Hot!FortiOS 6.0.5 is out!

Author
Hosemacht
Bronze Member
  • Total Posts : 45
  • Scores: 1
  • Reward points: 0
  • Joined: 2017/04/18 04:06:13
  • Location: Regau, Austria
  • Status: offline
2019/05/14 23:31:51 (permalink)
0

FortiOS 6.0.5 is out!

Many Bugfixes but no TLS 1.3 mentioned.
 
https://docs.fortinet.com.../fortios-release-notes
#1

13 Replies Related Threads

    kerya
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/05/13 05:08:53
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/15 03:09:52 (permalink)
    0
    Does it has WFQ and WRED?
    #2
    Hosemacht
    Bronze Member
    • Total Posts : 45
    • Scores: 1
    • Reward points: 0
    • Joined: 2017/04/18 04:06:13
    • Location: Regau, Austria
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/15 03:59:43 (permalink)
    0
    WFQ and WRED?
    #3
    streeb2021
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/19 00:50:09
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/15 04:44:55 (permalink)
    0
    Is anyone else slightly concerned about the number of bug fixes in this release - despite it being the fifth point release on 6.0.x. This erodes confidence somewhat when you have nearly thirty fixes in the SSL VPN module alone. 
     
    I actually had a FTNT account manager in a previous role tell me not to touch code for production until the fourth point release but maybe we are looking at the fifth now? Less releases but sounder code would be my preference - or maybe I am being naive. 
     
     
    #4
    ddskier
    Gold Member
    • Total Posts : 394
    • Scores: 16
    • Reward points: 0
    • Joined: 2007/04/10 08:18:06
    • Location: Chicago, IL
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/15 07:28:37 (permalink)
    0
    I would agree with the account manager.   I have been using Fortigate since version 2.8 and it always took to patch 4 or 5 to become stable enough for production use.   Heck v5.2 took to patch 8.

    -DDSkier

    FCNSA, FCNSP
    FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
    #5
    tanr
    Platinum Member
    • Total Posts : 650
    • Scores: 25
    • Reward points: 0
    • Joined: 2016/05/09 17:09:43
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/15 07:55:15 (permalink)
    0
    Looks promising.  Two gotchas to be aware of for those upgrading:
     
    473075
    When upgrading, multicast policies are lost when there is a zone member as interface.
    481408
    When upgrading from 5.6.3 to 6.0.0, the IPv6 policy is lost if there is SD-WAN member as interface.
    #6
    Mosabon
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/02/02 01:31:38
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/15 09:49:45 (permalink)
    0
    TLS 1.3 is supported starting from FortiOS v6.2 - I heard but haven't checked so far
    #7
    simonorch
    Gold Member
    • Total Posts : 317
    • Scores: 12
    • Reward points: 0
    • Joined: 2009/06/05 00:05:08
    • Location: Norway
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/15 12:49:41 (permalink)
    0
    With regard to the question about 'stable' releases, in my experience the answer is, it depends. I've rolled out a 600+ 60D deployment that we piloted on 5.2.0 and went into production on 5.2.1 with no issues whatsoever, it all depends on your use case. If you're not going to use ssl vpn then a buggy ssl vpn is irrelevant to you.
     
    Depending on the scenario and potential risks of upgrading to a new MR later on, I would much prefer to roll out an earlier version of a major release, after testing, with a view that it will stay on that MR for several years.

    NSE8
    Fortinet platinum partner - Norway
    #8
    seadave
    Platinum Member
    • Total Posts : 309
    • Scores: 45
    • Reward points: 0
    • Joined: 2004/11/03 18:02:09
    • Location: Seattle, WA
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/15 18:37:57 (permalink)
    0
    streeb2021
    Is anyone else slightly concerned about the number of bug fixes in this release - despite it being the fifth point release on 6.0.x. This erodes confidence somewhat when you have nearly thirty fixes in the SSL VPN module alone. 
     
    I actually had a FTNT account manager in a previous role tell me not to touch code for production until the fourth point release but maybe we are looking at the fifth now? Less releases but sounder code would be my preference - or maybe I am being naive. 


    I totally agree that more recent releases seem to contain more known issues than fixes which is disconcerting.  You are absolutely right to wait until at least .3 or .4 and to TEST with backups!  My experience; YMMV, is that I have a FWF-60E at home.  6.0.4 caused it to lose DNS for some reason and only resolution I could find was to migrate back to 6.0.3 and it has been stable ever since.  BUT this is a very low traffic device NOT doing SSL inspection NOR VPN.  Only basic Firewall tasks with one FSW-108D-POE and FortiAP-221C.
     
    At work we just deployed 501Es in Active/Passive mode with DPI and ~100 policies.  We took a config from 5.6.8 on a 500D and upgraded it to 6.0.3 on the 501Es.  NOT A TASK FOR THE FAINT OF HEART.  But we have lots of CLI experience and have done so in the past.  It has been running very well with two issues. 
     
    For whatever reason, Chrome does not like to display screens with lists such as policies, addresses, or logs in our instance of 6.0.3.  Kind of an issue!  The workaround for us is to use Firefox and that works fine.
     
    The other issue is we have a legacy app that requires IE11.  If a user is using the SSLVPN Portal and a RDP connection, clicking on an IE11 tab will kill the session.  A VERY ODD issue, but TAC indicates a known problem.
     
    I found an internal ticket referencing this issue (Mantis #0519121). As confirmed by our DEV/QA SSLVPN web mode does not support/handle IE very well on 6.0 FortiOS. This is something that will improve and get fixed in future patches.
     
    It does not appear to be fixed in 6.0.5.  So other than these two issues, two 501Es in HA with 6.0.3 has been very stable.  We have approximately 300 users accessing a 1G connection with lots of filters and controls enabled.  We also have lots of users using VPN.
     
    I think too few folks consider the horsepower of their unit when considering updates.  The bigger firewalls with D or E chips will run better than a smaller D.  Use the feature selection gui and disable things like Wifi and Switch control if you are not using them.  It is frustrating but sometimes you just have to sit back and wait for a later, more stable release than what is currently available.  I'd love to try 6.2 but I'm not touching it until .4 or .5 comes out.  Release notes and these forums will indicate when the time is right.
     
    #9
    thuynh_FTNT
    Bronze Member
    • Total Posts : 41
    • Scores: -2
    • Reward points: 0
    • Joined: 2014/02/05 09:30:09
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/16 21:49:21 (permalink)
    0
    Hi Seadave, thank you for your constructive feedbacks.

    >For whatever reason, Chrome does not like to display screens with lists such as policies, addresses, or logs in our instance of 6.0.3.  Kind of an issue!  The workaround for us is to use Firefox and that works fine.

    Yes, this is a known issue in 6.0.3 (M0527700) and we already fixed it in 6.0.4
    #10
    ddskier
    Gold Member
    • Total Posts : 394
    • Scores: 16
    • Reward points: 0
    • Joined: 2007/04/10 08:18:06
    • Location: Chicago, IL
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/21 07:10:48 (permalink)
    0
    Any further feedback on 6.0.5?   Does the community feel that this stable enough?  (SSLVPN, BGP, AV, etc.)

    -DDSkier

    FCNSA, FCNSP
    FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
    #11
    James_G
    Silver Member
    • Total Posts : 67
    • Scores: 4
    • Reward points: 0
    • Joined: 2016/02/28 02:55:47
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/24 01:57:09 (permalink)
    0
    Patched a couple of FGT50e units that I had issues with hitting conserve mode on 6.0.4, after 48 hours memory is still 37% on the units, so looking good.
     
    Will be scheduling in patching the rest of the estate to from 6.0.4 to 6.0.5
    #12
    streeb2021
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/19 00:50:09
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/24 08:02:52 (permalink)
    0
    We have hit an issue with matching on multiple RADIUS fortinet-groups returned from a FortiAuthenticator instance for SSL VPN users. Basically 6.0.5 appears to be only accepting one group and ignoring the rest. FTNT has reproduced on their side and tied it to known bug 0554529 seen in 6.2.0 and fixed in 6.2.1. 
     
    #13
    tanr
    Platinum Member
    • Total Posts : 650
    • Scores: 25
    • Reward points: 0
    • Joined: 2016/05/09 17:09:43
    • Status: offline
    Re: FortiOS 6.0.5 is out! 2019/05/24 08:26:48 (permalink)
    0
    Hi streeb2021.
    So the bug is only if a single user gets multiple fortinet-groups returned? 
    Wanted to clarify as I'm planning to move us from 5.6.9 to 6.0.5 soon.
    #14
    Jump to:
    © 2019 APG vNext Commercial Version 5.5