Fortinet black logo

Release Notes

Home FortiDDoS-F 6.4.2 Release Notes
6.4.2
7.0.0
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.2
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0

Known issues

Known issues

This section lists the known issues in FortiDDoS-F 6.4.2 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description
0795300 DNS Dynamic Update Queries will be dropped by DNS Query Anomaly: Query Bit Set and DNS Response Anomaly: Query Bit not Set. Enterprise user should never see Dynamic Update Queries since they are normally used by services that host large numbers of different customer domains. If in doubt, disable these 2 DNS Anomalies.

0668077

Local and External Authentication (RADIUS, LDAP, TACACS+) does not support 2-Factor Authentication.
0780476 In HA pairs, if a Primary system SPP is factory reset, the Secondary may not (reboot and) sync immediately.
0779671 HA Secondary systems may not display event logs for local events, such as logins. These can be recovered using CLI command execute recover-eventlog.
0693789 When FDD-VM is operating on a virtual machine with underlying hardware supporting SR-IOV, disabling ports leads to unexpected results.

0678445

Purging a large number of ACLs from an SPP can take more than 30 seconds with no progress indication.
0686846 Online SCEP Enrollment Method of Certificate generation fails.

0638555/ 0637835/ 0634481/ 0633151

Multiple Queries in a single TCP DNS session (SourceIP:Port-DestinationIP:53) are allowed to exceed TCP DNS Thresholds. Fortinet's experience is that this is a very rare possibility. To work around, setting DNS Anomaly Feature Controls: Query Anomaly: QDCount not One in Query will drop these Queries as anomalies.
0714534 If setting Private Key and Certificate from CLI, the event log creates a blank message. Use GUI.
0750762 FortiDDoS VMs support 1024 URL Hash Indexes while others support 64,000. This is by design.
0801480 When a new SPP is created and immediately sees traffic, it may take 10 minutes (2x 5-minute cycles) before drops and other information is shown. This is architectural and will not be changed.
0783004 FQDNs with TTLs longer than 30 days will create invalid entries in the Cache.

0795435

If DNS attack traffic is very bursty (short duration and infrequent) attack logs are correct but drop graphs may not show any information.

0849925

IDN entries (for example 한국.korea-fortiddos.com) will not work in DNS Profile Regex entries. This is a limitation of Regex.

0846411

During DNS Profile FQDN List add/delete operations, normally blocked FQDNs will be allowed to pass while the list is recompiled. This may take 1-5 seconds.
Previous
Next

Known issues

This section lists the known issues in FortiDDoS-F 6.4.2 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description
0795300 DNS Dynamic Update Queries will be dropped by DNS Query Anomaly: Query Bit Set and DNS Response Anomaly: Query Bit not Set. Enterprise user should never see Dynamic Update Queries since they are normally used by services that host large numbers of different customer domains. If in doubt, disable these 2 DNS Anomalies.

0668077

Local and External Authentication (RADIUS, LDAP, TACACS+) does not support 2-Factor Authentication.
0780476 In HA pairs, if a Primary system SPP is factory reset, the Secondary may not (reboot and) sync immediately.
0779671 HA Secondary systems may not display event logs for local events, such as logins. These can be recovered using CLI command execute recover-eventlog.
0693789 When FDD-VM is operating on a virtual machine with underlying hardware supporting SR-IOV, disabling ports leads to unexpected results.

0678445

Purging a large number of ACLs from an SPP can take more than 30 seconds with no progress indication.
0686846 Online SCEP Enrollment Method of Certificate generation fails.

0638555/ 0637835/ 0634481/ 0633151

Multiple Queries in a single TCP DNS session (SourceIP:Port-DestinationIP:53) are allowed to exceed TCP DNS Thresholds. Fortinet's experience is that this is a very rare possibility. To work around, setting DNS Anomaly Feature Controls: Query Anomaly: QDCount not One in Query will drop these Queries as anomalies.
0714534 If setting Private Key and Certificate from CLI, the event log creates a blank message. Use GUI.
0750762 FortiDDoS VMs support 1024 URL Hash Indexes while others support 64,000. This is by design.
0801480 When a new SPP is created and immediately sees traffic, it may take 10 minutes (2x 5-minute cycles) before drops and other information is shown. This is architectural and will not be changed.
0783004 FQDNs with TTLs longer than 30 days will create invalid entries in the Cache.

0795435

If DNS attack traffic is very bursty (short duration and infrequent) attack logs are correct but drop graphs may not show any information.

0849925

IDN entries (for example 한국.korea-fortiddos.com) will not work in DNS Profile Regex entries. This is a limitation of Regex.

0846411

During DNS Profile FQDN List add/delete operations, normally blocked FQDNs will be allowed to pass while the list is recompiled. This may take 1-5 seconds.
Previous
Next