Fortinet black logo

FortiGate-6000 and FortiGate-7000 Release Notes

Home FortiGate / FortiOS 6.4.12 FortiGate-6000 and FortiGate-7000 Release Notes

Known issues

6.4.12
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
Copy Link
Copy Doc ID 923a40db-bedb-11ed-8e6d-fa163e15d75b:532364
Download PDF

Known issues

The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.4.12 Build 1920. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.4.12 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.4.12 Build 1920.

Bug ID

Description

653092

You cannot use the SLBC management interface IP address to manage a FortiGate-6000 or 7000 by connecting to a data interface.

724543

Outbound bandwidth traffic statistics are showing incorrectly on individual FIM and FPM GUI pages.
767742 Because of a limitation of the FIM-7921F switch hardware, the FortiGate-7121F with FIM-7921Fs does not support adding VLANs to flow rules. The vlan setting of the config load-balance flow-rule command is ignored.
773766 The fnbamd and radiusd processes may crash when the FortiGate-6000 or 7000 is managing large numbers of single sign on users.

778239

For all FortiGate-6000 and 7000 models, the CLI allows you to add up to 512 flow rules. However, the number of flow rules that you can add is actually limited by the FortiGate-6000 and 7000 internal switch hardware:

  • All FortiGate-6000F models support up to 256 flow rules.

  • All FortiGate-7000E models support up to 512 flow-rules.

  • A FortiGate-7000F with FIM-7941Fs supports up to 492 flow rules.

  • A FortiGate-7000F with FIM-7921Fs supports up to 52 flow rules.
782095 FortiGate-6000 FGCP cluster interfaces may be assigned virtual MAC addresses that overlap with the virtual MAC addresses assigned to the interfaces of other FortiGates in FGCP clusters, even if they have different group IDs. If you have a FortiGate-6000 FGCP cluster on the same network as FGCP clusters with other FortiGates, you can work around this issue by setting the group IDs of other FortiGate clusters on the same network to a value of 81 or higher.
782640 When viewing FortiView pages from a VDOM the FortiGate-6000 or 7000 may not be able to retrieve data from FortiAnalyzer. The FortiView pages will display the error message "Failed to retrieve FortiView data".
782978 If you attempt to create an FGCP HA cluster and the FortiGate-6000s or 7000s making up the cluster have difference firmware versions, the CLI of one of the FortiGate-6000s or 7000s may display incorrect error messages after restarting.

825029

From the FortiGate-6000 or 7000 GUI or CLI you can only run a policy lookup if the FortiGate-6000 or 7000 has a route to the destination and a properly configured firewall policy that allows traffic to the destination. Normally policy lookup operations only require a route to the destination.

854819

FGSP auto session synchronization randomly fails for some FPCs and FPMs when the MTU of the FGSP session synchronization data interface is set to maximum value of 9216 bytes. FGSP auto session synchronization occurs after an FPC or FPM or a FortiGate-6000 or 7000 in an FGSP cluster restarts. The workaround to this problem is to decrease the MTU of the data interface to 9200 bytes or less.
Previous
Next

Known issues

The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.4.12 Build 1920. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.4.12 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.4.12 Build 1920.

Bug ID

Description

653092

You cannot use the SLBC management interface IP address to manage a FortiGate-6000 or 7000 by connecting to a data interface.

724543

Outbound bandwidth traffic statistics are showing incorrectly on individual FIM and FPM GUI pages.
767742 Because of a limitation of the FIM-7921F switch hardware, the FortiGate-7121F with FIM-7921Fs does not support adding VLANs to flow rules. The vlan setting of the config load-balance flow-rule command is ignored.
773766 The fnbamd and radiusd processes may crash when the FortiGate-6000 or 7000 is managing large numbers of single sign on users.

778239

For all FortiGate-6000 and 7000 models, the CLI allows you to add up to 512 flow rules. However, the number of flow rules that you can add is actually limited by the FortiGate-6000 and 7000 internal switch hardware:

  • All FortiGate-6000F models support up to 256 flow rules.

  • All FortiGate-7000E models support up to 512 flow-rules.

  • A FortiGate-7000F with FIM-7941Fs supports up to 492 flow rules.

  • A FortiGate-7000F with FIM-7921Fs supports up to 52 flow rules.
782095 FortiGate-6000 FGCP cluster interfaces may be assigned virtual MAC addresses that overlap with the virtual MAC addresses assigned to the interfaces of other FortiGates in FGCP clusters, even if they have different group IDs. If you have a FortiGate-6000 FGCP cluster on the same network as FGCP clusters with other FortiGates, you can work around this issue by setting the group IDs of other FortiGate clusters on the same network to a value of 81 or higher.
782640 When viewing FortiView pages from a VDOM the FortiGate-6000 or 7000 may not be able to retrieve data from FortiAnalyzer. The FortiView pages will display the error message "Failed to retrieve FortiView data".
782978 If you attempt to create an FGCP HA cluster and the FortiGate-6000s or 7000s making up the cluster have difference firmware versions, the CLI of one of the FortiGate-6000s or 7000s may display incorrect error messages after restarting.

825029

From the FortiGate-6000 or 7000 GUI or CLI you can only run a policy lookup if the FortiGate-6000 or 7000 has a route to the destination and a properly configured firewall policy that allows traffic to the destination. Normally policy lookup operations only require a route to the destination.

854819

FGSP auto session synchronization randomly fails for some FPCs and FPMs when the MTU of the FGSP session synchronization data interface is set to maximum value of 9216 bytes. FGSP auto session synchronization occurs after an FPC or FPM or a FortiGate-6000 or 7000 in an FGSP cluster restarts. The workaround to this problem is to decrease the MTU of the data interface to 9200 bytes or less.
Previous
Next