Fortinet black logo

Hyperscale Firewall Release Notes

Home FortiGate / FortiOS 7.0.6 Hyperscale Firewall Release Notes
7.0.6
7.2.4
7.2.3
7.2.2
7.2.1
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6

Resolved issues

Resolved issues

The following issues have been fixed in Hyperscale firewall for FortiOS 7.0.6 Build 0366. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 7.0.6 release notes also apply to Hyperscale firewall for FortiOS 7.0.6 Build 0366.

Bug ID

Description
735761 Corrected an error with how NP7 processors handle VLAN tags that could cause traffic interruptions in some network configurations.

754970

The HPE ip-frag-max option now works as expected when NP7 processors are configured to reassemble fragmented IP packets. You configure NP7 processors to reassemble fragmented IP packets by enabling the config system npu option ip-reassembly.

759344 791761 798326

NP7 CAPWAP offloading for WiFi traffic now supports VLAN-related features such as dynamic VLANs and VLAN stacking (also called QinQ or inner VLANs).

799081 803880 807441 807567 807866 808312 810292

Resolved various issues with how NP7 processors handle NAT64/46, GRE/VXLAN encapsulation, GRE(IPV4/IPV6) tunnel, and IPv4/IPv6 tunnel anti-replay checking.
800333

Resolved an issue that could prevent NP6Xlite processors from offloading DoS sessions when the config system npu option policy-offload-level is set to dos-offload.
803594 The information displayed by the diagnose firewall ippool list command is now accurate for FortiGate models with one or two NP7 processors. This command could display inaccurate information on FortiGates with one or two NP7s that have an IP pool configuration with more than 256 blocks per public IP.
803892 The iport and oport configuration of the dsw-queue-dts-profile option of the config system npu command is not lost when upgrading to FortiOS 7.0.6.

804032

Resolved an issue that prevented nTurbo from offloading UTM processing. The issue also caused the error message nturbo_init_dmamem fail to appear on the CLI.
807523

On NP7 platforms, the config system npu option nat46-force-ipv4-packet-forwarding was missing from the FortiOS 7.0.5 release but is now available for FortiOS 7.0.6.

The packet size increase that occurs when a NAT46 hyperscale firewall policy converts an IPv4 packet into an IPv6 packet can cause the packet to be dropped if the larger packet exceeds the outgoing interface MTU and the DF bit is set to 1 (do not fragment). You can use this command to cause NP7 processors to override the DF setting and fragment and forward the packet instead of dropping it. This is a global setting that affects all NAT64 traffic offloaded by NP7 processors.

807990

Resolved an issue that prevented NP7 processors from supporting IPsec on demand with dead peer detection (DPD).
808218 Resolved an issue that could prevent the FortiOS kernel from recognizing that the FortiGate is licensed for hyperscale firewall features.

808884

Resolved an issue that prevented device identification on FortiGate models with NP7 processors from including the IP address with the information about a device.
Previous
Next

Resolved issues

The following issues have been fixed in Hyperscale firewall for FortiOS 7.0.6 Build 0366. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 7.0.6 release notes also apply to Hyperscale firewall for FortiOS 7.0.6 Build 0366.

Bug ID

Description
735761 Corrected an error with how NP7 processors handle VLAN tags that could cause traffic interruptions in some network configurations.

754970

The HPE ip-frag-max option now works as expected when NP7 processors are configured to reassemble fragmented IP packets. You configure NP7 processors to reassemble fragmented IP packets by enabling the config system npu option ip-reassembly.

759344 791761 798326

NP7 CAPWAP offloading for WiFi traffic now supports VLAN-related features such as dynamic VLANs and VLAN stacking (also called QinQ or inner VLANs).

799081 803880 807441 807567 807866 808312 810292

Resolved various issues with how NP7 processors handle NAT64/46, GRE/VXLAN encapsulation, GRE(IPV4/IPV6) tunnel, and IPv4/IPv6 tunnel anti-replay checking.
800333

Resolved an issue that could prevent NP6Xlite processors from offloading DoS sessions when the config system npu option policy-offload-level is set to dos-offload.
803594 The information displayed by the diagnose firewall ippool list command is now accurate for FortiGate models with one or two NP7 processors. This command could display inaccurate information on FortiGates with one or two NP7s that have an IP pool configuration with more than 256 blocks per public IP.
803892 The iport and oport configuration of the dsw-queue-dts-profile option of the config system npu command is not lost when upgrading to FortiOS 7.0.6.

804032

Resolved an issue that prevented nTurbo from offloading UTM processing. The issue also caused the error message nturbo_init_dmamem fail to appear on the CLI.
807523

On NP7 platforms, the config system npu option nat46-force-ipv4-packet-forwarding was missing from the FortiOS 7.0.5 release but is now available for FortiOS 7.0.6.

The packet size increase that occurs when a NAT46 hyperscale firewall policy converts an IPv4 packet into an IPv6 packet can cause the packet to be dropped if the larger packet exceeds the outgoing interface MTU and the DF bit is set to 1 (do not fragment). You can use this command to cause NP7 processors to override the DF setting and fragment and forward the packet instead of dropping it. This is a global setting that affects all NAT64 traffic offloaded by NP7 processors.

807990

Resolved an issue that prevented NP7 processors from supporting IPsec on demand with dead peer detection (DPD).
808218 Resolved an issue that could prevent the FortiOS kernel from recognizing that the FortiGate is licensed for hyperscale firewall features.

808884

Resolved an issue that prevented device identification on FortiGate models with NP7 processors from including the IP address with the information about a device.
Previous
Next