Resolved issues
The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 7.0.5 Build 0057. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 7.0.5 release notes also apply to FortiGate-6000 and 7000 FortiOS 7.0.5 Build 0057.
|
Bug ID |
Description |
|---|---|
| 575103 |
When setting up FGSP cluster sync instances, you can now only use the |
|
647254 802105 |
Duplicate IPv4 ECMP routes no longer appear on FPCs or FPMs on the secondary FortiGate-6000 or 7000 in an FGCP cluster. |
| 652140 | Resolved an issue with CLI error checking when adding source and destination interfaces to an FGSP session sync filter. |
|
654054 |
Resolved an issue that could sometimes block incoming SSL VPN traffic terminated by the FortiGate-6000 or 7000. |
| 682426 776795 | The ha-direct FGCP HA option now works as expected on the FortiGate-6000 and 7000 to allow local out traffic (such as sending log messages out an HA dedicated management interface). |
|
719609 |
Resolved an issue that blocked fragmented ICMP traffic from passing through EMAC VLAN interfaces. |
| 731710 | Resolved an issue with how console baud rate changes are synchronized to FPCs or FIMs and FPMs that caused the console to display unsupported characters after changing the console baud rate. |
|
734898 |
Resolved an issue that could cause the |
| 752402 | Resolved an issue that sometimes blocked traffic from passing through a FortiGate-7000F because FortiOS assigned an incorrect MAC address to a VLAN interface. |
|
762210 |
Resolved an issue that would result in fragmented and non-fragmented ICMP packets from the same session being sent to different FPCs or FPMs. |
|
765407 |
Resolved an issue that prevented using management interfaces on the secondary FIM in a FortiGate-7000F for FGSP heartbeat traffic. |
|
771680 |
Configuring SSL VPN Web portals from the GUI now works correctly. |
|
771802 |
Improvements to SD-WAN compatibility with SLBC. |
| 776828 778392 689047 801738 814002 813223 | Multiple FortiOS 7.0.5 kernel fixes. |
|
777336 |
Resolved a FortiGate-7000 issue that could cause local out traffic from FIMs and FPMs to have overlapping SNAT port ranges. |
| 777415 780296 813096 814330 821710 823335 | Resolved a number of issues with synchronizing SDN connector information among components within a FortiGate-6000 or 7000 or between FortiGate-6000s or 7000s in an FGCP HA configuration. |
| 778260 | DP session monitoring no longer incorrectly refreshes DP IPSec sessions. |
| 779078 | Resolved an issue that caused some synchronized sessions to stay in the CLOSE_WAIT state on the secondary FortiGate-6000 or 7000 in an FGCP cluster. |
|
783689 |
Resolved an issue that caused FortiGate-6000F DC models with only one DC PSU connected to power to become unstable, causing some FPCs to restart. |
| 784653 827567 | Resolved an issue with FortiGate-7000F signature handling that resulted in Fail to append signature error messages and causes the GUI and CLI to indicate that the firmware is not certified. |
|
786659 |
Resolved an issue that caused the |
| 787419 | Resolved an issue that prevented some user generated certificates from being deleted during a factory reset. |
| 789847 | The CLI no longer allows you to split the FIM-7921F P1 and P2 interfaces. Splitting these interfaces is not supported by the FIM-7921F hardware. |
|
792617 786529 |
Resolved multiple issues that could cause the |
|
792717 |
Resolved an issue that caused large numbers of IPsec VPN clients with dead peer detection (DPD) enabled to temporarily block dialup IPsec VPN tunnel traffic. |
|
795166 796821 795103 |
Resolved multiple TPM issues. |
|
796260 822433 |
Resolved an issue that could cause the link monitor status to appear incorrectly down for FPCs in the secondary FortiGate-6000 in an FGCP HA cluster after performing a non-graceful firmware upgrade. |
| 803585 | Resolved memory leak issues that could cause a FortiGate-6000 or 7000 to enter conserve mode and become unresponsive because of high memory utilization. |
| 805704 | Resolved an issue with the stability of L2TP sessions. |
| 805808 820426 | Resolved an issue on the FortiGate-7121F that could cause TCP packets to be dropped because of how NP7 processors handle packet fragmenting for sessions with proxy inspection and antivirus. |
|
805972 |
Resolved an issue that could cause an FIM in slot 2 to appear on the FortiGate-7000 GUI when the system only includes one FIM in slot 1. |
| 808859 | The Security Fabric no longer sends CSF discovery packets when the log-unification Security Fabric option is disabled. |
| 809019 | Resolved an issue that prevented the secondary FortiGate-6000 or 7000 in an FGCP HA cluster from replying to SNMP queries sent to one of the secondary FortiGate's in-band management IP addresses. |
| 811615 | Resolved an issue that prevented GTP tunnels from being synchronized to the secondary FortiGate-7000 in an FGCP HA cluster running FortiOS Carrier after the secondary FortiGate-7000 restarts. |
| 813646 | Time zone changes are now successfully synchronized to all FPCs or all FIMs and FPMs. |
| 816012 | The FortiGate-6000 no longer indicates that interfaces configured for 1G speed are always up when the interface socket contains a CR transceiver. |
| 817282 | Fixed some cmdb and configuration synchronization memory leaks that could cause the FortiGate-6000 management board to experience high memory usage. |
| 819521 818058 |
Resolved an issue that prevented the |
| 819962 | FortiGate-6000 and 7000 SDN connector dynamic object resolution should now work as expected. |
| 821125 | Resolved an issue with IPsec tunnel synchronization that caused IPsec tunnels to block traffic if the firewall policy included one or more user groups. Traffic would be blocked because the user group id was not being synchronized correctly. |
| 822791 807725 653092 811240 811279 | When a FortiGate-6000 and 7000 management interface is configured to be an HA reserved management interface (using the ha-mgmt-interface HA option), the interface now correctly reverts to using its own permanent MAC address, instead of using the virtual MAC address assigned to the interface by the FGCP. |
| 822976 | Resolved an issue that caused some routes used by IPsec VPNs to be unexpectedly missing from the kernel routing table. |
| 823970 | Enabling or disabling an inactive SDN connector no longer affects dynamic addresses received from active SDN connectors. |
| 824789 | IPsec tunnels now support authenticating users added to the FortiGate configuration as local users. |
| 825031 | Fixed an SDN connector memory leak. |
|
825086 |
Resolved an issue with how virtual MAC address were calculated that caused local in and local out traffic to be blocked after configuring virtual clustering and enabling virtual cluster 2. |
| 826344 | Resolved an issue that created duplicate IPsec VPN event log messages. |
| 828072 | Resolved an issue that would sometimes mean that UTM security events are not linked to forward traffic logs. |
| 830531 | The SNMP sysName field no longer includes a serial number. The sysName field now just returns the host name. |
|
832121 |
Resolved an issue that caused IPv6 link-local addresses to not be updated to use HA virtual MAC addresses after enabling FGCP HA. |
|
835699 |
Resolved an issue that caused configuration synchronization looping because incorrect checksums were generated for certificates. As a result, the system would incorrectly determine that certificates were not synchronized and attempt to re-synchronize them. |