Fortinet black logo

FortiGate-7000 Release Notes

Resolved issues

Resolved issues

The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 6.2.3 Build 6252. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 6.2.3 release notes also applies to FortiGate-6000 and 7000 FortiOS 6.2.3 Build 6252.

Bug ID

Description

459424

Accurate resource usage information now appears on the Edit Virtual Domain Settings GUI page.

496437 562712

Resolved multiple issues with management traffic and VDOM link interfaces.

522667 596641

Resolved an issue that prevented MAC addresses from being synchronized to all components in a FortiGate-6000 or 7000 operating in transparent mode.

554882

Resolved a synchronization issue that prevented a FortiManager from recognizing when a new FortiGate-6000 or 7000 joined an HA cluster.

564049

When an FPC or FPM fails, management sessions from the FPC to the management board or from the FPM to the primary FIM are now removed from the management board or primary FPC session table.

567546

Resolved an error with how the DP processor handles fragmented packets.

571328

Dates and times shown in the firewall policy list Last Used column are now accurate.

571808

The SSL VPN web portal history section now shows the history messages.

572012

Resolved an issue that could prevent firmware images installed on the FortiGate-6000 management board from the BIOS after a reboot from being synchronized to the FPCs.

572022

The diagnose rsso query ip command now displays the correct information when the command is run from the FortiGate-6000 management board CLI.

572838

In an HA configuration, backup routes (proto=20) are now successfully installed on the management boards of both FortiGate-6000s, when the primary FPC fails over to another slot.

573191

The FortiGate-7000 get system ha status command output now includes serial numbers of the FIMs in both chassis.

574190 Changing the global IPS configuration using the config ips global command no longer requires restarting the system for the change to take effect.

574357

Resolved an issue that sometimes prevented two factor authentication from working.

577563

To speed up synchronization when a FortiGate-6000 starts, the management board uploads a copy of its configuration file to the internal TFTP server and as each FPC starts up it downloads that configuration file. This can improve startup times, especially if the configuration is very large. When the system is operating, normal configuration synchronization keeps the FPCs synchronized with the management board.

578555

RADIUS authentication is now applied to administrator sessions by master FPC instead of the management board.

579400

Resolved an issue that caused the authd process to used excessive amounts of CPU time.

580690

Resolved an issue can caused port address translation (PAT) to occur when a one-to-one IP pool is added to a firewall policy.

581627

You can no longer configure management interfaces to be fortilink interfaces.

583124

Resolved an issue that caused the FortiGate-6000 or 7000 to send incorrect data usage information to RADIUS to Accounting Servers and to only send it from the management board or primary FIM. The FPC or FPM that originally authenticated the RADIUS session now periodically collects accounting data from all FPCs or FPMs and sends the aggregated data to the RADIUS server.

583190

The crashlog will now include system reboot messages.

587041

Active RSSO sessions are now synchronized to an FPC after it restarts.

587124

The diagnose firewall auth command now provides more accurate and readable results when run from the management board or primary FIM.

587218

RADIUS accounting STOP message now successfully remove users from the RADIUS user lists on all FPCs or FPMs.

587432

The malicious certificate DB version is now synchronized to all FPCs or FIMs and FPMs.

587987

Resolved a high memory usage problem.

588655

TACACS+ logins are correctly logged out when the idle period is reached.

588925

The FortiGuard GUI page no longer repeats license information multiple times.

588963

The Security Rating feature now correctly appears on the GUI.

588980

The DP processor now handles UDP sessions with destination port 4500 correctly.

589515

Incorrect bandwidth statistics in VLAN interfaces.

589590

Authenticated users can now be de-authenticated if the FPC or FPM that originally authenticated the user has shut down.

590020

Resolved an issue that caused the hasync process to use excessive amounts of memory on the primary FPC or FPM.

590047

Resolved an issue that caused the FortiGate-6000 management board GUI to incorrectly show the status of a PPPoE interface as failed.

590237

The hatalk process no longer incorrectly reports a role change before a cluster has formed.

590588

The get system session6 list command, run for a VDOM from the management board CLI, now displays information from all FPCs or FPMs.

591241

Traffic shaping can now be configured from the GUI.

593255

The FortiGate-6000 and 7000 now notifies FortiManager of a static routing change.

593360

The config system ips glosbal set engine-count command now knows the correct number of available CPU cores depending on the FortiGate-7000 FIM or FPM.

593509

Resolved an issue that caused the confsyncd process to use excessive amounts of memory.

593765

Resolved an issue that caused Security Fabric automation to send extra emails.

593989

Resolved an issue that could prevent upgrading the firmware of a single FortiGate-6000 or 7000 operating in HA mode with uninterruptible upgrade enabled.

594442

Resolved an issue that prevented IPv6 ping from working between two VDOMs when they are connected over a npu vdom link.

595193

Health checking of IPv6 real servers now works as expected.

596013

Resolved an issue that caused FortiGate-7000 management traffic to fail when the FIM in slot 1 is shut down and the FIM in slot 2 becomes the primary FIM.

597216

Resolved an issue that prevented the FortiGate-6000 or 7000 from downloading firmware upgrades from a TFTP server.

599999

The trusted host feature now works as expected when connecting to the GUI using special management port numbers.

600727

Resolved an IPsec VPN phase 2 route synchronization issue.

601650

The execute clear system arp table command, run from the management board or primary FIM, now successfully clears arp entries on FPCs or FPMs.

602038

Standalone configuration synchronization no longer incorrectly synchronizes the FortiGate-6000 or 7000 global management IP address.

602699

Corrected an error with how SNMP reports CPU information for the FortiGate-7030E

604212

Corrected errors with the options available for configuring FortiGate-6000 interface speeds.

604984

Resolved an issue that prevented SDN connector dynamic firewall addresses from being synchronized to all FPCs or FPMs.

605609

On the FortiGate-6000 and 7000, the default value of the config system csf configuration-sync option has been changed to local.

605904

Resolved an issue that caused SDN connectors to fail after multiple HA failovers.

607624

The diagnose test application radiusd 2 command now shows results from all FPCs or FPMs.

Resolved issues

The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 6.2.3 Build 6252. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 6.2.3 release notes also applies to FortiGate-6000 and 7000 FortiOS 6.2.3 Build 6252.

Bug ID

Description

459424

Accurate resource usage information now appears on the Edit Virtual Domain Settings GUI page.

496437 562712

Resolved multiple issues with management traffic and VDOM link interfaces.

522667 596641

Resolved an issue that prevented MAC addresses from being synchronized to all components in a FortiGate-6000 or 7000 operating in transparent mode.

554882

Resolved a synchronization issue that prevented a FortiManager from recognizing when a new FortiGate-6000 or 7000 joined an HA cluster.

564049

When an FPC or FPM fails, management sessions from the FPC to the management board or from the FPM to the primary FIM are now removed from the management board or primary FPC session table.

567546

Resolved an error with how the DP processor handles fragmented packets.

571328

Dates and times shown in the firewall policy list Last Used column are now accurate.

571808

The SSL VPN web portal history section now shows the history messages.

572012

Resolved an issue that could prevent firmware images installed on the FortiGate-6000 management board from the BIOS after a reboot from being synchronized to the FPCs.

572022

The diagnose rsso query ip command now displays the correct information when the command is run from the FortiGate-6000 management board CLI.

572838

In an HA configuration, backup routes (proto=20) are now successfully installed on the management boards of both FortiGate-6000s, when the primary FPC fails over to another slot.

573191

The FortiGate-7000 get system ha status command output now includes serial numbers of the FIMs in both chassis.

574190 Changing the global IPS configuration using the config ips global command no longer requires restarting the system for the change to take effect.

574357

Resolved an issue that sometimes prevented two factor authentication from working.

577563

To speed up synchronization when a FortiGate-6000 starts, the management board uploads a copy of its configuration file to the internal TFTP server and as each FPC starts up it downloads that configuration file. This can improve startup times, especially if the configuration is very large. When the system is operating, normal configuration synchronization keeps the FPCs synchronized with the management board.

578555

RADIUS authentication is now applied to administrator sessions by master FPC instead of the management board.

579400

Resolved an issue that caused the authd process to used excessive amounts of CPU time.

580690

Resolved an issue can caused port address translation (PAT) to occur when a one-to-one IP pool is added to a firewall policy.

581627

You can no longer configure management interfaces to be fortilink interfaces.

583124

Resolved an issue that caused the FortiGate-6000 or 7000 to send incorrect data usage information to RADIUS to Accounting Servers and to only send it from the management board or primary FIM. The FPC or FPM that originally authenticated the RADIUS session now periodically collects accounting data from all FPCs or FPMs and sends the aggregated data to the RADIUS server.

583190

The crashlog will now include system reboot messages.

587041

Active RSSO sessions are now synchronized to an FPC after it restarts.

587124

The diagnose firewall auth command now provides more accurate and readable results when run from the management board or primary FIM.

587218

RADIUS accounting STOP message now successfully remove users from the RADIUS user lists on all FPCs or FPMs.

587432

The malicious certificate DB version is now synchronized to all FPCs or FIMs and FPMs.

587987

Resolved a high memory usage problem.

588655

TACACS+ logins are correctly logged out when the idle period is reached.

588925

The FortiGuard GUI page no longer repeats license information multiple times.

588963

The Security Rating feature now correctly appears on the GUI.

588980

The DP processor now handles UDP sessions with destination port 4500 correctly.

589515

Incorrect bandwidth statistics in VLAN interfaces.

589590

Authenticated users can now be de-authenticated if the FPC or FPM that originally authenticated the user has shut down.

590020

Resolved an issue that caused the hasync process to use excessive amounts of memory on the primary FPC or FPM.

590047

Resolved an issue that caused the FortiGate-6000 management board GUI to incorrectly show the status of a PPPoE interface as failed.

590237

The hatalk process no longer incorrectly reports a role change before a cluster has formed.

590588

The get system session6 list command, run for a VDOM from the management board CLI, now displays information from all FPCs or FPMs.

591241

Traffic shaping can now be configured from the GUI.

593255

The FortiGate-6000 and 7000 now notifies FortiManager of a static routing change.

593360

The config system ips glosbal set engine-count command now knows the correct number of available CPU cores depending on the FortiGate-7000 FIM or FPM.

593509

Resolved an issue that caused the confsyncd process to use excessive amounts of memory.

593765

Resolved an issue that caused Security Fabric automation to send extra emails.

593989

Resolved an issue that could prevent upgrading the firmware of a single FortiGate-6000 or 7000 operating in HA mode with uninterruptible upgrade enabled.

594442

Resolved an issue that prevented IPv6 ping from working between two VDOMs when they are connected over a npu vdom link.

595193

Health checking of IPv6 real servers now works as expected.

596013

Resolved an issue that caused FortiGate-7000 management traffic to fail when the FIM in slot 1 is shut down and the FIM in slot 2 becomes the primary FIM.

597216

Resolved an issue that prevented the FortiGate-6000 or 7000 from downloading firmware upgrades from a TFTP server.

599999

The trusted host feature now works as expected when connecting to the GUI using special management port numbers.

600727

Resolved an IPsec VPN phase 2 route synchronization issue.

601650

The execute clear system arp table command, run from the management board or primary FIM, now successfully clears arp entries on FPCs or FPMs.

602038

Standalone configuration synchronization no longer incorrectly synchronizes the FortiGate-6000 or 7000 global management IP address.

602699

Corrected an error with how SNMP reports CPU information for the FortiGate-7030E

604212

Corrected errors with the options available for configuring FortiGate-6000 interface speeds.

604984

Resolved an issue that prevented SDN connector dynamic firewall addresses from being synchronized to all FPCs or FPMs.

605609

On the FortiGate-6000 and 7000, the default value of the config system csf configuration-sync option has been changed to local.

605904

Resolved an issue that caused SDN connectors to fail after multiple HA failovers.

607624

The diagnose test application radiusd 2 command now shows results from all FPCs or FPMs.