Helpful ReplyHot!FortiOS 6.2.0 is out!

Page: < 123 Showing page 3 of 3
Author
bartman10
Silver Member
  • Total Posts : 88
  • Scores: 18
  • Reward points: 0
  • Joined: 2014/05/01 18:22:38
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/05/01 09:20:25 (permalink)
0
This is simply NOT true. I just got done speaking with TAC about this. I was in the 6.2 Beta for my 200D FortiAnalizer only to see in the GA notes 200D dropped.. Well that's funny kids I was using 6.2 beta on it.
TAC has stock answsers like EOS bla.. but it's simply not true.
He was even able to give me a, supported, 6.2 FortiAnalizer image after I showed my CPU usage is 3% and RAM is like 35%. I guess if you load it up to max logs per sec 6.2 may not work as advertised.. but ya..
 
They just make up whenever they decide to stop supporting gear with new updates. They are NOT clear about this and, AND, they still expect payment in FULL when that support contract comes up for renewal. 
 
Ok.. you drop new firmware for some reason.. well take that % out of my support contract because I don't need to pay to support the new firmware, only minimal bug fixes in last.
 
 
 
Go look up FortiGate unites with 6.2 released. There are many D models that EOS in 2017-2018
100D - EOS- 2018-07-26
92D - EOS - 2017-07-16
400D - EOS - 2018-05-08
140D - EOS - 2018-05-08
80D - EOS - 2018-04-16
 
All of these FortiGates have 6.2.
 
 
 
 
bommi
Please check the Product Lifecycle Page:
https://support.fortinet.com/Information/ProductLifeCycle.aspx
 
You will find several statements with a list of devices which arent supported by the latest releases.
These devices get extended access to Customer Services until these devices are EOL.
 
 





300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
#41
PeterK
New Member
  • Total Posts : 13
  • Scores: 2
  • Reward points: 0
  • Joined: 2018/01/24 08:55:45
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/05/07 01:47:55 (permalink)
0
Having trouble now replicating this which is odd.  Defo still having a big issue with Internet Explorer (we are using 11) being able to log into the SSL VPN Web mode and even to the Fortigate to manage.  I tend to not use IE as much but we cannot tell staff not to.  Has this been resolved in 6.2.0 as they do not seem to be doing more patches after 6.0.4?
#42
NeilG
Silver Member
  • Total Posts : 72
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/03/04 11:00:39
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/05/10 16:44:30 (permalink)
0
I am very disappointed that the 60D is not supported with 6.2  - and it seems to be implied that the 60D won't go beyond 6.0.x versions.
 
For small (real small like under 25 users) the Fortigate WAS a great solution because it would do everything - but now not only has the licensing cost for a 60D jumped, but the features keep getting pulled out and requiring a dedicated "server".
 
 
 
With the accelerating speed that features are moving from Fortigate to FortiXXXXX I can't even calculate value or ROI for upgrading Fortigate hardware for these small clients.
 
 
#43
SolracLeinad
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/24 12:21:20
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/05/24 12:33:18 (permalink)
0
 
bartman10
Go look up FortiGate unites with 6.2 released. There are many D models that EOS in 2017-2018
100D - EOS- 2018-07-26
92D - EOS - 2017-07-16
400D - EOS - 2018-05-08
140D - EOS - 2018-05-08
80D - EOS - 2018-04-16
 
All of these FortiGates have 6.2.


Maybe they updated their page already:


Product            | EOO            | LSED          | (EOS)
FortiGate-100D | 2018-07-26 | 2022-07-26 | 2023-07-26
FortiGate-92D   | 2017-07-16 | 2021-07-16 | 2022-07-16
FortiGate-400D | 2018-05-08 | 2022-05-08 | 2023-05-08


I'm also mailing my account manager as the removal of custom devices and groups has a huge impact on our company. I wonder if its still somewhere hidden deep inside the CLI tho...
#44
gianlucagiacometti
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/30 07:17:57
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/05/30 07:21:44 (permalink)
0
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/262899/wireless-mac-filter-updates
 
Maybe this new feature is the key
 
Which actually makes more sense, because with the previous solution everyone with a SSID WPA2-personal password could connect to the SSID, inappropriately using an IP address and the downstream policy was delegated to block the user. This, I guess, was also causing some overhead.
With the new solution only the members who have been given permission can connect to the SSID.
I would have liked to have also a GUI to do that, but I'm confident it will be introduced in future OS upgrades.
 
G
post edited by gianlucagiacometti - 2019/05/30 08:45:25
#45
morten@waveit.no
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/01/08 01:57:37
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/05/30 09:15:30 (permalink)
0
OOOOHHH...! Do I regret testing out 6.2 on a live Fortigate...
Upgraded my 30E-3G4G-INTL from 6.0.4 about a week ago, and since then it has just frozen allmost daily. I can not log in to the GUI or SSH when this happens, so power reset is the only way to get it up and running again. It wasn't until today I managed to get a look at the GUI before it hung again. I noticed my phone didn't connect to a website, and logged on to the Fortigate from my PC to se if I could troubleshoot anything this time. The first thing I see after logging in is that the Fortigate has entered memory conserve mode. I cannot login to the CLI (Says "too many connections"), so I cannot see or restart the ****ty process. I doesn't take many seconds before I am kicked out of the GUI as well, and the Fortigate stops responding completely. Again, power reset only "solution". Anyone else experienced anything like this?
As we speak, I have a SSH session running with diag sys top, and will monitor memory usage to see if I can find a clue as to which process is the culprit, and keep you updated.
 
Good thing to have my home office Fortigate as testlab...wouldn't like this to happen on 100+ customer Fortigates
#46
seadave
Expert Member
  • Total Posts : 318
  • Scores: 48
  • Reward points: 0
  • Joined: 2004/11/03 18:02:09
  • Location: Seattle, WA
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/05/30 09:58:21 (permalink)
0
This seems to be a re-occurring theme.  Perhaps make sure that any of the services such as spam filtering, wifi/switch controller, waf, advanced routing, that you are not using is disabled in the Features gui.  That will reduce memory load.  I think Fortinet needs to do a better job on advising which models are optimized for which release.  The sub-100 units most likely will not run well on 6.2 until it is revised to .4 or .5 is my guess.  Also if you have too many features enabled on the lower number models it will never run well.
#47
gianlucagiacometti
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/30 07:17:57
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/06/09 01:46:18 (permalink)
0
Well, this COULD HAVE BEEN the solution.
Unfortunately the maximum number of entry in config wireless-controller address is 256.
256!
That's a real shame. I have more than 600 entries. A FortiGate 800D is not a toy, neither it should be programmed as so.
Ok, now I'm stuck with an open WiFi (passwords are not secrets in Universities), hoping in the next release.
I'm rather disappointed. The release to 6.2 should have been held some months further.
#48
anujdalal
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/08/17 06:11:52
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/06/12 09:29:22 (permalink)
0
Hi,
 
I'm having high memory usage issues (memory leak?) since the release of this firmware. I have 2 Azure FG-VM02s running in Active/Active HA. I removed one of them from the Azure Loadbalancer back-end pool ("cluster") at 64% memory usage. Even with close to no traffic going through it, the memory usage stayed at 64% constantly. The usage gradually climbs when the ipsengine is in use. diagnose sys top shows ipsengine using lots of memory, and not releasing it. I also can't seem to downgrade the firmware; the fortigate fails to download the file from FortiGuard.
 
I wonder if you're experiencing (or have experienced) something similar?
 
Thanks.
#49
sullimd
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/08/17 09:11:55
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/07/10 09:00:09 (permalink)
0
Same here on the memory issues. Experienced the same thing with 2 customers - today.  It's the wad service using all the memory, device goes into conserve mode, then I get a call that the internet is down.  It was the wad service on both customers. 
 
Pid: 00195, application: wad, Firmware: FortiGate-100E v6.2.0,build0866b0866,190328 (GA) (Release), Signal 11 received, Backtrace: [0x36c0aba6] [0x36c8b2a5] [0x36c8b4e9] [0x00a166d3] [0x00a44085] [0x00033979] [0x00037587] [0x36c0a971] [0x00031cc9]
 
One customer, ah, just a fluke.  Two customers, within 6 hours of each other - stay away for now.  Both of these customers wanted to upgrade for some of the new SD-WAN functionality, but I won't be upgrading any customers for a while.
post edited by sullimd - 2019/07/10 09:05:07
#50
SMabille
Silver Member
  • Total Posts : 71
  • Scores: 18
  • Reward points: 0
  • Joined: 2013/03/31 15:39:51
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/07/11 06:42:51 (permalink)
0
Hi,
 
Looks like devices are doing a (small) come back in 6.2.1:
https://docs.fortinet.com/document/fortigate/6.2.1/new-features/370579
 
If I read correctly all predefined group and detection are still absent (let's hope and wait for 6.2.2) but categories can be defined again manually, in the GUI, based on MAC or MAC range.
 
Good partial back-track, let's implement the whole device detection back in 6.2.2! 
 
 
Cls
Quick note from first impressions on my test device:
As read in Release Notes / Changes in default behavior:
-FortiOS 6.2.0 removes any use of device enforcement from various FortiGate features.
 
This means that all policies and setups that are using Devices or Devices-Groups in policy will have "open" policies after upgrading to 6.2.0.
I cannot find any obvious replacemens for Device feature per now.
 
If anyone has more info on what Fortinet's plan on this is, I would appreciate a shoutout.. :)
 
 
Best Regards,
Runar




#51
Frank Baschin
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/07/12 01:01:02
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/07/12 01:21:41 (permalink)
0
Yesterday we also had memory issues. The memory load grows to 100% in 5-10 minutes. With network down situation.
Firmware: FortiGate-100E v6.2.0,build0866b0866,190328 (GA)
 
We temp. could resolve it with disable all service policy. It seems, that the IPS Prevention had high memory load.
#52
confusedcrib
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/03 08:28:21
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/09/03 08:29:19 (permalink)
0
Ditto on the memory issues - went into conserve mode on Friday and is currently rising back up.
 
FortiOS v6.2.0 build0866 on 201E
#53
Aron1
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/03 08:58:35
  • Location: Roseville, MN
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/09/03 09:09:58 (permalink)
0
Try this...
 
get sys perf top
 
ID app that is running the most memory. For me, I have seen both ipsmonitor and wad causing the mem issue. Restarting the problematic thread gets you out of conserve mode, but isn't a fix.
This will restart the app:
diagnose test application ipsmonitor 99
 
Where I saw the mem issue crop up, the 6.2.1 fixed it. However, now I'm having SSL inspection issues with certain website on one of them now.
 
Hope this helps...
 
#54
Aron1
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/03 08:58:35
  • Location: Roseville, MN
  • Status: offline
Re: FortiOS 6.2.0 is out! 2019/09/05 09:59:58 (permalink)
0
Side note... While upgrading to 6.2.1, we are seeing a bug... If your admin account is locked down to certain IP address ranges, and your WIFI SSID isn't in the ip range, you might not be able to bring up the AP's after upgrading to 6.2.1.
 
We thought this might have been a softswitch error, but it looks like an official bug. We've had Fortinet on the line and they are looking in to it. Doesn't happen with all of them, I rolled up a 200E last night with 12 AP's and 10 VPN's and it worked flawlessly.
 
Anyone see anything similar?

Ignotum per ignotius...
#55
Mike_FTNT
optimizzz
  • Total Posts : 105
  • Scores: 2
  • Reward points: 0
  • Joined: 2012/04/05 10:06:09
  • Status: offline
Re: FortiOS 6.2.0 is out 2019/09/05 12:14:51 (permalink)
0
Aron1
Side note... While upgrading to 6.2.1, we are seeing a bug... If your admin account is locked down to certain IP address ranges, and your WIFI SSID isn't in the ip range, you might not be able to bring up the AP's after upgrading to 6.2.1.
 
We thought this might have been a softswitch error, but it looks like an official bug. We've had Fortinet on the line and they are looking in to it. Doesn't happen with all of them, I rolled up a 200E last night with 12 AP's and 10 VPN's and it worked flawlessly.
 
Anyone see anything similar?




Hi Aron1,
 
This is one known issue in FortiOS 6.2.1, and it will be fixed by 6.2.2.
The workaround is to add FAP's IP or subnet into admin trusthost list.
 
Cheers,
Mike
#56
NapaCab
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/12/13 18:26:04
  • Status: offline
Re: FortiOS 6.2.0 is out 2019/09/05 12:17:33 (permalink)
0
Aron1
Try this...
 
get sys perf top
 
ID app that is running the most memory. For me, I have seen both ipsmonitor and wad causing the mem issue. Restarting the problematic thread gets you out of conserve mode, but isn't a fix.
This will restart the app:
diagnose test application ipsmonitor 99
 
Where I saw the mem issue crop up, the 6.2.1 fixed it. However, now I'm having SSL inspection issues with certain website on one of them now.
 
Hope this helps...
 




This seems to be the IPS memory leak that's been around in one way shape or form since FortiOS 5.4 days....ouch.
#57
NapaCab
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/12/13 18:26:04
  • Status: offline
Re: FortiOS 6.2.0 is out 2019/09/05 12:48:23 (permalink)
0
SEI
It would be fair if Fortinet and it's Marketing communicates the truth: Today's Releases are showcases to be used in a year or so and only by then we can face today's challenges on a mature trusted FireWall
 



This has always been true of new FortiOS major releases, customers do the QA. 
 
FortiOS major releases are really lab versions for a good year or so due to poor software QA/quality control and most of their fabric helper products like FAZ/FMG are a solid 6-8 months behind in software updates to work with the latest FortiOS major code releases.  
 
 
#58
Aron1
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/03 08:58:35
  • Location: Roseville, MN
  • Status: offline
Re: FortiOS 6.2.0 is out 2019/09/09 07:12:59 (permalink)
0
Mike@ftnt
Hi Aron1,
 
This is one known issue in FortiOS 6.2.1, and it will be fixed by 6.2.2.
The workaround is to add FAP's IP or subnet into admin trusthost list.
 
Cheers,
Mike




Hi Mike... Thanks for confirming that... We figured that out as well.
 
NapaCab

This has always been true of new FortiOS major releases, customers do the QA.

 
Not necessarily. Not to fanboi too much, sorry... I'm more of a Cisco guy, but Fortigate does seem relatively responsive to things like this. Contrast them with trying to get Extreme or MS to correct a "known issue"...

Ignotum per ignotius...
#59
Page: < 123 Showing page 3 of 3
Jump to:
© 2019 APG vNext Commercial Version 5.5