Known issues
This section lists the known issues in FortiDDoS-F 6.6.0 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.
Bug ID |
Description |
---|---|
915076 |
Security Fabric integration with FortiOS is not operational due to changes in the FortiOS API. This wiil return in a future release. |
0780476 | In HA pairs, if a Primary system SPP is factory reset, the Secondary may not (reboot and) sync immediately. |
0693789 | When FDD-VM is operating on a virtual machine with underlying hardware supporting SR-IOV, disabling ports leads to unexpected results. |
0678445 |
Purging a large number of ACLs from an SPP can take more than 30 seconds with no progress indication. |
0750762 | FortiDDoS VMs support 1024 URL Hash Indexes while others support 64,000. This is by design. |
0849925 |
IDN entries (for example 한국.korea-fortiddos.com) will not work in DNS Profile Regex entries. This is a limitation of Regex. |
0846411 |
During DNS Profile FQDN List add/delete operations, normally blocked FQDNs will be allowed to pass while the list is recompiled. This may take 1-5 seconds. |
0882029 |
Release 6.5.0 graphs do not correctly display Y-axis units. Instead of pps or bps rates, only 1,2,3, etc., are shown on the Y-axis. Tool tip information is correct. Fortinet is working with the graph code provider to correct this in a later release. |
0881178 |
When navigating graphs, the colors of some graphs may change between views. Graph accuracy is not affected. Graphs that may change colors are: Protocols; TCP and UDP Ports; ICMP Type/Code; HTTP graphs and DNS Response Code. |
904954 |
After saving SPP or Global ACL Lists re-odering will only work for 1 step up or down from current location in the list. |
923461 |
SYN Inbound Ingress rate on graph shows the same rate as the Inbound Egress rate when drops are shown, which is confusing. Drops can be trusted. |
918768 923612 924121 |
Within a 20-second timeframe after the conclusion of any 5-minute reporting or graphing period, drops may not be accurately reflected in the graph. Instead, they may appear in the subsequent reporting period even if there is no traffic present during that time. |
867798 |
The NTP Response graph and NTP Response-per-Destination graph may not align, with Response-per-Destination appearing higher. This discrepancy is attributed to the combination of symmetric and asymmetric traffic observed by FortiDDoS. Although it may be confusing, the traffic pattern remains consistent, allowing Thresholds to function adequately. If there are concerns, it is recommended to set NTP Thresholds at high levels and utilize "Reflection Deny" in the NTP Profile. This approach effectively mitigates NTP floods while preserving normal traffic operations. |
926212 |
There is a potential scenario where two processes can generate identical logs simultaneously, resulting in a duplicate entry within the logs. |
883615 |
If the drop-down options on graphs are modified while the cursor remains within the graph area, the graph will not refresh. To refresh the graph, simply move the cursor outside the graph area. |