Fortinet black logo

FortiGate-6000 and FortiGate-7000 Release Notes

Home FortiGate / FortiOS 7.0.12 FortiGate-6000 and FortiGate-7000 Release Notes
7.0.12
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7

Resolved issues

Resolved issues

The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 7.0.12 Build 0169. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 7.0.12 release notes also apply to FortiGate-6000 and 7000 FortiOS 7.0.12 Build 0169.

Bug ID

Description

669947

The FortiGate-7000F diagnose load-balance np7-lb session find command displays the same information as the FortiGate-6000F or 7000E diagnose load-balance dp session find command.

719609 871968

Resolved an issue that blocked fragmented ICMP traffic from passing through EMAC VLAN interfaces.
739812 The output of the diag sys ha dump-by group command on a FortiGate-7000 is now consistent with the output of this command on other FortiGate models.

785084

Resolved an issue that caused local out ICMP6 traffic to be assigned a port number that is no in the configured local-out port range.

846164

Resolved a FortiGate-6000 issue that caused the DP processor to send IPv6 traffic to the wrong FPC.

856706

IPsec SA synchronization between the FortiGate-6000s or 7000s in an FGCP HA cluster now works as expected.

866799

DLP fingerprint information is now synchronized to all FPCs or FPMs.
867450 The primary FPC or FPM no longer broadcasts IPv6 RA packets from transparent mode VDOMs to other FPCs or FPMs.
868165 DLP archiving to FortiAnalyzer now works as expected.

874008 881503

Resolved an issue that caused a LAG interface that is operating normally to appear to be down if the min-links interface configuration option is set to 2.
875682 Resolved a synchronization issue that prevented split interface configuration settings from being synchronized to the secondary FortiGate-7000F in an FGCP HA cluster.
894169 The diagnose sys npu-session command, when run from an FIM, now shows the NP7 sessions for both FIMs.
902058 Resolved an issue that could cause the Security Fabric group name to be chanced to SLBC after a firmware upgrade and to be blocked from changing the group name.
902206 Resolved an issue that would cause the FortiGate-7000E management interface LAG to block management traffic if one of the management interfaces goes down but one or more of the other management interfaces are still connected.

904470 917948

Resolved an issue with how IP checksums are calculated for NP6-offloaded NAT64 traffic.
907480 Resolved a coding issue that could cause an FPC to shut down because of a kernel panic.
908366 908641 Resolved an issue related to wildcard users that could prevent an administrator from authenticating with RADIUS after using the execute ha management command to log into the secondary FortiGate-6000 or 7000 in an FGCP cluster or using the execute load-balance slot manage command to log into a FPC from the management board or to an FPM from an FIM.

910319

The new-session user authentication timeout type now works as expected.

911035

The diagnose hardware test cpld command now displays the correct CPLD version number.

911382

On a FortiGate-7000F FGCP cluster, filters set up using the diagnose sys npu-session filter command are now applied correctly to output of the diagnose sys npu-session list6 commands for FPMs in the secondary FortiGate-7000F.
913040

The config vpn ssl settings option tunnel-addr-assigned-method is now available again in the FortiGate-6000 and 7000 CLI. This option had been removed in a previous release because setting this option to first-available and configuring multiple IP pools was found to reduce FortiGate-6000 and 7000 SSL VPN load balancing performance. However, some users may want the ability to use multiple IP pools for their SSL VPN configuration, even if performance is reduced. So the change has been reverted.

923858

Resolved an issue that prevented the FortiGate-7121F from connecting to FortiGuard.

923896

Resolved an issue with FortiGate-6000 and 7000 support for one-to-one IP pools.
Previous
Next

Resolved issues

The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 7.0.12 Build 0169. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 7.0.12 release notes also apply to FortiGate-6000 and 7000 FortiOS 7.0.12 Build 0169.

Bug ID

Description

669947

The FortiGate-7000F diagnose load-balance np7-lb session find command displays the same information as the FortiGate-6000F or 7000E diagnose load-balance dp session find command.

719609 871968

Resolved an issue that blocked fragmented ICMP traffic from passing through EMAC VLAN interfaces.
739812 The output of the diag sys ha dump-by group command on a FortiGate-7000 is now consistent with the output of this command on other FortiGate models.

785084

Resolved an issue that caused local out ICMP6 traffic to be assigned a port number that is no in the configured local-out port range.

846164

Resolved a FortiGate-6000 issue that caused the DP processor to send IPv6 traffic to the wrong FPC.

856706

IPsec SA synchronization between the FortiGate-6000s or 7000s in an FGCP HA cluster now works as expected.

866799

DLP fingerprint information is now synchronized to all FPCs or FPMs.
867450 The primary FPC or FPM no longer broadcasts IPv6 RA packets from transparent mode VDOMs to other FPCs or FPMs.
868165 DLP archiving to FortiAnalyzer now works as expected.

874008 881503

Resolved an issue that caused a LAG interface that is operating normally to appear to be down if the min-links interface configuration option is set to 2.
875682 Resolved a synchronization issue that prevented split interface configuration settings from being synchronized to the secondary FortiGate-7000F in an FGCP HA cluster.
894169 The diagnose sys npu-session command, when run from an FIM, now shows the NP7 sessions for both FIMs.
902058 Resolved an issue that could cause the Security Fabric group name to be chanced to SLBC after a firmware upgrade and to be blocked from changing the group name.
902206 Resolved an issue that would cause the FortiGate-7000E management interface LAG to block management traffic if one of the management interfaces goes down but one or more of the other management interfaces are still connected.

904470 917948

Resolved an issue with how IP checksums are calculated for NP6-offloaded NAT64 traffic.
907480 Resolved a coding issue that could cause an FPC to shut down because of a kernel panic.
908366 908641 Resolved an issue related to wildcard users that could prevent an administrator from authenticating with RADIUS after using the execute ha management command to log into the secondary FortiGate-6000 or 7000 in an FGCP cluster or using the execute load-balance slot manage command to log into a FPC from the management board or to an FPM from an FIM.

910319

The new-session user authentication timeout type now works as expected.

911035

The diagnose hardware test cpld command now displays the correct CPLD version number.

911382

On a FortiGate-7000F FGCP cluster, filters set up using the diagnose sys npu-session filter command are now applied correctly to output of the diagnose sys npu-session list6 commands for FPMs in the secondary FortiGate-7000F.
913040

The config vpn ssl settings option tunnel-addr-assigned-method is now available again in the FortiGate-6000 and 7000 CLI. This option had been removed in a previous release because setting this option to first-available and configuring multiple IP pools was found to reduce FortiGate-6000 and 7000 SSL VPN load balancing performance. However, some users may want the ability to use multiple IP pools for their SSL VPN configuration, even if performance is reduced. So the change has been reverted.

923858

Resolved an issue that prevented the FortiGate-7121F from connecting to FortiGuard.

923896

Resolved an issue with FortiGate-6000 and 7000 support for one-to-one IP pools.
Previous
Next