Hot!FortiOS 6.4.1 is out

Page: 12 > Showing page 1 of 2
Author
bommi
Gold Member
  • Total Posts : 148
  • Scores: 14
  • Reward points: 0
  • Joined: 2016/08/03 03:42:49
  • Location: Germany
  • Status: online
2020/06/04 23:01:39 (permalink)
#1

33 Replies Related Threads

    bamather
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/01/23 07:21:19
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/05 09:12:27 (permalink)
    0
    I have not, but about to upgrade in my lab setup this weekend.  Currently running 6.4.0 and so far have been impressed but still really buggy.  Hope 6.4.1 will be good as we are suffering many bugs from the 6.2 train in our production environment.  
    #2
    tanr
    Platinum Member
    • Total Posts : 802
    • Scores: 36
    • Reward points: 0
    • Joined: 2016/05/09 17:09:43
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/05 09:13:09 (permalink)
    0
    The list of Known Issues is very small, but that's not all that reassuring for a .1 release. 
    #3
    bamather
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/01/23 07:21:19
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/05 09:15:15 (permalink)
    0
    I'm sure more will be added as more people roll it out.  Will let you guys know how the update went this weekend.
    #4
    brycemd
    Silver Member
    • Total Posts : 89
    • Scores: 4
    • Reward points: 0
    • Joined: 2016/12/03 11:24:30
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/05 09:16:52 (permalink)
    0
    What's with the lack of support for the F series? F series wasn't a part of the beta, it did have a 6.4.0 release, and now it's not even on the supported models for 6.4.1
    #5
    bamather
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/01/23 07:21:19
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/05 09:19:09 (permalink)
    0
    The I think the F models were also behind on the 6.4.0 release.  I would guess they will be coming in the next few days.
    #6
    James_G
    Gold Member
    • Total Posts : 221
    • Scores: 7
    • Reward points: 0
    • Joined: 2016/02/28 02:55:47
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/05 16:45:32 (permalink)
    0
    By this stage of 6.2.4 we knew it was a car crash.... Positive thinking, prey this is the fabled stable branch.
    #7
    simonorch
    Gold Member
    • Total Posts : 334
    • Scores: 14
    • Reward points: 0
    • Joined: 2009/06/05 00:05:08
    • Location: Norway
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/06 03:20:51 (permalink)
    0
    Whilst we're waiting for the 60/100F firmware. Can anyone verify the fortilink/hardware switch bug has been fixed?

    NSE8
    Fortinet Expert partner - Norway
    #8
    Belgarioz
    Bronze Member
    • Total Posts : 21
    • Scores: 2
    • Reward points: 0
    • Joined: 2018/11/02 03:43:06
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/07 00:42:26 (permalink)
    0
    Me.
    There are some issue solved: like ssl vpn split tunnel not working an MacOS computers.
     
    But there are some glitches (probabily) grafical not working. Right now i am unable to set up a a fabric device 'cause the page seems "broken".
    #9
    seadave
    Expert Member
    • Total Posts : 354
    • Scores: 50
    • Reward points: 0
    • Joined: 2004/11/03 18:02:09
    • Location: Seattle, WA
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/08 21:53:59 (permalink)
    0
    NOTE: I manage two 501Es HA in production.  I will NOT be updating those for a bit longer.  This was done on home/lab equipment.  Don't be careless at work with firmware this new!!!

    So I took the plunge.  My home setup is a FWF-60E, connected to a FSW108DPoE, that hosts a FortiAP 221C.  I was running 6.0.9.  It has been ok, but has randomly stopped working every two or three months requiring a reboot.  I've never taken the time to find root cause.


    I realized that Device ID and Tags will be removed or modified due to the update.  I use free FortiCloud logging as FAZ is too expensive for home use (unfortunately).

    I updated to 6.2.4 first.  No problems.  The process converted my custom Device IDs to type Device (MAC Address).  Each device was renamed in the following format:

    _upg_dev_DEVICENAME@XX:XX:XX:XX:XX:XX

    So, nice that FTNT embed that info in the name.  If  you use Device IDs heavily, make sure you read the release notes and understand how this will work.

    My FortiSwitch and FortiAP were detected and manageable without error as far as I could tell.  I have a very simple setup (two VLANs) though so YMMV.

    I next upgraded to 6.4.0 again no problems.  Some menus seems snappier and I like the UI.  I let it stabilize for about 10 minutes and then went on to 6.4.1.

    After the update regarding 6.4.1 you are presented with a screen that looks like the config may have defaulted.  It doesn't.  It is only asking you if you'd like to optimize the dashboard widgets.  Select Optimal and OK (unless you want to keep your old layout).  You are then shown a screen asking if you'd like to review new features.  After dismissing that, you are in the GUI.

    If you check the available widgets, there are a ton of options now.

    So it seems like things are working ok.  Will update if I see any oddness or other stability issues.  Memory is running at 50% which is less than when I was running 6.0.9 so that is nice.
     
    Edit: After 48 hours things are still running fine.  I was able to add a second SSID for a project and that was easy.  FWF60E is consuming on average 66% of RAM with ~20 IP devices, FortiSwitch and FortiAP controller enabled.  SLL Inspection isn't being used and VPN is not either.  Policies are using IPS/IDS, Webfilter, AV, and App Control.
     
    So far so good.
    #10
    seadave
    Expert Member
    • Total Posts : 354
    • Scores: 50
    • Reward points: 0
    • Joined: 2004/11/03 18:02:09
    • Location: Seattle, WA
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/08 21:54:55 (permalink)
    0
    Belgarioz
    Me.
    There are some issue solved: like ssl vpn split tunnel not working an MacOS computers.
     
    But there are some glitches (probabily) grafical not working. Right now i am unable to set up a a fabric device 'cause the page seems "broken".


    Try Firefox vs Chrome?  That works sometimes.
    post edited by seadave - 2020/06/08 21:57:09
    #11
    Andj
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/05/07 12:53:49
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/09 10:11:56 (permalink)
    0
    Hi, just updated my lab 60E and it broke DNS. I had to turn off DNS filter to get it to work.
     
    I spoke to tech support. Their advice is to disable fortiguard-anycast and set udp port to 8888.
     
    Apparently the option to change SDNS has been removed in 6.4.1 and disabling anycast re-enables SDNS access.
     
    Good thing I wasn't sipping my coffee when the rep replied to my question:
     
    Customer(09:46:30)
    So is this a bug with 6.4.1?
     
    Amr(09:47:04)
    well it is still under investigation
    it is too early to confirm
     
    I thanked him for the laugh 
     
    #12
    seadave
    Expert Member
    • Total Posts : 354
    • Scores: 50
    • Reward points: 0
    • Joined: 2004/11/03 18:02:09
    • Location: Seattle, WA
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/09 14:20:52 (permalink)
    0
    andrew@silverw.com
    Hi, just updated my lab 60E and it broke DNS. I had to turn off DNS filter to get it to work.
     
    I spoke to tech support. Their advice is to disable fortiguard-anycast and set udp port to 8888.
     
    Apparently the option to change SDNS has been removed in 6.4.1 and disabling anycast re-enables SDNS access. 
     

    That's interesting.  I had some DNS issues also.  I used two Synology NAS as my internal DNS and I thought I was blocking those.  I ended up enabling a DNS listener on the LAN interface and setting my Fortigate LAN IP as the forwarder IP for my Synology DNS.  That worked.  Fortigate is configured with Fortinet DNS IPs.
    #13
    aagrafi
    Gold Member
    • Total Posts : 191
    • Scores: 4
    • Reward points: 0
    • Joined: 2016/03/09 01:47:25
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/13 02:44:45 (permalink)
    0
    No time for debugging...
    #14
    neonbit
    Expert Member
    • Total Posts : 559
    • Scores: 72
    • Reward points: 0
    • Joined: 2013/07/02 21:39:52
    • Location: Dark side of the moon
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/14 06:39:58 (permalink)
    0
    Note a big change with 6.4.1 is that SDWAN interfaces are now added into zones. I upgraded from 6.4.0 and the interface zones got created automatically.
     
    It's a cool feature as you can now just reference the SDWAN zones in your policies.
     
    Still waiting for FMG 6.4.1 before I upgrade my main devices.
    #15
    brizvi_FTNT
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/04/01 20:42:06
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/15 16:23:22 (permalink)
    0
    Belgarioz
    But there are some glitches (probabily) grafical not working. Right now i am unable to set up a a fabric device 'cause the page seems "broken".


    Were you able to get it to work? If not, can you post some screen captures? 
    #16
    Magnitude 8
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/01/23 16:27:06
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/06/25 05:22:38 (permalink)
    0
    I've just updated my first FortiGate from 6.4.0 to 6.4.1. Initial testing looks good. Feels like this should have been the 6.4.0 release. New dashboards replace FortiView and the GUI just seems much faster.
     
    Only issue I have found so far is they way SD-WAN is upgraded to SD-WAN Zones. Rather than upgrading the old SD-WAN interface to an SD-WAN Zone, member interfaces are added to separate SD-WAN Zones (virtual-wan-link and upg-zone-wan1 in my case).
     
    This means that the old SD-WAN interface have been replaced with two zones in all policies and Interface Pair View can no longer be activated.
     
    I assume I can just move the secondary interface to the virtual-wan-link zone and delete upg-zone-wan1 from all the rules, but am not certain. Also, the default route is still SD-WAN, so I'm not clear how traffic is now being routed.
     
    In general, this looks like a good update, but I wish Fortinet had provided a bit more guidance around SD-WAN. I'll post again if I experience any issues.
    #17
    thuynh_FTNT
    Silver Member
    • Total Posts : 62
    • Scores: -2
    • Reward points: 0
    • Joined: 2014/02/05 09:30:09
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/07/06 15:55:03 (permalink)
    0
    >Only issue I have found so far is they way SD-WAN is upgraded to SD-WAN Zones. Rather than upgrading the old SD-WAN interface to an SD-WAN Zone, member interfaces are added to separate SD-WAN Zones (virtual-wan-link and upg-zone-wan1 in my case).

    Hi there, did you use individual SD WAN member in firewall policy before the upgrade? If so, firmware upgrade will detect that and auto-create an "upg-zone-xxx" SD WAN zone for that member interface and move it there. If not, all SD WAN members should stay in a default "virtual-wan-link" zone.

    Let me know if that's not the case. If so, please send me your related SD WAN config.
    #18
    owla
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/07/06 21:57:16
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/07/06 22:08:46 (permalink)
    0
    Same happened with SD-WAN. 
    2 member interfaces belong virtual-wan-link and 1 member interface moved to upg-zone-wan1 after upgrade to 6.4.1
    I moved 1 member interface from upg-zone-wan1 to virtual-wan-link and had to update all firewall polices (deleted upg-zone-wan1) and Interface Pair View is Ok now.
    But still there are some more small issues:
    - CLI from GUI doesnt work (lost connection).
    - 'Firewall User Monitor' doesn't show 'User Group' for 'Radius Single Sign-on users' (RSSO works but just doesn't show name of 'User Group')
     
    Decided to roll back to 6.2.4 and wait the next update.
     
    #19
    owla
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/07/06 21:57:16
    • Status: offline
    Re: FortiOS 6.4.1 is out 2020/07/06 22:42:34 (permalink)
    0
    Double post
    post edited by owla - 2020/07/06 23:27:03
    #20
    Page: 12 > Showing page 1 of 2
    Jump to:
    © 2020 APG vNext Commercial Version 5.5