Spam filter profile CLI options are disabled after GUI change.

Remove mobile malware protection option from GUI.

FTP Server is not accessible when AV profile is set to proxy based inspection.

AV full-scan mode causes traffic to fail.

WAD crash when av-scan is blocking the input and HTTP session is closing.

In flow mode, scanunit API does not allow IPS to submit a scan job for a URL with no filename.

Process scanunit crash in removeTransformCleanup when Outbreak Prevention is enabled.

scanunitd experiences a constant different kind of crash.

Flow AV profile and SSL deep inspection writes blocked invalid cert logs to webfilter logs.

FortiGate not sending email headers to FortiSandbox.

Flow AV in quick mode cannot block large infected samples (eicar.exe).

Standard vs. Advanced mismatch on FortiOS GUI.

scanunit signal 14 alarm clock caused by DLP scanning bz2 file.

Some XML-based MS Office files are recognized as ZIP files.

DLP incorrectly blocking .deb file extension (DLP log unclear for matches in archive files).

XFF header enhancements (strip-off & enforcement) for URL filtering module.

tcp-timewait-timer does not have any effect when WAD is running.

Proxy is unexpectedly sending FIN packet (FTP over HTTP traffic).

Kerberos users unable to access the internet.

UDP over SOCKS PROXY.

Presence of X-XSS-Protection header causes response to be not cacheable.

High memory usage on WAD.

Explicit web proxy, slow speed.

Web-proxy internet service as DST address cannot work for some IP address range overlap case.

Website denied due to certificate error (revoked) only in Proxy_policy and deep inspection profile.

WAD should not keep buffer data if the server's response broke the HTTP protocol.

WAD returns 502 Bad Gateway if the server disconnects without data received.

Explicit FTP proxy doesn't work with second IP address.

When proxy srvc is set to protocol CONNECT and client tries to connect to HTTPS page, client gets message: Access Denied.

Cannot add a wildcard FQDN object to an addrgrp which is applying in policy

GUI to allow negate an address object.

Implicit deny policy generating logs when logging is disabled.

Cannot use custom internet service group in traffic shaping policy.

Cannot use application group in traffic shaping policy.

Traffic not matching expected sessions and getting denied.

In NGFW policy mode, applications allowed by unintended policy ID when together with firewall-session-dirty check new.

Creating a new address group gives error: Associated Interface conflict detected!.

Customer does not accept the confirmation of 0.0.0.0/0 object while creating address object errors.

Creating wildcard address object errors but still creates the object.

set logtraffic-start enable option is not available for policy64/policy46.

Should not do passive port NAT for FTP session helper.

Adding ports in a custom ISDB service for all the IP of the service is not easily achievable.

FortiGate logging is not stable and stopped working.

Session marked dirty when routing table updated for route which is not related to the session.

WCCP not use the tunnel.

DCE/RPC session-helper expectation session is removed unexpectedly.

A FortiGate in TP mode with set send-deny-packet enabled policy, generates strange ICMP-REPLY for TCP SYN/ICMP-REQUEST/UD.

When forwarding the multicast traffic for the first time, the packet size is not calculated correctly.

FortiGate does not offer TLS-RSA-* ciphers when virtual server is configured and strong-crypto is disabled.

Virtual server rejects TLS connections when plain RSA ciphers are specified in custom cipher-list.

Realtime session list cannot show IPv6 session and related issues.

HTTPsd / DNSproxy / high CPU / memory with high rate UDP 1Byte spoofing traffic.

Fortiview >Policies(or Sources) >Now, it shows nothing when filtered by physical interface at PPPoE mode.

In Fortiview > Threats, drill down one level, click Return and the graph is cleared.

FortiView > Sources is unable to sort information accurately when filtering by policy ID number.

FortiView > All Sessions > real time view is missing right-click menu to end session/ban ip.

Virtual wire pair > Add VLAN range filter on GUI.

GUI is blank when accessed by radius user with read-access profile.

prof_admin profile admins not able to display GUI IPv4 source address.

Create new default dashboards in factory default settings.

FGT5001D Sessions widget in Dashboard show negative % for nTurbo after throughput test.

Cannot restore configuration when GUI access to the FortiGate is via a connection with small bandwidth.

Timeout does not work properly if user moves away from FortiGate GUI.

While accessing FortiGate page, browser memory usage keeps spiking and finally PC hangs.

GUI creating B/W widget referencing SIT-Tunnel generates error.

In FOS-AWS prompts user password = instance ID, and forces user to change password upon initial log in.

Remove # of interfaces from device list.

Some certificates break Certificate page.

Getting error Some changes failed to save when configuring IPv4 policies on firewall.

Editing Address Objects name within SSL-SSH inspection profile selection pane cause loss of Address/Web exemption objects.

Unable to download the results of the scheduled script.

FortiGate and FSA has right connectivity, but Test Connectivity on GUI interface is showing Unreachable or not Authorized.

Error connecting to FortiCloud message while trying to access FortiCloud Reports in GUI.

Slowness when adding or removing member from address group via SSH.

LAG interface is not listed on the dropdown list when configuring DNS Service.

REST API issue: Access Token only verifies the first 30 characters.

Firewall policies with action DENY show default proxy-options applied in GUI.

Local GW disappears from GUI.

Disappearing policy add-also happens in 6.0.3 build 0200.

Process nsm with high CPU when displaying the GUI section of IP4 and IPv6 policy when receiving full routing of BGP.

Secondary unit in AP cluster memory/CPU spike as a result of DHCP/HA sync issue.

When standalone config sync is enabled in FGSP, IPv6 setting of interface is synced.

Can't use FAC username, password, and FortiToken two-factor authenticate login HA secondary unit

A green check mark indicating HA sync status on GUI is only put on a side of virtual cluster 1.

Conserve mode caused by hasync consuming most available memory.

FGSP session sync for FGCP cluster keeps syncronizing sessions back to the originator even after the traffic is stopped.

FortiGate stops accepting traffic from any interface in a hardware switch after HA fail-over in 80/81E.

After failover, cannot connect to management-IP of backup device.

hasync daemon crashes when admin session timeout and cluster could be out of sync for a short period.

Config sync communication on heartbeat link not encrypted when encryption is enabled under system HA.

FG-501E units generating logs only for five minutes after rebooting the unit, then do not generate anymore logs.

Out of sync after config change.

Duplicate MAC on mgmt2 ports.

Upgrade to build 3574 fails for HA cluster.

HA uninterruptible upgrade from 9790 to 3558 fails.

Enormous amount of session between heartbeat Interfaces for port 703 (HASYNC).

SLBC-Dual mode: Secondary unit chassis blade sending traffic logs.

GUI checksums show secondary unit is not synchronized when the primary unit is synchronized.

Secondary unit out-of-sync. Unable to log into secondary unit.

Suggest to add a command to show virtual_mac usages on FGCP HA.

ha-mgmt-interface IPv6 GW is not registered when ha-mgmt-interface IPv4 GW is not set.

MTU of session-sync-dev does not come into effect.

Increase FGSP session sync from 200 VDOM to 500 VDOM.

Successive failovers lead to complete traffic stop (IPSEC[01]_IQUEUE counter catching all traffic).

High memory caused by updated daemon.

FGSP between two FGCP clusters - session expectation.

FGSP of FGCP cluster, does not pickup NAT'ed sessions.

Application hasync *** signal 11 (Segmentation fault) received ***.

Config of HA pair of FortiGates goes out of sync when removed from Central Management (FortiManager).

FGSP config replicating BGP and OSPF info after a config restore.

High CPU on Core1 due to session sync process.

Multicast-forward setting is lost after a backup restore on a FGCP cluster.

Old primary unit keeps forwarding traffic after failover.

Provide accurate statistics across multiple IPS daemons.

ipsengine up time on FG-51E is a negative number after changing db from extended to regular.

ICMP Packets drop while FGD updates.

Delay for BFD in IPinIP traffic hitting policy with IPS while IPsec calculates new key.

traceroute issues when IPS is enabled.

Traffic drops for 15 seconds when UTM is enabled.

IPv4.Invalid.Datagram.Size attack is not detected in IDS mode.

Victim is quarantined after IPS attack.

One arm sniffer is unable to see HTTPS log in web filter logs.

High memory due to IPS and SSL-VPN going into conserve mode.

NAT -T broken with AWS and Fortigate.

AES-256-GCM for phase 1.

Using transparent mode and policy base VPN, about 4 ICMP packets which exceed over MTU 1375 byte are dropped.

Packet from FCT can not go through VXLAN over IPsec depending on packet size.

Memory leak with IKED.

Slow IPsec traffic between FortiGate and AWS FortiGate once run iPerf between unix and linux.

Invalid ESP packet detected (replayed packet) when having high load on IPsec tunnel.

OSPF neighbor can't up because IPsec tunnel interface MTU keeps changing.

ADVPN shortcut continuously flapping.

VPN goes down randomly, also affects remote sites dialup.

IPsec Gateway never clears unless manually forced.

Index of existing OIDs changes when installing new IPsec tunnels to the FortiGate - breaks monitoring.

DPD shows unnegotiated and is not functioning correctly on ADVPN Spoke.

IKE route should not be deleted if it is needed by other proxyids.

When two certificates are configured on p1, both aren't offered or the wrong one is offered.

MTU values does not gets calculated correctly in GRE over IPsec.

Unnecessary next-hop restriction on static route prevents using static routing on Hub with 'net-device disable.'

Rename One Click VPN to Overlay Controller VPN.

Shouldn't PPK:no be shown at IKEv2 SA level when NO-PPK-AUTH was used?

Cannot edit existing phase1-interface config.

One issue and two possible enhancements when proxying IKE mode-cfg and DHCP.

KEv2 EAP - FortiGate fails to respond to IKE_AUTH when ECDSA certificate is used by ForitGate.

Site-to-site VPN policy based - with DDNS destination fail to connect.

FortiGate sends failure response to L2TP CHAP authentication attempt before checking it against RADIUS server.

FortiGate IPsec VPN phase1-interface and phase2-interface configurations are not saved into configuration file.

Archive mark is always on under UTM logs page when log-display location set to FAZ.

Negative values in 'Load Balance' monitor logs.

Scheduled auto-update happens twice in ten seconds but a log entry for the first try is not logged.

Long-live session statistics logs add sentdelta and rcvddelta fields for FortiCloud FortiView as required.

miglogd : syslog reliable mode is claiming all logs failed when some pass.

Duplicate description for different log IDs: LOG_ID_CHG_CONFIG & LOG_ID_CONF_CHG etc.

Duplicate description for different log IDs: LOG_ID_POWER_FAILURE, LOG_ID_POWER_FAILURE_WARNING etc.

Duplicate description for different log IDs.

IPsec logging - Duplicate description for different log IDs.

AP Event log: Duplicate description for different log IDs.

PPPOE Event log: Duplicate description for different log IDs.

RADIUS event log: Duplicate description for different log IDs.

SSL Event logs: Duplicate description for different log IDs.

Duplicate description for different log IDs: LOG_ID_LEAVE_FD_CONSERVE_MODE, LOG_ID_LEAVE_FD_CONSERVE_MODE_NOTIF.

Quad File Dropped Reason forticloud-daily-quota-exceeded.

FortiGate with disk and send logs to FAZ has PCI alerts.

Memory usage in event log does not match the number in get system performance status.

miglogd crash and no logs are generated.

VPN usage duration days in local report is not correct.

When destination interface is PPPoE, intf-role is logged as Undefined even though the role is not undefined.

exe backup memory log tftp/ftp does not back up all memory log files.

Constant DNS query on built-in FQDN cause network congestion.

IPv6-Happy-Eyeballs-Mechanism not working with proxy-based Webfilter-Profile.

SSL handshake fail when activate ESET application.

FortiGate is dropping server hello packets when urlfilter is enabled.

Multiple WAD crashes with signal 11 (Segmentation fault).

FGT-200E in kernel conserve mode. WAD process consuming high memory.

ICAP does not work if there is no other proxy-based UTM feature enabled in the policy.

FGT1200D WAD Crashing 5.6.5 (wad mapi).

System went into conserve mode due to wad after upgrade to 5.6.5.

Support multiple DC servers in the agentless NTLM auth as well as user based matching.

Need to do changes in default replacement message of Invalid certificate Message.

SSL certificate inspection in proxy mode doesn't use CN from Valid Certificate for categorization when SNI is not present.

Certificate error with SSL deep inspection.

WAD crashes.

Webproxy learn-client-ip webfilter's auth/warn/ovrd does not work.

Certificate inspection (CN base) web category filter doesn't work.

The customer is unable to access internal CRM application server with antivirus enabled.

HTTP WebSocket 101 switching protocol requests mismatch in v6.0.3.

Skype call drops when handled by WAD process after around three sec of being answered.

WAD Crashes when processing transparent proxy traffic after upgrade to 6.0.3.

FortiGate doesn't forward request:port command after 0 byte file transmission.

WAD process crash with signal 11.

Certificate chaining is broken on FortiGate site (deep inspection) for certain web sites.

FTP proxy ignores OTP in authentication.

Web site access failure due to OCSP check in WAD + Deep SSL inspection.

WAD uses high CPU with "netlink recvmsg No buffer space available" after upgrade to 6.0.3+.

WAD memory leak on OCSP certificate caching.

SSL deep inspection doesn't work with OCSP stapling.

WAD performs category SSL-Exemptions when SSL-inspection profiles are in "protect-server" mode.

Removed default ssl-exempt entries page show empty.

FortiGate does not follow Authority key identifier when sending certificate chain in deep inspection.

REST API for system csf didn't return csf group name.

BGP Aggregate address results in blackhole for incoming traffic.

Network devices must be configured with rotating keys used for authenticating IGP peers that have a duration of 180 days or less.

WAN LLB session log srcip and dstip are mixed up intermittently.

FortiGate delays to send keepalive which causes neighbor's hold down timer to expire and reset the BGP neighborship.

Merge vwl_valeo project - No option for proute based on only dynamic routes.

Add VRF filtering capability to command get router info routing-table all.

IGMP multicast joins taking very long time and uses high NSM CPU utilization.

config system ipip-tunnel is lost after reboot when pppoe interface is used.

Kernel is missing routes.

SD-WAN health check status log is incorrect.

Spillover rules do not work on PPPoE virtual-wan-link.

When using policy route for IPv6, NAT64 does not work.

Can't make mgmt1 and mgmt2 redundant interfaces.

FortiGate generates fragmented OSPFv3 DBD packets.

IPv6 doesn't respond to neighbor solicitation request.

Log message MOB-L2-UNTRUST:311 not found in the list! seen on VDOM with IPv6 router advertisement enabled.

RIPv2 with MD5 authentication key ID incompatible with other vendors.

Cease unspecified sent to all BGP peers when new peer is created.

Some missing fields in proute list.

Central NAT - Not updating when dst interface changes.

WLAN guest user in VDOM makes the cluster out of sync.

Differences between routing table and kernel forward information. ADVPN + BGP.

Proute list fill "null " application name.

Upgrade from 5.6 to 6.0 causes all routes to be advertised in BGP.

SD-WAN Health-Check - Reported packet loss inaccurate.

With VRRP use VRDST checking without default gateway.

SD WAN IPsec interfaces keep failing over when link selection strategy is set to Custom-profile.

OSPFD crash (Segmentation fault) - NSSA - removal of network statement for interface in 'down' state.

link-monitor cannot recover after the device in between reboot.

BGP/BFD packets marked as CS0.

Successfully configured static route CLI commands fail with parse errors after reboot.

Multicast failed after failover from another interface.

OSPF6 will advertise only /128 prefixes to neighbours using point-to-point network type.

Quarantine monitor, should support showing devices for the whole fabric.

Industry field shows up abnormally when adding security rating widget.

If downstream device is part of security fabric, it should be exempted from FortiClient enforcement.

Some minor GUI improvement to facilitate security fabric config.

Add CSF trust-list support into GUI.

Should let approval request message be more standing out.

Edge: Page reloaded when hovering on a connecting line between objects in topology.

Not able to connect through SSL VPN to addresses resolved by SDN dynamic objects.

Remove unused java source file in fortiweb/java.

High CPU usage by sslvpnd [web and mixed mode].

Unable to login to VMware vSphere vCenter 6.5 through SSL VPN web portal.

Running diagnose npu np6lite session in FGT-201E results in high CPU and system instability.

SSLVPND consumes high memory causing FGT enter conserve mode.

SSLVPND 100% VPN when accessing OWA through bookmark.

SSL VPN process taking 99% of CPU utilization even not using SSL VPN.

SSLVPND process is crashing and users are disconnecting from SSL VPN.

Connection to web server freezes when using SSL VPN web bookmark.

SSL VPN bad password attempt causes excessive bindRequests against LDAP and lockout of accounts.

SSL VPN web portal connect to FMG (5.6.3) unable to view Managed devices and policy packages.

HTTPS bookmark to internal website produces error after the initial successful login.

SSL VPN to Nextcloud doesn't open.

RADIUS 2FA + password change against FAC fails due to unexpected state AVP + GUI bug.

When accessing an internal listing website via SSL VPN, loading long lists fails or is interrupted.

SSL VPN access denied if address object added after group object in firewall policy

Unable to load web page in SSL VPN web mode.

Unable to load WebPage through SSL VPN webmode. Some js files of xunta internal web sites have problems.

SSL VPN web mode SMB connection doesn't work when enable then disable SMBCD debug.

Invalid HTTP Request' when SMB via SSL VPN bookmark is executed.

HTTP bookmark error SyntaxError: Expected ')' after accessing internal server.

Unable to view Cisco APIC web interface page after logging using SSL VPN web portal.

SSL VPN portal not loading predefined bookmarks.

IBM QRadar page not displaying in SSL VPN web-mode.

HSTS header missing again under SSL VPN.

Backup and restore the VDOM config with SSL VPN settings causes some critical flags and counter for SSL VPN to not update so SSL VPN stops working.

Unable to access internal website via bookmark in SSL VPN web mode.

Search result gives empty output upon accessing the URL https://ieeexplore.ieee.org via SSL VPN bookmark.

Dropdown list cannot get expanded through bookmarks (SSL VPN).

HTML PABX Admin Console not working correctly in SSL VPN mode.

Atlassian Confluence wiki Javascript problem via SSL VPN web mode.

sslConnGotoNextState:298 error when use SSL VPN bookmark method access huawei appliances.

JavaScript script is not available when connecting using SSL VPN web mode.

Update from web mode fails for SharePoint page using MS NLB.

SSL VPN crashes when it receives HTTP request with header "X-Forwarded-For" because of the wrong use of sslvpn_ap_pstrcat.

For SSL VPN with the realm named sslvpn, the authentication fails.

Problem loading reaching internal web server through SSL VPN Web bookmark when using HTTPS. Some js files of "srvdnsmgt" do not run correctly.

Scrolling in Jira is not working in SSL VPN web mode.

SSL VPN wants client certificate even when no client-cert for realm is configured.

Synology NAS login page stuck after login when accessing by SSL VPN Web portal.

Can't authenticate on internal web server using web mode SSL VPN.

Active cache memory leak after upgrade to 6.0.3 GA.

SSL VPN web mode RDP connection not working when security set to NLA.

Unable to load webpage in SSL VPN Webmode.

SSL web mode is not modifying links on certain web pages.

Unable to get dropdown menu from internal server via SSL VPN web mode connection.

SSL VPN bookmark fails with JavaScript error.

Redirected port is not entered in the URL through SSL VPN web mode.

Not able to access OnlyOffice through SSL VPN web mode.

Adding latest macOS in the SSL OS-check-list.

SSL VPN web mode gets redirected out of SSL VPN proxy.

SSL VPN for users with passwords that expires allows password change after the password is expired.

SSL bookmark is not loading a SAP portal information.

Unable to receive SSL tunnel IP address.

SSL VPN random stale sessions exhausting IP pool.

Unable to load webpage in SSL VPN web mode.

FortiSwitch Ports page display improvements.

Switch controller event: duplicate description for different log IDs.

Add allowaccess profile to the physical interfaces on the FortiSwitch.

After a physical port of FortiLink LAG has link down/up, fortilinkd packet cannot be sent from FortiGate to FortiSwitch.

On FortiSwitch Ports page, Display More does not work.

FortiGate sends FortiSwitch serial# in SNMP trap fgFcSwName instead of FortiSwitch hostname.

CPU doesn't remove dirty flag when returns session back to NP6.

Kernel Panic on creation of aggregate interface belonging to different NP6, when NP6 is configured in low latency mode.

802.1AX L4 algorithm and NP4 do not distribute UDP evenly on egress LAG bundle.

CPU cores utilization shows 0 percent while handling CPS in 5.4.

On FG-50E and FG-51E ifHCOutOctets rolls as if counter32.

Front Panel "SPEED" LED is flushing Green when Transmitting & receiving data.

Adding USB Host devices to a virtual machine connected by USB to FortiGate 500D causes the units to restart in loop.

EHP drop improvement for units using NP_SERVICE_MODULE.

Request to improve CLI help text for config system NP6 session-timeout options.

fwgrp read&read-write access profile doesn't work properly.

PRP support.

skippingBad tar header message flooding on console after rebooting box and retrieving logs.

Sniffer packet feature does not display any reverse packets on trunk interface.

WAD crash with signal 6.

FGFM sessions timeout when NPU offloaded (also applies to 6.0.0).

vlan-filter is not straightforward.

FortiGate sends MAB packet two minutes after receiving Access-Reject.

Policy packet capture does not show timestamp.

DNSproxy does not seem to update link-monitor module.

One of the aggregate port members is transmitting irregularly LACP packets.

Some of the FortiGate SNMP OIDs not giving any value.

DNS Domain List.

External resource should not update CMDB and cause FortiManager revision.

Allow packet sniffer to use RAM disk.

Accessing FDS via proxy server without DNS resolution.

Service Object Limitation of 4096 needs to be increased.

EMAC VLAN: SNMP data is incorrect.

Incorrect SNMP answer for get-next.

Intermittent failure of DHCP address assignment.

DHCP lease new IP to same EFTPOS S800 device cause DHCP lease exhausted.

ddnscd fortiddns monitor-interface is not being updated properly.

FG3700D freeze when deleting VDOM.

FortiGate is not compliant with rfc3397 (Domain Search Option Format).

Partial configuration loss after root VDOM restore.

Firewall objects not visible or editable (Return code -361) when logged in via SSH key authentication.

FGT DNS configuration doesn't allow one word domain names.

HTTP link-monitor - response parser is case-sensitive (Content-Length header).

SSH/SSL VPN connection to external VLAN interface drop by changing unrelated interface IP or restart OSPF.

Finisar FCLF8521p2BTL (FG-TRAN-GC) and (FS-TRAN-GC) FCLF8522P2BTL transceivers not detected by FortiOS.

High CPU on some cores of CPU and packet drops around 2-3%.

DSA and RSA fingerprints are identical.

ipmc_sensord process not checking sensors due to pending jobs.

Not able to access TP FortiGate from different network.

MCLAG: if remote side change systemID, only one port goes down, the other remains up.

DNSPROXY causing high CPU usage.

Addresses are taking a long time to load.

MSS size negotiation is wrong when configured MTU value is less than 297.

Merge br_6-0_sp back to 6.0 and 6.2.

FortiGate managed by FortiManager intermittently going offline after rebooting FortiGate.

Inactive interfaces in LAG causing unbalance packet distribution and link saturation.

LAG interface flaps when the member ports go up.

Allow sit-tunnel to not specify the source address.

Password policy forces password change even if expire-status is disabled.

Kernel panic in the HA cluster with FortiGate-3800D units running FortiOS v6.0.0 build 0200

Internal prioritization of OSPF/BGP/BFD packets in conjunction with HPE feature.

TXT records are truncated in DNS replies, when FortiGate is used as DNS server.

Add global log device statistics to SNMP.

GRE tunnel does not come up.

Kernel Panic when Fragmented Multicast Traffic received on EMAC-VLAN interface.

Certificate chain validation fails when trying to fetch the intermediate CA cert; untrusted cert presented.

In SNMPv3 config, to select the Encryption Algorithm should be "Encryption Algorithm" instead of the label "Authentication Algorithm".

Read-only admin account can delete IPsec SA.

SNMPv3 traps settings are not available in the GUI.

Memory leak after upgrade to 6.0.4.

GTP Tunnel States are not synced on subordinate unit after a reboot.

FortiGate sending DHCP offer using broadcast.

Modifying FortiGate administrator password to complex ones via SSH triggers a FortiManager password change by auto-update.

Status of a port member of a redundant interface changes if an alias is set.

Cannot create soft switch with VX LAN interface under same base interface.

DHCP option doesn't include all NTP servers.

After upgrade to V5.4.9, observing lot of IPS syntax errors on the console screen.

vdom-property limits error after upgrade from 5.4.6 to 5.6.3.

Wrong management-vdom after upgrade from V6.0 or rebooting FortiGate.

Single Sign-on, multiple FSSO polling servers with the same AD (LDAP) server, cannot select the same user or group.

Mobile FortiTokens not assignable VDOM in vcluster on secondary unit.

fnbamd uses high CPU when receive user member groups.

Not able to SSH into FortiGate through FortiManager using TACAS+ user.

FSSO - established session aren't re-evaluated when a user is removed from an Active Directory group.

FortiGate: Unable to browse structure of Netscape LDAP.

FortiOS does not prompt for token when Access-Challenge is received - RADIUS authentication fails.

LDAP search issue after upgrade to 5.6.6 build 3444 from 5.6.5 build 3342.

Unable to login to FortiGate using Symantec 2-factor authentication.

LDAPS requests fail with fnbamd stop error "Not enough bytes". LDAP works fine. Additional timeout observed.

FortiGate fails to match User group after passing authentication (Local User).

Local certificate content changes should be directly applied for the admin-server-cert sent to the client browser.

FortiGate sends error user password to RADIUS server for CMCC auth user sometimes.

Aggregate interface (four member) flapps when the third member interface goes down.

FOS VM serial number changes during firmware upgrade.

0129: ha.hbdev=portX : sets vdom = vsys_ha.

FortiGate VM closed network + UTM license showing Package update failed due to invalid contract.

Connectivity loss between FGT-SVM and FGT-VMX cause license to became invalid after one hour.

Should handle multiple IP address failover better during HA failover.

VMX: Adding a security group with ~30+ devices into the redirection policy the connection starts to experience huge delay.

FortiMeter Consumption is not accurate.

Kernel panic after upgrade from 5.6.7 to 5.6.8.

Non-SIP packet send to SIP ALG got dropped with no log.

Unable to open one URL on the redirection after the upgrade.

Web Filter profile with SSL does not check SNI against server certificate.

Web Filter profile's proxy options to allow corporate Gmail accounts gets overlooked if "general interest" category is blocked.

Web filter CLI only options are unset when clicking Apply via GUI.

ovrd-auth-port-https uses VIP's mapped IP as CN when no TLS SNI is present.

Regex case insensitivity flag is ignored in 5.6.5 and 6.0.2 when FortiGate is in proxy mode.

WAD Segmentation Signal 11 in 6.0.3.

Web Filter inspection proxy mode unable to resolve hostname because website is unrated.

The URL filter is not blocking a page when there are many entries in it.

Wrong FortiGuard page displayed with Override enabled on Web Filter profile.

"Filtering Services Availability" keeps showing as green even when port 8888 is blocked by an upstream device.

Remote site client connected to the FAP14C Ethernet port is randomly not able to reach the LAN client connected to the FortiGate.

FortiWiFi sends DHCP Offer as a unicast address via WiFi interface even though the BROADCAST bit is set to "1" in DHCP Discover.

FortiGate does not send WTP-ID in RADIUS accounting packet when client is connected with captive-portal SSID.

FortiWiFi not working with FortiPresence Pro.

FWF-50E kernel panic due to a WiFi driver issue.

Application hostapd crashed - causing a wireless outage.

CAPWAP traffic is not offloaded successfully when using dynamic-vlan SSID and IPS profile or AV profile is enabled in the policy.

Frequent hostapd crash.

Part of FAP221C and FAPC24JE went offline and failed to be managed by the controller again.

Repeated vfnb_netdev_event:1406 fix me!!! after deleting WiFi DDIS from split VDOM.

Different accounting behavior between FAP221C and FAPC24JE for CMCC portal auth.

CAPWAP traffic dropped when offloaded if packets are fragmented.

FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:

• CVE-2017-17544

FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:

• CVE-2017-14186

FortiOS6.2.0 is no longer vulnerable to the following CVE Reference:

• CVE-2018-9195

Please read the section under Upgrade Information > FortiGuard protocol and port number.

FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13371

FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13384

FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13380

FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13379

FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13381

FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13383

FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13382

FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:

• CVE-2019-5587