Helpful ReplyHot!FortiGate FortiOS release madness

Page: 12 > Showing page 1 of 2
Author
make
New Member
  • Total Posts : 6
  • Scores: 2
  • Reward points: 0
  • Joined: 2017/04/03 08:55:52
  • Location: Munich, Germany
  • Status: offline
2018/03/12 09:34:53 (permalink)
5 (1)

FortiGate FortiOS release madness

Hello Everyone,
 
I'm wondering what is Fotinet up to with all their current releases branches. This is absolutely madness.
- 5.2.x finally works stable on most of the FortiGate units but it's already End of Engineering Support and the end of support Date is 2018-12-13. It's also not available for the E/F series.
- 5.4.x received the most updates from the newer releases but ist still full of bugs.
- 5.6.x is patched to version 3 from 2017-12-05 and contains really a lot of bugs (Month of post: March). It seems like it doesn't get a lot of attention from Fortinet.
- The upcoming 6.0.0 release will also be full of bugs and most likely not recommend/suitable for prod environments. IMO most of the customers should wait at least 1 year of development and bug fixes before using it.
 
So what is your strategy for 2018 and FortiOS? Are you using FortiGate D Series with FortiOS 5.2 even after EoS or are you using 5.4/5.6 with the need to frequently bother the bug-tracker and/or support?
 
Thank you all

Kind Regards,
Maximilian
#1
SMabille
Bronze Member
  • Total Posts : 47
  • Scores: 6
  • Reward points: 0
  • Joined: 2013/03/31 15:39:51
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/12 09:51:33 (permalink) ☄ Helpfulby ericli_FTNT 2018/03/12 09:58:52
5 (3)
Hi,
 
Fully agree, lack of "long term" sustained engineering version is a real issue.
5.4.x prior to 5.4.8 was not production ready at all (is it now? It's probably getting were 5.2.5-5.2.7 was), so we didn't recommended large critical customer for whom stability is primordial to upgrade yet.
Now we got (very weird) performance issue on 5.2 (likely IPS/IPS Engine) but end of engineering means pushing the customer to upgrade, putting us in a very awkward situation. 
 
In perfect world (not driven by marketing), in my opinion, we need 5.2.x fully supported for at least another 12 to 18 months.
 
5.4, 5.6, 6.0 don't, in my opinion warrant three major revisions. Most of 5.4 and 5.6 under one version, with security fabrics and internet services, and another version with NGFW Policy mode and 6.0 new features.
 
More efforts should be in stabilising current version, with longer term support, and less new branches.
#2
emnoc
Expert Member
  • Total Posts : 4727
  • Scores: 280
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/12 10:38:43 (permalink)
0
You do know hat 5.2 has been out now for over 4 years? So that's impressive from that standpoint. As far as  v5.4 and  v5.6 goes these are newier trains that are not deep in sub-build but they will  continual to be supported and groom for more fixes.
 
Ken
 

PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
#3
tanr
Gold Member
  • Total Posts : 428
  • Scores: 16
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/12 15:18:29 (permalink)
0
Hi Ken,
 
I think auto-correct munged your last post.  What did you mean by "Newier trains"?
#4
emnoc
Expert Member
  • Total Posts : 4727
  • Scores: 280
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/12 16:01:25 (permalink)
0
v5.4.x and v5.6 are the ( two ) new releases that should be focused on. v5.2 will come to a end. The OP indicated that in the 1st paragraph of his post.
 
 
So FTNT has done a good job with giving us two build trains ( v5.4 and v5.6 ) pick your poison and drink it ;). We can only hope  v6.0 is going to be good, but I wonder if  v5.8 is going to be skipped.
 
The only negative I see in FortiOS v5.4.x and v5.6.x , we don't have enough builds that are proven good . I see this as  comparing  windows 7 window8.1 and window10 .
 
A big 3 choices to  select from.
 
 
Ken
 

PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
#5
Ray
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/01/27 12:37:06
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/19 13:05:28 (permalink)
0
The Security Fabric marketing hype does not make firewall admins' jobs a lot easier. I agree with Ken (emnoc) that "... we don't have enough builds that are proven good."
 
We don't need many choices. We need better QA firmware.
#6
Itguy
Bronze Member
  • Total Posts : 34
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/03/15 09:48:49
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/19 18:14:42 (permalink)
0
The choices of stable firmware are garbage.. 5.4.8 is about all there is now and that has issues. 5.2.13 or whatever is 100% rock solid and stable far more than 5.4.8.. Yet we're being told to rush to 5.6 series which is horribly buggy and now 6.0 is coming out?
 
Fortinet needs to slow down. We've been evaluating switching to a different solution because of this stupid speeding through revisions and not properly fixing bugs or staging releases.
 
It's all about marketing hype and fake enhancements now apparently.
#7
ddskier
Gold Member
  • Total Posts : 379
  • Scores: 16
  • Reward points: 0
  • Joined: 2007/04/10 08:18:06
  • Location: Chicago, IL
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/21 08:09:49 (permalink)
0
Ray
The Security Fabric marketing hype does not make firewall admins' jobs a lot easier. I agree with Ken (emnoc) that "... we don't have enough builds that are proven good."
 
We don't need many choices. We need better QA firmware.




I agree.  Since the 4.0 days you never jumped to the new version until 5 or 6 patches are in.   We just jumped from 5.2.13 to 5.4.8 hoping they have figured everything out.  I already have run into a few issues.   I hope 5.4.9 will final squash more of these outstanding bugs...

-DDSkier

FCNSA, FCNSP
FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
#8
seadave
Gold Member
  • Total Posts : 268
  • Scores: 28
  • Reward points: 0
  • Joined: 2004/11/03 18:02:09
  • Location: Seattle, WA
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/22 14:52:03 (permalink)
0
I've been running 5.4.5 on 500D for months with over 250 users accessing it, SSL VPN, multi-factor with FAC, logging to FAZ, OSPF and it has been rock solid.  What kind of bugs are you seeing?  I have ~50 policies and using all but spam and WAF filters.  I've found over the last 14 years that .0/.1/.2 can be very buggy and or often unintended user configurations that don't follow good practice (which is often difficult to determine) are the cause of most issues. 
 
Running 5.6.3 on 60WiFi with AP at home and that also appears to be performing well.  If you are commenting on the Security Fabric, I agree totally it needs more work and I would suggest is more of a gimmick than actual network overlay security solution at this point.
 
We are moving our 500D to 5.6.3 soon.
#9
ddskier
Gold Member
  • Total Posts : 379
  • Scores: 16
  • Reward points: 0
  • Joined: 2007/04/10 08:18:06
  • Location: Chicago, IL
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/29 07:11:06 (permalink)
0
dfollis
I've been running 5.4.5 on 500D for months with over 250 users accessing it, SSL VPN, multi-factor with FAC, logging to FAZ, OSPF and it has been rock solid.  What kind of bugs are you seeing?  I have ~50 policies and using all but spam and WAF filters.  I've found over the last 14 years that .0/.1/.2 can be very buggy and or often unintended user configurations that don't follow good practice (which is often difficult to determine) are the cause of most issues. 
 
Running 5.6.3 on 60WiFi with AP at home and that also appears to be performing well.  If you are commenting on the Security Fabric, I agree totally it needs more work and I would suggest is more of a gimmick than actual network overlay security solution at this point.
 
We are moving our 500D to 5.6.3 soon.




See some of my posts within the 5.48 is out thread and you will see some of the issues that I have run into.

-DDSkier

FCNSA, FCNSP
FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
#10
rwpatterson
Expert Member
  • Total Posts : 8161
  • Scores: 171
  • Reward points: 0
  • Joined: 2006/08/08 10:08:18
  • Location: Long Island, New York, USA
  • Status: online
Re: FortiGate FortiOS release madness 2018/03/29 08:56:01 (permalink)
0
Am I (and perhaps Ede and Emnoc) the only one who remembers the last time the 'release madness' was going on? I guess Fortinet forgot... 11 years isn't such a long time.
 
https://forum.fortinet.com/tm.aspx?m=19573&high=stability+now#24994
 
https://forum.fortinet.co...gh=stability+now#26147
 

-Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

-4.3.18-b0689
FWF60B
FWF80CM (4)
FWF81CM (2)
 
#11
ede_pfau
Expert Member
  • Total Posts : 5519
  • Scores: 364
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/29 13:34:53 (permalink)
0
@Bob, that was a really good hint! Rereading thread #19573, sentiments come up...Abelio was one of the knowing guys then, 9 or 11 years ago. Much of what we thought then still holds true today, even if we've come a long way since. "Feature freeze", "fixes only, no new features", "better QA", along these lines.
 
What I am really proud of is that this forum, kept alive by all of it's users, after all these years still is a safe place for questions, mutual support and respectful exchange. Venting one's emotions and clearly articulating one's needs towards Fortinet is and was an important part of this, and probably not in vain.
 

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#12
emnoc
Expert Member
  • Total Posts : 4727
  • Scores: 280
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/29 14:06:18 (permalink)
0
i can't believe it's been that long and I've been a member for some time now. Wow ;)
 
Ken
 

PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
#13
ericli_FTNT
Silver Member
  • Total Posts : 66
  • Scores: 4
  • Reward points: 0
  • Joined: 2018/02/08 11:12:27
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/29 14:22:30 (permalink)
5 (1)
Whenever, whoever, you guys found any issue of FortiOS, please let me know or list the issue description here.
 
If it's a bug, someone will try to fix it.
If it's a demand of new feature, someone will try to add it to new build.
 
Thanks all!
#14
seadave
Gold Member
  • Total Posts : 268
  • Scores: 28
  • Reward points: 0
  • Joined: 2004/11/03 18:02:09
  • Location: Seattle, WA
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/29 14:41:57 (permalink)
0
ericli
Whenever, whoever, you guys found any issue of FortiOS, please let me know or list the issue description here.
 
If it's a bug, someone will try to fix it.
If it's a demand of new feature, someone will try to add it to new build.
 
Thanks all!


You would NEVER see the above in a Cisco forum.  Why I'm a Fortinet customer since 2004.  Thanks!
 
Yes there were some periods where you learned very quickly not to do upgrades until needed and to use this invaluable resource to let others navigate the minefield first :-)
#15
seadave
Gold Member
  • Total Posts : 268
  • Scores: 28
  • Reward points: 0
  • Joined: 2004/11/03 18:02:09
  • Location: Seattle, WA
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/29 14:42:25 (permalink)
0
ddskier
dfollis
I've been running 5.4.5 on 500D for months with over 250 users accessing it, SSL VPN, multi-factor with FAC, logging to FAZ, OSPF and it has been rock solid.  What kind of bugs are you seeing?  I have ~50 policies and using all but spam and WAF filters.  I've found over the last 14 years that .0/.1/.2 can be very buggy and or often unintended user configurations that don't follow good practice (which is often difficult to determine) are the cause of most issues. 
 
Running 5.6.3 on 60WiFi with AP at home and that also appears to be performing well.  If you are commenting on the Security Fabric, I agree totally it needs more work and I would suggest is more of a gimmick than actual network overlay security solution at this point.
 
We are moving our 500D to 5.6.3 soon.




See some of my posts within the 5.48 is out thread and you will see some of the issues that I have run into.


I'll review, thanks for pointing that out.
#16
emnoc
Expert Member
  • Total Posts : 4727
  • Scores: 280
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/29 17:18:01 (permalink)
0
I just post a thread on  Fortios v5.6.0 is here. I will be upgrade a FWF50E appliance when my supplier get his stock refresh. Should be interesting to say the least ;)
 
 
Ken

PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
#17
SMabille
Bronze Member
  • Total Posts : 47
  • Scores: 6
  • Reward points: 0
  • Joined: 2013/03/31 15:39:51
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/30 00:16:32 (permalink)
0
Hi,

I think that loads of aggravation with large customers with need for really rock solid firmware could resolved be extending engineering support for longer.

The lifetime of a release is too short for them, they “finally” got a stable platform on 5.2 (roughly 6 months without incident) and rebuilding their trust in the product that they are told they need to move up.

Extending engineering support on 5.2 shouldn’t be very costly or resources intensive at this stage and will allow to tell customers that the software they are installing (let’s say when 5.2.9 was released) will be supported for 4 years, instead we have to tell them they will need to upgrade in 12 months.... commercially it’s a major issue.
#18
emnoc
Expert Member
  • Total Posts : 4727
  • Scores: 280
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/30 00:29:18 (permalink)
0
Not really, the  life cycle of the firmware is right on par with others..
 
 
e.g  PANOS has approx 36months of slightly more on  it's version and FortiOS is just about the same.
 
The problem is , fortigate QA  program is not catching all of the issues. We are the actually  the best QC department  ( end-users ) and without feedback in the form of supportcases, they won't fix the issues in the firmware.
 
We can complain and wine about v.5.2.x all day long,  but it's ( v5.2.x)  going to die and reach some  EoL/EoS. v5.4 or v5.6 or now v6.0 is your new major releases. So get use to it ;)
 
Ken
 

PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
#19
SMabille
Bronze Member
  • Total Posts : 47
  • Scores: 6
  • Reward points: 0
  • Joined: 2013/03/31 15:39:51
  • Status: offline
Re: FortiGate FortiOS release madness 2018/03/30 00:54:27 (permalink)
0
If you read my post correctly, I complain about the lifespan of stable version, so let’s be generous 5.2.7 was 03/17, exactly a year ago (and still discovered a couple of major bugs) and EOL today.

5.4.8 is now solid enough to recommend customers to use it, but with 6.0 being released 5.4 EOL is already in sight.

And for reference PanOS lifecycle is very different to what you mention (it would mean 5.2.13 would have engineering support for 48 months). Commercially it’s invaluable

Software release 5.0 or after:
Major feature releases will be supported for 24 months.
The last minor feature release of a major release cycle (see definition below) will be supported for 48 months.
Support includes technical support, bug fixes, maintenance releases, workarounds, and patches for critical bugs


And I’m sorry but customers don’t have to “live with it”, they are always free to vote with their feet.
As FG partner it’s one of the biggest issue we got, customers complaining that once they finally reach a stable platform they have to upgrade 6 months down the line with the risk of a new cycle of major bugs discovery.
#20
Page: 12 > Showing page 1 of 2
Jump to:
© 2018 APG vNext Commercial Version 5.5