Known issues
The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.0.8 Build 6599. For inquires about a particular bug, please contact Customer Service & Support.
Bug ID |
Description |
---|---|
546794 |
An RSSO user may not be de-authenticated from the management board when the system administrator de-authenticates the user from the GUI. |
586984 |
HA heartbeat communication may not work with some Cisco ACI switches using QnQ if the switch requires the inner tag to use Ethertype 0x8100. |
592170 |
In a FortiGate-6000 or 7000 HA cluster, if both devices in the cluster are configured with the same chassis ID, the device with the lowest serial number will be shut down. For more information, see Resolving HA cluster chassis ID conflicts. |
594548 |
Some GUI pages that should have a large number of entries, for example the IPv4 firewall policy page, may not be able to successfully display some or all data or may display error messages. |
595851 |
An LDAP user session may have different expiry times on different FPCs or FPMs. |
596347 |
FSSO users that have logged off may still be seen as logged on and will appear in the |
596458 |
Antivirus scanning may allow an infected file to download over HTTP if the initially blocked session is resumed. A workaround for this issue is to use the following command to set the load balancing method to config load-balance setting set dp-load-distribution-method src-dst-ip end |
598950 |
Running the |
598991 |
The |
599009 |
Some FortiView drill down pages don't display all sessions. |
599999 |
The trusted host feature does not block management traffic from an untrusted IP address using the FortiGate-6000 and 7000 special management ports. |
600486 593509 |
If a FortiGate-6000 or 7000 is managing a large number of FSSO or RSSO users, its possible that the You can use the command As a workaround, you can use the |
600727 | Under some conditions, IPsec VPN phase 2 routing information may be missing from the DP processor routing cache. You can use the diagnose test application fctrlproxyd 2 command to view the DP routing cache. If some of the expected routes are missing, you can use the diagnose test application fctrlproxyd 9 command to force an update of the DPx processor routing cache which should add the missing routes. |
600900 |
The internal FortiOS packet sniffer shows that FortiOS incorrectly creates multiple DP assistant packets for IPsec VPN sessions. DP assistant packets are labeled with |
600999 |
The FortiGate-7000 HA heartbeat does not fail over correctly when the switch interface connected to the secondary FortiGate-7000 2-M1 interface is disabled. |
601006 |
On an HA cluster with a large number of active RSSO and FSSO users, if the secondary FortiGate is restarted the system may enter conserve mode. |
601007 |
In a FortiGate-6000 HA cluster, the primary FortiGate-6000 may temporarily stop receiving data traffic for ten to fifteen minutes. Management traffic, such as GUI access and remote logging, continue to operate normally. |
600879 |
The |
601564 |
In some cases, SSL VPN users may be unable to download FortiClient from the SSL VPN web portal running on the FortiGate-6000 or 7000. |