Fortinet white logo
Fortinet white logo

FortiGate-6000 Release Notes

Known issues

Known issues

The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.4.15 Build 1940. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.4.15 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.4.15 Build 1940.

Bug ID

Description

653092

You cannot use the SLBC management interface IP address to manage a FortiGate-6000 or 7000 by connecting to a data interface.

724543

Outbound bandwidth traffic statistics are showing incorrectly on individual FIM and FPM GUI pages.

765407

Management interfaces on the secondary FIM in a FortiGate-7000F cannot be used for the FGSP heartbeat.

767742 Because of a limitation of the FIM-7921F switch hardware, the FortiGate 7121F with FIM-7921Fs does not support adding VLANs to flow rules. The vlan setting of the config load-balance flow-rule command is ignored.

778239

For all FortiGate-6000 and 7000 models, the CLI allows you to add up to 512 flow rules. However, the number of flow rules that you can add is actually limited by the FortiGate-6000 and 7000 internal switch hardware:

  • All FortiGate-6000F models support up to 256 flow rules.

  • All FortiGate-7000E models support up to 512 flow-rules.

  • A FortiGate-7000F with FIM-7941Fs supports up to 492 flow rules.

  • A FortiGate-7000F with FIM-7921Fs supports up to 52 flow rules.

782095 FortiGate-6000 FGCP cluster interfaces may be assigned virtual MAC addresses that overlap with the virtual MAC addresses assigned to the interfaces of other FortiGates in FGCP clusters, even if they have different group IDs. If you have a FortiGate-6000 FGCP cluster on the same network as FGCP clusters with other FortiGates, you can work around this issue by setting the group IDs of other FortiGate clusters on the same network to a value of 81 or higher.
782978 If you attempt to create an FGCP HA cluster and the FortiGate-6000s or 7000s making up the cluster have difference firmware versions, the CLI of one of the FortiGate-6000s or 7000s may display incorrect error messages after restarting.

825029

From the FortiGate-6000 or 7000 GUI or CLI you can only run a policy lookup if the FortiGate-6000 or 7000 has a route to the destination and a properly configured firewall policy that allows traffic to the destination. Normally policy lookup operations only require a route to the destination.

854819

FGSP auto session synchronization randomly fails for some FPCs and FPMs when the MTU of the FGSP session synchronization data interface is set to maximum value of 9216 bytes. FGSP auto session synchronization occurs after an FPC or FPM or a FortiGate-6000 or 7000 in an FGSP cluster restarts. The workaround to this problem is to decrease the MTU of the data interface to 9200 bytes or less.

917382

An error message similar to 118:socket_vf:[300] ERROR vf < 0: -1 may appear on the FortiGate-7000E console during a firmware upgrade. The firmware upgrade works as expected and operation of the FortiGate-7000E after the upgrade is not affected.

919606

During a FortiGate-7000F firmware upgrade FPM CLI consoles may display messages similar to the following:

[ha_shm_mutex_enter:2781] fgtAttachShm() failed.

[update_ha_mac:3497] ha_shm_mutex_enter() failed.

These messages are caused by timing issues as the FPMs are starting up. Once the FPMs have started they should operate normally.

927737

On the FortiGate-7000F, ICMPv6 packet fragments received by an EMAC VLAN interface are load balanced to the wrong FIM.

928653

Session count information displayed on GUI dashboard widgets does not match session count information displayed from the CLI using the diagnose sys session full-stat command.

Known issues

Known issues

The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.4.15 Build 1940. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.4.15 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.4.15 Build 1940.

Bug ID

Description

653092

You cannot use the SLBC management interface IP address to manage a FortiGate-6000 or 7000 by connecting to a data interface.

724543

Outbound bandwidth traffic statistics are showing incorrectly on individual FIM and FPM GUI pages.

765407

Management interfaces on the secondary FIM in a FortiGate-7000F cannot be used for the FGSP heartbeat.

767742 Because of a limitation of the FIM-7921F switch hardware, the FortiGate 7121F with FIM-7921Fs does not support adding VLANs to flow rules. The vlan setting of the config load-balance flow-rule command is ignored.

778239

For all FortiGate-6000 and 7000 models, the CLI allows you to add up to 512 flow rules. However, the number of flow rules that you can add is actually limited by the FortiGate-6000 and 7000 internal switch hardware:

  • All FortiGate-6000F models support up to 256 flow rules.

  • All FortiGate-7000E models support up to 512 flow-rules.

  • A FortiGate-7000F with FIM-7941Fs supports up to 492 flow rules.

  • A FortiGate-7000F with FIM-7921Fs supports up to 52 flow rules.

782095 FortiGate-6000 FGCP cluster interfaces may be assigned virtual MAC addresses that overlap with the virtual MAC addresses assigned to the interfaces of other FortiGates in FGCP clusters, even if they have different group IDs. If you have a FortiGate-6000 FGCP cluster on the same network as FGCP clusters with other FortiGates, you can work around this issue by setting the group IDs of other FortiGate clusters on the same network to a value of 81 or higher.
782978 If you attempt to create an FGCP HA cluster and the FortiGate-6000s or 7000s making up the cluster have difference firmware versions, the CLI of one of the FortiGate-6000s or 7000s may display incorrect error messages after restarting.

825029

From the FortiGate-6000 or 7000 GUI or CLI you can only run a policy lookup if the FortiGate-6000 or 7000 has a route to the destination and a properly configured firewall policy that allows traffic to the destination. Normally policy lookup operations only require a route to the destination.

854819

FGSP auto session synchronization randomly fails for some FPCs and FPMs when the MTU of the FGSP session synchronization data interface is set to maximum value of 9216 bytes. FGSP auto session synchronization occurs after an FPC or FPM or a FortiGate-6000 or 7000 in an FGSP cluster restarts. The workaround to this problem is to decrease the MTU of the data interface to 9200 bytes or less.

917382

An error message similar to 118:socket_vf:[300] ERROR vf < 0: -1 may appear on the FortiGate-7000E console during a firmware upgrade. The firmware upgrade works as expected and operation of the FortiGate-7000E after the upgrade is not affected.

919606

During a FortiGate-7000F firmware upgrade FPM CLI consoles may display messages similar to the following:

[ha_shm_mutex_enter:2781] fgtAttachShm() failed.

[update_ha_mac:3497] ha_shm_mutex_enter() failed.

These messages are caused by timing issues as the FPMs are starting up. Once the FPMs have started they should operate normally.

927737

On the FortiGate-7000F, ICMPv6 packet fragments received by an EMAC VLAN interface are load balanced to the wrong FIM.

928653

Session count information displayed on GUI dashboard widgets does not match session count information displayed from the CLI using the diagnose sys session full-stat command.