Resolved issues
The following issues have been fixed in Hyperscale firewall for FortiOS 6.2.7 Build 7105. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 6.2.7 release notes also apply to Hyperscale firewall for FortiOS 6.2.7 Build 7105.
Bug ID |
Description |
---|---|
643446 |
Fragmented packets with different Explicit Congestion Notification (ECN) values are now allowed. Not allowing fragmented packets with different ECN values had resulted in some customers experiencing dropped packets. |
665669 |
SFP28 and QSFP28 interfaces in FortiGates with NP7 processors now support Clause 74 forward error correction (FEC). |
676525 |
Sessions are no longer lost if a policy route is deleted or an interface is shut down. |
0678390 |
The |
684052 |
The implicit deny policy can now appear on the GUI in hyperscale firewall policy lists. |
685992 |
Improved dependency checking when adding or editing GCN IP pools and hyperscale firewall policies. |
686774 |
FortiGate-1800F and 1801F sensor data now appears as expected on the GUI and CLI. |
687034 |
Resolved a BGP memory leak. |
687749 |
Resolved an issue that caused the |
687990 |
Hyperscale firewall systems can now generate system event log messages to report on network processor daemon (NPD) and PLE errors that would otherwise just have been written to the console. Example log message: |
688309 |
Resolved an issue that caused packets to randomly be dropped when passing through NPU accelerated VDOM link interfaces. |
689660 |
Policy hit counters have been implemented for hyperscale firewall policies. |
690469 |
The Sessions dashboard will no longer revert to 3 x 1 after being re-sized. |
691166 |
The |
692241 |
BGP no longer consumes high amounts of CPU time when an ADVPN disconnects after a socket writing error. |
692737 |
Resolved an issue that caused timeout errors on the secondary FortiGate in an FGCP cluster when a fixed allocation IP pool was changed to an overload IP pool. |
694645 |
Resolved an issue that blocked NAT64 traffic when a hyperscale firewall policy included an IPv6 firewall virtual IP. |
694747 |
Error messages no longer appear on the CLI console when setting VDOM mode to |
695262 | In a hyperscale firewall policy, you can no longer incorrectly select Negate after setting the service to All. |
695732 |
You can now create a cluster of two FortiGates with different interface configurations. If you do this, the secondary FortiGate will be re-configured to match the configuration of the primary FortiGate. However, it is still recommended that both FortiGates have the same interface configuration before creating a cluster. |
696133 |
Policy routing works as expected. |
696236 |
Resolved an issue that can cause BGP flapping. |
698587 |
When configuring a Hyperscale firewall SPU offload logging from the GUI you can set the logging mode of a log server group to Per-Session ending. |
698677 |
If you restore a configuration and the configuration file contains a VDOM with the policy offload level set to full-offload but with a VDOM name that doesn't following the hyperscale firewall VDOM naming convention, the policy offload level will be set to disable when the configuration is restored. |
698834 | Resolved an issue that resulted in malformed log message packets. |
699162 |
Resolved an issue that blocked administrative access to a transparent mode VDOM when connecting to an interface in the VDOM. |
699236 701715 |
Resolved an issue that could cause the NPD to hang and result in PBA leaks. |
699348 |
MTU settings for VLAN interfaces are now kept after a system restart. |
699348 |
MTU size settings are no longer lost for VLAN interfaces after a system restart. |
700158 |
Resolved an issue that could cause a kernel panic when creating an EMAC VLAN. |
700271 |
In an active-passive FCGP cluster of two FortiGates licensed for hyperscale firewall features, the secondary FortiGate in the cluster no longer responds to ARP requests. |
700479 |
Resolved an issue that in some cases caused the Sessions dashboard widget to show more sessions than what the system was actually processing. |
701228 |
The |
704140 |
Improved the accuracy of the SPU statistics displayed on the GUI. |
704328 |
The interface used for HA hardware session synchronization can no longer incorrectly be assigned an IP address. |
704463 |
Resolved a VXLAN throughput performance issue. |
704741 |
The execute disk scan command now works as expected on systems with log disks. |
705118 |
Resolved multiple NP7-related DoS protection bugs. |
705322 |
Resolved an issue that could block session synchronization between FGSP peers. |
705329 |
FortiGates with NP7 processors now support using a LAG interface for FGSP session synchronization. |
705792 708569 |
Resolved multiple issue with NP7 CAPWAP offloading that could block client traffic when the |
705902 |
Resolved an issue that caused a PBA leak while running a high amount of UDP traffic. |
706150 |
Resolved an issue with EIF and ALG session handling that can cause sessions to be lost and problems with resource allocation. |
706196 709892 |
Resolved syntax check issues that prevented adding valid policy routes that do not have a gateway configured and allowed adding invalid policy routes with no outgoing interface configured. |
706256 |
Any valid address object, including an FQDN address, can be added to a DoS policy. |
706601 |
Resolved an issue that caused the output of the |
706871 |
Improved the quality of the information displayed by the |
707714 703290 709590 709786 |
Various NPD process crash issues. |
708415 | The per-session-ending log mode now works as expected if the FortiGate is set to use the CPU for hardware logging. See Configuring hardware logging for more information. |
708839 |
Resolved an issue that could cause a FortiGate with CAPWAP offloading to become unresponsive when adding a VLAN interface to a wireless interface. |
708874 |
Resolved an issue that could cause delays for some types of traffic after an HA failover. |
709046 |
Resolved an issue that could cause inaccurate statistics reporting when the system is processing a large number of sessions. |
709481 |
Added support for proxy-based SIP in hyperscale firewall VDOMs. |
710219 |
Added support for VLANs over LAG for GTPu enhanced mode traffic. |
710232 |
Resolved an issue that caused BGP flapping when processing high levels of bursty traffic or when processing fragmented packets. |
710475 709091 |
The |
710748 |
Resolved an issue that could prevent QSFP28 interfaces from connecting when speed is set to 40000full. |
710999 |
The |
712291 |
Forward error correction (FEC) is now set correctly for split interfaces. |
712517 |
Resolved multiple issues that could prevent NAT64 hairpin policies from working as expected. |
713821 |
Information displayed by the |
714342 |
The |
714350 |
Resolved an issue that could cause the VLAN ID to be missing from exception packets to and from VLAN interfaces. |
725268 |
IPsec traffic can now be offloaded when being sent over an EMAC VLAN interface. |