Known issues
This section lists the known issues in FortiDDoS-F 6.4.2 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.
Bug ID |
Description |
---|---|
0795300 | DNS Dynamic Update Queries will be dropped by DNS Query Anomaly: Query Bit Set and DNS Response Anomaly: Query Bit not Set. Enterprise user should never see Dynamic Update Queries since they are normally used by services that host large numbers of different customer domains. If in doubt, disable these 2 DNS Anomalies. |
0668077 |
Local and External Authentication (RADIUS, LDAP, TACACS+) does not support 2-Factor Authentication. |
0780476 | In HA pairs, if a Primary system SPP is factory reset, the Secondary may not (reboot and) sync immediately. |
0779671 | HA Secondary systems may not display event logs for local events, such as logins.
These can be recovered using CLI
command execute recover-eventlog . |
0693789 | When FDD-VM is operating on a virtual machine with underlying hardware supporting SR-IOV, disabling ports leads to unexpected results. |
0678445 |
Purging a large number of ACLs from an SPP can take more than 30 seconds with no progress indication. |
0686846 | Online SCEP Enrollment Method of Certificate generation fails. |
0638555/ 0637835/ 0634481/ 0633151 |
Multiple Queries in a single TCP DNS session (SourceIP:Port-DestinationIP:53) are allowed to exceed TCP DNS Thresholds. Fortinet's experience is that this is a very rare possibility. To work around, setting DNS Anomaly Feature Controls: Query Anomaly: QDCount not One in Query will drop these Queries as anomalies. |
0714534 | If setting Private Key and Certificate from CLI, the event log creates a blank message. Use GUI. |
0750762 | FortiDDoS VMs support 1024 URL Hash Indexes while others support 64,000. This is by design. |
0801480 | When a new SPP is created and immediately sees traffic, it may take 10 minutes (2x 5-minute cycles) before drops and other information is shown. This is architectural and will not be changed. |
0783004 | FQDNs with TTLs longer than 30 days will create invalid entries in the Cache. |
0795435 |
If DNS attack traffic is very bursty (short duration and infrequent) attack logs are correct but drop graphs may not show any information. |
0849925 |
IDN entries (for example 한국.korea-fortiddos.com) will not work in DNS Profile Regex entries. This is a limitation of Regex. |
0846411 |
During DNS Profile FQDN List add/delete operations, normally blocked FQDNs will be allowed to pass while the list is recompiled. This may take 1-5 seconds. |