Fortinet black logo

Release Notes

Home FortiDDoS-F 6.3.1 Release Notes

6.3.0 Resolved issues

6.3.1
7.0.0
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.2
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
Copy Link
Copy Doc ID 0f85d6d0-b774-11ec-9fd1-fa163e15d75b:975775
Download PDF

6.3.0 Resolved issues

The following issues have been resolved in the FortiDDoS-F 6.3.0 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description
0779660 In the rate circumstance where a system was rebooted in the middle of collecting traffic statistics the collection was not aborted correctly and would prevent future traffic statistics collection.
0778284 In HA pair, if the Secondary system is rebooted, Mgmt1 port reverts to earlier IP address.

0777916

Execute shutdown from GUI or CLI did not fully power-down the system.

0774630

In Asymmetric Mode, inbound SYN-ACK packets are graphed but inbound SYN packets are also graphed. Change is made to show matching outbound "virtual" SYNs for clarity.

0771321

When restoring a configuration, RRDs may not be reset correctly resulting in some graphs showing data.

0770084

In some conditions where an SSL server requires verification of the client certificate, SSL/TLS Profile Protocol Anomaly or Version Anomaly would drop the packets, preventing connection.

0768844

If the configuration was restored on a system running live traffic, interface states may be set to "down" requiring manual intervention to bring them up.

0766911

Monitor > Layer 3/4/7 > Layer 3 > Other > Fragmented Packets graph did not display UDP Fragments.

0756613

If a user has more than 10 Service Protection Policies configured (1500F) SNMP MIB Queries become intermittent.

0756558

Blocking DTLS Server Hello per Destination may block all traffic to the Destination (protected) IP address.

0754792

After creating Private Data Encryption key in System > Admin > Setting, other non-secure parameters on the page cannot be changed without re-entering the key.

0753190

Most Active Source graph was updated in both directions when DNS Query traffic was only sent in one direction.

0749266

TCP Session graph (Traffic Monitor -> Layer3/4/7, Select SPP, Select Layer 4-> Other tab, TCP session graph) was not displaying 1/2-open sessions.

0748374

If an SPP that had traffic/graphs/drops was deleted, some logs may not have been deleted, resulting in logs with no SPP identifiers.

0748296

If user attempted to create more than 64 DNS Profiles via CLI, the error message included extraneous information.

0747439

When restoring config via GUI, the API was not waiting until restore was complete before allowing a login, with unexpected results.

0747082

Possible UDP Reflection Flood event is not included as data shown for Dasboard > Top Attacks > SPP > Top attacked UDP Ports.

0741379

SSL/TLS Version Anomaly was only checked for Content Type 22 messages.

0736263

When Packet Capture result was an empty file, it could not be opened, giving a format error. The empty file can now be opened, showing no captured packets.

0736013

Backup and restore from the GUI could result in missing SPPs.

0726191

DTLS UDP service ports are excluded from System Recommendation Port thresholds. Ensure DTLS profile is configured for SPPs with DTLS service ports.

0672585

Invalid DNS packets could be dropped even when no DNS Anomalies were enabled with no logging. FortiDDoS will now drop and log as DNS UDP Header Anomaly: Missing Header. This is a fixed anomaly with no disable option.

0672585

Invalid DNS packets could be dropped even when no DNS Anomalies were enabled with no logging. DNS Header Anomaly "Incomplete DNS" (default off) is added to control this check.

0626478

Admin > Administator accounts now support Trusted Hosts after external password authentication by LDAP / RADIUS / TACACS+.
Common Vulnerabilities and Exposures

For more information, visit https://www.fortiguard.com/psirt.

Bug ID

Description
0744346

FortiDDoS-F 6.3.0 is no longer vulnerable to the following CVE/CWE-References: CVE-2021-3711, CVE-2021-3712, CWE-788.
Previous
Next

6.3.0 Resolved issues

The following issues have been resolved in the FortiDDoS-F 6.3.0 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description
0779660 In the rate circumstance where a system was rebooted in the middle of collecting traffic statistics the collection was not aborted correctly and would prevent future traffic statistics collection.
0778284 In HA pair, if the Secondary system is rebooted, Mgmt1 port reverts to earlier IP address.

0777916

Execute shutdown from GUI or CLI did not fully power-down the system.

0774630

In Asymmetric Mode, inbound SYN-ACK packets are graphed but inbound SYN packets are also graphed. Change is made to show matching outbound "virtual" SYNs for clarity.

0771321

When restoring a configuration, RRDs may not be reset correctly resulting in some graphs showing data.

0770084

In some conditions where an SSL server requires verification of the client certificate, SSL/TLS Profile Protocol Anomaly or Version Anomaly would drop the packets, preventing connection.

0768844

If the configuration was restored on a system running live traffic, interface states may be set to "down" requiring manual intervention to bring them up.

0766911

Monitor > Layer 3/4/7 > Layer 3 > Other > Fragmented Packets graph did not display UDP Fragments.

0756613

If a user has more than 10 Service Protection Policies configured (1500F) SNMP MIB Queries become intermittent.

0756558

Blocking DTLS Server Hello per Destination may block all traffic to the Destination (protected) IP address.

0754792

After creating Private Data Encryption key in System > Admin > Setting, other non-secure parameters on the page cannot be changed without re-entering the key.

0753190

Most Active Source graph was updated in both directions when DNS Query traffic was only sent in one direction.

0749266

TCP Session graph (Traffic Monitor -> Layer3/4/7, Select SPP, Select Layer 4-> Other tab, TCP session graph) was not displaying 1/2-open sessions.

0748374

If an SPP that had traffic/graphs/drops was deleted, some logs may not have been deleted, resulting in logs with no SPP identifiers.

0748296

If user attempted to create more than 64 DNS Profiles via CLI, the error message included extraneous information.

0747439

When restoring config via GUI, the API was not waiting until restore was complete before allowing a login, with unexpected results.

0747082

Possible UDP Reflection Flood event is not included as data shown for Dasboard > Top Attacks > SPP > Top attacked UDP Ports.

0741379

SSL/TLS Version Anomaly was only checked for Content Type 22 messages.

0736263

When Packet Capture result was an empty file, it could not be opened, giving a format error. The empty file can now be opened, showing no captured packets.

0736013

Backup and restore from the GUI could result in missing SPPs.

0726191

DTLS UDP service ports are excluded from System Recommendation Port thresholds. Ensure DTLS profile is configured for SPPs with DTLS service ports.

0672585

Invalid DNS packets could be dropped even when no DNS Anomalies were enabled with no logging. FortiDDoS will now drop and log as DNS UDP Header Anomaly: Missing Header. This is a fixed anomaly with no disable option.

0672585

Invalid DNS packets could be dropped even when no DNS Anomalies were enabled with no logging. DNS Header Anomaly "Incomplete DNS" (default off) is added to control this check.

0626478

Admin > Administator accounts now support Trusted Hosts after external password authentication by LDAP / RADIUS / TACACS+.
Common Vulnerabilities and Exposures

For more information, visit https://www.fortiguard.com/psirt.

Bug ID

Description
0744346

FortiDDoS-F 6.3.0 is no longer vulnerable to the following CVE/CWE-References: CVE-2021-3711, CVE-2021-3712, CWE-788.
Previous
Next