Fortinet black logo

Hyperscale Firewall Release Notes

Home FortiGate / FortiOS 7.0.8 Hyperscale Firewall Release Notes
7.0.8
7.2.4
7.2.3
7.2.2
7.2.1
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6

Known issues

Known issues

The following issues have been identified in Hyperscale firewall for FortiOS 7.0.8 Build 0418. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 7.0.8 release notes also apply to Hyperscale firewall for FortiOS 7.0.8 Build 0418.

Bug ID

Description

724085

Traffic passing through an EMAC-VLAN interface when the parent interface is in another VDOM is blocked if NP7 offloading is enabled. If you set the auto-asic-offload option to disable in the firewall policy, traffic flows as expected.
807476 After packets go through host interface TX/RX queues, some packet buffers can still hold references to a VDOM when the host queues are idle. This causes a VDOM delete error with unregister_vf. If more packets go through the same host queues for other VDOMs, the issue should resolve by itself because those buffers holding the VDOM reference can be pushed and get freed and recycled.

810065

When upgrading for FortiOS 6.2 or 6.4 to 7.0.6, hyperscale firewall policy IDs may be changed when they are converted to normal firewall policies.
811109

The HA1, HA2, AUX1, and AUX2 interfaces of the FortiGate-4200F, 4201F, 4400F, and 4401F cannot be added to a LAG.

836976

Traffic impact on changing from log to hardware to log to host during runtime (with PPA enabled).

838654

Hit count not ticking for implicit deny policy for hardware session in case of NAT46 and NAT64 traffic.

839958

The service-negate firewall policy option does not work as expected in a hyperscale deny policy.

842008

After HA failover, session count cannot synchronize on secondary FortiGate.

842659

The srcaddr-negate and dstaddr-negate options do not work as expected for IPv6 FTS traffic.

843132

Access control list (ACL) policies added while a FortiGate is processing traffic may take longer than expected to become effective. During a transition period, traffic that should be blocked by the ACL policy will be allowed.

843197

The output of the diagnose sys npu-session list/list-full command does not include policy route information.

843266

A diagnose command should be available to show hit_count/last_used information for policy routes and NPU sessions in a hyperscale firewall VDOM.

843305

A message similar to PARSE SKIP ERROR=17 NPD ERR PBR ADDRESS can appear on the console error log when a FortiGate with NP7 processors starts up.

844421

Due to a hardware limitation, when overload mode IP pools are used, the per IP pool session stats are not accurate.

846520

After an FGCP HA failover, the NPD/LPMD processes may be stopped by an out of memory killer process after running mixed sessions even when the amount of memory use is not excessive.
Previous
Next

Known issues

The following issues have been identified in Hyperscale firewall for FortiOS 7.0.8 Build 0418. For inquires about a particular bug, please contact Customer Service & Support. The Known issues described in the FortiOS 7.0.8 release notes also apply to Hyperscale firewall for FortiOS 7.0.8 Build 0418.

Bug ID

Description

724085

Traffic passing through an EMAC-VLAN interface when the parent interface is in another VDOM is blocked if NP7 offloading is enabled. If you set the auto-asic-offload option to disable in the firewall policy, traffic flows as expected.
807476 After packets go through host interface TX/RX queues, some packet buffers can still hold references to a VDOM when the host queues are idle. This causes a VDOM delete error with unregister_vf. If more packets go through the same host queues for other VDOMs, the issue should resolve by itself because those buffers holding the VDOM reference can be pushed and get freed and recycled.

810065

When upgrading for FortiOS 6.2 or 6.4 to 7.0.6, hyperscale firewall policy IDs may be changed when they are converted to normal firewall policies.
811109

The HA1, HA2, AUX1, and AUX2 interfaces of the FortiGate-4200F, 4201F, 4400F, and 4401F cannot be added to a LAG.

836976

Traffic impact on changing from log to hardware to log to host during runtime (with PPA enabled).

838654

Hit count not ticking for implicit deny policy for hardware session in case of NAT46 and NAT64 traffic.

839958

The service-negate firewall policy option does not work as expected in a hyperscale deny policy.

842008

After HA failover, session count cannot synchronize on secondary FortiGate.

842659

The srcaddr-negate and dstaddr-negate options do not work as expected for IPv6 FTS traffic.

843132

Access control list (ACL) policies added while a FortiGate is processing traffic may take longer than expected to become effective. During a transition period, traffic that should be blocked by the ACL policy will be allowed.

843197

The output of the diagnose sys npu-session list/list-full command does not include policy route information.

843266

A diagnose command should be available to show hit_count/last_used information for policy routes and NPU sessions in a hyperscale firewall VDOM.

843305

A message similar to PARSE SKIP ERROR=17 NPD ERR PBR ADDRESS can appear on the console error log when a FortiGate with NP7 processors starts up.

844421

Due to a hardware limitation, when overload mode IP pools are used, the per IP pool session stats are not accurate.

846520

After an FGCP HA failover, the NPD/LPMD processes may be stopped by an out of memory killer process after running mixed sessions even when the amount of memory use is not excessive.
Previous
Next