Known issues
The following issues have been identified in FortiGate-6000 and FortiGate-7000 FortiOS 6.4.2 Build 1749. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 6.4.2 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.4.2 Build 1749.
Bug ID |
Description |
---|---|
600879 |
Packet capture from a firewall policy does not work. |
608729 |
IPsec VPN phase 2 auto negotiating does not work if IPsec VPN load balancing is enabled. |
612622 |
SSL connections to a FortiSandbox do not work if the |
613617 |
The For example, when you set a config system fortiguard set source-ip <ip-address> end |
632983 |
When a failed FGSP session-sync interface is restored or a new FGSP node is added on the fly, existing sessions are not immediately synced among all FGSP nodes. |
637125 |
The RSSO |
643958 | Inconsistent data from FortiGate-6000 and 7000 FFDBs may cause the confsyncd process to crash. |
650894 |
The FortiManager IPsec tunnel monitor incorrectly shows that active IPsec tunnels on a FortiGate-6000 or 7000 are down. |
661982 |
The FortiOS 6.4 For more information about the |
661987 |
Configuration synchronization failures can occur if the configuration is continuously changed over an extended time period. |
662858 |
FortiGate-6000 and 7000 for FortiOS 6.4.2 does not support FortiOS Network Access Control (NAC) features. Support will be added to a future release. |
662973 |
Changes to multiple firewall policies and changes to the order of firewall policies on a FortiGate-6000 or 7000 with a large number of firewall policies can cause configuration synchronization errors. |
664903 |
SD-WAN health check status information is not synchronized to all FPCs or FPMs. |
665984 |
Updating individual VDOM CA certificates may cause out-of-sync errors. |
666390 |
After restoring a configuration containing a large number of VDOMs, the number of entries in the application list could exceed the maximum value, causing configuration errors when the FortiGate-6000 or 7000 starts up. |
666583 | Downgrading or upgrading the FFDB may cause the confsyncd process to crash.
|
667325 | An FFDB update may cause the system to enter conserve mode. |
667861 |
FortiGate-6000 or 7000 IPv6 in-band management does not work if an IPv6 policy route matching the in-band management traffic has been added to the configuration. |
668290 |
FortiGate-6000 or 7000 traffic or data interfaces are not currently supported for FGSP session synchronization. Instead you must use FortiGate-6000 HA interfaces or FortiGate-7000 M1 and M2 interfaces for FGSP session synchronization. Due to this limitation, when traffic passes asymmetrically through FGSP peers, since UTM traffic has to be forwarded back to the session owner over the HA interface (layer2-connection unavailable case) for processing, UTM traffic throughput will be limited to 10 Gbps; which is the max capacity of an HA interface. |
668801 | Application control signature upgrades or downgrades may cause cmdbsvr signal 6 (Aborted) messages to appear. |
669951 | Under high load conditions, the confsyncd process may crash during an FFDB update. |
674929 | Application control signature upgrades or downgrades may cause the cmdbsvr process to crash with signal 11. |
675484 |
During stress testing multiple |
675965 |
The FortiView Sessions dashboard may show duplicates of some sessions. |
676009 |
IPv6 sessions cannot be canceled from the FortiView Sources dashboard. |
676270 |
The |
676444 |
The |
676575 |
Fortigate-6000 and 7000 FGSP does not support the FGSP option |
676649 |
The certificate CRL configuration may take longer than expected to synchronize after adding a new CRL. |
676982 | Missing a null pointer checking in hadiff causes the confsyncd process to crash. |
677002 |
Changes to FGSP |
677812 | A confsyncd process segmentation fault occurred when calling cmdb_find_child_entity() in cmf_shm_api . |
678569 |
A confsyncd signal 11 (Segmentation fault) occurred in cmf/cli/hadiff/hadiff_tree.c . |