Fortinet black logo

Hyperscale Firewall Release Notes

Home FortiGate / FortiOS 6.4.11 Hyperscale Firewall Release Notes
6.4.11
7.2.4
7.2.3
7.2.2
7.2.1
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6

Known issues

Known issues

The following issues have been identified in Hyperscale firewall for FortiOS 6.4.11 Build 2030. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.4.11 release notes also apply to Hyperscale firewall for FortiOS 6.4.11 Build 2030.

Bug ID

Description
724085 Traffic offloaded by NP7 processors is blocked by EMAC-VLAN interfaces when the parent interface is in another VDOM. If auto-asic-offload is disabled in the firewall policy, then the traffic flows as expected.
760560 The timestamp displayed on the GUI and CLI for the default deny policy (policy id = 0) in a hyperscale firewall VDOM is incorrect.

734305

When configuring an IPv4 DoS policy from the GUI in a hyperscale firewall VDOM, the source address and destination address drop-down lists include firewall addresses that are not supported for an IPv4 DoS policy. For example, the drop down lists on the GUI may include wildcard addresses, FQDN addresses, and so on. The CLI allows you to select from the supported source and destination addresses.
796368 Hyperscale firewall VDOMs do not support traffic shaping policies or profiles. Only outbandwidth traffic shaping is supported for hyperscale firewall VDOMs.

802369

Hyperscale firewall policies containing a fixed allocation IP pool and a large number of client IP addresses (for example, 65K addresses) can cause high CPU usage and can reduce overall system performance.
805846 In the FortiOS MIB files, the trap fields fgFwIppStatsGroupName and fgFwIppStatsInusePBAs have the same OID. As a result, the fgFwIppStatsInusePBAs field always returns a value of 0.

817091

NP7 processors drop ICMP and UDP sessions in an asymmetric FGSP cluster if the sessions are accepted by a firewall policy with UTM enabled.

850774

A hardware-related issue with FortiGate-4200F and 4400F HA1 and HA2 interfaces causes some session synchronization packets to be dropped when using these interfaces as FGCP session synchronization interfaces.
Previous
Next

Known issues

The following issues have been identified in Hyperscale firewall for FortiOS 6.4.11 Build 2030. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.4.11 release notes also apply to Hyperscale firewall for FortiOS 6.4.11 Build 2030.

Bug ID

Description
724085 Traffic offloaded by NP7 processors is blocked by EMAC-VLAN interfaces when the parent interface is in another VDOM. If auto-asic-offload is disabled in the firewall policy, then the traffic flows as expected.
760560 The timestamp displayed on the GUI and CLI for the default deny policy (policy id = 0) in a hyperscale firewall VDOM is incorrect.

734305

When configuring an IPv4 DoS policy from the GUI in a hyperscale firewall VDOM, the source address and destination address drop-down lists include firewall addresses that are not supported for an IPv4 DoS policy. For example, the drop down lists on the GUI may include wildcard addresses, FQDN addresses, and so on. The CLI allows you to select from the supported source and destination addresses.
796368 Hyperscale firewall VDOMs do not support traffic shaping policies or profiles. Only outbandwidth traffic shaping is supported for hyperscale firewall VDOMs.

802369

Hyperscale firewall policies containing a fixed allocation IP pool and a large number of client IP addresses (for example, 65K addresses) can cause high CPU usage and can reduce overall system performance.
805846 In the FortiOS MIB files, the trap fields fgFwIppStatsGroupName and fgFwIppStatsInusePBAs have the same OID. As a result, the fgFwIppStatsInusePBAs field always returns a value of 0.

817091

NP7 processors drop ICMP and UDP sessions in an asymmetric FGSP cluster if the sessions are accepted by a firewall policy with UTM enabled.

850774

A hardware-related issue with FortiGate-4200F and 4400F HA1 and HA2 interfaces causes some session synchronization packets to be dropped when using these interfaces as FGCP session synchronization interfaces.
Previous
Next