Known issues
The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.2.3 Build 6252. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.2.3 release notes also applies to FortiGate-6000 and 7000 FortiOS 6.2.3 Build 6252.
Bug ID |
Description |
---|---|
515590 |
The Session Rate: Management dashboard widget shows incorrect information when viewed on VDOM dashboards. |
561722 |
Policies that block or allow devices based on device detection and identification using FortiClient may not work as expected because the MAC addresses used to identify the devices are not synchronized to all FPCs or FPMs. You can work around this issue using a flow rule similar to the following: config load-balance flow-rule edit 28 set status enable set ether-type ip set protocol tcp set dst-l4port 8013-8013 set forward-slot load-balance set comment "FCT Telemetry" end It may also work to change the load distribution method: config load-balance setting set dp-load-distribution-method src-ip config workers edit 1 end end |
581243 |
Under some conditions (for example, high CPU usage) the |
581990 |
Running the |
584078 |
When logged into an individual FPC or FPM, the Load Balance Monitor GUI page incorrectly shows all real servers as being down. |
589613 |
Local-in deny policies may not successfully block the specified local-in traffic. |
590136 |
In a virtual clustering configuration, under some conditions some FortiGate-6000 or 7000 components may not be able to reach DNS servers and will generate DNS error log messages. |
591251 |
Enabling disk logging on a FortiGate-6501F or 6301F or enabling sending logs to a syslog server on a FortiGate-6000 or 7000 from the GUI does not work unless FortiAnalyzer logging is enabled. |
601677 |
Under some conditions caused by communication problems, the |
600504 |
IPv6 ECMP is not supported. |
603601 604304 606091 |
This release supports many, but not all, SDN connectors. Some workarounds may be required to support some features. For more information, see SDN connector support. |
605065 |
You cannot set a management interface LAG to be the SLBC management interface by adding it to the |
605069 |
FortiGate-6000 FPCs and the management board assign different MAC addresses to a management interface LAG. The management board uses the MAC address of the second interface in the member list while the FPCs use the MAC address of the first interface in the member list. |
605073 |
The GUI or CLI doesn't prevent you from adding mgmt3 to a management lag. |
605371 |
By default, for FortiOS 6.2.3 the |
605411 |
Management traffic (local in and local out) is not accepted by inter-VDOM link interfaces if the inter-VDOM link type is set to config system vdom-link edit link-name set type ethernet end |
606120 |
config system settings v4-ecmp-mode option is set to usage-based , all traffic uses the first ECMP route instead of being load balanced among all ECMP routes. All other ECMP load balancing options are supported, including source-ip-based , weight-based , and source-dest-ip-based . |
606785 |
If you manually disable an interface that has been added to a LAG group, the interface disappears from the GUI interface list. To get the interface to appear on the list, you must enable it from the CLI. |
607139 |
In a virtual clustering configuration, if virtual cluster 1 and virtual cluster 2 are on different FortiGates then dial up VPN servers in VDOMs in virtual cluster 2 will not work correctly because of missing IPsec routes. The workaround until this issue is resolved is to keep VDOMs with VPN servers in virtual cluster 1. |
607536 |
An "image upgrade failed" message may appear on the GUI after a successful graceful upgrade of an HA cluster. |
607649 |
If the FortiGate-6000 mgmt1, mgmt2, or mgmt3 interfaces are HA monitored interfaces they cannot be added to a management interface LAG. |
607921 |
The Configuration Sync Monitor may show incorrect status information for the secondary FortiGate-6000 management board or FortiGate-7000 primary FIM. |
608940 |
Management traffic can't be sent over an inter-VDOM link. For example, you can't connect from the mgmt-vdom to FortiGuard by creating and inter-VDOM link between mgmt-vdom and a VDOM connected to the internet. You also can't use inter-VDOM links to connect from mgmt-vdom to a FortiManager. To communicate with FortiGuard, mgmt-vdom must be able to connect to the internet or to a FortiManager without going through an inter-VDOM link. |
608632 |
FortiGate-6000 dataplane sessions and session rate dashboard widgets show incorrect information when viewed from a traffic VDOM dashboard. |
609131 |
When DHCP leases are cleared from the primary FortiGate in an HA cluster, they are not cleared from the secondary FortiGate. |
610494 |
Virtual clustering is not supported when operating in Split-Task VDOM mode. Virtual clustering GUI and CLI options to configure virtual clustering when operating in Split-Task VDOM mode will be removed in a future release. |
610779 |
In some FortiGate-6000 and 7000 configurations, the forwarding information base (FIB) routing database may not be synchronized to all FPCs or FPMs. You can resolve this issue by forcing the FPCs or FPMs to re-synchronize the FIB by logging into the FPC or FPM CLI and entering |
611830 |
Error checking does not prevent you from moving a VDOM between virtual clusters that causes a VLAN to be in a different virtual cluster than the physical interface or LAG that the VLAN has been added to. FortiGate-6000 and 7000 virtual clustering requires that a VLAN must be in the same virtual cluster as the physical or LAG interface that the VLAN has been added to. See Virtual clustering VLAN/VDOM limitation. |
611834 |
In a virtual clustering configuration, if a VLAN interface is in a different virtual cluster that the physical interface that it was added to, traffic to and from that Interface can pass through the virtual cluster that contains the physical interface. |
612357 |
The |
612444 |
When a FortiGate-6000 or 7000 forms a cluster with another FortiGate-6000 or 7000 already operating in HA mode, the active RSSO user list is not synchronized to the FPCs or FPMs in the newly joined FortiGate-6000 or 7000. This can happen, for example, in a operating cluster if one of the FortiGate-6000s or 7000s in the cluster restarts. |
613295 |
When converting a FortiGate-6000 or 7000 system from FortiOS Carrier to normal FortiOS, after the system restarts it may be out of sync. You can resolve this problem by logging into the management board or primary FIM CLI and entering the following command to reset the config wireless-controller setting unset darrp-optimize-schedules end |