Known issues
The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 7.0.5 Build 0057. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 7.0.5 release notes also apply to FortiGate-6000 and 7000 FortiOS 7.0.5 Build 0057.
Bug ID |
Description |
---|---|
724543 | Interface bandwidth dashboard widgets show incorrect outbound bandwidth usage. |
782978 | When setting up a FortiGate-6000 or 7000 FGCP HA cluster, one of the FortiGates in the cluster may be running an older firmware version. During cluster formation, the newer firmware version is installed on FortiGate running the older firmware version. After the firmware is downloaded and before the FortiGate restarts, the console may display incorrect error messages. Even when these error messages appear the FortiGate should start up normally, running the newer firmware version, and should be able to join the cluster. |
785815 | An FPM may display an incorrect checksum message on the console while restarting. The FPM will continue to operate normally after fully starting. |
803082 |
Policy statistics data that appear on the GUI firewall policy pages and in FortiView may be incorrect. |
803536 | A FortiGate-6000 or 7000 may not correctly synchronize routes after various failover scenarios. For example, after a FortiGate-6000 selects a new primary FPC, the routes on the FPC that was the primary FPC should have their protocol changed, but this change may not always occur. |
811782 | UDP-encapsulated ESP (UESP) sessions that use the normal IKE port (port 4500) are load balanced by the DP or NP7 processor in the same way as normal IPSec traffic. You can use the ipsec-tunnel-slot option when creating a phase 1 configuration to control how UESP tunnels are load balanced. However, if UESP sessions use a custom IKE port, the DP or NP7 processor does not handle them as IPsec packets. Instead , they are load balanced by the DP or NP7 processor in the same way as any other traffic. If required, you can adjust load balance settings or add a flow rule for UESP sessions using a custom IKE port. |
813569 | Operating a FortiGate-6000 or 7000 as an SSL VPN client is not supported. |
820988 | When configuring an SNMP community, the source-ip option is not supported for the FortiGate-6000 and 7000. When the source-ip option is configured, SNMP can't send traps for this community. |
827937 815874 822410 |
Multiple issues with Zero Trust Network Access (ZTNA) features. FortiOS 7.0.5 for FortiGate-6000 and 7000 does not support ZTNA. |
824205 | If an FPM completes starting up when no FIMs are running or all FIMs are in the process of starting up, there is a chance that the FPM will not be synchronized once the primary FIM has restarted. |
830454 | Changing the FPC or FPM that an IPsec tunnel is using can cause traffic in the tunnel to be blocked. The problem is a timing issue, so sometimes traffic will be unaffected when making this configuration change and other times it may be blocked. |
832353 | After factory resetting an FPM, if the configuration synchronized to it contains EMAC VLAN interfaces, the MAC addresses of the EMAC VLAN interfaces on the FPM may be different from the MAC addresses of the same EMAC VLAN interfaces on the primary FIM. The configuration synchronization checksum for the FPM is the same as for the other FPMs and FIMs, even though the EMAC VLAN interfaces have different MAC addresses. |
833488 | A CMDB issue can result in the fcnacd process adding a VDOM during stress testing. |
878934 |
Some relatively large routing configurations may cause the Restarting the |
1093412 |
On the FortiGate 6000 and 7000 platforms, the |