Known issues

Known issues

The following known issues have been identified with FortiOS 7.4.1. For inquiries about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

Bug ID	Description
298348, 298994	Enabling the `hw-switch-ether-filter` command on the FG-92D model (the default setting) causes FortiSwitch devices to not be discovered.
520954	When a “FortiLink mode over a layer-3 network” topology has been configured, the FortiGate GUI does not always display the complete network.
527695	Starting in FortiOS 6.4.0, VLAN optimization is enabled by default (`set vlan-optimization enable` under `config switch-controller global`). On a network running FortiSwitchOS earlier than 6.0.0, this change results in a synchronization error, but the network still functions normally. If you have FortiSwitchOS 6.0.x, you can upgrade to remove the synchronization error or disable VLAN optimization. On a network with `set allowed-vlans-all enable` configured (under `config switch-controller vlan-policy`), the setting reverts to the default, which is disabled, when upgrading to FortiOS 6.4.0. If you want to maintain the allowed-vlans-all behavior, you can restore it after the upgrade.
586801	NetBIOS stops working when proxy ARP is configured and the access VLAN is enabled because FortiGate units do not support NetBIOS proxy.
621785	`user.nac-policy[].switch-scope` might contain a data reference to `switch-controller.managed-switch`. When this reference is set by an admin, the admin needs to remove this reference before deleting the `managed-switch`.
789914	When LAN segments are enabled on the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE models, the internal VLAN (`set lan-internal-vlan`) is assigned automatically by default. If the same VLAN is configured on the FortiGate device, the configuration fails when it is pushed to the FortiSwitch unit without any warning message. WORKAROUND: Use a custom command. All sub-VLANs must belong to the same MSTP instance if the FortiLink configuration includes the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE models.
813216	After CAPWAP offload is enabled or disabled, FortiLink goes down.
814674	When upgrading a FortiAP or FortiSwitch unit that is connected to a downstream FortiGate device, a “Failed to retrieve upgrade progress” message appears.
891642	The FortiGate 6000 and 7000 platforms do not support managing FortiSwitch devices over FortiLink.
910962	After setting values for `src-mac`, `dst-mac`, and `vlan` for the ACL classifier, you cannot use the `unset` command to remove these settings. WORKAROUND: Remove `set acl-group <ACL_group_name>` from under the `config switch-controller managed-switch` command. Delete the ACL group. Delete the ACL. Reconfigure the ACL.
940248	When both network device detection (`config switch network-monitor settings`) and the switch controller routing offload are enabled, the FS-1048E switch generates duplicate packets.
961188, 963375, 972931	There are three related issues: After you upgrade an FS-1xx switch to FortiSwitchOS 7.4.1, the FortiLink lines in the FortiGate GUI are not displayed. This is only a display issue and does not affect the operation. This issue is resolved in FortiSwitchOS 7.4.2. If you upgrade an FS-1xx switch to FortiSwitchOS 7.4.1 and then delete the FortiSwitch configurations on the FortiGate device, the FortiGate device will not discover the switch. Workaround: Use the FortiGate CLI (`config switch-controller managed-switch`) or GUI (under WiFi & Switch Controller > Managed FortiSwitches) to create a FortiSwitch based on the serial number of the switch. The switch’s FortiLink will come up. This issue is resolved in FortiSwitchOS 7.4.2. If you preload FortiSwitchOS 7.4.1 on an FS-1xx switch and then plug it into a FortiLink setup, the FortiGate device will not discover the switch. Workaround: Use the FortiGate CLI (`config switch-controller managed-switch`) or GUI (under WiFi & Switch Controller > Managed FortiSwitches) to create a FortiSwitch based on the serial number of the switch. The switch’s FortiLink will come up. This issue is resolved in FortiSwitchOS 7.4.2.
978169	When the FS-1048E is an MCLAG ICL peer, it does not join FortiLink. Workarounds: Manually create a trunk (with MCLAG enabled) on a non-FS-1048 switch. Plug in a FortiSwitch unit to a non-FS-1048 switch to form a trunk (with MCLAG enabled). Connect a non-FS-1048 switch to the active FortiGate device to form a FortiLink trunk (with MCLAG enabled). Upgrade the FortiSwitchOS version to 7.4.2 GA.

Known issues

The following known issues have been identified with FortiOS 7.4.1. For inquiries about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

Bug ID

Description

298348, 298994

Enabling the hw-switch-ether-filter command on the FG-92D model (the default setting) causes FortiSwitch devices to not be discovered.

520954

When a “FortiLink mode over a layer-3 network” topology has been configured, the FortiGate GUI does not always display the complete network.

527695

Starting in FortiOS 6.4.0, VLAN optimization is enabled by default (set vlan-optimization enable under config switch-controller global). On a network running FortiSwitchOS earlier than 6.0.0, this change results in a synchronization error, but the network still functions normally. If you have FortiSwitchOS 6.0.x, you can upgrade to remove the synchronization error or disable VLAN optimization.

On a network with set allowed-vlans-all enable configured (under config switch-controller vlan-policy), the setting reverts to the default, which is disabled, when upgrading to FortiOS 6.4.0. If you want to maintain the allowed-vlans-all behavior, you can restore it after the upgrade.

586801

NetBIOS stops working when proxy ARP is configured and the access VLAN is enabled because FortiGate units do not support NetBIOS proxy.

621785

user.nac-policy[].switch-scope might contain a data reference to switch-controller.managed-switch. When this reference is set by an admin, the admin needs to remove this reference before deleting the managed-switch.

789914

When LAN segments are enabled on the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE models, the internal VLAN (set lan-internal-vlan) is assigned automatically by default. If the same VLAN is configured on the FortiGate device, the configuration fails when it is pushed to the FortiSwitch unit without any warning message. WORKAROUND: Use a custom command.
All sub-VLANs must belong to the same MSTP instance if the FortiLink configuration includes the FS-108E, FS-108E-POE, FS-108E-FPOE, FS-108F, FS-108F-POE, FS-108F-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, FS-148E-POE, FS-148F, FS-148F-POE, FS-148F-FPOE, FS-124F, FS-124F-POE, and FS-124F-FPOE models.

813216

After CAPWAP offload is enabled or disabled, FortiLink goes down.

814674

When upgrading a FortiAP or FortiSwitch unit that is connected to a downstream FortiGate device, a “Failed to retrieve upgrade progress” message appears.

891642

The FortiGate 6000 and 7000 platforms do not support managing FortiSwitch devices over FortiLink.

910962

After setting values for src-mac, dst-mac, and vlan for the ACL classifier, you cannot use the unset command to remove these settings.

WORKAROUND:

Remove set acl-group <ACL_group_name> from under the config switch-controller managed-switch command.
Delete the ACL group.
Delete the ACL.
Reconfigure the ACL.

940248

When both network device detection (config switch network-monitor settings) and the switch controller routing offload are enabled, the FS-1048E switch generates duplicate packets.

961188, 963375, 972931

There are three related issues:

After you upgrade an FS-1xx switch to FortiSwitchOS 7.4.1, the FortiLink lines in the FortiGate GUI are not displayed. This is only a display issue and does not affect the operation.

This issue is resolved in FortiSwitchOS 7.4.2.
If you upgrade an FS-1xx switch to FortiSwitchOS 7.4.1 and then delete the FortiSwitch configurations on the FortiGate device, the FortiGate device will not discover the switch.

Workaround: Use the FortiGate CLI (config switch-controller managed-switch) or GUI (under WiFi & Switch Controller > Managed FortiSwitches) to create a FortiSwitch based on the serial number of the switch. The switch’s FortiLink will come up.

This issue is resolved in FortiSwitchOS 7.4.2.
If you preload FortiSwitchOS 7.4.1 on an FS-1xx switch and then plug it into a FortiLink setup, the FortiGate device will not discover the switch.

Workaround: Use the FortiGate CLI (config switch-controller managed-switch) or GUI (under WiFi & Switch Controller > Managed FortiSwitches) to create a FortiSwitch based on the serial number of the switch. The switch’s FortiLink will come up.

This issue is resolved in FortiSwitchOS 7.4.2.

978169

When the FS-1048E is an MCLAG ICL peer, it does not join FortiLink.

Workarounds:

Manually create a trunk (with MCLAG enabled) on a non-FS-1048 switch.
Plug in a FortiSwitch unit to a non-FS-1048 switch to form a trunk (with MCLAG enabled).
Connect a non-FS-1048 switch to the active FortiGate device to form a FortiLink trunk (with MCLAG enabled).
Upgrade the FortiSwitchOS version to 7.4.2 GA.

FortiLink Release Notes

Known issues

Known issues