Helpful ReplyHot!Looks like 6.2.4 is out!

Page: < 1234 Showing page 4 of 4
Author
Nicklebon
New Member
  • Total Posts : 10
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/12/07 15:39:13
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/05/28 09:48:38 (permalink)
0
rpedrica
Kevin Shanus
My issue was that I upgraded 200E to 6.2.4 , 80E to 6.2.4 and FAZ to 6.2.5. 
 
6.2.4 has DoS issue which breaks VIPs
6.2.X changes SSL Inspection w/ SSH which broke DUO 2FA for me, fix was easy, had to exclude url from inspection but took a bit to track down
FAZ 6.2.5 had to have some reliability feature turned off to work with <100E Fortigates
 
I also patched about 45 windows servers the same weekend. #neveragain




Hi @Kevin Shanus
 
Can you give more specifics about the faz feature that needed to be turned off?
 
Robby


Second this request. Having a fit ATM trying to track down why logs from a pair of 61Es and a 60F running 6.2.4 sending logs to a FAZ running 6.2.5 are not showing up.
post edited by Nicklebon - 2020/05/28 09:55:02
#61
sanderl
Bronze Member
  • Total Posts : 44
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/11/13 10:25:54
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/06/06 06:33:40 (permalink)
0
OMG... just was away from home... suddenly no mail on primary mx record...
not able to get to webserver, no ssl vpn, nothing...
 
but some "cloud" device were still available... very strange...
 
upon reaching home:
Everything works fine internally (not sure if other subnets were reachable).
DNS not reachable, could not ping default internet gateway, could not ping anything... Rebooted Internet modem: nothing.
 
Shall it be the FG?
 
Reboot, gone! I started too google on fortios 6.2.4 and no OMG... this topic, and this topic: https://www.reddit.com/r/fortinet/comments/gm3pn1/dont_use_fortios_624/
 
Oh Fortinet please help us all.

Edit: yes it happened again today. And removing the dos policy resolved this issue at around 45 seconds.

Fortinet, take care please!
post edited by sanderl - 2020/06/08 12:42:23
#62
sanderl
Bronze Member
  • Total Posts : 44
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/11/13 10:25:54
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/06/08 14:04:35 (permalink)
0
Ok, so now again trouble after 2 hours of previous post update. Rebooting was only solution. 50% mem and 4% cpu nothing unusual but couldn't have too much downtime... fortinet, please advise!
#63
poundy
Silver Member
  • Total Posts : 61
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/06/13 20:58:45
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/06/08 16:41:10 (permalink)
0
sanderl
Ok, so now again trouble after 2 hours of previous post update. Rebooting was only solution. 50% mem and 4% cpu nothing unusual but couldn't have too much downtime... fortinet, please advise!

Genuine question: is this a supported/monitored forum by FTNT staff, or just happens to be here? 
I think the answer from the community is roll back, and I'd raise a support ticket to TAC so you can get the official answer too. 
 
#64
darwin_FTNT
Bronze Member
  • Total Posts : 52
  • Scores: 6
  • Reward points: 0
  • Joined: 2018/04/24 18:12:28
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/06/08 16:59:38 (permalink)
0
Could be due to mantis 0635589: "When running FortiOS 6.2.4 DoS policies may incorrectly drop traffic that has a destination to the FortiGate"
 
It is due to new big feature merged supporting new fgt-F platforms. Unfortunately, some platform specific code is incorrectly merged.  Packets are dropped after DoS policy memory not allocated.  Can verify by 'diag debug flow' commands.
 
Work around is disabling DoS policy.  Please contact TAC / support for more details, fix schedule or custom firmware. Thanks.
#65
poundy
Silver Member
  • Total Posts : 61
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/06/13 20:58:45
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/06/08 17:01:26 (permalink)
0
darwin
Could be ...

that at least answers part of my question :)  Thanks for coming in on this 
 
#66
Frosty
Gold Member
  • Total Posts : 192
  • Scores: 13
  • Reward points: 0
  • Joined: 2010/11/03 15:53:40
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/06/22 21:25:27 (permalink)
0
peterse
What release would you recommend as most stable atm? We went from 6.0.9 with RDP disconnection bug, otherwise it worked fine.


I upgraded an FG200E from v6.0.9 to v6.0.10 last weekend and no problems ... and that RDP disconnect over SSL VPN connections is fixed (hallelujah) ... I will be staying on v6.0.10 for as long as possible.  :)
post edited by Frosty - 2020/06/22 21:39:28
#67
Kevin Shanus
New Member
  • Total Posts : 13
  • Scores: 3
  • Reward points: 0
  • Joined: 2014/05/15 04:56:43
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/06/23 05:15:25 (permalink)
0

 
Hi @Kevin Shanus
 
Can you give more specifics about the faz feature that needed to be turned off?
 
Robby


Second this request. Having a fit ATM trying to track down why logs from a pair of 61Es and a 60F running 6.2.4 sending logs to a FAZ running 6.2.5 are not showing up.




Sorry for the delay - here is from the ticket I opened Ticket Number: 4056965
4. Further checked and found it is known issue with bug id 635070 and all models less than 100 series are affected.
5. As workaround we disable reliable so that connection can established for logging.
6. After disabling reliable, we could to find logs are coming.
#68
Kevin Shanus
New Member
  • Total Posts : 13
  • Scores: 3
  • Reward points: 0
  • Joined: 2014/05/15 04:56:43
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/06/23 05:17:13 (permalink)
0
I was told ETA for 6.2.5 is July 28th , we'll see
#69
MikePruett
Platinum Member
  • Total Posts : 702
  • Scores: 17
  • Reward points: 0
  • Joined: 2014/01/08 19:39:40
  • Location: Montgomery, Al
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/06/23 07:47:35 (permalink)
0
Kevin Shanus
I was told ETA for 6.2.5 is July 28th , we'll see




The fact that 6.2.4 caused so many problems and the fix is that far away is saddening.
#70
Toshi Esumi
Expert Member
  • Total Posts : 2240
  • Scores: 215
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/07/28 14:03:12 (permalink)
5 (1)
Just FYI: I just heard a news that the current target release date for 6.2.5 falls into the week started with the 17th of August. The same source told me they fixed totally 5 WAD memory leak/crash issues.
#71
lobstercreed
Gold Member
  • Total Posts : 292
  • Scores: 35
  • Reward points: 0
  • Joined: 2018/11/28 14:57:58
  • Location: Sedalia, MO
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/07/28 14:16:37 (permalink)
0
This is consistent with the delays I've been seeing with 6.4.2 -- it was supposed to be out two weeks ago, then got pushed, then got pushed again.  Still waiting to see if it comes out this week or not.  If they actually do fix the issues that I have 3 tickets open about, I would suggest jumping ahead to it and forgetting this 6.2.x disaster.
#72
sw2090
Expert Member
  • Total Posts : 751
  • Scores: 56
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/07/28 23:25:54 (permalink)
0
Upgraded 19 FGT100E plus 2 FG300E from 6.0.8 to 6.2.4 and one FMG from 6.2.1 to 6.2.5 plus my adom(s) to 6.2.
The first FGT are up with 6.2.4 for over one week now. Only issue I had on FGTs so far was that  some of them lost their dns servers upon updating. Up to now no other issues were seen or reported on the FGTs here.
 
The more issues were with FMG and upgrading the adoms (as it was with all updates I did up to now).
DFMG 6.2.5 has quite a load of bugs concerning the global db. This prevented me from upgrading the adom until i removed /fixed a bunch of Fortinet default profiles/thingies in global db which I never touched or used anywhere.
We just use UTM profiles/cathegories from the global db.
Accoarding to TAC those are all known  Bugs.
Additionally there were some changes that seemed to have caused conflicts producing weird errors on policy package deployment. A retrieve config fixed those so far.
Also there were some changes in behavement in FMG that caused deployment to fail because there now is things that were deployed without error in 6.2.1 but now error out.
 
Together with TAC I've found all that concerned me and I can now deploy it all without prolems again.
 
MIght have annother round of FGT Upgrading when 6.2.5 comes out for bugfixing.
#73
ISOffice
Silver Member
  • Total Posts : 66
  • Scores: 2
  • Reward points: 0
  • Joined: 2013/11/25 03:23:57
  • Status: offline
Re: Looks like 6.2.4 is out! 2020/08/08 07:33:40 (permalink)
0
Hi all,
 
We were operating a pair of 100D Hardware Appliances (v6.2.3 build 1066 GA), running HA in an Active/Passive configuration.
I noticed that the Events Log included a lot of entries regarding application crashes, specifically the IPS Engine.
Fortinet Support advised me to upgrade to 6.2.4 as there was a known issue with the installed version of the IPS Engine. I had been hesitant to do this based on the experiences of those posting here, but felt I had no real option other than carry out the upgrade.
As of this time (16 hours after upgrade) we have had no major issues. However, immediately after the upgrade completed there was something not quite right with DHCP. Our Fortigate assigns IP Addresses to the 100 Cisco Access Points in our wireless network. After the upgrade, I checked DHCP Monitor and could see no entries (normally there were 100).
As a test I rebooted a single access point and the DHCP Monitor log then showed a lot of entries with a Status of "Removed due to conflict". It appears that the Fortigate had forgotten the IP addresses it had handed out previously as it tried several addresses from the address pool in an effort to find a free one. If an address is marked as "Removed due to conflict" in the DHCP Monitor can it no longer be used? I'm afraid that when the access points renew their leases all addresses will have been exhausted.
I'm in the process of rebooting the access points, a few at a time and manually revoking those addresses marked 'removed'. This is proving to be quite a lengthy process, but seems to be my only option to ensure that the IP address pool is not exhausted.
I probably could have run the execute dhcp lease-clear all command from the CLI but was unsure if this would have worked. Would it have just forced the 100 APs to renew their existing IP Addresses?
Just thought I'd put this out there in case someone else encounters a similar issue.
 
Best regards,
 
John P
#74
Fullmoon
Platinum Member
  • Total Posts : 908
  • Scores: 14
  • Reward points: 0
  • Joined: 2010/08/02 18:02:10
  • Status: online
Re: Looks like 6.2.4 is out! 2020/08/09 21:55:17 (permalink)
0
revert back my FGT 90E to 6.2.3 due to slow GUI running on FOS 6.2.4

Fortigate Newbie
#75
Page: < 1234 Showing page 4 of 4
Jump to:
© 2020 APG vNext Commercial Version 5.5