Known issues
The following issues have been identified in Hyperscale firewall for FortiOS 6.4.8 Build 6165. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.4.8 release notes also apply to Hyperscale firewall for FortiOS 6.4.8 Build 6165.
Bug ID |
Description |
---|---|
724085 | Traffic is blocked by EMAC-VLAN interfaces when the parent interface is in another VDOM. |
728602 | The GUI allows you to enable EIM in an IPv4 hyperscale firewall policy with NAT enabled and with a CGN overload IP pool. But when you save the policy and re-open it, EIM is not enabled. This configuration cannot be set up from the CLI. EIM in an IPv4 hyperscale firewall policy with NAT enabled and with a CGN overload IP pool is not supported. |
728605 |
The CLI allows you to enable EIF for an IPv4 hyperscale firewall policy with NAT enabled and with a CGN overload IP pool. This configuration cannot be set up from the GUI. EIF in an IPv4 hyperscale firewall policy with NAT enabled and with a CGN overload IP pool is not supported. |
734305 |
When configuring an IPv4 DoS policy from the GUI in a hyperscale firewall VDOM, the source address and destination address drop-down lists include firewall addresses that are not supported for an IPv4 DoS policy. For example, the drop down lists on the GUI may include wildcard addresses, FQDN addresses, and so on. The CLI allows you to select from the supported source and destination addresses. |
757417 |
With per-session accounting enabled on a hyperscale firewall FGCP HA cluster, when you change the configuration of a hyperscale firewall policy that is not currently accepting traffic, the hit counter for the policy increases on the secondary FortiGate. |
757420 |
Session synchronization to the secondary FortiGate in an FGCP hyperscale firewall HA cluster may stop working, causing the secondary FortiGate to stop responding. |
758364 | When operating an FGCP hyperscale firewall HA cluster, enabling or disabling Endpoint Independent Filtering (EIF) in a hyperscale firewall policy on the primary FortiGate is not synchronized to the secondary FortiGate. |
759154 | Enabling srcaddr-negate does not block traffic if the hyperscale firewall policy includes more than one source address. |
759639 | Per-policy accounting hit counts that are displayed on the GUI and CLI for UDP traffic are not accurate. |
760010 760234 | Per-policy accounting does not display hit counts on the GUI for NAT46 and NAT64 firewall policies. |
760215 | Established sessions may not display hit counts after per-policy accounting is enabled. |
760273 | Established sessions may continue to report hit counts after per-policy accounting is disabled. |
760280 | Enabling or disabling per-policy accounting deletes all active sessions. So enabling or disabling per-policy accounting should only be done during a quiet period. |
760560 | The timestamp displayed on the GUI and CLI for the default deny policy (policy id = 0) in a hyperscale firewall VDOM is incorrect. |