Fortinet black logo

FortiGate-6000 and FortiGate-7000 Release Notes

Known issues

The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.2.7 Build 1179. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.2.7 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.2.7 Build 1179.

Bug ID

Description

703055 The diagnose sys sdn status command does not display information for all FIMs and FPMs or for all FPCs, indicating that some SDN connector information is not synchronized.

704635

Some transceiver types are not displayed correctly on the FortiGate-7000F GUI.

689954

The Average NPU sessions counter displayed on the FIM GUI or CLI may show an incorrect negative value.

589613

Traffic from banned IP addresses can still pass through the FortiGate-6000 or 7000.

647254

After an FGCP HA failover, duplicate IPv4 ECMP routes are installed on all FPCs except for the primary FPC of the new primary FortiGate-6000.

715541

LAGs between the FortiGate-7000E M1 and M2 interfaces are not supported.

716930

In some cases, after an HA FGCP failover, the routes on the primary FPC are not the same as the routes on other FPCs.

724543

Outbound bandwidth traffic statistics are showing incorrectly on individual FIM and FPM GUI pages.

600879

The capture-packet option is not available for some firewall policies.

635310

Management traffic (for example, running a ping) cannot pass through VLANs added to npu_vlink interfaces.

676317

Filter options are not available on the Firewall User Monitor GUI page.

680789

Proxy policy traffic hit counters on the GUI remain at 0 even though the policy is processing traffic.

719886

An FPM that receives an ICMP6 error message broadcasts the message to other FPMs, even though the receiving FPM has a session matching the payload of that error message.

674979

The GUI incorrectly shows more traffic on FortiGate-6000 HA interfaces than what is actually being processed.

613139

DNS requests logs showing the source IP as in an internal FortiGate-6000 or 7000 IP address such as 10.101.11.7 or 10.101.11.8 .

682023

The GUI may sometimes crash and be inaccessible after adding a VLAN interface.

705958

Dialup server IPsec VPN tunnels are not synchronized to all FPCs or FPMs if mode-cfg is enabled.

727886

Some configuration elements may remain after resetting the configuration of an FPM to factory defaults.

722695

NP7 hardware DoS protection does not work as expected.

737263

Management, local-out, and IPsec VPN traffic over NPU inter-VDOM links and with VLANs added to NPU inter-VDOM links does not work. Reply traffic terminates on an FPC or FPM instead of on the management board or primary FIM. This bug affects all management and local out traffic over NPU inter-VDOM links, for example:

  • IKE negotiation if the IPsec VPN tunnel interface is an NPU inter-VDOM link or a VLAN added to an inter-VDOM link.

  • Local-out authentication traffic used to connect to a remote authentication server (for example, LDAP, RADIUS, SSO).

  • Management communication with FortiAnalyzer, FortiManager, and FortiGuard.

  • ICMP traffic from the management board or primary FIM.

740707

When consolidated firewall mode is enabled, policy statistics such as the number of active sessions, packets, bytes, and so on are not available from the management board or primary FIM. The management board GUI and primary FIM GUI do not display policy statistics and REST API calls and SNMP queries to the management board or primary FIM for policy statistics return with no information. Policy statics are available from individual FPC or FPMs. For information about consolidated firewall mode, see Combined IPv4 and IPv6 policy.

767742 Because of a limitation of the FIM-7921F switch hardware, the FortiGate-7121F with FIM-7921Fs does not support adding VLANs to flow rules. The vlan setting of the config load-balance flow-rule command is ignored.

The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.2.7 Build 1179. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.2.7 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.2.7 Build 1179.

Bug ID

Description

703055 The diagnose sys sdn status command does not display information for all FIMs and FPMs or for all FPCs, indicating that some SDN connector information is not synchronized.

704635

Some transceiver types are not displayed correctly on the FortiGate-7000F GUI.

689954

The Average NPU sessions counter displayed on the FIM GUI or CLI may show an incorrect negative value.

589613

Traffic from banned IP addresses can still pass through the FortiGate-6000 or 7000.

647254

After an FGCP HA failover, duplicate IPv4 ECMP routes are installed on all FPCs except for the primary FPC of the new primary FortiGate-6000.

715541

LAGs between the FortiGate-7000E M1 and M2 interfaces are not supported.

716930

In some cases, after an HA FGCP failover, the routes on the primary FPC are not the same as the routes on other FPCs.

724543

Outbound bandwidth traffic statistics are showing incorrectly on individual FIM and FPM GUI pages.

600879

The capture-packet option is not available for some firewall policies.

635310

Management traffic (for example, running a ping) cannot pass through VLANs added to npu_vlink interfaces.

676317

Filter options are not available on the Firewall User Monitor GUI page.

680789

Proxy policy traffic hit counters on the GUI remain at 0 even though the policy is processing traffic.

719886

An FPM that receives an ICMP6 error message broadcasts the message to other FPMs, even though the receiving FPM has a session matching the payload of that error message.

674979

The GUI incorrectly shows more traffic on FortiGate-6000 HA interfaces than what is actually being processed.

613139

DNS requests logs showing the source IP as in an internal FortiGate-6000 or 7000 IP address such as 10.101.11.7 or 10.101.11.8 .

682023

The GUI may sometimes crash and be inaccessible after adding a VLAN interface.

705958

Dialup server IPsec VPN tunnels are not synchronized to all FPCs or FPMs if mode-cfg is enabled.

727886

Some configuration elements may remain after resetting the configuration of an FPM to factory defaults.

722695

NP7 hardware DoS protection does not work as expected.

737263

Management, local-out, and IPsec VPN traffic over NPU inter-VDOM links and with VLANs added to NPU inter-VDOM links does not work. Reply traffic terminates on an FPC or FPM instead of on the management board or primary FIM. This bug affects all management and local out traffic over NPU inter-VDOM links, for example:

  • IKE negotiation if the IPsec VPN tunnel interface is an NPU inter-VDOM link or a VLAN added to an inter-VDOM link.

  • Local-out authentication traffic used to connect to a remote authentication server (for example, LDAP, RADIUS, SSO).

  • Management communication with FortiAnalyzer, FortiManager, and FortiGuard.

  • ICMP traffic from the management board or primary FIM.

740707

When consolidated firewall mode is enabled, policy statistics such as the number of active sessions, packets, bytes, and so on are not available from the management board or primary FIM. The management board GUI and primary FIM GUI do not display policy statistics and REST API calls and SNMP queries to the management board or primary FIM for policy statistics return with no information. Policy statics are available from individual FPC or FPMs. For information about consolidated firewall mode, see Combined IPv4 and IPv6 policy.

767742 Because of a limitation of the FIM-7921F switch hardware, the FortiGate-7121F with FIM-7921Fs does not support adding VLANs to flow rules. The vlan setting of the config load-balance flow-rule command is ignored.