Helpful ReplyHot!FortiOS 6.0.9 is out

Page: 12 > Showing page 1 of 2
Author
James_G
Gold Member
  • Total Posts : 247
  • Scores: 11
  • Reward points: 0
  • Joined: 2016/02/28 02:55:47
  • Status: offline
2020/01/23 03:25:18 (permalink)
0

FortiOS 6.0.9 is out

https://docs.fortinet.com/document/fortigate/6.0.9/fortios-release-notes/760203/introduction
 
The known issues are the shortest list I remember
#1
nostalia_nse7
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/01/23 13:10:13
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/01/23 13:15:29 (permalink)
0
Definitely looks promising!  I have my first client upgrade happening tomorrow morning.  Then rollout to many others over the coming weeks for those that we haven't had maintenance windows yet for 6.0.8.  Hopefully the list stays short.  Also the shortest list I have seen in forever -- possibly ever.
 
#2
Selective
Expert Member
  • Total Posts : 2744
  • Scores: 119
  • Reward points: 0
  • Joined: 2007/07/03 10:44:56
  • Location: Gothenburg - Sweden
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/01/23 22:51:47 (permalink)
0
If you are able to, test the RDP through SSLVPN (in the known issue section), because that is a deal breaker for me and probably most of the firewall admins out there.
#3
jim3cantos
Bronze Member
  • Total Posts : 25
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/12/07 02:09:44
  • Location: Madrid. Spain
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/01/24 05:00:55 (permalink)
0
There are also bugfixes in CDR, but I think they didn't corrected the one I indicated here as support said it was "594202 - AVEN Error when doing CDR for certain PDF" and I can't find it in the list of solved issues. Nobody is using CDR?
#4
jim3cantos
Bronze Member
  • Total Posts : 25
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/12/07 02:09:44
  • Location: Madrid. Spain
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/01/24 05:04:23 (permalink)
0
Selective
If you are able to, test the RDP through SSLVPN (in the known issue section), because that is a deal breaker for me and probably most of the firewall admins out there.


In which version was introduced this one? 6.0.7 or 6.0.8?
#5
Selective
Expert Member
  • Total Posts : 2744
  • Scores: 119
  • Reward points: 0
  • Joined: 2007/07/03 10:44:56
  • Location: Gothenburg - Sweden
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/01/24 05:13:55 (permalink)
0
Don´t know, I don´t run 6.0.7 or 6.0.8. It might have been introduced in 6.0.9, but if RDP fails I would stay away from that version.
#6
Kenundrum
Gold Member
  • Total Posts : 159
  • Scores: 21
  • Reward points: 0
  • Joined: 2008/05/15 10:25:50
  • Location: Rhode Island, US
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/01/24 06:20:50 (permalink)
0
That bug is not listed in any prior release notes, so perhaps introduced in 6.0.9?

NSE4
Some FGT500Es, 500Ds, 60Ds at work
FWF60E, FWF80CM at home
#7
simonpt
Bronze Member
  • Total Posts : 26
  • Scores: 0
  • Reward points: 0
  • Joined: 2008/10/23 18:06:52
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/01/25 02:05:09 (permalink)
0
Selective
Don´t know, I don´t run 6.0.7 or 6.0.8. It might have been introduced in 6.0.9, but if RDP fails I would stay away from that version.



I experienced the RDP over SSL VPN issue in 6.0.8. (I never tried it with 6.0.7.) When I saw it listed in the 6.0.9 known issues, I asked FortiTAC when it will be fixed and they said:
 
FortiOS v6.4.0 --Expected release date: last week of March, 2020
FortiOS v6.2.4 --Expected release date: last week of April, 2020
FortiOS v6.0.10 --No ETA but I think it will be released in April, 2020 along with v6.2.4
 
Funny thing is, I've now upgraded to 6.0.9 and my RDP sessions seem stable. As I write, they've been running fine now for about 20 minutes, whereas they would disconnect in less than a minute with 6.0.8. Maybe they fixed it after all.
#8
NeilG
Silver Member
  • Total Posts : 89
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/03/04 11:00:39
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/03 15:26:36 (permalink)
0
Maybe instead of SSLVPN to RDP you could use SSLVPN to Windows Admin (https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview).
 
Doesn't cover all of the remote workloads, but might cover enough for you.
 
:)
#9
jim3cantos
Bronze Member
  • Total Posts : 25
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/12/07 02:09:44
  • Location: Madrid. Spain
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/03 23:35:21 (permalink)
0
Another issue is commented in the "parallel" thread at Reddit:

We upgraded today. We are having timeout issues with fortiguard when set to https and had to switch it to udp. Have a ticket open with TAC. So far, https on port 53 or 8888 we get random timeouts when doing a fortiguard url lookup. Switching it to UDP on 8888 appears to fix it, but im guessing this leaves us vulnerable....

 
#10
ValentinoD
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/06 08:22:20
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/06 08:25:55 (permalink)
0
simonpt
Selective
Don´t know, I don´t run 6.0.7 or 6.0.8. It might have been introduced in 6.0.9, but if RDP fails I would stay away from that version.



I experienced the RDP over SSL VPN issue in 6.0.8. (I never tried it with 6.0.7.) When I saw it listed in the 6.0.9 known issues, I asked FortiTAC when it will be fixed and they said:
 
FortiOS v6.4.0 --Expected release date: last week of March, 2020
FortiOS v6.2.4 --Expected release date: last week of April, 2020
FortiOS v6.0.10 --No ETA but I think it will be released in April, 2020 along with v6.2.4
 
Funny thing is, I've now upgraded to 6.0.9 and my RDP sessions seem stable. As I write, they've been running fine now for about 20 minutes, whereas they would disconnect in less than a minute with 6.0.8. Maybe they fixed it after all.


Did you experience any more issues after the last update? Did the issue that you were seeing in 6.0.8 only see for RDP coming from SSLVPN?
 
We are thinking of going to 6.0.9, and while we do not have any SSL VPN on Fortigate, we do have RDP sessions going over IPSec VPN tunnels or other directly connected links.
#11
simonpt
Bronze Member
  • Total Posts : 26
  • Scores: 0
  • Reward points: 0
  • Joined: 2008/10/23 18:06:52
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/06 13:10:03 (permalink) ☄ Helpfulby ValentinoD 2020/02/07 02:20:32
0
ValentinoD
 
Did you experience any more issues after the last update? Did the issue that you were seeing in 6.0.8 only see for RDP coming from SSLVPN?

 
Still seeing the occasional issue with RDP over SSL VPN in 6.0.9, but not nearly as often.
 
ValentinoD
We are thinking of going to 6.0.9, and while we do not have any SSL VPN on Fortigate, we do have RDP sessions going over IPSec VPN tunnels or other directly connected links.

 
If you don't use SSL VPN, you'll be fine. RDP works okay over IPsec and other links.
post edited by simonpt - 2020/02/06 13:11:42
#12
ValentinoD
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/06 08:22:20
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/07 02:27:02 (permalink)
0
I expected it to be so. Thanks for the reply.
 
The strange thing is that i remember i saw it in the know issues when the first release notes for it were published. I checked the release notes today and it isn't listed anymore
#13
MikePruett
Platinum Member
  • Total Posts : 702
  • Scores: 17
  • Reward points: 0
  • Joined: 2014/01/08 19:39:40
  • Location: Montgomery, Al
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/09 11:17:13 (permalink)
0
Pushed it to 200 client FortiGates over the past week or so. So far, so good.
#14
simonpt
Bronze Member
  • Total Posts : 26
  • Scores: 0
  • Reward points: 0
  • Joined: 2008/10/23 18:06:52
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/09 13:01:41 (permalink)
0
ValentinoD
I expected it to be so. Thanks for the reply.
 
The strange thing is that i remember i saw it in the know issues when the first release notes for it were published. I checked the release notes today and it isn't listed anymore



You're welcome.
 
Oh yes, you're right. According to the change log, the known issues were updated last week on the 4th. (Frustrating when they only say something was updated but don't tell you what and so you have to try to work out for yourself what it was they did.)
 
Isn't that an interesting insight into Fortinet's current software development and QA processes? They initially had the RDP over SSL VPN bug (582265) listed as a known issue for 6.0.9. And a TAC engineer told me it would be fixed in 6.0.10, 6.2.4 and 6.4.0. Then someone realised, hang on, we've actually fixed this in 6.0.9. Quick, update the release notes. It's like the left hand isn't telling the right hand what it's doing :/
 
Another worrying insight for me is when a TAC engineer recommends reformatting FGTs to fix something that's slightly off. I had a slew of problems when I upgraded our FGTs to 6.0.9. One was quite serious -- not being able to route traffic through a FGT when I made it the active member in the HA cluster, even though the config and checksums matched the other member that could route traffic okay. I also discovered a minor web UI problem where you would hover over a source in FortiView and the pop-up would display the details for a different source. The engineer for that minor ticket suggested that there might be "some kind of corruption either on the firmware image or configuration itself" and to "factory reset the device and re-image the firmware on the FGT with the fresh image using TFTP". In the end, I ended up doing that, but mainly to fix the serious issue, which thankfully it did. (Ironically, it didn't fix the minor issue.) Crazy thing is, I had just reformatted both FGTs in the cluster when I upgraded them to 6.0.9 and I built a brand new config for them. Everything was fresh and new. Has FortiOS got so fragile that it needs to be reformatted to fix things now?
#15
jim3cantos
Bronze Member
  • Total Posts : 25
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/12/07 02:09:44
  • Location: Madrid. Spain
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/10 00:21:04 (permalink)
0
simonpt
ValentinoD
I expected it to be so. Thanks for the reply.
 
The strange thing is that i remember i saw it in the know issues when the first release notes for it were published. I checked the release notes today and it isn't listed anymore



You're welcome.
 
Oh yes, you're right. According to the change log, the known issues were updated last week on the 4th. (Frustrating when they only say something was updated but don't tell you what and so you have to try to work out for yourself what it was they did.)
 

 
That's why I try to keep a copy of the different versions of the file, but anyway they take an issue out of the know issues list and don't put it in the solved issues list so probably both lists are only a subset of the real thing. The only way to know for sure if something has been resolved is to try it.  
 
#16
ValentinoD
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/06 08:22:20
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/10 06:47:53 (permalink)
0
simonpt
 
Another worrying insight for me is when a TAC engineer recommends reformatting FGTs to fix something that's slightly off. I had a slew of problems when I upgraded our FGTs to 6.0.9. One was quite serious -- not being able to route traffic through a FGT when I made it the active member in the HA cluster, even though the config and checksums matched the other member that could route traffic okay.




This is the first time i have heard a TAC enginner recommending reformatting a FGT to fix a issue like this. It seems they have changed their approach from upgrade/downgrade to another firmware version like they did in the past. This seems like a serious bug, which at least should have been treated more carefully than just a reformat the FGT.
 
I remember that in the past, only the earlier version of a major release would have problems and were usually avoided, but the later releases would have been solid. If the higher versions of a release start having serious problems that does not bode well.
 
 
 
 
#17
simonpt
Bronze Member
  • Total Posts : 26
  • Scores: 0
  • Reward points: 0
  • Joined: 2008/10/23 18:06:52
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/10 14:35:27 (permalink) ☄ Helpfulby hnmr 2020/02/11 04:36:29
0
Another issue with 6.0.9 (and perhaps earlier versions) is where a client browsing securely to a FGT virtual server will get disconnected as soon as they send a ClientHello. This isn't reproducible on all our standard virtual servers -- only on one that I'm experimenting on with some advanced features enabled.
 
Further analysis shows that the wad process is crashing. The TAC engineer matched this to a known bug (590039) and advised me that it has been fixed in 6.2.3. When I asked if it would be backported to 6.0, I was told no, it won't, and to upgrade to 6.2.3. I've asked for an explanation on why it won't be backported and haven't heard yet. That was over three weeks ago.
 
According to Fortinet's product life cycle, FOS 6.0's engineering support doesn't end until 29 March 2021. If a daemon is crashing, I don't understand why they don't fix it. I'm certainly not keen to upgrade to a new version like 6.2 just yet.
#18
simonpt
Bronze Member
  • Total Posts : 26
  • Scores: 0
  • Reward points: 0
  • Joined: 2008/10/23 18:06:52
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/11 13:29:40 (permalink)
0
Just got bitten by another bug with 6.0.9. If you've implemented the best practice of creating higher-distance blackhole routes to prevent VPN traffic from routing to the internet when your tunnels go down, be careful if your VPN uses BGP to learn the route from the remote end. We had a tunnel flap overnight, the blackhole route kicked in but then stayed in even after BGP adjacency was formed. Looks like it might be this one in the list of known issues:
 
593864: Routing table is not always updated when BGP gets an update with changed next hop.
#19
Sebastiaan Koopmans
Silver Member
  • Total Posts : 87
  • Scores: 10
  • Reward points: 0
  • Joined: 2016/04/12 01:29:43
  • Location: Netherlands
  • Status: offline
Re: FortiOS 6.0.9 is out 2020/02/13 16:03:05 (permalink) ☄ Helpfulby Baptiste 2020/03/15 23:36:35
0
After upgrading it looks like (currently investigation) that we have random connectivity issues to on premise Exchange servers. They loose connection/outlook freezes sometimes with no reason.
 
Tonight we have downgraded to 6.0.8 to see if this the cause.
Keep you updated
post edited by Sebastiaan Koopmans - 2020/02/13 16:09:08

FortiAnalyzer / 6.4.0
FortiClient / 6.2.6
FortiClient EMS VM / 6.2.6
FortiGate 300D HA 6.2.4
FortiGate 500E HA 6.2.4
FortiGate 30E / 60E / 100E / 6.0.9
FortiMail VM HA / 6.4.0
FortiSandbox VM / 3.2.0
FortiWeb VM / 6.3.2
FortiManager VM / 6.4.0
#20
Page: 12 > Showing page 1 of 2
Jump to:
© 2020 APG vNext Commercial Version 5.5