This issue usually occurs when the Admin access port for HTTPS access is changed due to an SSL-VPN using 443.
The new FTM-push feature in 5.6.0 uses port 4433 by default. If a SysAdmin has changed the HTTP or HTTPS access port to 4433 before the upgrade and FTM is enabled on the interface, once the upgrade has been completed, FTM is now using this feature and the SysAdmin can be prevented from accessing the administrative features of the FortiGate through the GUI.
1. The CLI doesn’t give any warnings regarding this issue. 2. Removing FTM from the allowaccess setting does not get back the GUI access. 3. If this issue is encountered, temporarily reset the admin ports back to their default settings to regain GUI access.
IPsec
There is an issue with IPsec tunnels when upgrading from 5.4.5 to 5.6.0, but only between these two versions. Going from 5.4.4 to 5.6.0 doesn’t present an issue. If you do upgrade between these two versions any Phase 1 psksecrets will have to be reset.
Upgrade issues specific to 5.4.x
Wildcard FQDNs
FortiOS 5.2 allowed configurations to use wildcard FQDN objects in the firewall policies. This functionality was removed starting in 5.4. If a user has a firewall running FOS 5.2 with firewall rules configured to use wildcard FQNDs, when the customer upgrades the firewall to FOS 5.4.x or later, the firewall rules using wildcard FQDNs will be deleted. This can cause unexpected traffic to pass or be blocked.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.