Fortinet black logo

FortiGate-6000 and FortiGate-7000 Release Notes

Known issues

Known issues

The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.0.10 Build 0372. For inquires about a particular bug, please contact Customer Service & Support. The Known Issues described in the FortiOS 6.0.10 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.0.10 Build 0372.

Bug ID

Description

600879 Firewall policy packet capturing, turned on by enabling capture in a firewall policy, does not work.
635059 Replies to ICMP packets sent over an SSL VPN tunnel may be dropped because the replies are returning to the FortiGate-6000 management board instead of the address that originated the ICMP request.
640520 The diagnose wad session command is not available.
640709 If you back up the configuration, change LAG settings and then restore the configuration, the LAG settings made after the backup and before the restore me be retained after the configuration is restored.
648825 FortiGate-6000 VRRP for VDOMs in transparent mode is not compatible with AH authentication (TCP protocol 51).
653614 Columns in the Forward Traffic Log & Report GUI page may not be properly aligned.
655969 656004 After an HA graceful upgrade of a FortiGate-7000 HA cluster, on the primary FortiGate-7000 the primary FIM can be out of sync with the primary FortiGate-7000 FPMs. This may happen because some specific configurations are not synchronized; for example, the DLP sensor content archiving configuration or Web filter profile settings.
656032 656034 658669 De-authorizing users from the GUI is not fully supported.
656049 FSSO user accounts may not be synchronized from FortiAuthenticator to all FPCs after restarting both FortiGate-6000s in an HA cluster.
656179 FortiLink settings may not be synchronized to all FPCs in a FortiGate-6000 HA cluster.

656871 658111

658164

Some synchronization issues may cause the FIMs in slot 2 of one or both FortiGate-7000s in an HA cluster to be out of sync with other FIMs and FPMs.
657542 In some cases, the split port configuration may be lost on some FPMs after an HA graceful upgrade.
658692 Packets may be dropped during an HA graceful upgrade.
660044 FortiGate-6000 FPCs and the management board may have different MTU values for some interfaces.
660710 The certificate inspection configuration resulting from restoring a saved VDOM configuration may not be the same as what was saved in the configuration file.

664898

When a DoS attack is successfully detected and blocked, because the threshold is determined per-FPC or per-FPM, the FortiGate-6000 or 7000 does not create an anomaly log message or quarantine the source of the attack.

665684

For a FortiGate-6000 or 7000 HA configuration, if you enable the private-data-encryption option under config system global, backing up and restoring the configuration of the cluster causes a split-brain scenario. The FortiGate-6000s or 7000s in the cluster can't communication over the heartbeat link because of a password mismatch. You can restore cluster operation by disabling the private-data-encryption option on each FortiGate-6000 or 7000.

Known issues

The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.0.10 Build 0372. For inquires about a particular bug, please contact Customer Service & Support. The Known Issues described in the FortiOS 6.0.10 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.0.10 Build 0372.

Bug ID

Description

600879 Firewall policy packet capturing, turned on by enabling capture in a firewall policy, does not work.
635059 Replies to ICMP packets sent over an SSL VPN tunnel may be dropped because the replies are returning to the FortiGate-6000 management board instead of the address that originated the ICMP request.
640520 The diagnose wad session command is not available.
640709 If you back up the configuration, change LAG settings and then restore the configuration, the LAG settings made after the backup and before the restore me be retained after the configuration is restored.
648825 FortiGate-6000 VRRP for VDOMs in transparent mode is not compatible with AH authentication (TCP protocol 51).
653614 Columns in the Forward Traffic Log & Report GUI page may not be properly aligned.
655969 656004 After an HA graceful upgrade of a FortiGate-7000 HA cluster, on the primary FortiGate-7000 the primary FIM can be out of sync with the primary FortiGate-7000 FPMs. This may happen because some specific configurations are not synchronized; for example, the DLP sensor content archiving configuration or Web filter profile settings.
656032 656034 658669 De-authorizing users from the GUI is not fully supported.
656049 FSSO user accounts may not be synchronized from FortiAuthenticator to all FPCs after restarting both FortiGate-6000s in an HA cluster.
656179 FortiLink settings may not be synchronized to all FPCs in a FortiGate-6000 HA cluster.

656871 658111

658164

Some synchronization issues may cause the FIMs in slot 2 of one or both FortiGate-7000s in an HA cluster to be out of sync with other FIMs and FPMs.
657542 In some cases, the split port configuration may be lost on some FPMs after an HA graceful upgrade.
658692 Packets may be dropped during an HA graceful upgrade.
660044 FortiGate-6000 FPCs and the management board may have different MTU values for some interfaces.
660710 The certificate inspection configuration resulting from restoring a saved VDOM configuration may not be the same as what was saved in the configuration file.

664898

When a DoS attack is successfully detected and blocked, because the threshold is determined per-FPC or per-FPM, the FortiGate-6000 or 7000 does not create an anomaly log message or quarantine the source of the attack.

665684

For a FortiGate-6000 or 7000 HA configuration, if you enable the private-data-encryption option under config system global, backing up and restoring the configuration of the cluster causes a split-brain scenario. The FortiGate-6000s or 7000s in the cluster can't communication over the heartbeat link because of a password mismatch. You can restore cluster operation by disabling the private-data-encryption option on each FortiGate-6000 or 7000.