Resolved issues
The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 6.2.9 Build 1206. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 6.2.9 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.2.9 Build 1206.
Bug ID |
Description |
---|---|
587400 |
In an FGCP HA configuration, VDOMs on the backup FortiGate-6000 or 7000 can now send files to FortiSandbox. |
589613 |
Traffic from banned IP addresses can no longer pass through the FortiGate-6000 or 7000. |
594258 |
FortiSwitch management over FortiLink now works as expected on a FortiGate-7000 system when FIM2 is the primary FIM. |
601442 |
Resolved an issue that blocked local-out pings from the FortiGate-6000 management board through a transparent mode VDOM, when the option |
616261 737750 |
Resolved an issue that caused the |
635310 |
VLAN interfaces added to accelerated npu_vdom link interfaces can now successfully pass traffic. |
682869 680789 |
The management board and primary FIM GUIs now display correct byte and hit count data for proxy policies set up to allow traffic through the explicit web proxy. |
690662 | The diagnose hardware deviceinfo nic <interface> command output now includes CRC counters. |
693325 |
The |
694516 |
The FortiGate-7000F Log settings GUI page now shows correct log usage information. |
705958 |
Dialup server IPsec VPN tunnels are now successfully synchronized to all FPCs or FPMs when |
714538 |
The |
723528 |
The Sessions: Management widget now shows the correct % distribution of CPU and SPU sessions. |
725139 |
Resolved an issue that could sometimes prevent administrators from removing quarantined IP addresses from the Quarantine Monitor. |
728524 |
The diagnose test application chlbd 3 command now works as expected to recover the FIB form a sync failed state. |
729134 |
Resolved an issue that could prevent OSPF from re-negotiating successfully after an FGCP HA failover. |
732017 |
Resolved an issue that could cause OSPF adjacencies to fail after an FGCP HA failover even though the FortiGate configuration enables OSPF graceful restart. |
732071 |
Resolved a timing issue that could cause an FPC or FPM to become unresponsive for an extended period of time after a firmware upgrade when the configuration includes a large number of UTM profile groups. |
733058 |
IPS TLS probe requests can now be configured from the mgmt-vdom VDOM. For example, the following configuration is now supported: config ips global config tls-active-probe set interface-select-method specify set interface "mgmt1" set vdom "mgmt-vdom" end |
733261 |
Resolved an issue that caused SNMP queries to return empty values for some FPCs or FPMs. |
735492 735279 |
Resolved an issue that may cause one or more FPCs or FPMs to become unresponsive and for the console to print error messages that include |
736124 |
Resolved an issue that caused a |
740073 |
Resolved an issue that caused the |
741274 | Resolved an issue that caused BGP flapping during IPsec phase 2 re-keying, resulting in dropped IPsec VPN sessions. |
742176 | Resolved an issue that could cause a FortiGate-6000 or 7000 to stop responding when enabling or disabling the FortiOS Carrier license. |
742994 |
Resolved an issue that caused BGP received prefix lifetimes to be reset every 60 seconds. |
743869 | Resolved an issue that could cause a FortiGate-6000 or 7000 managed by FortiManager to send an invalid configuration to FortiManager. |
744204 |
When consolidated firewall mode is enabled, policy statistics such as the number of active sessions, packets, bytes, and so on are now available from the management board or primary FIM. The management board GUI and primary FIM GUI can now successfully display policy statistics and REST API calls and SNMP queries to the management board or primary FIM for policy statistics work as expected. For information about consolidated firewall mode, see Combined IPv4 and IPv6 policy. |
744344 |
FortiGate-6000 and 7000 mirroring SSL inspected traffic (also called SSL port mirroring) now works as expected. |
744596 | Resolved an issue that could prevent RADIUS users from having to re-authenticate after the RADIUS server session timeout. |
744636 | Resolved an issue that could prevent FortiGate-6000 or 7000 FGCP clusters from synchronizing files received from FortiGuard after the cluster has been operating for 497 days. |
744944 | Resolved an issue that could cause a FortiGate-6000 or 7000 to take too long to synchronize a very large configuration the configuration after the system starts up. After this fix, very large configurations should normally take no longer than approximately 30 minutes to synchronize. |
747819 | Resolved an issue that caused incorrect reporting of the number of large packets processed by a loopback interface. |
748258 |
The output of the |
749357 | Resolved a memory leak that caused high memory usage on the primary FPC or FPM. |
750185 736418 | Fixed SNMP MIB file syntax errors. |
752602 731974 |
Resolved several issues with fragmented packet load balancing. |
755579 |
You can now successfully use the FortiManager Connect to CLI via SSH device manager option to connect to the FortiGate-6000 or 7000 CLI. |
758445 | Increase the FortiGate-7000F boot partition size. This change allows the FortiGate-7000F to support larger more complex configurations that include more VDOMs and firewall policies. Because of this change, the process of upgrading to 6.2.9 Build 1206 will take longer than normal and during this time the FortiGate-7000F will not be able to process traffic. |
737263 |
Management, local-out, and IPsec VPN traffic over NPU inter-VDOM links and with VLANs added to NPU inter-VDOM links works as expected. |
Common vulnerabilities and exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE references |
---|---|
669673 |
FortiOS 6.2.9 for FortiGate-6000 and 7000 series is no longer vulnerable to the following CVE Reference:
|
752134 |
FortiOS 6.2.9 for FortiGate-6000 and 7000 series is no longer vulnerable to the following PSIRT incident number:
|
752450 |
FortiOS 6.2.9 for FortiGate-6000 and 7000 series is no longer vulnerable to the following PSIRT incident number:
|
711576 713993 |
FortiOS 6.2.9 for FortiGate-6000 and 7000 series is no longer vulnerable to the following PSIRT incident number:
|
739011 |
FortiOS 6.2.9 for FortiGate-6000 and 7000 series is no longer vulnerable to the following PSIRT incident number:
|