Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiOS Release Notes

    Home FortiGate / FortiOS 6.2.11 FortiOS Release Notes
    6.2.11
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.10
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.9
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.14
    5.0.13
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2

    Resolved issues

    Resolved issues

    The following issues have been fixed in version 6.2.11. To inquire about a particular bug, please contact Customer Service & Support.

    Explicit Proxy

    Bug ID

    Description

    765761

    Firewall with forward proxy and UTM enabled is sending TLS probe with forward proxy IP instead of real server IP.

    Firewall

    Bug ID

    Description

    629529

    Local-in policy session will not update after policy changes.

    738584

    Firewall is using the wrong NAT IP address to send out traffic after removing the VIP and its associated policy.

    770668

    The packet dropped counter is not incremented for per-ip-shaper with max-concurrent-session as the only criterion and offload disabled on the firewall policy.

    GUI

    Bug ID

    Description

    746953

    On the Network > Interfaces page, users cannot modify the TFTP server setting. A warning with the message This option may not function correctly. It is already configured using the CLI attribute: tftp-server. appears beside the DHCP Options entry.

    749451

    On the Network > SD-WAN page, the volume sent/received displayed in the charts does not match the values provided from the REST API when the RX and TX values of diagnose sys sdwan intf-sla-log exceed 232-1.

    HA

    Bug ID

    Description

    627968

    Local-in policy with ha-mgmt-intf-only enabled is not installed properly.

    640327

    Duplicate logs are created by both primary and secondary devices for IPsec VPN.

    779512

    If the interface name is a number, an error occurs when that number is used as an hbdev priority.

    Intrusion Prevention

    Bug ID

    Description

    682071

    IPS signatures not working with VIP in proxy mode.

    698247

    Flow mode web filter ovrd crashes and socket leaks in IPS daemon.

    715360

    Each time an AV database update occurs (scheduled or manually triggered), the IPS engine restarts on the SLBC secondary blade.

    755859

    The IPS sessions count is higher than system sessions, which causes the FortiGate to enter conserve mode.

    775696

    Each time an AV database update occurs (scheduled or manual), the IPS engine restarts on the SLBC secondary blade. This stops UTM analysis for sessions affected by that blade.

    IPsec VPN

    Bug ID

    Description

    715671

    Traffic is failing on dialup VPN IKEv2 with EAP authentication.

    726326, 745331

    IPsec server with NP offloading drops packets with an invalid SPI during rekey.

    Log & Report

    Bug ID

    Description

    764478

    Logs are missing on FortiGate Cloud from the FortiGate.

    Proxy

    Bug ID

    Description

    603874

    WAD may encounter memory corruption issue if the resources allocated by FTS are not cleaned up properly.

    692444

    WAD memory leak is caused by missing a close event. The WAD receives a close event from TCP when the SSL port is blocked by the up application layer. If the SSL port input buffer does not have any data, then the close event will get ignored even if the application layer turns off blocking and the SSL port will leak.

    693441

    WAD crashes at wad_client_cert_req_act_get when SSL layer configuration is cleaned up after policy matching.

    729237

    WAD crash occurs that is related to virtual server traffic.

    Security Fabric

    Bug ID

    Description

    686420

    Dynamic address resolution is lost when SDN connector sends sync.callback command to the FortiGate.

    690812

    FortiGate firewall dynamic address resolution lost when SDN connector updates its cache.

    SSL VPN

    Bug ID

    Description

    677057

    SSL VPN firewall policy creation via CLI does not require setting user identity.

    737894

    If there are no users or groups in an SSL VPN policy, the SSL VPN daemon may crash when an FQDN is a destination address in the firewall policy.

    771162

    Unable to access SSL VPN bookmark in web mode.

    Switch Controller

    Bug ID

    Description

    740661

    FortiGate loses FortiSwitch management access due to excessive configuration pushes.

    System

    Bug ID

    Description

    627054

    HTTPSD signal 6 crash in cases of long application lists that are greater or equal to the maximum size of 16.

    642958

    FG-80E terminates the firewall session abruptly when the end-users download large files.

    651626

    A session clash is caused by the same NAT port. It happens when many sessions are created at the same time and they get the same NAT port due to the wrong port seed value.

    662239

    FGR-60F-3G4G hardware switch span does not work.

    671116

    Lack of null pointer check in NP6XLite driver may lead to kernel panic. Affected models: FG-40F, FG-60F, and FG-101F.

    681322

    TCP 8008 permitted by authd, even though the service in the policy does not include that port.

    682681

    DSL line takes a long time to synchronize.

    703219, 708446

    		 Kernel panic on FG-101F due to lack of null pointer check on NP6XLite driver.

    712321

    Multiple ports flapping when a single interface is manually brought up. Affected platforms: FG-3810D and FG-3815D.

    749613

    Unable to save configuration changes, and get failed: No space left on device error on FG-61E, FG-81E, and FG-101E.

    749835

    Traffic logs reports ICMP destination as unreachable for received traffic

    750171

    Legitimate traffic is unable to go through with NP6 synproxy enabled.

    751523

    When changing mode from DHCP to static, the existing DHCP IP is kept so no CLI command is generated and sent to FortiManager.

    754951

    Static ARP entry was removed while using DHCP relay.

    763185

    High CPU usage on platforms with low free memory upon IPS engine initialization.

    765452

    On FG-100F, no event is raised for PSU failure and the diagnostic command is not available.

    778474

    dhcpd is not processing discover messages if they contain a 0 length option, such as 80 (rapid commit). The warning, length 0 overflows input buffer, is displayed.

    User & Device

    Bug ID

    Description

    604906

    FortiOS does not prompt for token when using RADIUS and two-factor authentication to connect to IPsec IKEv2.

    757883

    FortiGate blocks expired root CA, even if the cross-signed intermediate CA of the root CA is valid.

    VM

    Bug ID

    Description

    759300

    gcpd has signal 11 crash at gcpd_mime_part_end.

    Web Filter

    Bug ID

    Description

    806920

    Incomplete TCP handshake with NP offloading enabled on policies with wireless interfaces.

    WiFi Controller

    Bug ID

    Description

    720497

    MAC authentication bypass is not working for some clients.

    Common Vulnerabilities and Exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE references

    689909

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-22306

    695018

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-22306

    707951

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2021-41032

    744267

    FortiOS 6.2.11 is no longer vulnerable to the following CVE References:

    • CVE-2021-3711
    • CVE-2021-3712

    749471

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2021-42755

    763982

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2021-43081

    764221

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2021-43206

    765177

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-22299

    787111

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2021-43072

    792067

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-0778

    797229

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-27491

    800259

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-29055
    Previous
    Next

    Resolved issues

    Resolved issues

    The following issues have been fixed in version 6.2.11. To inquire about a particular bug, please contact Customer Service & Support.

    Explicit Proxy

    Bug ID

    Description

    765761

    Firewall with forward proxy and UTM enabled is sending TLS probe with forward proxy IP instead of real server IP.

    Firewall

    Bug ID

    Description

    629529

    Local-in policy session will not update after policy changes.

    738584

    Firewall is using the wrong NAT IP address to send out traffic after removing the VIP and its associated policy.

    770668

    The packet dropped counter is not incremented for per-ip-shaper with max-concurrent-session as the only criterion and offload disabled on the firewall policy.

    GUI

    Bug ID

    Description

    746953

    On the Network > Interfaces page, users cannot modify the TFTP server setting. A warning with the message This option may not function correctly. It is already configured using the CLI attribute: tftp-server. appears beside the DHCP Options entry.

    749451

    On the Network > SD-WAN page, the volume sent/received displayed in the charts does not match the values provided from the REST API when the RX and TX values of diagnose sys sdwan intf-sla-log exceed 232-1.

    HA

    Bug ID

    Description

    627968

    Local-in policy with ha-mgmt-intf-only enabled is not installed properly.

    640327

    Duplicate logs are created by both primary and secondary devices for IPsec VPN.

    779512

    If the interface name is a number, an error occurs when that number is used as an hbdev priority.

    Intrusion Prevention

    Bug ID

    Description

    682071

    IPS signatures not working with VIP in proxy mode.

    698247

    Flow mode web filter ovrd crashes and socket leaks in IPS daemon.

    715360

    Each time an AV database update occurs (scheduled or manually triggered), the IPS engine restarts on the SLBC secondary blade.

    755859

    The IPS sessions count is higher than system sessions, which causes the FortiGate to enter conserve mode.

    775696

    Each time an AV database update occurs (scheduled or manual), the IPS engine restarts on the SLBC secondary blade. This stops UTM analysis for sessions affected by that blade.

    IPsec VPN

    Bug ID

    Description

    715671

    Traffic is failing on dialup VPN IKEv2 with EAP authentication.

    726326, 745331

    IPsec server with NP offloading drops packets with an invalid SPI during rekey.

    Log & Report

    Bug ID

    Description

    764478

    Logs are missing on FortiGate Cloud from the FortiGate.

    Proxy

    Bug ID

    Description

    603874

    WAD may encounter memory corruption issue if the resources allocated by FTS are not cleaned up properly.

    692444

    WAD memory leak is caused by missing a close event. The WAD receives a close event from TCP when the SSL port is blocked by the up application layer. If the SSL port input buffer does not have any data, then the close event will get ignored even if the application layer turns off blocking and the SSL port will leak.

    693441

    WAD crashes at wad_client_cert_req_act_get when SSL layer configuration is cleaned up after policy matching.

    729237

    WAD crash occurs that is related to virtual server traffic.

    Security Fabric

    Bug ID

    Description

    686420

    Dynamic address resolution is lost when SDN connector sends sync.callback command to the FortiGate.

    690812

    FortiGate firewall dynamic address resolution lost when SDN connector updates its cache.

    SSL VPN

    Bug ID

    Description

    677057

    SSL VPN firewall policy creation via CLI does not require setting user identity.

    737894

    If there are no users or groups in an SSL VPN policy, the SSL VPN daemon may crash when an FQDN is a destination address in the firewall policy.

    771162

    Unable to access SSL VPN bookmark in web mode.

    Switch Controller

    Bug ID

    Description

    740661

    FortiGate loses FortiSwitch management access due to excessive configuration pushes.

    System

    Bug ID

    Description

    627054

    HTTPSD signal 6 crash in cases of long application lists that are greater or equal to the maximum size of 16.

    642958

    FG-80E terminates the firewall session abruptly when the end-users download large files.

    651626

    A session clash is caused by the same NAT port. It happens when many sessions are created at the same time and they get the same NAT port due to the wrong port seed value.

    662239

    FGR-60F-3G4G hardware switch span does not work.

    671116

    Lack of null pointer check in NP6XLite driver may lead to kernel panic. Affected models: FG-40F, FG-60F, and FG-101F.

    681322

    TCP 8008 permitted by authd, even though the service in the policy does not include that port.

    682681

    DSL line takes a long time to synchronize.

    703219, 708446

    		 Kernel panic on FG-101F due to lack of null pointer check on NP6XLite driver.

    712321

    Multiple ports flapping when a single interface is manually brought up. Affected platforms: FG-3810D and FG-3815D.

    749613

    Unable to save configuration changes, and get failed: No space left on device error on FG-61E, FG-81E, and FG-101E.

    749835

    Traffic logs reports ICMP destination as unreachable for received traffic

    750171

    Legitimate traffic is unable to go through with NP6 synproxy enabled.

    751523

    When changing mode from DHCP to static, the existing DHCP IP is kept so no CLI command is generated and sent to FortiManager.

    754951

    Static ARP entry was removed while using DHCP relay.

    763185

    High CPU usage on platforms with low free memory upon IPS engine initialization.

    765452

    On FG-100F, no event is raised for PSU failure and the diagnostic command is not available.

    778474

    dhcpd is not processing discover messages if they contain a 0 length option, such as 80 (rapid commit). The warning, length 0 overflows input buffer, is displayed.

    User & Device

    Bug ID

    Description

    604906

    FortiOS does not prompt for token when using RADIUS and two-factor authentication to connect to IPsec IKEv2.

    757883

    FortiGate blocks expired root CA, even if the cross-signed intermediate CA of the root CA is valid.

    VM

    Bug ID

    Description

    759300

    gcpd has signal 11 crash at gcpd_mime_part_end.

    Web Filter

    Bug ID

    Description

    806920

    Incomplete TCP handshake with NP offloading enabled on policies with wireless interfaces.

    WiFi Controller

    Bug ID

    Description

    720497

    MAC authentication bypass is not working for some clients.

    Common Vulnerabilities and Exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE references

    689909

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-22306

    695018

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-22306

    707951

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2021-41032

    744267

    FortiOS 6.2.11 is no longer vulnerable to the following CVE References:

    • CVE-2021-3711
    • CVE-2021-3712

    749471

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2021-42755

    763982

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2021-43081

    764221

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2021-43206

    765177

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-22299

    787111

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2021-43072

    792067

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-0778

    797229

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-27491

    800259

    FortiOS 6.2.11 is no longer vulnerable to the following CVE Reference:

    • CVE-2022-29055
    Previous
    Next