Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Hyperscale Firewall Release Notes

    Home FortiGate / FortiOS 7.0.10 Hyperscale Firewall Release Notes
    7.0.10
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.6
    6.2.9
    6.2.7
    6.2.6

    Known issues

    Known issues

    The following issues have been identified in Hyperscale firewall for FortiOS 7.0.10 Build 0450. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 7.0.10 release notes also apply to Hyperscale firewall for FortiOS 7.0.10 Build 0450.

    Bug ID

    Description
    778794 DoS anomaly logs for NP7-offloaded DoS policy sessions incorrectly report the number of times that an anomaly was detected or blocked in the repeats field of DoS anomaly log messages.

    795853

    Disabling EIF and EIM in a hyperscale firewall policy actively processing traffic causes errors in the information stored in the NP7 firewall policy database. For example, the data may include incorrect VDOM IDs and IP addresses.
    807476 On a FortiGate licensed for Hyperscale firewall features, using the cfg-save option of the config system global command to revert configuration changes may result in error messages displaying on the CLI. The error occurs because when packets go through host interface TX/RX queues, some packet buffers can still hold references to VDOM when the host queues are idle. If more packets go through the same host queues for other VDOMs, the issue should resolve.

    810225

    On FortiGates with NP7 processors, the first time you change the password of a newly created administrator from the GUI an "undefined" error message may appear.
    811109

    The HA1, HA2, AUX1, and AUX2 interfaces of the FortiGate-4200F, 4201F, 4400F, and 4401F cannot be added to a LAG.

    826490

    FortiGates with NP7 processors in an FGCP HA cluster may randomly experience a kernel crash and restart when processing IPv6 traffic.

    836976

    Sessions being processed by hyperscale firewall policies with hardware logging may be dropped when dynamically changing the log server log-processor mode from hardware to host for the hardware log sever added to the hyperscale firewall policy. To avoid dropping sessions, change the log-processor setting during quiet periods.

    838654

    In a hyperscale firewall VDOM, NAT64 and NAT46 sessions offloaded to NP7 processors that are blocked by the implicit deny policy do not increase the implicit deny policy hit count.

    839958

    The service-negate firewall policy option does not work as expected in a hyperscale deny policy.

    841712

    The config system npu option nat64-force-ipv4-packet-forwarding is not available.

    842008

    If background session scanning is enabled (using the background-sse-scan option of the config system npu command), after an FGCP HA failover, some sessions may not be synchronized from the primary to the secondary FortiGate.

    842659

    The srcaddr-negate and dstaddr-negate options do not work as expected for IPv6 FTS traffic.

    843132

    Access control list (ACL) policies added while a FortiGate is processing traffic may take longer than expected to become effective. During a transition period, traffic that should be blocked by the ACL policy will be allowed.

    843197

    The output of the diagnose sys npu-session list/list-full command does not include policy route information.

    843266

    Hyperscale firewall sessions that are routed by policy routes do not show information such as hit count and last used when displayed with the diagnose firewall proute list command.

    843305

    A message similar to PARSE SKIP ERROR=17 NPD ERR PBR ADDRESS can appear on the console error log when a FortiGate with NP7 processors starts up.

    844421

    Due to a hardware limitation, when overload mode IP pools are used, the per IP pool session stats are not accurate.

    845781

    FortiGates with NP7 processors can experience kernel panics and regular reboots caused by FortiOS trying to offload an ESP packet received at an EMAC VLAN interface that is accepted by a NAT46 firewall policy.

    846520

    After an FGCP HA failover, the NPD/LPMD processes may be stopped by an out of memory killer process after running mixed sessions even when the amount of memory use is not excessive.

    847314

    FortiGates with NP7 processors may encounter random kernel crashes after a system restart or a factory reset.

    847664

    FortiGates with NP7 processors may display an error message similar to mce: [Hardware Error] while starting up.
    875728 877696 Error messages may appear on the console leading to a kernel panic on a FortiGate with NP7 processors when it is added to an FGCP HA cluster as the secondary FortiGate.
    Previous
    Next

    Known issues

    Known issues

    The following issues have been identified in Hyperscale firewall for FortiOS 7.0.10 Build 0450. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 7.0.10 release notes also apply to Hyperscale firewall for FortiOS 7.0.10 Build 0450.

    Bug ID

    Description
    778794 DoS anomaly logs for NP7-offloaded DoS policy sessions incorrectly report the number of times that an anomaly was detected or blocked in the repeats field of DoS anomaly log messages.

    795853

    Disabling EIF and EIM in a hyperscale firewall policy actively processing traffic causes errors in the information stored in the NP7 firewall policy database. For example, the data may include incorrect VDOM IDs and IP addresses.
    807476 On a FortiGate licensed for Hyperscale firewall features, using the cfg-save option of the config system global command to revert configuration changes may result in error messages displaying on the CLI. The error occurs because when packets go through host interface TX/RX queues, some packet buffers can still hold references to VDOM when the host queues are idle. If more packets go through the same host queues for other VDOMs, the issue should resolve.

    810225

    On FortiGates with NP7 processors, the first time you change the password of a newly created administrator from the GUI an "undefined" error message may appear.
    811109

    The HA1, HA2, AUX1, and AUX2 interfaces of the FortiGate-4200F, 4201F, 4400F, and 4401F cannot be added to a LAG.

    826490

    FortiGates with NP7 processors in an FGCP HA cluster may randomly experience a kernel crash and restart when processing IPv6 traffic.

    836976

    Sessions being processed by hyperscale firewall policies with hardware logging may be dropped when dynamically changing the log server log-processor mode from hardware to host for the hardware log sever added to the hyperscale firewall policy. To avoid dropping sessions, change the log-processor setting during quiet periods.

    838654

    In a hyperscale firewall VDOM, NAT64 and NAT46 sessions offloaded to NP7 processors that are blocked by the implicit deny policy do not increase the implicit deny policy hit count.

    839958

    The service-negate firewall policy option does not work as expected in a hyperscale deny policy.

    841712

    The config system npu option nat64-force-ipv4-packet-forwarding is not available.

    842008

    If background session scanning is enabled (using the background-sse-scan option of the config system npu command), after an FGCP HA failover, some sessions may not be synchronized from the primary to the secondary FortiGate.

    842659

    The srcaddr-negate and dstaddr-negate options do not work as expected for IPv6 FTS traffic.

    843132

    Access control list (ACL) policies added while a FortiGate is processing traffic may take longer than expected to become effective. During a transition period, traffic that should be blocked by the ACL policy will be allowed.

    843197

    The output of the diagnose sys npu-session list/list-full command does not include policy route information.

    843266

    Hyperscale firewall sessions that are routed by policy routes do not show information such as hit count and last used when displayed with the diagnose firewall proute list command.

    843305

    A message similar to PARSE SKIP ERROR=17 NPD ERR PBR ADDRESS can appear on the console error log when a FortiGate with NP7 processors starts up.

    844421

    Due to a hardware limitation, when overload mode IP pools are used, the per IP pool session stats are not accurate.

    845781

    FortiGates with NP7 processors can experience kernel panics and regular reboots caused by FortiOS trying to offload an ESP packet received at an EMAC VLAN interface that is accepted by a NAT46 firewall policy.

    846520

    After an FGCP HA failover, the NPD/LPMD processes may be stopped by an out of memory killer process after running mixed sessions even when the amount of memory use is not excessive.

    847314

    FortiGates with NP7 processors may encounter random kernel crashes after a system restart or a factory reset.

    847664

    FortiGates with NP7 processors may display an error message similar to mce: [Hardware Error] while starting up.
    875728 877696 Error messages may appear on the console leading to a kernel panic on a FortiGate with NP7 processors when it is added to an FGCP HA cluster as the secondary FortiGate.
    Previous
    Next