Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in version 6.2.1. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Firewall

Bug ID

Description

541348

Shaper in shaping policy is not applied when URL category is configured.

FortiView

Bug ID

Description

375172

FortiGate under a FortiSwitch may be shown directly connected to an upstream FortiGate.

526956

FortiView widgets get deleted upon upgrading to B222.

544017

FortiView > VPN 1 hour historical shows entries from 8 hours ago when logged in from FortiCloud.

555524

ngfw-policy cannot be traced in FortiView.

567049

FortiView > Web Sites view issue when VDOM works with NGFW policy mode.

GUI

Bug ID

Description

442231

Link cannot show different colors based on link usage legend in logical topology real time view.

451776

Admin GUI has limit of 10 characters for OTP.

HA

Bug ID

Description

479987

FG MGMT1 does not authenticate Admin RADIUS users through primary unit (secondary unit works).

Intrusion Prevention

Bug ID

Description

445113

IPS engine 3.428 on FortiGate sometimes cannot detect Psiphon packets that iscan can detect.

IPsec VPN

Bug ID

Description

469798

The interface shaping with egress shaping profile doesn't work for offloaded traffic.

Log & Report

Bug ID

Description

412649

In NGFW Policy mode, FortiGate does not create web filter logs.

Proxy

Bug ID

Description

548233

SMTP, POP3, IMAP starttls cannot be exempted by FortiGate when first time traffic goes through FortiGate.

550056

When exempt SNI in SSL profile but SNI does not match CN, FortiGate closes the session and does not do deep inspection.

560893

When strict SNI check is enabled, FortiGate with certificate inspection cannot block session if SNI does not match CN.

Routing

Bug ID

Description

568908

Dynamic change no longer applies to routing and rule after disabling SD-WAN probe packets. Since SD-WAN probe is specifically for debugging, changing the behavior under rules and routes during debugging is not advisable.

Security Fabric

Bug ID

Description

403229

In FortiView display from FortiAnalyzer, the upstream FortiGate cannot drill down to final level for downstream traffic.

411368

In FortiView with FortiAnalyzer, the combined MAC address is displayed in the Device field.

SSL VPN

Bug ID

Description

405239

URL rewritten incorrectly for a specific page in application server.

476838

Check domain log-on as SSL VPN host checks condition.

495522

RDP session freezes when using SSL VPN tunnel mode.

564645

NGFW policy mode SSL VPN web portal traffic doesn't check security policy.

567073

SSL VPN web portal should remove Citrix and port forward connections option from GUI.

Switch Controller

Bug ID

Description

304199

Using HA with FortiLink can encounter traffic loss during failover.

357360

DHCP snooping may not work on IPv6.

462552

Add an extra dialog in the interface page to clean up config when changing a FortiLink interface back to a regular port.

System

Bug ID

Description

295292

If private-data-encryption is enabled, when restoring config to a FortiGate, the FortiGate may not prompt the user to enter the key.

364280

User cannot use ssh-dss algorithm to login to FortiGate via SSH.

385860

FG-3815D does not support 1GE SFP transceivers.

436746

NP6 counter shows packet drops on FG-1500D. Pure firewall policy without UTM.

472843

When FortiManager is set for DM = set verify-install-disable, FortiGate does not always save script changes.

474132

FG-51E hang under stress test since build 0050.

494042

If we create VLAN in VDOM A, then we cannot create ZONE name with the same VLAN name in VDOM B.

563410

TP VDOM interfaces removed after upgraded image from build 1672 (v5.6.8) to build 0915 (v6.2.1).

Upgrade

Bug ID

Description

470575

After upgrading from 5.6.3, g-sniffer-profile and sniffer-profile exist for IPS and web filter.

473075

When upgrading, multicast policies are lost when there is a zone member as interface.

481408

When upgrading from 5.6.3 to 6.0.0, the IPv6 policy is lost if there is SD-WAN member as interface.

494217

Peer user SSL VPN personal bookmarks do not show when upgrade to 6.0.1.

Workaround: Use CLI to rename the user bookmark to the new name.

539112

Devices configured under security-exempt-list become void after upgrade.

Web Filter

Bug ID

Description

538593

B0821: FGD service on https/8888 does not work well under specific wanopt topology.

545334

Web filter file filtering does not support FTP traffic inspection but user can still configure FTP protocol in GUI and CLI.

WiFi Controller

Bug ID

Description

560828

When the dtls-policy=ipsec-vpn is set, the FAP cannot be managed by FortiGate when VDOM type is policy based.

573024

FortiGate cannot manage FAP when admin trusthost is configured.

Workaround: Add the FAP IP address or subnet into trusthost list.

Known Issues

The following issues have been identified in version 6.2.1. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Firewall

Bug ID

Description

541348

Shaper in shaping policy is not applied when URL category is configured.

FortiView

Bug ID

Description

375172

FortiGate under a FortiSwitch may be shown directly connected to an upstream FortiGate.

526956

FortiView widgets get deleted upon upgrading to B222.

544017

FortiView > VPN 1 hour historical shows entries from 8 hours ago when logged in from FortiCloud.

555524

ngfw-policy cannot be traced in FortiView.

567049

FortiView > Web Sites view issue when VDOM works with NGFW policy mode.

GUI

Bug ID

Description

442231

Link cannot show different colors based on link usage legend in logical topology real time view.

451776

Admin GUI has limit of 10 characters for OTP.

HA

Bug ID

Description

479987

FG MGMT1 does not authenticate Admin RADIUS users through primary unit (secondary unit works).

Intrusion Prevention

Bug ID

Description

445113

IPS engine 3.428 on FortiGate sometimes cannot detect Psiphon packets that iscan can detect.

IPsec VPN

Bug ID

Description

469798

The interface shaping with egress shaping profile doesn't work for offloaded traffic.

Log & Report

Bug ID

Description

412649

In NGFW Policy mode, FortiGate does not create web filter logs.

Proxy

Bug ID

Description

548233

SMTP, POP3, IMAP starttls cannot be exempted by FortiGate when first time traffic goes through FortiGate.

550056

When exempt SNI in SSL profile but SNI does not match CN, FortiGate closes the session and does not do deep inspection.

560893

When strict SNI check is enabled, FortiGate with certificate inspection cannot block session if SNI does not match CN.

Routing

Bug ID

Description

568908

Dynamic change no longer applies to routing and rule after disabling SD-WAN probe packets. Since SD-WAN probe is specifically for debugging, changing the behavior under rules and routes during debugging is not advisable.

Security Fabric

Bug ID

Description

403229

In FortiView display from FortiAnalyzer, the upstream FortiGate cannot drill down to final level for downstream traffic.

411368

In FortiView with FortiAnalyzer, the combined MAC address is displayed in the Device field.

SSL VPN

Bug ID

Description

405239

URL rewritten incorrectly for a specific page in application server.

476838

Check domain log-on as SSL VPN host checks condition.

495522

RDP session freezes when using SSL VPN tunnel mode.

564645

NGFW policy mode SSL VPN web portal traffic doesn't check security policy.

567073

SSL VPN web portal should remove Citrix and port forward connections option from GUI.

Switch Controller

Bug ID

Description

304199

Using HA with FortiLink can encounter traffic loss during failover.

357360

DHCP snooping may not work on IPv6.

462552

Add an extra dialog in the interface page to clean up config when changing a FortiLink interface back to a regular port.

System

Bug ID

Description

295292

If private-data-encryption is enabled, when restoring config to a FortiGate, the FortiGate may not prompt the user to enter the key.

364280

User cannot use ssh-dss algorithm to login to FortiGate via SSH.

385860

FG-3815D does not support 1GE SFP transceivers.

436746

NP6 counter shows packet drops on FG-1500D. Pure firewall policy without UTM.

472843

When FortiManager is set for DM = set verify-install-disable, FortiGate does not always save script changes.

474132

FG-51E hang under stress test since build 0050.

494042

If we create VLAN in VDOM A, then we cannot create ZONE name with the same VLAN name in VDOM B.

563410

TP VDOM interfaces removed after upgraded image from build 1672 (v5.6.8) to build 0915 (v6.2.1).

Upgrade

Bug ID

Description

470575

After upgrading from 5.6.3, g-sniffer-profile and sniffer-profile exist for IPS and web filter.

473075

When upgrading, multicast policies are lost when there is a zone member as interface.

481408

When upgrading from 5.6.3 to 6.0.0, the IPv6 policy is lost if there is SD-WAN member as interface.

494217

Peer user SSL VPN personal bookmarks do not show when upgrade to 6.0.1.

Workaround: Use CLI to rename the user bookmark to the new name.

539112

Devices configured under security-exempt-list become void after upgrade.

Web Filter

Bug ID

Description

538593

B0821: FGD service on https/8888 does not work well under specific wanopt topology.

545334

Web filter file filtering does not support FTP traffic inspection but user can still configure FTP protocol in GUI and CLI.

WiFi Controller

Bug ID

Description

560828

When the dtls-policy=ipsec-vpn is set, the FAP cannot be managed by FortiGate when VDOM type is policy based.

573024

FortiGate cannot manage FAP when admin trusthost is configured.

Workaround: Add the FAP IP address or subnet into trusthost list.