Resolved issues
The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 6.4.8 Build 1823. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 6.4.8 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.4.8 Build 1823.
Bug ID |
Description |
---|---|
511091 593747 615509 697873 751856 765696 765704 766337 767074 768357 768402 770588 768585 768027 766285 769377 771802 762281 593781 735634 |
Improvements to SD-WAN compatibility with SLBC. |
544748 |
Setting the |
585437 | Resolved some issues with link monitoring that could sometimes lead to incorrect link monitoring information appearing on some FPCs or FPMs. |
594258 |
FortiSwitch management over FortiLink now works as expected on a FortiGate-7000 system when FIM2 is the primary FIM. |
612483 | Management connections to FortiManager, FortiAnalyzer, and FortiGuard from a FortiGate-6000 or 7000 traffic interface now works as expected. |
674435 |
Web filtering quotas now work as expected. |
677002 |
Resolved an issue that prevented FGSP configuration changes from being synchronized to all FPCs or FPMs. |
693325 |
The |
695060 | Changing FGSP settings using the config system standalone-cluster command no longer requires restarting the FortiGate-6000 or 7000 for the configuration changes to be synchronized to all FPCs or FPMs. |
695189 | Resolved an issue that caused the output of the diagnose test application fctrlproxyd 1 to contain MAC addresses that incorrectly appear as 00:00:00:00:00:00 . |
696715 |
Resolved an issue that caused the |
697423 |
FortiGate-7121F cross-FIM LAGs now work as expected. |
700337 |
Design changes implemented for FGSP to improve performance if the configuration includes more than three cluster sync entries. |
704635 |
All supported transceiver types are now displayed correctly on the FortiGate-7000F GUI. |
705958 |
Dialup server IPsec VPN tunnels are now successfully synchronized to all FPCs or FPMs when |
714538 |
The |
737087 |
Resolved an issue that could sometimes cause FortiGate-7000F NP7 load balancers to drop IPv6 FTP packets passing through a VLAN interface. |
738266 |
The status of IPv6 links is now correctly synchronized to all FPCs and FPMs. |
739043 | Added the slot ID field to SSL log messages sent to FortiAnalyzer. |
739627 | Resolved an issue that prevented traffic log messages from being recorded for proxy sessions. Because of this the output of the diagnose wad stats policy list command is incorrect. As well, the wrong session count information was displayed on the firewall policy GUI. |
740196 | The get system {session | session6} status command now displays information for the FortiGate-6000 management board and all FPCs or for the FortiGate-7000 FIMs and FPMs. |
744344 |
FortiGate-6000 and 7000 mirroring SSL inspected traffic (also called SSL port mirroring) now works as expected. |
744596 | Resolved an issue that could prevent RADIUS users from having to re-authenticate after the RADIUS server session timeout. |
744636 | Resolved an issue that could prevent FortiGate-6000 or 7000 FGCP clusters from synchronizing files received from FortiGuard after the cluster has been operating for 497 days. |
746201 | Resolved an issue that prevented dial-up IPsec VPN routes from being synchronized after a primary FPC or FPM failover. |
747177 | Resolved an FortiGate-7121F-related issue that caused latency with IPv6 active or passive FTP sessions. |
747523 747335 |
The FortiGate-7121F can now successfully reassemble fragmented packets if config system npu config ip-reassembly set status enable end |
747814 | Removing an FPM from a FortiGate-7121F no longer causes synchronization issues. |
748021 | Resolved an issue that prevented FortiGate-7121F NP7 ESP sessions from expiring on time. |
748258 |
The output of the |
749074 | Firewall sessions for firewall uses that authenticate using RADIUS are deleted when the firewall authentication idle time is reached and the FortiGate is configured to ignore RADIUS session timeouts set by the RADIUS server. Before this bug was fixed, RADIUS user sessions would never time out if the FortiGate was configured to ignore RADIUS session timeouts. |
749357 | Resolved a memory leak that caused high memory usage on the primary FPC or FPM. |
753586 |
Management traffic can now be sent over an inter-VDOM link. For example, you can connect from the mgmt-vdom to FortiGuard by creating an inter-VDOM link between mgmt-vdom and a VDOM connected to the internet. You can also use inter-VDOM links to connect from mgmt-vdom to a FortiManager. |
755579 |
You can now successfully use the FortiManager Connect to CLI via SSH device manager option to connect to the FortiGate-6000 or 7000 CLI. |
755833 |
Resolved a timing issue that could cause an FPM to stop starting up and display a waiting for data heartbeat message after using the system management module to cycle the power of both FIMs. |
757521 |
Resolved an issue that could result in the output of the |
757780 768778 |
The primary FPC or FPM GUI firewall policy GUI pages now display the correct firewall policy usage data (for example, active sessions, hit counts, and so on). |
758217 | The global command get ipsec tunnel list now lists status information for IPsec tunnels from all VDOMs. |
758445 | Increase the FortiGate-7000F boot partition size. This change allows the FortiGate-7000F to support larger more complex configurations that include more VDOMs and firewall policies. Because of this change, the process of upgrading a FortiGate-7000F system to 6.4.8 Build 1823 will take longer than normal and during this time the FortiGate-7000F will not be able to process traffic. |
758714 | Resolved an issue that would sometimes cause the FortiGate-7121F to unexpectedly select a new primary FPM. |
758785 |
The following commands now work as expected when input from the management board or the primary FIM: get vpn ssl monitor diagnose vpn ssl list diagnose vpn ssl mux diagnose vpn ssl statistics |
760263 |
When an FPC or FPM is disabled, its entry is now removed from the Security Fabric tree. |
760778 746476 |
All CLI command output, GUI pages, log messages, and SNMP queries and traps use the terminology "primary" and "secondary" in place of "master" and "slave". This change does not currently apply to config CLI options. The command |
761052 | Resolved an issue that prevented management traffic from being sent from an IPsec VPN interface. |
763074 |
Resolved an issue that could cause two interfaces to be incorrectly assigned the same SNMP index. |
767175 | Resolved an issue that prevented switching a VDOM between transparent and NAT mode if all licensed VDOMs have been created. |
767666 | Resolved an issue that caused traffic to be dropped after adding an EMAC-VLAN interface |
769865 |
Information formerly displayed by Management plane and data plane dashboard widgets is not displayed by the Configuration Sync Monitor. |
770280 753798 746008 | FortiGate-6000s or 7000s in a virtual clustering configuration can now correctly resolve domain names. |
771677 | Resolved an issue with displaying firewall policy statistics on the FortiGate-6000 management board GUI. |
772287 | Local-in and local-out traffic now works as expected for FPCs or FPMs on a FortiGate 6000 or 7000 that is operating as the primary FortiGate for virtual cluster 2. |
772294 | Resolved an issue with IPv4 BFD packet handling that blocked finding OSPF and BGP neighbors. |
772414 | Resolved an issue that sometimes prevented sending log messages from FPCs or FPMs. |
778296 | Resolved an issue that could block passthrough or local-in traffic for a newly-created VDOM. The issue did not affect local-out traffic. |
Common vulnerabilities and exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE references |
---|---|
752134 |
FortiOS 6.4.8 for FortiGate-6000 and 7000 series is no longer vulnerable to the following PSIRT incident number:
|