Fortinet black logo

Release Notes

Home FortiDDoS-F 6.6.0 Release Notes
6.6.0
7.0.0
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.2
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0

Known issues

Known issues

This section lists the known issues in FortiDDoS-F 6.6.0 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description

915076

Security Fabric integration with FortiOS is not operational due to changes in the FortiOS API. This wiil return in a future release.
0780476 In HA pairs, if a Primary system SPP is factory reset, the Secondary may not (reboot and) sync immediately.
0693789 When FDD-VM is operating on a virtual machine with underlying hardware supporting SR-IOV, disabling ports leads to unexpected results.

0678445

Purging a large number of ACLs from an SPP can take more than 30 seconds with no progress indication.
0750762 FortiDDoS VMs support 1024 URL Hash Indexes while others support 64,000. This is by design.

0849925

IDN entries (for example 한국.korea-fortiddos.com) will not work in DNS Profile Regex entries. This is a limitation of Regex.

0846411

During DNS Profile FQDN List add/delete operations, normally blocked FQDNs will be allowed to pass while the list is recompiled. This may take 1-5 seconds.

0882029

Release 6.5.0 graphs do not correctly display Y-axis units. Instead of pps or bps rates, only 1,2,3, etc., are shown on the Y-axis. Tool tip information is correct. Fortinet is working with the graph code provider to correct this in a later release.

0881178

When navigating graphs, the colors of some graphs may change between views. Graph accuracy is not affected. Graphs that may change colors are: Protocols; TCP and UDP Ports; ICMP Type/Code; HTTP graphs and DNS Response Code.

904954

After saving SPP or Global ACL Lists re-odering will only work for 1 step up or down from current location in the list.

923461

SYN Inbound Ingress rate on graph shows the same rate as the Inbound Egress rate when drops are shown, which is confusing. Drops can be trusted.

918768

923612

924121

Within a 20-second timeframe after the conclusion of any 5-minute reporting or graphing period, drops may not be accurately reflected in the graph. Instead, they may appear in the subsequent reporting period even if there is no traffic present during that time.

867798

The NTP Response graph and NTP Response-per-Destination graph may not align, with Response-per-Destination appearing higher. This discrepancy is attributed to the combination of symmetric and asymmetric traffic observed by FortiDDoS. Although it may be confusing, the traffic pattern remains consistent, allowing Thresholds to function adequately. If there are concerns, it is recommended to set NTP Thresholds at high levels and utilize "Reflection Deny" in the NTP Profile. This approach effectively mitigates NTP floods while preserving normal traffic operations.

926212

There is a potential scenario where two processes can generate identical logs simultaneously, resulting in a duplicate entry within the logs.

883615

If the drop-down options on graphs are modified while the cursor remains within the graph area, the graph will not refresh. To refresh the graph, simply move the cursor outside the graph area.
Previous
Next

Known issues

This section lists the known issues in FortiDDoS-F 6.6.0 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description

915076

Security Fabric integration with FortiOS is not operational due to changes in the FortiOS API. This wiil return in a future release.
0780476 In HA pairs, if a Primary system SPP is factory reset, the Secondary may not (reboot and) sync immediately.
0693789 When FDD-VM is operating on a virtual machine with underlying hardware supporting SR-IOV, disabling ports leads to unexpected results.

0678445

Purging a large number of ACLs from an SPP can take more than 30 seconds with no progress indication.
0750762 FortiDDoS VMs support 1024 URL Hash Indexes while others support 64,000. This is by design.

0849925

IDN entries (for example 한국.korea-fortiddos.com) will not work in DNS Profile Regex entries. This is a limitation of Regex.

0846411

During DNS Profile FQDN List add/delete operations, normally blocked FQDNs will be allowed to pass while the list is recompiled. This may take 1-5 seconds.

0882029

Release 6.5.0 graphs do not correctly display Y-axis units. Instead of pps or bps rates, only 1,2,3, etc., are shown on the Y-axis. Tool tip information is correct. Fortinet is working with the graph code provider to correct this in a later release.

0881178

When navigating graphs, the colors of some graphs may change between views. Graph accuracy is not affected. Graphs that may change colors are: Protocols; TCP and UDP Ports; ICMP Type/Code; HTTP graphs and DNS Response Code.

904954

After saving SPP or Global ACL Lists re-odering will only work for 1 step up or down from current location in the list.

923461

SYN Inbound Ingress rate on graph shows the same rate as the Inbound Egress rate when drops are shown, which is confusing. Drops can be trusted.

918768

923612

924121

Within a 20-second timeframe after the conclusion of any 5-minute reporting or graphing period, drops may not be accurately reflected in the graph. Instead, they may appear in the subsequent reporting period even if there is no traffic present during that time.

867798

The NTP Response graph and NTP Response-per-Destination graph may not align, with Response-per-Destination appearing higher. This discrepancy is attributed to the combination of symmetric and asymmetric traffic observed by FortiDDoS. Although it may be confusing, the traffic pattern remains consistent, allowing Thresholds to function adequately. If there are concerns, it is recommended to set NTP Thresholds at high levels and utilize "Reflection Deny" in the NTP Profile. This approach effectively mitigates NTP floods while preserving normal traffic operations.

926212

There is a potential scenario where two processes can generate identical logs simultaneously, resulting in a duplicate entry within the logs.

883615

If the drop-down options on graphs are modified while the cursor remains within the graph area, the graph will not refresh. To refresh the graph, simply move the cursor outside the graph area.
Previous
Next