Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in version 6.0.9. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Antivirus

Bug ID

Description

553143

Redundant logs and alert emails sent when file is sent to FortiSandbox Cloud via Suspicious Files Only.

561524

Cannot send an email with PDF attachment when FortiSandbox Cloud inspection is enabled.

562037

CDR does not disarm files when they are sent over HTTP POST, despite AV logs showing file has been disarmed.

581460

FG-30E AV TP mode cannot log and block oversize files.

590092

Cannot clear scanunit vdom-stats to reset the statistics on ATP widget.

Data Leak Prevention

Bug ID

Description

563447

Cannot download DLP archived file from GUI for HTTPS, FTPS, SMTP and SMTPS.

607444

DLP quarantines IP when no quarantine action is configured.

Explicit Proxy

Bug ID

Description

603707

The specified port configurations of https-incoming-port for config web-proxy explicit disappeared after rebooting.

Firewall

Bug ID

Description

508015

Editing a policy in the GUI changes the FSSO setting to disable.

611840

Firewall policy search with decimal in the name fails in GUI.

FortiView

Bug ID

Description

527540

Cannot click the Quarantine Host option on a registered device.

GUI

Bug ID

Description

586604

No matching IPS signatures are found when the Severity or Target filters are applied.

HA

Bug ID

Description

531083

Configuration of HA pair of FortiGates goes out of sync when removed from central management (FortiManager).

540632

In HA, management-ip that is set on a hardware switch interface does not respond to ping after executing reboot.

586004

Moving VDOM via GUI between virtual clusters causes cluster to go out of sync and VDOM state work/standby does not change.

621621

Ether-type HA cannot be changed.

Intrusion Prevention

Bug ID

Description

540718

Signal 14 alarm crashes were observed on DFA rebuild.

579018

IPS engine 5.030 signal 14 alarm clock crash at nturbo_on_event.

608501

IPS forwards attacks that are previously identified as dropped.

IPsec VPN

Bug ID

Description

516029

Remove the IPsec global lock.

532594

IKED crashed using ADVPN and OSPF.

602240

IKEv2 EAP-TLS handshake detected retransmit of client, but FortiGate does not retransmit its response.

604923

IKE memory leak when IKEv2 certificate subject alternative name/peer ID matching occurs.

612319

MTU calculation of shared dynamic phase 1 interface is too low compared to its phase 2 MTU and makes fragmentation high.

Log & Report

Bug ID

Description

531994

User group is not included in traffic log for transparent web proxy policy when traffic is allowed.

592766

Log device defaults to empty and cannot be switched on in the GUI after enabling FortiAnalyzer Cloud.

608565

FortiGate sends incorrect long session logs to FortiGate Cloud.

Proxy

Bug ID

Description

584719

WAD reads ftp over-limit multi-line response incorrectly.

622818

Breakout traffic is wrongly denied by proxy policy.

Routing

Bug ID

Description

560633

OSPF route for ADVPN tunnel interface flaps.

593864

Routing table is not always updated when BGP gets an update with changed next hop.

600332

SD-WAN GUI page bandwidth shows 0 issues when there is traffic running.

SSL VPN

Bug ID

Description

476377

SSL VPN FortiClient login with FAC user FTM two-factor fail because it times out too fast.

525342

In some special cases, SSL VPN main state machine reads function pointer is empty that will cause SSL VPN daemon crash.

563022

SSL VPN LDAP group object matching only matches the first policy; is not consistent with normal firewall policy.

573853

TX packet drops on SSL root interface.

574724

In some lower-end FortiGates, the threshold of available memory is not calculated correctly for entering SSL VPN conserve mode. Threshold should be 10% of total memory when the memory is larger than 512 MB and less than 2 GB.

577522

SSL VPN daemon crashes when logging in several times with RADIUS user that is related to a framed IP address.

582265

RDP sessions are terminated (disconnect) unexpectedly.

597658

Internal custom web application page running on Apache Tomcat is not displaying in SSL VPN web mode.

599394

SSL VPN web portal bookmarks are not full loading for Vivendi SelfService application.

600029

Sending RADIUS accounting interim update messages with SSL VPN client framed IP are delayed.

601084

Site in .NET framework 4.6 or 4.7 not loading in SSL VPN web mode.

610564

RDP over web mode SSL VPN to a Windows Server changes the time zone to GMT.

621270

SSL VPN user groups are corrupted in auth list when the user is a member of more than 100 groups.

System

Bug ID

Description

511790

Router info does not update after plugging out/plugging in USB modem.

567019

CP9 VPN queue tasklet unable to handle kernel NULL pointer dereference at 0000000000000120 and device reboots.

580038

Problems with cmdbsvr while handling a large number of FSSO address groups and security policies.

581496

FG-201E stopped sending out packets; NP6lite is stuck.

581528

SSH/RDP sessions are terminated unexpectedly.

587911

FortiGate 200D is dropping packets.

592827

FortiGate is not sending DHCP request after receiving offer.

604613

sentbyte of NTP on local traffic log shows as 0 bytes, even though NTP client receives the packet.

607452

Automatically logged out of CLI when trying to configure STP due to /bin/newcli crash.

608442

After a reboot of the PPPoE server, the FortiGate (PPPoE clients, 35 clients) keeps flapping (connection down and up) for a long time before connecting successfully.

609668

VLANs under LAGs do not show RX/TX packets.

610604

hasync and cmdbsvr processes crash on slave unit, causing failed httpsd, fgfmd, and snmpd on the master.

610900

Low throughput on FG-2201E for traffic with ECN flag enabled.

612351

Many no session matched logs while managing FortiGate.

614355

VPN interface is not pingable while NPU is enabled.

616022

Long delay and cmdbsvr at 100% CPU consumption when modifying address objects and address groups via GUI or REST API.

User & Device

Bug ID

Description

538925

Collector agent cannot be contacted after rebooting or restarting authd if FQDN is used on FSSO server.

567831

Local FSSO poller is regularly missing logon events.

586334

Brief connectivity loss on shared service when RDP session is logged in to from local device.

587293

The session to the SQL database is closed as timeout when a new user logs in to terminal server.

605437

FortiOS does not understand CMPv2 grantedWithMods response.

605950

RDP sessions are terminated (disconnect) unexpectedly.

VoIP

Bug ID

Description

620742

RAS helper does not NAT the port 1720 in the callSignalAddress field of the RegistrationRequest packet sent from the endpoint.

Known Issues

The following issues have been identified in version 6.0.9. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Antivirus

Bug ID

Description

553143

Redundant logs and alert emails sent when file is sent to FortiSandbox Cloud via Suspicious Files Only.

561524

Cannot send an email with PDF attachment when FortiSandbox Cloud inspection is enabled.

562037

CDR does not disarm files when they are sent over HTTP POST, despite AV logs showing file has been disarmed.

581460

FG-30E AV TP mode cannot log and block oversize files.

590092

Cannot clear scanunit vdom-stats to reset the statistics on ATP widget.

Data Leak Prevention

Bug ID

Description

563447

Cannot download DLP archived file from GUI for HTTPS, FTPS, SMTP and SMTPS.

607444

DLP quarantines IP when no quarantine action is configured.

Explicit Proxy

Bug ID

Description

603707

The specified port configurations of https-incoming-port for config web-proxy explicit disappeared after rebooting.

Firewall

Bug ID

Description

508015

Editing a policy in the GUI changes the FSSO setting to disable.

611840

Firewall policy search with decimal in the name fails in GUI.

FortiView

Bug ID

Description

527540

Cannot click the Quarantine Host option on a registered device.

GUI

Bug ID

Description

586604

No matching IPS signatures are found when the Severity or Target filters are applied.

HA

Bug ID

Description

531083

Configuration of HA pair of FortiGates goes out of sync when removed from central management (FortiManager).

540632

In HA, management-ip that is set on a hardware switch interface does not respond to ping after executing reboot.

586004

Moving VDOM via GUI between virtual clusters causes cluster to go out of sync and VDOM state work/standby does not change.

621621

Ether-type HA cannot be changed.

Intrusion Prevention

Bug ID

Description

540718

Signal 14 alarm crashes were observed on DFA rebuild.

579018

IPS engine 5.030 signal 14 alarm clock crash at nturbo_on_event.

608501

IPS forwards attacks that are previously identified as dropped.

IPsec VPN

Bug ID

Description

516029

Remove the IPsec global lock.

532594

IKED crashed using ADVPN and OSPF.

602240

IKEv2 EAP-TLS handshake detected retransmit of client, but FortiGate does not retransmit its response.

604923

IKE memory leak when IKEv2 certificate subject alternative name/peer ID matching occurs.

612319

MTU calculation of shared dynamic phase 1 interface is too low compared to its phase 2 MTU and makes fragmentation high.

Log & Report

Bug ID

Description

531994

User group is not included in traffic log for transparent web proxy policy when traffic is allowed.

592766

Log device defaults to empty and cannot be switched on in the GUI after enabling FortiAnalyzer Cloud.

608565

FortiGate sends incorrect long session logs to FortiGate Cloud.

Proxy

Bug ID

Description

584719

WAD reads ftp over-limit multi-line response incorrectly.

622818

Breakout traffic is wrongly denied by proxy policy.

Routing

Bug ID

Description

560633

OSPF route for ADVPN tunnel interface flaps.

593864

Routing table is not always updated when BGP gets an update with changed next hop.

600332

SD-WAN GUI page bandwidth shows 0 issues when there is traffic running.

SSL VPN

Bug ID

Description

476377

SSL VPN FortiClient login with FAC user FTM two-factor fail because it times out too fast.

525342

In some special cases, SSL VPN main state machine reads function pointer is empty that will cause SSL VPN daemon crash.

563022

SSL VPN LDAP group object matching only matches the first policy; is not consistent with normal firewall policy.

573853

TX packet drops on SSL root interface.

574724

In some lower-end FortiGates, the threshold of available memory is not calculated correctly for entering SSL VPN conserve mode. Threshold should be 10% of total memory when the memory is larger than 512 MB and less than 2 GB.

577522

SSL VPN daemon crashes when logging in several times with RADIUS user that is related to a framed IP address.

582265

RDP sessions are terminated (disconnect) unexpectedly.

597658

Internal custom web application page running on Apache Tomcat is not displaying in SSL VPN web mode.

599394

SSL VPN web portal bookmarks are not full loading for Vivendi SelfService application.

600029

Sending RADIUS accounting interim update messages with SSL VPN client framed IP are delayed.

601084

Site in .NET framework 4.6 or 4.7 not loading in SSL VPN web mode.

610564

RDP over web mode SSL VPN to a Windows Server changes the time zone to GMT.

621270

SSL VPN user groups are corrupted in auth list when the user is a member of more than 100 groups.

System

Bug ID

Description

511790

Router info does not update after plugging out/plugging in USB modem.

567019

CP9 VPN queue tasklet unable to handle kernel NULL pointer dereference at 0000000000000120 and device reboots.

580038

Problems with cmdbsvr while handling a large number of FSSO address groups and security policies.

581496

FG-201E stopped sending out packets; NP6lite is stuck.

581528

SSH/RDP sessions are terminated unexpectedly.

587911

FortiGate 200D is dropping packets.

592827

FortiGate is not sending DHCP request after receiving offer.

604613

sentbyte of NTP on local traffic log shows as 0 bytes, even though NTP client receives the packet.

607452

Automatically logged out of CLI when trying to configure STP due to /bin/newcli crash.

608442

After a reboot of the PPPoE server, the FortiGate (PPPoE clients, 35 clients) keeps flapping (connection down and up) for a long time before connecting successfully.

609668

VLANs under LAGs do not show RX/TX packets.

610604

hasync and cmdbsvr processes crash on slave unit, causing failed httpsd, fgfmd, and snmpd on the master.

610900

Low throughput on FG-2201E for traffic with ECN flag enabled.

612351

Many no session matched logs while managing FortiGate.

614355

VPN interface is not pingable while NPU is enabled.

616022

Long delay and cmdbsvr at 100% CPU consumption when modifying address objects and address groups via GUI or REST API.

User & Device

Bug ID

Description

538925

Collector agent cannot be contacted after rebooting or restarting authd if FQDN is used on FSSO server.

567831

Local FSSO poller is regularly missing logon events.

586334

Brief connectivity loss on shared service when RDP session is logged in to from local device.

587293

The session to the SQL database is closed as timeout when a new user logs in to terminal server.

605437

FortiOS does not understand CMPv2 grantedWithMods response.

605950

RDP sessions are terminated (disconnect) unexpectedly.

VoIP

Bug ID

Description

620742

RAS helper does not NAT the port 1720 in the callSignalAddress field of the RegistrationRequest packet sent from the endpoint.