Resolved issues
The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 6.0.6 build 6392. For inquires about a particular bug, please contact Customer Service & Support.
|
Bug ID |
Description |
|---|---|
|
579859 |
The |
| 403070 | The forticldd process no longer sends update requests to FortiCloud every few seconds. |
| 478397 551411 | You can now enter single-character BIOS commands when connecting to an FPC over telnet using the management IP address and special telnet management port number. |
| 491756 | The least-rtt firewall server load balancing method now works as expected. |
| 502507 | Improved the information displayed by the diagnose load-balance dp show lpm bucket-table command. |
| 502923 541322 | When administrators de-authenticate an FSSO user from the Firewall Users Monitor GUI, the user is now successfully de-authenticated from all FPCs/FPMs in both chassis in an HA configuration. |
| 503453 550940 | The auto install feature now works as expected for the FortiGate-6000 and 7000 platforms. This feature configures the FortiGate to automatically install firmware from a connected USB drive when the system starts. You can use the config system auto-install command to enable the auto install feature. |
| 565704 | Routing tables no longer show routes from other VDOMs. |
| 514361 | Outgoing clear-text traffic from IPsec VPN sessions is now load balanced correctly. |
| 518276 | Using the get system interface transceiver command to display information for one transceiver now works as expected. |
| 522617 | The diagnose sys session6 list command output now includes slot numbers, similar to the output of the diagnose sys session list command. |
| 524863 | The SD-WAN measured-volume-based load balancing option has been removed because it is not supported by FortiGate-6000 and 7000 Session-Aware Load Balancing Clustering (SLBC). |
| 526387 | The source-ip option is now available for per-VDOM FortiAnalyzer logging configurations. |
| 528496 | Information displayed by the diagnose debug authd fsso list command is now consistent across all FPCs, FIMs, and FPMs. |
| 534912 | VRF routing is now fully supported. VRF routes are now successfully synchronized across all FPCs, FIMs, and FPMs. |
| 540170 | Information about data heartbeat status is now more reliable. |
| 542085 | Output from more diagnose commands added to the output created by the execute tac report command. |
| 543532 | FPCs, FIMs, and FPMs now appear in slot number order on the Security Fabric dashboard widget. |
| 547149 | DPx sessions for long-lived IPv4 ICMP and UDP sessions are no longer prematurely removed from FGSP peers. |
| 548254 | Error messages no longer appear when enabling or disabling FortiAnalyzer logging from the Security Fabric Settings GUI page. |
| 548305 | Resolved an issue that prevented recording log messages for dropped packets during some testing scenarios. |
| 548530 | Resolved an issue that prevented changing logging options while configuring a firewall policy from the GUI. |
| 549110 | On a FortiGate-7000 HA configuration, disconnecting the secondary FortiGate-7000 using the Remove device from HA cluster button on the System > HA GUI page now successfully removes both FIMs from the cluster. |
| 549167 | The Monitor > Load Balance Monitor GUI page now shows server load balancing data aggregated for all FPCs or FPMs as well as for individual FPCs or FPMs. |
| 550313 | Resolved an issue with virtual server SSL offloading that caused the wad process to crash. |
| 550378 553133 | Using the diagnose load-balance dp find command is now more intuitive. |
| 550426 | IPv6 router advertisements are now only sent by the FortiGate-6000 management board or the FortiGate-7000 primary FIM and not also by all FPCs or FPMs. |
| 550455 | IPsec VPN NAT-T tunnels no longer fail with clear text traffic. |
| 550701 | Resolved an issue that caused the wad process to generate signal 6 (aborted) messages. |
| 550846 | Resolved an issue that caused cross-FIM LAGs to be deleted from a FortiGate-7000 FGSP configuration. |
| 551087 | FortiGate-6501s or 6301s with different RAID configurations cannot be added to the same HA cluster. Both FortiGate-6501Fs or FortiGate-6301Fs in a cluster must now have the same RAID configuration. |
| 551239 553416 | Resolved issues that caused dropped sessions after an HA failover. |
| 551548 554779 537631 | FortiGate-7000 font panel graphics now appear correctly on the Network > Interfaces GUI page when logged into a backup FIM or FPM. |
| 551924 | The get system performance stats command output now includes IPv6 data. |
| 552388 | FortiGate-6000 and 7000 devices now just set up one SSL tunnel when connecting to FortiGuard. Individual tunnels are no longer set up by each FPC, FIM, or FPM. |
| 552523 | Resolved an issue that sometimes displayed a Waiting for data heartbeat message when switching between standalone and active-passive HA. |
| 552859 | Only the FortiGate-6000 management board or the primary FortiGate-7000 FIM connect to the configured NTP server. Individual FPCs, FIMs, or FPMs no longer connect to the NTP server. |
| 552903 | Resolved an issue that caused advanced configuration script uploads to fail for FGSP. |
| 553301 | Resolved an issue that caused FIMs to record high numbers of link change and link initialize events. |
| 553375 | If both systems in an HA configuration have the same chassis ID, the system with the lowest serial number will now be shut down. |
| 554009 | Resolved an issue that could cause applying a FortiOS Carrier license to fail. |
| 554980 | Improved the help and syntax checking of the execute load-balance slot manage command. |
| 555097 | FTP throughput improvements. |
| 555283 | The FortiGate-7000 setting of the config load-balance slbc-mgmt-intf option can no longer be changed. |
| 555410 | Resolved a synchronization issue for IPS and application control signatures. |
| 555598 | The AWS Connector feature now works as expected. |
| 555827 | Resolved an issue that prevented the FortiGate-6000 management board GUI from displaying all IPsec tunnels. |
| 556005 | Many routing-related commands are now usable from the management board CLI instead of requiring connecting to individual FPCs. |
| 556096 | Resolved an issue with synchronizing routes to all FPCs in an FGSP cluster. |
| 556842 | SSL VPN can now listen on LACP LAG interfaces. |
| 557053 | Resolved an FGSP synchronization issue that would show that some devices in the cluster were "unreachable" or "connecting" instead of showing them as connected. |
| 557132 | The 10000auto option is no longer available when configuring the speed of FortiGate-6000 SFP28 data interfaces (ports 1 to 24). |
| 557140 | Resolved an issue that caused high CPU use after loading a saved configuration file. |
| 557162 | Debug messages triggered by the diagnose ip router bgp xxx command now appear on the management board CLI. |
| 558170 | Resolved an issue that blocked SNMP access to FIM1 when using the UDP special management port of 16101. |
| 558263 | Corrected an issue with the config load-balance setting config workers command that allowed adding workers that did not exist. |
| 558478 | Resolved an HA synchronization error caused by the config system central-management configuration. |
| 559214 | Resolved an issue that caused ICMP traffic to be distributed to more than one FPC or FPM. |
| 559650 | Resolved an issue that caused inconsistent MAC addresses to be assigned to EMAC VLAN interfaces. |
| 562440 | Corrected the management data displayed on the Resource Usage dashboard widgets. |
| 563415 | The config system settings set motherboard-traffic-forwarding command has been removed as it is no longer required to allow management access from data interfaces. |
| 563821 | Resolved a data plane heartbeat issue found after rebooting both FortiGate-6000s or 7000s in an FGCP HA configuration. |
| 563832 | Resolved a local certificate synchronization issue. |
| 563912 | Resolved an issue that caused trunk IDs to not be synchronized after a graceful upgrade of an HA cluster. |
| 564173 | Resolved an issue that caused communication errors between FIMs after a factory reset. |
| 564289 | Resolved an issue that caused synchronization delays after disconnecting a FortiGate-6000 or 7000 from an HA cluster. |
| 564618 | Improvements to NTP time syncing between FortiGate-6000 and 7000 components in standalone and HA configurations. |
| 564708 | Improvements to how firewall policy stats are updated on the management board GUI. |
| 566022 | Security Fabric status can no longer be manually disabled from the CLI. |
| 566108 | Resolved issues with handling long VDOM names. |
| 566458 | Removed the remote-console-access option from the config system console-server command. |
| 567083 | Corrected the firewall policy bytes count displayed on firewall policy list GUI pages. |
| 567200 | Corrected the help displayed on the CLI for FortiGate-6000 execute load-balance slot set-master-worker command. |
| 567434 | Resolved an issue that caused DNS lookups to fail after a reboot or factory reset. |
| 567558 | Resolved an issue that prevented FPCs from sending management heartbeats after entering conserve mode. |
| 567719 | Resetting the primary FIM on a FortiGate-7000 in HA mode no longer removes the FortiGate-7000 from the HA cluster. |
| 568646 | The get system arp command now displays data for all FPCs, FIMs, and FPMs. |
| 569047 | Corrected the help for the config load-balance settings set weight CLI command. |
| 569961 | Resolved an issue with adding and configuring custom devices. |
| 571122 | Corrected the list of options that appears on the CLI for the diagnose hardware command. |
| 571156 | Resolved a redundant interface synchronization issue. |
| 571468 | Resolved an issue involving the hasync and authd processes that could cause an HA cluster to crash after a failover. |
| 572067 | Resolved issues with assigning MAC addresses to cross-FIM LAGs. |
| 572076 | Remote access now works correctly after changing the HA mode and chassis ID at the same time. |
| 572147 | Resolved a MAC address error that appeared after a LAG was deleted and a new LAG added that included interfaces from the original LAG. |
| 572190 | Resolved an issue with displaying routes and status for IPsec interfaces on the management board or primary FIM GUI Route Monitor. |
| 572527 | Resolved an issue with the confsynchbd process that caused HA failovers. |
| 572594 | Resolved a timing issue that resulted in traffic being temporarily blocked after a graceful firmware upgrade of a FortiGate-6000 or 7000 HA configuration. |
| 573155 | Resolved an issue that caused incorrect virtual MAC addresses to be created after turning on HA active-passive mode. |
| 573377 | The IPsec VPN Monitor GUI page no longer shows host names of FPCs or FPMs that dot not have active IPsec VPN tunnels. |
| 573907 | When logged into an FPC or FPM, the diagnose debug authd fsso list command now shows the logged in FSSO users for that FPC or FPM. |
| 574249 | FIM interfaces no longer appear to incorrectly have virtual MAC addresses. |
| 574495 | Interfaces removed from a LAG no longer have incorrect VLAN IDs. |
| 574869 | Fragmented and pinhole sessions are now correctly shown when you view the session list (for example with the diagnose sys session list command). |
| 575044 | Resolved an error with synchronizing link monitor states to FPCs or FPMs. |
| 575578 | Redundant interface MAC addresses are now successfully synchronized after a graceful upgrade of an HA cluster. |
| 575907 | Resolved an issue with synchronizing MAC addresses after moving an interface from one LAG to another. |
| 576360 | Resolved an issue that caused the link local addresses of LAGs or redundant interfaces to be incorrect on the secondary FortiGate-6000 or 7000 in an HA configuration. |
| 576642 | Resolved an issue that prevented the IPsec VPN tunnels page from appearing for administrators who logged in using an administrator account with the prof_admin administrator profile. |
| 577715 | Resolved an issue that could cause the fctrlproxyd process to use 99% of CPU resources. |