Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-6000 and FortiGate-7000 Release Notes

Download PDF
Copy Link

Resolved issues

The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 6.2.4 Build 1116. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 6.2.4 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.2.4 Build 1116.

Bug ID

Description

508610 Resolved an issue that could light the LEDs of interfaces that are not connected.
513339 Finisar FCLF8521p2BTL (FG-TRAN-GC) and (FS-TRAN-GC) FCLF8522P2BTL transceivers are now supported.
516970 The Telnet-to-console line connected message has been corrected to read Network-to-console line connected.
570475 Selecting Clear Counters on the firewall policy list GUI page now successfully clears the counters for the selected policy.
594750 Resolved an issue that prevented FSSO users from being removed when de-authenticated on Firewall User Monitor page.
601849 The FortiView quarantine monitor GUI page now works as expected when you select All-FortiGate.
602530 Resolved an issue that caused httpsd process crashes.
604304 More SDN connectors supported. For more information, see SDN connector support.
605411

Management traffic (local in and local out) is now accepted by inter-VDOM link interfaces if the inter-VDOM link type is set to ppp (point to point).

606543 The correct list of interfaces appears on the Allow other FortiGates to join list on the Security Fabric GUI page.
607418 Resolved an issue that prevented the Firewall User Monitor from displaying if FortiOS is managing a large number of users.
607521 Resolved an issue that removed logged in LDAP users after a secondary FortiGate joined the primary FortiGate in an HA configuration.
607772 Resolved an issue that caused the system to enter conserve mode and not be able to recover after logging in thousands of LDAP users.
607921

The Configuration Sync Monitor now shows correct status information for the secondary FortiGate-6000 management board or FortiGate-7000 primary FIM.

610828 Resolved an issue that delayed synchronizing RSSO users to all FPCs or FPMs.
611558 Resolved an issue that could sometimes cause synchronization delays after making configuration changes on a system managing many logged in users.
612357

The execute factoryreset-shutdown command now successfully resets the configuration to factory defaults when run on a secondary FortiGate-6000F in an HA cluster with uninterruptible-upgrade enabled.

612444

When a FortiGate-6000 or 7000 forms a cluster with another FortiGate-6000 or 7000 already operating in HA mode, the active RSSO user list is now successfully synchronized to the FPCs or FPMs in the newly joined FortiGate-6000 or 7000.

613295

Resolved an issue that caused a FortiGate-6000 or 7000 to be out of sync after disabling the FortiOS Carrier license.

614858 Web filter override policies no longer time out early.
620231 Resolved some GUI performance issues.
620233 Resolved an issue that could cause the Configuration Sync Monitor to display incorrect synchronization status information.
620338 Users can now ping the FortiGate-6000 or 7000 internal network LAN interface from a remote host through an IPsec tunnel.
621375 Resolved an issue that could cause an HA graceful firmware upgrade to time out if the configuration has a large number of VDOMs.
622081 Resolved an issue that caused FPC or FPM synchronization issues after upgrading an HA cluster with uninterruptable-upgrade disabled.
623123 Resolved a performance issue that caused unexpected HA failovers for an HA cluster with a large number of VLANs.
623471 Resolved an issue with automatically changing the time after daylight saving time started.
624655 Performing an SNMP walk no longer times out on bgp4PathAttrIpAddrPrefix when the system has a large BGP configuration.
624927 The fgHaStatsGlobalChecksum SNMP query now receives the correct information from a FortiGate-6000 or 7000 HA cluster.
626073 The FortiGate-6000 management board now correctly aggregates SNMP logs for an fgFwPolStatsEntry query.
626086 Performing an SNMP walk no longer fails on a FortiGate-7000 when the primary FPM has different VDOM IDs than the primary FIM.
627404 Resolved an issue that caused the GUI to incorrectly show Cisco ACI connector status as down.
632416 Log messages stating that the backplane channel is unstable are no longer generating when making configuration changes.
633182 The ESXi SDN connector now stays up on the FortiGate-6000 management board and on all FPCs.
633224 Resolved an issue that caused FPMs to crash with NP6 LACP errors after rebooting when the FortiGate-6000 has multiple LACP LAG interfaces.
633561 Resolved an issue that prevented pinging VLAN interfaces in a transparent mode VDOM.
633597 Resolved an issue that could prevent the FortiGate-7000 primary FIM from connecting to an FSSO server.
633925 Resolved an issue that displayed error messages on some FPC consoles in an HA configuration after a firmware upgrade.
634049 Resolved an issue that prevented synchronizing GTP-C tunnels to a restarted FPM.
634949 Resolved a VRRP issue that prevented transparent mode VDOMs from processing management traffic correctly whenVRRP is enabled.
635122 Resolved an issue that caused traffic to be blocked for 2-3 seconds during an FGCP HA failover.
635163 The diagnose sys sdn status command when run from the management board no longer shows that all are SND connectors are down while no ACI connectors are configured.
635189 The ACI SDN command to clear all dynamic addresses now also clears addresses on the FPMs and FPCs.
637640 641678 Resolved an issue with the IPS that could cause CA certificates to be removed from the IPS configuration when deleting a VDOM.
638568 Resolved an issue with the information displayed on the Firewall User Monitor when displaying information about LDAP and FSSO users.
638601 Resolved an issue that prevented FSSO users from being removed from FPCs in an HA configuration when de-authenticated from the Firewall User Monitor.
638988 Resolved an issue that could prevent the src-dst-ip load balancing distribution method from being implemented correctly on some hardware components after a reboot.
639064 Resolved an issue that prevented displaying information on FPCs about traffic matching a firewall policy with the negate option enabled.
639210 FSSO sessions re now successfully removed after FSSO users log off.
640028 Resolved an issue that caused the sessionsync process to use excessive amounts of CPU resources.
640388 The IPsec VPN monitor on the primary FIM GUI now displays correct status information for DDNS tunnels.
640687 Resolved an issue that could change the chassis-id after restoring the configuration of a FortiGate-6000 or 7000 in an HA cluster.
640698 Resolved an issue that could result in an FPM or FPC having an incorrect special management port number after changing the HA chassis ID.
641455 Resolved an issue that prevented logged off FSSO users from being removed from the secondary FortiGate-6000 or 7000 in an HA configuration.
642400 Resolved an issue with virtual clustering that prevented log messages from being recorded by FortiAnalyzer for a VDOM when the primary virtual cluster for that VDOM was switch from the primary to the secondary FortiGate.
642524 Synchronizing IPv6 static routes when they are added to a transparent mode VDOM to FPC or FPM FIBs no longer requires a reboot.
643811 Resetting the uptime of a FortiGate-6000 or 7000 HA cluster no longer causes a split brain scenario.
645802 FSSO logins from a PC with multiple network interfaces are now shown correctly on the Firewall Users Monitor.
648298 Resolved an issue that displayed error messages during system startup after installing a new firmware build from the BIOS after a reboot.
651033 Adding multiple resource usage widgets to the same dashboard no longer slows down GUI performance.
653000 Resolved an issue that caused the FortiGate-6000 csfd process to crash.

Resolved issues

The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 6.2.4 Build 1116. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 6.2.4 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.2.4 Build 1116.

Bug ID

Description

508610 Resolved an issue that could light the LEDs of interfaces that are not connected.
513339 Finisar FCLF8521p2BTL (FG-TRAN-GC) and (FS-TRAN-GC) FCLF8522P2BTL transceivers are now supported.
516970 The Telnet-to-console line connected message has been corrected to read Network-to-console line connected.
570475 Selecting Clear Counters on the firewall policy list GUI page now successfully clears the counters for the selected policy.
594750 Resolved an issue that prevented FSSO users from being removed when de-authenticated on Firewall User Monitor page.
601849 The FortiView quarantine monitor GUI page now works as expected when you select All-FortiGate.
602530 Resolved an issue that caused httpsd process crashes.
604304 More SDN connectors supported. For more information, see SDN connector support.
605411

Management traffic (local in and local out) is now accepted by inter-VDOM link interfaces if the inter-VDOM link type is set to ppp (point to point).

606543 The correct list of interfaces appears on the Allow other FortiGates to join list on the Security Fabric GUI page.
607418 Resolved an issue that prevented the Firewall User Monitor from displaying if FortiOS is managing a large number of users.
607521 Resolved an issue that removed logged in LDAP users after a secondary FortiGate joined the primary FortiGate in an HA configuration.
607772 Resolved an issue that caused the system to enter conserve mode and not be able to recover after logging in thousands of LDAP users.
607921

The Configuration Sync Monitor now shows correct status information for the secondary FortiGate-6000 management board or FortiGate-7000 primary FIM.

610828 Resolved an issue that delayed synchronizing RSSO users to all FPCs or FPMs.
611558 Resolved an issue that could sometimes cause synchronization delays after making configuration changes on a system managing many logged in users.
612357

The execute factoryreset-shutdown command now successfully resets the configuration to factory defaults when run on a secondary FortiGate-6000F in an HA cluster with uninterruptible-upgrade enabled.

612444

When a FortiGate-6000 or 7000 forms a cluster with another FortiGate-6000 or 7000 already operating in HA mode, the active RSSO user list is now successfully synchronized to the FPCs or FPMs in the newly joined FortiGate-6000 or 7000.

613295

Resolved an issue that caused a FortiGate-6000 or 7000 to be out of sync after disabling the FortiOS Carrier license.

614858 Web filter override policies no longer time out early.
620231 Resolved some GUI performance issues.
620233 Resolved an issue that could cause the Configuration Sync Monitor to display incorrect synchronization status information.
620338 Users can now ping the FortiGate-6000 or 7000 internal network LAN interface from a remote host through an IPsec tunnel.
621375 Resolved an issue that could cause an HA graceful firmware upgrade to time out if the configuration has a large number of VDOMs.
622081 Resolved an issue that caused FPC or FPM synchronization issues after upgrading an HA cluster with uninterruptable-upgrade disabled.
623123 Resolved a performance issue that caused unexpected HA failovers for an HA cluster with a large number of VLANs.
623471 Resolved an issue with automatically changing the time after daylight saving time started.
624655 Performing an SNMP walk no longer times out on bgp4PathAttrIpAddrPrefix when the system has a large BGP configuration.
624927 The fgHaStatsGlobalChecksum SNMP query now receives the correct information from a FortiGate-6000 or 7000 HA cluster.
626073 The FortiGate-6000 management board now correctly aggregates SNMP logs for an fgFwPolStatsEntry query.
626086 Performing an SNMP walk no longer fails on a FortiGate-7000 when the primary FPM has different VDOM IDs than the primary FIM.
627404 Resolved an issue that caused the GUI to incorrectly show Cisco ACI connector status as down.
632416 Log messages stating that the backplane channel is unstable are no longer generating when making configuration changes.
633182 The ESXi SDN connector now stays up on the FortiGate-6000 management board and on all FPCs.
633224 Resolved an issue that caused FPMs to crash with NP6 LACP errors after rebooting when the FortiGate-6000 has multiple LACP LAG interfaces.
633561 Resolved an issue that prevented pinging VLAN interfaces in a transparent mode VDOM.
633597 Resolved an issue that could prevent the FortiGate-7000 primary FIM from connecting to an FSSO server.
633925 Resolved an issue that displayed error messages on some FPC consoles in an HA configuration after a firmware upgrade.
634049 Resolved an issue that prevented synchronizing GTP-C tunnels to a restarted FPM.
634949 Resolved a VRRP issue that prevented transparent mode VDOMs from processing management traffic correctly whenVRRP is enabled.
635122 Resolved an issue that caused traffic to be blocked for 2-3 seconds during an FGCP HA failover.
635163 The diagnose sys sdn status command when run from the management board no longer shows that all are SND connectors are down while no ACI connectors are configured.
635189 The ACI SDN command to clear all dynamic addresses now also clears addresses on the FPMs and FPCs.
637640 641678 Resolved an issue with the IPS that could cause CA certificates to be removed from the IPS configuration when deleting a VDOM.
638568 Resolved an issue with the information displayed on the Firewall User Monitor when displaying information about LDAP and FSSO users.
638601 Resolved an issue that prevented FSSO users from being removed from FPCs in an HA configuration when de-authenticated from the Firewall User Monitor.
638988 Resolved an issue that could prevent the src-dst-ip load balancing distribution method from being implemented correctly on some hardware components after a reboot.
639064 Resolved an issue that prevented displaying information on FPCs about traffic matching a firewall policy with the negate option enabled.
639210 FSSO sessions re now successfully removed after FSSO users log off.
640028 Resolved an issue that caused the sessionsync process to use excessive amounts of CPU resources.
640388 The IPsec VPN monitor on the primary FIM GUI now displays correct status information for DDNS tunnels.
640687 Resolved an issue that could change the chassis-id after restoring the configuration of a FortiGate-6000 or 7000 in an HA cluster.
640698 Resolved an issue that could result in an FPM or FPC having an incorrect special management port number after changing the HA chassis ID.
641455 Resolved an issue that prevented logged off FSSO users from being removed from the secondary FortiGate-6000 or 7000 in an HA configuration.
642400 Resolved an issue with virtual clustering that prevented log messages from being recorded by FortiAnalyzer for a VDOM when the primary virtual cluster for that VDOM was switch from the primary to the secondary FortiGate.
642524 Synchronizing IPv6 static routes when they are added to a transparent mode VDOM to FPC or FPM FIBs no longer requires a reboot.
643811 Resetting the uptime of a FortiGate-6000 or 7000 HA cluster no longer causes a split brain scenario.
645802 FSSO logins from a PC with multiple network interfaces are now shown correctly on the Firewall Users Monitor.
648298 Resolved an issue that displayed error messages during system startup after installing a new firmware build from the BIOS after a reboot.
651033 Adding multiple resource usage widgets to the same dashboard no longer slows down GUI performance.
653000 Resolved an issue that caused the FortiGate-6000 csfd process to crash.