Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiGate-7000 Release Notes

    Home FortiGate-7000 6.0.6 FortiGate-7000 Release Notes
    6.0.6
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.10
    7.0.5
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.10
    6.4.8
    6.4.6
    6.4.2
    6.2.16
    6.2.15
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.10
    6.0.9
    6.0.8
    6.0.6
    6.0.4
    5.6.14
    5.6.12
    5.6.11
    5.6.7
    5.6.6
    5.4.9
    5.4.5
    5.4.3

    Known issues

    Known issues

    The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.0.6 build 6392. For inquires about a particular bug, please contact Customer Service & Support.

    Bug ID

    Description

    579729

    The execute dhcp lease-list command does not display any results.

    578158

    In some cases the IPv4 Policy and IPv6 Policy GUI pages do not display any firewall polices.

    578839

    FSSO users are not always synchronized among all FPCs or FPMs.

    567546

    Some fragmented packets in UDP sessions are broadcast to all FPCs or FPMs by the DP processor instead of being sent to a specific FPC or FPM as a fragment session.
    578361 Authenticated firewall users may have to log in again after upgrading an HA cluster to FortiOS 6.0.6.
    565115 After backing up and restoring the configuration of the secondary FortiGate-6000 or 7000 in an HA cluster, the DLP sensor configuration will have changed, causing the primary and secondary devices to be out of sync.
    574657 FortiGate-7000 and FortiGate-6000 for FortiOS 6.0.6 does not support upgrading managed FortiSwitch firmware from the FortiOS Managed FortiSwitch GUI page. Instead you must use the FortiGate-6000 or 7000 CLI or log into the managed FortiSwitch to upgrade managed FortiSwitch firmware.

    573088

    TCP or UDP sessions with SNAT enabled and with fragmented packets fail because the DP processor sends fragmented packets to the incorrect FPC or FIM.
    552604

    Offloading multicast traffic to NP6 processors is not supported in this release. Even if you have enabled auto-assic-offload in a multicast firewall policy, multicast traffic is not offloaded.
    574190 Changing the global IPS configuration using the config ips global command can reduce overall system performance until the system restarts. To avoid this performance reduction, only make changes to the IPS global configuration during maintenance windows and restart the system after the configuration change is made. You can also use the diagnose test application ipsmonitor 99 command to restart the IPS engine.
    568375 When managing a FortiGate-6000 or 7000 from in-band (traffic) interfaces, jumbo frames are not supported and will be fragmented upon egressing the device.
    554882 If you replace a failed FortiGate-6000 or 7000 in an HA configuration with a replacement device, FortiManager may not automatically recognize that the new device as part of the HA configuration. If a failover occurs and the new device becomes the primary or master, FortiManager may not recognize the cluster.
    562712 In-band management connections to the IP address of a VDOM link interface is not supported.
    564049 Management traffic received from a data interface is interrupted and sessions can't resume if the FPC or FPM that was processing the traffic fails. The sessions don't fail over to another FPC or FPM.
    564357 When the telnet port used for administration is changed on the fly, administrative telnet sessions received by a data interface that are active at the time of the configuration change are not interrupted.
    572340 Outgoing management traffic does not follow VRF static routes. Instead, this traffic uses the first listed matching static route in the routing table.
    570580 Changes made to local-in firewall policies don't affect local-in management traffic received by data interfaces.
    577266 After deleting a FortiGate-7000 HA configuration from FortiManager, the secondary FortiGate-7000 in the cluster will have synchronization errors because the central management configuration is successfully removed from the primary FIM but not from the other FIM and FPMs.
    574566 The managed FortiSwitch topology is incorrect when the managed FortiSwitch is connected to a FortiGate-7000 LAG.
    571398 After upgrading to FortiOS 6.0.6, to configure your system for IPsec VPN load balancing you must manually enable IPsec VPN load balancing and manually delete IPsec VPN load balancing rules. See Upgrade information.

    459424

    Statistics on the System > VDOM GUI page may be incorrect.

    565082

    CPU information on the primary FIM CPU Usage dashboard widget should show CPU usage for all FPCs, or FIMs and FPMs.

    561722

    Firewall policies designed to identify traffic from known devices may not be able to detect traffic from the known devices.

    549983

    FortiManager in-band management connections to the IP address of a VDOM link interface are not supported.

    578625

    In some cases, some routes may not be correctly synchronized to all FPCs or FPMs.

    577214

    The miglogd process sometimes crashes for unknown reasons.
    Previous
    Next

    Known issues

    Known issues

    The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.0.6 build 6392. For inquires about a particular bug, please contact Customer Service & Support.

    Bug ID

    Description

    579729

    The execute dhcp lease-list command does not display any results.

    578158

    In some cases the IPv4 Policy and IPv6 Policy GUI pages do not display any firewall polices.

    578839

    FSSO users are not always synchronized among all FPCs or FPMs.

    567546

    Some fragmented packets in UDP sessions are broadcast to all FPCs or FPMs by the DP processor instead of being sent to a specific FPC or FPM as a fragment session.
    578361 Authenticated firewall users may have to log in again after upgrading an HA cluster to FortiOS 6.0.6.
    565115 After backing up and restoring the configuration of the secondary FortiGate-6000 or 7000 in an HA cluster, the DLP sensor configuration will have changed, causing the primary and secondary devices to be out of sync.
    574657 FortiGate-7000 and FortiGate-6000 for FortiOS 6.0.6 does not support upgrading managed FortiSwitch firmware from the FortiOS Managed FortiSwitch GUI page. Instead you must use the FortiGate-6000 or 7000 CLI or log into the managed FortiSwitch to upgrade managed FortiSwitch firmware.

    573088

    TCP or UDP sessions with SNAT enabled and with fragmented packets fail because the DP processor sends fragmented packets to the incorrect FPC or FIM.
    552604

    Offloading multicast traffic to NP6 processors is not supported in this release. Even if you have enabled auto-assic-offload in a multicast firewall policy, multicast traffic is not offloaded.
    574190 Changing the global IPS configuration using the config ips global command can reduce overall system performance until the system restarts. To avoid this performance reduction, only make changes to the IPS global configuration during maintenance windows and restart the system after the configuration change is made. You can also use the diagnose test application ipsmonitor 99 command to restart the IPS engine.
    568375 When managing a FortiGate-6000 or 7000 from in-band (traffic) interfaces, jumbo frames are not supported and will be fragmented upon egressing the device.
    554882 If you replace a failed FortiGate-6000 or 7000 in an HA configuration with a replacement device, FortiManager may not automatically recognize that the new device as part of the HA configuration. If a failover occurs and the new device becomes the primary or master, FortiManager may not recognize the cluster.
    562712 In-band management connections to the IP address of a VDOM link interface is not supported.
    564049 Management traffic received from a data interface is interrupted and sessions can't resume if the FPC or FPM that was processing the traffic fails. The sessions don't fail over to another FPC or FPM.
    564357 When the telnet port used for administration is changed on the fly, administrative telnet sessions received by a data interface that are active at the time of the configuration change are not interrupted.
    572340 Outgoing management traffic does not follow VRF static routes. Instead, this traffic uses the first listed matching static route in the routing table.
    570580 Changes made to local-in firewall policies don't affect local-in management traffic received by data interfaces.
    577266 After deleting a FortiGate-7000 HA configuration from FortiManager, the secondary FortiGate-7000 in the cluster will have synchronization errors because the central management configuration is successfully removed from the primary FIM but not from the other FIM and FPMs.
    574566 The managed FortiSwitch topology is incorrect when the managed FortiSwitch is connected to a FortiGate-7000 LAG.
    571398 After upgrading to FortiOS 6.0.6, to configure your system for IPsec VPN load balancing you must manually enable IPsec VPN load balancing and manually delete IPsec VPN load balancing rules. See Upgrade information.

    459424

    Statistics on the System > VDOM GUI page may be incorrect.

    565082

    CPU information on the primary FIM CPU Usage dashboard widget should show CPU usage for all FPCs, or FIMs and FPMs.

    561722

    Firewall policies designed to identify traffic from known devices may not be able to detect traffic from the known devices.

    549983

    FortiManager in-band management connections to the IP address of a VDOM link interface are not supported.

    578625

    In some cases, some routes may not be correctly synchronized to all FPCs or FPMs.

    577214

    The miglogd process sometimes crashes for unknown reasons.
    Previous
    Next