Added a note about ACL policy changes made to a hyperscale firewall VDOM that is processing traffic may take longer than expected to become effective, see Hyperscale firewall 6.2.9 incompatibilities and limitations.

Added more information about the NP7 hash-config option to Configuring how the internal switch fabric distributes sessions to NP7 processors.

NP7 hardware logging must use interfaces connected to NP7 processors to communicate with the remove log servers. This information was added to Configuring hardware logging.

Added more information about arp-reply support limitations for IPv4 and IPv6 firewall VIPs to Hyperscale firewall 6.2.9 incompatibilities and limitations.

Corrections to Creating hyperscale firewall VDOMs.

Changes to Configuring HA hardware session synchronization.

New sections:

• How the NP7 hash-config affects CGNAT.

• How the NP7 hash-config affects sessions that require session helpers or ALGs.

Revised information about using the FortiGate-4200F/4201F and 4400F/4400F HA1, HA2, AUX1 and AUX2 interfaces. Using the following command is no longer recommended. Instead see the new section Recommended interface use for an FGCP HA hyperscale firewall cluster.

config system npu

config port-path-option

set ports-using-npu {ha1 ha2 aux1 aux2}

end

Removed information about the vlan-lookup-cache option of the config system npu command because this command is available on FortiGates with NP7 processors, whether or not they are licensed for hyperscale firewall features. For information about the vlan-lookup-cache option, see vlan-lookup-cache {disable | enable}.

Added two new FGCP HA-related limitations to Hyperscale firewall 6.2.9 incompatibilities and limitations.

Improved the information in Enabling hyperscale firewall features.

Removed the incorrect statement "NP7 fragment reassembly is not supported" from Hyperscale firewall 6.2.9 incompatibilities and limitations. New section: Reassembling fragmented packets. Corrected the section Setting the hyperscale firewall VDOM default policy action.

FortiOS 6.2.9 document release.

New section Hyperscale firewall 6.2.9 incompatibilities and limitations. Added information about FortiGates licensed for hyperscale firewall features not supporting the proxy option for DoS policy anomalies to this section.

The section What's new for hyperscale firewall for FortiOS 6.2.7 and this document includes new FortiOS 6.2.7 hyperscale firewall features. New FortiOS 6.2.7 NP7 processor features have been moved to Hardware Acceleration. See also, What's new for FortiGates with NP7 processors for FortiOS 6.2.7

Corrections to Applying the hyperscale firewall activation code or license key.

FortiOS 6.2.7 document release.

New section Displaying IP pool data.

Corrections to information about the cgn-session-quota and cgn-resource-quota options in the section CGN resource allocation hyperscale firewall policies.

Added information about hyperscale firewall VDOMs not supporting central NAT and added links to more information about hyperscale firewall incompatibilities and limitations to Getting started with NP7 hyperscale firewall features.

New section Hyperscale sessions dashboard widget.

Added a limitation of the NP7 packet sniffer to NP7 hyperscale firewall packet sniffer. The NP7 packet sniffer does not support sniffing traffic on IPv4 or IPv6 IPsec VPN tunnel interfaces.

Fixed some errors in NP7 hyperscale firewall packet sniffer.

Improved the explanations in Creating hyperscale firewall VDOMs and Enabling hyperscale firewall features.

New section: CGN resource allocation firewall policy source and destination address limits. Added examples to NP7 hyperscale firewall packet sniffer.

Added a new feature to What's new for hyperscale firewall for FortiOS 6.2.6 and fixed some broken links.