Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in version 6.0.3. For inquires about a particular bug, please contact Customer Service & Support.

Anti-Spam

Bug ID

Description

500789

FortiGuard spam submission hyperlink does not contain any link to to the FortiGuard submission page.

Antivirus

Bug ID

Description

445312

tcp-timewait-timer does not have any effect when WAD is running.

459986

Repeated scanunit signal 11 crash scan_for_base64_objects.

502138

AV full scan mode causes traffic to fail.

505249

Proxy AV profile blocks Dell Command Update.

505393

Quad File Dropped Reason forticloud-daily-quota-exceeded.

Application Control

Bug ID

Description

498396

Upgrade from 5.2.13 to 5.4.9 is affected by application list global limit.

Data Leak Prevention

Bug ID

Description

454103

Certain PDF files are blocked when DLP filter is set to block .bat file.

496255

Some XML-based MS Office files are recognized as ZIP file.

506750

Customer wants to block .csv file extension when attaching a file on web-based gmail.

Endpoint Control

Bug ID

Description

479672

FortiTelemetry not blocking VIP.

500027

Can't block FortiClient that's not compliant.

Explicit Proxy

Bug ID

Description

496294

SNMP value returned OID of fgExplicitProxyMemUsage and fgExplicitProxyUpTime is always 0.

502392

Explicit web proxy does not learn session TTL correctly.

503478

Presence of X-XSS-Protection header causes response to be not cacheable.

506654

High memory usage on WAD.

508818

Agentless NTLM proxy authentication incorrectly returns 403 Authorization Failed to empty credential login attempt.

509876

Web proxy internet service as dst address cannot work for some IP address range overlap cases.

512268

FortiView is not populated by xff-learned original client IP address.

512294

WAD should not keep buffer data if the server's response broke the HTTP protocol.

Firewall

Bug ID

Description

504699

nat-source-vip enabled shouldn't affect SNAT in normal policy.

506430

Traffic shaper bandwidth cannot exceed guaranteed bandwidth if max bandwidth is not configured.

508844

FortiGate needs to support NAT64 fragmentation inbound DF-set feature.

509777

Default custom service will block traffic.

FortiView

Bug ID

Description

507441

Unable to show information from GUI in Fortiview > Sources.

437272

FortiView bytes Sent/Received do not match the total data of the Source when drilling down into details.

GUI

Bug ID

Description

297832

Administrator with read-write permission on Firewall Configuration is not able to read or write firewall policies.

407475

Permission denied error is shown when an admin user clicked Create New in Traffic Shaping Policy.

422871

In interface list, when logged in as VDOM admin, the GUI should gray out enable/disable option on interface that does not belong to the admin.

449956

VPN setting should not show IPv6.

458106

WiFi & Switch Controller > FortiSwitch Ports keeps on spinning.

468003

Not possible to do FW policy search based on an interface name itself when Interface Pair View is used.

468314

SD-WAN interface cannot be set as dstintf in IPv6 firewall policy.

474524

The GUI policy page won't load for restricted admin.

474737

fwgrp read&read-write access profile doesn't work properly.

476237

FortiGate GUI using unsecure telnet to connect to CLI of switches instead of SSH through GUI.

478057

Cannot restore configuration when GUI access to the FortiGate is via a connection with small bandwidth.

478116

Need GUI functionality added back to HUGHES branch for script execution from FortiManager.

481902

When accessing FortiView > Websites page, gets error Failed to get FortiView data and httpsd keeps crashing.

486248

For FG-30D, the default admin has insufficient privileges to access Antivirus profiles in GUI.

487350

FortiGuard Filtering Services Availability showing Unavailable on GUI when no valid Anti-spam license is present.

487512

Some GUI pages not displayed for administrators who have no access for Web Filter in profile.

488605

Device Definitions Page is not loading for a read-only account.

489744

GUI does not allow valid BGP router-id in GUI.

491394

Network > Interfaces > Internal error: VDOM.

494713

Suggest GUI Disk_Usage_Widget graph Y-axes scale's maximum unit value to be 100%.

495043

Trusted hosts list is partial within admin details page on GUI and it allows duplicate entries of trusted IPs.

496959

Widgets Host Scan Summary and FortiClient Detected Vulnerabilities do not count online offnet devices (via WAN).

497427

V3.3.0_533151 remote access stuck loading main dashboard page and login with Fortimanager_Access user.

501197

Sometimes cannot set or change guest user expiration time in Mozilla Firefox.

501528

Local domain name cannot be removed from GUI, can only be done through CLI.

501982

In POE, POE status not showing and POE port not shown in blue.

503867

In GUI, some certificates break the Certificate page.

504483

DHCP client list for MAC reservation keeps on loading from GUI.

504935

peertype one in ikev2 phase1-interface can be chosen in GUI.

505656

When using Edge, a page is reloaded when hovering on a connecting line between objects in the topology.

505985

FortiSwitch Topology in GUI not showing an ISL.

506795

Address object associated virtual pair port is not seen in Select Entries dialog box.

506907

Need to improve Dial Codes for Dominican Republic and Puerto Rico.

507427

IP6-mode changed from delegated to static after some parameter was changed on WebGUI.

508596

GUI Dashboard > Interface Bandwidth widget cannot be added for GRE tunnel interfaces.

512478

If NAT is configured to Use Outgoing Interface Address the Preserve Source Port switch is hidden or missing.

512481

Cannot see comments on the GUI for VIP GROUPs on FortiOS 6.0.2.

HA

Bug ID

Description

465849

Wrong diagnose sys ha dump-by vcluster display when cluster V5.4 and V5.2 are on the same LAN.

502110

HA-mgmt interface is displayed on every VDOM.

503118

Secondary unit sends several false alert emails everyday after upgrade to 5.6.

503433

hasync daemon crashes when admin session times out and cluster could be out of sync for a short period.

506363

Debugzone and checksum output do not match.

510585

HA does not recognize proper ping-server status, hence does not failover when ping-server is down.

512383

local-in-policy for ha-mgmt-int doesn't work after reboot.

Intrusion Prevention

Bug ID

Description

480525

DHCP doesn't work properly in TP when IPS is enabled.

492193

DoS policies consume 20% more CPU than in FortiOS 5.2.

497602

After upgrading, sniffer packet on any interface causes drops on kernel and traffic impact. DoS policies used.

503895

Traffic drops for 15 seconds when UTM is enabled.

505945

IPS extended-utm-log rawdata log field should include Url field.

506234

Cannot configure IPS sensor severity or threat-weight category.

509174

6.0 build 0163 IPSengine 4.021 crash with signal 14.

IPsec VPN

Bug ID

Description

463441

NAT -T broken with AWS and FortiGate.

476461

IKE does not release the mode-cfg framed-IP assigned from RADIUS.

481720

Using transparent mode and policy base VPN, about 4 ICMP packets which exceed over MTU 1375 byte are dropped.

492366

100% system CPU usage when re-keying idle IPsec tunnels.

502591

Unable to manage FortiGate with FortiManager over IPsec tunnel.

504383

When using the command get vpn ike gateway in a VDOM, the firewall CLI session outputs information for only a few tunnels and exits.

Log & Report

Bug ID

Description

490378

Long-live session statistics logs add sentdelta and rcvddelta fields for FortiCloud and FortiView as required.

500087

Support WCCP set up with one arm WCCP web cache diagram.

504238

Incorrect log action blocked even user is "passthrough" in web filter log with warning-prompt per domain.

505474

DNS events are not included in the security event list.

507227

All logs in the log disk are erased after upgrading to 6.0.

508277

Non-SIP packet send to SIP ALG gets dropped with no log.

Proxy

Bug ID

Description

497974

WAD crash: signal 11 (Segmentation fault) received everytime when static route is disabled.

500965

In FG-200E kernel conserve mode, WAD process consuming high memory.

503633

Some traffic forwarded to different gateway when proxy based UTM profiles are used.

503667

Numerous WAD process crashes and WAD counter errors.

505772, 513667

WAD process crash with signal 11.

506995

FG-1200D WAD crashing 5.6.5 (WAD MAPI).

507155

System went into conserve mode due to WAD after upgrade to 5.6.5.

511114

WAD crashes when clientcomfort is enabled.

REST API

Bug ID

Description

424403

REST API for system CSF didn't return CSF group name.

501749

REST API 403 error on IPS log retrieval with loggrp.data-access group.

512038

REST API Post to add address objects to an address group response is incorrect if address group is at max table size.

Routing

Bug ID

Description

490312

When we set keepalive-interval > 0 in GRE tunnel, static route to remote site becomes inactive.

497134

eBGP attempts to reach neighbor via a non-connected route from an IPsec VPN tunnel even though ebgp-force-multihop is disabled.

499100

SD-WAN with IPPool not respecting associated interface if one of the links has a dynamic IP.

504164

OSPF - LSA checksum error.

505189

Kernel is missing routes.

505467

For some OSPFv3 intra-area routes, the next-hop link-local address is not displayed.

506074

SD-WAN SLA's restore link value is too small and doesn't account for dynamic routing/convergence.

506627

SD-WAN traffic dropped by tunnel when we create a SD-WAN health check from the HUB.

509988

Dynamic tunnel (shortcut in ADVPN) cannot be established.

511203

When using policy route for IPv6, NAT64 does not work.

SSL-VPN

Bug ID

Description

477231

Unable to log in to VMware vSphere vCenter 6.5 through SSL VPN web portal.

491733

SSL VPN process taking 99% of CPU utilization {tunnel mode only).

492654

SSLVPND process crashes and users are disconnected from SSL-VPN.

493772

Some URLs in SSL VPN return HTTP404.

496584

SSL VPN bad password attempt causes excessive bindRequests against LDAP and lockout of accounts.

499071

SSL VPN logon fails if user is member of a large number of LDAP groups.

499612

Web-mode SSL VPN login attempt fails for user with locally assigned token if GROUP name contains plus(+) sign.

500901

SSL VPN web portal connected to FortiManager (5.6.3) unable to view managed devices and policy packages.

502044

SSL VPN creates user bookmark placeholder where user bookmarks are not allowed.

502365

SSLVPND crashes after upgrading from 5.6.3 to 6.0.1.

503160

Unable to render icons via web based SSL VPN bookmark.

503909

Bookmark cannot load successfully in SSL web mode.

506346

JQuery errors when accessing PDF documents through SSL VPN web portal.

507068

Internal server page does not display in SSL VPN web-mode; displays OK in tunnel mode.

507242

Internal web site not working through SSL VPN web mode.

507251

SSLVPND is continuously crashing.

510967

Internal server web app not accessible when using SSL VPN web mode and gives error.

512041

SSL VPN users get a JavaScript error when accessing bookmarks in web mode.

512409

In SSL VPN web mode, SMB/CIFS uploaded Japanease file name is garbled.

Switch Controller

Bug ID

Description

504179

Application cu_acd has segmentation fault on FortiGate.

510998

Unable to delete SVI on FortiGate and VLAN from switch interface under FortiGate-managed switch after it becomes part of auto-ISL trunk.

511394

Switch-controller lldp-profile global limit is hit by creating 500 VDOMs.

System

Bug ID

Description

440411

Monitor NP6 IPsec engine status.

465122

GeoIP database mismatch on cluster after every new database release.

470650

DNS filter getting purged by FortiManager when not used in a policy because FortiGate DNS filter does not contain static entry.

473118

Fnbamd crashes after upgrading ca_bundle file.

474645

After modifying system settings in GUI, gets wrong message and FGFM status is changed.

476026

Bug in the config revision diff function (for comparing two configs).

482497

Running diagnose npu np6lite session in FG-201E results in high CPU and system instability.

491090

FortiGuard service is unavalable since upgrading.

495378

Port2 goes down after running for right days on FG-800D.

495493

Central-management settings do not allow push configuration and upgrade versions but do not take effect.

496528

Suggest set IPv6 address as NTP source.

496590

FQDN address object does not accept numbers at the end.

498032

Sometimes 5001E blade crashes during traffic testing with UTM enabled in firewall policy.

499055

DHCPv6c / PD: Single DUID on multiple WAN connections to same carrier causing issues with carrier DHCP utilizing only DUID.

503638

config system ipip-tunnel is lost after reboot when using pppoe interface.

503725

NP6 affecting all user traffic when enabled on policy.

503751

Changing primary 5001E/5001D blade FortiController Trunk Interface MTU setting loses kernel static routes in all secondary 5001E/5001D.

504960

Enhancements for maintainer account.

505715

DHCP lease new IP to same EFTPOS S800 device causes DHCP lease exhausted.

505774

SoC2-based platform might encounter kernel panic.

505930

FG-3700D freezes when deleting VDOM.

506030

SLBC cluster never in sync after policy push.

506219

Worker blade doesn't update the FT routing cache when phase1 is bound to a loopback interface.

506223

FortiGate is not compliant with RFC 3397 (Domain Search Option Format).

506365

Cannot disable DNS override from CLI, can't disable default gateway from server.

507060

Packet loss on startup when interfaces are in bypass mode.

507061

Longer time to put interfaces in bypass mode during shutdown.

507252

No session match for IPsec communication on worker blade primary device.

507447

FortiGate 300E is bridging OSPF packets during boot phase.

508304

IP is not updating in DDNS with 60D models.

510200

FortiGate DNS configuration doesn't allow single-word domain names.

510419

HTTP link-monitor - response parser is case-sensitive (Content-Length header).

510450

DHCP client is not getting IP address/route in HA A-P context.

512985

Bypass port pairs getting triggered even without any power failure or reboot.

513319

execute batch start errors with Cisco ACS tacacs user login.

User & Device

Bug ID

Description

453095

Mobile FortiTokens not assignable VDOM in vcluster on secondary unit.

498739

FSSO session interferes with SSL VPN auth sessions, prevents users from accessing allowed destinations.

500426

Email two-factor sending two codes and failing for GUI admin login.

502835

FortiGate reply RADIUS disconnect nak to FAC with log of User name is too long.

504746

Authenticated users have time-left 49710 days timeout.

509296

WAD user list does not update list based on FSSO.

511108

ldapconntimeout allows value which instantly times out LDAP authentication attempts.

VM

Bug ID

Description

484540

FOSVM serial number changes during firmware upgrade.

490248

Virtual disk is automatically divided into three partitions.

497675

No packets received by FortiGate VM virtual NIC when using type=vhostuser, model=virtio.

498653

FortiOS VM stops passing traffic after failover.

501190

Fortinet Azure crashes infrequently.

502727

FortiGate VM encounters kernel panic on boot when running on ESXi 6.7.

502881

Cloud native default password and SSH authorized key.

506221

azd keep crashing with signal 11.

Web Filter

Bug ID

Description

413187

XFF header enhancements (strip-off & enforcement) for URL filtering module.

482785

Web filter proceed page loading very slowly when setting FortiGuard category to authenticate.

489286

Renaming web filter profile does not take effect.

497075

Fail to retrieve external resource files - Transfer-Encoding: chunked.

500972

Wrong log for FortiGuard block page.

513400

iphone web filter restriction and safe searching do not work.

WiFi Controller

Bug ID

Description

414960

Cannot get crash trace when hostapd crashes.

503084

In managed FortiAP, the client filter is not working.

503190

FAP info (apsn, apname, channel, radioband) missing from traffic logs.

505439

Local-auth - Missing second RADIUS port from VCFG.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

496642

FortiOS 6.0.3 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13371

502940

FortiOS 6.0.3 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13374

510148

FortiOS 6.0.3 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-15473

Resolved Issues

The following issues have been fixed in version 6.0.3. For inquires about a particular bug, please contact Customer Service & Support.

Anti-Spam

Bug ID

Description

500789

FortiGuard spam submission hyperlink does not contain any link to to the FortiGuard submission page.

Antivirus

Bug ID

Description

445312

tcp-timewait-timer does not have any effect when WAD is running.

459986

Repeated scanunit signal 11 crash scan_for_base64_objects.

502138

AV full scan mode causes traffic to fail.

505249

Proxy AV profile blocks Dell Command Update.

505393

Quad File Dropped Reason forticloud-daily-quota-exceeded.

Application Control

Bug ID

Description

498396

Upgrade from 5.2.13 to 5.4.9 is affected by application list global limit.

Data Leak Prevention

Bug ID

Description

454103

Certain PDF files are blocked when DLP filter is set to block .bat file.

496255

Some XML-based MS Office files are recognized as ZIP file.

506750

Customer wants to block .csv file extension when attaching a file on web-based gmail.

Endpoint Control

Bug ID

Description

479672

FortiTelemetry not blocking VIP.

500027

Can't block FortiClient that's not compliant.

Explicit Proxy

Bug ID

Description

496294

SNMP value returned OID of fgExplicitProxyMemUsage and fgExplicitProxyUpTime is always 0.

502392

Explicit web proxy does not learn session TTL correctly.

503478

Presence of X-XSS-Protection header causes response to be not cacheable.

506654

High memory usage on WAD.

508818

Agentless NTLM proxy authentication incorrectly returns 403 Authorization Failed to empty credential login attempt.

509876

Web proxy internet service as dst address cannot work for some IP address range overlap cases.

512268

FortiView is not populated by xff-learned original client IP address.

512294

WAD should not keep buffer data if the server's response broke the HTTP protocol.

Firewall

Bug ID

Description

504699

nat-source-vip enabled shouldn't affect SNAT in normal policy.

506430

Traffic shaper bandwidth cannot exceed guaranteed bandwidth if max bandwidth is not configured.

508844

FortiGate needs to support NAT64 fragmentation inbound DF-set feature.

509777

Default custom service will block traffic.

FortiView

Bug ID

Description

507441

Unable to show information from GUI in Fortiview > Sources.

437272

FortiView bytes Sent/Received do not match the total data of the Source when drilling down into details.

GUI

Bug ID

Description

297832

Administrator with read-write permission on Firewall Configuration is not able to read or write firewall policies.

407475

Permission denied error is shown when an admin user clicked Create New in Traffic Shaping Policy.

422871

In interface list, when logged in as VDOM admin, the GUI should gray out enable/disable option on interface that does not belong to the admin.

449956

VPN setting should not show IPv6.

458106

WiFi & Switch Controller > FortiSwitch Ports keeps on spinning.

468003

Not possible to do FW policy search based on an interface name itself when Interface Pair View is used.

468314

SD-WAN interface cannot be set as dstintf in IPv6 firewall policy.

474524

The GUI policy page won't load for restricted admin.

474737

fwgrp read&read-write access profile doesn't work properly.

476237

FortiGate GUI using unsecure telnet to connect to CLI of switches instead of SSH through GUI.

478057

Cannot restore configuration when GUI access to the FortiGate is via a connection with small bandwidth.

478116

Need GUI functionality added back to HUGHES branch for script execution from FortiManager.

481902

When accessing FortiView > Websites page, gets error Failed to get FortiView data and httpsd keeps crashing.

486248

For FG-30D, the default admin has insufficient privileges to access Antivirus profiles in GUI.

487350

FortiGuard Filtering Services Availability showing Unavailable on GUI when no valid Anti-spam license is present.

487512

Some GUI pages not displayed for administrators who have no access for Web Filter in profile.

488605

Device Definitions Page is not loading for a read-only account.

489744

GUI does not allow valid BGP router-id in GUI.

491394

Network > Interfaces > Internal error: VDOM.

494713

Suggest GUI Disk_Usage_Widget graph Y-axes scale's maximum unit value to be 100%.

495043

Trusted hosts list is partial within admin details page on GUI and it allows duplicate entries of trusted IPs.

496959

Widgets Host Scan Summary and FortiClient Detected Vulnerabilities do not count online offnet devices (via WAN).

497427

V3.3.0_533151 remote access stuck loading main dashboard page and login with Fortimanager_Access user.

501197

Sometimes cannot set or change guest user expiration time in Mozilla Firefox.

501528

Local domain name cannot be removed from GUI, can only be done through CLI.

501982

In POE, POE status not showing and POE port not shown in blue.

503867

In GUI, some certificates break the Certificate page.

504483

DHCP client list for MAC reservation keeps on loading from GUI.

504935

peertype one in ikev2 phase1-interface can be chosen in GUI.

505656

When using Edge, a page is reloaded when hovering on a connecting line between objects in the topology.

505985

FortiSwitch Topology in GUI not showing an ISL.

506795

Address object associated virtual pair port is not seen in Select Entries dialog box.

506907

Need to improve Dial Codes for Dominican Republic and Puerto Rico.

507427

IP6-mode changed from delegated to static after some parameter was changed on WebGUI.

508596

GUI Dashboard > Interface Bandwidth widget cannot be added for GRE tunnel interfaces.

512478

If NAT is configured to Use Outgoing Interface Address the Preserve Source Port switch is hidden or missing.

512481

Cannot see comments on the GUI for VIP GROUPs on FortiOS 6.0.2.

HA

Bug ID

Description

465849

Wrong diagnose sys ha dump-by vcluster display when cluster V5.4 and V5.2 are on the same LAN.

502110

HA-mgmt interface is displayed on every VDOM.

503118

Secondary unit sends several false alert emails everyday after upgrade to 5.6.

503433

hasync daemon crashes when admin session times out and cluster could be out of sync for a short period.

506363

Debugzone and checksum output do not match.

510585

HA does not recognize proper ping-server status, hence does not failover when ping-server is down.

512383

local-in-policy for ha-mgmt-int doesn't work after reboot.

Intrusion Prevention

Bug ID

Description

480525

DHCP doesn't work properly in TP when IPS is enabled.

492193

DoS policies consume 20% more CPU than in FortiOS 5.2.

497602

After upgrading, sniffer packet on any interface causes drops on kernel and traffic impact. DoS policies used.

503895

Traffic drops for 15 seconds when UTM is enabled.

505945

IPS extended-utm-log rawdata log field should include Url field.

506234

Cannot configure IPS sensor severity or threat-weight category.

509174

6.0 build 0163 IPSengine 4.021 crash with signal 14.

IPsec VPN

Bug ID

Description

463441

NAT -T broken with AWS and FortiGate.

476461

IKE does not release the mode-cfg framed-IP assigned from RADIUS.

481720

Using transparent mode and policy base VPN, about 4 ICMP packets which exceed over MTU 1375 byte are dropped.

492366

100% system CPU usage when re-keying idle IPsec tunnels.

502591

Unable to manage FortiGate with FortiManager over IPsec tunnel.

504383

When using the command get vpn ike gateway in a VDOM, the firewall CLI session outputs information for only a few tunnels and exits.

Log & Report

Bug ID

Description

490378

Long-live session statistics logs add sentdelta and rcvddelta fields for FortiCloud and FortiView as required.

500087

Support WCCP set up with one arm WCCP web cache diagram.

504238

Incorrect log action blocked even user is "passthrough" in web filter log with warning-prompt per domain.

505474

DNS events are not included in the security event list.

507227

All logs in the log disk are erased after upgrading to 6.0.

508277

Non-SIP packet send to SIP ALG gets dropped with no log.

Proxy

Bug ID

Description

497974

WAD crash: signal 11 (Segmentation fault) received everytime when static route is disabled.

500965

In FG-200E kernel conserve mode, WAD process consuming high memory.

503633

Some traffic forwarded to different gateway when proxy based UTM profiles are used.

503667

Numerous WAD process crashes and WAD counter errors.

505772, 513667

WAD process crash with signal 11.

506995

FG-1200D WAD crashing 5.6.5 (WAD MAPI).

507155

System went into conserve mode due to WAD after upgrade to 5.6.5.

511114

WAD crashes when clientcomfort is enabled.

REST API

Bug ID

Description

424403

REST API for system CSF didn't return CSF group name.

501749

REST API 403 error on IPS log retrieval with loggrp.data-access group.

512038

REST API Post to add address objects to an address group response is incorrect if address group is at max table size.

Routing

Bug ID

Description

490312

When we set keepalive-interval > 0 in GRE tunnel, static route to remote site becomes inactive.

497134

eBGP attempts to reach neighbor via a non-connected route from an IPsec VPN tunnel even though ebgp-force-multihop is disabled.

499100

SD-WAN with IPPool not respecting associated interface if one of the links has a dynamic IP.

504164

OSPF - LSA checksum error.

505189

Kernel is missing routes.

505467

For some OSPFv3 intra-area routes, the next-hop link-local address is not displayed.

506074

SD-WAN SLA's restore link value is too small and doesn't account for dynamic routing/convergence.

506627

SD-WAN traffic dropped by tunnel when we create a SD-WAN health check from the HUB.

509988

Dynamic tunnel (shortcut in ADVPN) cannot be established.

511203

When using policy route for IPv6, NAT64 does not work.

SSL-VPN

Bug ID

Description

477231

Unable to log in to VMware vSphere vCenter 6.5 through SSL VPN web portal.

491733

SSL VPN process taking 99% of CPU utilization {tunnel mode only).

492654

SSLVPND process crashes and users are disconnected from SSL-VPN.

493772

Some URLs in SSL VPN return HTTP404.

496584

SSL VPN bad password attempt causes excessive bindRequests against LDAP and lockout of accounts.

499071

SSL VPN logon fails if user is member of a large number of LDAP groups.

499612

Web-mode SSL VPN login attempt fails for user with locally assigned token if GROUP name contains plus(+) sign.

500901

SSL VPN web portal connected to FortiManager (5.6.3) unable to view managed devices and policy packages.

502044

SSL VPN creates user bookmark placeholder where user bookmarks are not allowed.

502365

SSLVPND crashes after upgrading from 5.6.3 to 6.0.1.

503160

Unable to render icons via web based SSL VPN bookmark.

503909

Bookmark cannot load successfully in SSL web mode.

506346

JQuery errors when accessing PDF documents through SSL VPN web portal.

507068

Internal server page does not display in SSL VPN web-mode; displays OK in tunnel mode.

507242

Internal web site not working through SSL VPN web mode.

507251

SSLVPND is continuously crashing.

510967

Internal server web app not accessible when using SSL VPN web mode and gives error.

512041

SSL VPN users get a JavaScript error when accessing bookmarks in web mode.

512409

In SSL VPN web mode, SMB/CIFS uploaded Japanease file name is garbled.

Switch Controller

Bug ID

Description

504179

Application cu_acd has segmentation fault on FortiGate.

510998

Unable to delete SVI on FortiGate and VLAN from switch interface under FortiGate-managed switch after it becomes part of auto-ISL trunk.

511394

Switch-controller lldp-profile global limit is hit by creating 500 VDOMs.

System

Bug ID

Description

440411

Monitor NP6 IPsec engine status.

465122

GeoIP database mismatch on cluster after every new database release.

470650

DNS filter getting purged by FortiManager when not used in a policy because FortiGate DNS filter does not contain static entry.

473118

Fnbamd crashes after upgrading ca_bundle file.

474645

After modifying system settings in GUI, gets wrong message and FGFM status is changed.

476026

Bug in the config revision diff function (for comparing two configs).

482497

Running diagnose npu np6lite session in FG-201E results in high CPU and system instability.

491090

FortiGuard service is unavalable since upgrading.

495378

Port2 goes down after running for right days on FG-800D.

495493

Central-management settings do not allow push configuration and upgrade versions but do not take effect.

496528

Suggest set IPv6 address as NTP source.

496590

FQDN address object does not accept numbers at the end.

498032

Sometimes 5001E blade crashes during traffic testing with UTM enabled in firewall policy.

499055

DHCPv6c / PD: Single DUID on multiple WAN connections to same carrier causing issues with carrier DHCP utilizing only DUID.

503638

config system ipip-tunnel is lost after reboot when using pppoe interface.

503725

NP6 affecting all user traffic when enabled on policy.

503751

Changing primary 5001E/5001D blade FortiController Trunk Interface MTU setting loses kernel static routes in all secondary 5001E/5001D.

504960

Enhancements for maintainer account.

505715

DHCP lease new IP to same EFTPOS S800 device causes DHCP lease exhausted.

505774

SoC2-based platform might encounter kernel panic.

505930

FG-3700D freezes when deleting VDOM.

506030

SLBC cluster never in sync after policy push.

506219

Worker blade doesn't update the FT routing cache when phase1 is bound to a loopback interface.

506223

FortiGate is not compliant with RFC 3397 (Domain Search Option Format).

506365

Cannot disable DNS override from CLI, can't disable default gateway from server.

507060

Packet loss on startup when interfaces are in bypass mode.

507061

Longer time to put interfaces in bypass mode during shutdown.

507252

No session match for IPsec communication on worker blade primary device.

507447

FortiGate 300E is bridging OSPF packets during boot phase.

508304

IP is not updating in DDNS with 60D models.

510200

FortiGate DNS configuration doesn't allow single-word domain names.

510419

HTTP link-monitor - response parser is case-sensitive (Content-Length header).

510450

DHCP client is not getting IP address/route in HA A-P context.

512985

Bypass port pairs getting triggered even without any power failure or reboot.

513319

execute batch start errors with Cisco ACS tacacs user login.

User & Device

Bug ID

Description

453095

Mobile FortiTokens not assignable VDOM in vcluster on secondary unit.

498739

FSSO session interferes with SSL VPN auth sessions, prevents users from accessing allowed destinations.

500426

Email two-factor sending two codes and failing for GUI admin login.

502835

FortiGate reply RADIUS disconnect nak to FAC with log of User name is too long.

504746

Authenticated users have time-left 49710 days timeout.

509296

WAD user list does not update list based on FSSO.

511108

ldapconntimeout allows value which instantly times out LDAP authentication attempts.

VM

Bug ID

Description

484540

FOSVM serial number changes during firmware upgrade.

490248

Virtual disk is automatically divided into three partitions.

497675

No packets received by FortiGate VM virtual NIC when using type=vhostuser, model=virtio.

498653

FortiOS VM stops passing traffic after failover.

501190

Fortinet Azure crashes infrequently.

502727

FortiGate VM encounters kernel panic on boot when running on ESXi 6.7.

502881

Cloud native default password and SSH authorized key.

506221

azd keep crashing with signal 11.

Web Filter

Bug ID

Description

413187

XFF header enhancements (strip-off & enforcement) for URL filtering module.

482785

Web filter proceed page loading very slowly when setting FortiGuard category to authenticate.

489286

Renaming web filter profile does not take effect.

497075

Fail to retrieve external resource files - Transfer-Encoding: chunked.

500972

Wrong log for FortiGuard block page.

513400

iphone web filter restriction and safe searching do not work.

WiFi Controller

Bug ID

Description

414960

Cannot get crash trace when hostapd crashes.

503084

In managed FortiAP, the client filter is not working.

503190

FAP info (apsn, apname, channel, radioband) missing from traffic logs.

505439

Local-auth - Missing second RADIUS port from VCFG.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

496642

FortiOS 6.0.3 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13371

502940

FortiOS 6.0.3 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13374

510148

FortiOS 6.0.3 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-15473