Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in version 6.0.4. For inquires about a particular bug, please contact Customer Service & Support.

Antivirus

Bug ID

Description

516072

In flow mode, scanunit API does not allow IPS to submit scan job for URL with no filename.

519759

Process scanunit crashes.

522343

scanunitd having constant different kind of crash.

Endpoint Control

Bug ID

Description

495132

Automation stitch IOC for Access Layer Quarantine works incompletely.

Explicit Proxy

Bug ID

Description

521344

Explicit FTP proxy doesn't work with secondary IP address.

521899

When proxy srvc is set to protocol CONNECT and client tries to connect to HTTPS page, client gets message: Access Denied.

523974

Cannot access some web sites with deep inspection enabled.

Firewall

Bug ID

Description

390422

When a firewall address group is used in firewall policy, a wildcard FQDN address should not be allowed to be added into the firewall address group as a member.

503904

Creating a new address group gives error: Associated Interface conflict detected!.

504057

Service Object Limitation of 4096 needs to be increased.

511261

RSH connection disconnects when we have multiple commands executed via script and we can see the message no session matched.

514187

VIP ping healthchecks fail with high number of realservers.

FortiView

Bug ID

Description

256264

Realtime session list cannot show IPv6 session and related issues.

453610

Fortiview >Policies(or Sources) >Now shows nothing when filtered by physical interface at PPPoE mode.

460016

In Fortiview > Threats, drill down one level, click Return and the graph is cleared.

461811

In Cloud Applications widget bubble view, the tooltip cannot display Application.

488886

FortiView > Sources is unable to sort information accurately when filtering by policy ID number.

495070

In FortiView > Cloud Applications > Applications, GUI keeps loading and without any response.

527700

FortiView pages cannot be loaded by latest Chrome version 71.0.3578.80.

GUI

Bug ID

Description

437117

In Single Sign-on, multiple FSSO polling servers with the same AD (LDAP) server cannot select the same user or group.

456289

GUI to support two-level device classification schema.

491919

GUI - Routing Monitor page does not load with large number of routes inserted in the routing table.

497427

V3.3.0_533151 remote access stuck loading main dashboard page and login with Fortimanager_Access user.

512806

Slowness in loading the Addresses page.

515022

FortiGate and FSA has right connectivity, but Test Connectivity on GUI interface is showing Unreachable or not Authorized.

515983

Firefox cannot list user TACACS+ Servers. Chrome is OK.

516027

In GUI IPsec monitor page, the column username should be peerID.

516295

Error connecting to FortiCloud message while trying to access FortiCloud Reports in GUI.

518024

Guest admin logging in gets GUI Error 500: Internal Server Error.

518131

Cannot add static route with the same gateway IP and interface from WebGUI.

518970

Suggestion to improve SD-WAN SLA creation page's invalid-entry handling.

522576

GUI always loading VPN interface when there is over 5k VPN tunnel interfaces.

526573

GUI Virtual IP misses SSL-VPN interface.

HA

Bug ID

Description

445214

Secondary unit in AP cluster memory/CPU spike as a result of DHCP/HA sync issue.

509557

Duplicate MAC on mgmt2 ports.

510660

Upgrade to build 3574 fails for HA cluster.

511522

HA uninterruptible upgrade from 9790 to 3558 fails.

515401

SLBC-Dual mode: Secondary unit chassis blade sending traffic logs.

516779

Confsync cannot work with three members when encryption is enabled.

517537

Secondary unit out-of-sync. Unable to log into secondary unit.

518621

ha-mgmt-interface IPv6 GW is not registered when ha-mgmt-interface IPv4 GW is not set.

518651

TCP Session lost when only one unit in HA cluster kicked un-interruptive upgrade.

519653

Increase FGSP session sync from 200 VDOMs to 500 VDOMs.

525182

WLAN guest user in VDOM makes the cluster out of sync.

Intrusion Prevention

Bug ID

Description

469608

ICMP packets dropped during FortiGate update.

476219

Delay for BFD in IPinIP traffic hitting policy with IPS while IPsec calculates new key.

501986

DOS policy configured with action proxy for tcp_syn_flood doesn't work properly.

516128

Victim is quarantined after IPS attack.

IPsec VPN

Bug ID

Description

515375

VPN goes down randomly, also affects remote sites dialup.

520151

When two certificates are configured on p1, both aren't offered or the wrong one is offered.

Log & Report

Bug ID

Description

503897

FortiGate-501E units generating logs only for five minutes after rebooting the unit, Then do not generate logs anymore.

516033

The traffic log for WANOPT data traffic in the server-side FortiGate should show policy type as proxy-policy, not policy.

518402

miglogd crash and no logs are generated.

522447

FortiGate logging is not stable and stops working.

522512

When a service group contains more than 128 services, the existing logic cannot catch it and causes buffer overflow.

519969

EXE log filter category utm-anomaly/utm-voip does not work.

Proxy

Bug ID

Description

477289

Proxy is unexpectedly sending FIN packet (FTP over HTTP traffic).

487288

Facebook/LinkedIn partly loaded to browser when captive portal is used for Kerberos authorization with cookie for web proxy.

509994

Web site denied due to certificate error (revoked) only in Proxy_policy and deep inspection profile.

512434

Need to do changes in default replacement message of Invalid certificate Message.

513270

Certificate error with SSL deep inspection.

514426

Explicit proxy cannot catch Microsoft Outlook after FFDB update.

516414

Traffic over 1GB through SCP gets terminated when SSH inspection is enabled in ssl-ssh-profile.

516934

In transparent proxy policy with cookie authentication mode, NTLM authentication doesn't work and LDAP authentication using wrong username/password will cause WAD to crash.

519021

Cannot access internal CRM application server with antivirus enabled.

521051

HTTP WebSocket 101 switching protocol requests mismatch in 6.0.3.

521648

WAD crashes when a lot of addresses and policies are defined in the configuration.

526322

WAD crashes when processing transparent proxy traffic after upgrade to 6.0.3.

526555

WAD segmentation signal 11 in 6.0.3.

REST API

Bug ID

Description

467747

REST API user cannot create API user via autoscript upload and cannot set API password via CLI.

Routing

Bug ID

Description

441506

BGP Aggregate address results in blackhole for incoming traffic.

449010

WAN LLB session log srcip and dstip are mixed up intermittently.

476805

FortiGate delays to send keepalive which causes neighbor's hold down timer to expire and reset the BGP neighborship.

485408

Merge vwl_valeo project - no option for proute based on only dynamic routes.

500432

IGMP multicast joins taking very long time and uses high NSM CPU utilization.

515683

FortiGate generates fragmented OSPFv3 DBD packets.

518677

Log message MOB-L2-UNTRUST:311 not found in the list! seen on VDOM with IPv6 router advertisement enabled.

518929

SNMP, OSPF MIB ospfIfState value when designated router is not correct.

518943

RIPv2 with MD5 authentication key ID incompatible with other vendors.

520907, 520945

Zebos doesn't start up correctly on models using Linux 2.4 kernel.

522258

Some missing fields in proute list.

Security Fabric

Bug ID

Description

515970

Fabric settings/widget and FortiMail icons are yellow even when they are connected.

SSL-VPN

Bug ID

Description

508101

HTTPS bookmark to internal website produces error after the initial successful login.

511002

SSL-VPN web mode login fails when entering valid OTP manually.

511107

For RADIUS with 2FA and password renewal enabled, password change fails due to unexpected state AVP + GUI bug.

511415

SSL-VPN web mode RDP connection disconnects when pasting text from local to remote RDP server.

515889

SSL-VPN web mode has trouble loading internal web application.

519068

WAD informer process crashes in tunnel mode SSL-VPN user login.

519372

SSL-VPN web mode RDP doesn't work.

519987

HTTP bookmark error SyntaxError: Expected ')' after accessing internal server.

520361

SSL-VPN portal not loading predefined bookmarks.

521459

HSTS header missing again under SSL-VPN.

Switch Controller

Bug ID

Description

522457

After a physical port of FortiLink LAG has link down/up, fortilinkd packet cannot be sent from FortiGate to FortiSwitch.

System

Bug ID

Description

502651

Inconsistent behavior with 1G copper transceivers on 3960E.

503318

Accessing FDS via proxy server without DNS resolution.

505468

Incorrect SNMP answer for get-next.

505522

Intermittent failure of DHCP address assignment.

505873

ftm2 daemon cannot detect change of ssl-static-key-ciphers and need to restart daemon.

507518

Partial configuration loss after root VDOM restore.

508285

After restoring a config for VDOM, the VDOM cannot be deleted unless OS is rebooted.

510737

Users are not able to pull DHCP addresses from FGT.

511851

Unable to set EMAC VLANs on different VDOMs to the same VLAN ID.

512930

WAD crash with signal 11.

513156

Packet loss on startup when interfaces are in bypass mode (2500E).

513339

Finisar FCLF8521p2BTL (FG-TRAN-GC) and (FS-TRAN-GC) FCLF8522P2BTL transceivers not detected by FortiOS.

513663

FG-3200D running FOS 5.6.5 – WAD crashing frequently.

516105

Daylight Saving Time no longer used in Azerbaijan.

516783

DSA and RSA fingerprints are identical.

524422

Support FortiGateRugged-30D model containing the new CPU.

Upgrade

Bug ID

Description

510447

FWF-30D keeps rebooting after upgrade to 6.0.2.

User & Device

Bug ID

Description

463849

FAC remote LDAP user authentication via RADIUS fails on invalid token if password change and 2FA are both required.

491118

Kerberos users unable to access internet.

510581

Backup password for LDAP admin does not work when interface is down.

511776

Once user has assigned token other tokens not listed in pull down menu.

515226

FortiGate keeps sending accounting packet to RADIUS server for user that is no longer authenticated.

519826

fnbamd crashes and LDAP authentication stops working after upgrade.

VM

Bug ID

Description

488964

Service Manger warns that internal and external interfaces are down.

498653

FortiOSVM stops passing traffic after failover.

509672

"netx request error:60..." was reported when running some "exec nsx service" and "exec nsx group" commands on SVM.

512713

Connectivity loss between FGT-SVM and FGT-VMX causes license to became invalid after one hour.

515624

FortiGate VM cannot use the maximum memory allowance as per the license.

524852

Possible cross-origin error when attempting to read state from window.opener for GCP marketplace.

VoIP

Bug ID

Description

516927

No audio when call is generated from the outside in a FGT30E SIP-ALG when local devices apps register against remote SIP server.

Web Filter

Bug ID

Description

486171

The "Web Rating Overrides" doesn't work with flow-mode.

518933

Certificate inspection (CN base) web category filter doesn't work.

523804

Enabling safe search on DNS causes any site with google in the domain to redirect to forcesafesearch.google.com.

WiFi Controller

Bug ID

Description

478594

wpad_ac uses high CPU.

503106

Remote site client connected to the FAP14C ethernet port is randomly not able to reach the LAN client connected to the FortiGate.

512606

FortiWiFi not working with FortiPresence Pro.

519321

FWF-50E kernel panic due to a WiFi driver issue.

520521

hostapd crashes and causes a wireless outage.

522762

Frequent hostapd crash.

Resolved Issues

The following issues have been fixed in version 6.0.4. For inquires about a particular bug, please contact Customer Service & Support.

Antivirus

Bug ID

Description

516072

In flow mode, scanunit API does not allow IPS to submit scan job for URL with no filename.

519759

Process scanunit crashes.

522343

scanunitd having constant different kind of crash.

Endpoint Control

Bug ID

Description

495132

Automation stitch IOC for Access Layer Quarantine works incompletely.

Explicit Proxy

Bug ID

Description

521344

Explicit FTP proxy doesn't work with secondary IP address.

521899

When proxy srvc is set to protocol CONNECT and client tries to connect to HTTPS page, client gets message: Access Denied.

523974

Cannot access some web sites with deep inspection enabled.

Firewall

Bug ID

Description

390422

When a firewall address group is used in firewall policy, a wildcard FQDN address should not be allowed to be added into the firewall address group as a member.

503904

Creating a new address group gives error: Associated Interface conflict detected!.

504057

Service Object Limitation of 4096 needs to be increased.

511261

RSH connection disconnects when we have multiple commands executed via script and we can see the message no session matched.

514187

VIP ping healthchecks fail with high number of realservers.

FortiView

Bug ID

Description

256264

Realtime session list cannot show IPv6 session and related issues.

453610

Fortiview >Policies(or Sources) >Now shows nothing when filtered by physical interface at PPPoE mode.

460016

In Fortiview > Threats, drill down one level, click Return and the graph is cleared.

461811

In Cloud Applications widget bubble view, the tooltip cannot display Application.

488886

FortiView > Sources is unable to sort information accurately when filtering by policy ID number.

495070

In FortiView > Cloud Applications > Applications, GUI keeps loading and without any response.

527700

FortiView pages cannot be loaded by latest Chrome version 71.0.3578.80.

GUI

Bug ID

Description

437117

In Single Sign-on, multiple FSSO polling servers with the same AD (LDAP) server cannot select the same user or group.

456289

GUI to support two-level device classification schema.

491919

GUI - Routing Monitor page does not load with large number of routes inserted in the routing table.

497427

V3.3.0_533151 remote access stuck loading main dashboard page and login with Fortimanager_Access user.

512806

Slowness in loading the Addresses page.

515022

FortiGate and FSA has right connectivity, but Test Connectivity on GUI interface is showing Unreachable or not Authorized.

515983

Firefox cannot list user TACACS+ Servers. Chrome is OK.

516027

In GUI IPsec monitor page, the column username should be peerID.

516295

Error connecting to FortiCloud message while trying to access FortiCloud Reports in GUI.

518024

Guest admin logging in gets GUI Error 500: Internal Server Error.

518131

Cannot add static route with the same gateway IP and interface from WebGUI.

518970

Suggestion to improve SD-WAN SLA creation page's invalid-entry handling.

522576

GUI always loading VPN interface when there is over 5k VPN tunnel interfaces.

526573

GUI Virtual IP misses SSL-VPN interface.

HA

Bug ID

Description

445214

Secondary unit in AP cluster memory/CPU spike as a result of DHCP/HA sync issue.

509557

Duplicate MAC on mgmt2 ports.

510660

Upgrade to build 3574 fails for HA cluster.

511522

HA uninterruptible upgrade from 9790 to 3558 fails.

515401

SLBC-Dual mode: Secondary unit chassis blade sending traffic logs.

516779

Confsync cannot work with three members when encryption is enabled.

517537

Secondary unit out-of-sync. Unable to log into secondary unit.

518621

ha-mgmt-interface IPv6 GW is not registered when ha-mgmt-interface IPv4 GW is not set.

518651

TCP Session lost when only one unit in HA cluster kicked un-interruptive upgrade.

519653

Increase FGSP session sync from 200 VDOMs to 500 VDOMs.

525182

WLAN guest user in VDOM makes the cluster out of sync.

Intrusion Prevention

Bug ID

Description

469608

ICMP packets dropped during FortiGate update.

476219

Delay for BFD in IPinIP traffic hitting policy with IPS while IPsec calculates new key.

501986

DOS policy configured with action proxy for tcp_syn_flood doesn't work properly.

516128

Victim is quarantined after IPS attack.

IPsec VPN

Bug ID

Description

515375

VPN goes down randomly, also affects remote sites dialup.

520151

When two certificates are configured on p1, both aren't offered or the wrong one is offered.

Log & Report

Bug ID

Description

503897

FortiGate-501E units generating logs only for five minutes after rebooting the unit, Then do not generate logs anymore.

516033

The traffic log for WANOPT data traffic in the server-side FortiGate should show policy type as proxy-policy, not policy.

518402

miglogd crash and no logs are generated.

522447

FortiGate logging is not stable and stops working.

522512

When a service group contains more than 128 services, the existing logic cannot catch it and causes buffer overflow.

519969

EXE log filter category utm-anomaly/utm-voip does not work.

Proxy

Bug ID

Description

477289

Proxy is unexpectedly sending FIN packet (FTP over HTTP traffic).

487288

Facebook/LinkedIn partly loaded to browser when captive portal is used for Kerberos authorization with cookie for web proxy.

509994

Web site denied due to certificate error (revoked) only in Proxy_policy and deep inspection profile.

512434

Need to do changes in default replacement message of Invalid certificate Message.

513270

Certificate error with SSL deep inspection.

514426

Explicit proxy cannot catch Microsoft Outlook after FFDB update.

516414

Traffic over 1GB through SCP gets terminated when SSH inspection is enabled in ssl-ssh-profile.

516934

In transparent proxy policy with cookie authentication mode, NTLM authentication doesn't work and LDAP authentication using wrong username/password will cause WAD to crash.

519021

Cannot access internal CRM application server with antivirus enabled.

521051

HTTP WebSocket 101 switching protocol requests mismatch in 6.0.3.

521648

WAD crashes when a lot of addresses and policies are defined in the configuration.

526322

WAD crashes when processing transparent proxy traffic after upgrade to 6.0.3.

526555

WAD segmentation signal 11 in 6.0.3.

REST API

Bug ID

Description

467747

REST API user cannot create API user via autoscript upload and cannot set API password via CLI.

Routing

Bug ID

Description

441506

BGP Aggregate address results in blackhole for incoming traffic.

449010

WAN LLB session log srcip and dstip are mixed up intermittently.

476805

FortiGate delays to send keepalive which causes neighbor's hold down timer to expire and reset the BGP neighborship.

485408

Merge vwl_valeo project - no option for proute based on only dynamic routes.

500432

IGMP multicast joins taking very long time and uses high NSM CPU utilization.

515683

FortiGate generates fragmented OSPFv3 DBD packets.

518677

Log message MOB-L2-UNTRUST:311 not found in the list! seen on VDOM with IPv6 router advertisement enabled.

518929

SNMP, OSPF MIB ospfIfState value when designated router is not correct.

518943

RIPv2 with MD5 authentication key ID incompatible with other vendors.

520907, 520945

Zebos doesn't start up correctly on models using Linux 2.4 kernel.

522258

Some missing fields in proute list.

Security Fabric

Bug ID

Description

515970

Fabric settings/widget and FortiMail icons are yellow even when they are connected.

SSL-VPN

Bug ID

Description

508101

HTTPS bookmark to internal website produces error after the initial successful login.

511002

SSL-VPN web mode login fails when entering valid OTP manually.

511107

For RADIUS with 2FA and password renewal enabled, password change fails due to unexpected state AVP + GUI bug.

511415

SSL-VPN web mode RDP connection disconnects when pasting text from local to remote RDP server.

515889

SSL-VPN web mode has trouble loading internal web application.

519068

WAD informer process crashes in tunnel mode SSL-VPN user login.

519372

SSL-VPN web mode RDP doesn't work.

519987

HTTP bookmark error SyntaxError: Expected ')' after accessing internal server.

520361

SSL-VPN portal not loading predefined bookmarks.

521459

HSTS header missing again under SSL-VPN.

Switch Controller

Bug ID

Description

522457

After a physical port of FortiLink LAG has link down/up, fortilinkd packet cannot be sent from FortiGate to FortiSwitch.

System

Bug ID

Description

502651

Inconsistent behavior with 1G copper transceivers on 3960E.

503318

Accessing FDS via proxy server without DNS resolution.

505468

Incorrect SNMP answer for get-next.

505522

Intermittent failure of DHCP address assignment.

505873

ftm2 daemon cannot detect change of ssl-static-key-ciphers and need to restart daemon.

507518

Partial configuration loss after root VDOM restore.

508285

After restoring a config for VDOM, the VDOM cannot be deleted unless OS is rebooted.

510737

Users are not able to pull DHCP addresses from FGT.

511851

Unable to set EMAC VLANs on different VDOMs to the same VLAN ID.

512930

WAD crash with signal 11.

513156

Packet loss on startup when interfaces are in bypass mode (2500E).

513339

Finisar FCLF8521p2BTL (FG-TRAN-GC) and (FS-TRAN-GC) FCLF8522P2BTL transceivers not detected by FortiOS.

513663

FG-3200D running FOS 5.6.5 – WAD crashing frequently.

516105

Daylight Saving Time no longer used in Azerbaijan.

516783

DSA and RSA fingerprints are identical.

524422

Support FortiGateRugged-30D model containing the new CPU.

Upgrade

Bug ID

Description

510447

FWF-30D keeps rebooting after upgrade to 6.0.2.

User & Device

Bug ID

Description

463849

FAC remote LDAP user authentication via RADIUS fails on invalid token if password change and 2FA are both required.

491118

Kerberos users unable to access internet.

510581

Backup password for LDAP admin does not work when interface is down.

511776

Once user has assigned token other tokens not listed in pull down menu.

515226

FortiGate keeps sending accounting packet to RADIUS server for user that is no longer authenticated.

519826

fnbamd crashes and LDAP authentication stops working after upgrade.

VM

Bug ID

Description

488964

Service Manger warns that internal and external interfaces are down.

498653

FortiOSVM stops passing traffic after failover.

509672

"netx request error:60..." was reported when running some "exec nsx service" and "exec nsx group" commands on SVM.

512713

Connectivity loss between FGT-SVM and FGT-VMX causes license to became invalid after one hour.

515624

FortiGate VM cannot use the maximum memory allowance as per the license.

524852

Possible cross-origin error when attempting to read state from window.opener for GCP marketplace.

VoIP

Bug ID

Description

516927

No audio when call is generated from the outside in a FGT30E SIP-ALG when local devices apps register against remote SIP server.

Web Filter

Bug ID

Description

486171

The "Web Rating Overrides" doesn't work with flow-mode.

518933

Certificate inspection (CN base) web category filter doesn't work.

523804

Enabling safe search on DNS causes any site with google in the domain to redirect to forcesafesearch.google.com.

WiFi Controller

Bug ID

Description

478594

wpad_ac uses high CPU.

503106

Remote site client connected to the FAP14C ethernet port is randomly not able to reach the LAN client connected to the FortiGate.

512606

FortiWiFi not working with FortiPresence Pro.

519321

FWF-50E kernel panic due to a WiFi driver issue.

520521

hostapd crashes and causes a wireless outage.

522762

Frequent hostapd crash.