Resolved Issues
The following issues have been fixed in version 6.2.0. For inquires about a particular bug, please contact Customer Service & Support.
Anti-Spam
Bug ID |
Description |
---|---|
295539 |
Spam filter profile CLI options are disabled after GUI change. |
477496 |
Unable to add email wildcard to black/white list GUI in Anti-Spam profile. |
AntiVirus
Bug ID |
Description |
---|---|
474538 |
Remove mobile malware protection option from GUI. |
491675 |
FTP Server is not accessible when AV profile is set to proxy based inspection. |
502138 |
AV full-scan mode causes traffic to fail. |
513667 |
WAD crash when |
516072 |
In flow mode, scanunit API does not allow IPS to submit a scan job for a URL with no filename. |
519759 |
Process scanunit crash in |
522343 |
|
525151 |
Flow AV profile and SSL deep inspection writes blocked invalid cert logs to webfilter logs. |
525711 |
FortiGate not sending email headers to FortiSandbox. |
537666 |
Flow AV in quick mode cannot block large infected samples ( |
541023 |
Scanunit worker leaves urlfilter API socket files behind in tmp. |
Application Control
Bug ID |
Description |
---|---|
511151 |
Application Control with traffic shaper is not attached to session. |
Authentication
Bug ID |
Description |
---|---|
447575 |
Standard vs. Advanced mismatch on FortiOS GUI. |
463849 |
FAC remote LDAP user authentication via RADIUS fails on invalid token if password change and 2FA are both required. |
Data Leak Prevention
Bug ID |
Description |
---|---|
486958 |
|
496255 |
Some XML-based MS Office files are recognized as ZIP files. |
518146 |
DLP incorrectly blocking .deb file extension (DLP log unclear for matches in archive files). |
524910 |
DLP profile to block the file name pattern "*" not blocking uploading files. |
DNS Filter
Bug ID |
Description |
---|---|
472267 |
DNS filter performance improvement. |
Endpoint Control
Bug ID |
Description |
---|---|
543635 |
Extend GTP0/GTP1 policy for new RAT types. |
Explicit Proxy
Bug ID |
Description |
---|---|
413187 |
XFF header enhancements (strip-off & enforcement) for URL filtering module. |
445312 |
|
477289 |
Proxy is unexpectedly sending FIN packet (FTP over HTTP traffic). |
491118 |
Kerberos users unable to access the internet. |
500182 |
UDP over SOCKS PROXY. |
503478 |
Presence of X-XSS-Protection header causes response to be not cacheable. |
506654 |
High memory usage on WAD. |
506821 |
Explicit web proxy, slow speed. |
509876 |
Web-proxy internet service as DST address cannot work for some IP address range overlap case. |
509994 |
Website denied due to certificate error (revoked) only in Proxy_policy and deep inspection profile. |
512294 |
WAD should not keep buffer data if the server's response broke the HTTP protocol. |
515327 |
WAD returns 502 Bad Gateway if the server disconnects without data received. |
521344 |
Explicit FTP proxy doesn't work with second IP address. |
521899 |
When proxy srvc is set to protocol CONNECT and client tries to connect to HTTPS page, client gets message: Access Denied. |
524933 |
Agentless NTLM - FortiGate adds redundant domain suffix to username when it is already present (UPN used). |
Firewall
Bug ID |
Description |
---|---|
390422 |
Cannot add a wildcard FQDN object to an addrgrp which is applying in policy |
457294 |
GUI to allow negate an address object. |
466999 |
Implicit deny policy generating logs when logging is disabled. |
484599 |
Cannot use custom internet service group in traffic shaping policy. |
484603 |
Cannot use application group in traffic shaping policy. |
492034 |
Traffic not matching expected sessions and getting denied. |
497535 |
In NGFW policy mode, applications allowed by unintended policy ID when together with |
503904 |
Creating a new address group gives error: |
508085 |
Customer does not accept the confirmation of 0.0.0.0/0 object while creating address object errors. |
508098 |
Creating wildcard address object errors but still creates the object. |
511143 |
|
520558 |
Should not do passive port NAT for FTP session helper. |
521337 |
Adding ports in a custom ISDB service for all the IP of the service is not easily achievable. |
522447 |
FortiGate logging is not stable and stopped working. |
525995 |
Session marked dirty when routing table updated for route which is not related to the session. |
529685 |
WCCP not use the tunnel. |
535468 |
DCE/RPC session-helper expectation session is removed unexpectedly. |
536868 |
A FortiGate in TP mode with set send-deny-packet enabled policy, generates strange ICMP-REPLY for TCP SYN/ICMP-REQUEST/UD. |
537227 |
When forwarding the multicast traffic for the first time, the packet size is not calculated correctly. |
541248 |
FortiGate does not offer |
541596 |
Virtual server rejects TLS connections when plain RSA ciphers are specified in custom cipher-list. |
546145 |
If the firewall policy includes a nonexistent ISDB ID on updated ISDB version, the firewall policy is not read and reflected. |
FortiView
Bug ID |
Description |
---|---|
256264 |
Realtime session list cannot show IPv6 session and related issues. |
414172 |
HTTPsd / DNSproxy / high CPU / memory with high rate UDP 1Byte spoofing traffic. |
453610 |
Fortiview >Policies(or Sources) >Now, it shows nothing when filtered by physical interface at PPPoE mode. |
460016 |
In Fortiview > Threats, drill down one level, click Return and the graph is cleared. |
488886 |
FortiView > Sources is unable to sort information accurately when filtering by policy ID number. |
521497 |
FortiView > All Sessions > real time view is missing right-click menu to end session/ban ip. |
527751 |
No user name on Fortiview > Sources main page |
GUI
Bug ID |
Description |
---|---|
457966 |
Virtual wire pair > Add VLAN range filter on GUI. |
462011 |
GUI is blank when accessed by radius user with read-access profile. |
469082 |
|
470698 |
Create new default dashboards in factory default settings. |
473148 |
FGT5001D Sessions widget in Dashboard show negative % for nTurbo after throughput test. |
478057 |
Cannot restore configuration when GUI access to the FortiGate is via a connection with small bandwidth. |
479482 |
Timeout does not work properly if user moves away from FortiGate GUI. |
493704 |
While accessing FortiGate page, browser memory usage keeps spiking and finally PC hangs. |
498738 |
GUI creating B/W widget referencing SIT-Tunnel generates error. |
501911 |
In FOS-AWS prompts user password = instance ID, and forces user to change password upon initial log in. |
502785 |
Remove # of interfaces from device list. |
503867 |
Some certificates break Certificate page. |
505187 |
Getting error Some changes failed to save when configuring IPv4 policies on firewall. |
509791 |
Editing Address Objects name within SSL-SSH inspection profile selection pane cause loss of Address/Web exemption objects. |
509978 |
Unable to download the results of the scheduled script. |
515022 |
FortiGate and FSA has right connectivity, but Test Connectivity on GUI interface is showing |
516295 |
Error connecting to FortiCloud message while trying to access FortiCloud Reports in GUI. |
518964 |
Slowness when adding or removing member from address group via SSH. |
518970 | Suggestion to improve SD-WAN SLA creation page's invalid-entry handling. |
521253 |
LAG interface is not listed on the dropdown list when configuring DNS Service. |
523902 |
REST API issue: Access Token only verifies the first 30 characters. |
526748 |
Firewall policies with action DENY show default proxy-options applied in GUI. |
527137 |
Local GW disappears from GUI. |
528464 |
Disappearing policy add-also happens in 6.0.3 build 0200. |
533018 |
Process |
536841 |
DNS server in VPN SSL setting is overwritten when SSL-VPN settings are modified via GUI. |
HA
Bug ID |
Description |
---|---|
445214 |
Secondary unit in AP cluster memory/CPU spike as a result of DHCP/HA sync issue. |
461915 |
When standalone config sync is enabled in FGSP, IPv6 setting of interface is synced. |
477392 |
Can't use FAC username, password, and FortiToken two-factor authenticate login HA secondary unit |
481943 |
A green check mark indicating HA sync status on GUI is only put on a side of virtual cluster 1. |
482548 |
Conserve mode caused by hasync consuming most available memory. |
486846 |
FGSP session sync for FGCP cluster keeps syncronizing sessions back to the originator even after the traffic is stopped. |
487444 |
FortiGate stops accepting traffic from any interface in a hardware switch after HA fail-over in 80/81E. |
494029 |
After failover, cannot connect to management-IP of backup device. |
503433 |
|
503763 |
Config sync communication on heartbeat link not encrypted when encryption is enabled under system HA. |
503897 |
FG-501E units generating logs only for five minutes after rebooting the unit, then do not generate anymore logs. |
507013 |
Out of sync after config change. |
509557 |
Duplicate MAC on mgmt2 ports. |
510660 |
Upgrade to build 3574 fails for HA cluster. |
511522 |
HA uninterruptible upgrade from 9790 to 3558 fails. |
513940 |
Enormous amount of session between heartbeat Interfaces for port 703 (HASYNC). |
515401 |
SLBC-Dual mode: Secondary unit chassis blade sending traffic logs. |
516234 |
GUI checksums show secondary unit is not synchronized when the primary unit is synchronized. |
517537 |
Secondary unit out-of-sync. Unable to log into secondary unit. |
518116 |
Suggest to add a command to show virtual_mac usages on FGCP HA. |
518621 |
|
518717 |
MTU of session-sync-dev does not come into effect. |
519653 |
Increase FGSP session sync from 200 VDOM to 500 VDOM. |
523733 |
Successive failovers lead to complete traffic stop (IPSEC[01]_IQUEUE counter catching all traffic). |
526252 |
High memory caused by updated daemon. |
526492 |
FGSP between two FGCP clusters - session expectation. |
526703 |
FGSP of FGCP cluster, does not pickup NAT'ed sessions. |
530215 |
Application |
531083 |
Config of HA pair of FortiGates goes out of sync when removed from Central Management (FortiManager). |
531812 |
FGSP config replicating BGP and OSPF info after a config restore. |
532015 |
High CPU on Core1 due to session sync process. |
535534 |
Multicast-forward setting is lost after a backup restore on a FGCP cluster. |
538289 |
Old primary unit keeps forwarding traffic after failover. |
539707 |
Wrong status for ping server after failover in the output of the command |
ICAP
Bug ID |
Description |
---|---|
478617 |
ICAP X-Authenticated-Groups information. |
Intrusion Prevention
Bug ID |
Description |
---|---|
381062 |
Provide accurate statistics across multiple IPS daemons. |
452131 |
|
469608 |
ICMP Packets drop while FGD updates. |
476219 |
Delay for BFD in IPinIP traffic hitting policy with IPS while IPsec calculates new key. |
489557 |
|
503895 |
Traffic drops for 15 seconds when UTM is enabled. |
509352 |
|
516128 |
Victim is quarantined after IPS attack. |
517059 |
One arm sniffer is unable to see HTTPS log in web filter logs. |
537162 |
High memory due to IPS and SSL-VPN going into conserve mode. |
541224 |
Network loop over virtual-wire-pair in HA mode if running diagnose |
IPsec VPN
Bug ID |
Description |
---|---|
463441 |
NAT -T broken with AWS and Fortigate. |
471326 |
AES-256-GCM for phase 1. |
481720 |
Using transparent mode and policy base VPN, about 4 ICMP packets which exceed over MTU 1375 byte are dropped. |
491305 |
Packet from FCT can not go through VXLAN over IPsec depending on packet size. |
493918 |
Memory leak with IKED. |
494285 |
Slow IPsec traffic between FortiGate and AWS FortiGate once run iPerf between unix and linux. |
509559 |
|
514519 |
OSPF neighbor can't up because IPsec tunnel interface MTU keeps changing. |
515132 |
ADVPN shortcut continuously flapping. |
515375 |
VPN goes down randomly, also affects remote sites dialup. |
517088 |
IPsec Gateway never clears unless manually forced. |
517849 |
Index of existing OIDs changes when installing new IPsec tunnels to the FortiGate - breaks monitoring. |
518063 |
DPD shows unnegotiated and is not functioning correctly on ADVPN Spoke. |
519187 |
IKE route should not be deleted if it is needed by other |
520151 |
When two certificates are configured on p1, both aren't offered or the wrong one is offered. |
523567 |
MTU values does not gets calculated correctly in GRE over IPsec. |
524101 |
Unnecessary next-hop restriction on static route prevents using static routing on Hub with 'net-device disable.' |
527496 |
Rename One Click VPN to Overlay Controller VPN. |
529448 |
Shouldn't |
531203 |
Cannot edit existing phase1-interface config. |
536899 |
One issue and two possible enhancements when proxying IKE mode-cfg and DHCP. |
537140 |
KEv2 EAP - FortiGate fails to respond to IKE_AUTH when ECDSA certificate is used by ForitGate. |
537450 |
Site-to-site VPN policy based - with DDNS destination fail to connect. |
537769 |
FortiGate sends failure response to L2TP CHAP authentication attempt before checking it against RADIUS server. |
537848 |
FortiGate IPsec VPN phase1-interface and phase2-interface configurations are not saved into configuration file. |
540560 |
Missing IKE SA HA sync when FortiGate is mode-cfg client + xauth. |
Log & Report
Bug ID |
Description |
---|---|
387324 |
Archive mark is always on under UTM logs page when log-display location set to FAZ. |
477393 |
Negative values in 'Load Balance' monitor logs. |
479607 |
Scheduled auto-update happens twice in ten seconds but a log entry for the first try is not logged. |
490379 |
Long-live session statistics logs add |
491914 |
|
503394 |
Duplicate description for different log IDs: LOG_ID_CHG_CONFIG & LOG_ID_CONF_CHG etc. |
503395 |
Duplicate description for different log IDs: LOG_ID_POWER_FAILURE, LOG_ID_POWER_FAILURE_WARNING etc. |
503396 |
Duplicate description for different log IDs. |
503397 |
IPsec logging - Duplicate description for different log IDs. |
503398 |
AP Event log: Duplicate description for different log IDs. |
503399 |
PPPOE Event log: Duplicate description for different log IDs. |
503400 |
RADIUS event log: Duplicate description for different log IDs. |
503401 |
SSL Event logs: Duplicate description for different log IDs. |
504012 |
Duplicate description for different log IDs: LOG_ID_LEAVE_FD_CONSERVE_MODE, LOG_ID_LEAVE_FD_CONSERVE_MODE_NOTIF. |
505393 |
Quad File Dropped Reason forticloud-daily-quota-exceeded. |
510973 |
FortiGate with disk and send logs to FAZ has PCI alerts. |
513959 |
Memory usage in event log does not match the number in |
518402 |
|
521020 |
VPN usage duration days in local report is not correct. |
523829 |
When destination interface is PPPoE, intf-role is logged as Undefined even though the role is not undefined. |
531261 |
|
540157 |
Cannot view logs from FortiGate when secondary IP is used (only secondary IP is allowed to go internet on upstream). |
Proxy
Bug ID |
Description |
---|---|
458057 |
Constant DNS query on built-in FQDN cause network congestion. |
470407 |
IPv6-Happy-Eyeballs-Mechanism not working with proxy-based Webfilter-Profile. |
487096 |
SSL handshake fail when activate ESET application. |
491417 |
FortiGate is dropping server hello packets when urlfilter is enabled. |
493272 |
Multiple WAD crashes with signal 11 (Segmentation fault). |
500965 |
FGT-200E in kernel conserve mode. WAD process consuming high memory. |
505171 |
ICAP does not work if there is no other proxy-based UTM feature enabled in the policy. |
506995 |
FGT1200D WAD Crashing 5.6.5 (wad mapi). |
507155 |
System went into conserve mode due to wad after upgrade to 5.6.5. |
507585 |
Support multiple DC servers in the agentless NTLM auth as well as user based matching. |
512434 |
Need to do changes in default replacement message of |
512936 |
SSL certificate inspection in proxy mode doesn't use CN from Valid Certificate for categorization when SNI is not present. |
513270 |
Certificate error with SSL deep inspection. |
516147 |
WAD crashes. |
516863 |
Webproxy learn-client-ip webfilter's auth/warn/ovrd does not work. |
518933 |
Certificate inspection (CN base) web category filter doesn't work. |
519021 |
The customer is unable to access internal CRM application server with antivirus enabled. |
521051 |
HTTP WebSocket 101 switching protocol requests mismatch in v6.0.3. |
525518 |
Skype call drops when handled by WAD process after around three sec of being answered. |
526322 |
WAD Crashes when processing transparent proxy traffic after upgrade to 6.0.3. |
526667 |
FortiGate doesn't forward |
529792 |
WAD process crash with signal 11. |
530906 |
Certificate chaining is broken on FortiGate site (deep inspection) for certain web sites. |
531526 |
FTP proxy ignores OTP in authentication. |
531575 |
Web site access failure due to OCSP check in WAD + Deep SSL inspection. |
532121 |
WAD uses high CPU with "netlink recvmsg No buffer space available" after upgrade to 6.0.3+. |
534346 |
WAD memory leak on OCSP certificate caching. |
536063 |
SSL deep inspection doesn't work with OCSP stapling. |
536623 |
WAD performs category SSL-Exemptions when SSL-inspection profiles are in "protect-server" mode. |
537183 |
Removed default |
539452 |
FortiGate does not follow Authority key identifier when sending certificate chain in deep inspection. |
540067 |
Wildcard addresses removed from SSL deep inspection exempt list after upgrade to 6.0.4 from 5.6. |
REST API
Bug ID |
Description |
---|---|
424403 |
REST API for system csf didn't return csf group name. |
467747 |
REST API user cannot create API user via autoscript upload and cannot set API password via CLI. |
Routing
Bug ID |
Description |
---|---|
441506 |
BGP Aggregate address results in blackhole for incoming traffic. |
448205 |
Network devices must be configured with rotating keys used for authenticating IGP peers that have a duration of 180 days or less. |
449010 |
WAN LLB session log |
476805 |
FortiGate delays to send keepalive which causes neighbor's hold down timer to expire and reset the BGP neighborship. |
485408 |
Merge vwl_valeo project - No option for proute based on only dynamic routes. |
499328 |
Add VRF filtering capability to command |
500432 |
IGMP multicast joins taking very long time and uses high NSM CPU utilization. |
503638 |
config system ipip-tunnel is lost after reboot when pppoe interface is used. |
505189 |
Kernel is missing routes. |
509561 |
SD-WAN health check status log is incorrect. |
509768 |
Spillover rules do not work on PPPoE virtual-wan-link. |
511203 |
When using policy route for IPv6, NAT64 does not work. |
511932 |
Can't make mgmt1 and mgmt2 redundant interfaces. |
515683 |
FortiGate generates fragmented OSPFv3 DBD packets. |
518655 |
IPv6 doesn't respond to neighbor solicitation request. |
518677 |
Log message |
518943 |
RIPv2 with MD5 authentication key ID incompatible with other vendors. |
519498 |
Cease unspecified sent to all BGP peers when new peer is created. |
522258 |
Some missing fields in |
522271 |
Central NAT - Not updating when dst interface changes. |
525182 |
WLAN guest user in VDOM makes the cluster out of sync. |
526008 |
Differences between routing table and kernel forward information. ADVPN + BGP. |
527478 |
Proute list fill "null " application name. |
529683 |
Upgrade from 5.6 to 6.0 causes all routes to be advertised in BGP. |
530545 |
SD-WAN Health-Check - Reported packet loss inaccurate. |
531660 |
With VRRP use VRDST checking without default gateway. |
531947 |
SD WAN IPsec interfaces keep failing over when link selection strategy is set to Custom-profile. |
532257 |
OSPFD crash (Segmentation fault) - NSSA - removal of network statement for interface in 'down' state. |
533112 |
|
537110 |
BGP/BFD packets marked as CS0. |
538411 |
Successfully configured static route CLI commands fail with parse errors after reboot. |
539982 |
Multicast failed after failover from another interface. |
540103 |
OSPF6 will advertise only /128 prefixes to neighbours using point-to-point network type. |
544603 |
Multicast on interfaces with secondary IP addresses. |
Security Fabric
Bug ID |
Description |
---|---|
473086 |
Quarantine monitor, should support showing devices for the whole fabric. |
481381 |
Industry field shows up abnormally when adding security rating widget. |
491508 |
If downstream device is part of security fabric, it should be exempted from FortiClient enforcement. |
504773 |
Some minor GUI improvement to facilitate security fabric config. |
505068 |
Add CSF trust-list support into GUI. |
505073 |
Should let approval request message be more standing out. |
505656 |
Edge: Page reloaded when hovering on a connecting line between objects in topology. |
525790 |
Not able to connect through SSL VPN to addresses resolved by SDN dynamic objects. |
537130 |
Email notifications from automation stitches are being sent with a blank from field. |
SSL VPN
Bug ID |
Description |
---|---|
453740 |
Remove unused java source file in fortiweb/java. |
466438 |
High CPU usage by sslvpnd [web and mixed mode]. |
477231 |
Unable to login to VMware vSphere vCenter 6.5 through SSL VPN web portal. |
482497 |
Running diagnose npu np6lite session in FGT-201E results in high CPU and system instability. |
483712 |
SSLVPND consumes high memory causing FGT enter conserve mode. |
491130 |
SSLVPND 100% VPN when accessing OWA through bookmark. |
491733 |
SSL VPN process taking 99% of CPU utilization even not using SSL VPN. |
492654 |
SSLVPND process is crashing and users are disconnecting from SSL VPN. |
493127 |
Connection to web server freezes when using SSL VPN web bookmark. |
496584 |
SSL VPN bad password attempt causes excessive bindRequests against LDAP and lockout of accounts. |
500901 |
SSL VPN web portal connect to FMG (5.6.3) unable to view Managed devices and policy packages. |
508101 |
HTTPS bookmark to internal website produces error after the initial successful login. |
509333 |
SSL VPN to Nextcloud doesn't open. |
511107 |
RADIUS 2FA + password change against FAC fails due to unexpected state AVP + GUI bug. |
511111 |
When accessing an internal listing website via SSL VPN, loading long lists fails or is interrupted. |
515370 |
SSL VPN access denied if address object added after group object in firewall policy |
517819 |
Unable to load web page in SSL VPN web mode. |
518406 |
Unable to load WebPage through SSL VPN webmode. Some js files of xunta internal web sites have problems. |
519113 |
SSL VPN web mode SMB connection doesn't work when enable then disable SMBCD debug. |
519483 |
Invalid HTTP Request' when SMB via SSL VPN bookmark is executed. |
519987 |
HTTP bookmark error |
520307 |
Unable to view Cisco APIC web interface page after logging using SSL VPN web portal. |
520361 |
SSL VPN portal not loading predefined bookmarks. |
520965 |
IBM QRadar page not displaying in SSL VPN web-mode. |
521459 |
HSTS header missing again under SSL VPN. |
522987 |
Backup and restore the VDOM config with SSL VPN settings causes some critical flags and counter for SSL VPN to not update so SSL VPN stops working. |
523450 |
Unable to access internal website via bookmark in SSL VPN web mode. |
523647 |
Search result gives empty output upon accessing the URL https://ieeexplore.ieee.org via SSL VPN bookmark. |
523717 |
Dropdown list cannot get expanded through bookmarks (SSL VPN). |
525106 |
HTML PABX Admin Console not working correctly in SSL VPN mode. |
525375 |
Atlassian Confluence wiki Javascript problem via SSL VPN web mode. |
527342 |
sslConnGotoNextState:298 error when use SSL VPN bookmark method access huawei appliances. |
527348 |
JavaScript script is not available when connecting using SSL VPN web mode. |
527476 |
Update from web mode fails for SharePoint page using MS NLB. |
528289 |
SSL VPN crashes when it receives HTTP request with header "X-Forwarded-For" because of the wrong use of |
528630 |
For SSL VPN with the realm named |
529186 |
Problem loading reaching internal web server through SSL VPN Web bookmark when using HTTPS. Some js files of "srvdnsmgt" do not run correctly. |
529930 |
Scrolling in Jira is not working in SSL VPN web mode. |
530223 |
SSL VPN wants client certificate even when no client-cert for realm is configured. |
530833 |
Synology NAS login page stuck after login when accessing by SSL VPN Web portal. |
531683 |
Can't authenticate on internal web server using web mode SSL VPN. |
531827 |
Active cache memory leak after upgrade to 6.0.3 GA. |
532261 |
SSL VPN web mode RDP connection not working when security set to NLA. |
532464 |
Unable to load webpage in SSL VPN Webmode. |
533008 |
SSL web mode is not modifying links on certain web pages. |
534728 |
Unable to get dropdown menu from internal server via SSL VPN web mode connection. |
535739 |
SSL VPN bookmark fails with JavaScript error. |
536058 |
Redirected port is not entered in the URL through SSL VPN web mode. |
536847 |
Not able to access OnlyOffice through SSL VPN web mode. |
537120 |
Adding latest macOS in the SSL OS-check-list. |
537133 |
SSL VPN web mode gets redirected out of SSL VPN proxy. |
537275 |
SSL VPN for users with passwords that expires allows password change after the password is expired. |
537341 |
SSL bookmark is not loading a SAP portal information. |
538904 |
Unable to receive SSL tunnel IP address. |
539187 |
SSL VPN random stale sessions exhausting IP pool. |
539948 |
Unable to load webpage in SSL VPN web mode. |
545492 |
Unable to change tabs for internal website through web SSL VPN HTTPS bookmark. |
Switch Controller
Bug ID |
Description |
---|---|
306406 |
FortiSwitch Ports page display improvements. |
503402 |
Switch controller event: duplicate description for different log IDs. |
512112 |
Add |
522457 |
After a physical port of FortiLink LAG has link down/up, |
527521 |
On FortiSwitch Ports page, Display More does not work. |
529915 |
FortiGate sends FortiSwitch serial# in SNMP trap fgFcSwName instead of FortiSwitch hostname. |
530237 |
HA cluster out-of-sync after changing port POE mode on switch-controller managed-switch settings : Double commit. |
System
Bug ID |
Description |
---|---|
370151 |
CPU doesn't remove dirty flag when returns session back to NP6. |
404944 |
Kernel Panic on creation of aggregate interface belonging to different NP6, when NP6 is configured in low latency mode. |
408977 |
802.1AX L4 algorithm and NP4 do not distribute UDP evenly on egress LAG bundle. |
415910 |
CPU cores utilization shows 0 percent while handling CPS in 5.4. |
435910 |
On FG-50E and FG-51E ifHCOutOctets rolls as if counter32. |
462178 |
Front Panel "SPEED" LED is flushing Green when Transmitting & receiving data. |
466805 |
Adding USB Host devices to a virtual machine connected by USB to FortiGate 500D causes the units to restart in loop. |
468684 |
EHP drop improvement for units using NP_SERVICE_MODULE. |
471191 |
Request to improve CLI help text for config system NP6 session-timeout options. |
474737 |
fwgrp read&read-write access profile doesn't work properly. |
477886 |
PRP support. |
479533 |
|
481511 |
Sniffer packet feature does not display any reverse packets on trunk interface. |
482916 |
WAD crash with signal 6. |
488400 |
FGFM sessions timeout when NPU offloaded (also applies to 6.0.0). |
489772 |
|
491425 |
FortiGate sends MAB packet two minutes after receiving Access-Reject. |
492441 |
Policy packet capture does not show timestamp. |
492655 |
DNSproxy does not seem to update link-monitor module. |
493126 |
One of the aggregate port members is transmitting irregularly LACP packets. |
495572 |
Some of the FortiGate SNMP OIDs not giving any value. |
496934 |
DNS Domain List. |
498636 |
External resource should not update CMDB and cause FortiManager revision. |
499435 |
Allow packet sniffer to use RAM disk. |
503318 |
Accessing FDS via proxy server without DNS resolution. |
504057 |
Service Object Limitation of 4096 needs to be increased. |
505252 |
EMAC VLAN: SNMP data is incorrect. |
505468 |
Incorrect SNMP answer for |
505522 |
Intermittent failure of DHCP address assignment. |
505715 |
DHCP lease new IP to same EFTPOS S800 device cause DHCP lease exhausted. |
505927 |
ddnscd fortiddns monitor-interface is not being updated properly. |
505930 |
FG3700D freeze when deleting VDOM. |
506223 |
FortiGate is not compliant with rfc3397 (Domain Search Option Format). |
507518 |
Partial configuration loss after root VDOM restore. |
509939 |
Firewall objects not visible or editable (Return code -361) when logged in via SSH key authentication. |
510200 |
FGT DNS configuration doesn't allow one word domain names. |
510419 |
HTTP link-monitor - response parser is case-sensitive (Content-Length header). |
511018 |
SSH/SSL VPN connection to external VLAN interface drop by changing unrelated interface IP or restart OSPF. |
513339 |
Finisar FCLF8521p2BTL (FG-TRAN-GC) and (FS-TRAN-GC) FCLF8522P2BTL transceivers not detected by FortiOS. |
513419 |
High CPU on some cores of CPU and packet drops around 2-3%. |
516783 |
DSA and RSA fingerprints are identical. |
519246 |
|
519492 |
Not able to access TP FortiGate from different network. |
519493 |
MCLAG: if remote side change systemID, only one port goes down, the other remains up. |
521193 |
DNSPROXY causing high CPU usage. |
521902 |
Addresses are taking a long time to load. |
524083 |
MSS size negotiation is wrong when configured MTU value is less than 297. |
524422 |
Merge br_6-0_sp back to 6.0 and 6.2. |
525813 |
FortiGate managed by FortiManager intermittently going offline after rebooting FortiGate. |
526240 |
Inactive interfaces in LAG causing unbalance packet distribution and link saturation. |
526646 |
LAG interface flaps when the member ports go up. |
526771 |
Allow sit-tunnel to not specify the source address. |
526788 |
Password policy forces password change even if expire-status is disabled. |
527390 |
Kernel panic in the HA cluster with FortiGate-3800D units running FortiOS v6.0.0 build 0200 |
527599 |
Internal prioritization of OSPF/BGP/BFD packets in conjunction with HPE feature. |
527902 |
TXT records are truncated in DNS replies, when FortiGate is used as DNS server. |
528004 |
Add global log device statistics to SNMP. |
528465 |
GRE tunnel does not come up. |
531584 |
Kernel Panic when Fragmented Multicast Traffic received on EMAC-VLAN interface. |
531636 |
Certificate chain validation fails when trying to fetch the intermediate CA cert; untrusted cert presented. |
532966 |
In SNMPv3 config, to select the Encryption Algorithm should be "Encryption Algorithm" instead of the label "Authentication Algorithm". |
533556 |
Read-only admin account can delete IPsec SA. |
535420 |
SNMPv3 traps settings are not available in the GUI. |
535730 |
Memory leak after upgrade to 6.0.4. |
536520 |
GTP Tunnel States are not synced on subordinate unit after a reboot. |
536817 |
FortiGate sending DHCP offer using broadcast. |
539090 |
Modifying FortiGate administrator password to complex ones via SSH triggers a FortiManager password change by auto-update. |
540634 |
Status of a port member of a redundant interface changes if an alias is set. |
541211 |
Cannot create soft switch with VX LAN interface under same base interface. |
541243 |
DHCP option doesn't include all NTP servers. |
542258 |
DHCP exclusion isn't used for new DHCP range if the range is lower than the existing DHCP range. |
Upgrade
Bug ID |
Description |
---|---|
495994 |
After upgrade to V5.4.9, observing lot of IPS syntax errors on the console screen. |
511529 |
|
524948 |
Wrong |
530793 |
|
User & Device
Bug ID |
Description |
---|---|
437117 |
Single Sign-on, multiple FSSO polling servers with the same AD (LDAP) server, cannot select the same user or group. |
453095 |
Mobile FortiTokens not assignable VDOM in vcluster on secondary unit. |
470803 |
|
499941 |
Not able to SSH into FortiGate through FortiManager using TACAS+ user. |
516403 |
FSSO - established session aren't re-evaluated when a user is removed from an Active Directory group. |
523891 |
FortiGate: Unable to browse structure of Netscape LDAP. |
525648 |
FortiOS does not prompt for token when Access-Challenge is received - RADIUS authentication fails. |
525816 |
LDAP search issue after upgrade to 5.6.6 build 3444 from 5.6.5 build 3342. |
525925 |
Unable to login to FortiGate using Symantec 2-factor authentication. |
525929 |
LDAPS requests fail with fnbamd stop error "Not enough bytes". LDAP works fine. Additional timeout observed. |
527340 |
FortiGate fails to match User group after passing authentication (Local User). |
529945 |
Local certificate content changes should be directly applied for the |
535279 |
FortiGate sends error user password to RADIUS server for CMCC auth user sometimes. |
538304 |
Aggregate interface (four member) flapps when the third member interface goes down. |
538407 |
FortiOS doesn't allow setting |
VM
Bug ID |
Description |
---|---|
484540 |
FOS VM serial number changes during firmware upgrade. |
494858 |
0129: ha.hbdev=portX : |
512019 |
FortiGate VM closed network + UTM license showing Package update failed due to invalid contract. |
512713 |
Connectivity loss between FGT-SVM and FGT-VMX cause license to became invalid after one hour. |
523125 |
Should handle multiple IP address failover better during HA failover. |
526471 |
VMX: Adding a security group with ~30+ devices into the redirection policy the connection starts to experience huge delay. |
528405 |
FortiMeter Consumption is not accurate. |
540062 |
Kernel panic after upgrade from 5.6.7 to 5.6.8. |
541531 |
Service Manager is not automatically updated with the NSX dynamic security groups. |
VoIP
Bug ID |
Description |
---|---|
508277 |
Non-SIP packet send to SIP ALG got dropped with no log. |
509625 |
Issues with RTP when ISP connections flaps when two equal default routes are present. |
WCCP
Bug ID |
Description |
---|---|
500087 |
Support WCCP set up with one arm WCCP web cache diagram. |
Web Application Firewall
Bug ID |
Description |
---|---|
463468 |
Clients are unable to connect to the mail server when WAF is enabled on the VIP policy. |
Web Filter
Bug ID |
Description |
---|---|
486087 |
Unable to open one URL on the redirection after the upgrade. |
499604 |
Web Filter profile with SSL does not check SNI against server certificate. |
499864 |
Web Filter profile's proxy options to allow corporate Gmail accounts gets overlooked if "general interest" category is blocked. |
506707 |
Web filter CLI only |
507253 |
|
509860 |
Regex case insensitivity flag is ignored in 5.6.5 and 6.0.2 when FortiGate is in proxy mode. |
526555 |
WAD Segmentation Signal 11 in 6.0.3. |
531101 |
Web Filter inspection proxy mode unable to resolve hostname because website is unrated. |
531471 |
The URL filter is not blocking a page when there are many entries in it. |
532823 |
Wrong FortiGuard page displayed with Override enabled on Web Filter profile. |
536099 |
"Filtering Services Availability" keeps showing as green even when port 8888 is blocked by an upstream device. |
541539 |
URL filter wildcard expression not matched correctly in proxy mode. |
WiFi Controller
Bug ID |
Description |
---|---|
503106 |
Remote site client connected to the FAP14C Ethernet port is randomly not able to reach the LAN client connected to the FortiGate. |
505661 |
FortiWiFi sends DHCP Offer as a unicast address via WiFi interface even though the BROADCAST bit is set to "1" in DHCP Discover. |
507622 |
FortiGate does not send WTP-ID in RADIUS accounting packet when client is connected with captive-portal SSID. |
512606 |
FortiWiFi not working with FortiPresence Pro. |
519321 |
FWF-50E kernel panic due to a WiFi driver issue. |
520521 |
Application hostapd crashed - causing a wireless outage. |
521832 |
CAPWAP traffic is not offloaded successfully when using dynamic-vlan SSID and IPS profile or AV profile is enabled in the policy. |
522762 |
Frequent hostapd crash. |
525959 |
Part of FAP221C and FAPC24JE went offline and failed to be managed by the controller again. |
526107 |
Repeated |
527587 |
Different accounting behavior between FAP221C and FAPC24JE for CMCC portal auth. |
530328 |
CAPWAP traffic dropped when offloaded if packets are fragmented. |
543562 |
11r clients stuck on the default/fail VLAN when using WPA2 enterprise and dynamic-vlan while roaming between APs. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE references |
---|---|
395544 |
FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:
|
452730 |
FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:
|
491701 |
FortiOS6.2.0 is no longer vulnerable to the following CVE Reference:
Please read the section under Upgrade Information > FortiGuard protocol and port number. |
496642 |
FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:
|
528040 |
FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:
|
529353 |
FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:
|
529377 |
FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:
|
529712 |
FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:
|
529719 |
FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:
|
529745 |
FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:
|
534592 |
FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:
|
539553 |
FortiOS 6.2.0 is no longer vulnerable to the following CVE Reference:
|