Fortinet black logo

Release Notes

Home FortiDDoS-F 6.4.0 Release Notes
6.4.0
7.0.0
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.2
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0

Resolved issues

Resolved issues

The following issues have been resolved in the FortiDDoS-F 6.4.0 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description
0810242 Resetting an SPP configuration to default, from the Service Protection > Service Protection Policy List may not reset UDP Service Ports.
0748881 TACACS+ authentication was not working for GUI logins.
0784660 If Service Protection Policy or SSL/TLS Profile used System > Address policies, the SPP Policy or SSL/TLS Profile could not be deleted until the address objects were removed.
0826613 Other Protocol Fragment Attack Log may show "Associated Port" as 65535 which is incorrect. No port information is available in most Layer 3 fragments.
0826801 TCP Zombie Flood Attack Log may show "Associated Port" as 65535 which is incorrect. There should be no port information.
0826404 Destination Flood Attack Log may show "Associated Port" as 65535 which is incorrect. There should be no port information.
0827061 Protocol Flood Attack Log may show "Associated Port" as 65535 which is incorrect. There should be no port information.
0815486 Attack logs for attack log events such as SYN/Src, SYN/Dst, Source Flood and Destination Flood, shows associated port = 0, which can be misleading. Instead, it should show "-" for these events.
0835326 When a patch file is installed, it cannot be uninstalled. Installing a patch file is a very rare occurrence, managed by the FortiDDoS dev team, so will be low impact.
0785818 Debug File, Attack Log CSV has some logs incorrectly formatted resulting in misaligned columns and some missing information.
0801906 DNS Profile, DNS Fragment option does not properly drop IPv6 DNS fragments.
0812129 If enough reports are generated to require multiple pages, the page selection buttons may not work.
0833086

Some tables may be missed in generated reports if the system has a large number of data and too many tables are requested.
0806800 Most Active Source and Most Active Destination Traffic Statistics and graphs were not accurate, erring too high compared to actual traffic.
0764676 Command formatlogdisk from the console does not show any output — only seen in (SSH) CLI.
0796137

On some graphs, when no drop count has been shown for a long time and then drops occur, the system would write the graph backwards to the previous event, showing drops continuously when none actually happened (even when the logs are correct).
0812252 FDD-200F CLI get system sensors was not working.
0807382 After DST or Time Zone setting changed, get system status may still show the old time/zone.
0806420 After upgrade of KVM VM, it could take 10 minutes to update RRDs.
0695645 Under rare conditions, generating multiple Certificates after a restore can stop the GUI.

0804753

If SPP Layer 3 Thresholds are set to factory default via CLI, the Most Active Destination Threshold would not reset.
Common Vulnerabilities and Exposures

For more information, visit https://www.fortiguard.com/psirt.

Bug ID

Description
0776398 FortiDDoS-F 6.4.0 is no longer vulnerable to the following CVE-Reference: CWE-269.
Previous
Next

Resolved issues

The following issues have been resolved in the FortiDDoS-F 6.4.0 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description
0810242 Resetting an SPP configuration to default, from the Service Protection > Service Protection Policy List may not reset UDP Service Ports.
0748881 TACACS+ authentication was not working for GUI logins.
0784660 If Service Protection Policy or SSL/TLS Profile used System > Address policies, the SPP Policy or SSL/TLS Profile could not be deleted until the address objects were removed.
0826613 Other Protocol Fragment Attack Log may show "Associated Port" as 65535 which is incorrect. No port information is available in most Layer 3 fragments.
0826801 TCP Zombie Flood Attack Log may show "Associated Port" as 65535 which is incorrect. There should be no port information.
0826404 Destination Flood Attack Log may show "Associated Port" as 65535 which is incorrect. There should be no port information.
0827061 Protocol Flood Attack Log may show "Associated Port" as 65535 which is incorrect. There should be no port information.
0815486 Attack logs for attack log events such as SYN/Src, SYN/Dst, Source Flood and Destination Flood, shows associated port = 0, which can be misleading. Instead, it should show "-" for these events.
0835326 When a patch file is installed, it cannot be uninstalled. Installing a patch file is a very rare occurrence, managed by the FortiDDoS dev team, so will be low impact.
0785818 Debug File, Attack Log CSV has some logs incorrectly formatted resulting in misaligned columns and some missing information.
0801906 DNS Profile, DNS Fragment option does not properly drop IPv6 DNS fragments.
0812129 If enough reports are generated to require multiple pages, the page selection buttons may not work.
0833086

Some tables may be missed in generated reports if the system has a large number of data and too many tables are requested.
0806800 Most Active Source and Most Active Destination Traffic Statistics and graphs were not accurate, erring too high compared to actual traffic.
0764676 Command formatlogdisk from the console does not show any output — only seen in (SSH) CLI.
0796137

On some graphs, when no drop count has been shown for a long time and then drops occur, the system would write the graph backwards to the previous event, showing drops continuously when none actually happened (even when the logs are correct).
0812252 FDD-200F CLI get system sensors was not working.
0807382 After DST or Time Zone setting changed, get system status may still show the old time/zone.
0806420 After upgrade of KVM VM, it could take 10 minutes to update RRDs.
0695645 Under rare conditions, generating multiple Certificates after a restore can stop the GUI.

0804753

If SPP Layer 3 Thresholds are set to factory default via CLI, the Most Active Destination Threshold would not reset.
Common Vulnerabilities and Exposures

For more information, visit https://www.fortiguard.com/psirt.

Bug ID

Description
0776398 FortiDDoS-F 6.4.0 is no longer vulnerable to the following CVE-Reference: CWE-269.
Previous
Next