Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-7000 Release Notes

Resolved issues

The following issues have been fixed in FortiGate-6000 and 7000 FortiOS 6.0.8 Build 6599. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

517942

Resolved an issue that could sometimes cause the miglogd process to crash on the secondary FortiGate-6000 or 7000 in an HA cluster when attempting to access FortiCloud.

537360

Resolved an issue that displayed incorrect outbound traffic information on interface bandwidth dashboard widgets.

547094

Resolved an issue that caused a performance drop for some HTTP traffic.

554882

Resolved an HA synchronization issue that could cause a FortiGate-6000 or 7000 to appear to be unregistered with FortiManager after newly joining a previously operating cluster. The problem could occur after receiving a replacement FortiGate-6000 or 7000 due to an RMA and adding the replacement to a standalone FortiGate operating in HA mode to form a cluster.

562667

Resolved an issue that caused a multicast PBA leak for NP6-accelerated traffic.

573907

FSSO users are no longer synchronized to the secondary FortiGate-6000 or 7000 in an HA configuration. Instead, after a failover the new primary FortiGate-6000 or 7000 reconnects to the FSSO agent to download the latest FSSO user data.

574190 581669

Resolved an issue that caused the IPS engine and IPS helper to restart after changing the config ips global configuration.

578839

Resolved an issue that prevented logged on FSSO users from being synchronized among all FPCs or FPMs.

580279

Resolved a synchronization issue that could prevent FPCs or FPMs in an HA cluster from transitioning from the reachable state to the connected state.

580531

Resolved an issue that caused the confsyncd process to crash when downloading packet capture data from the Network > Packet Capture GUI page.

582351

Changing the default route of the management VDOM no longer has a chance to cause the logging process (miglog) to crash on individual FPMs or FPCs.

582823

The FortiView > Web Sites GUI page only shows websites visited in the last 5 minutes. The page does not provide real time updates.

582827

All real-time FortiView GUI pages now display aggregated data from all FPCs or FPMs.

582838

Show in Topology links have been removed from the Security Fabric dashboard widget.

584604

Resolved a time-related HA configuration synchronization issue.

585841

Resolved an issue that caused unregister_netdevice error messages to appear on the CLI console.

587041

RSSO users are now synchronized to an FPC or FPM after it restarts.

588546

Resolved an issue with DHCP lease files that could cause a FortiGate-6000 or 7000 to enter conserve mode.

588980

Resolved an issue that caused the DP processor to send UDP sessions with destination port 4500 to the wrong FPC or FPM.

589515

Resolved an issue that caused Interface Bandwidth dashboard widgets for VLAN interfaces to display incorrect bandwidth usage data.

590008

Resolved an issue that caused the chlbd process to crash on multiple FPCs after a graceful firmware upgrade of a FortiGate-6000 HA cluster.

590020

Resolved an issue related to LDAP searches that caused the hasync process to use excessive amounts of memory.

590389

Resolved an issue that prevented some syslog messages from being sent from FPMs to the primary FIM or from FPCs to the management board.

590617

Resolved an issue that could cause the fans on the secondary FortiGate-6000 in an HA cluster to run higher than expected.

591610

Resolved an issue that caused the hasync process to use excessive amounts of memory when Web Filtering generates a warning message and the user responds to the warning to allow access.

592087

Resolved an issue that caused delays in displaying information about FPMs on the primary FIM CLI when using the get system performance stats command.

592130

Resolved an issue that produced excessive traffic on the management path, resulting in management communication delays among FortiGate-6000 or 7000 components.

592644

Improved FortiGate-6000 management board communication with LDAP servers to improve LDAP lookup speeds and prevent the GUI from displaying LDAP server error messages.

593242

Resolved an issue that sometimes caused a buffer overflow during firmware upgrades.

593707

Resolved an issue that caused EMAC VLAN MAC address mismatches between the primary and secondary FortiGate in an HA cluster.

594618

Resolved an issue that sometimes required firewall users to re-authenticate after a FortiGate-6000 or 7000 HA cluster graceful firmware upgrade.

599910

Resolved an issue that caused the primary FortiGate to enter conserve mode after a graceful firmware upgrade of an HA cluster with 150K logged in FSSO users.

599970

Resolved an issue that prevented the FortiGate-7000 HA heartbeat from failing over correctly when the switch interface connected to the secondary FortiGate-7000 2-M1 interface is disabled. Known issue 600999 is a more recently found different but related issue.

600147

Resolved an issue that caused both FortiGate-6000s or 7000s in an HA cluster to restart after an administrator uploads a new configuration file to the secondary FortiGate.

600866

Resolved an issue that could cause multiple processes to use excessive amounts of CPU time.

Common vulnerabilities and exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

491701

FortiOS 6.0.8 for FortiGate-6000 and 7000 series is no longer vulnerable to the following CVE Reference:

Resolved issues

The following issues have been fixed in FortiGate-6000 and 7000 FortiOS 6.0.8 Build 6599. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

517942

Resolved an issue that could sometimes cause the miglogd process to crash on the secondary FortiGate-6000 or 7000 in an HA cluster when attempting to access FortiCloud.

537360

Resolved an issue that displayed incorrect outbound traffic information on interface bandwidth dashboard widgets.

547094

Resolved an issue that caused a performance drop for some HTTP traffic.

554882

Resolved an HA synchronization issue that could cause a FortiGate-6000 or 7000 to appear to be unregistered with FortiManager after newly joining a previously operating cluster. The problem could occur after receiving a replacement FortiGate-6000 or 7000 due to an RMA and adding the replacement to a standalone FortiGate operating in HA mode to form a cluster.

562667

Resolved an issue that caused a multicast PBA leak for NP6-accelerated traffic.

573907

FSSO users are no longer synchronized to the secondary FortiGate-6000 or 7000 in an HA configuration. Instead, after a failover the new primary FortiGate-6000 or 7000 reconnects to the FSSO agent to download the latest FSSO user data.

574190 581669

Resolved an issue that caused the IPS engine and IPS helper to restart after changing the config ips global configuration.

578839

Resolved an issue that prevented logged on FSSO users from being synchronized among all FPCs or FPMs.

580279

Resolved a synchronization issue that could prevent FPCs or FPMs in an HA cluster from transitioning from the reachable state to the connected state.

580531

Resolved an issue that caused the confsyncd process to crash when downloading packet capture data from the Network > Packet Capture GUI page.

582351

Changing the default route of the management VDOM no longer has a chance to cause the logging process (miglog) to crash on individual FPMs or FPCs.

582823

The FortiView > Web Sites GUI page only shows websites visited in the last 5 minutes. The page does not provide real time updates.

582827

All real-time FortiView GUI pages now display aggregated data from all FPCs or FPMs.

582838

Show in Topology links have been removed from the Security Fabric dashboard widget.

584604

Resolved a time-related HA configuration synchronization issue.

585841

Resolved an issue that caused unregister_netdevice error messages to appear on the CLI console.

587041

RSSO users are now synchronized to an FPC or FPM after it restarts.

588546

Resolved an issue with DHCP lease files that could cause a FortiGate-6000 or 7000 to enter conserve mode.

588980

Resolved an issue that caused the DP processor to send UDP sessions with destination port 4500 to the wrong FPC or FPM.

589515

Resolved an issue that caused Interface Bandwidth dashboard widgets for VLAN interfaces to display incorrect bandwidth usage data.

590008

Resolved an issue that caused the chlbd process to crash on multiple FPCs after a graceful firmware upgrade of a FortiGate-6000 HA cluster.

590020

Resolved an issue related to LDAP searches that caused the hasync process to use excessive amounts of memory.

590389

Resolved an issue that prevented some syslog messages from being sent from FPMs to the primary FIM or from FPCs to the management board.

590617

Resolved an issue that could cause the fans on the secondary FortiGate-6000 in an HA cluster to run higher than expected.

591610

Resolved an issue that caused the hasync process to use excessive amounts of memory when Web Filtering generates a warning message and the user responds to the warning to allow access.

592087

Resolved an issue that caused delays in displaying information about FPMs on the primary FIM CLI when using the get system performance stats command.

592130

Resolved an issue that produced excessive traffic on the management path, resulting in management communication delays among FortiGate-6000 or 7000 components.

592644

Improved FortiGate-6000 management board communication with LDAP servers to improve LDAP lookup speeds and prevent the GUI from displaying LDAP server error messages.

593242

Resolved an issue that sometimes caused a buffer overflow during firmware upgrades.

593707

Resolved an issue that caused EMAC VLAN MAC address mismatches between the primary and secondary FortiGate in an HA cluster.

594618

Resolved an issue that sometimes required firewall users to re-authenticate after a FortiGate-6000 or 7000 HA cluster graceful firmware upgrade.

599910

Resolved an issue that caused the primary FortiGate to enter conserve mode after a graceful firmware upgrade of an HA cluster with 150K logged in FSSO users.

599970

Resolved an issue that prevented the FortiGate-7000 HA heartbeat from failing over correctly when the switch interface connected to the secondary FortiGate-7000 2-M1 interface is disabled. Known issue 600999 is a more recently found different but related issue.

600147

Resolved an issue that caused both FortiGate-6000s or 7000s in an HA cluster to restart after an administrator uploads a new configuration file to the secondary FortiGate.

600866

Resolved an issue that could cause multiple processes to use excessive amounts of CPU time.

Common vulnerabilities and exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

491701

FortiOS 6.0.8 for FortiGate-6000 and 7000 series is no longer vulnerable to the following CVE Reference: