Fortinet black logo

FortiGate-6000 and FortiGate-7000 Release Notes

Home FortiGate / FortiOS 6.0.6 FortiGate-6000 and FortiGate-7000 Release Notes

Known issues

6.0.6
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
Copy Link
Copy Doc ID 7c7411d9-f047-11e9-8977-00505692583a:532364
Download PDF

Known issues

The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.0.6 build 6392. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

579729

The execute dhcp lease-list command does not display any results.

578158

In some cases the IPv4 Policy and IPv6 Policy GUI pages do not display any firewall polices.

578839

FSSO users are not always synchronized among all FPCs or FPMs.

567546

Some fragmented packets in UDP sessions are broadcast to all FPCs or FPMs by the DP processor instead of being sent to a specific FPC or FPM as a fragment session.
578361 Authenticated firewall users may have to log in again after upgrading an HA cluster to FortiOS 6.0.6.
565115 After backing up and restoring the configuration of the secondary FortiGate-6000 or 7000 in an HA cluster, the DLP sensor configuration will have changed, causing the primary and secondary devices to be out of sync.
574657 FortiGate-7000 and FortiGate-6000 for FortiOS 6.0.6 does not support upgrading managed FortiSwitch firmware from the FortiOS Managed FortiSwitch GUI page. Instead you must use the FortiGate-6000 or 7000 CLI or log into the managed FortiSwitch to upgrade managed FortiSwitch firmware.

573088

TCP or UDP sessions with SNAT enabled and with fragmented packets fail because the DP processor sends fragmented packets to the incorrect FPC or FIM.
552604

Offloading multicast traffic to NP6 processors is not supported in this release. Even if you have enabled auto-assic-offload in a multicast firewall policy, multicast traffic is not offloaded.
574190 Changing the global IPS configuration using the config ips global command can reduce overall system performance until the system restarts. To avoid this performance reduction, only make changes to the IPS global configuration during maintenance windows and restart the system after the configuration change is made. You can also use the diagnose test application ipsmonitor 99 command to restart the IPS engine.
568375 When managing a FortiGate-6000 or 7000 from in-band (traffic) interfaces, jumbo frames are not supported and will be fragmented upon egressing the device.
554882 If you replace a failed FortiGate-6000 or 7000 in an HA configuration with a replacement device, FortiManager may not automatically recognize that the new device as part of the HA configuration. If a failover occurs and the new device becomes the primary or master, FortiManager may not recognize the cluster.
562712 In-band management connections to the IP address of a VDOM link interface is not supported.
564049 Management traffic received from a data interface is interrupted and sessions can't resume if the FPC or FPM that was processing the traffic fails. The sessions don't fail over to another FPC or FPM.
564357 When the telnet port used for administration is changed on the fly, administrative telnet sessions received by a data interface that are active at the time of the configuration change are not interrupted.
572340 Outgoing management traffic does not follow VRF static routes. Instead, this traffic uses the first listed matching static route in the routing table.
570580 Changes made to local-in firewall policies don't affect local-in management traffic received by data interfaces.
577266 After deleting a FortiGate-7000 HA configuration from FortiManager, the secondary FortiGate-7000 in the cluster will have synchronization errors because the central management configuration is successfully removed from the primary FIM but not from the other FIM and FPMs.
574566 The managed FortiSwitch topology is incorrect when the managed FortiSwitch is connected to a FortiGate-7000 LAG.
571398 After upgrading to FortiOS 6.0.6, to configure your system for IPsec VPN load balancing you must manually enable IPsec VPN load balancing and manually delete IPsec VPN load balancing rules. See Upgrade information.

459424

Statistics on the System > VDOM GUI page may be incorrect.

565082

CPU information on the primary FIM CPU Usage dashboard widget should show CPU usage for all FPCs, or FIMs and FPMs.

561722

Firewall policies designed to identify traffic from known devices may not be able to detect traffic from the known devices.

549983

FortiManager in-band management connections to the IP address of a VDOM link interface are not supported.

578625

In some cases, some routes may not be correctly synchronized to all FPCs or FPMs.

577214

The miglogd process sometimes crashes for unknown reasons.
Previous
Next

Known issues

The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.0.6 build 6392. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

579729

The execute dhcp lease-list command does not display any results.

578158

In some cases the IPv4 Policy and IPv6 Policy GUI pages do not display any firewall polices.

578839

FSSO users are not always synchronized among all FPCs or FPMs.

567546

Some fragmented packets in UDP sessions are broadcast to all FPCs or FPMs by the DP processor instead of being sent to a specific FPC or FPM as a fragment session.
578361 Authenticated firewall users may have to log in again after upgrading an HA cluster to FortiOS 6.0.6.
565115 After backing up and restoring the configuration of the secondary FortiGate-6000 or 7000 in an HA cluster, the DLP sensor configuration will have changed, causing the primary and secondary devices to be out of sync.
574657 FortiGate-7000 and FortiGate-6000 for FortiOS 6.0.6 does not support upgrading managed FortiSwitch firmware from the FortiOS Managed FortiSwitch GUI page. Instead you must use the FortiGate-6000 or 7000 CLI or log into the managed FortiSwitch to upgrade managed FortiSwitch firmware.

573088

TCP or UDP sessions with SNAT enabled and with fragmented packets fail because the DP processor sends fragmented packets to the incorrect FPC or FIM.
552604

Offloading multicast traffic to NP6 processors is not supported in this release. Even if you have enabled auto-assic-offload in a multicast firewall policy, multicast traffic is not offloaded.
574190 Changing the global IPS configuration using the config ips global command can reduce overall system performance until the system restarts. To avoid this performance reduction, only make changes to the IPS global configuration during maintenance windows and restart the system after the configuration change is made. You can also use the diagnose test application ipsmonitor 99 command to restart the IPS engine.
568375 When managing a FortiGate-6000 or 7000 from in-band (traffic) interfaces, jumbo frames are not supported and will be fragmented upon egressing the device.
554882 If you replace a failed FortiGate-6000 or 7000 in an HA configuration with a replacement device, FortiManager may not automatically recognize that the new device as part of the HA configuration. If a failover occurs and the new device becomes the primary or master, FortiManager may not recognize the cluster.
562712 In-band management connections to the IP address of a VDOM link interface is not supported.
564049 Management traffic received from a data interface is interrupted and sessions can't resume if the FPC or FPM that was processing the traffic fails. The sessions don't fail over to another FPC or FPM.
564357 When the telnet port used for administration is changed on the fly, administrative telnet sessions received by a data interface that are active at the time of the configuration change are not interrupted.
572340 Outgoing management traffic does not follow VRF static routes. Instead, this traffic uses the first listed matching static route in the routing table.
570580 Changes made to local-in firewall policies don't affect local-in management traffic received by data interfaces.
577266 After deleting a FortiGate-7000 HA configuration from FortiManager, the secondary FortiGate-7000 in the cluster will have synchronization errors because the central management configuration is successfully removed from the primary FIM but not from the other FIM and FPMs.
574566 The managed FortiSwitch topology is incorrect when the managed FortiSwitch is connected to a FortiGate-7000 LAG.
571398 After upgrading to FortiOS 6.0.6, to configure your system for IPsec VPN load balancing you must manually enable IPsec VPN load balancing and manually delete IPsec VPN load balancing rules. See Upgrade information.

459424

Statistics on the System > VDOM GUI page may be incorrect.

565082

CPU information on the primary FIM CPU Usage dashboard widget should show CPU usage for all FPCs, or FIMs and FPMs.

561722

Firewall policies designed to identify traffic from known devices may not be able to detect traffic from the known devices.

549983

FortiManager in-band management connections to the IP address of a VDOM link interface are not supported.

578625

In some cases, some routes may not be correctly synchronized to all FPCs or FPMs.

577214

The miglogd process sometimes crashes for unknown reasons.
Previous
Next