Helpful ReplyHot!FortiOS 6.0.4 is out!

Page: < 123 Showing page 3 of 3
Author
seadave
Expert Member
  • Total Posts : 318
  • Scores: 48
  • Reward points: 0
  • Joined: 2004/11/03 18:02:09
  • Location: Seattle, WA
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/01/30 08:17:15 (permalink)
0
Final follow up. Happy to report that my FWF60E has been up and running without crash for over 36 hours now.  I noticed previously in the FAZ logs that an AV update occurred right before the gate would freeze.  I've been using Fortinet products for over 14 years, and I've seen this before.  FTNT will push a bad AV/IPS or even AV/IPS engine update and gate will crash.  Sometimes this happens for a few days until they figure out the issue and then the problem goes away.  Or it could be this, the Admin failed login from localhost (127.0.0.1) was occurring every few minutes.  Now it is every 15.  I'll open a case regarding that and start a new thread.
#41
re.zagorodnev
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/05/03 04:58:50
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/01/30 22:39:31 (permalink)
0
VMware fortigate-vm, updated to 6.0.4. Bug in fortiview, table is broken, users login missing. And cant download web filter log from Forward Traffic. Better stay on 5.6...
#42
James_G
Silver Member
  • Total Posts : 85
  • Scores: 4
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/02/07 02:54:56 (permalink)
0
6.0.4 now installed on 31 firewalls - only issue I had was with the default behavior depreciating TLS 1.0 on SSL offload (full SSL), i.e. I have an old server that only supports TLS 1.0 and I front with the FGT to present TLS 1.2 to the world, but FGT support chat sorted me in a few minutes.
#43
leonardo.ortiz
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/03/04 06:46:12
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/02/16 18:33:46 (permalink)
0
Hello.
 
How we will use Citrix and Port Forwarding if all browser that support java is not supported by FortiOS now?
Internet explorer dont open nothing in WEB SSL VPN.
#44
streeb2021
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/04/19 00:50:09
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/02/21 03:10:31 (permalink)
0
I would be interested to know now that the dust has settled on this release how people feel about it. Currently my suite of Fortigate clusters are sitting on 5.6.8 and I am considering a move to 6.0.4. but wonder whether it is worth moving onto the 6.0.x train if you are not actively leveraging the security fabric side of things. 
#45
SecurityPlus
Gold Member
  • Total Posts : 280
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/08/11 18:41:34
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/02/28 23:08:48 (permalink)
0
I would be interested in feedback from others too.

FWF30E, FG50E, FWF50E, FG60D, FWF60D, FG60E, FG80E, FG100D
FortiOS 5.2, 5.4, 5.6, and 6.0
FortiSwitch FS-224E-POE
FAP-221E, FAP-221C
#46
Frosty
Gold Member
  • Total Posts : 176
  • Scores: 11
  • Reward points: 0
  • Joined: 2010/11/03 15:53:40
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/03/03 17:22:16 (permalink)
0
I haven't tested at all with v6.0.anything but as a matter of principle I'm going to wait for v6.2.n (probably v6.2.4 or later) before I even consider leaving v5.6.n ... no particular features that I need in v6 and there was only 1 bug that I have seen in v5.6 that impacted on me; was able to work around it, so no urgency to upgrade for me.
#47
thuya
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/03 02:42:26
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/05/03 04:07:57 (permalink)
0
we have Fortigate 600D with firmware 5.4.2. we can directly upgrade to 6.0.4
#48
TiagoTanno
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/07/17 12:39:21
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/05/03 07:27:44 (permalink)
0
SMabille
You can get a FAZ license for $1 on AWS for 500Gb and up to 2 "home" Fortigate/VDOM (up to Fortigate 90 and VM-01), still have to pay for AWS usage, I'm at around $25 a month.
(https://aws.amazon.com/marketplace/pp/B06Y1K63ZH?qid=1548667167351&sr=0-1&ref_=srh_res_product_title#pdp-overview)
 
dfollis
I have a home setup of the following:
 
FWF-60E v6.0.4 build0231 (6.0.4)
FSW-108D-POE v3.6.9-build0426 (this model does not support v6)
FortiAP FP221C v6.0-build0027 (just upgraded to build0030, 6.0.4)
 
Fairly simple setup for home using these devices.  I've experienced random outages after ~24 hours after upgrading from 6.0.3 to 6.0.4.  Symptom is Wifi will be down and hard wire connection to FWF-60E will not respond without a hard power reset.
 
I first tried to update my FSW from 3.6.8 to .9 but crash occurred again.  This AM after another hard reset was needed, I noticed that 6.0.4 for FP221C was released on 1/25 so I have just updated that.  As this is a home setup, I'm not paying for FAZ  (considering we spend thousands of dollars on FTNT gear at work sure would be nice for free FAZ with low daily limit for home use/testing, just saying :-)).
 
I do have a synology though so I'm going to enable SYSLOG and dump to that to see if I can get better system events.  When I check events logged to FortiCloud I don't see anything odd.  Running "diag debug crashlog read" shows the following:
 
1: 2019-01-26 22:27:10 scanunit=manager pid=152 str="AV database changed; restarting workers"
2: 2019-01-26 22:27:12 <00152> scanunit=manager str="Success loading anti-virus database."
3: 2019-01-26 22:37:10 scanunit=manager pid=152 str="AV database changed; restarting workers"
4: 2019-01-26 22:37:12 <00152> scanunit=manager str="Success loading anti-virus database."
5: 2019-01-26 22:40:14 the killed daemon is /bin/pyfcgid: status=0x0
6: 2019-01-26 22:59:10 scanunit=manager pid=152 str="AV database changed; restarting workers"
7: 2019-01-26 22:59:12 <00152> scanunit=manager str="Success loading anti-virus database."
8: 2019-01-27 12:33:03 <00152> scanunit=manager str="Success loading anti-virus database."
 
It is interesting that that last event logged is an AV update until I reset it 12 hours later, see events 7 and 8 above.
 
Not sure if anyone else is seeing stability issues like this.  It is possible I have an odd config that is causing an issue as I have a few VLANs that are trunked over my FSW, but nothing unconventional that I'm aware of.  Will update post if I see another crash.









FAZ on AWS costs 1$ ? (license)
i dont understand this question about license
#49
seadave
Expert Member
  • Total Posts : 318
  • Scores: 48
  • Reward points: 0
  • Joined: 2004/11/03 18:02:09
  • Location: Seattle, WA
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/05/03 10:28:36 (permalink)
0
It is a pay as you go model.  So instead of paying $1300 upfront with a ~$600/year renewal, you pay for usage over the course of a year.  I'm storing ~4TB of data on Glacier and have a FAZ instance running and I'm being charged ~$30 a month.  Plus I don't have to worry about devoting onsite hardware to running the FAZ which I was running as a HyperV VM beforehand.  AWS also has a Bring Your Own License (BYOL) model which is a better fit in some situations.
 
It is important to note, the price is so low for me because I have a very low log ingestion rate.  If you did this for a company of 100 folks, you FAZ DB would grow faster and you would most likely be charged more depending on your data retention settings.
 
The link I posted above provides more info.  The Amazon model is pay less per month to preserve cash flow, but end up paying more over the course of a year compared to paying up front.  Not dissimilar to any other type of lease.
#50
seadave
Expert Member
  • Total Posts : 318
  • Scores: 48
  • Reward points: 0
  • Joined: 2004/11/03 18:02:09
  • Location: Seattle, WA
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/05/03 10:32:02 (permalink)
0
PS regarding 6.0.4 we migrated from a stand alone 5.6.8 500D to a HA active-passive pair of 501Es now running 6.0.3.  The DNS issues I saw at home with 6.0.4 has kept us off that.  6.0.3 in this configuration has been very stable.  The main issue we have is that Chrome does not work with 6.0.3 in our case.  Some pages will display the loading HTML5 circle and never fully load.  Viewing the same page in Firefox works fine.  We have not tested IE or Edge.  We are not sure if this is due to how we harden Chrome, but since Firefox works, that is what we are using for now.
 
#51
ede_pfau
Expert Member
  • Total Posts : 6050
  • Scores: 480
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/05/04 06:31:22 (permalink)
0
Minor remark:
on my v6.0.4, only ONE page doesn't display in FF 52.9.0 ESR, but of course an important one...Routing Monitor. I fly blindly, so to say. Chrome will do but I don't change horses just for one bug in one patch release.

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#52
thuynh_FTNT
Bronze Member
  • Total Posts : 44
  • Scores: -2
  • Reward points: 0
  • Joined: 2014/02/05 09:30:09
  • Status: offline
Re: FortiOS 6.0.4 is out! 2019/05/06 15:07:22 (permalink)
0
>on my v6.0.4, only ONE page doesn't display in FF 52.9.0 ESR, but of course an important one...Routing Monitor. I fly blindly, so to say. Chrome will do but I don't change horses just for one bug in one patch release.

Thanks Ede, can you try with a newer version of FireFox? There was a known issue that some pages cant load with FireFox 52.x ESR and it was a specific browser's issue. FortiOS 6.0.4 GUI should work okay with latest FireFox version.
#53
Page: < 123 Showing page 3 of 3
Jump to:
© 2019 APG vNext Commercial Version 5.5