Resolved issues
The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 6.2.6 Build 1158. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 6.2.6 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.2.6 Build 1158.
Bug ID |
Description |
---|---|
501057 |
Resolved an issue that caused incorrect IPsec routes to be added to the DP processor routing table. |
514807 |
IPsec no longer creates routs with proto=17. |
527035 |
Resolved an issue that prevented ADVPN shortcut tunnels from being established. |
528800 |
IPsec routes are no longer duplicated in the DP processor routing database. |
578845 |
Resolved an issue that caused some dial-up IPsec tunnels to be processed on FPCs or FPMs that are not the primary FPC or FPM when IPsec load balancing is disabled. |
586808 |
From the CLI, mgmt-vdom VDOM is no longer included in the count of the number of VDOMs. |
590047 |
PPPoE connection status is no longer reported incorrectly on the management board or primary FIM GUI. |
600595 |
Resolved an issue that prevented IPsec routes in the FIB from updating on all FPCs or FPMs after an interface change. |
605770 |
Resolved an issue that prevented stale IPsec routes from being removed automatically. |
607206 612622 |
Because the FortiGate-6000 and 7000 do not support usage-based ECMP load balancing, the config system settings set v4-ecmp-mode { end |
613306 |
Resolved an issue that caused the Radvd process to use 99% CPU when handling a large number orf LDAP users. |
613617 |
The |
642920 | All supported transceivers display correctly on network interface GUI pages. |
643032 |
Resolved an issue that prevented the secondary FortiGate-6000 or 7000 in an HA configuration from connecting to FortiSandbox. |
644278 |
Resolved an issue that prevented FQDN firewall addresses that include wildcard characters from being synchronized to all FPMs or FPCs. |
646660 |
To make sure that ICMP echo requests and reply packets always go to the same FPC or FPM, the FortiGate-6000 and 7000 now always send DP ICMP packets to the DP processor, regardless of the |
647259 |
Resolved an issue that caused the Load Balance Monitor GUI page to stop responding. |
648248 |
Local-out communication over an IPsec tunnel now works as expected. |
650894 |
Resolved an issue that caused FortiManager to incorrectly report an IPsec tunnel being down even though the tunnel is up and passing traffic. |
652777 |
Resolved an HA issue that caused some sessions on the primary FortiGate-6000 or 7000 to incorrectly have both "synced" & "nosyn_ses" states. |
658405 |
The IPv4 Policy page now displays correct hit count numbers for each firewall policy. |
662552 |
Resolved an issue with IPsec tunnels in an IPsec aggregate not installing routes. |
663706 |
Resolved an issue that caused data heartbeat timeouts and delays resulting in interface flapping during a FortiGuard update. |
671046 |
The Security Fabric and Configuration Sync Monitor pop ups that display the status of the FortiGate-6000 management board and FPCs and the FortiGate-7000 FIMs and FPMs now display the correct management port if the system HTTPS management port has been changed. |
671530 |
Resolved an issue that prevented data interface mac address change from being synchronized to all FPCs or FPMs. |
672641 |
Resolved an issue that caused EMAC -VLAN interfaces to block some traffic types. |
677816 |
Added support for the Security Fabric when operating an HA cluster in transparent mode. Because transparent mode was not supported, FPCs and FPMs on the secondary FortiGate-6000 or 7000 in an HA cluster were not able to synchronize. |
681877 |
Resolved an issue that caused API calls to incorrectly report an IPsec tunnel being down even though the tunnel is up and passing traffic. |
685592 |
Resolved an issue that limited firewall throughput over NPU VDOM inter-VDOM link interfaces. |
688736 |
Resolved an issue that prevented recording some traffic logs for DLP sessions. |
689085 |
Resolved an issue that caused IPsec negotiations to fail on phase 2 if the negotiation was in progress during a FortiGate-7000 primary FIM failover. |
689444 |
Resolved an issue that caused SNMP queries of FortiGate-6000 or 7000 systems to seem to randomly fail. |
690010 |
Optimized FPM-7630E performance by increasing the number of IPS engines allowed. |
690733 |
Resolved an issue that caused IPsec SA rekeying to send the new key to the wrong FPC or FPM. |
691702 693013 |
Resolved an issue that caused the |
692687 |
Resolved an issue that removed firewall users from the user database after a graceful HA firmware upgrade. |
693209 |
Resolved an issue that caused the |
693784 |
The |
695265 |
Resolved an issue that caused the |
695334 |
Resolved an issue that prevented FIM data interfaces in LAGs from negotiating with connected network equipment. |
696465 |
Configuring a FortiAnalyzer is no longer required if your FortiGate-6000 or 7000 is not the root FortiGate in a security fabric. |
696711 |
Resolved an issue that caused could prevent FPMs in chassis 2 from joining an FGCP cluster after resetting chassis 2 to factory defaults and then re-configuring it for HA and rejoining the cluster. |
696797 |
Resolved an issue that caused FortiGate-6000F interfaces port25 to port28 to appear to be have an maximum speed of 10G instead of the correct 100G. |
696985 |
Resolved an issue that caused FTP data session pinholes to remain active after their data connection is closed. |
697492 |
IPsec Dead Peer Detection (DPD) now works as expected on FortiGate-6000 and 7000 platforms. |
698635 |
Resolved an issue with the |
698979 |
The command |
699824 |
Resolved an issue that caused VRRP packets received by a FortiGate-7121F FPM data interface causing a layer 2 loop and leading to traffic loss. |
700426 |
Resolved an issue with UDP pinholes. |
700582 |
Resolved an issue that incorrectly caused the status of an IPsec interface to appear as down on the GUI even though the interface is actually up and passing traffic. |
0702483 |
To support IPsec VPN load balancing, DHCP SAs are now synchronized to all FPCs or FPMs. |
703185 |
Resolved an issue that prevented the FortiGate-6000 or 7000 from synchronizing the deletion of an API user, created with the |
0704642 |
Resolved an issue that caused FPMs to be removed from the SLBC cluster during a syn-ack flood attack. |
705495 |
Resolved an issue that resulted in the source NAT with IP pools assigning different public addresses to the same user if some of the user's sessions are handled by different FPCs or FPMs. |
706119 |
Resolved an issue that caused the confsyncd process to fail on individual FPCs or FPMs after a configuration change. |
709919 703578 |
Multiple fixes to improve support for BGP over IPsec tunnels. |