This is a quick informal update on the new Fortinet FortiOS5.2 & the problems that I found over the first few days leading into my 5.2 GA upgrades attempts.
A lot of person are complaining of CLI console being disable after going to 5.2. I too just now found this to be true. I did a few 60D and 90D with no problems, and recently a FGT110C. The console is flatout dead on the latter.
note: I had to reformat and reload the image via tftp which was horrible.
Various other problems that's being a big pain in the A$$;
The SSLVPN enabling per interface has been a struggle and any modfications with the listening-ports nunbers can cause the fortigate to randomly select the numbers. So always review the configuration via cli. This new one page WebGUI configuration page, was suppose to make things simpler, but I have to disagree
Speaking of randomness, my FWF60D in my lab has started to revert back to it's old name. I haven't figure that one out. Maybe it has a mind of it own.
Various other statistics like modem & fortiview statistics are not resetting or display weirdness. I have a ip/127.0.0.x present in my fortiview viewer that I'm trying to figure out :)
NOTE: I was really hoping fortiview would have a view by application and GEO-ip
Wifi access on MacOSX seems to be problemantic upon re-establishments & we didn't have these issues before 5.2 or pre 5.X versions. It's more problematic on MACOSX 10.8.x than 10.9, so this leads me to start using the WifiDiagnostic utility. But so far I haven't found the cause(s).
Also no macosx 5.2 sslvpn client. We have windows and linux covered , but Macosx missed the boat and that just plain sucks
And the last big PITA, the WebGUI is way much slower. It has nothing todo with the firewall loading or the appliance size. Example, a firewall with just under <40 sessions ( most of that is DNS and the Admin access ), and some simple pages take a considerable time to load.
NOTE:My FWF50B running a 3.0MR7p9 is faster :)
Stay tune, I'm sure more things will probably be found. I hope fortinet didn't rush this out the door to get the code out in the wild .
Freelance Network/Security Engineer
kfelix -----a----t---- Socpuppets ---dot---com
=( ~ ~ )=