Known issues
The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.2.4 Build 1116. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.2.4 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.2.4 Build 1116.
Bug ID |
Description |
---|---|
479303 |
VLAN interface status monitoring using the config system ha-monitor command does not work. |
600879 |
Firewall policy packet capturing, turned on by enabling |
603601 |
Cisco ACI SDN connector traffic uses a data interface instead of a management interface. |
606529 |
The FortiGate-6000 and 7000 are not compatible with FortiNAC. |
608729 |
IPsec phase 2 auto-negotiation does not work with VPN load-balancing. |
612622 |
SSL sessions to FortiSandbox are not initiated when |
613139 |
DNS requests logs may contain incorrect source IP addresses. |
613617 |
The For example, when you set a config system fortiguard set source-ip <ip-address> end |
624678 |
SSLVPN web mode RDP traffic is not load balanced to FPCs or FPMs. |
627903 605065 |
You cannot set a management interface LAG to be the SLBC management interface by adding it to the |
632954 |
In a FortiGate-6000 or 7000 HA configuration, if you configure a VLAN interface to be the system management interface, you cannot connect to individual FPMs or FPCs on the secondary FortiGate-6000 or 7000 using special management port numbers. |
632961 |
In a FortiGate-7000 HA configuration, the secondary FortiGate-7000 cannot synchronize with the primary FortiGate-7000 after loading a configuration file with an external security fabric configuration. |
635442 |
SDN connector dynamic addresses are not synchronized between the FortiGate-6000s or 7000s in an FGCP HA cluster. |
635310 |
VLAN interfaces added to accelerated npu_vdom link interfaces cannot pass traffic. |
635591 |
The reportd process may consume excessive amounts of CPU time. |
640520 |
The |
643032 |
In an HA configuration, the secondary FortiGate-6000 or 7000 may incorrectly generate event log messages similar to: |
649682 |
In some cases of FortiGate-6000 HA clusters with large configurations, the secondary FortiGate-6000 may not be able to synchronize with the primary FortiGate-6000. To workaround this issue, remove the secondary FortiGate-6000 from the cluster, reset it to factory defaults, and then restore its configuration using a backed up configuration file from the primary FortiGate-6000. |
650894 |
The FortiManager IPsec Tunnel monitor may incorrectly show that FortiGate-6000 IPsec tunnels are down. |
651743 |
IPsec SAs are not synchronized between cluster units in FCGP HA clusters. |
652777 |
Because of an issue with how IPsec sessions are handled, the same session may incorrectly contain the |
653636 |
Some of the interfaces in a FortiGate-7000 cross-FIM LAG remain in the negotiating state instead of switching to the established state. You can workaround this problem by using the fnsysctl ifconfig <interface> {down | up} command to bring the problematic LAG members down and then back up. |
654420 |
In an HA configuration, the secondary FortiGate-6000 or 7000 may record the following critical event log: |
664898 |
When a DoS attack is successfully detected and blocked, because the threshold is determined per-FPC or per-FPM, the FortiGate-6000 or 7000 does not create an anomaly log message or quarantine the source of the attack. |