Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.3
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiADC 8.0.3 Release Notes
    8.0.3
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.4.4
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.1.7
    5.1.6
    5.1.5
    5.1.4
    5.1.3
    5.1.2
    5.1.1
    5.1.0
    5.0.4
    5.0.3
    5.0.2
    5.0.1
    5.0.0
    4.8.8
    4.8.7
    4.8.6
    4.8.5
    4.8.4
    4.8.3
    4.8.2
    4.8.1
    4.8.0
    4.7.4
    4.7.3
    4.7.2
    4.7.1

    Resolved issues

    Resolved issues

    The following issues have been resolved in FortiADC 8.0.3 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

    Bug ID

    Description
    1265994 HTTP health checks using HTTP CONNECT (with Local CONNECT or Remote CONNECT) intermittently stopped functioning and caused elevated CPU utilization. This resulted from a data size mismatch between expected and received health check responses, which caused the health check process to hang and required a manual process restart to restore monitoring and traffic flow.
    1264125 Layer 7 TCP virtual servers using the PERSIS_HASH_SRC_ADDR persistence method experienced a rapid memory leak, leading to service instability and high memory utilization. This resulted from a failure to release memory during frequent virtual server configuration updates, which were triggered by unstable health check statuses.
    1263251 Attempts to create an aggregate interface failed with "System API error" or "Enslave failed" messages. This occurred because an interface previously involved in a failed VLAN assignment remained internally locked by the system, preventing it from being added as a slave to the new aggregate master.
    1262109 Custom health check scripts failed to execute following a configuration restore or migration to a new platform. This was caused by a synchronization error between the primary configuration directory and the temporary execution environment (/tmp_hc_root), resulting in "No such file or directory" errors even when the scripts were present in the main file system.
    1261741 In GLB FortiView, the host status appeared as "unknown" when the combined character length of the policy, hostname, and domain name exceeded 63. This resulted from an internal hash key truncation bug that incorrectly limited the lookup string to 64 characters instead of 512, though DNS query functionality remained unaffected.
    1253275 FortiADC unexpectedly reset HTTP/HTTPS connections immediately after the client TCP SYN. This was caused by an internal load balancer process crash that occurred when inbound or outbound traffic limit values were set above 17,100,000. While the configuration was accepted by the CLI, the high value triggered a memory fault during traffic processing.
    1249923 Enhanced the AAG by adding an App Start In parameter to Remote App bookmarks. This field allows administrators to define a specific working directory, ensuring successful connectivity for Microsoft RemoteApp services and other applications that require a defined "Start In" path to launch.
    1248712 FortiADC failed to validate licenses through the FortiFlex portal, resulting in an "authentication with registration servers" hang. This was caused by an intermittent SSL handshake failure during FortiGuard Distribution Service (FDS) communication, where a hostname mismatch occurred because the Server Name Indication (SNI) was not correctly aligned with the Anycast domain during certificate verification.
    1245170 The config-sync process intermittently reported "synconf fails" or "there was some errors in configuration" despite the settings successfully synchronizing between devices. This resulted from transient CLI execution failures during the merge process, where the system incorrectly flagged non-critical processing delays or configuration order mismatches as functional errors.
    1243690 Virtual servers using Lua scripts intermittently shared sensitive client data, such as certificate subject strings, across different user sessions. This occurred because variables declared at the global script scope are shared by all sessions handled by the same worker process. To ensure strict data isolation, session-specific data must be stored in a local scope or managed within a global table using unique session keys (such as client IP and port).
    1243266 In Layer 7 TCP virtual server configurations, FortiADC incorrectly sent TCP resets (RST) immediately following the client SYN. This occurred due to an accumulation of abnormal fnginx worker processes triggered by repeated daemon crashes, or when virtual server names differed only by letter case, which caused configuration update failures during initialization.
    1241536 FortiADC licenses were incorrectly detected as invalid after upgrading to v8.0.x on Hyper-V and Azure platforms. This resulted from a failure in the new system kernel to accurately identify the number of available vCPUs, causing a mismatch with the licensed resource limits. While trial licenses remained functional, full licenses appeared inactive until this resource-counting logic was corrected.
    1240795 Enhanced the AAG Web APP bookmarks to support internal hostnames (FQDNs). This allows administrators to configure backend server destinations using domain names instead of being restricted to static IP addresses, ensuring compatibility with environments where backend services are only reachable via FQDN.
    1238255 The SNMP OID for VDOM concurrent connections reported abnormal or excessively high values. This resulted from a synchronization mismatch where the internal VDOM connection counter was decreased multiple times upon session expiration, leading to an underflow and incorrect statistical output.
    1237045 When multiple browser windows are logged into FortiAI, a single chatbot session may use different FortiAI domains during interaction. This can cause the FortiAI server to return an invalid token and log the session out.

    1236224

    In FortiAI text mode, some IPv6 addresses cannot be filtered in the log view, although they work correctly in Filter Mode.

    1235827

    Input validation profiles failed to inspect parameters within decompressed traffic and caused system crashes. This resulted from an out-of-bounds memory write during the decompression process, which prevented security policy enforcement on subsequent application pages and led to CPU spikes and daemon instability.

    1235192

    When FortiAI returns content that includes Lua syntax or special characters, using the Copy icon may capture incorrect content. Selecting and copying the text manually avoids the issue.

    1232774

    After upgrading to v7.4.8 on the FortiADC 300D, SLB servers in the GLB module failed to retrieve virtual server status when health check options were enabled. This resulted from a communication breakdown between the SLB and GLB modules, which prevented metadata synchronization for Virtual Server Pools and the FortiView Logical Topology.

    1224441

    FortiADC 1200F units with specific SSD models incorrectly reported an excessively high Program_Fail_Count_Chip value. This was a false positive caused by a reporting tool decoding error and did not indicate an actual hardware failure.

    1222808

    FortiADC sent unexpected, encrypted UDP packets to FortiManager on port 53 every few minutes. This occurred because the URL filter daemon initiated periodic availability checks to FortiGuard Distribution Servers (FDS) even when the Web Filter service was unlicensed and inactive.

    1204472

    FortiADC units experienced unexpected reboots due to a kernel crash. This resulted from an out-of-bounds memory access error during multipath route lookups, where the system attempted to access a non-existent index in the forwarding information base (FIB) array.
    1133341 Enhanced FortiView to support manual termination of AAG user sessions. Administrators can now disconnect active AAG users directly from the User Session monitoring table to assist with access operations and session management.
    Previous
    Next

    Resolved issues

    Resolved issues

    The following issues have been resolved in FortiADC 8.0.3 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

    Bug ID

    Description
    1265994 HTTP health checks using HTTP CONNECT (with Local CONNECT or Remote CONNECT) intermittently stopped functioning and caused elevated CPU utilization. This resulted from a data size mismatch between expected and received health check responses, which caused the health check process to hang and required a manual process restart to restore monitoring and traffic flow.
    1264125 Layer 7 TCP virtual servers using the PERSIS_HASH_SRC_ADDR persistence method experienced a rapid memory leak, leading to service instability and high memory utilization. This resulted from a failure to release memory during frequent virtual server configuration updates, which were triggered by unstable health check statuses.
    1263251 Attempts to create an aggregate interface failed with "System API error" or "Enslave failed" messages. This occurred because an interface previously involved in a failed VLAN assignment remained internally locked by the system, preventing it from being added as a slave to the new aggregate master.
    1262109 Custom health check scripts failed to execute following a configuration restore or migration to a new platform. This was caused by a synchronization error between the primary configuration directory and the temporary execution environment (/tmp_hc_root), resulting in "No such file or directory" errors even when the scripts were present in the main file system.
    1261741 In GLB FortiView, the host status appeared as "unknown" when the combined character length of the policy, hostname, and domain name exceeded 63. This resulted from an internal hash key truncation bug that incorrectly limited the lookup string to 64 characters instead of 512, though DNS query functionality remained unaffected.
    1253275 FortiADC unexpectedly reset HTTP/HTTPS connections immediately after the client TCP SYN. This was caused by an internal load balancer process crash that occurred when inbound or outbound traffic limit values were set above 17,100,000. While the configuration was accepted by the CLI, the high value triggered a memory fault during traffic processing.
    1249923 Enhanced the AAG by adding an App Start In parameter to Remote App bookmarks. This field allows administrators to define a specific working directory, ensuring successful connectivity for Microsoft RemoteApp services and other applications that require a defined "Start In" path to launch.
    1248712 FortiADC failed to validate licenses through the FortiFlex portal, resulting in an "authentication with registration servers" hang. This was caused by an intermittent SSL handshake failure during FortiGuard Distribution Service (FDS) communication, where a hostname mismatch occurred because the Server Name Indication (SNI) was not correctly aligned with the Anycast domain during certificate verification.
    1245170 The config-sync process intermittently reported "synconf fails" or "there was some errors in configuration" despite the settings successfully synchronizing between devices. This resulted from transient CLI execution failures during the merge process, where the system incorrectly flagged non-critical processing delays or configuration order mismatches as functional errors.
    1243690 Virtual servers using Lua scripts intermittently shared sensitive client data, such as certificate subject strings, across different user sessions. This occurred because variables declared at the global script scope are shared by all sessions handled by the same worker process. To ensure strict data isolation, session-specific data must be stored in a local scope or managed within a global table using unique session keys (such as client IP and port).
    1243266 In Layer 7 TCP virtual server configurations, FortiADC incorrectly sent TCP resets (RST) immediately following the client SYN. This occurred due to an accumulation of abnormal fnginx worker processes triggered by repeated daemon crashes, or when virtual server names differed only by letter case, which caused configuration update failures during initialization.
    1241536 FortiADC licenses were incorrectly detected as invalid after upgrading to v8.0.x on Hyper-V and Azure platforms. This resulted from a failure in the new system kernel to accurately identify the number of available vCPUs, causing a mismatch with the licensed resource limits. While trial licenses remained functional, full licenses appeared inactive until this resource-counting logic was corrected.
    1240795 Enhanced the AAG Web APP bookmarks to support internal hostnames (FQDNs). This allows administrators to configure backend server destinations using domain names instead of being restricted to static IP addresses, ensuring compatibility with environments where backend services are only reachable via FQDN.
    1238255 The SNMP OID for VDOM concurrent connections reported abnormal or excessively high values. This resulted from a synchronization mismatch where the internal VDOM connection counter was decreased multiple times upon session expiration, leading to an underflow and incorrect statistical output.
    1237045 When multiple browser windows are logged into FortiAI, a single chatbot session may use different FortiAI domains during interaction. This can cause the FortiAI server to return an invalid token and log the session out.

    1236224

    In FortiAI text mode, some IPv6 addresses cannot be filtered in the log view, although they work correctly in Filter Mode.

    1235827

    Input validation profiles failed to inspect parameters within decompressed traffic and caused system crashes. This resulted from an out-of-bounds memory write during the decompression process, which prevented security policy enforcement on subsequent application pages and led to CPU spikes and daemon instability.

    1235192

    When FortiAI returns content that includes Lua syntax or special characters, using the Copy icon may capture incorrect content. Selecting and copying the text manually avoids the issue.

    1232774

    After upgrading to v7.4.8 on the FortiADC 300D, SLB servers in the GLB module failed to retrieve virtual server status when health check options were enabled. This resulted from a communication breakdown between the SLB and GLB modules, which prevented metadata synchronization for Virtual Server Pools and the FortiView Logical Topology.

    1224441

    FortiADC 1200F units with specific SSD models incorrectly reported an excessively high Program_Fail_Count_Chip value. This was a false positive caused by a reporting tool decoding error and did not indicate an actual hardware failure.

    1222808

    FortiADC sent unexpected, encrypted UDP packets to FortiManager on port 53 every few minutes. This occurred because the URL filter daemon initiated periodic availability checks to FortiGuard Distribution Servers (FDS) even when the Web Filter service was unlicensed and inactive.

    1204472

    FortiADC units experienced unexpected reboots due to a kernel crash. This resulted from an out-of-bounds memory access error during multipath route lookups, where the system attempted to access a non-existent index in the forwarding information base (FIB) array.
    1133341 Enhanced FortiView to support manual termination of AAG user sessions. Administrators can now disconnect active AAG users directly from the User Session monitoring table to assist with access operations and session management.
    Previous
    Next