Resolved Issues
The following issues have been fixed in version 6.0.7. For inquires about a particular bug, please contact Customer Service & Support.
Antivirus
Bug ID |
Description |
---|---|
541023 |
Scan unit workers leave |
541577 |
FortiOS fails to upload files to FortiSandbox Cloud after upgrading the firmware from build 0804 to build 0828. |
Application Control
Bug ID |
Description |
---|---|
558380 |
Application control does not detect applications with |
Data Leak Prevention
Bug ID |
Description |
---|---|
540317 |
DLP cannot detect attached zip files when receiving emails via MAPI over HTTP. |
DNS Filter
Bug ID |
Description |
---|---|
567172 |
Enforcing safe search in 6.0.5 blocks access to Google domains. |
Explicit Proxy
Bug ID |
Description |
---|---|
504011 |
The FortiGate does not generate traffic logs for SOCKS proxy. |
542230 |
Source affinity is held in the WAD dispatcher when the user is valid in the worker process. |
543794 |
High CPU usage due to the WAD process. |
552334 |
Websites do not work with SSL deep inspection due to the OCSP validation process. |
557265 |
A browser redirect loop occurs after re-authentication when using |
560076 |
SSL deep inspection is not performed on certain sites. |
561843 |
Application control unscans the traffic forwarded to the upstream proxy. |
571034 |
Using a disclaimer causes incorrect redirection. |
589811 |
The |
Firewall
Bug ID |
Description |
---|---|
521913 |
Session timers do not update for VLAN traffic over VWP. |
524599 |
Expired session TTL timers are not reset when traffic goes through if traffic is offloaded in a TP VDOM. |
535468 |
The DCE/RPC |
545056 |
The firewall should not be evaluated when an interface bandwidth widget is added to dashboard. |
552329 |
NP6 sessions are dropped after any GUI changes. |
554329 |
The schedule policy is not activated on time. |
555287 |
VIPs should have a setting to control the SNAT behavior based on interfaces. |
560674 |
Traffic to IP address configured in |
570468 |
The FortiGate randomly does not process some NAT64 packets. |
571022 |
SNAT before encryption in policy-based VPNs for local traffic occurs after upgrading from 5.6.8 to 6.0.5. |
FortiView
Bug ID |
Description |
---|---|
539589 |
The |
541174 |
In FortiView > Web Sites, all categories are shown as Unrated (未分類) in Japanese. |
553627 |
FortiView pages cannot load and present a "Failed to retrieve FortiView data" message. |
GUI
Bug ID |
Description |
---|---|
438298 |
When VDOMs are enabled, the interface faceplate should only show data for interfaces being managed by the admin. |
479692 |
The GUI displays the error "Image file doesn't match platform" when the user uploads the correct image. |
487285 |
The Monitor > FortiGuard Quota > View category usage quota information displays "No matching entries found" for the local category. |
512696 |
The Unrated category in Web Rating Overrides is translated incorrectly. |
537307 |
"Failed to retrieve info" message appears for |
537550 |
HTTPSD causes high CPU usage when accessing Network > Interfaces. |
543637 |
Unable to filter policies by multiple IDs. |
545074 |
Unable to log in into FortiOS with YubiKey. The CLI works as expected. |
548076 |
FortiGateCloud cannot restore the configuration on the FortiGate. |
548775 |
Cannot continue to configure the same column for different ports in WiFi & Switch Controller > FortiSwitch Ports unless the page is refreshed. |
550098 |
An HTTP 400 error occurs when trying to activate FortiGate Cloud via the GUI. |
552038 |
The routing monitor network filter does not filter subnets after upgrading. |
552292 |
An HTTP 500 error occurs when trying to add a custom device into a custom device group. |
553290 |
The tooltip for VLAN interfaces displays as "Failed to retrieve info". |
564601 |
When using the GUI in USG mode, the license requirement to upload FortiGuard packages should be removed. |
573579 |
Editing policies inline can result in previously selected policies being changed. |
577112 |
When hovering over a Security Fabric name, a "Failed to retrieve info" message appears. |
HA
Bug ID |
Description |
---|---|
504156 |
Traffic is interrupted during an uninterruptible upgrade due to a down monitored port on the secondary unit. |
518964 |
The FortiGate slows down when adding or removing member from the address group via SSH. |
519266 |
HA does not failover when the ping server goes down a second time. |
538512 |
The |
539707 |
The ping server status is incorrect after failover in the output for |
543602 |
An unnecessary syncing process starts during upgrading when the upgrading takes longer. |
545371 |
If the FortiGate sets two ping servers, there are dual primary units. |
546714 |
GARP packets are outputted even though the GARP setting is disabled. |
547367 |
The secondary unit cannot be synchronized from scratch in 6.0.4 with 500 VDOMs because duplicate global profiles are created. |
548695 |
The FortiGate primary unit does not send all system events. |
553231 |
Moving VDOMs between virtual clusters causes the cluster to go out of sync. |
554187 |
The HA secondary unit got and uncertified firmware signature after an image upgrade from the primary unit. |
555056 |
Enabling two-factor authentication for a virtual cluster in the GUI overwrites the sync from the secondary unit to primary unit. |
555998 |
Load balanced (A-A) secondary unit sessions do not forward traffic after the session is dirtied when installing a policy from FortiManager. |
556057 |
|
574564 |
In an HA configuration with HA uninterruptible upgrade enabled, some signature database files may fail to synchronize when upgrading from previous versions. |
581906 |
An HA secondary unit sends out GARP packets 16-20 seconds after the HA monitored interface fails. |
ICAP
Bug ID |
Description |
---|---|
541423 |
After any configuration change is applied to the FortiGate, the Symantec ICAP server rejects connections due to many connections. |
Intrusion Prevention
Bug ID |
Description |
---|---|
545823 |
Creating and editing a DoS policy takes a long time. The GUI hangs up or displays an "Error 500: Internal Server Error". |
556538 |
Enabling IPS on IPv4 policies impacts HTTPS traffic over the site-to-site VPN using PPoE for internal servers. |
IPsec VPN
Bug ID |
Description |
---|---|
509559 |
An invalid ESP packet is detected (replayed packet) when there is a high load on the IPsce tunnel. |
515132 |
The ADVPN shortcut is continuously flapping. |
522727 |
Dialup IPsec hardware acceleration drops. |
534444 |
Unable to delete IPsec VPN tunnel phase1 interface configuration, even though there is no reference. |
537450 |
Site-to-Site VPN policies (policy-based) with a DDNS destination fails to connect. |
553759 |
ESP packets are sent to the wrong MAC after a routing change when IPsec SA is offloaded. |
558693 |
FW-90D VPN becomes unresponsive after changing the VPN DDNS monitor settings. |
564237 |
SD-WAN interface bibandwidth is incorrect if it has recursive parents or if the parent has an estimated bandwidth set. |
571209 |
Traffic over the VLAN subinterface is pushed through the IPsec policy based on the VPN interface. |
582251 |
Peer ID validation does not work when IKEv2 EAP authentication is enabled. |
Log & Report
Bug ID |
Description |
---|---|
540157 |
Cannot view logs from the FortiGate when secondary the IP is used (only the secondary IP is allowed to go to the internet on upstream). |
548038 |
An infinite loop seems to happen in |
552168 |
IPS archive pcap usage cannot be cleared after deleting the IPS log and actual pcap files. |
558702 |
The main |
560617 |
FortiGate logging is not stable; logs fail or do not stay in the queue. |
562866 |
FortiOS 6.0.4/6.0.5 |
565216 |
|
566843 |
No log is generated when traffic is blocked by setting |
568795 |
The specific traffic type is not logged in the FortiAnalyzer memory. |
Proxy
Bug ID |
Description |
---|---|
513470 |
WAD crashes on |
529792 |
WAD process crash occurs with signal 11. |
537183 |
Removing the default |
540067 |
Wildcard addresses are removed from the SSL deep inspection exempt list after upgrading from 5.6.* to 6.0.4. |
540368 |
When upgrading from 5.6.* to 6.0.*, the normal FQDNs get removed from the mixed FQDN group (normal and wildcard) from the SSL profile. |
542189 |
An AV profile in proxy mode with |
547426 |
WAD daemon crashes when upgrading to 6.2.0 build 0860. |
549660 |
WAD crash occurs with signal 11. |
557259 |
A FortiGate using an AV profile in proxy mode with server comfort options enabled sends the same request to the server twice. |
559166 |
With firmware 6.0.5, WAD CPU usage on all cores reaches 100% in about 30 seconds. |
562610 |
The FortiGate generate a WAD crash |
563154 |
Unable to open a webpage via explicit proxy when deep inspection and the web filter profile are enabled. |
567796 |
WAD constantly crashes every few seconds. |
572489 |
The SSL handshake sometimes fails due to the FortiGate replying "FIN" to the client. |
574730 |
The wildcard URL filter stops working after upgrading. |
Routing
Bug ID |
Description |
---|---|
499330 |
OSPF MD5 authentication errors occur. |
503686 |
|
536986 |
IPv6 routing fails to choose the lower priority route when the output interface is specified. |
537054 |
The IPsec interface internet service router cannot work normally. |
540682 |
SD-WAN sends traffic to interfaces with a volume ratio set to 0. |
551492 |
BGP neighbors are lost on configuration changes (large configuration file). |
552350 |
BFD peers are down and not seen (over BGP up). |
557787 |
Although the routing table was changed in the IPv6 network, the offloaded communication stopped. |
565661 |
SD-WAN interface bandwidth not honoring its parent's interface estimated bandwidth. |
567497 |
The FortiGate sends PIM register messages to RP for group 64.0.0.0 about non-existent sources. |
573789 |
OSPF with virtual clustering is not learning routes. |
578623 |
The memory gradually increases with a full BGP table. |
SSL VPN
Bug ID |
Description |
---|---|
481038 |
Web application does not load through the SSL VPN portal. |
489110 |
SSL VPN web mode fails to access the Angular 5 application. |
491733 |
When the SSL VPN receives multiple https post request under web filter, there
is a loop of |
496584 |
Wrong password attempts cause excessive bind requests against LDAP and lock out accounts. |
509333 |
Nextcloud does not open in SSL VPN web mode. |
513572 |
FortiGate does not send framed IP address attribute in RADIUS accounting packet. |
513655 |
SMB/CIFS bookmark in the SSL VPN portal does not work with the |
515889 |
SSL VPN web mode has trouble loading the internal web application. |
527476 |
Web mode update fails for SharePoint pages using MS NLB. |
530509 |
"Invalid HTTP Request" when an SMB via SSL VPN bookmark is executed with MS Server 2016, but does work with MS server 2008R2. |
534728 |
Unable to get the dropdown menu from the internal server via SSL VPN web mode connection. |
535739 |
SSL VPN bookmarks fail with JavaScript error. |
539207 |
Unable to get to http://spiceworks.int.efwnow.com:9750/tickets/v2#open_tickets via the SSL VPN bookmark. |
539948 |
Unable to load webpage in SSL VPN web mode. |
540328 |
When trying to access an internal server with SSL VPN web mode, the browser displays an "ERR_EMPTY_RESPONSE" message. |
542480 |
The internal server script gets stuck loading when a page is accessed over the SSL VPN web portal. |
542706 |
When authenticating a user with local entry (local or remote authentication), there is no information available about the groups in which the user belongs to, so user-based policies are applied. |
545177 |
Web mode fails on SharePoint pages. |
546187 |
SSL VPN login authentication times out if the primary RADIUS server is unavailable. |
546748 |
Cannot log in to an internal server through SSL VPN web mode. |
547069 |
Customer's application is not displayed correctly in SSL VPN web mode. |
551535 |
HTTP 302 redirection is not parsed by the SSL VPN proxy (web mode/bookmark). |
552018 |
JavaScript errors occur when accessing internal websites in web mode. |
554821 |
Display problems occur with web mode access in FortiOS 6.2.0 and 6.0.4. |
555983 |
The internal web potal replies with "HTTP 404 Not Found" when accessed via the SSL VPN web portal bookmark. |
556657 |
Internal websites not working through SSL VPN web mode. |
559790 |
SSL VPN web mode is not proxying internal websites correctly. |
559932 |
Customer unable to load website through SSL VPN web mode. |
563147 |
The connection to internal portal freezes when using an SSL VPN web bookmark. |
567182 |
Videos on internal website do not display in web mode. |
567987 |
RDP disconnects in web mode when copying long text from remote to local. |
569030 |
SSL VPN tunnel mode can only add split tunneling to a user policy with groups and users in different SSL VPN policies. |
573527 |
SSL web portal CSP v3 compatibility issue. |
575248 |
Synology DSM log in page is not displayed when accessed via an SSL VPN bookmark or connection tool. |
575259 |
SSL VPN connection is being dropped intermittently. |
578581 |
Web mode portal freezes when opening some websites using JavaScript. |
Switch Controller
Bug ID |
Description |
---|---|
545331 |
FortiSwitch object cannot be created through FortiManager, but can be created in the FortiOS CLI. |
549770 |
FortiSwitch |
555366 |
FortiGate is not pushing the |
586299 |
Adding a factory reset device to HA fails with the switch-controller.qos settings in root. |
System
Bug ID |
Description |
---|---|
470875 |
OID seems to COUNTER32 instead of GAUGE32. |
484749 |
TCP traffic with the ECN bit cannot pass through the IP tunnel with NP6 offload enabled. |
493843 |
SNMPD debug messages reveal source code function names. |
502387 |
X.509 certificate support required for the FGFM protocol. |
511529 |
|
514676 |
On a multi-processor platform, fragment evictor can run on multiple CPUs, which will result in multiple CPUs competing for locks. |
515735 |
DHCP proxy functionality issue over IPsec with IKEv1 and IKEv2. |
518655 |
IPv6 does not respond to neighbor solicitation requests. |
527124 |
CRL download fails with the error message "Operation now in progress". |
533214 |
After executing a shutdown, FG-90E keeps responding to ICMP requests. |
535055 |
When adding more than seven VPN tunnels to the SD-WAN, PPoE default routes disappear. |
537571 |
IPS/AV is not forwarding return traffic back to clients. |
537989 |
Kernel static route is randomly lost. |
539916 |
TCP SYN+ACK is not forwarded under a specific condition. |
539970 |
Kernel panic on HA pair of FG-301Es. |
541243 |
DHCP option doesnot include all NTP servers. |
541527 |
Changing the order of VDOMs in system admin when connected with TACACS+ wildcard admin is not propagated to other blades. |
543054 |
Setting |
544570 |
Primary unit does not send the SNMP trap for all SNMP servers when the cable is plugged out from the LAG-configured interface. |
544828 |
FG-301E consumes high memory even when there is no traffic. |
545717 |
Huawei E173u-2 USB modem not working on FG-60E. |
546746 |
Cannot lease DHCP address over IPsec for dialup FortiClient users. |
548553 |
VDOM restore has configuration loss when interfaces have subnet overlap. |
550433 |
/tmp/fcp_rt_dump file lost some IPsec VPN router information after modifying the IPsec VPN static router setting. |
553262 |
TCP connections through IPsec (bound to loopback) do not work when IPS offload is enabled to NTurbo. |
553609 |
In FortiOS 6.2.0 FortiExplorer management via a USB connection, it takes a very long for the device to show up. |
554099 |
Cannot poll SNMP v3 statistics for BGP when |
555992 |
Changes to per-IP shaper settings are not reflected on offloaded sessions. |
557798 |
High memory utilization caused by |
560411 |
FG-3980E unresponsive with millions of sessions in TIME_WAIT. |
560686 |
4x10G port does not work on FG-3700D. |
561097 |
SD-WAN rule corrupted upon rebooting after ISDB update. |
561409 |
Current secondary unit interface of redundant interface does not change according to member settings. |
561929 |
REST API |
563497 |
The |
565291 |
SD-WAN rule does not work with nested firewall address group when it is selected as a source or destination. |
565631 |
DHCP relay sessions are removed from the session table after applying any configuration change. |
567487 |
CPU usage goes to 100% when modifying members of an |
570575 |
PoE ports no longer deliver PoE power. |
570759 |
RX/TX counters for VLAN interfaces based on the LACP interface are 0. |
574110 |
When adding an admin down interface as a member of an aggregate interface, it shows as up and processes traffic. |
577047 |
FortiGate takes a long time to reboot when it has a very large amount of firewall addresses used in a large amount of policies. |
578259 |
VLANs over the LAG interface show no TX/RX statistics. |
578746 |
FortiGate does not accept country code created in FortiManager and causes address install fails. |
577955 |
LTE modem drops with crash log when IPsec tunnel is brought up. |
Upgrade
Bug ID |
Description |
---|---|
558995 |
L2 WCCP stops working after upgrading to FortiOS 6.0.3 or later. |
562444 |
The firewall policy with |
User & Device
Bug ID |
Description |
---|---|
516403 |
FSSO established sessions are not re-evaluated when an user is removed from an Active Directory group. |
518129 |
FSSO failover is not graceful. |
538218 |
Mobile token authentication fails in a virtual cluster on the physical secondary unit. |
538407 |
FortiOS does not allow a source IP to be set for mobile token activation |
538666 |
FortiToken assignment on a virtual cluster VDOM primary unit on a physical secondary unit causes configuration mismatch and physical primary unit overwrites. |
546600 |
Cannot set certificate under |
548460 |
|
550512 |
Wireless roaming causing the undesirable removal of RSSO sessions. |
558332 |
CoA from FortiAuthenticator is not working for a wired interface-based captive portal. |
560360 |
Both authenticated and unauthenticated sessions are cleared when authentication times out. |
561289 |
User-based Kerberos authentication is not working in new VDOMs. |
562185 |
Disclaimer redirection to IP instead of FQDN, resulting in an SSL certificate warning. |
572271 |
MAC host updates cause the sessions to be marked as dirty. |
VM
Bug ID |
Description |
---|---|
505520 |
VMX does not sync the contract information from SVM. |
541531 |
VMX 6.0.4 Service Manager is not automatically updated with the NSX dynamic security groups. |
545533 |
The default MTU of 65521 results in packet drops. |
559051 |
Azure waagent process is consuming high memory. |
567137 |
VM in Oracle cloud has 100% CPU usage in the system space. |
579948 |
New FGCP primary unit does not update AWS route tables to reference the correct ENI. |
VoIP
Bug ID |
Description |
---|---|
570430 |
SIP ALG generated a VoIP session with the wrong direction. |
WAN Optimization
Bug ID |
Description |
---|---|
542047 |
Cannot create new directory on the FTP server with |
564290 |
FortiOS cannot collaborate web cache with FortiProxy successfully. |
Web Filter
Bug ID |
Description |
---|---|
551956 |
Proxy web filtering blocks innocent sites due to |
565952 |
Proxy-based web filter breaks the WCCP traffic. |
WiFi Controller
Bug ID |
Description |
---|---|
529931 |
Wireless MAC address filtering stopps working after upgrading from 5.6.6 to 6.0.3. |
556022 |
WiFi certificate settings become empty and eap_proxy stops after deleting the CA bundle package and rebooting the FortiGate. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE references |
---|---|
395544 |
FortiOS 6.0.7 is no longer vulnerable to the following CVE Reference:
|
532730 |
FortiOS 6.0.7 is no longer vulnerable to the following CVE Reference:
|
548154 |
FortiOS 6.0.7 is no longer vulnerable to the following CVE References:
|
567521 |
FortiOS 6.0.7 is no longer vulnerable to the following CVE Reference:
|
578626 |
FortiOS 6.0.7 is no longer vulnerable to the following CVE Reference:
|
582569 |
FortiOS 6.0.7 is no longer vulnerable to the following CVE Reference:
|