6.3.0 Resolved issues
The following issues have been resolved in the FortiDDoS-F 6.3.0 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.
Bug ID |
Description |
---|---|
0779660 | In the rate circumstance where a system was rebooted in the middle of collecting traffic statistics the collection was not aborted correctly and would prevent future traffic statistics collection. |
0778284 | In HA pair, if the Secondary system is rebooted, Mgmt1 port reverts to earlier IP address. |
0777916 |
Execute shutdown from GUI or CLI did not fully power-down the system. |
0774630 |
In Asymmetric Mode, inbound SYN-ACK packets are graphed but inbound SYN packets are also graphed. Change is made to show matching outbound "virtual" SYNs for clarity. |
0771321 |
When restoring a configuration, RRDs may not be reset correctly resulting in some graphs showing data. |
0770084 |
In some conditions where an SSL server requires verification of the client certificate, SSL/TLS Profile Protocol Anomaly or Version Anomaly would drop the packets, preventing connection. |
0768844 |
If the configuration was restored on a system running live traffic, interface states may be set to "down" requiring manual intervention to bring them up. |
0766911 |
Monitor > Layer 3/4/7 > Layer 3 > Other > Fragmented Packets graph did not display UDP Fragments. |
0756613 |
If a user has more than 10 Service Protection Policies configured (1500F) SNMP MIB Queries become intermittent. |
0756558 |
Blocking DTLS Server Hello per Destination may block all traffic to the Destination (protected) IP address. |
0754792 |
After creating Private Data Encryption key in System > Admin > Setting, other non-secure parameters on the page cannot be changed without re-entering the key. |
0753190 |
Most Active Source graph was updated in both directions when DNS Query traffic was only sent in one direction. |
0749266 |
TCP Session graph (Traffic Monitor -> Layer3/4/7, Select SPP, Select Layer 4-> Other tab, TCP session graph) was not displaying 1/2-open sessions. |
0748374 |
If an SPP that had traffic/graphs/drops was deleted, some logs may not have been deleted, resulting in logs with no SPP identifiers. |
0748296 |
If user attempted to create more than 64 DNS Profiles via CLI, the error message included extraneous information. |
0747439 |
When restoring config via GUI, the API was not waiting until restore was complete before allowing a login, with unexpected results. |
0747082 |
Possible UDP Reflection Flood event is not included as data shown for Dasboard > Top Attacks > SPP > Top attacked UDP Ports. |
0741379 |
SSL/TLS Version Anomaly was only checked for Content Type 22 messages. |
0736263 |
When Packet Capture result was an empty file, it could not be opened, giving a format error. The empty file can now be opened, showing no captured packets. |
0736013 |
Backup and restore from the GUI could result in missing SPPs. |
0726191 |
DTLS UDP service ports are excluded from System Recommendation Port thresholds. Ensure DTLS profile is configured for SPPs with DTLS service ports. |
0672585 |
Invalid DNS packets could be dropped even when no DNS Anomalies were enabled with no logging. FortiDDoS will now drop and log as DNS UDP Header Anomaly: Missing Header. This is a fixed anomaly with no disable option. |
0672585 |
Invalid DNS packets could be dropped even when no DNS Anomalies were enabled with no logging. DNS Header Anomaly "Incomplete DNS" (default off) is added to control this check. |
0626478 |
Admin > Administator accounts now support Trusted Hosts after external password authentication by LDAP / RADIUS / TACACS+. |
Common Vulnerabilities and Exposures
For more information, visit https://www.fortiguard.com/psirt.
Bug ID |
Description |
---|---|
0744346 |
FortiDDoS-F 6.3.0 is no longer vulnerable to the following CVE/CWE-References: CVE-2021-3711, CVE-2021-3712, CWE-788. |