Helpful ReplyHot!FortiOS v5.6.3 is out!

Page: < 12 Showing page 2 of 2
Author
rojekj
Bronze Member
  • Total Posts : 26
  • Scores: 4
  • Reward points: 0
  • Joined: 2017/03/24 03:31:23
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/08 03:21:47 (permalink)
0
SMabille
Good news for you, 5.4.7 is released and compatible with 500E and should be far more stable.
 




The problem is with migrating config from 5.6 to 5.4. As far as I know it's not that simple.. Or is it?
#21
SMabille
Bronze Member
  • Total Posts : 38
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/03/31 15:39:51
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/08 04:19:08 (permalink)
0
How did you configure your 500E originally? Was it running 5.6.2 when delivered and you build your whole config on that?
 
Depending on how complicated (how much 5.6 specific) your config is, it might be easy or hard to convert.
If you are using Policy based NGFW, of course it would be impossible.
 
But otherwise, you are likely to be able to workaround by playing with notepad++ and "diag debug config-error-log" trials and errors pushing config and manually tweaking back....
 
rojekj
SMabille
Good news for you, 5.4.7 is released and compatible with 500E and should be far more stable.
 




The problem is with migrating config from 5.6 to 5.4. As far as I know it's not that simple.. Or is it?




#22
rojekj
Bronze Member
  • Total Posts : 26
  • Scores: 4
  • Reward points: 0
  • Joined: 2017/03/24 03:31:23
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/08 04:34:16 (permalink)
0
SMabille
How did you configure your 500E originally? Was it running 5.6.2 when delivered and you build your whole config on that?



I didn't configure it at all. I've just imported my previous 5.6.2 config from FortiGate-VM64. Didn't have to change much in the config file besides the headers.
 
I don't think that I will switch back to 5.4, as this 5.6.3 works quite well.. beside the fact that it is terribly annoying :)
#23
rojekj
Bronze Member
  • Total Posts : 26
  • Scores: 4
  • Reward points: 0
  • Joined: 2017/03/24 03:31:23
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/08 06:41:49 (permalink)
0
rojekj
WAW60FG500E-1 # diag sys top-summary
/bin/python: can't open file 'top.py': [Errno 2] No such file or directory


 
just great! ;/
 



From TAC:
 
Dear Customer,

Thank you for contacting Fortinet Technical Services.

This is Sohail Ajmal from Fortinet Technical Support, I will be handling your support Case. I will provide necessary help to address your issue.

Problem Summary: 500E diag sys top-sum - file not found

There has been multiple issues reported related to the command usage therefore it was suggested to remove the command and use "diag sys top" instead .due to inaccurate results

By researching into our internal database, 0457802 , 0413812, 0454972I found that this command has been removed and "diag sys top" can be used instead.

Please do let me know how would you like me to proceed with this ticket?


Please do not hesitate to contact if you require any further technical assistance.
#24
FGTuser
Silver Member
  • Total Posts : 92
  • Scores: 5
  • Reward points: 0
  • Joined: 2013/03/11 12:10:25
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/08 07:41:52 (permalink)
0
@rojekj
Unless you have specific major issue on 5.6.3, which does work on 5.4.7, I would stay on 5.6.x.
5.4.x is not so great as well (at least was not) especially for E line. I was forced to upgrade to 5.6.0 due to several issues @5.4.x on several E boxes and I'm not going back...
#25
AlexFeren
Gold Member
  • Total Posts : 122
  • Scores: 6
  • Reward points: 0
  • Joined: 2011/10/05 17:04:08
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/10 17:20:12 (permalink)
0
> "diag sys top" can be used instead.
 
"diagnose sys top-summary" summarises instances of same process type - "diagnose sys top" cannot.
 
Patient: finger's broken and it hurts
Doctor: we'll snip it off - use others
post edited by AlexFeren - 2017/12/10 18:50:12
#26
rojekj
Bronze Member
  • Total Posts : 26
  • Scores: 4
  • Reward points: 0
  • Joined: 2017/03/24 03:31:23
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/10 23:15:59 (permalink)
0
AlexFeren
> "diag sys top" can be used instead.
 
"diagnose sys top-summary" summarises instances of same process type - "diagnose sys top" cannot.
 
Patient: finger's broken and it hurts
Doctor: we'll snip it off - use others


Of course it cannot. Using "top-summary" I was able to locate a problem with high mem usage, because I knew which process was eating too much. "top" is simply useless.
 
We should all talk loud about stupidity od Fortinet's doings. Maybe then they will release firmware because it had reached stable state and was well tested, and not because the planned release dare was reached. This is a huge problem and it must change. Releasing firmware that has 5 or more pages of known issues in release notes is simply not the way to go, Fortinet. Treat your customers more seriously!
#27
rojekj
Bronze Member
  • Total Posts : 26
  • Scores: 4
  • Reward points: 0
  • Joined: 2017/03/24 03:31:23
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/10 23:29:52 (permalink)
0
One more probem. This time SNMP.
iso.3.6.1.4.1.12356.101.12.2.3.1.1.1 = INTEGER: 2
iso.3.6.1.4.1.12356.101.12.2.3.1.2.1 = Gauge32: 30
iso.3.6.1.4.1.12356.101.12.2.3.1.3.1 = Counter32: 109
iso.3.6.1.4.1.12356.101.12.2.3.1.4.1 = Gauge32: 44
iso.3.6.1.4.1.12356.101.12.2.3.1.5.1 = Counter32: 70
iso.3.6.1.4.1.12356.101.12.2.3.1.6.1 = Gauge32: 12
iso.3.6.1.4.1.12356.101.12.2.3.1.7.1 = Counter32: 67
 
2.1 is the overall number of connected users, 4.1 is the number of web ssl users, and 6.1 is the number of tunnel users.
How on earth the number of web users can be greater then the overall number of users?
This is a test environment. I know that I have 13 web ssl users connected. And that is the number reported in GUI in SSL-VPN Monitor.
By the way, SSL Web users are not removed from the table when they didn't log out properly but closed the browser window. And those users are shown in GUI and in SNMP overall number of users.
 
#28
SMabille
Bronze Member
  • Total Posts : 38
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/03/31 15:39:51
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/11 05:43:32 (permalink)
0
Hi,
 
Good news, I pushed back on the same reply I got from TAC and got it escalated, engineering came back with agreeing it to be a bug.
 
 
rojekj
AlexFeren
> "diag sys top" can be used instead.
 
"diagnose sys top-summary" summarises instances of same process type - "diagnose sys top" cannot.
 
Patient: finger's broken and it hurts
Doctor: we'll snip it off - use others


Of course it cannot. Using "top-summary" I was able to locate a problem with high mem usage, because I knew which process was eating too much. "top" is simply useless.
 
We should all talk loud about stupidity od Fortinet's doings. Maybe then they will release firmware because it had reached stable state and was well tested, and not because the planned release dare was reached. This is a huge problem and it must change. Releasing firmware that has 5 or more pages of known issues in release notes is simply not the way to go, Fortinet. Treat your customers more seriously!




#29
SMabille
Bronze Member
  • Total Posts : 38
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/03/31 15:39:51
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/11 06:01:17 (permalink)
0
I'll play Devil's advocate here...
The fact that there is a list of still outstanding issues shouldn't block a release at some point, otherwise you'll never GA a build. We will be the first ones to shout if Fortinet came back with "5.6.1 only going to be released when we solved all the problems, currently scheduled for mid-2018 if no one report further bugs".
I'm glad that Fortinet even publish that list of outstanding issues while other vendors simply don't. Any bug get prioritised and at some point when enough have been fixed a cut-off is decided, outstanding bug fixes are going to the next minor version branch and the cut-off build goes to QA. QA discovered bugs are prioritised again and either solved or passed to next version branch and at some point there is a decision to release. It's the normal process in software development.
 
Where I see an issue is the amount of regression bugs that appear with this release (and in general). Showing the difference between QA and real world utilisation.
 
I think one way forward that Fortinet could improve the issue is to do short beta cycle of minor versions to grab the most obvious/annoying bugs we are complaining about. 
 
It would make the product looks a lot better, if the 2 or 3 most annoying issues would have been detected before release (top-summary, sections in policies, ...); they aren't (I believe) massive issues to fix and the fact they are so visible has a great impact on the confidence in the product, while realistically, beside those, this build seems far more solid and a big step forward to be honest.
 
 
 
rojekj
 
... 
We should all talk loud about stupidity od Fortinet's doings. Maybe then they will release firmware because it had reached stable state and was well tested, and not because the planned release dare was reached. This is a huge problem and it must change. Releasing firmware that has 5 or more pages of known issues in release notes is simply not the way to go, Fortinet. Treat your customers more seriously!




#30
storaid
Platinum Member
  • Total Posts : 746
  • Scores: 13
  • Reward points: 0
  • Joined: 2012/09/24 20:19:19
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/11 08:39:14 (permalink)
0
WHERE IS "What's News"??????

FWF60D x2
FWF60C x3
FGT80C rev.2
FGT200B-POE
FAP220B x3
FAP221B x2
FSW224B x1
#31
AlexFeren
Gold Member
  • Total Posts : 122
  • Scores: 6
  • Reward points: 0
  • Joined: 2011/10/05 17:04:08
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/11 14:25:44 (permalink)
0
SMabille
I'll play Devil's advocate here...
The fact that there is a list of still outstanding issues shouldn't block a release at some point, otherwise you'll never GA a build.



The point here is that bug fixing seems to be low priority at Fortinet. Proof is that the "Known Issues" list is almost as large as "Resolved Issues" and that's only what Fortinet had chosen to publish.
 
Additionally, unlike with Cisco, I cannot peruse Fortinet's Bug repository description to determine extent or impact of the known issue on production traffic - tagline isn't sufficient.
#32
hklb
Gold Member
  • Total Posts : 214
  • Scores: 19
  • Reward points: 0
  • Joined: 2014/06/10 15:00:59
  • Status: offline
Re: FortiOS v5.6.3 is out! 2017/12/12 00:58:37 (permalink)
0
Hello,
 
Is someone use the ICAP feature ? Is it working well ?
 
Lucas
#33
Page: < 12 Showing page 2 of 2
Jump to:
© 2017 APG vNext Commercial Version 5.5