel.
 
Still a lot of known GUI bugs - over 1.5 pages.
#5
Pacolo
New Member
  • Total Posts : 12
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/10/21 09:48:43
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/10/23 01:44:53 (permalink)
0
Hi guys,
 
I needed to upgrade to 5.4.6 because my customer needs the DNS Filter to work correctly, but now there is another really annoying bug...
364280 User cannot use ssh-dss algorithm to log in to FortiGate via SSH.
...so now I cannot login through SSH.
 
Has anybody found a solution?
I use Secure CRT, but it does not work with Putty neither.
 
Regards,
Paco.
#6
emnoc
Expert Member
  • Total Posts : 4360
  • Scores: 249
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/10/23 03:07:22 (permalink)
0
Are you calling your DSA key when you access?
 
 
e.g ( unix openssh client )
 
ssh -vi /Users/kfelix/.ssh/id_dsa  1.0.0.1
 
 
Do you have an option to use the typical default rsa key?
 
 
 

PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
#7
ede_pfau
Expert Member
  • Total Posts : 5255
  • Scores: 334
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/10/23 04:54:19 (permalink)
0
I found the only way to tackle this is to use an RSA key and deploy that to the client(s).

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#8
tanr
Gold Member
  • Total Posts : 345
  • Scores: 12
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/10/24 14:30:19 (permalink)
0
Any other experiences with 5.4.6?
 
Especially, anyone using 5.4.6 FortiGates proxy-based with IPsec VPN, web filtering, and/or deep ssl inspection?
 
Thanks.
#9
emnoc
Expert Member
  • Total Posts : 4360
  • Scores: 249
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/10/24 14:55:13 (permalink)
0
I hope to push it  in a few days. The  release seems to look good btw

PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
#10
the_giraffe_that_wasnt_president
New Member
  • Total Posts : 9
  • Scores: 1
  • Reward points: 0
  • Joined: 2017/04/18 04:06:13
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/10/24 22:46:28 (permalink)
0
Hi there,
 
ive got some issues when i try to apply a static webfilter to an VIP (wan to internal) with ssl deep inspection enabled
i cant access the website anymore.
this was an issue in 5.4.4 it was solved with 5.4.5 and now ist back again.
 
Overal the update seem very solid.
 
Regards.
#11
Pacolo
New Member
  • Total Posts : 12
  • Scores: 2
  • Reward points: 0
  • Joined: 2014/10/21 09:48:43
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/10/31 04:20:30 (permalink)
0
Hi enmoc/ede_pfau,
 
Excuse me, but I was not able to try this until today.
 
I have just tried to create several keys, rsa or dsa, with Secure CRT and Putty using the following guides, thout I can't make it work.
 
http://kb.fortinet.com/kb...nk.do?externalID=11985
https://devops.profitbric...with-putty-on-windows/
 
 
Maybe I will open a support case, as I think that the the SSH connection is really necessary in case something goes wrong with the device.
 
Regards,
Paco.
#12
tanr
Gold Member
  • Total Posts : 345
  • Scores: 12
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/11/01 16:57:19 (permalink)
0
Anybody else running into GUI issues with 5.4.6?
 
The most annoying two I'm hitting are:
 
  1. Security Policy page in Interface Pair View always expands all SrcIntf -> DstIntf groups, regardless of whether I've collapsed them in the past.  It used to save their collapsed/expanded state.  So now every time I go to that page the section I want to work on is scrolled off the bottom.
  2. Pages aren't fully loaded till you scroll down.  So on that Security Policy page, or the Services page, or many other similar ones, it only loads the visible section of the page, nothing below it.  Unfortunately, this means that I can't just do a quick Ctrl+F to find the item I want, because the find will fail since the rest of the page hasn't been loaded!
This is with Chrome on Windows 10, though I see the same behavior in MS Edge browser.
I've tried flushing the browser cache, etc. without any change to the behavior.
 
Anybody else seeing this?  Any thoughts on workarounds, or do I just report it as a bug?
#13
Marcel B.
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2011/10/18 06:22:41
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/11/02 19:59:19 (permalink)
0
Anybody has news regarding the SSH problem (364280 User cannot use ssh-dss algorithm to log in to FortiGate via SSH) ?
 
Thanks in advance for your feedback !
 
Regards,
Marcel
#14
Mascheroni
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/11/03 14:52:07
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/11/03 14:59:17 (permalink)
0
I was waiting this relase because of NPU fragmentation issue in CAPWAP traffic passing into IPSEC tunnel.
I've found at the moment only one issue.
All firewall policies are viewd in "expanded" mode in GUI, also if we have collapsed them before logging out.
One of our Fortigate presented an issue after been upgraded from 5.4.4 to 5.4.6.
Open VAP profile stopped working.
The workaround was to modify the open mode into wpa mode with psk and revert them back to open mode.
The Open wireless feature was always enabled, before and after firmware upgrade.
 
 
 
#15
Mascheroni
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/11/03 14:52:07
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/11/03 15:01:56 (permalink)
0
No SSH problem for the moment on our 5.4.6 Fortigates
#16
Mascheroni
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/11/03 14:52:07
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/11/03 15:08:22 (permalink)
0
Hi tanr, I've found the same issues you've mentioned me too after 5.4.6 upgrade.
I'm using Chrome ver. 62.0.3202.75 and Win 10 1703 build 15063.674
 
 
#17
SecurityPlus
Silver Member
  • Total Posts : 118
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/08/11 18:41:34
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/11/04 09:02:17 (permalink)
0
I've looked at few FortiGate firewalls that are running 5.4.5 lately. When looking for upgrade firmware it lists the 5.6.2 firmware but not the 5.4.6 option. Has anyone else seen this? Any idea why it would offer 5.6.2 but not 5.4.6?
#18
Mascheroni
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/11/03 14:52:07
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/11/04 14:05:19 (permalink) ☄ Helpfulby Sebastiaan Koopmans 2017/11/08 16:57:34
0
You can find it directly on Fortinet support site.
5.4.6 should be the 5.4 last minor release.
It has been published in order to resolve particular issues, such as npu fragmentation when using capwap encapsulated in ipsec tunnel, for example (problem the I've found in a particular installation and for which Fortinet give me a specific patched 5.4.5 release, not published, patch next integrated into 5.4.6 release).
So I suppose that this is why from 5.4.5 Fortinet indicates as direct upgrade , 5.6.2 release
 
 
 
#19
tanr
Gold Member
  • Total Posts : 345
  • Scores: 12
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FortiOS 5.4.6 is out! 2017/11/08 15:31:47 (permalink) ☄ Helpfulby Sebastiaan Koopmans 2017/11/08 16:57:21
5 (1)
FYI, I reported the 5.4.6 GUI bug # 458586.
  1. Security Policy page in Interface Pair View always expands all SrcIntf -> DstIntf groups, regardless of whether I've collapsed them in the past.  It used to save their collapsed/expanded state.  So now every time I go to that page the section I want to work on is scrolled off the bottom.
 
#20
Page: 12 > Showing page 1 of 2
Jump to:
© 2017 APG vNext Commercial Version 5.5