Scan unit workers leave urlfilter API socket files behind in /tmp.

The FortiGate does not generate traffic logs for SOCKS proxy.

Source affinity is held in the WAD dispatcher when the user is valid in the worker process.

High CPU usage due to the WAD process.

Websites do not work with SSL deep inspection due to the OCSP validation process.

A browser redirect loop occurs after re-authentication when using proxy-re-authentication-mode absolute.

SSL deep inspection is not performed on certain sites.

Application control unscans the traffic forwarded to the upstream proxy.

Using a disclaimer causes incorrect redirection.

Session timers do not update for VLAN traffic over VWP.

Expired session TTL timers are not reset when traffic goes through if traffic is offloaded in a TP VDOM.

The DCE/RPC session-helper expectation session is removed unexpectedly.

The firewall should not be evaluated when an interface bandwidth widget is added to dashboard.

NP6 sessions are dropped after any GUI changes.

The schedule policy is not activated on time.

VIPs should have a setting to control the SNAT behavior based on interfaces.

Traffic to IP address configured in internet-service-custom is denied.

The FortiGate randomly does not process some NAT64 packets.

The appFlag is not updated after the cloud application database is updated.

In FortiView > Web Sites, all categories are shown as Unrated (未分類) in Japanese.

When VDOMs are enabled, the interface faceplate should only show data for interfaces being managed by the admin.

The GUI displays the error "Image file doesn't match platform" when the user uploads the correct image.

The Monitor > FortiGuard Quota > View category usage quota information displays "No matching entries found" for the local category.

The Unrated category in Web Rating Overrides is translated incorrectly.

"Failed to retrieve info" message appears for ha-mgmt-interface in Network > Interfaces.

HTTPSD causes high CPU usage when accessing Network > Interfaces.

Unable to filter policies by multiple IDs.

Unable to log in into FortiOS with YubiKey. The CLI works as expected.

FortiGateCloud cannot restore the configuration on the FortiGate.

Cannot continue to configure the same column for different ports in WiFi & Switch Controller > FortiSwitch Ports unless the page is refreshed.

An HTTP 400 error occurs when trying to activate FortiGate Cloud via the GUI.

The routing monitor network filter does not filter subnets after upgrading.

An HTTP 500 error occurs when trying to add a custom device into a custom device group.

The tooltip for VLAN interfaces displays as "Failed to retrieve info".

When using the GUI in USG mode, the license requirement to upload FortiGuard packages should be removed.

Editing policies inline can result in previously selected policies being changed.

Traffic is interrupted during an uninterruptible upgrade due to a down monitored port on the secondary unit.

The FortiGate slows down when adding or removing member from the address group via SSH.

HA does not failover when the ping server goes down a second time.

The ha-direct option does not affect the OCSP connection when the source IP is set.

The ping server status is incorrect after failover in the output for get sys ha status.

An unnecessary syncing process starts during upgrading when the upgrading takes longer.

If the FortiGate sets two ping servers, there are dual primary units.

GARP packets are outputted even though the GARP setting is disabled.

The secondary unit cannot be synchronized from scratch in 6.0.4 with 500 VDOMs because duplicate global profiles are created.

The FortiGate primary unit does not send all system events.

Moving VDOMs between virtual clusters causes the cluster to go out of sync.

The HA secondary unit got and uncertified firmware signature after an image upgrade from the primary unit.

Enabling two-factor authentication for a virtual cluster in the GUI overwrites the sync from the secondary unit to primary unit.

Load balanced (A-A) secondary unit sessions do not forward traffic after the session is dirtied when installing a policy from FortiManager.

standalone-config-sync shows members out of sync when there are four members.

In an HA configuration with HA uninterruptible upgrade enabled, some signature database files may fail to synchronize when upgrading from previous versions.

Creating and editing a DoS policy takes a long time. The GUI hangs up or displays an "Error 500: Internal Server Error".

An invalid ESP packet is detected (replayed packet) when there is a high load on the IPsce tunnel.

The ADVPN shortcut is continuously flapping.

Dialup IPsec hardware acceleration drops.

Unable to delete IPsec VPN tunnel phase1 interface configuration, even though there is no reference.

Site-to-Site VPN policies (policy-based) with a DDNS destination fails to connect.

ESP packets are sent to the wrong MAC after a routing change when IPsec SA is offloaded.

FW-90D VPN becomes unresponsive after changing the VPN DDNS monitor settings.

SD-WAN interface bibandwidth is incorrect if it has recursive parents or if the parent has an estimated bandwidth set.

Traffic over the VLAN subinterface is pushed through the IPsec policy based on the VPN interface.

Cannot view logs from the FortiGate when secondary the IP is used (only the secondary IP is allowed to go to the internet on upstream).

An infinite loop seems to happen in miglogd.

IPS archive pcap usage cannot be cleared after deleting the IPS log and actual pcap files.

The main miglogd does not work until sysctl killall miglogd. Rebooting the device does not help.

FortiGate logging is not stable; logs fail or do not stay in the queue.

FortiOS 6.0.4/6.0.5 reportd crashes, possibly causing the FortiGate to go into conserve mode.

miglogd memory increases and enters conserve mode.

No log is generated when traffic is blocked by setting tunnel-non-http in webproxy.

WAD crashes on wad_http_client_notify_scan_result.isra.XXX.

WAD process crash occurs with signal 11.

Removing the default ssl-exempt setting causes the entries page to be empty.

Wildcard addresses are removed from the SSL deep inspection exempt list after upgrading from 5.6.* to 6.0.4.

When upgrading from 5.6.* to 6.0.*, the normal FQDNs get removed from the mixed FQDN group (normal and wildcard) from the SSL profile.

An AV profile in proxy mode with inspect-all enabled causes a timeout when accessing some sites.

WAD daemon crashes when upgrading to 6.2.0 build 0860.

WAD crash occurs with signal 11.

A FortiGate using an AV profile in proxy mode with server comfort options enabled sends the same request to the server twice.

With firmware 6.0.5, WAD CPU usage on all cores reaches 100% in about 30 seconds.

The FortiGate generate a WAD crash wad_mem_malloc.

Unable to open a webpage via explicit proxy when deep inspection and the web filter profile are enabled.

WAD constantly crashes every few seconds.

The SSL handshake sometimes fails due to the FortiGate replying "FIN" to the client.

OSPF MD5 authentication errors occur.

application pdmd crash found.

IPv6 routing fails to choose the lower priority route when the output interface is specified.

The IPsec interface internet service router cannot work normally.

SD-WAN sends traffic to interfaces with a volume ratio set to 0.

BGP neighbors are lost on configuration changes (large configuration file).

BFD peers are down and not seen (over BGP up).

Although the routing table was changed in the IPv6 network, the offloaded communication stopped.

SD-WAN interface bandwidth not honoring its parent's interface estimated bandwidth.

The FortiGate sends PIM register messages to RP for group 64.0.0.0 about non-existent sources.

OSPF with virtual clustering is not learning routes.

Web application does not load through the SSL VPN portal.

SSL VPN web mode fails to access the Angular 5 application.

When the SSL VPN receives multiple https post request under web filter, there is a loop of read_request_data_f even when the client stops, causing the SSL VPN process to use 99% of the CPU.

Wrong password attempts cause excessive bind requests against LDAP and lock out accounts.

Nextcloud does not open in SSL VPN web mode.

FortiGate does not send framed IP address attribute in RADIUS accounting packet.

SMB/CIFS bookmark in the SSL VPN portal does not work with the username variable; the return error is “Invalid HTTP request”.

SSL VPN web mode has trouble loading the internal web application.

Web mode update fails for SharePoint pages using MS NLB.

"Invalid HTTP Request" when an SMB via SSL VPN bookmark is executed with MS Server 2016, but does work with MS server 2008R2.

Unable to get the dropdown menu from the internal server via SSL VPN web mode connection.

SSL VPN bookmarks fail with JavaScript error.

Unable to get to http://spiceworks.int.efwnow.com:9750/tickets/v2#open_tickets via the SSL VPN bookmark.

Unable to load webpage in SSL VPN web mode.

When trying to access an internal server with SSL VPN web mode, the browser displays an "ERR_EMPTY_RESPONSE" message.

The internal server script gets stuck loading when a page is accessed over the SSL VPN web portal.

When authenticating a user with local entry (local or remote authentication), there is no information available about the groups in which the user belongs to, so user-based policies are applied.

Web mode fails on SharePoint pages.

SSL VPN login authentication times out if the primary RADIUS server is unavailable.

Cannot log in to an internal server through SSL VPN web mode.

Customer's application is not displayed correctly in SSL VPN web mode.

HTTP 302 redirection is not parsed by the SSL VPN proxy (web mode/bookmark).

JavaScript errors occur when accessing internal websites in web mode.

Display problems occur with web mode access in FortiOS 6.2.0 and 6.0.4.

The internal web potal replies with "HTTP 404 Not Found" when accessed via the SSL VPN web portal bookmark.

Internal websites not working through SSL VPN web mode.

SSL VPN web mode is not proxying internal websites correctly.

Customer unable to load website through SSL VPN web mode.

The connection to internal portal freezes when using an SSL VPN web bookmark.

Videos on internal website do not display in web mode.

RDP disconnects in web mode when copying long text from remote to local.

SSL VPN tunnel mode can only add split tunneling to a user policy with groups and users in different SSL VPN policies.

SSL web portal CSP v3 compatibility issue.

Synology DSM log in page is not displayed when accessed via an SSL VPN bookmark or connection tool.

SSL VPN connection is being dropped intermittently.

FortiSwitch object cannot be created through FortiManager, but can be created in the FortiOS CLI.

FortiSwitch export-to commands do not sync, causing an HA sync problem.

FortiGate is not pushing the trunk/lldp-profile configuration to FortiSwitch when there is a space in the entry name.

OID seems to COUNTER32 instead of GAUGE32.

TCP traffic with the ECN bit cannot pass through the IP tunnel with NP6 offload enabled.

SNMPD debug messages reveal source code function names.

X.509 certificate support required for the FGFM protocol.

vdom-property limits error occurs after upgrading from 5.4.6 to 5.6.3.

On a multi-processor platform, fragment evictor can run on multiple CPUs, which will result in multiple CPUs competing for locks.

DHCP proxy functionality issue over IPsec with IKEv1 and IKEv2.

IPv6 does not respond to neighbor solicitation requests.

CRL download fails with the error message "Operation now in progress".

After executing a shutdown, FG-90E keeps responding to ICMP requests.

When adding more than seven VPN tunnels to the SD-WAN, PPoE default routes disappear.

IPS/AV is not forwarding return traffic back to clients.

Kernel static route is randomly lost.

TCP SYN+ACK is not forwarded under a specific condition.

Kernel panic on HA pair of FG-301Es.

DHCP option doesnot include all NTP servers.

Changing the order of VDOMs in system admin when connected with TACACS+ wildcard admin is not propagated to other blades.

Setting alias or changing allowed access to the aggregate link will move the from state down to up for few seconds.

Primary unit does not send the SNMP trap for all SNMP servers when the cable is plugged out from the LAG-configured interface.

FG-301E consumes high memory even when there is no traffic.

Huawei E173u-2 USB modem not working on FG-60E.

Cannot lease DHCP address over IPsec for dialup FortiClient users.

VDOM restore has configuration loss when interfaces have subnet overlap.

/tmp/fcp_rt_dump file lost some IPsec VPN router information after modifying the IPsec VPN static router setting.

TCP connections through IPsec (bound to loopback) do not work when IPS offload is enabled to NTurbo.

In FortiOS 6.2.0 FortiExplorer management via a USB connection, it takes a very long for the device to show up.

Cannot poll SNMP v3 statistics for BGP when ha-direct is enabled under snmp user.

Changes to per-IP shaper settings are not reflected on offloaded sessions.

High memory utilization caused by authd and wad process.

FG-3980E unresponsive with millions of sessions in TIME_WAIT.

4x10G port does not work on FG-3700D.

SD-WAN rule corrupted upon rebooting after ISDB update.

Current secondary unit interface of redundant interface does not change according to member settings.

REST API cmdb/router/aspath-list is not inserting new values.

The trust-ip-x feature for interfaces does not work.

SD-WAN rule does not work with nested firewall address group when it is selected as a source or destination.

DHCP relay sessions are removed from the session table after applying any configuration change.

CPU usage goes to 100% when modifying members of an addrgrp object.

PoE ports no longer deliver PoE power.

RX/TX counters for VLAN interfaces based on the LACP interface are 0.

When adding an admin down interface as a member of an aggregate interface, it shows as up and processes traffic.

FortiGate takes a long time to reboot when it has a very large amount of firewall addresses used in a large amount of policies.

VLANs over the LAG interface show no TX/RX statistics.

FortiGate does not accept country code created in FortiManager and causes address install fails.

L2 WCCP stops working after upgrading to FortiOS 6.0.3 or later.

FSSO established sessions are not re-evaluated when an user is removed from an Active Directory group.

FSSO failover is not graceful.

Mobile token authentication fails in a virtual cluster on the physical secondary unit.

FortiOS does not allow a source IP to be set for mobile token activation

FortiToken assignment on a virtual cluster VDOM primary unit on a physical secondary unit causes configuration mismatch and physical primary unit overwrites.

Cannot set certificate under config certificate local.

set device-identification disable reverts to default after restoring the VDOM.

Wireless roaming causing the undesirable removal of RSSO sessions.

CoA from FortiAuthenticator is not working for a wired interface-based captive portal.

Both authenticated and unauthenticated sessions are cleared when authentication times out.

User-based Kerberos authentication is not working in new VDOMs.

Disclaimer redirection to IP instead of FQDN, resulting in an SSL certificate warning.

VMX does not sync the contract information from SVM.

VMX 6.0.4 Service Manager is not automatically updated with the NSX dynamic security groups.

The default MTU of 65521 results in packet drops.

Azure waagent process is consuming high memory.

VM in Oracle cloud has 100% CPU usage in the system space.

Cannot create new directory on the FTP server with mkdir from an FTP client through a WAN optimization tunnel.

Proxy web filtering blocks innocent sites due to urlsource="FortiSandBox Block".

Wireless MAC address filtering stopps working after upgrading from 5.6.6 to 6.0.3.

FortiOS 6.0.7 is no longer vulnerable to the following CVE Reference:

• CVE-2017-17544

FortiOS 6.0.7 is no longer vulnerable to the following CVE Reference:

• CVE-2019-6693

FortiOS 6.0.7 is no longer vulnerable to the following CVE References:

• CVE-2019-3855
• CVE-2019-3856
• CVE-2019-3857
• CVE-2019-3858
• CVE-2019-3859
• CVE-2019-3860
• CVE-2019-3861
• CVE-2019-3862
• CVE-2019-3863

FortiOS 6.0.7 is no longer vulnerable to the following CVE Reference:

• CVE-2019-6697

FortiOS 6.0.7 is no longer vulnerable to the following CVE Reference:

• CVE-2019-15705