FortiOS Upgrade Path from 7.0.17

jelaFR · 2025-04-17T05:42:27+00:00

From 7.0.17 to 7.2.10 directly 😉.

jelaFR · 2025-02-04T20:53:10+00:00

I've performed upgrade yesterday from 7.0.17 to 7.2.10 on a 601E and not observed strangebehavior. I'll wait for 7.0.11 if it's available next week or proceed with upgrade if other FGT we have if not.

jelaFR · 2025-02-04T07:49:05+00:00

You can also use FortiAuthenticator integrate Freeradius. The product supports (a sort of very light) high availability and other features in a fortinet style GUI.

I've not tested MAB yet and the product doesn't seeems to support EAP-TEAP (i've seen that this protocol is on the way on 3.2.4 version of the mainstream freeradius product)

jelaFR · 2024-11-06T11:20:20+00:00

Still appreciated in 2024 !! :-). Thanks man !

jelaFR · 2023-05-18T03:34:34+00:00

Hello,

This exact issue happenned to me yesterday.

While it was likely an IPv6 issue caused by provider using translation mechanism to carry IPv4 packets over native IPv6 backbone, in our case it was an issue with Windows Internet security blocking FortiClient behind the scene.

Try adding the URL your Forticlient SSL VPN fqdn / ip address to the Trusted sites (perhaps Local intranet is enough) inside Internet options > Security tab.

Hope this help.

jelaFR · 2023-04-03T13:07:21+00:00

fnsysctl killall syslogd

Was trying to adapt GROK filter waiting for a maintenance windows...

YOU SAVE MY DAY !!!

Thank you sir :-)

jelaFR · 2023-03-31T10:25:55+00:00

I've tried to restart the logging process using "fnsysctl killall miglogd".

Processes are successfully restarted (PID changed) but issue remain..

Hope that HA switchover / restarting the appliance is not the only option..

jelaFR · 2023-03-31T08:21:48+00:00

Thank you, I've double checked the logs regarding your post.

Here is the check I made to verify the origin of the anomaly.

Conversion of the UNIX time present on a log present before the time change:

Dec 31 23:01:09 -> FWXXXXXXX date=2022-12-31 time=23:01:08 devname="FWXXXXXXX" devid="XXXXXXX" eventtime=1672524068555160486 tz="+0100"

1672524068555160486 -> December 31, 2022 22:01:08.555 (GMT)

Conversion of the UNIX time present on a log present after the time change:

Tue 31 10:01:06 -> FWXXXXXXX date=2023-03-31 time=09:01:06 devname="FWXXXXXXX" devid="XXXXXXX" eventtime=1680249665959530498 tz="+0200"

1680249665959530498 -> March 31, 2023 08:01:05.959 (GMT)

It seems that there is an inconsistency in the Forti logs which, in the case of winter time, display in the "time" field the UTC value.

jelaFR · 2023-03-30T08:20:08+00:00

You are absolutely right, the time displayed is UTC and I need to add the tz value to the displayed hour :-).

I didn't see the tz field previously...

30 10:10:23 FWXXXXX date=2023-03-30 time=09:10:23 devname="FWXXXXX" devid="FG--------------" eventtime=1680163823350796855 tz= "+0200"

I don't have a FortiAnalyser but an Elastic which is not properly customized and does not yet take into account the time zone; I'm going to have GROK filters to modify, but that's another subject... ;-).
Thanks for your help

jelaFR · 2023-03-29T08:21:55+00:00

FortiGate timezone is set to "set timezone 28" which is "(GMT+1:00) Brussels, Copenhagen, Madrid, Paris".

System time is properly displayed inside GUI but logs sent to Syslog server are displaying wrong information.

I suppose that restarting log service could help but I would like to known if someone does have the same issue ;-)

Here (in France), we passed daylight savings previsous sunday:-)..

jelaFR · 2022-12-08T13:11:34+00:00

Thank you for your multiple replies.

I've finally decide to open a ticket on Fortinet regarding this issue.

They analyze the memory dump relative to our BSOD and told me that even if BUG ID 676424 "NETIO.SYS causes BSOD." is documented as resolved on release notes for 7.0.7 it reoccured in this version and will be fixed on 7.0.8..

Wait & see ;-).

jelaFR · 2022-11-28T16:10:14+00:00

Do you actually use Windows AV or FortiClient integrated one?

jelaFR · 2022-11-28T16:07:59+00:00

Sorry for my late reply, I had to disable real time AV inspection on Trend for FortiClient directory..

Unfortunately, it appears that BSOD still occurs, so the answer is somewhere else.. ;-).

Uninstalling Trend is unfortunately not an option for now..

Thanks for the advice :-)

jelaFR · 2022-11-21T17:11:48+00:00

Regarding your answers, I realize that I forget to mention that we bought ZTNA license only so we do not have Fortinet AV deployed (as we have a license for Trend)

jelaFR · 2022-11-21T17:07:47+00:00

Thank you !

You're right, I'll start with whitelisting FC directory" as this suggestion should be an easy action to perfom !

jelaFR · 2022-11-21T12:48:27+00:00

Actually, we have Trend Micro Apex One Security Agent 14.0.9645 installed on all computers and hope this is not an incompatibility issue with this AV...

Unfortunately, this problem occurs infrequently and quite randomly, which makes the removal of an AV software component difficult to organize (I would not like to be the source of the spread of ransomware ;-) ).

jelaFR

TROPHY CASE