Resolved an issue that created duplicate backup routes after an HA failover. The same issue caused proto=20 routes to be deleted before route-ttl ends and sometimes caused excess memory usage. You can use the following command to clear proto=20 routes (also called backup routes): diagnose test application chlbd 15.

The GUI no longer incorrectly includes the mgmt-vdom when calculating the number of VDOMs.

Running a packet capture from the GUI now works as expected.

Resolved an issue that resulted in a FGCP HA cluster entering conserve mode because of low memory when the cluster is managing a large number of active RSSO or FSSO users. The issue would often happen when the secondary FortiGate-6000 or 7000 restarted.

Resolved an issue that resulted in displaying inaccurate interface bandwidth usage information on the FortiGate-7000F GUI.

Improved FIB synchronization for the FortiGate-6000 management board or FortiGate-7000 FIMs. The management board or either FIM can now request to download the FIB from the primary FPC or FPM when incremental FIB synchronization is interrupted. This also helps resolve an issue with the management board or primary FIM being unable to accurately synchronize the system routing table with FortiManager.

Resolved an issue that caused the fgfmsd process to crash when running configuration scripts.

SNMP queries can now successfully capture FIM serial numbers.

The diagnose sys npu-session list command now displays ICMP sessions.

Resolved an issue that caused FortiGate-7000F load balancing to send fragmented and non-fragmented packets from the same session to different FPMs.

Resolved an issue that can cause the hasync process to crash on one or more FPCs or FPMs when the system is managing a large number of users.

Resolved an issue that could prevent incremental FIB synchronization updates from resuming after the FIB is downloaded from the primary FPC or FPM after an error condition.

Adjusted the logic used during system startup to record the status of FPCs and FPMs and the order in which VDOMs are created.

Corrected overlapping MAC addresses found on two internal interfaces.

Resolved an issue that caused proto=18 routes to get stuck on FPMs that are not the primary FPM during FIB delete synchronization events.

Resolved an issue that prevented the FortiGate from recording the number of bytes received by a newly configured LAG or redundant interface.

Resolved an issue that could sometimes prevent the FortiGate from deleting all VDOMs after a factory reset.

Resolved a timer problem that kept IPv6 FTP pinhole sessions in NP7 processor session tables for too long.

The diagnose ip route delete command can now be used to delete HA routes from FPCs or FPMs in a secondary FortiGate-6000 or 7000 in a FGCP HA configuration.

Resolved an issue that caused BGP to stop working after an FIM failover or restart.

Fixed syntax errors in the FORTINET-CORE-MIB.mib FORTINET-FORTIGATE-MIB.mib files.

On FortiGate-7000E system with QSFP28 interfaces, the 40G speed setting is now only available if the interface is configured using set qsfp28-40g-port <interface> option under config system global.

Resolved an issue that caused flow rules based on the source interface to be ignored after a system restart.

The expected options are now available when configuring the SLBC management interface from the CLI.

Resolved an issue that could prevent syslog messages from being generated on an FPM when the system is processing a large number of sessions.

MAC addresses set using the macaddr interface option now persist after the FortiGate-6000 or 7000 restarts.

Resolved an issue that displayed the message NP7: None NP interface 1-mgmt1 is in a NP LAG interface on the CLI console while editing a management LAG.

Resolved an issue that could sometimes prevented FortiOS from receiving accurate chassis information, such as the chassis serial number, from the SMM.

Setting the SLBC management interface to a management LAG no longer causes an error message when the system starts up. After system startup, special managements ports work as expected.

Proto_state is now set correctly for NP7 TCP sessions in the TIME_WAIT state.

Improved the accuracy of the Dataplane and Interface Bandwidth dashboard wdgets.

Resolved an issue that caused multiple HA failovers that would result all entries being removed from the FIB.

The CHLB_ROUTE_NOTIFY receive counter on FIMs no longer shows twice the actual number of messages received.

Resolved an issue that could prevent Chromebook clients from communicating through L2TP IPsec tunnels.

Resolved an issue that caused the hasync process to crash.

Resolved an issue that caused Detected Tx Unit Hang messages to appear on the FortiGate-7000 CLI console.

Resolved an issue with VLAN interfaces added to a LAG that blocked local in and passthrough traffic.

The config system global option miglog-affinity now works as expected.

Resolved an issue that caused VRRP between an FGCP cluster and a router to stop working after the FGCP cluster experienced an FGCP HA failover.

A message is added to the FortiGate-6000 crashlog if an FPC is shut down due to insufficient power.

Resolved an issue that caused NP7 processors to block ICMP traffic from being accepted by firewall policies with IP pools.

SNMP query for OID 1.3.6.1.4.1.12356.101.99.2.1.1.8 now works as expected.

Resolved an issue that caused SNMP query timeouts and snmpd process crashes.

Resolved an issue that could sometimes prevent the primary FortiGate in an FGCP HA cluster from sending checksum information to the secondary FortiGate.

Resolved an issue related to SSH keys that could prevent a factory reset FPC or FPM from rejoining the SLBC cluster.

Resolved an issue that could sometimes cause an interface to be created on an FPM with a duplicate MAC address.

Both FIMs and FPMs now have the same range for the max-size option of the config log memory command.

VRRP state synchronization between FPCs and between FIMs and FPMs now works as expected.

Resolved an issue that prevented synchronizing NP7 load balancing policies after the DP load distribution method is changed.

Resolved an issue that delayed SNMP queries received by a LAG interface.

Resolved an issue that could block traffic when first enabling Split-Task VDOM mode.

FortiOS 6.2.7 for FortiGate-6000 and 7000 series is no longer vulnerable to the following CVE Reference:

• CVE-2021-26110