Fortinet black logo

Hyperscale Firewall Release Notes

Home FortiGate / FortiOS 7.0.8 Hyperscale Firewall Release Notes
7.0.8
7.2.4
7.2.3
7.2.2
7.2.1
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6

Resolved issues

Resolved issues

The following issues have been fixed in Hyperscale firewall for FortiOS 7.0.8 Build 0418. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 7.0.8 release notes also apply to Hyperscale firewall for FortiOS 7.0.8 Build 0418.

Bug ID

Description
762135 The log rate information for CPU (or software) sessions displayed on the GUI and CLI of FortiGates licensed for Hyperscale firewall is now accurate.
773583 Resolved an issue that prevented the diagnose sys npu-session purge from purging hardware sessions.

780315

Resolved an issue that reduces connections per second (CPS) performance for VLAN traffic.
782674

On the secondary FortiGate in an FGCP cluster, the diagnose sys npu-sessions st verbose command output no longer shows hung tasks when an FGCP cluster is processing a large number of sessions.
788702 Resolved multiple issues that prevented some software sessions from being synchronized to the secondary FortiGate in an FGCP cluster of two FortiGates with NP7 processors.
804546 When editing a hyperscale firewall policy, the Clear Counters option now clears all statistics, including counters for offloaded NP7 sessions.
804742 810366 Resolved a memory-related issue that caused it to take longer than expected for hyperscale firewall policy changes to be applied to traffic. The delay affected offloaded NP7 traffic and CPU traffic
805179 Resolved an issue that blocked traffic that could be offloaded to NP7 processors when that traffic passes through a VXLAN interface that is part of a software switch.
805846 In the FortiOS MIB files, the fgFwIppStatsInusePBAs field now returns the correct information.
809030 Resolved an issue that could sometimes cause traffic accepted by hyperscale firewall policies with port block allocation (PBA) IP pools to be dropped. The problem could occur after changing the hyperscale firewall policy configuration.
809623 Resolved an issue that caused CAPWAP traffic to be dropped when CAPWAP offloading is enabled for FortiGates with NP7 processors.
810025 Using EIF to support hairpinning now works as expected for NAT64 sessions.
810379

Resolved an issue that caused the npd process to crash when creating an access control list (ALC) policy on a FortiGate with NP7 processors.

812833

The config log npu-server command is no longer available after removing the hyperscale firewall license from a FortiGate with NP7 processors.
812844 Multiple default routes are now handled as expected by Hyperscale firewall VDOMs.

813314

Resolved an issue with how the GUI and CLI displays information about single port allocation CGN IP pools.
815253 Resolved an issue that could sometimes randomly block traffic in NP7-offloaded IPsec VPN tunnels. The problem would happen more often as the number of IPsec VPN tunnels increased.

815360

Resolved an issue that could cause FortiGates with NP7 processors to encounter a kernel panic when deleting more than two hardware switches at the same time.

816385

Resolved an issue that could cause FortiGates with NP7 processors to display a message similar to rcu_sched self-detected stall on CPU on console and freeze. This would occur after enabling NP7 capwap-offload or sending inner VLAN traffic and restarting FortiOS or upgrading the firmware.

818811

Resolved an issue that could cause Nturbo to crash when offloading SSL mirror traffic.

818823

Resolved an issue that could cause TCP traffic to be blocked after an FGCP HA failover because routing was not updated on the new primary FortiGate after the failover.

821553

Resolved an issue that prevented traffic from being offloaded to NP7 processors when passing through a VXLAN nterface after being accepted by a firewall policy with UTM features enabled.

825622

Resolved an issue that caused the npd process to crash when an administrator attempted to change an IP Pool type in a was that is not supported.

826719

Resolved an issue that caused incorrect hardware sesion counts to be displayed on the GUI or CLI after deleting multicast sessions.

828789

The promiscuous mode configuration of a LAG is not changed when the LAG becomes the hardware sessions synchronization interface.

835697 836443 831672

Interface routes are now successfully deleted from the NP7 LPM routing table after moving an interface to a different VDOM. This change also resolves an issue with DHCP servers on interfaces in hyperscale firewall VDOMs

836474

Changing the zone configuration of a hyperscale firewall VDOM is now supported by the hyperscale firewall policy engine.

836687 837682

Improved the accuracy of statistics collected from hardware logging.

837270 857311

Allowing intra-zone traffic is now supported in hyperscale firewall VDOMs. Options to block or allow intra-zone traffic are available on the GUI and CLI.
Previous
Next

Resolved issues

The following issues have been fixed in Hyperscale firewall for FortiOS 7.0.8 Build 0418. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 7.0.8 release notes also apply to Hyperscale firewall for FortiOS 7.0.8 Build 0418.

Bug ID

Description
762135 The log rate information for CPU (or software) sessions displayed on the GUI and CLI of FortiGates licensed for Hyperscale firewall is now accurate.
773583 Resolved an issue that prevented the diagnose sys npu-session purge from purging hardware sessions.

780315

Resolved an issue that reduces connections per second (CPS) performance for VLAN traffic.
782674

On the secondary FortiGate in an FGCP cluster, the diagnose sys npu-sessions st verbose command output no longer shows hung tasks when an FGCP cluster is processing a large number of sessions.
788702 Resolved multiple issues that prevented some software sessions from being synchronized to the secondary FortiGate in an FGCP cluster of two FortiGates with NP7 processors.
804546 When editing a hyperscale firewall policy, the Clear Counters option now clears all statistics, including counters for offloaded NP7 sessions.
804742 810366 Resolved a memory-related issue that caused it to take longer than expected for hyperscale firewall policy changes to be applied to traffic. The delay affected offloaded NP7 traffic and CPU traffic
805179 Resolved an issue that blocked traffic that could be offloaded to NP7 processors when that traffic passes through a VXLAN interface that is part of a software switch.
805846 In the FortiOS MIB files, the fgFwIppStatsInusePBAs field now returns the correct information.
809030 Resolved an issue that could sometimes cause traffic accepted by hyperscale firewall policies with port block allocation (PBA) IP pools to be dropped. The problem could occur after changing the hyperscale firewall policy configuration.
809623 Resolved an issue that caused CAPWAP traffic to be dropped when CAPWAP offloading is enabled for FortiGates with NP7 processors.
810025 Using EIF to support hairpinning now works as expected for NAT64 sessions.
810379

Resolved an issue that caused the npd process to crash when creating an access control list (ALC) policy on a FortiGate with NP7 processors.

812833

The config log npu-server command is no longer available after removing the hyperscale firewall license from a FortiGate with NP7 processors.
812844 Multiple default routes are now handled as expected by Hyperscale firewall VDOMs.

813314

Resolved an issue with how the GUI and CLI displays information about single port allocation CGN IP pools.
815253 Resolved an issue that could sometimes randomly block traffic in NP7-offloaded IPsec VPN tunnels. The problem would happen more often as the number of IPsec VPN tunnels increased.

815360

Resolved an issue that could cause FortiGates with NP7 processors to encounter a kernel panic when deleting more than two hardware switches at the same time.

816385

Resolved an issue that could cause FortiGates with NP7 processors to display a message similar to rcu_sched self-detected stall on CPU on console and freeze. This would occur after enabling NP7 capwap-offload or sending inner VLAN traffic and restarting FortiOS or upgrading the firmware.

818811

Resolved an issue that could cause Nturbo to crash when offloading SSL mirror traffic.

818823

Resolved an issue that could cause TCP traffic to be blocked after an FGCP HA failover because routing was not updated on the new primary FortiGate after the failover.

821553

Resolved an issue that prevented traffic from being offloaded to NP7 processors when passing through a VXLAN nterface after being accepted by a firewall policy with UTM features enabled.

825622

Resolved an issue that caused the npd process to crash when an administrator attempted to change an IP Pool type in a was that is not supported.

826719

Resolved an issue that caused incorrect hardware sesion counts to be displayed on the GUI or CLI after deleting multicast sessions.

828789

The promiscuous mode configuration of a LAG is not changed when the LAG becomes the hardware sessions synchronization interface.

835697 836443 831672

Interface routes are now successfully deleted from the NP7 LPM routing table after moving an interface to a different VDOM. This change also resolves an issue with DHCP servers on interfaces in hyperscale firewall VDOMs

836474

Changing the zone configuration of a hyperscale firewall VDOM is now supported by the hyperscale firewall policy engine.

836687 837682

Improved the accuracy of statistics collected from hardware logging.

837270 857311

Allowing intra-zone traffic is now supported in hyperscale firewall VDOMs. Options to block or allow intra-zone traffic are available on the GUI and CLI.
Previous
Next