Helpful ReplyHot!FortiOS 6.2.2 is out

Author
Fullmoon
Platinum Member
  • Total Posts : 859
  • Scores: 13
  • Reward points: 0
  • Joined: 2010/08/02 18:02:10
  • Status: offline
bascheew
Bronze Member
  • Total Posts : 31
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/06/01 10:34:52
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/09 21:39:40 (permalink)
0
I think I found a bug.
 
On AP Profiles, if SSIDs are manually assigned and you choose to view the profile, the SSID fields will be blank and if you press OK then you save the profile with no SSIDs.  If you're not paying attention you'll easily miss that you just removed any SSIDs!
 
See attached gif for how to reproduce:
#2
simonorch
Gold Member
  • Total Posts : 323
  • Scores: 14
  • Reward points: 0
  • Joined: 2009/06/05 00:05:08
  • Location: Norway
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/10 11:38:30 (permalink) ☄ Helpfulby ede_pfau 2019/10/20 03:03:29
5 (1)
Upgraded my lab 60E and noticed either a deliberate change in behaviour or a bug but i couldn't find it in the notes.
 
when dhcp dns settings are at default (same as system dns) and the WAN/internet connection retrieves dns servers from dhcp, the previous behaviour was for the dhcp aquired dns servers to be used in internal dhcp scopes. Now it uses the configured system dns (fortiguard by default), which could be fatal for users if you have restricted dns traffic in your policies
 
I haven't tested this on any other boxes to confirm so i could be mistaken but be aware

NSE8
Fortinet platinum partner - Norway
#3
Jirka
Gold Member
  • Total Posts : 129
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/07/09 11:34:53
  • Location: Czech Republic
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/10 11:57:09 (permalink)
0
Finally add support for wildcard FQDN addresses in firewall policy!



#4
bascheew
Bronze Member
  • Total Posts : 31
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/06/01 10:34:52
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/10 12:05:10 (permalink)
0
Another bug.  In IPS, the severity column is blank!  You can't filter on severity as a result.
 

Attached Image(s)

#5
tanr
Platinum Member
  • Total Posts : 685
  • Scores: 31
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/10 18:57:50 (permalink)
0
bascheew, just want to confirm that you still see those two issues after you clear your browser cache?
#6
bascheew
Bronze Member
  • Total Posts : 31
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/06/01 10:34:52
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/10 19:03:41 (permalink)
0
I just tried clearing my cache and the issues are still there.  I then switched from Chrome to Edge and the problem still happens there too.  I tried creating a new IPS sensor and the problem still happens.
 
Also notice that in the IPS screenshot that the "Target" column is also blank.
#7
neonbit
Expert Member
  • Total Posts : 531
  • Scores: 69
  • Reward points: 0
  • Joined: 2013/07/02 21:39:52
  • Location: Dark side of the moon
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/10 19:05:21 (permalink) ☄ Helpfulby thuynh_FTNT 2019/10/11 14:25:20
0
bascheew
Another bug.  In IPS, the severity column is blank!  You can't filter on severity as a result.
 


I can confirm I'm seeing the same thing. No severity or targets are populated in the GUI for IPS signatures so you can't filter on them.
 
*edit* Yup it's a known bug, scheduled to be fixed in 6.2.3.
post edited by neonbit - 2019/10/10 19:09:13
#8
ede_pfau
Expert Member
  • Total Posts : 6097
  • Scores: 490
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/11 04:43:31 (permalink)
0
@simonorch:
FW01 (mgmt) # sh
config system interface
    edit "mgmt"
        set ip 192.168.1.99 255.255.255.0
        set allowaccess ping https ssh
        set type physical
        set dedicated-to management
        set role lan
        set snmp-index 1
        set ap-discover disable
    next
end

FW01 (mgmt) # set dns-server-override
enable     Use DNS acquired by DHCP or PPPoE.
disable    No not use DNS acquired by DHCP or PPPoE.

I think (prior to reading the docs, as always) that this is the switch you need. Maybe it's default has changed. Wouldn't be the first time a default value had changed.

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#9
simonorch
Gold Member
  • Total Posts : 323
  • Scores: 14
  • Reward points: 0
  • Joined: 2009/06/05 00:05:08
  • Location: Norway
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/11 11:23:02 (permalink)
0
@ede_pfau
 
just checked 6.0 docs and enabled by default and after checking in cli is still default in 6.2.2, that means it sounds like dns override might be broken

NSE8
Fortinet platinum partner - Norway
#10
thuynh_FTNT
Bronze Member
  • Total Posts : 51
  • Scores: -2
  • Reward points: 0
  • Joined: 2014/02/05 09:30:09
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/11 14:25:03 (permalink)
0
bascheew
I think I found a bug.
 
On AP Profiles, if SSIDs are manually assigned and you choose to view the profile, the SSID fields will be blank and if you press OK then you save the profile with no SSIDs.  If you're not paying attention you'll easily miss that you just removed any SSIDs!
 
See attached gif for how to reproduce:




Hi bascheew, we could not reproduce the issue in our lab. Can you provide more details on your config (FGT model, FAP model, how's the FAP profile is setup, etc). Does it happen to new FAP profile? Your gif also doesnt work. 
#11
thuynh_FTNT
Bronze Member
  • Total Posts : 51
  • Scores: -2
  • Reward points: 0
  • Joined: 2014/02/05 09:30:09
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/15 13:13:04 (permalink)
0
simonorch
Upgraded my lab 60E and noticed either a deliberate change in behaviour or a bug but i couldn't find it in the notes.
 
when dhcp dns settings are at default (same as system dns) and the WAN/internet connection retrieves dns servers from dhcp, the previous behaviour was for the dhcp aquired dns servers to be used in internal dhcp scopes. Now it uses the configured system dns (fortiguard by default), which could be fatal for users if you have restricted dns traffic in your policies
 
I haven't tested this on any other boxes to confirm so i could be mistaken but be aware



Hi simonorch, thank you for reporting the behaviour. This is actually a regression bug (internal reference M0589234) where incorrect DNS server is offered in management VDOM per your observation. This will be fixed in the next release.
post edited by thuynh_FTNT - 2019/10/15 14:24:04
#12
ajuDave
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/09/12 15:00:38
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/24 15:27:09 (permalink)
0
Not sure if it's a widespread bug or just happening to us, but we're getting SSLVPN -455 errors since we upgraded last night, but only on FortiToken users.
post edited by ajuDave - 2019/10/24 15:34:46
#13
bascheew
Bronze Member
  • Total Posts : 31
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/06/01 10:34:52
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/25 13:24:12 (permalink) ☄ Helpfulby thuynh_FTNT 2019/10/25 17:14:01
0
thuynh
Hi bascheew, we could not reproduce the issue in our lab. Can you provide more details on your config (FGT model, FAP model, how's the FAP profile is setup, etc). Does it happen to new FAP profile? Your gif also doesnt work. 

 
The Fortigate is 500e, APs are 421E.  I cloned the profile and the same thing happened on the cloned profile.  Let's see if this GIF works:


 
#14
thuynh_FTNT
Bronze Member
  • Total Posts : 51
  • Scores: -2
  • Reward points: 0
  • Joined: 2014/02/05 09:30:09
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/25 17:16:44 (permalink)
0
Thanks bascheew, so the issue is only with SSID groups (SSID is not impacted). This is a known issue and will be fixed in the next release.
#15
richinnz
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/02/08 14:51:54
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/25 19:03:31 (permalink)
0
neonbit
bascheew
Another bug.  In IPS, the severity column is blank!  You can't filter on severity as a result.
 


I can confirm I'm seeing the same thing. No severity or targets are populated in the GUI for IPS signatures so you can't filter on them.
 
*edit* Yup it's a known bug, scheduled to be fixed in 6.2.3.




Does anyone know if this is just a display/GUI bug, or is this affecting the signature selection for the IPS profile if you have severity based signature filters?
#16
thuynh_FTNT
Bronze Member
  • Total Posts : 51
  • Scores: -2
  • Reward points: 0
  • Joined: 2014/02/05 09:30:09
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/28 14:40:04 (permalink) ☄ Helpfulby richinnz 2019/10/28 15:43:53
0
Hi Richard, this is just a display issue. You should still be able to configure IPS profile and the feature still works as before.
#17
AlexFeren
Gold Member
  • Total Posts : 136
  • Scores: 6
  • Reward points: 0
  • Joined: 2011/10/05 17:04:08
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/10/28 15:35:50 (permalink)
0
sigmasoftcz Finally add support for wildcard FQDN addresses in firewall policy!



After being removed in 5.4?
#18
simonorch
Gold Member
  • Total Posts : 323
  • Scores: 14
  • Reward points: 0
  • Joined: 2009/06/05 00:05:08
  • Location: Norway
  • Status: offline
Re: FortiOS 6.2.2 is out 2019/11/01 05:03:50 (permalink)
0
Possible bug seen in both 6.2.1 and 6.2.2
 
diag traffictest client-intf  seems to be stuck on port1 even if you can define another port, wan1 for example. When trying to run the test i get an error saying port1 could not be found, which isn't surprising on a 60E.
 
tried on 300E with 6.2.1 and a 400D with 6.0.6 and it works fine
 
tried using 6.2.1 and 6.2.2 on two different 60E, same result.
 
Edit: same thing on a 60D with 6.0.6, so is traffictest not supported on smaller boxes?
post edited by simonorch - 2019/11/01 05:13:30

NSE8
Fortinet platinum partner - Norway
#19
Jump to:
© 2019 APG vNext Commercial Version 5.5