Fortinet black logo

Release Notes

Home FortiDDoS-F 6.3.2 Release Notes

Known issues

6.3.2
7.0.0
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.2
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
Copy Link
Copy Doc ID c3dae23c-dc6f-11ec-bb32-fa163e15d75b:567814
Download PDF

Known issues

This section lists the known issues in FortiDDoS-F 6.3.2 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description
0765443 FortiDDoS will drop segmented/fragmented HTTP packets if HTTP Profile > Version Anomaly is enabled. Do not enable HTTP Version Anomaly. GET Cookies can be very large and frequently result in segmented HTTP packets. Trust the Method Thresholds to find HTTP attacks.
0794869 If multiple feature/Profile changes are made in an SPP, the Event Logs are concatenated and become difficult to understand.
0795300 DNS Dynamic Update Queries will be dropped by DNS Query Anomaly: Query Bit Set and DNS Response Anomaly: Query Bit not Set. Enterprise user should never see Dynamic Update Queries since they are normally used by services that host large numbers of different customer domains. If in doubt, disable these 2 DNS Anomalies.
0796137 On some graphs, when no drop count has been shown for a long time, if drops occur the system writes the graph backwards to the previous event, showing drops continuously when none actually happened (the logs are correct).

0668077

Local and External Authentication (RADIUS, LDAP, TACACS+) does not support 2-Factor Authentication.
0780476 In HA pairs, if a Primary system SPP is factory reset, the Secondary may not (reboot and) sync immediately.

0678434/0678433

FortiDDoS-F 6.1.x, 6.2.x and 6.3.x do not support LDAPS/STARTTLS.
0779671 HA Secondary systems do not create event logs for local events, such as logins.
0693789 When FDD-VM is operating on a virtual machine with underlying hardware supporting SR-IOV, disabling ports leads to unexpected results.
0785818 In Debug download > Customer Folder, the Attack log CSV does not always parse the attack log detail into correct columns.

0678445

Purging a large number of ACLs from an SPP can take more than 30 seconds with no progress indication.
0764676 formatlogdisk command from console does not show any output - only seen in (SSH) CLI.
0686846 Online SCEP Enrollment Method of Certificate generation fails.

0638555/0637835/0634481/0633151

Multiple Queries in a single TCP DNS session (SourceIP:Port-DestinationIP:53) are allowed to exceed TCP DNS Thresholds. Fortinet's experience is that this is a very rare possibility. To work around, setting DNS Anomaly Feature Controls: Query Anomaly: QDCount not One in Query will drop these Queries as anomalies.
0714534 If setting Private Key and Certificate from CLI, the event log creates a blank message. Use GUI.
0695645 Under rare conditions, generating multiple Certificates after a configuration restore can stop the GUI.
0750762 FortiDDoS VMs support 1024 URL Hash Indexes while others support 64,000. This is by design.
0801480 When a new SPP is created and immediately sees traffic, it may take 10 minutes (2x 5-minute cycles) before drops and other information is shown. This is architectural and will not be changed.
0783004 FQDNs with TTLs longer than 30 days will create invalid entries in the Cache.

0795435

If DNS attack traffic is very bursty (short duration and infrequent) attack logs are correct but drop graphs may not show any information.
Previous
Next

Known issues

This section lists the known issues in FortiDDoS-F 6.3.2 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description
0765443 FortiDDoS will drop segmented/fragmented HTTP packets if HTTP Profile > Version Anomaly is enabled. Do not enable HTTP Version Anomaly. GET Cookies can be very large and frequently result in segmented HTTP packets. Trust the Method Thresholds to find HTTP attacks.
0794869 If multiple feature/Profile changes are made in an SPP, the Event Logs are concatenated and become difficult to understand.
0795300 DNS Dynamic Update Queries will be dropped by DNS Query Anomaly: Query Bit Set and DNS Response Anomaly: Query Bit not Set. Enterprise user should never see Dynamic Update Queries since they are normally used by services that host large numbers of different customer domains. If in doubt, disable these 2 DNS Anomalies.
0796137 On some graphs, when no drop count has been shown for a long time, if drops occur the system writes the graph backwards to the previous event, showing drops continuously when none actually happened (the logs are correct).

0668077

Local and External Authentication (RADIUS, LDAP, TACACS+) does not support 2-Factor Authentication.
0780476 In HA pairs, if a Primary system SPP is factory reset, the Secondary may not (reboot and) sync immediately.

0678434/0678433

FortiDDoS-F 6.1.x, 6.2.x and 6.3.x do not support LDAPS/STARTTLS.
0779671 HA Secondary systems do not create event logs for local events, such as logins.
0693789 When FDD-VM is operating on a virtual machine with underlying hardware supporting SR-IOV, disabling ports leads to unexpected results.
0785818 In Debug download > Customer Folder, the Attack log CSV does not always parse the attack log detail into correct columns.

0678445

Purging a large number of ACLs from an SPP can take more than 30 seconds with no progress indication.
0764676 formatlogdisk command from console does not show any output - only seen in (SSH) CLI.
0686846 Online SCEP Enrollment Method of Certificate generation fails.

0638555/0637835/0634481/0633151

Multiple Queries in a single TCP DNS session (SourceIP:Port-DestinationIP:53) are allowed to exceed TCP DNS Thresholds. Fortinet's experience is that this is a very rare possibility. To work around, setting DNS Anomaly Feature Controls: Query Anomaly: QDCount not One in Query will drop these Queries as anomalies.
0714534 If setting Private Key and Certificate from CLI, the event log creates a blank message. Use GUI.
0695645 Under rare conditions, generating multiple Certificates after a configuration restore can stop the GUI.
0750762 FortiDDoS VMs support 1024 URL Hash Indexes while others support 64,000. This is by design.
0801480 When a new SPP is created and immediately sees traffic, it may take 10 minutes (2x 5-minute cycles) before drops and other information is shown. This is architectural and will not be changed.
0783004 FQDNs with TTLs longer than 30 days will create invalid entries in the Cache.

0795435

If DNS attack traffic is very bursty (short duration and infrequent) attack logs are correct but drop graphs may not show any information.
Previous
Next