Helpful ReplyHot!FortiOS 5.6.5 is out!

Author
AragoN
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/06/07 10:58:29
  • Status: offline
2018/06/21 15:21:32 (permalink)
#1
Toshi Esumi
Expert Member
  • Total Posts : 960
  • Scores: 56
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiOS 5.6.5 is out! 2018/06/21 15:31:09 (permalink)
0
Upgrade path doesn't seem to be updated yet at the support site to include this version.
#2
Toshi Esumi
Expert Member
  • Total Posts : 960
  • Scores: 56
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiOS 5.6.5 is out! 2018/06/21 16:30:09 (permalink)
0
And this problem is not fixed yet. It's now in the known issue list:
435388 After VLAN interfaces are added under physical interface, the parent interface cannot be added into a zone.
We'll have skip this version again.
#3
tanr
Gold Member
  • Total Posts : 451
  • Scores: 16
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FortiOS 5.6.5 is out! 2018/06/21 19:54:42 (permalink)
0
Hi Toshi.  Just curious about your use of a zone with the parent physical interface and child vlan interfaces.  You mentioned you were using it for tagged and untagged traffic?  I wondered if you had the child vlans in a different zone than the zone the parent physical interface was in?  I ask because I had considered something similar a while back to deal with untagged traffic but found a different solution (switch based).
 
No worries if you don't feel like posting about it!  Cheers.
#4
Toshi Esumi
Expert Member
  • Total Posts : 960
  • Scores: 56
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiOS 5.6.5 is out! 2018/06/21 21:29:09 (permalink)
0
I believe we did it before at least for one customer even if we don't have now to separate corporate subnets/network from non-corp subnets/network and put them into separate zones. FGT just handed off all non-tagged/tagged VLANs over one port to a L2 switch(es) and all devices, including WiFi APs are hanging off from the switch. Obviously only one zone can have the parent interface, and the other one doesn't have it as member interfaces.
To create zones there is no distinction between a parent interface and VLAN subinterfaces, until this problem was introduced.
 
#5
Kenundrum
Gold Member
  • Total Posts : 130
  • Scores: 15
  • Reward points: 0
  • Joined: 2008/05/15 10:25:50
  • Location: Rhode Island, US
  • Status: online
Re: FortiOS 5.6.5 is out! 2018/06/22 05:47:04 (permalink)
0
I updated a 60D this morning from 5.6.4 and it did not go well. After rebooting, none of the interfaces passed traffic and I was unable to log in over console. The error that kept showing up was something along the lines of "unable to lock lockdb".
After rebooting the device a second time, everything was fine. Unfortunately for me, I decided to chance doing an update when I was not onsite with the device and wasn't able to go physically power cycle it until it had been down for a few hours. Lesson learned. And I'll probably be investing in remotely controllable power outlets.

NSE4
Some FGT500Es, 500Ds, 60Ds at work
FWF60E, FWF80CM at home
#6
Toshi Esumi
Expert Member
  • Total Posts : 960
  • Scores: 56
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiOS 5.6.5 is out! 2018/06/22 13:55:03 (permalink)
0
I would never do an upgrade for a new version I never experienced before without staring at console output, often keep it saving into a file so that I can attach it to a ticket in case I need help from TAC, regardless on-site or remote (always have console access via a terminal server if remote). If that's not possible, at least experience the same upgrade with a FGT whatever we have in the lab first. 
I'm just curious but what version did you upgraded the 60D from? 5.4.x?
#7
slavko
Silver Member
  • Total Posts : 83
  • Scores: 6
  • Reward points: 0
  • Joined: 2014/08/09 01:05:35
  • Location: Montenegro
  • Status: offline
Re: FortiOS 5.6.5 is out! 2018/06/25 04:06:04 (permalink)
0
Well, this is interesting:
"SSL VPN standalone client no longer supports the following operating systems:
Microsoft Windows 7 (32-bit & 64-bit)
Microsoft Windows 8/8.1 (32-bit & 64-bit)
Microsoft Windows 10 (64-bit)
Virtual Desktop for Microsoft Windows 7 SP1 (32-bit)"
Does this refer to the FortiClient, and if so, does  anyone have any idea why is Fortinet dropping the support for it?

NSE 4, NSE 5, NSE 7, FortiMail & FortiWeb Specialist
All oppinions/statements written here are my own.
#8
Toshi Esumi
Expert Member
  • Total Posts : 960
  • Scores: 56
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiOS 5.6.5 is out! 2018/06/25 08:01:11 (permalink)
0
It's been on the release notes for some time by now. My assumption was they were moving toward Win App like the current Win App for Win10.
#9
rswinney99
New Member
  • Total Posts : 6
  • Scores: 2
  • Reward points: 0
  • Joined: 2018/01/12 08:58:02
  • Status: offline
Re: FortiOS 5.6.5 is out! 2018/06/25 10:19:52 (permalink) ☄ Helpfulby slavko 2018/06/25 11:59:31
5 (1)
When I asked my Fortinet engineer about that specific thing several releases ago I was told it did not apply to forticlient and only applied to a ssl-vpn only software that has been long depracated.
#10
Toshi Esumi
Expert Member
  • Total Posts : 960
  • Scores: 56
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiOS 5.6.5 is out! 2018/06/25 10:43:40 (permalink)
0
That's better than I thought. Thank you for the info.
#11
Baptiste
Gold Member
  • Total Posts : 144
  • Scores: 13
  • Reward points: 0
  • Status: offline
Re: FortiOS 5.6.5 is out! 2018/06/26 04:35:49 (permalink)
0
slavko
Well, this is interesting:
"SSL VPN standalone client no longer supports the following operating systems:
Microsoft Windows 7 (32-bit & 64-bit)
Microsoft Windows 8/8.1 (32-bit & 64-bit)
Microsoft Windows 10 (64-bit)
Virtual Desktop for Microsoft Windows 7 SP1 (32-bit)"
Does this refer to the FortiClient, and if so, does  anyone have any idea why is Fortinet dropping the support for it?


No, there was a stand-alone application called "SSL VPN Client".
It was a simple SSL VPN client that was working fine, without any (useless) security stuff.
 

FGT 100D 5.4.9 + FTK200
FGT 60E 5.6.3 & 6.0.0
FGT 40C 5.0.13
FAZ VM 6.0.0
FAP 210B/221C/223C/321C/421E
#12
Toshi Esumi
Expert Member
  • Total Posts : 960
  • Scores: 56
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiOS 5.6.5 is out! 2018/06/28 09:26:30 (permalink)
0
I just got an update from TAC saying the zone problem with the parent and vlan sub-interfaces will be fixed with 5.6.6 and 6.0.2 (6.0.x also have this problem). 6.0.2 release target date is between 7/23 and 7/26. But no ETA for 5.6.6 since 5.6.5 was just released last week.
#13
Jump to:
© 2018 APG vNext Commercial Version 5.5