Fortinet black logo

Hyperscale Firewall Release Notes

Home FortiGate / FortiOS 7.2.2 Hyperscale Firewall Release Notes
7.2.2
7.2.4
7.2.3
7.2.2
7.2.1
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6

Known issues

Known issues

The following issues have been identified in Hyperscale firewall for FortiOS 7.2.2 Build 1255. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 7.2.2 release notes also apply to Hyperscale firewall for FortiOS 7.2.2 Build 1255.

Bug ID

Description

804742

After changing hyperscale firewall policies, it may take longer than expected for the policy changes to be applied to traffic. The delay occurs because the hyperscale firewall policy engine enhancements added to FortiOS 7.2.1 may cause the FortiGate to take extra time to compile firewall policy changes and generate a new policy set that can be applied to traffic by NP7 processors. The delay is affected by hyperscale policy set complexity, the total number of established sessions to be re-evaluated, and the rate of receiving new sessions.
824733 On a FortiGate licensed for Hyperscale firewall features, IPv6 static routes may continue to be active in VDOMs after they have been deleted from the configuration. You can work around this issue by restarting the FortiGate after deleting or changing IPv6 static routes.
829549 Software ALG sessions can incorrectly add DSE entries to the NP7 session table. Traffic accepted by hyperscale firewall policies with cgn-eif enabled can then be matched with the DSE sessions and pass through the FortiGate.

824071

In a Multi-VDOM configuration, ECMP load balancing does not work for IPv4 and IPv6 UDP traffic passing through physical or inter-VDOM link interfaces. Instead, all UDP traffic follows the same route. ECMP load balancing of TCP traffic works as expected.
Previous
Next

Known issues

The following issues have been identified in Hyperscale firewall for FortiOS 7.2.2 Build 1255. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 7.2.2 release notes also apply to Hyperscale firewall for FortiOS 7.2.2 Build 1255.

Bug ID

Description

804742

After changing hyperscale firewall policies, it may take longer than expected for the policy changes to be applied to traffic. The delay occurs because the hyperscale firewall policy engine enhancements added to FortiOS 7.2.1 may cause the FortiGate to take extra time to compile firewall policy changes and generate a new policy set that can be applied to traffic by NP7 processors. The delay is affected by hyperscale policy set complexity, the total number of established sessions to be re-evaluated, and the rate of receiving new sessions.
824733 On a FortiGate licensed for Hyperscale firewall features, IPv6 static routes may continue to be active in VDOMs after they have been deleted from the configuration. You can work around this issue by restarting the FortiGate after deleting or changing IPv6 static routes.
829549 Software ALG sessions can incorrectly add DSE entries to the NP7 session table. Traffic accepted by hyperscale firewall policies with cgn-eif enabled can then be matched with the DSE sessions and pass through the FortiGate.

824071

In a Multi-VDOM configuration, ECMP load balancing does not work for IPv4 and IPv6 UDP traffic passing through physical or inter-VDOM link interfaces. Instead, all UDP traffic follows the same route. ECMP load balancing of TCP traffic works as expected.
Previous
Next