Disabling EIF and EIM in a hyperscale firewall policy actively processing traffic causes errors in the information stored in the NP7 firewall policy database. For example, the data may include incorrect VDOM IDs and IP addresses.

On FortiGates with NP7 processors, the first time you change the password of a newly created administrator from the GUI an "undefined" error message may appear.

The HA1, HA2, AUX1, and AUX2 interfaces of the FortiGate-4200F, 4201F, 4400F, and 4401F cannot be added to a LAG.

Sessions being processed by hyperscale firewall policies with hardware logging may be dropped when dynamically changing the log server log-processor mode from hardware to host for the hardware log sever added to the hyperscale firewall policy. To avoid dropping sessions, change the log-processor setting during quiet periods.

In a hyperscale firewall VDOM, NAT64 and NAT46 sessions offloaded to NP7 processors that are blocked by the implicit deny policy do not increase the implicit deny policy hit count.

The service-negate firewall policy option does not work as expected in a hyperscale deny policy.

The srcaddr-negate and dstaddr-negate options do not work as expected for IPv6 FTS traffic.

The output of the diagnose sys npu-session list/list-full command does not include policy route information.

Hyperscale firewall sessions that are routed by policy routes do not show information such as hit count and last used when displayed with the diagnose firewall proute list command.

A message similar to PARSE SKIP ERROR=17 NPD ERR PBR ADDRESS can appear on the console error log when a FortiGate with NP7 processors starts up.

Due to a hardware limitation, when overload mode IP pools are used, the per IP pool session stats are not accurate.

After an FGCP HA failover, the NPD/LPMD processes may be stopped by an out of memory killer process after running mixed sessions even when the amount of memory use is not excessive.