A watchdog process has been added that monitors DP channels and sends an event log message when any DP channel is hung.

FQDNs are now resolved by the primary FPC or FPM and the resolved FQDN is then synchronized to all FPCs or FPMs. Before this change, all FPCs or FPMs resolved FQDNs separately, sometimes with different results that resulted in traffic being delayed or blocked.

Resolved several issues that affected the output of the diagnose sys npu-session stat command.

Resolved an issue on the FortiGate 7000F platform that prevented load balancing fragmented IPv6 ICMP traffic correctly when the dp-icmp-distribution-method option of the config load-balance setting command was set to dst-ip. This problem could also occur for other dp-icmp-distribution-method configurations.

Resolved an issue that caused the Dataplane Rx fields of the diagnose hardware deviceinfo nic command to display 0.

Resolved an issue that prevented HA events from being displayed on the mgmt-vdom GUI.

Sensor information can now be displayed using the execute sensor list or execute sensor detail commands.

Resolved an issue that could cause the protocol number of the ALL service to be changed when adding a new service that includes a protocol number from the GUI.

Resolved an issue that caused the error message unregister_vf: waiting for 293TrafTP to become free to appear in the console output of the FIM in slot 2 of a FortiGate 7000F.

Resolved a memory leak on FIMs caused by processing IPv6 fragmented packets.

Resolved an issue with handling fragmented UDP traffic.

Resolved an issue that could cause VRRP running on a FortiGate 6000F to change state from backup to primary after a reboot even when there is another primary VRRP router on the network.

This was happening because the FortiGate 6000F would broadcast VRRP packets to all FPCs, and the management board and each FPC would handle VRRP individually. When a FortiGate 6000F would restart, the management board could be up and running before the FPCs have completely started up. While the FPCs are still starting, because the management board isn't receiving traffic from the actual VRRP primary because the FPCs are still starting up, the management board could attempt to become the VRRP primary. This could cause a traffic processing delay after FPCs have started up because of having to wait for the actual VRRP primary to send packets to the FortiGate 6000F to reset it to backup status.

To resolve this issue, the FortiGate 6000F now handles VRRP in the same way as the FortiGate 7000F. The FortiGate 6000F default VRRP flow rule sends all VRRP packets received from the network to the primary FPC. The primary FPC then handles all VRRP communications with the network and keeps the other FPCs synchronized by sending VRRP packets that it receives to the other FPCs.

Resolved an issue that caused a FortiGate 6000 or 7000 FGCP cluster to fail over after enabling the monitor-bandwidth option for an HA-monitored interface. The failover would occur if the monitor-bandwidth option was enabled manually or by setting up an interface bandwidth dashboard widget for an HA-monitored interface.

SNAT port ranges allocated to a fixed-port-range IP pool no longer overlap between FPCs or FPMs.

Resolved an issue that could cause dial-up IPsec tunnels to randomly drop when the netdevice option is set to disable in the phase1-interface configuration.

The information displayed by the diagnosefirewall ippool-fixed-range list natip command is now accurate.