Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

FortiOS 5.6.4 is out.

.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
1 Solution
Toshi_Esumi
Esteemed Contributor III

I tried it with 60D by forgetting about our office 60D policies use a zone that includes a physical interface (non-tagged) and multiple VLAN subinterfaces (tagged) after read through the release notes and noticed the caution "all members of the zone would be dropped". Sure enough it did.

After a TT with TAC and some own tests with another test 60D, I decided going back to 5.4.8 for the office 60D. Because only way to restore the zone (original set of policies) with all members is to remove all VLANs on the physical interface and put the phy interface as a sole member of the zone first. Then you can recreate all VLANs I removed then put them in the zone. Not only DHCP servers but some other widgets monitoring usage need to be removed before I can remove VLANs. In the middle trying this process I gave up and decided to wait the next release, 5.6.5. TAC gave me the bug ID but it's not in the "known issues" list in the release notes.

View solution in original post

40 REPLIES 40
Bruno_Pereira
New Contributor III

Fortinet always surprising.

 

84: 2018-04-27 07:11:05 the killed daemon is /bin/pyfcgid: status=0x0 85: 2018-04-27 07:41:22 <05147> firmware FortiGate-600D v5.6.4,build1575b1575,18                                                                                                                                                             0425 (GA) (Release) 86: 2018-04-27 07:41:22 <05147> application sslvpnd 87: 2018-04-27 07:41:22 <05147> *** signal 11 (Segmentation fault) received *** 88: 2018-04-27 07:41:22 <05147> Register dump: 89: 2018-04-27 07:41:22 <05147> RAX: 00007f9321a5a538   RBX: 00007f9321a59858 90: 2018-04-27 07:41:22 <05147> RCX: 0000000000000007   RDX: 000000000224dec4 91: 2018-04-27 07:41:22 <05147> R8:  000000000000ffff   R9:  0000000000000000 92: 2018-04-27 07:41:22 <05147> R10: 00007f932513d4e0   R11: 00007f93251848c0 93: 2018-04-27 07:41:22 <05147> R12: 00007f9321a5a6c0   R13: 0000000000000000 94: 2018-04-27 07:41:22 <05147> R14: 00007f9321a58800   R15: 0000000000000000 95: 2018-04-27 07:41:22 <05147> RSI: 0000000000000000   RDI: 000000000244543a 96: 2018-04-27 07:41:22 <05147> RBP: 00007fffbc582a00   RSP: 00007fffbc5829d0 97: 2018-04-27 07:41:22 <05147> RIP: 0000000001272ab1   EFLAGS: 0000000000010202 98: 2018-04-27 07:41:22 <05147> CS:  0033   FS: 0000   GS: 0000 99: 2018-04-27 07:41:22 <05147> Trap: 000000000000000e   Error: 0000000000000004 100: 2018-04-27 07:41:22 <05147> OldMask: 0000000000000000 101: 2018-04-27 07:41:22 <05147> CR2: 0000000000000000 102: 2018-04-27 07:41:22 <05147> stack: 0x7fffbc5829d0 - 0x7fffbc585ae0 103: 2018-04-27 07:41:22 <05147> Backtrace: 104: 2018-04-27 07:41:22 <05147> [0x01272ab1] => /bin/sslvpnd 105: 2018-04-27 07:41:22 <05147> [0x01274281] => /bin/sslvpnd 106: 2018-04-27 07:41:22 <05147> [0x012f7cee] => /bin/sslvpnd 107: 2018-04-27 07:41:22 <05147> [0x012fa399] => /bin/sslvpnd 108: 2018-04-27 07:41:22 <05147> [0x012fa6fd] => /bin/sslvpnd 109: 2018-04-27 07:41:22 <05147> [0x012fa98b] => /bin/sslvpnd 110: 2018-04-27 07:41:22 <05147> [0x012faef8] => /bin/sslvpnd 111: 2018-04-27 07:41:22 <05147> [0x0042e280] => /bin/sslvpnd 112: 2018-04-27 07:41:22 <05147> [0x004349c4] => /bin/sslvpnd 113: 2018-04-27 07:41:22 <05147> [0x00431eac] => /bin/sslvpnd 114: 2018-04-27 07:41:22 <05147> [0x00433bc1] => /bin/sslvpnd 115: 2018-04-27 07:41:22 <05147> [0x00434569] => /bin/sslvpnd 116: 2018-04-27 07:41:22 <05147> [0x7f932503b475] => /fortidev4-x86_64/lib/libc.                                                                                                                                                             so.6 117: 2018-04-27 07:41:22 (__libc_start_main+0x000000f5) liboffset 00021475 118: 2018-04-27 07:41:22 <05147> [0x0042b53d] => /bin/sslvpnd

tanr
Valued Contributor II

Anybody know details of the known issue: 462080 (with FortiSwitch-Controller/FortiLink) FG-300E reboots with kernel panic errors?  I may be moving from a 5.4.8 300D to a 5.6.4 300E and would like to not get burned.

 

5.6.4 still has some annoying GUI and FAZ related known issues, but most aren't blockers.

 

This looks like the first 5.6 build that we might consider moving to from 5.4. 

If anybody has moved a production system over to 5.6.4 would appreciate hearing how it's going for you.  Thanks!

hecht
New Contributor

http://kb.fortinet.com/kb/documentLink.do?externalID=FD40956

NOTE : Users of v5.6.3 should be aware that these changes also apply to this release.  The option is available in v5.6.4 

No it's not!!!

 

BugID 456566 is still included in the known bug list!

Jordan_Thompson_FTNT

hecht wrote:

http://kb.fortinet.com/kb/documentLink.do?externalID=FD40956

NOTE : Users of v5.6.3 should be aware that these changes also apply to this release.  The option is available in v5.6.4 

 

No it's not!!!

 

BugID 456566 is still included in the known bug list!

Hi hecht,

 

The release notes are incorrect regarding this bug - 456566 is indeed fixed and available in 5.6.4. The release notes will be updated.

SecurityPlus

Have others tried upgrading to 5.6.4? Is it functioning as well as or better than 5.6.3?

arichard42

I don't understand how Fortinet may pass QA review with such critical know bugs :

 

448247 Traffic-shaper in shaping policy does not work for specific application category like as P2P

 

Hey fortinet,  do you know Microsoft issued a new version of windows 10 this week and the traffic shaper is the only way of mitigating tons of PCs trying to download Windows 10 at the same time (using a traffic-shaper on the Update application category !).

 

So for us, we stay once more on the 5.4 train, waiting for a 5.6 stable version and waiting one more year before daring to test 6.0 train in production !.

 

Bruno_Pereira

I tested this version and no surprise beyond the instability with the VPNSSL. I particularly do not recommend using this version, so far the 5.6.3 is the most stable.

romanr

Hi,

 

has anyone opened a support case on the SSLVPN troubles and has some details?

 

We only have a handful of installations running with 5.6.4 or some Interims post 5.6.3. We have not seen any new bugs since 5.6.3 so far... But a lot of fixes.

 

Br,

Roman

Bruno_Pereira
New Contributor III

romanr wrote:

Hi,

 

has anyone opened a support case on the SSLVPN troubles and has some details?

 

We only have a handful of installations running with 5.6.4 or some Interims post 5.6.3. We have not seen any new bugs since 5.6.3 so far... But a lot of fixes.

 

Br,

Roman

Hello,

 

I open ticket and the response received was: wait the new version 5.6.5 ¬¬

 

I received the following error periodic:

 

84: 2018-04-27 07:11:05 the killed daemon is /bin/pyfcgid: status=0x0 85: 2018-04-27 07:41:22 <05147> firmware FortiGate-600D v5.6.4,build1575b1575,18                                                                                                                                                             0425 (GA) (Release) 86: 2018-04-27 07:41:22 <05147> application sslvpnd 87: 2018-04-27 07:41:22 <05147> *** signal 11 (Segmentation fault) received ***

Labels
Top Kudoed Authors