Fortinet black logo

Hyperscale Firewall Release Notes

Home FortiGate / FortiOS 7.0.6 Hyperscale Firewall Release Notes
7.0.6
7.2.4
7.2.3
7.2.2
7.2.1
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6

Known issues

Known issues

The following issues have been identified in Hyperscale firewall for FortiOS 7.0.6 Build 0366. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 7.0.6 release notes also apply to Hyperscale firewall for FortiOS 7.0.6 Build 0366.

Bug ID

Description

724085

Traffic passing through an EMAC-VLAN interface when the parent interface is in another VDOM is blocked if NP7 offloading is enabled. If you set the auto-asic-offload option to disable in the firewall policy, traffic flows as expected.

777212 742251 752024

Hardware logging is not supported for hyperscale firewall policies with Action set to Deny.
782674

On the secondary FortiGate in an FGCP cluster, the diagnose sys npu-sessions st verbose command output shows hung tasks when an FGCP cluster is processing a large number of sessions. These messages only appear on the secondary FortiGate.
804742 After changing hyperscale firewall policies, it may take longer than expected for the policy changes to be applied to traffic. The delay occurs because the hyperscale firewall policy engine enhancements added to FortiOS 7.0.6 may cause the FortiGate to take extra time to compile firewall policy changes and generate a new policy set that can be applied to traffic by NP7 processors. The delay is affected by hyperscale policy set complexity, the total number of established sessions to be re-evaluated, and the rate of receiving new sessions. For more information, see Hyperscale firewall policy engine enhancements.
805846 In the FortiOS MIB files, the trap fields fgFwIppStatsGroupName and fgFwIppStatsInusePBAs have the same OID. As a result, the fgFwIppStatsInusePBAs field always returns a value of 0.
807476 On a FortiGate licensed for Hyperscale firewall features, using the cfg-save option of the config system global command to revert configuration changes may result in error messages displaying on the CLI.
810025 Using EIF to support hairpinning does not work for NAT64 sessions.

810065

When upgrading for FortiOS 6.2 or 6.4 to 7.0.6, hyperscale firewall policy IDs may be changed when they are converted to normal firewall policies.
810379

Creating an access control list (ALC) policy on a FortiGate with NP7 processors causes the npd process to crash.
811109

The HA1, HA2, AUX1, and AUX2 interfaces of the FortiGate-4200F, 4201F, 4400F, and 4401F cannot be added to a LAG.
Previous
Next

Known issues

The following issues have been identified in Hyperscale firewall for FortiOS 7.0.6 Build 0366. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 7.0.6 release notes also apply to Hyperscale firewall for FortiOS 7.0.6 Build 0366.

Bug ID

Description

724085

Traffic passing through an EMAC-VLAN interface when the parent interface is in another VDOM is blocked if NP7 offloading is enabled. If you set the auto-asic-offload option to disable in the firewall policy, traffic flows as expected.

777212 742251 752024

Hardware logging is not supported for hyperscale firewall policies with Action set to Deny.
782674

On the secondary FortiGate in an FGCP cluster, the diagnose sys npu-sessions st verbose command output shows hung tasks when an FGCP cluster is processing a large number of sessions. These messages only appear on the secondary FortiGate.
804742 After changing hyperscale firewall policies, it may take longer than expected for the policy changes to be applied to traffic. The delay occurs because the hyperscale firewall policy engine enhancements added to FortiOS 7.0.6 may cause the FortiGate to take extra time to compile firewall policy changes and generate a new policy set that can be applied to traffic by NP7 processors. The delay is affected by hyperscale policy set complexity, the total number of established sessions to be re-evaluated, and the rate of receiving new sessions. For more information, see Hyperscale firewall policy engine enhancements.
805846 In the FortiOS MIB files, the trap fields fgFwIppStatsGroupName and fgFwIppStatsInusePBAs have the same OID. As a result, the fgFwIppStatsInusePBAs field always returns a value of 0.
807476 On a FortiGate licensed for Hyperscale firewall features, using the cfg-save option of the config system global command to revert configuration changes may result in error messages displaying on the CLI.
810025 Using EIF to support hairpinning does not work for NAT64 sessions.

810065

When upgrading for FortiOS 6.2 or 6.4 to 7.0.6, hyperscale firewall policy IDs may be changed when they are converted to normal firewall policies.
810379

Creating an access control list (ALC) policy on a FortiGate with NP7 processors causes the npd process to crash.
811109

The HA1, HA2, AUX1, and AUX2 interfaces of the FortiGate-4200F, 4201F, 4400F, and 4401F cannot be added to a LAG.
Previous
Next