Hot!FortiOS 6.2.3 is out

Page: < 12 Showing page 2 of 2
Author
James_G
Gold Member
  • Total Posts : 150
  • Scores: 5
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: FortiOS 6.2.3 is out 2020/01/12 04:58:48 (permalink)
0
Ede, do you want me to check on a 51e with 6.2.3 tomorrow?
#21
Jirka
Gold Member
  • Total Posts : 154
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/07/09 11:34:53
  • Location: Czech Republic
  • Status: offline
Re: FortiOS 6.2.3 is out 2020/01/12 07:02:27 (permalink)
0
Hi Ede,

yes, they do



 
Jirka

Attached Image(s)

#22
James_G
Gold Member
  • Total Posts : 150
  • Scores: 5
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: FortiOS 6.2.3 is out 2020/01/12 08:03:03 (permalink)
0
Awesome!
#23
justme
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/01/13 06:19:33
  • Status: offline
Re: FortiOS 6.2.3 is out 2020/01/13 06:29:57 (permalink)
0
Upgraded FGT-92D from 6.2.2 build 1010 to 6.2.3 build 1066 and had a few issues.
1. SSL management stopped working - there were no logs regarding httpsd startup failiure; system global admin-server-cert was empty - had to reconfigure it from SSH;
2. Ever since the update (and later downgrade to 6.2.2) SSH key is recreated after a reboot. Can't find a log regarding it either;
3. The system is using PPPoE on uplink, had to manually change MTU on an email server behind it; downgrading back to 6.2.2 resolved the issue;
4. Have some issues with ipsec site2site connection, still looking what might be the cause.
#24
James_G
Gold Member
  • Total Posts : 150
  • Scores: 5
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
Re: FortiOS 6.2.3 is out 2020/01/13 08:29:25 (permalink)
0
Re IPSEC - it might be the same as issue I found - had to add the following to config vpn ipsec phase1-interface
 
set net-device disable
 
I think 6.2.3 has an undocumented change in default behavior and now enabled the setting by default
#25
JaapHoetmer
Bronze Member
  • Total Posts : 57
  • Scores: 0
  • Reward points: 0
  • Joined: 2011/08/09 02:06:53
  • Location: Geneva, Switzerland
  • Status: offline
Re: FortiOS 6.2.3 is out 2020/01/14 04:18:29 (permalink)
0
Hi there,
 
I have found an issue with 6.2.3 where emails with attachments sent from Outlook using SMTPS (465) were blocked. After disabling the UTM checks on the outbound policy the email functions returned to normal.
 
This firewall was upgraded Sunday the 12th, and the problem appeared on Monday morning the 13th. No other changes were performed on the firewall apart from the upgrade.
 

Kind regards,

Jaap
#26
Hosemacht
Silver Member
  • Total Posts : 64
  • Scores: 3
  • Reward points: 0
  • Joined: 2017/04/18 04:06:13
  • Location: Upper Austria
  • Status: offline
Re: FortiOS 6.2.3 is out 2020/01/14 08:21:35 (permalink)
0
Hi there,
 
are there any news about the device enforcement in Policies for FortiOS 6.2.3 or higher?

sudo apt-get-rekt
#27
Jirka
Gold Member
  • Total Posts : 154
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/07/09 11:34:53
  • Location: Czech Republic
  • Status: offline
Re: FortiOS 6.2.3 is out 2020/01/14 08:23:57 (permalink)
0
the_giraffe_that_wasnt_president
Hi there,
 
are there any news about the device enforcement in Policies for FortiOS 6.2.3 or higher?


Unfortunately, no
#28
rete@meteoam.it
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/09/08 05:39:27
  • Status: offline
Re: FortiOS 6.2.3 is out 2020/01/16 08:26:03 (permalink)
0
sigmasoftcz
Hi Ede,

yes, they do



 
Jirka




Can you check if they now have "Redundant Interfaces" also?
Adding LACP support, that is technically way more complicated, but not simple port redundancy would be illogical.
#29
justme
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/01/13 06:19:33
  • Status: offline
Re: FortiOS 6.2.3 is out 2020/01/17 05:19:52 (permalink)
0
I am pretty much sure there's an issue or a change in packet processing defaults regarding packet size/mtu/fragmentation between FortiOS 6.2.2 and 6.2.3. I am using FGT92D with PPPoE uplink (8 bytes of overhead) on an ordinary Ethernet link (1500 MTU). The system is a gateway for some TCP baced services (SSH, SMTP, POP3, IMAP, HTTPS, RDP, ...) behind a NAT (RFC1918 network) and when updating from 6.2.2 to 6.2.3 the connection drops when trying to let's say send an email over TLS, or even doing a "show full-configuration" over couple of SSH connections. I opened a ticket and did multiple tests with TAC Engineer and I am able to reproduce the issue every time when upgrading to 6.2.3. I could change tcp-mss-* values in every policy and/or set tcp-mss on an interface, but i'd really like the system would have the same processing of packets as it did in 6.2.2. Could someone that has a lab environment confirm this?
#30
Page: < 12 Showing page 2 of 2
Jump to:
© 2020 APG vNext Commercial Version 5.5