Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in version 6.2.0. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Application Control

Bug ID

Description

435951

Traffic keeps going through the DENY NGFW policy configured with URL category.

Data Leak Prevention

Bug ID

Description

547437

WAD crash due to scheduler error occurs when oversized file is bypassing the DLP sensor.

548396

DLP archiving intermittently blocks a file when it should be log only.

Explicit Proxy

Bug ID

Description

548415

User cannot pass authentication after timeout if using IP-based authentication.

Firewall

Bug ID

Description

541348

Shaper in shaping policy is not applied when URL category is configured.

FortiView

Bug ID

Description

375172

FortiGate under a FortiSwitch may be shown directly connected to an upstream FortiGate.

482045

FortiView – no data shown on Traffic from WAN.

526956

FortiView widgets get deleted upon upgrading to B222.

544017

FortiView > VPN 1 hour historical shows entries from 8 hours ago when logged in from FortiGate Cloud.

GUI

Bug ID

Description

439185

AV quarantine cannot be viewed and downloaded from detail panel when source is FortiAnalyzer.

442231

Link cannot show different colors based on link usage legend in logical topology real time view.

451776

Admin GUI has limit of 10 characters for OTP.

504770

Introduce an enable/disable button in the GUI to toggle central SNAT table.

532309

Custom device page keep loading and cannot create device group.

546254

Forward traffic log cannot be shown on Windows Edge browser.

546953

DNS Filter column and Profile Group column is missing on policy list.

547393

GUI still shows fortianalyzer-cloud connection status error even after FortiGate connects to fortianalyzer-cloud.

547458

Cannot access VOIP profile list and only the default profile editor is shown.

547808

Security rating event logs cannot be shown in split-vdom FortiGate GUI.

548091

Cannot configure network interface IP addresses from GUI for FG-5001D and FG-5001E.

HA

Bug ID

Description

479987

FG MGMT1 does not authenticate Admin RADIUS users through primary unit (secondary unit works).

Intrusion Prevention

Bug ID

Description

445113

IPS engine 3.428 on FortiGate sometimes cannot detect Psiphon packets that iscan can detect.

548649

IPS custom signature is not detected after FortiGate is rebooted or upgraded.

IPsec VPN

Bug ID

Description

469798

The interface shaping with egress shaping profile doesn't work for offloaded traffic.

481201

The OCVPN feature is delayed about one day after registering on FortiCare.

545871

IPsec tunnel can't establish if OCVPN members with different Fortinet_CA and Fortinet_factory cert.

Log & Report

Bug ID

Description

412649

In NGFW Policy mode, FortiGate does not create web filter logs.

540903

Missed filename in the office365_Attachment. Download DLP log while it is blocked\Allowed.

Proxy

Bug ID

Description

546360

When applying proxy address in transparent proxy policy, FortiGate blocks traffic and reports SSL_ERROR_SYSCALL.

548233

SMTP, POP3, IMAP starttls cannot be exempted by FortiGate when first time traffic goes through FortiGate.

Security Fabric

Bug ID

Description

403229

In FortiView display from FortiAnalyzer, the upstream FortiGate cannot drill down to final level for downstream traffic.

411368

In FortiView with FortiAnalyzer, the combined MAC address is displayed in the Device field.

547659

Access denied error when reviewing security recommendations from physical topology in VDOM mode.

547509

Fail to configure Security Fabric if only enable FortiAnalyzer cloud logging not FortiAnalyzer logging in GUI.

SSL VPN

Bug ID

Description

405239

URL rewritten incorrectly for a specific page in application server.

476838

Check domain log-on as SSL VPN host checks condition.

495522

RDP session freezes when using SSL VPN tunnel mode.

Switch Controller

Bug ID

Description

304199

Using HA with FortiLink can encounter traffic loss during failover.

357360

DHCP snooping may not work on IPv6.

462552

Add an extra dialog in the interface page to clean up config when changing a FortiLink interface back to a regular port.

548145

Configuring FortiLink from GUI does not work on platforms that do not support hardware switch.

System

Bug ID

Description

295292

If private-data-encryption is enabled, when restoring config to a FortiGate, the FortiGate may not prompt the user to enter the key.

364280

User cannot use ssh-dss algorithm to login to FortiGate via SSH.

385860

FG-3815D does not support 1GE SFP transceivers.

436746

NP6 counter shows packet drops on FG-1500D. Pure firewall policy without UTM.

472843

When FortiManager is set for DM = set verify-install-disable, FortiGate does not always save script changes.

474132

FG-51E hang under stress test since build 0050.

494042

If we create VLAN in VDOM A, then we cannot create ZONE name with the same VLAN name in VDOM B.

495532

EHP drop improvement for units with no NP_SERVICE_MODUL.

548076

FortiGateCloud cannot restore configuration on FortiGate.

Upgrade

Bug ID

Description

470575

After upgrading from 5.6.3, g-sniffer-profile and sniffer-profile exist for IPS and web filter.

473075

When upgrading, multicast policies are lost when there is a zone member as interface.

481408

When upgrading from 5.6.3 to 6.0.0, the IPv6 policy is lost if there is SD-WAN member as interface.

494217

Peer user SSL VPN personal bookmarks do not show when upgrade to 6.0.1.

Workaround: Use CLI to rename the user bookmark to the new name.

539112

Devices configured under security-exempt-list become void after upgrade.

548256

Upgrading to v6.2 from v6.0.x causes CIFS/SMB configurations in AV profile to be lost.

548813

Upgrading or downgrading the firmware image using FortiGuard as the source, and as initiated from the System > Firmware page, fails during download of the firmware image. The page still can be used to view the upgrade path, but as a workaround, you will need to manually download the firmware image from Fortinet's Support site, and then initiate an upgrade or downgrade from the same page under the Upload Firmware section.

556002 Some firewall policies were deleted after upgrade from FOS 6.0.4 to FOS 6.2.0.
VM

Bug ID

Description

548453

Ondemand platforms show error with FortiCare/FortinetOne login.

548531

FGT-AWS HA failover and SDN using IAM role do not work due to AWS IAM role token length being +increased.

Web Filter

Bug ID

Description

538593

B0821: FGD service on https/8888 does not work well under specific wanopt topology.

544342

When encryption is set to yes, file-type incorrectly shows all file types when only zip files are supported.

545334

Web filter file filtering does not support FTP traffic inspection but user can still configure FTP protocol in GUI and CLI.

547772

Web filter FGD category is not detected by sniffer policy for HTTPS traffic.

Known Issues

The following issues have been identified in version 6.2.0. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Application Control

Bug ID

Description

435951

Traffic keeps going through the DENY NGFW policy configured with URL category.

Data Leak Prevention

Bug ID

Description

547437

WAD crash due to scheduler error occurs when oversized file is bypassing the DLP sensor.

548396

DLP archiving intermittently blocks a file when it should be log only.

Explicit Proxy

Bug ID

Description

548415

User cannot pass authentication after timeout if using IP-based authentication.

Firewall

Bug ID

Description

541348

Shaper in shaping policy is not applied when URL category is configured.

FortiView

Bug ID

Description

375172

FortiGate under a FortiSwitch may be shown directly connected to an upstream FortiGate.

482045

FortiView – no data shown on Traffic from WAN.

526956

FortiView widgets get deleted upon upgrading to B222.

544017

FortiView > VPN 1 hour historical shows entries from 8 hours ago when logged in from FortiGate Cloud.

GUI

Bug ID

Description

439185

AV quarantine cannot be viewed and downloaded from detail panel when source is FortiAnalyzer.

442231

Link cannot show different colors based on link usage legend in logical topology real time view.

451776

Admin GUI has limit of 10 characters for OTP.

504770

Introduce an enable/disable button in the GUI to toggle central SNAT table.

532309

Custom device page keep loading and cannot create device group.

546254

Forward traffic log cannot be shown on Windows Edge browser.

546953

DNS Filter column and Profile Group column is missing on policy list.

547393

GUI still shows fortianalyzer-cloud connection status error even after FortiGate connects to fortianalyzer-cloud.

547458

Cannot access VOIP profile list and only the default profile editor is shown.

547808

Security rating event logs cannot be shown in split-vdom FortiGate GUI.

548091

Cannot configure network interface IP addresses from GUI for FG-5001D and FG-5001E.

HA

Bug ID

Description

479987

FG MGMT1 does not authenticate Admin RADIUS users through primary unit (secondary unit works).

Intrusion Prevention

Bug ID

Description

445113

IPS engine 3.428 on FortiGate sometimes cannot detect Psiphon packets that iscan can detect.

548649

IPS custom signature is not detected after FortiGate is rebooted or upgraded.

IPsec VPN

Bug ID

Description

469798

The interface shaping with egress shaping profile doesn't work for offloaded traffic.

481201

The OCVPN feature is delayed about one day after registering on FortiCare.

545871

IPsec tunnel can't establish if OCVPN members with different Fortinet_CA and Fortinet_factory cert.

Log & Report

Bug ID

Description

412649

In NGFW Policy mode, FortiGate does not create web filter logs.

540903

Missed filename in the office365_Attachment. Download DLP log while it is blocked\Allowed.

Proxy

Bug ID

Description

546360

When applying proxy address in transparent proxy policy, FortiGate blocks traffic and reports SSL_ERROR_SYSCALL.

548233

SMTP, POP3, IMAP starttls cannot be exempted by FortiGate when first time traffic goes through FortiGate.

Security Fabric

Bug ID

Description

403229

In FortiView display from FortiAnalyzer, the upstream FortiGate cannot drill down to final level for downstream traffic.

411368

In FortiView with FortiAnalyzer, the combined MAC address is displayed in the Device field.

547659

Access denied error when reviewing security recommendations from physical topology in VDOM mode.

547509

Fail to configure Security Fabric if only enable FortiAnalyzer cloud logging not FortiAnalyzer logging in GUI.

SSL VPN

Bug ID

Description

405239

URL rewritten incorrectly for a specific page in application server.

476838

Check domain log-on as SSL VPN host checks condition.

495522

RDP session freezes when using SSL VPN tunnel mode.

Switch Controller

Bug ID

Description

304199

Using HA with FortiLink can encounter traffic loss during failover.

357360

DHCP snooping may not work on IPv6.

462552

Add an extra dialog in the interface page to clean up config when changing a FortiLink interface back to a regular port.

548145

Configuring FortiLink from GUI does not work on platforms that do not support hardware switch.

System

Bug ID

Description

295292

If private-data-encryption is enabled, when restoring config to a FortiGate, the FortiGate may not prompt the user to enter the key.

364280

User cannot use ssh-dss algorithm to login to FortiGate via SSH.

385860

FG-3815D does not support 1GE SFP transceivers.

436746

NP6 counter shows packet drops on FG-1500D. Pure firewall policy without UTM.

472843

When FortiManager is set for DM = set verify-install-disable, FortiGate does not always save script changes.

474132

FG-51E hang under stress test since build 0050.

494042

If we create VLAN in VDOM A, then we cannot create ZONE name with the same VLAN name in VDOM B.

495532

EHP drop improvement for units with no NP_SERVICE_MODUL.

548076

FortiGateCloud cannot restore configuration on FortiGate.

Upgrade

Bug ID

Description

470575

After upgrading from 5.6.3, g-sniffer-profile and sniffer-profile exist for IPS and web filter.

473075

When upgrading, multicast policies are lost when there is a zone member as interface.

481408

When upgrading from 5.6.3 to 6.0.0, the IPv6 policy is lost if there is SD-WAN member as interface.

494217

Peer user SSL VPN personal bookmarks do not show when upgrade to 6.0.1.

Workaround: Use CLI to rename the user bookmark to the new name.

539112

Devices configured under security-exempt-list become void after upgrade.

548256

Upgrading to v6.2 from v6.0.x causes CIFS/SMB configurations in AV profile to be lost.

548813

Upgrading or downgrading the firmware image using FortiGuard as the source, and as initiated from the System > Firmware page, fails during download of the firmware image. The page still can be used to view the upgrade path, but as a workaround, you will need to manually download the firmware image from Fortinet's Support site, and then initiate an upgrade or downgrade from the same page under the Upload Firmware section.

556002 Some firewall policies were deleted after upgrade from FOS 6.0.4 to FOS 6.2.0.
VM

Bug ID

Description

548453

Ondemand platforms show error with FortiCare/FortinetOne login.

548531

FGT-AWS HA failover and SDN using IAM role do not work due to AWS IAM role token length being +increased.

Web Filter

Bug ID

Description

538593

B0821: FGD service on https/8888 does not work well under specific wanopt topology.

544342

When encryption is set to yes, file-type incorrectly shows all file types when only zip files are supported.

545334

Web filter file filtering does not support FTP traffic inspection but user can still configure FTP protocol in GUI and CLI.

547772

Web filter FGD category is not detected by sniffer policy for HTTPS traffic.