A FortiGate-6000 or 7000 can't communicate with FortiManager over a FortiGate-6000 or 7000 data interface.

Device identity based policies do not work.

The GUI incorrectly includes the mgmt-vdom when displaying a count of the number of VDOMs.

Because of a GUI issue, enabling packet capture from the GUI may not work for some interfaces.

The capture-packet option is not available for some firewall policies.

DNS requests logs showing the source IP as in an internal FortiGate-6000 or 7000 IP address such as 10.101.11.7 or 10.101.11.8 .

Per-ip traffic shaping is applied per FPC or FPM resulting in unexpected or undesirable results. For example, to meet the requirement of 40Mb/sec bandwidth limit for a FortiGate-7000 with four FPMs requires setting a bandwidth limit of 10Mb/sec which is then split over the four FPMs. However, this means a single download is limited to 10Mb/sec instead of 40Mb/sec if no other bandwidth is in use for an IP address.

VRRP does not work as expected with transparent mode VDOMs.

You cannot use the SLBC management interface IP address to manage a FortiGate-6000 or 7000 by connecting to a data interface.

Filter options are not available on the Firewall User Monitor GUI page.

After an HA graceful upgrade some VLAN interfaces may be lost from the configuration. Manually restarting each chassis after the HA upgrade resolves the problem.

The GUI may sometimes crash and be inaccessible after adding a VLAN interface.

SNMP queries cannot capture FortiGate-7000 FIM serial numbers.

FortiGate-7000F cross-FIM LAGs may not work as expected.

The default dp-load-distribution-method does not work properly for traffic that uses session helpers.

The diagnose sys sdn status command output shows no results from the secondary FIM and the FPMs.

The diagnose ip route delete command cannot be used to delete HA routes from FPCs or FPMs in a secondary FortiGate-6000 or 7000 in a FGCP HA configuration.

The FORTINET-FORTIGATE-MIB.mib file contains duplicate OIDs.

The options available when configuring the SLBC management interface from the CLI are not correct.

Mac addresses set using the macaddr interface option do not persist after the FortiGate-6000 or 7000 restarts.

Setting the SLBC management interface to a management LAG causes an error message when the system starts up and after starup special managements ports do not work.

FortiGate-7000E platforms do not support using a LAG for FGSP session synchronization.

The FortiGate-6000 and 7000 FORTINET-CORE-MIB.mib FORTINET-FORTIGATE-MIB.mib files contain syntax errors.

Management, local-out, and IPsec VPN traffic over NPU inter-VDOM links and with VLANs added to NPU inter-VDOM links does not work. Reply traffic terminates on an FPC or FPM instead of on the management board or primary FIM. This bug affects all management and local out traffic over NPU inter-VDOM links, for example:

• IKE negotiation if the IPsec VPN tunnel interface is an NPU inter-VDOM link or a VLAN added to an inter-VDOM link.

• Local-out authentication traffic used to connect to a remote authentication server (for example, LDAP, RADIUS, SSO).

• Management communication with FortiAnalyzer, FortiManager, and FortiGuard.

• ICMP traffic from the management board or primary FIM.

When consolidated firewall mode is enabled, policy statistics such as the number of active sessions, packets, bytes, and so on are not available from the management board or primary FIM. The management board GUI and primary FIM GUI do not display policy statistics and REST API calls and SNMP queries to the management board or primary FIM for policy statistics return with no information. Policy statics are available from individual FPC or FPMs. For information about consolidated firewall mode, see Combined IPv4 and IPv6 policy.