Resolved issues
The following issues have been fixed in Hyperscale firewall for FortiOS 6.4.6 Build 5868. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 6.4.6 release notes also apply to Hyperscale firewall for FortiOS 6.4.6 Build 5868.
|
Bug ID |
Description |
|---|---|
| 662514 |
Improved handling of NAT46 traffic to prevent problems caused by the frame size increase resulting from converting an IPv4 packet to an IPv6 packet. |
|
664828 |
Resolved an NP7 driver issue that prevented L2TP VPN from working. |
|
689384 |
Resolved an issue that prevented offloading VXLAN over IPsec traffic. |
|
706196 709892 |
Resolved syntax check issues that prevented adding valid policy routes that do not have a gateway configured and allowed adding invalid policy routes with no outgoing interface configured. |
| 714800 725190 727179 |
Resolved an issue that caused NPD process timeouts on the secondary FortiGate in an FGCP cluster after editing a hyperscale firewall policy and changing the CGN IP pool used in the policy. |
|
716379 |
The GUI now accurately shows that the FortiGate-4200F, 4201F, 4400F, and 4401F ha1, ha2, aux1, and aux2 interfaces are in the same port or interface group. |
|
717304 |
Resolved an issue that caused the time displayed by the real time clock to be inaccurate. Fortinet recommends enabling NTP to make sure FortiGate system time is accurate. |
| 720595 | Hyperscale firewall hardware logging now supports more than ten hardware logging servers. |
| 721246 | Resolved an issue that prevented adding custom service groups to hyperscale firewall policies. |
|
721442 |
Resolved an issue that prevented the |
| 722375 | Resolved an NP7 issue with GTP enhanced mode that could block GTP-U traffic. |
|
723947 |
The |
| 724638 721328 | Fixes to DSE hit logic. |
| 725975 722687 | Hyperscale firewall policy usage statistics now display on the GUI when editing a policy. |
|
726262 |
The GUI will no longer display an error message when you edit the first port number in a port number range in a CGN resource allocation IP pool. |
|
718356 |
BGP prefixes are now successfully cleared from the NP7 routing table after they have been removed from the kernel because the peer they point to has gone down. |
|
711135 717564 716766 722922 726265 |
Resolved synchronization issues that caused various HA-related performance reductions or unexpected behavior. |
|
718257 |
Resolved an issue that prevented NP7 processors from synchronizing the OSPF FIB when the route update rate is high. |
|
716304 |
Improved power monitoring to reduce reporting false positives. For example, the FortiGate will now check multiple times if an error is received, and only report an error if the error condition persists. |
|
716094 |
Resolved an issue that could disrupt traffic when enabling per-IP traffic shaping and |
|
709046 |
Resolved an issue that could cause inaccurate statistics reporting when the system is processing a large number of sessions. |
|
715532 |
Resolved an index limit issue that prevented being able to manage a FortiSwitch if the FortiGate is licensed for 500 VDOMs and you have created a large number of VDOMs (for example, over 300). |
|
716424 |
Resolved an issue that caused the NPD process to crash if a FortiGate is under relatively high traffic load and the configuration includes the maximum number of hyperscale firewall policies, as defined in the maximum values, in multiple VDOMs. |
|
718886 |
When the SIP session helper is enabled, SIP traffic is offloaded to NP7 processors. |
|
717011 |
Resolved an issue that could cause SIP ALG traffic to produce PBA leaks and deadlocks. |
|
720592 |
Resolved an issue that caused hardware sessions to expire on the secondary FortiGate in an FGCP HA cluster. |
|
714915 |
Changing the configuration of a hardware log server group assigned to a hyperscale firewall policy that is processing traffic no longer causes sessions accepted by the firewall policy to be dropped. |
|
720616 |
Resolved an issue that caused the system to create unexpected UDP sessions after changing the hardware host logging configuration. |
|
721231 |
Resolved an issue that caused IPsec VPN sessions between VDOMs to timeout while they are processing traffic. |
|
720203 |
Resolved an issue that caused session helper sessions to be offloaded to NP7 processors after changing the IP pool in a hyperscale firewall policy. |
|
723551 |
Resolved an issue that could prevent TFTP ALG sessions from being offloaded to NP7 processors. |
|
718713 |
Configuring an interface to drop fragmented packets ( |
|
718046 |
Resolved an issue that blocked traffic going through a virtual network interface. |
|
687990 |
Hyperscale firewall systems can now generate system event log messages to report on network processor daemon (NPD) and PLE errors that would otherwise just have been written to the console. Example log message: |
|
719794 |
Resolved an issue that could prevent the IP Pool option from appearing in a hyperscale firewall policy. |
|
725978 |
Sync session count information has been added to the output of the |
|
725343 |
Messages similar to |
|
708028 |
Resolved an issue that caused the generation of |
|
726531 |
The log rate is no longer displayed as a negative value after changing hardware logging to host logging mode. |
|
725581 |
Resolved an issue that sometimes causes ICMP logs to be generated for traffic accepted by a hyperscale firewall policy with logging disabled. |
|
725094 |
SNMP queries of IPv6 hyperscale firewall policies work as expected. |
|
726542 |
Resolved an issue that was keeping software sessions in the session table after traffic has stopped. |
|
725584 |
Resolved an issue that caused excessive memory use when adding and deleting BGP routes. |
|
728822 |
Resolved a memory leak related to hardware logging. |
|
729142 |
Resolved a PBA memory leak. |