Fortigate 800c Firmware

2 views
Skip to first unread message

Endike Baur

unread,
Aug 3, 2024, 6:08:23 PM8/3/24
to dyscoriho

i have 2 FGT 800C running in HA mode Active-Active before 3 days ago i have upgraded the firmware from 5.2.4 to 5.4.2 using proper upgrade path which provided by fortinet 5.2.4 > 5.2.6 > 5.2.9 > 5.4.2, after upgrading the firmware i noticed that FGT GUI is very very slow especially when i navigate to polices page took like 3 to 5 mints to open. i have opened ticket with foritnet support and waiting for their reply, did anyone faced this issue?

- How you are accessing Web-GUI either by VPN, Public IP or Internally (LAN). - Also when you are checking keep the "httpsd" on check with multiple browser by clearing there browsing history. - In FGT Web-GUI you are facing slowness with specific page i.e "Policy Page", "Interface Page" or the complete GUI

Please provide the output of below mentioned commands again. # diag debug reset # diag debug disable # diag debug enable # diag web-ui debug enable # diag debug application httpsd -1 Once done collecting logs # di de reset # di de disable ---> to disable # exec tac report ** Run the command di sys top-summary again ** See the process id (PID) for httpsd ** Kill it using the following command and try to access web GUI again, diagnose sys kill 11 PID RSS CPU% ^MEM% FDS TIME+ NAME 84 78M 0.0 1.0 20 00:13.45 httpsd [x4] Then check the performance again of GUI.

Check your setup for errors with "diag debug config-error-log read". If you have errors, try to get rid of them. Usually, these errors are related to non-upgradeble settings in the security profiles. There are a few settings that can't be converted to 5.4.x. Preferred way to check is to connect via console and reboot, and look at the output when the firewall boots. Check output on both firewalls!

The 5.4.2 release solved quite a few bugs in 5.4.1 and 5.4.0. However, it introduced a new string of pretty serious bugs too. I wouldn't use it in production on anything else then an "E" model. Is there a good reason for upgrading to 5.4.x on your 800c cluster? 5.2.10 seems to be good...

One way of fixing weird errors if nothing else helps is to roll back, then install ALL software versions on the way. Tedious, but 100% successful for me when I have encountered similar problems. You might have bumped into something during the upgrade path.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

This device template should allow NCM to download configs from fortigate 800c devices. These are slightly different from previous versions. They seem to have a prompt of "Press 'a' key to continue" after entering username/password. Once that is pressed, then it shows

c80f0f1006
Reply all
Reply to author
Forward
0 new messages