This is a quick informal update on the new Fortinet FortiOS5.2 & the problems that I found over the first few days leading into my 5.2 GA upgrades attempts.
A lot of person are complaining of CLI console being disable after going to 5.2. I too just now found this to be true. I did a few 60D and 90D with no problems, and recently a FGT110C. The console is flatout dead on the latter.
note: I had to reformat and reload the image via tftp which was horrible.
Various other problems that's being a big pain in the A$$;
The SSLVPN enabling per interface has been a struggle and any modfications with the listening-ports nunbers can cause the fortigate to randomly select the numbers. So always review the configuration via cli. This new one page WebGUI configuration page, was suppose to make things simpler, but I have to disagree
Speaking of randomness, my FWF60D in my lab has started to revert back to it's old name. I haven't figure that one out. Maybe it has a mind of it own.
(misc )
Various other statistics like modem & fortiview statistics are not resetting or display weirdness. I have a ip/127.0.0.x present in my fortiview viewer that I'm trying to figure out :)
NOTE: I was really hoping fortiview would have a view by application and GEO-ip
Wifi access on MacOSX seems to be problemantic upon re-establishments & we didn't have these issues before 5.2 or pre 5.X versions. It's more problematic on MACOSX 10.8.x than 10.9, so this leads me to start using the WifiDiagnostic utility. But so far I haven't found the cause(s).
Also no macosx 5.2 sslvpn client. We have windows and linux covered , but Macosx missed the boat and that just plain sucks
And the last big PITA, the WebGUI is way much slower. It has nothing todo with the firewall loading or the appliance size. Example, a firewall with just under <40 sessions ( most of that is DNS and the Admin access ), and some simple pages take a considerable time to load.
NOTE:My FWF50B running a 3.0MR7p9 is faster :)
Stay tune, I'm sure more things will probably be found. I hope fortinet didn't rush this out the door to get the code out in the wild .
Ken Felix
Freelance Network/Security Engineer
kfelix -----a----t---- Socpuppets ---dot---com
^ ^
=( ~ ~ )=
@
/ \
I'm scheduled to run an upgrade soon (to 5.2.1). I noticed this post was from back in June, when I believe 5.2.1 wasn't out yet. Have you upgraded to it, if so are the issues you encountered with 5.2 gone?
ReplyDeleteI'd appreciate the feedback, thanks!
ReplyDeleteVersion v5.2.1,build0618,140915 (GA)
Eddie thanks for catching my blog
yes 5.2.1 has been out since mid-Sept. We've upgraded a few 60Ds and 100Ds
The webgui access is much better , and a few other issues seems resolved . I would suggest that you open a case for anything you find with TAC and post on the public support forum at URL https://forum.fortinet.com/forums
My username on that site is Emnoc
Thanks
Ken Felix
Socpuppets
Ah, good to know, thanks! I wasn't aware of the Fortinet Forums, just signed up... unfortunately, I was surprised and disappointed they mailed me back my 'stock' forum password through email (plain-text, surprising for a security company). I had to go back and reset this stock password in every forum I have it on. *shakes head
ReplyDeleteThanks again for the info!
That forum is very useful but remember if you need real support, you should have a contract an engage Fortinet TAC.
ReplyDeleteYeap, sure do... I used them constantly, they're pretty good!
ReplyDelete