Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in version 6.0.3. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Application Control

Bug ID

Description

435951

Traffic keeps going through the DENY NGFW policy configured with URL category.

488369

DSCP/ToS is not implemented in shaping-policy yet.

FortiView

Bug ID

Description

375172

FortiGate under a FortiSwitch may be shown directly connected to an upstream FortiGate.

414172

HTTPsd / DNSproxy / high CPU/memory with high rate UDP 1Byte spoofing traffic.

453610

Fortiview->Policies(or Sources)->Now, it shows nothing when filtered by physical interface at PPPoE mode.

460016

In Fortiview > Threats, drill down one level, click Return and the graph is cleared.

482045

FortiView – no data shown on Traffic from WAN.

GUI

Bug ID

Description

256264

Realtime session list cannot show IPv6 session and related issues.

439185

AV quarantine cannot be viewed and downloaded from detail panel when source is FortiAnalyzer.

442231

Link cannot show different colors based on link usage legend in logical topology real time view.

451776

Admin GUI has limit of 10 characters for OTP.

508015

Edit Policy from GUI changes fsso setting to disabled.

513451

Archived data filed in logs shows incorrect data.

515983

Firefox cannot list user TACACS+ Servers. Chrome is OK.

516415

Edit Disclaimer Message button is missing on Proxy Policy page.

518131

Unable to add static routes with same gateway IP and interface from the WebGUI.

HA

Bug ID

Description

451470

Unexpected performance reduction in case of Inter-Chassis HA fail-back with enabling HA override.

479987

FG MGMT1 does not authenticate Admin RADIUS users through primary unit (secondary unit works).

Intrusion Prevention

Bug ID

Description

445113

IPS engine 3.428 on FortiGate sometimes cannot detect Psiphon packets that iscan can detect.

IPsec VPN

Bug ID

Description

469798

The interface shaping with egress shaping profile doesn't work for offloaded traffic.

481201

The OCVPN feature is delayed about one day after registering on FortiCare.

Log & Report

Bug ID

Description

412649

In NGFW Policy mode, FortiGate does not create web filter logs.

516033

The traffic log for WANOPT data traffic in the server-side FortiGate should show policy type as proxy-policy, not policy.

Proxy

Bug ID

Description

516414

Traffic over 1GB through SCP gets terminated when SSH inspection is enabled in ssl-ssh-profile.

516934

In transparent proxy policy with cookie authentication mode, NTLM authentication doesn't work and LDAP authentication using wrong username/password will cause WAD to crash.

Security Fabric

Bug ID

Description

403229

In FortiView display from FortiAnalyzer, the upstream FortiGate cannot drill down to final level for downstream traffic.

411368

In FortiView with FortiAnalyzer, the combined MAC address is displayed in the Device field.

SSL-VPN

Bug ID

Description

405239

URL rewritten incorrectly for a specific page in application server.

Switch Controller

Bug ID

Description

304199

Using HA with FortiLink can encounter traffic loss during failover.

357360

DHCP snooping may not work on IPv6.

528983

When IGMP snooping is enabled on a VLAN, reserved multicast packets are forwarded twice on the 124D, 224D-FPOE, 248D, 424D, 424D-POE, 424D-FPOE, 448D, 448DPOE, 448D-FPOE, 224E, 224E-POE, 248E-POE, 248E-FPOE models.

System

Bug ID

Description

295292

If private-data-encryption is enabled, when restoring config to a FortiGate, the FortiGate may not prompt the user to enter the key.

364280

User cannot use ssh-dss algorithm to login to FortiGate via SSH.

385860

FG-3815D does not support 1GE SFP transceivers.

436746

NP6 counter shows packet drops on FG-1500D. Pure firewall policy without UTM.

468684

EHP drop improvement for units using NP_SERVICE_MODULE.

472843

When FortiManager is set for DM = set verify-install-disable, FortiGate does not always save script changes.

474132

FG-51E hang under stress test since build 0050.

494042

If we create VLAN in VDOM A, then we cannot create ZONE name with the same VLAN name in VDOM B.

Upgrade

Bug ID

Description

470575

After upgrading from 5.6.3, g-sniffer-profile and sniffer-profile exist for IPS and web filter.

473075

When upgrading, multicast policies are lost when there is a zone member as interface.

481408

When upgrading from 5.6.3 to 6.0.0, the IPv6 policy is lost if there is SD-WAN member as interface.

494217

Peer user SSL VPN personal bookmarks do not show when upgrade to 6.0.1.

Workaround: Use CLI to rename the user bookmark to the new name.

Web Filter

Bug ID

Description

480003

FortiGuard category does not work in NGFW mode policy.

WiFi Controller

Bug ID

Description

516067

CAPWAP traffic from non-VLAN SSID is blocked when dtls-policy=ipsec-vpn and NP6 offload are enabled.

Known Issues

The following issues have been identified in version 6.0.3. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Application Control

Bug ID

Description

435951

Traffic keeps going through the DENY NGFW policy configured with URL category.

488369

DSCP/ToS is not implemented in shaping-policy yet.

FortiView

Bug ID

Description

375172

FortiGate under a FortiSwitch may be shown directly connected to an upstream FortiGate.

414172

HTTPsd / DNSproxy / high CPU/memory with high rate UDP 1Byte spoofing traffic.

453610

Fortiview->Policies(or Sources)->Now, it shows nothing when filtered by physical interface at PPPoE mode.

460016

In Fortiview > Threats, drill down one level, click Return and the graph is cleared.

482045

FortiView – no data shown on Traffic from WAN.

GUI

Bug ID

Description

256264

Realtime session list cannot show IPv6 session and related issues.

439185

AV quarantine cannot be viewed and downloaded from detail panel when source is FortiAnalyzer.

442231

Link cannot show different colors based on link usage legend in logical topology real time view.

451776

Admin GUI has limit of 10 characters for OTP.

508015

Edit Policy from GUI changes fsso setting to disabled.

513451

Archived data filed in logs shows incorrect data.

515983

Firefox cannot list user TACACS+ Servers. Chrome is OK.

516415

Edit Disclaimer Message button is missing on Proxy Policy page.

518131

Unable to add static routes with same gateway IP and interface from the WebGUI.

HA

Bug ID

Description

451470

Unexpected performance reduction in case of Inter-Chassis HA fail-back with enabling HA override.

479987

FG MGMT1 does not authenticate Admin RADIUS users through primary unit (secondary unit works).

Intrusion Prevention

Bug ID

Description

445113

IPS engine 3.428 on FortiGate sometimes cannot detect Psiphon packets that iscan can detect.

IPsec VPN

Bug ID

Description

469798

The interface shaping with egress shaping profile doesn't work for offloaded traffic.

481201

The OCVPN feature is delayed about one day after registering on FortiCare.

Log & Report

Bug ID

Description

412649

In NGFW Policy mode, FortiGate does not create web filter logs.

516033

The traffic log for WANOPT data traffic in the server-side FortiGate should show policy type as proxy-policy, not policy.

Proxy

Bug ID

Description

516414

Traffic over 1GB through SCP gets terminated when SSH inspection is enabled in ssl-ssh-profile.

516934

In transparent proxy policy with cookie authentication mode, NTLM authentication doesn't work and LDAP authentication using wrong username/password will cause WAD to crash.

Security Fabric

Bug ID

Description

403229

In FortiView display from FortiAnalyzer, the upstream FortiGate cannot drill down to final level for downstream traffic.

411368

In FortiView with FortiAnalyzer, the combined MAC address is displayed in the Device field.

SSL-VPN

Bug ID

Description

405239

URL rewritten incorrectly for a specific page in application server.

Switch Controller

Bug ID

Description

304199

Using HA with FortiLink can encounter traffic loss during failover.

357360

DHCP snooping may not work on IPv6.

528983

When IGMP snooping is enabled on a VLAN, reserved multicast packets are forwarded twice on the 124D, 224D-FPOE, 248D, 424D, 424D-POE, 424D-FPOE, 448D, 448DPOE, 448D-FPOE, 224E, 224E-POE, 248E-POE, 248E-FPOE models.

System

Bug ID

Description

295292

If private-data-encryption is enabled, when restoring config to a FortiGate, the FortiGate may not prompt the user to enter the key.

364280

User cannot use ssh-dss algorithm to login to FortiGate via SSH.

385860

FG-3815D does not support 1GE SFP transceivers.

436746

NP6 counter shows packet drops on FG-1500D. Pure firewall policy without UTM.

468684

EHP drop improvement for units using NP_SERVICE_MODULE.

472843

When FortiManager is set for DM = set verify-install-disable, FortiGate does not always save script changes.

474132

FG-51E hang under stress test since build 0050.

494042

If we create VLAN in VDOM A, then we cannot create ZONE name with the same VLAN name in VDOM B.

Upgrade

Bug ID

Description

470575

After upgrading from 5.6.3, g-sniffer-profile and sniffer-profile exist for IPS and web filter.

473075

When upgrading, multicast policies are lost when there is a zone member as interface.

481408

When upgrading from 5.6.3 to 6.0.0, the IPv6 policy is lost if there is SD-WAN member as interface.

494217

Peer user SSL VPN personal bookmarks do not show when upgrade to 6.0.1.

Workaround: Use CLI to rename the user bookmark to the new name.

Web Filter

Bug ID

Description

480003

FortiGuard category does not work in NGFW mode policy.

WiFi Controller

Bug ID

Description

516067

CAPWAP traffic from non-VLAN SSID is blocked when dtls-policy=ipsec-vpn and NP6 offload are enabled.