Resolved Issues
The following issues have been fixed in version 6.0.9. For inquires about a particular bug, please contact Customer Service & Support.
Data Leak Prevention
Bug ID |
Description |
---|---|
591178 |
WAD fails to determine the correct file name when downloading a file from Nextcloud. |
DNS Filter
Bug ID |
Description |
---|---|
561297 |
DNS filtering does not perform well on the zone transfer when a large DNS zone's AXFR response consists of one or more messages. |
563441 |
7K DNS filter breaking DNS zone transfer. |
Explicit Proxy
Bug ID |
Description |
---|---|
578098 |
Unwanted traffic log generated for firewall policy with web filter profile as |
594598 |
Enabling proxy policies (+400) increases memory by 30% and up to 80% total. |
Firewall
Bug ID |
Description |
---|---|
535303 |
Address page takes more than 15 seconds to load with certain configurations. |
FortiView
Bug ID |
Description |
---|---|
542154 |
Custom admin is unable to load FortiView when VDOMs or FortiCloud logging are enabled. |
556178 |
FortiView > Sources historical view sometimes cannot retrieve data from FortiCloud. |
603344 |
Sources and Destinations realtime pages cannot load due to [object Object] JavaScript error. |
GUI
Bug ID |
Description |
---|---|
486230 |
GUI on FG-3800D with 5.6.3 is very slow for configurations with numerous policies. |
493704 |
While accessing the FortiGate page, PC browser memory usage keeps spiking and finally PC hangs. |
543260 |
When modifying the g-default web filter, access denied error message appears. |
545443 |
GUI is slow in FG-300D, FG-500D, FG-600D, FG-1000D, and FG-1200D with a high number of firewall policies. |
546580 |
Should not be able to unset user or user group on an SSL VPN policy when inline editing the source column in the policy list. |
556397 |
IP pools in SSL VPN settings are overwritten when SSL VPN settings are modified in the GUI. |
559866 |
When sending CSF proxied request, segfault happens (httpsd crashes) if FortiExplorer accesses root FortiGate via the management tunnel. |
575592 |
IP pool and tunnel mode settings in |
593624 |
GUI behavior is different with local user using super admin profile and TACACS user using super admin profile. |
605493 |
Admin cannot log in to FortiGate GUI. |
HA
Bug ID |
Description |
---|---|
523582 |
|
530215 |
|
557277 |
FGSP configured with |
560107 |
Cluster upgrade from 5.6.7 build 1653 to SB 5.6.8 build 3667 takes longer than normal. |
576638 |
HA cluster GUI change does not send logs to the secondary device immediately. |
585348 |
|
Intrusion Prevention
Bug ID |
Description |
---|---|
567923 |
Receiving IPS engine application crash messages. |
601944 |
IPS engine 4.045 (FG-2000E with FOS 6.0.6) signal 14 crash occurred. |
IPsec VPN
Bug ID |
Description |
---|---|
550333 |
In an ADVPN spoke with one interface connecting to two hubs, the shortcut created on receiver side matches to the wrong phase 1. |
575477 |
IKED memory leak. |
589096 |
In IPsec after HA failover, performance regression and IKESAs are lost. |
Log & Report
Bug ID |
Description |
---|---|
493886 |
|
527991 |
Add CLI setting to configure timeout value when connecting to FortiGate Cloud. Enable |
565505 |
|
586038 |
FortiOS 6.0.6 reports too long VPN tunnel durations in local report. |
596278 |
|
596398 |
|
599860 |
When |
Proxy
Bug ID |
Description |
---|---|
525328 |
External resource does not support no content length. |
566859 |
In WAD conserve mode 5.6.8, |
573028 |
WAD crash causing traffic interruption. |
579400 |
High CPU with |
REST API
Bug ID |
Description |
---|---|
587470 |
REST API to support revision flag. |
Routing
Bug ID |
Description |
---|---|
581488 |
BGP Confederation router sending incorrect AS to neighbor group routers. |
584394 |
VRRP on LAG cannot forward packet after |
587198 |
After failover/recovery of link, E2 route with non-zero forward address recurses to itself as a next hope. |
592599 |
FortiGate sends malformed OSPFv3 LSAReq/LSAck packets on interfaces with MTU = 9k. |
595937 |
PPPoE interface bandwidth is mistakenly calculated as 0 in SD-WAN. |
598665 |
BGP route is in routing table but not in FIB (kernel routing table). |
Security Fabric
Bug ID |
Description |
---|---|
583107 |
The Access Layer Quarantine action is not propagated to the downstream device in Security Fabric > Automation. |
587758 |
Invalid CIDR format shows as valid by the Security Fabric threat feed. |
588262 |
IP address Threat Feed Fabric connector not working. |
SSL VPN
Bug ID |
Description |
---|---|
546280 |
Internal website (confluence.1wa.local) not loading all elements with SSL VPN web mode (it works fine internally). |
559785 |
FortiMail login page with SSL VPN portal not displaying correctly. |
561585 |
SSL VPN does not show correctly in the Windows Admin Center application. |
571005 |
NextCloud through SSL VPN behaving strangely. |
580182 |
The EOASIS website is not displayed properly using SSL VPN web mode. |
586032 |
Unable to download report from an internal server via SSL VPN web mode connection. |
599668 |
In SSL VPN web mode, page keeps loading after user authenticates into internal application. |
599671 |
In SSL VPN web mode, cannot display complete content on page, and cannot paste or type in the comments section. |
Switch Controller
Bug ID |
Description |
---|---|
592111 |
FortiSwitch shows offline CAPWAP response packet getting dropped/failed after upgrading from 6.2.2. |
System
Bug ID |
Description |
---|---|
527599 |
Internal prioritization of OSPF/BGP/BFD packets in conjunction with HPE feature to ensure these routing packets are handled in time. It affected all NP6 platforms. |
527942 |
|
545449 |
IPinIP traffic over another IPinIP is dropped in NP6-Lite when offloading is enabled. |
547712 |
HPE does not protect against DDoS attacks like flood on IKE and BGP destination ports. |
548443 |
DHCP-enabled interfaces occasionally fail to perform discovery. |
561234 |
FG-800D shows wrong HA, ALARM LED status. |
573090 |
Making a change to a policy using inline editing is very slow with large table sizes. |
576337 |
SNMP polling stopped when FortiManager API script executed onto FortiGate. |
578531 |
The FortiCloud daemon (forticldd) resolves mgrctrl1.fortinet.com to the wrong IP address. |
580883 |
DNS servers acquired via PPPoE in non-management VDOMs are used for DHCP DNS server option 6. |
582498 |
Traffic cannot be offloaded to both NTurbo and NP6 when DoS policy is applied on ingress/egress interface in a policy with IPS. |
582520 |
Enabling offloading drops fragmented packets. |
586034 |
Enabling ECN dramatically decreases TCP throughput on FG-3400E. |
586301 |
GUI cannot show default Fortinet logo for replacement messages. |
588202 |
FortiGate returns an invalid configuration when FortiManager retrieves the configuration. |
589079 |
QSFP interface goes down when the |
589234 |
Local system DNS setting instead of DNS setting acquired from upstream DHCP server was assigned to client under management VDOM. |
592699 |
Console outputs |
594577 |
Out of order packets for an offloaded multicast stream. |
598357 |
Low throughput on subinterfaces VLAN because IP packets are marked with ECN = CE flag. |
603194 |
NP multicast session remains after the kernel session is deleted. |
User & Device
Bug ID |
Description |
---|---|
547657 |
Guest portal RADIUS authentication failure due to FortiAuthenticator trying to resolve third-party websites as access points. |
549662 |
RADIUS MSCHAP-v2 authentication fails against Windows NPS with non-ASCII characters in user password. |
587519 |
fnbamd has high CPU usage and user is unable to authenticate. |
592241 |
Gmail POP3 authentication fails with certificate error since version 6.0.5. |
VM
Bug ID |
Description |
---|---|
577653 |
vMotion tasks cause connections to be dropped as sessions related to vMotion VMs do not appear on the destination VMX. |
591563 |
Azure autoscale not syncing after upgrading to 6.2.2. |
592611 |
HA not fully failing over when using OCI. |
VoIP
Bug ID |
Description |
---|---|
580588 |
SDP information fields are not being natted in multipart media encapsulation traffic. |
582271 |
Add support for Cisco IP Phone keepalive packet. |
WiFi Controller
Bug ID |
Description |
---|---|
580169 |
Captive portal (disclaimer) redirect not working on Android phones. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE references |
---|---|
491701 |
FortiOS 6.0.9 is no longer vulnerable to the following CVE Reference:
Please read the section under Upgrade Information > FortiGuard protocol and port number. |
565708 |
FortiOS 6.0.9 is no longer vulnerable to the following CVE Reference:
|
569310 |
FortiOS 6.0.9 is no longer vulnerable to the following CVE Reference:
|
576941 |
FortiOS 6.0.9 is no longer vulnerable to the following CVE Reference:
|
577643 |
FortiOS 6.0.9 is no longer vulnerable to the following CVE Reference:
|