Helpful ReplyHot!FortiOS 6.0.2 is out!

Author
bommi
Gold Member
  • Total Posts : 122
  • Scores: 10
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: offline
2018/07/26 22:07:05 (permalink)
#1
bommi
Gold Member
  • Total Posts : 122
  • Scores: 10
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/07/26 22:31:51 (permalink)
0
You can now use the packet capture on gui also on small machines without an log-disk!
The packet capture will use an ram-disk.
This is the best new feature so far :-D
#2
simonorch
Gold Member
  • Total Posts : 311
  • Scores: 12
  • Reward points: 0
  • Joined: 2009/06/05 00:05:08
  • Location: Norway
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/07/30 12:44:48 (permalink)
0
Very happy indeed to get packet capture back in the gui on the lower end non-disk boxes.
That one feature has kept some of our customers on 5.2

FCNSP V.4, V.5, NSE5
Fortinet platinum partner - Norway
#3
SMabille
Bronze Member
  • Total Posts : 51
  • Scores: 8
  • Reward points: 0
  • Joined: 2013/03/31 15:39:51
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/07/31 01:54:33 (permalink)
0
But not impressed with stability.
FGT60E, IPS Engine (4.021) keep crashing, massive performance issues (even on rules without UTM).
Will have to downgrade to 6.0.1.
Been a long time I haven't been so disappointed by lack of QA so quickly (less than 24 hours) - back to good old buggy Fortinet!
#4
bommi
Gold Member
  • Total Posts : 122
  • Scores: 10
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/07/31 04:54:16 (permalink)
0
At least on my FWF30E no ips engine crashes are logged in the crashlog.
#5
emnoc
Expert Member
  • Total Posts : 4988
  • Scores: 306
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/07/31 10:37:41 (permalink)
0
Had trouble upgrading a FWF60D  with the new image had to rollback, still investigating

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#6
storaid
Platinum Member
  • Total Posts : 759
  • Scores: 13
  • Reward points: 0
  • Joined: 2012/09/24 20:19:19
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/08/01 01:10:52 (permalink)
0
'sslvpnd' process causes high cpu loading....
   PID      RSS  ^CPU% MEM%   FDS     TIME+  NAME
 * 133      16M   96.9  0.9    31  35:29.83  sslvpnd [x4]
   132      16M   19.4  0.9    11  00:01.64  httpclid [x3]
   121      28M    8.6  1.5    27  02:17.48  httpsd [x5]
   124     323M    7.8 17.3   369  54:50.38  ipsmonitor [x6]
   141      12M    4.8  0.7    13  09:57.30  updated
   119      39M    0.8  2.1    38  22:51.74  miglogd [x3]
   128      14M    0.0  0.8    22  04:32.30  forticron
   131       6M    0.0  0.3    24  00:00.43  foauthd
   129       7M    0.0  0.4    15  00:24.66  forticldd
   136       6M    0.0  0.3    10  00:00.90  guacd
   137     808K    0.0  0.0     4  00:00.10  smbcd
   138       6M    0.0  0.3    24  00:10.90  voipd
   140      66M    0.0  3.5   173  02:25.64  wad [x8]
   130       9M    0.0  0.5    47  06:31.97  authd [x3]
   142       5M    0.0  0.3    12  01:05.58  snmpd
   143       5M    0.0  0.3    23  00:17.17  dhcpd
   144       4M    0.0  0.3     8  01:46.27  ipldbd
   145       9M    0.0  0.5    17  01:43.32  src-vis
   146       4M    0.0  0.3    16  00:08.83  ntpd
   147       5M    0.0  0.3     5  00:00.30  sshd

FWF60D x2
FWF60C x3
FGT80C rev.2
FGT200B-POE
FAP220B x3
FAP221B x2
FSW224B x1
#7
Andy Bailey
Bronze Member
  • Total Posts : 38
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/06/27 11:21:22
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/08/01 02:26:30 (permalink)
0
So far my FT60E is table and performing normally (although using higher average memory than before the update).
 
I agree it's great to see Packet Capture back in the GUI.
#8
cryptochrome
Bronze Member
  • Total Posts : 32
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/03/29 07:31:52
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/08/11 16:34:46 (permalink) ☄ Helpfulby rkhair 2018/08/15 01:30:27
0
Wow, this release is a true bug fest. I don't even know where to begin.
 
  • DNAT Static NAT without port forwarding (e.g. 1:1 NAT) not working, broken
  • Enable a rule with URL Filtering: Firewall doesn't forward traffic for other rules (packets disappear in Nirvana)
  • Rule with URL Filtering set to DENY logs completely unrelated allowed traffic (it logs session close for allowed traffic of other rules)
  • Web Filter log is not working (it logs nothing) - blocked/allowed URLs appear in App Filter log instead
 
Those are just a few things that I noticed. 
Arent's they ashamed of themselves putting something like that out in the wild? I would be.
#9
SecurityPlus
Gold Member
  • Total Posts : 210
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/08/11 18:41:34
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/08/28 18:25:47 (permalink)
0
Upgraded 60E from 5.6.5 to 6.0.2.
 
Upgrade was successful the first time.
 
Twice the ipsengine 04.021 has crashed, 30 minutes apart.
 
Memory usage is about 60%. CPU utilization is about 3%.
 
Noticed two errors after the firmware upgrade (diag debug config-error-log read):
1. set type security audit and 2. set location forticloud. The engineer thought that these errors could be ignored and that they were due to changed features in 6.0.2.
 
Called Fortinet tech support. Was unable to start a GoToAssist session without encountering a security warning. The engineer thought that the security certificate use by GoToAssist was not in the trusted certificates in the FortiGate. This FortiGate is using Full SSL Inspection on the IPv4 policy. He said that he would investigate. Would be curious if others running 6.0.2 and using Full SSL Inspection can open GoToAssist without getting a certificate warning.
 
Otherwise things seem OK with 6.0.2 so far.
#10
tanr
Platinum Member
  • Total Posts : 535
  • Scores: 20
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/08/28 18:46:36 (permalink)
0
@SecurityPlus, thanks for being a test subject!  Let us know how it goes.
 
If you're running IPsec VPN or Application Control I'd love to hear how they work on 6.0.x.
 
#11
SecurityPlus
Gold Member
  • Total Posts : 210
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/08/11 18:41:34
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/08/28 21:29:23 (permalink)
0
No running IPsec VPN on the upgraded firewall.
 
Application Control looks to be running normally per the Log & Report / Application Control logs.
 
I do see some Application crashed errors under Log & Report / System Events. On 4 occasions over about 2 hours I see Application crashed, ipsengine 04.021.
#12
SecurityPlus
Gold Member
  • Total Posts : 210
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/08/11 18:41:34
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/09/03 20:44:59 (permalink)
0
Ironically, even though I was getting crash notifications about every 30 minutes for a few days after the 6.0.2 upgrade, the crash notifications seemed to have subsided in recent days.
 
Before the crash notifications stopped, I reported this issue to Fortinet Support. They said that this issue has been reported through bug id: 0506672. Fortinet Support provided a newer IPS engine. I upgraded from IPS Engine Version 4.00021 to 4.00023.
 
I'm not aware of any issues caused by 6.0.2 on this firewall.
 
I upgraded another firewall to 6.0.2 and thus far things seem fine on this second firewall as well.
 
 
#13
Ashu
Gold Member
  • Total Posts : 122
  • Scores: 10
  • Reward points: 0
  • Joined: 2015/04/17 04:33:45
  • Location: Muscat,Oman
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/09/03 21:31:20 (permalink)
0
Hi,
 
We have configured SSL VPN and IPSEC site to site .There is no much change almost same compared to old versions .Only they have introduced  new feature called one click VPN in 6.0  which i have not tried .
 
I will report if i encounter any issue .
 
Regds,
 
Ashik
#14
cryptochrome
Bronze Member
  • Total Posts : 32
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/03/29 07:31:52
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/09/03 23:13:58 (permalink)
0
SecurityPlus
I'm not aware of any issues caused by 6.0.2 on this firewall.

 
Tons of issues if you switch to the new NGFW policy mode. 
#15
LBM
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/08/28 13:22:58
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/09/10 06:36:03 (permalink)
0
I'm planning to upgrade from 5.6.3.
Anyone else having issues or it is stable version?
 
Thanks in advance.
#16
SecurityPlus
Gold Member
  • Total Posts : 210
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/08/11 18:41:34
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/09/10 07:08:59 (permalink)
5 (1)
We have two firewalls running 6.0.2. They are both running well. We had a different issue with each of them initially that Fortinet support addressed. I presume that with each update (i.e. 6.0.3, 6.0.4, etc.) that more and more issues will be addressed.

FWF30E, FG50E, FWF50E, FG60D, FWF60D, FG80E, FG100D
FortiOS 5.2, 5.4, 5.6, and 6.0
FAP-221E, FAP-221C
#17
LBM
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/08/28 13:22:58
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/09/10 07:42:00 (permalink)
0
SecurityPlus
We have two firewalls running 6.0.2. They are both running well. We had a different issue with each of them initially that Fortinet support addressed. I presume that with each update (i.e. 6.0.3, 6.0.4, etc.) that more and more issues will be addressed.


What kind of issue? Could you please share?
Thank you!
#18
SecurityPlus
Gold Member
  • Total Posts : 210
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/08/11 18:41:34
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/09/13 15:43:57 (permalink) ☄ Helpfulby LBM 2018/09/14 06:45:02
5 (1)
Yes, we encountered these two issues on a FortiGate 60E. In spite of my previous statement, I think that both errors occurred on the same firewall. We upgraded another ForthGate 60D with no other problems noted.
 
1. Log & Report / System Events / Application crashed
application: ipsengine 04.021
I was told that this has been reported in bug id: 0506672 and that this requires an upgrade to the IPS engine to version 4.0023
I made the upgrade to 4.0023 but prior to the upgrade the system event crashes stopped appearing
No further issues with this issue have been noticed
 
2. https://www.gotoassist.me certificate warning. Using deep inspection. Forti_ssl certificate was installed on the browser. The certificate for this website was signed by Fort_CA_untrusted. I was told that the Fortiguard team is working on the certificate bundle. They are saying it will be added in certificate bundle 1.00013.
I was told that I could run:
You can run the following command to update your bundle :
execute update-now
To check if it is updated then run
diagnose autoupdate versions
I have not tested this issue further.
 
No additional issues with 6.0.2 noticed.

FWF30E, FG50E, FWF50E, FG60D, FWF60D, FG80E, FG100D
FortiOS 5.2, 5.4, 5.6, and 6.0
FAP-221E, FAP-221C
#19
Danté
New Member
  • Total Posts : 13
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/07/13 12:03:16
  • Status: offline
Re: FortiOS 6.0.2 is out! 2018/09/15 04:49:38 (permalink)
0
Hi,
 
FortiGate 100E
I found 6.0.2 had many bugs, the biggest ones for us were:
 
-Logs not working and wrong bandwidth accumulation on reports and widgets. Streaming same sessions gets summed to each other and forms a huge amount of bandwidth but is not the true bandwidth going over the interface.
 
-DHCP client list just loading forever under interface.
 
Went back to 6.0.1 no issues.
#20
Jump to:
© 2018 APG vNext Commercial Version 5.5