Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in version 6.0.11. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Antivirus

Bug ID

Description

582368

URL threat detection version shows a large negative number after FortiGate reboots.

590092

Cannot clear scanunit vdom-stats to reset the statistics on ATP widget.

Explicit Proxy

Bug ID

Description

564582

Explicit proxy policy treats domain.tld in FQDN firewall address object as wildcard.

Firewall

Bug ID

Description

508015

Editing a policy in the GUI changes the FSSO setting to disable.

520558

Should not do passive port NAT for FTP session helper.

591731

Cannot reorder shaping policy via GUI or CLI (FG-100F).

643446

Fragmented UDP traffic is silently dropped when fragments have different ECN values.

FortiView

Bug ID

Description

527540

On multiple pages, the Quarantine Host option is not clickable on a registered device.

GUI

Bug ID

Description

467495

After enabling an inserted proxy policy, incorrect warning message appears that there is no source interface.

545900

GUI shows Failed to save changes when trying to reorder a policy in the list.

587673

On Proxy Policy page, the default view method (Interface Pair View) is not clickable.

662434

Aggregated interfaces in Zone are not displayed correctly.

HA

Bug ID

Description

540600

The HA hello-holddown value is divided by 10 in the hatalk daemon, which makes the hello-holddown time 10 times less than the configuration.

584551

hatalk keeps exchanging heartbeat packet incorrectly with FortiManager.

601550

Application hasync crashes several times.

621583

HA status is not displayed in the GUI when HB cables reconnect.

637711

CSR on cluster primary is generating out-of-sync alerts on secondary and tertiary units.

643958

Inconsistent data from FFDB caused several confsyncd crashes.

651674

Long sessions lost on new primary after HA failover.

Intrusion Prevention

Bug ID

Description

668631

IPS is constantly crashing, and ipshelper has high CPU when IPS extended database has too many rules (more than 256) sharing the same pattern. Affected models: SoC3-based FortiGates.

Workaround: disable CP or disable the extended database.

config ips global
    set database regular
    set cp-accel-mode none
end

Log & Report

Bug ID

Description

551031

FortiGate lost logs to FortiAnalyzer when route was changed and without physical interface being down.

592766

Log device defaults to empty and cannot be switched on in the GUI after enabling FortiAnalyzer Cloud.

634947

rlogd signal 11 crashes.

643099

logid=0000000020 is generated even with set logtraffic disable in the policy.

Proxy

Bug ID

Description

501299

WAD sometimes does not spawn any workers when configuring FG-101E after a factory reset.

584719

WAD reads ftp over-limit multi-line response incorrectly.

603195

Multiple WAD crashes with signal 11.

608387

WAD virtual server with HTTP multiplexing enabled causes crash after server is detached because the HTTP server object is detached from the HTTP session.

617099

WAD crashes every few minutes.

653099

Wildcard URL filter in proxy mode with ? and * not always handled properly.

Routing

Bug ID

Description

576930

Time stamps missing in routing debugs.

SSL VPN

Bug ID

Description

548599

SSL VPN crashes on parsing some special URLs.

596273

sslvpnd worker process crashes, causing a zombie tunnel session.

599960

RADIUS user and local token push cannot log in to SSL VPN portal/tunnel when the password needs to be changed.

610995

SSL VPN web mode gets error when accessing internal website at https://st***.st***.ca/.

628597

Unable to load the SSL VPN bookmark internal website, https://fi***.co.nz.

633114

Cannot access internal website pl***.fr using SSL VPN web mode.

633684

Host check causing macOS users to fail to connect to SSL VPN.

644506

Cannot authenticate to SSL VPN using 2FA if remote LDAP user and user within RADIUS group has same user name and password.

648433

Internal website loading issue in SSL VPN web portal.

662042

The https://outlook.office365.com and https://login.microsoft.com websites cannot be accessed in the SSL VPN web portal.

665879

When SSL VPN processes the HTTP/HTTPS response with content disposition, it will change the response body since the content type is HTML.

666855

FortiOS supports verifying client certificates with RSA-PSS series of signature algorithms, which causes problems with certain clients.

670803

Internal website, http://gd***.local/share/page?pt=login, log in page does not load in SSL VPN web mode.

System

Bug ID

Description

508085

The address object is still created even if the user sets the invalid address.

540354

WAD high CPU usage on FortiGate models that do not support SSH proxy in FOS 5.6. After upgrading to FOS 6.0, ssl-ssh-profile has certificate-inspection profile has SSH status incorrectly set to deep-inspection.

571720

Using DHCP to acquire addresses for mode-config with certificates fails to send DHCP request.

585053

NP6 VLAN LACP-based interface RX/TX counters not increasing.

587521

VIP server load-balancing persistence HTTP cookie not refreshed after the timer.

598464

Rebooting FG-1500D in 5.6.x during upgrade causes an L2 loop on the heartbeat interface and VLAN is disabled on the switch side.

605723

FG-600E stops sending out packets on its SPF and copper port on NP6.

607565

Interface emac-vlan feature does not work on SoC4 platform.

611512

When a LAG is created between 10 GE SFP+ slots and 25 GE SFP28/10 GE SFP+ slots, only about 50% of the sessions can be created. Affected models: FG-110xE, FG-220xE, and FG-330xE.

615460

GRE keep-alive reply dropped.

627629

DHCP client sent invalid DHCPREQUEST format during INIT state.

628642

Issue when packets from same session are forwarded to each LACP member when NPx offloading is enabled.

631296

Forward or local bi-directional traffic from NPU inter-VDOM links through seperate VDOMs is subject to high latency.

633827

Errors during fuzzy tests on FG-1500D.

634929

NP6 SSE drops after a couple of hours in a stability test.

649729

HA sync packets are hashed to a single queue when sync-packet-balance is enabled.

657629

FG-101F cannot retrieve power fan status and BGP status via SNMP.

660709

The sflowd process has high CPU usage when application control is enabled.

666030

Empty firewall objects after pushing several policy deletes.

User & Device

Bug ID

Description

561235

FQDN address objects resolution is failing when used in the captive web portal as walled garden rules.

567831

Local FSSO poller is regularly missing logon events.

604844

auth-concurrent setting in user group is not working as expected.

637577

Inconsistent fnbamd LDAP group match result.

VM

Bug ID

Description

656701

FG-VMX service manager enters conserve mode; cmdbsvr has high memory utilization.

Web Filter

Bug ID

Description

553593

Running diagnose debug urlfilter test-url <url> gives a response of URL test cache miss, even though the test-url is in the web filter rating cache.

WiFi Controller

Bug ID

Description

579908

Tunnel mode SSID packet loss seen from FAP-U24JEV and 800 connected APs.

608717

Packet loss over CAPWAP tunneled SSID.

618456

High cw_acd usage upon polling a large number of wireless clients with REST API.

641042

FG-200D drops TX packet on the SSID tunnel interface.

680503

The current Fortinet_Wifi certificate will expire on 2021-02-11.

Known Issues

The following issues have been identified in version 6.0.11. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Antivirus

Bug ID

Description

582368

URL threat detection version shows a large negative number after FortiGate reboots.

590092

Cannot clear scanunit vdom-stats to reset the statistics on ATP widget.

Explicit Proxy

Bug ID

Description

564582

Explicit proxy policy treats domain.tld in FQDN firewall address object as wildcard.

Firewall

Bug ID

Description

508015

Editing a policy in the GUI changes the FSSO setting to disable.

520558

Should not do passive port NAT for FTP session helper.

591731

Cannot reorder shaping policy via GUI or CLI (FG-100F).

643446

Fragmented UDP traffic is silently dropped when fragments have different ECN values.

FortiView

Bug ID

Description

527540

On multiple pages, the Quarantine Host option is not clickable on a registered device.

GUI

Bug ID

Description

467495

After enabling an inserted proxy policy, incorrect warning message appears that there is no source interface.

545900

GUI shows Failed to save changes when trying to reorder a policy in the list.

587673

On Proxy Policy page, the default view method (Interface Pair View) is not clickable.

662434

Aggregated interfaces in Zone are not displayed correctly.

HA

Bug ID

Description

540600

The HA hello-holddown value is divided by 10 in the hatalk daemon, which makes the hello-holddown time 10 times less than the configuration.

584551

hatalk keeps exchanging heartbeat packet incorrectly with FortiManager.

601550

Application hasync crashes several times.

621583

HA status is not displayed in the GUI when HB cables reconnect.

637711

CSR on cluster primary is generating out-of-sync alerts on secondary and tertiary units.

643958

Inconsistent data from FFDB caused several confsyncd crashes.

651674

Long sessions lost on new primary after HA failover.

Intrusion Prevention

Bug ID

Description

668631

IPS is constantly crashing, and ipshelper has high CPU when IPS extended database has too many rules (more than 256) sharing the same pattern. Affected models: SoC3-based FortiGates.

Workaround: disable CP or disable the extended database.

config ips global
    set database regular
    set cp-accel-mode none
end

Log & Report

Bug ID

Description

551031

FortiGate lost logs to FortiAnalyzer when route was changed and without physical interface being down.

592766

Log device defaults to empty and cannot be switched on in the GUI after enabling FortiAnalyzer Cloud.

634947

rlogd signal 11 crashes.

643099

logid=0000000020 is generated even with set logtraffic disable in the policy.

Proxy

Bug ID

Description

501299

WAD sometimes does not spawn any workers when configuring FG-101E after a factory reset.

584719

WAD reads ftp over-limit multi-line response incorrectly.

603195

Multiple WAD crashes with signal 11.

608387

WAD virtual server with HTTP multiplexing enabled causes crash after server is detached because the HTTP server object is detached from the HTTP session.

617099

WAD crashes every few minutes.

653099

Wildcard URL filter in proxy mode with ? and * not always handled properly.

Routing

Bug ID

Description

576930

Time stamps missing in routing debugs.

SSL VPN

Bug ID

Description

548599

SSL VPN crashes on parsing some special URLs.

596273

sslvpnd worker process crashes, causing a zombie tunnel session.

599960

RADIUS user and local token push cannot log in to SSL VPN portal/tunnel when the password needs to be changed.

610995

SSL VPN web mode gets error when accessing internal website at https://st***.st***.ca/.

628597

Unable to load the SSL VPN bookmark internal website, https://fi***.co.nz.

633114

Cannot access internal website pl***.fr using SSL VPN web mode.

633684

Host check causing macOS users to fail to connect to SSL VPN.

644506

Cannot authenticate to SSL VPN using 2FA if remote LDAP user and user within RADIUS group has same user name and password.

648433

Internal website loading issue in SSL VPN web portal.

662042

The https://outlook.office365.com and https://login.microsoft.com websites cannot be accessed in the SSL VPN web portal.

665879

When SSL VPN processes the HTTP/HTTPS response with content disposition, it will change the response body since the content type is HTML.

666855

FortiOS supports verifying client certificates with RSA-PSS series of signature algorithms, which causes problems with certain clients.

670803

Internal website, http://gd***.local/share/page?pt=login, log in page does not load in SSL VPN web mode.

System

Bug ID

Description

508085

The address object is still created even if the user sets the invalid address.

540354

WAD high CPU usage on FortiGate models that do not support SSH proxy in FOS 5.6. After upgrading to FOS 6.0, ssl-ssh-profile has certificate-inspection profile has SSH status incorrectly set to deep-inspection.

571720

Using DHCP to acquire addresses for mode-config with certificates fails to send DHCP request.

585053

NP6 VLAN LACP-based interface RX/TX counters not increasing.

587521

VIP server load-balancing persistence HTTP cookie not refreshed after the timer.

598464

Rebooting FG-1500D in 5.6.x during upgrade causes an L2 loop on the heartbeat interface and VLAN is disabled on the switch side.

605723

FG-600E stops sending out packets on its SPF and copper port on NP6.

607565

Interface emac-vlan feature does not work on SoC4 platform.

611512

When a LAG is created between 10 GE SFP+ slots and 25 GE SFP28/10 GE SFP+ slots, only about 50% of the sessions can be created. Affected models: FG-110xE, FG-220xE, and FG-330xE.

615460

GRE keep-alive reply dropped.

627629

DHCP client sent invalid DHCPREQUEST format during INIT state.

628642

Issue when packets from same session are forwarded to each LACP member when NPx offloading is enabled.

631296

Forward or local bi-directional traffic from NPU inter-VDOM links through seperate VDOMs is subject to high latency.

633827

Errors during fuzzy tests on FG-1500D.

634929

NP6 SSE drops after a couple of hours in a stability test.

649729

HA sync packets are hashed to a single queue when sync-packet-balance is enabled.

657629

FG-101F cannot retrieve power fan status and BGP status via SNMP.

660709

The sflowd process has high CPU usage when application control is enabled.

666030

Empty firewall objects after pushing several policy deletes.

User & Device

Bug ID

Description

561235

FQDN address objects resolution is failing when used in the captive web portal as walled garden rules.

567831

Local FSSO poller is regularly missing logon events.

604844

auth-concurrent setting in user group is not working as expected.

637577

Inconsistent fnbamd LDAP group match result.

VM

Bug ID

Description

656701

FG-VMX service manager enters conserve mode; cmdbsvr has high memory utilization.

Web Filter

Bug ID

Description

553593

Running diagnose debug urlfilter test-url <url> gives a response of URL test cache miss, even though the test-url is in the web filter rating cache.

WiFi Controller

Bug ID

Description

579908

Tunnel mode SSID packet loss seen from FAP-U24JEV and 800 connected APs.

608717

Packet loss over CAPWAP tunneled SSID.

618456

High cw_acd usage upon polling a large number of wireless clients with REST API.

641042

FG-200D drops TX packet on the SSID tunnel interface.

680503

The current Fortinet_Wifi certificate will expire on 2021-02-11.