Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in version 6.0.5. For inquires about a particular bug, please contact Customer Service & Support.

Antivirus

Bug ID

Description

519759

Process scanunit crashes in removeTransformCleanup when Outbreak prevention is enabled.

525711

FortiGate not sending email headers to FortiSandbox.

530210

Content Disarm cleans file even when it what was flagged Clean in FortiSandbox.

Data Leak Prevention

Bug ID

Description

518146

DLP incorrectly blocking .deb file extension (DLP log unclear for matches in archive files).

524910

DLP profile to block the file name pattern "*" not blocking uploaded files.

530470

DLP blocking html file categorized as bat file.

DNS Filter

Bug ID

Description

525068

No need to resolve safe search FQDN if not used.

Endpoint Control

Bug ID

Description

521645

Traffic blocked after enabling Compliance on SSL VPN interface.

525179

FortiGate fails to assign FortiClient Compliance profile based on LDAP group membership.

Firewall

Bug ID

Description

492034

Traffic not matching expected sessions and getting denied.

525995

Session marked dirty when routing table update for route which is not related to the session.

526748

Firewall policies with action DENY show Default proxy-options applied in GUI.

528464

Disappearing policy add. Also happens in 6.0.3 build 0200.

536868

A FortiGate in TP mode with set send-deny-packet enabled policy, generates strange ICMP-REPLY for TCP SYN/ICMP-REQUEST/UD.

FOC

Bug ID

Description

536520

GTP Tunnel States are not synced on subordinate unit after a reboot.

FortiView

Bug ID

Description

521497

The FortiView All Sessions real time view is missing right-click menu to end session/ban ip.

527708

Policy ID hyper link in policy view is missing.

527751

No user name on Fortiview > Sources main page

527775

FortiView logs entries do not refresh on log drill down page.

527952

FortiView > WiFi Clients > drill down > Sessions gets nothing at final drill down if device identification is disabled.

528684

FortiView > Bubble Chart cannot drill down on Firefox 63 with ReferenceError: "event is not defined".

528744

FortiView > Traffic Shaping displays data with error message if switched from other pages in custom period.

529313

FortiView > Web Sites > Web Categories drill down displays all entries in Policies tab.

529558

System Events widget shows No matching entries found when drilling down HA event.

538873

Traffic shaper info missing under Shaper column in FortiView.

539981

Unable to see Source DNS Name in FortiView.

GUI

Bug ID

Description

473148

FGT5001D Sessions widget in Dashboard show negative % for nTurbo after throughput test.

477493

GUI fails to read correct Last Used time for firewall policy.

479482

Timeout does not work properly if user moves away from FortiGate GUI.

493704

While accessing FortiGate page, browser memory usage keeps spiking and finally PC hangs.

498738

GUI creating B/W widget referencing SIT-Tunnel generates error.

509791

Editing Address Objects name within SSL-SSH inspection profile selection pane cause loss of Address/Web exemption objects.

509978

Unable to download the results of the scheduled script.

521253

LAG interface is not listed on the dropdown list when configuring DNS Service.

536841

DNS server in VPN SSL setting is overwritten when SSL-VPN settings are modified via GUI.

HA

Bug ID

Description

494900

Interface faceplate on System > HA shows inconsistent port link status with interface faceplate on Network > Interface.

513940

Enormous amount of session between heartbeat Interfaces for port 703 (HASYNC).

516234

GUI checksums show secondary is not synchronized when the primary unit is synchronized.

518717

MTU of session-sync-dev does not come into effect.

526252

High memory caused by updated daemon.

526492

FGSP between two FGCP clusters - session expectation.

526703

FGSP of FGCP cluster, does not pickup NAT'ed sessions.

529274

Factory reset box failed to sync with primary unit in multi-VDOM upgraded from 6.0.3.

530215

Application hasync *** signal 11 (Segmentation fault) received ***.

532015

High CPU on Core1 due to session sync process.

538289

Old primary unit keeps forwarding traffic after failover.

541224

Network loop over virtual-wire-pair in HA mode if running diagnose sys ha reset-uptime.

547700

HA out of sync after upgraded in multi-VDOM environment.

Intrusion Prevention

Bug ID

Description

452131

ipsengine up time on FG-51E is a negative number after changing db from extended to regular.

476219

Delay for BFD in IPinIP traffic hitting policy with IPS while IPsec calculates new key.

525398

Disabled and enabled IPS Signatures looks the same in IPS Sensor GUI.

528860

IPS archive PCAP periodically cannot capture.

IPsec VPN

Bug ID

Description

514519

OSPF neighbor can't up because IPsec tunnel interface MTU keeps changing.

518063

DPD shows unnegotiated and is not functioning correctly on ADVPN Spoke.

519187

IKE route should not be deleted if it is needed by other proxyids.

527137

Local GW disappears from GUI.

537140

KEv2 EAP - FortiGate fails to respond to IKE_AUTH when ECDSA certificate is used by ForitGate.

537450

Site-to-site VPN policy based - with DDNS destination fail to connect.

537769

FortiGate sends failure response to L2TP CHAP authentication attempt before checking it against RADIUS server.

Log & Report

Bug ID

Description

387324

Archive mark is always on under UTM logs page when log-display location set to FAZ.

521020

VPN usage duration days in local report is not correct.

528786

In Log viewer, forward traffic filter Result Accept(all)/Deny(all) does not work.

Proxy

Bug ID

Description

458057

Constant DNS query on built-in FQDN cause network congestion.

470407

IPv6-Happy-Eyeballs-Mechanism not working with proxy-based Webfilter-Profile.

491675

FTP Server is not accessible when AV profile is set to proxy based inspection.

512936

SSL certificate inspection in proxy mode doesn't use CN from Valid Certificate for categorization when SNI is not present.

516863

Webproxy learn-client-ip webfilter's auth/warn/ovrd does not work.

525518

Skype call drops when handled by WAD process after around three sec of being answered.

526667

FortiGate doesn't forward request:port command after 0 byte file transmission.

531575

Web site access failure due to OCSP check in WAD + Deep SSL inspection.

532121

WAD uses high CPU with "netlink recvmsg No buffer space available" after upgrade to 6.0.3+.

533838

WAD re-signs valid web sites with Untrusted CA certificate.

534346

WAD memory leak on OCSP certificate caching.

539452

FortiGate does not follow Authority key identifier when sending certificate chain in deep inspection.

544517

WAD process crashing and affecting HTTP/HTTPS traffic.

545964

FortiManager sends requests to FortiGate to collect proxy policy hit_count/bytes, and the response from FortiGate misses the uuid attribute.

549787

Unable to fetch the Root and Intermediate Certificate.

REST API

Bug ID

Description

523902

REST API issue: Access Token only verifies the first 30 characters.

Routing

Bug ID

Description

526008

Differences between routing table and kernel forward information. ADVPN + BGP.

527478

Proute list fill "null " application name.

528465

GRE tunnel does not come up.

529683

Upgrade from 5.6 to 6.0 causes all routes to be advertised in BGP.

531660

With VRRP use VRDST checking without default gateway.

531947

SD WAN IPsec interfaces keep failing over when link selection strategy is set to Custom-profile.

533018

Process nsm with high CPU when displaying the GUI section of IPv4 and IPv6 policy when receiving full routing of BGP.

533112

link-monitor cannot recover after the device in between reboot.

537110

BGP/BFD packets marked as CS0.

539982

Multicast failed after failover from another interface.

541072

BGPd crash.

544603

Multicast on interfaces with secondary IP addresses.

546198

SD-WAN performance SLA via GRE-Tunnel fails to set options or connect ping6 socket for monitor.

Security Fabric

Bug ID

Description

525790

Not able to connect through SSL VPN to addresses resolved by SDN dynamic objects.

SSL VPN

Bug ID

Description

493127

Connection to web server freezes when using SSL VPN web bookmark.

509333

SSL VPN to Nextcloud doesn't open.

515370

SSL VPN access denied if address object added after group object in firewall policy.

517819

Unable to load web page in SSL VPN web mode.

517859

Unable to load web page for some internal web sites in SSL VPN web mode.

518406

Unable to load WebPage through SSL VPN webmode. Some js files of xunta internal web sites have problems.

519113

SSL VPN web mode SMB connection doesn't work when enable then disable SMBCD debug.

520965

IBM QRadar page not displaying in SSL VPN web-mode.

521036

SSL VPN web mode access problem.

522987

Backup and restore the VDOM config with SSL VPN settings causes some critical flags and counter for SSL VPN to not update so SSL VPN stops working.

523450

Unable to access internal website via bookmark in SSL VPN web mode.

523647

Search result gives empty output upon accessing the URL https://ieeexplore.ieee.org via SSL VPN bookmark.

523717

Dropdown list can not get expanded through bookmarks (SSL VPN).

525375

Atlassian Confluence wiki Javascript problem via SSL VPN web mode.

527348

JavaScript script is not available when connecting using SSL VPN web mode.

527476

Update from web mode fails for SharePoint page using MS NLB.

528289

SSL VPN crashes when it receives HTTP request with header "X-Forwarded-For" because of the wrong use of sslvpn_ap_pstrcat.

529186

Problem loading reaching internal web server through SSL VPN Web bookmark when using HTTPS. Some js files of "srvdnsmgt" do not run correctly.

529512

SSL VPN user gets disconnected when load-balance-mode is measured-volume-based in SD-WAN.

530223

SSL VPN wants client certificate even when no client-cert for realm is configured.

530833

Synology NAS login page stuck after login when accessing by SSL VPN Web portal.

531827

Active cache memory leak after upgrade to 6.0.3 GA.

531848

FortiSIEM WebGUI does not load on web portal.

533008

SSL web mode is not modifying links on certain web pages.

536058

Redirected port is not entered in the URL through SSL VPN web mode.

538904

Unable to receive SSL tunnel IP address.

539187

SSL VPN random stale sessions exhausting IP pool.

546161

TX packet drops on ssl.root interface.

Switch Controller

Bug ID

Description

490447

Multiple fortilinks flapped during staging upgrade.

527521

On FortiSwitch Ports page, Display More does not work.

530237

HA cluster out-of-sync after changing port POE mode on switch-controller managed-switch settings: Double commit.

System

Bug ID

Description

370151

CPU doesn't remove dirty flag when returns session back to NP6.

466805

Adding USB Host devices to a virtual machine connected by USB to FortiGate 500D causes the units to restart in loop.

468684

EHP drop improvement for units using NP_SERVICE_MODULE.

479533

skippingBad tar header message flooding on console after rebooting box and retrieving logs.

492655

DNSproxy does not seem to update link-monitor module.

493128

bcm.user always takes nearly 70% CPU after running Nturbo over IPsec script.

496934

New feature merge: DNS Domain List.

505252

EMAC VLAN: SNMP data is incorrect.

505522

Intermittent failure of DHCP address assignment.

510973

FortiGate with disk and send logs to FAZ has PCI alerts.

511018

SSH/SSL VPN connection to external VLAN interface drop by changing unrelated interface IP or restart OSPF.

513419

High CPU on some cores of CPU & packet drops around 2-3%.

519246

ipmc_sensord process not checking sensors due to pending jobs.

519493

MCLAG: if remote side change systemID, only one port goes down, the other remains up.

521193

DNSPROXY causing high CPU usage.

524422

Merge br_6-0_sp back to 6.0 and 6.2.

525813

FortiGate managed by FortiManager intermittently going offline after rebooting FortiGate.

526646

LAG interface flaps when the member ports go up.

526771

Allow sit-tunnel to not specify the source address.

526788

Password policy forces password change even if expire-status is disabled.

527390

Kernel panic in the HA cluster with FortiGate-3800D units running FortiOS v6.0.0 build 0200

527902

TXT records are truncated in DNS replies, when FortiGate is used as DNS server.

528004

Add global log device statistics to SNMP.

529932

Primary DNS server is not queried even after 30 seconds.

531584

Kernel Panic when Fragmented Multicast Traffic received on EMAC-VLAN interface.

533556

Read-only admin account can delete IPsec SA.

534757

Device 80D reboots every 2-3 days with a kernel panic error.

535730

Memory leak after upgrade to 6.0.4.

536817

FortiGate sending DHCP offer using broadcast.

538304

Aggregate interface (four member) flapps when the third member interface goes down.

539090

Modifying FortiGate administrator password to complex ones via SSH triggers a FortiManager password change by auto-update.

539444

5001D blade rebooted on its own due to kernel panic.

542441

SNMP monitoring of the implicit deny policy not possible.

547720

FortiGate does not support DH 1024 bits as SSH server.

Upgrade

Bug ID

Description

498396

Upgrade from 5.2.13 to 5.4.9 is affected by application list global limit.

530793

config-error-log shows after upgrade from v5.6.6 to v5.6.7.

546874

Increase firewall.address tablesize for 80-90 series.

User & Device

Bug ID

Description

517702

VPN certificate CA: shows newly added entry before reboot but not after.

525648

FortiOS does not prompt for token when Access-Challenge is received - RADIUS authentication fails.

525925

Unable to login to FortiGate using Symantec 2-factor authentication.

525929

LDAPS requests fail with fnbamd stop error "Not enough bytes". LDAP works fine. Additional timeout observed.

529945

Local certificate content changes should be directly applied for the admin-server-cert sent to the client browser.

535279

FortiGate sends error user password to RADIUS server for CMCC auth user sometimes.

VM

Bug ID

Description

523125

Should handle multiple IP address failover better during HA failover.

526471

VMX: Adding a security group with ~30+ devices into the redirection policy the connection starts to experience huge delay.

540062

Kernel panic after upgrade from 5.6.7 to 5.6.8.

542794

Session size overflow on VMX causing timeout and error on NSX vMotion task.

548531

FG-AWS HA failover and SDN using IAM role do not work due to AWS IAM role token length being increased.

WCCP

Bug ID

Description

529685

WCCP not use the tunnel.

Web Filter

Bug ID

Description

509860

Regex case insensitivity flag is ignored in 5.6.5 and 6.0.2 when FortiGate is in proxy mode.

518433

FGT D series number of web filter profiles decreased globally.

531101

Web Filter inspection proxy mode unable to resolve hostname because website is unrated.

541539

URL filter wildcard expression not matched correctly on proxy mode.

544598

Invalid hostname return on GUI when static URL is defined.

WiFi Controller

Bug ID

Description

516067

CAPWAP traffic from non-VLAN SSID is blocked when dtls-policy=ipsec-vpn and NP6 offload are enabled.

530328

CAPWAP traffic dropped when offloaded if packets are fragmented.

532390

cwEncryptKeyRstHandler failed to generate vdom xxx key messages on FIMs.

537848

FortiGate IPsec VPN phase1-interface and phase2-interface configurations are not saved into configuration file.

537968

Region -N DFS support required for FAP-U422EV.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

452730

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2017-14186

496642

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13371

528040

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13384

529353

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13380

529377

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13379

529712

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13381

529719

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13383

529745

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13382

534592

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2019-5587

539553

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2019-5586
  • CVE-2019-5588

Resolved Issues

The following issues have been fixed in version 6.0.5. For inquires about a particular bug, please contact Customer Service & Support.

Antivirus

Bug ID

Description

519759

Process scanunit crashes in removeTransformCleanup when Outbreak prevention is enabled.

525711

FortiGate not sending email headers to FortiSandbox.

530210

Content Disarm cleans file even when it what was flagged Clean in FortiSandbox.

Data Leak Prevention

Bug ID

Description

518146

DLP incorrectly blocking .deb file extension (DLP log unclear for matches in archive files).

524910

DLP profile to block the file name pattern "*" not blocking uploaded files.

530470

DLP blocking html file categorized as bat file.

DNS Filter

Bug ID

Description

525068

No need to resolve safe search FQDN if not used.

Endpoint Control

Bug ID

Description

521645

Traffic blocked after enabling Compliance on SSL VPN interface.

525179

FortiGate fails to assign FortiClient Compliance profile based on LDAP group membership.

Firewall

Bug ID

Description

492034

Traffic not matching expected sessions and getting denied.

525995

Session marked dirty when routing table update for route which is not related to the session.

526748

Firewall policies with action DENY show Default proxy-options applied in GUI.

528464

Disappearing policy add. Also happens in 6.0.3 build 0200.

536868

A FortiGate in TP mode with set send-deny-packet enabled policy, generates strange ICMP-REPLY for TCP SYN/ICMP-REQUEST/UD.

FOC

Bug ID

Description

536520

GTP Tunnel States are not synced on subordinate unit after a reboot.

FortiView

Bug ID

Description

521497

The FortiView All Sessions real time view is missing right-click menu to end session/ban ip.

527708

Policy ID hyper link in policy view is missing.

527751

No user name on Fortiview > Sources main page

527775

FortiView logs entries do not refresh on log drill down page.

527952

FortiView > WiFi Clients > drill down > Sessions gets nothing at final drill down if device identification is disabled.

528684

FortiView > Bubble Chart cannot drill down on Firefox 63 with ReferenceError: "event is not defined".

528744

FortiView > Traffic Shaping displays data with error message if switched from other pages in custom period.

529313

FortiView > Web Sites > Web Categories drill down displays all entries in Policies tab.

529558

System Events widget shows No matching entries found when drilling down HA event.

538873

Traffic shaper info missing under Shaper column in FortiView.

539981

Unable to see Source DNS Name in FortiView.

GUI

Bug ID

Description

473148

FGT5001D Sessions widget in Dashboard show negative % for nTurbo after throughput test.

477493

GUI fails to read correct Last Used time for firewall policy.

479482

Timeout does not work properly if user moves away from FortiGate GUI.

493704

While accessing FortiGate page, browser memory usage keeps spiking and finally PC hangs.

498738

GUI creating B/W widget referencing SIT-Tunnel generates error.

509791

Editing Address Objects name within SSL-SSH inspection profile selection pane cause loss of Address/Web exemption objects.

509978

Unable to download the results of the scheduled script.

521253

LAG interface is not listed on the dropdown list when configuring DNS Service.

536841

DNS server in VPN SSL setting is overwritten when SSL-VPN settings are modified via GUI.

HA

Bug ID

Description

494900

Interface faceplate on System > HA shows inconsistent port link status with interface faceplate on Network > Interface.

513940

Enormous amount of session between heartbeat Interfaces for port 703 (HASYNC).

516234

GUI checksums show secondary is not synchronized when the primary unit is synchronized.

518717

MTU of session-sync-dev does not come into effect.

526252

High memory caused by updated daemon.

526492

FGSP between two FGCP clusters - session expectation.

526703

FGSP of FGCP cluster, does not pickup NAT'ed sessions.

529274

Factory reset box failed to sync with primary unit in multi-VDOM upgraded from 6.0.3.

530215

Application hasync *** signal 11 (Segmentation fault) received ***.

532015

High CPU on Core1 due to session sync process.

538289

Old primary unit keeps forwarding traffic after failover.

541224

Network loop over virtual-wire-pair in HA mode if running diagnose sys ha reset-uptime.

547700

HA out of sync after upgraded in multi-VDOM environment.

Intrusion Prevention

Bug ID

Description

452131

ipsengine up time on FG-51E is a negative number after changing db from extended to regular.

476219

Delay for BFD in IPinIP traffic hitting policy with IPS while IPsec calculates new key.

525398

Disabled and enabled IPS Signatures looks the same in IPS Sensor GUI.

528860

IPS archive PCAP periodically cannot capture.

IPsec VPN

Bug ID

Description

514519

OSPF neighbor can't up because IPsec tunnel interface MTU keeps changing.

518063

DPD shows unnegotiated and is not functioning correctly on ADVPN Spoke.

519187

IKE route should not be deleted if it is needed by other proxyids.

527137

Local GW disappears from GUI.

537140

KEv2 EAP - FortiGate fails to respond to IKE_AUTH when ECDSA certificate is used by ForitGate.

537450

Site-to-site VPN policy based - with DDNS destination fail to connect.

537769

FortiGate sends failure response to L2TP CHAP authentication attempt before checking it against RADIUS server.

Log & Report

Bug ID

Description

387324

Archive mark is always on under UTM logs page when log-display location set to FAZ.

521020

VPN usage duration days in local report is not correct.

528786

In Log viewer, forward traffic filter Result Accept(all)/Deny(all) does not work.

Proxy

Bug ID

Description

458057

Constant DNS query on built-in FQDN cause network congestion.

470407

IPv6-Happy-Eyeballs-Mechanism not working with proxy-based Webfilter-Profile.

491675

FTP Server is not accessible when AV profile is set to proxy based inspection.

512936

SSL certificate inspection in proxy mode doesn't use CN from Valid Certificate for categorization when SNI is not present.

516863

Webproxy learn-client-ip webfilter's auth/warn/ovrd does not work.

525518

Skype call drops when handled by WAD process after around three sec of being answered.

526667

FortiGate doesn't forward request:port command after 0 byte file transmission.

531575

Web site access failure due to OCSP check in WAD + Deep SSL inspection.

532121

WAD uses high CPU with "netlink recvmsg No buffer space available" after upgrade to 6.0.3+.

533838

WAD re-signs valid web sites with Untrusted CA certificate.

534346

WAD memory leak on OCSP certificate caching.

539452

FortiGate does not follow Authority key identifier when sending certificate chain in deep inspection.

544517

WAD process crashing and affecting HTTP/HTTPS traffic.

545964

FortiManager sends requests to FortiGate to collect proxy policy hit_count/bytes, and the response from FortiGate misses the uuid attribute.

549787

Unable to fetch the Root and Intermediate Certificate.

REST API

Bug ID

Description

523902

REST API issue: Access Token only verifies the first 30 characters.

Routing

Bug ID

Description

526008

Differences between routing table and kernel forward information. ADVPN + BGP.

527478

Proute list fill "null " application name.

528465

GRE tunnel does not come up.

529683

Upgrade from 5.6 to 6.0 causes all routes to be advertised in BGP.

531660

With VRRP use VRDST checking without default gateway.

531947

SD WAN IPsec interfaces keep failing over when link selection strategy is set to Custom-profile.

533018

Process nsm with high CPU when displaying the GUI section of IPv4 and IPv6 policy when receiving full routing of BGP.

533112

link-monitor cannot recover after the device in between reboot.

537110

BGP/BFD packets marked as CS0.

539982

Multicast failed after failover from another interface.

541072

BGPd crash.

544603

Multicast on interfaces with secondary IP addresses.

546198

SD-WAN performance SLA via GRE-Tunnel fails to set options or connect ping6 socket for monitor.

Security Fabric

Bug ID

Description

525790

Not able to connect through SSL VPN to addresses resolved by SDN dynamic objects.

SSL VPN

Bug ID

Description

493127

Connection to web server freezes when using SSL VPN web bookmark.

509333

SSL VPN to Nextcloud doesn't open.

515370

SSL VPN access denied if address object added after group object in firewall policy.

517819

Unable to load web page in SSL VPN web mode.

517859

Unable to load web page for some internal web sites in SSL VPN web mode.

518406

Unable to load WebPage through SSL VPN webmode. Some js files of xunta internal web sites have problems.

519113

SSL VPN web mode SMB connection doesn't work when enable then disable SMBCD debug.

520965

IBM QRadar page not displaying in SSL VPN web-mode.

521036

SSL VPN web mode access problem.

522987

Backup and restore the VDOM config with SSL VPN settings causes some critical flags and counter for SSL VPN to not update so SSL VPN stops working.

523450

Unable to access internal website via bookmark in SSL VPN web mode.

523647

Search result gives empty output upon accessing the URL https://ieeexplore.ieee.org via SSL VPN bookmark.

523717

Dropdown list can not get expanded through bookmarks (SSL VPN).

525375

Atlassian Confluence wiki Javascript problem via SSL VPN web mode.

527348

JavaScript script is not available when connecting using SSL VPN web mode.

527476

Update from web mode fails for SharePoint page using MS NLB.

528289

SSL VPN crashes when it receives HTTP request with header "X-Forwarded-For" because of the wrong use of sslvpn_ap_pstrcat.

529186

Problem loading reaching internal web server through SSL VPN Web bookmark when using HTTPS. Some js files of "srvdnsmgt" do not run correctly.

529512

SSL VPN user gets disconnected when load-balance-mode is measured-volume-based in SD-WAN.

530223

SSL VPN wants client certificate even when no client-cert for realm is configured.

530833

Synology NAS login page stuck after login when accessing by SSL VPN Web portal.

531827

Active cache memory leak after upgrade to 6.0.3 GA.

531848

FortiSIEM WebGUI does not load on web portal.

533008

SSL web mode is not modifying links on certain web pages.

536058

Redirected port is not entered in the URL through SSL VPN web mode.

538904

Unable to receive SSL tunnel IP address.

539187

SSL VPN random stale sessions exhausting IP pool.

546161

TX packet drops on ssl.root interface.

Switch Controller

Bug ID

Description

490447

Multiple fortilinks flapped during staging upgrade.

527521

On FortiSwitch Ports page, Display More does not work.

530237

HA cluster out-of-sync after changing port POE mode on switch-controller managed-switch settings: Double commit.

System

Bug ID

Description

370151

CPU doesn't remove dirty flag when returns session back to NP6.

466805

Adding USB Host devices to a virtual machine connected by USB to FortiGate 500D causes the units to restart in loop.

468684

EHP drop improvement for units using NP_SERVICE_MODULE.

479533

skippingBad tar header message flooding on console after rebooting box and retrieving logs.

492655

DNSproxy does not seem to update link-monitor module.

493128

bcm.user always takes nearly 70% CPU after running Nturbo over IPsec script.

496934

New feature merge: DNS Domain List.

505252

EMAC VLAN: SNMP data is incorrect.

505522

Intermittent failure of DHCP address assignment.

510973

FortiGate with disk and send logs to FAZ has PCI alerts.

511018

SSH/SSL VPN connection to external VLAN interface drop by changing unrelated interface IP or restart OSPF.

513419

High CPU on some cores of CPU & packet drops around 2-3%.

519246

ipmc_sensord process not checking sensors due to pending jobs.

519493

MCLAG: if remote side change systemID, only one port goes down, the other remains up.

521193

DNSPROXY causing high CPU usage.

524422

Merge br_6-0_sp back to 6.0 and 6.2.

525813

FortiGate managed by FortiManager intermittently going offline after rebooting FortiGate.

526646

LAG interface flaps when the member ports go up.

526771

Allow sit-tunnel to not specify the source address.

526788

Password policy forces password change even if expire-status is disabled.

527390

Kernel panic in the HA cluster with FortiGate-3800D units running FortiOS v6.0.0 build 0200

527902

TXT records are truncated in DNS replies, when FortiGate is used as DNS server.

528004

Add global log device statistics to SNMP.

529932

Primary DNS server is not queried even after 30 seconds.

531584

Kernel Panic when Fragmented Multicast Traffic received on EMAC-VLAN interface.

533556

Read-only admin account can delete IPsec SA.

534757

Device 80D reboots every 2-3 days with a kernel panic error.

535730

Memory leak after upgrade to 6.0.4.

536817

FortiGate sending DHCP offer using broadcast.

538304

Aggregate interface (four member) flapps when the third member interface goes down.

539090

Modifying FortiGate administrator password to complex ones via SSH triggers a FortiManager password change by auto-update.

539444

5001D blade rebooted on its own due to kernel panic.

542441

SNMP monitoring of the implicit deny policy not possible.

547720

FortiGate does not support DH 1024 bits as SSH server.

Upgrade

Bug ID

Description

498396

Upgrade from 5.2.13 to 5.4.9 is affected by application list global limit.

530793

config-error-log shows after upgrade from v5.6.6 to v5.6.7.

546874

Increase firewall.address tablesize for 80-90 series.

User & Device

Bug ID

Description

517702

VPN certificate CA: shows newly added entry before reboot but not after.

525648

FortiOS does not prompt for token when Access-Challenge is received - RADIUS authentication fails.

525925

Unable to login to FortiGate using Symantec 2-factor authentication.

525929

LDAPS requests fail with fnbamd stop error "Not enough bytes". LDAP works fine. Additional timeout observed.

529945

Local certificate content changes should be directly applied for the admin-server-cert sent to the client browser.

535279

FortiGate sends error user password to RADIUS server for CMCC auth user sometimes.

VM

Bug ID

Description

523125

Should handle multiple IP address failover better during HA failover.

526471

VMX: Adding a security group with ~30+ devices into the redirection policy the connection starts to experience huge delay.

540062

Kernel panic after upgrade from 5.6.7 to 5.6.8.

542794

Session size overflow on VMX causing timeout and error on NSX vMotion task.

548531

FG-AWS HA failover and SDN using IAM role do not work due to AWS IAM role token length being increased.

WCCP

Bug ID

Description

529685

WCCP not use the tunnel.

Web Filter

Bug ID

Description

509860

Regex case insensitivity flag is ignored in 5.6.5 and 6.0.2 when FortiGate is in proxy mode.

518433

FGT D series number of web filter profiles decreased globally.

531101

Web Filter inspection proxy mode unable to resolve hostname because website is unrated.

541539

URL filter wildcard expression not matched correctly on proxy mode.

544598

Invalid hostname return on GUI when static URL is defined.

WiFi Controller

Bug ID

Description

516067

CAPWAP traffic from non-VLAN SSID is blocked when dtls-policy=ipsec-vpn and NP6 offload are enabled.

530328

CAPWAP traffic dropped when offloaded if packets are fragmented.

532390

cwEncryptKeyRstHandler failed to generate vdom xxx key messages on FIMs.

537848

FortiGate IPsec VPN phase1-interface and phase2-interface configurations are not saved into configuration file.

537968

Region -N DFS support required for FAP-U422EV.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

452730

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2017-14186

496642

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13371

528040

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13384

529353

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13380

529377

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13379

529712

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13381

529719

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13383

529745

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2018-13382

534592

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2019-5587

539553

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

  • CVE-2019-5586
  • CVE-2019-5588