Cannot access explicit FTP proxy via VIP.

FTP traffic over HTTP explicit proxy does not generate traffic logs once receiving error message.

Enabling proxy policies (+400) increases memory by 30% and up to 80% total.

The specified port configurations of https-incoming-port for config web-proxy explicit disappeared after rebooting.

When a policy denies traffic for a VIP and send-deny-packet is enabled, ICMP unreachable message references the mapped address, not the external.

Get new CLI signal 11 crash log when performing execute internet-service refresh.

Hit Count column does not work for security policy with multiple VDOMs.

ISDB matches all objects and chooses the best one based on their weight values and the firewall policy.

GUI traffic shaper Bandwidth Utilization should use KBps units.

IPS engine did not resolve nested address groups when parsing the address group table for NGFW security policies.

Virtual load-balance VIP and intermittent HTTP health check failures.

Session stuck in proto_state=61 only when flow-based AV is enabled in the policy.

On FortiGate with double loop FortiSwitches, FortiView physical topology page cannot load; get Failed to get FortiView data error message.

Antivirus archive logging enabled from the CLI will be disabled by editing the antivirus profile in the GUI, even if no changes are made.

Inconsistent reference count when using ports in HA session-sync-dev.

When creating an antispam block/allow list entry, Mark as Reject should be grayed out.

Log viewer forwarded traffic does not support multiple filters for one field.

GUI response is very slow when accessing Monitor > IPsec Monitor (api/v2/monitor/vpn/ipsec is taking a long time).

HA warning message remains after primary unit takes back control.

Application groups improvements.

NGFW mode should have a link to show all applications in the list.

OK button missing from many pages when viewed in Chrome on an Android device.

VPN event logs are incorrectly filtered when there are two Action filters and one of them contains "-".

High CPU utilization by httpsd daemon if there are too many API connections.

Wrong traffic shaper bandwidth unit on 32-bit platform GUI pages.

Status icon in Tunnel column on IPsec Tunnels page should be removed.

Upgrading from build 0932 to build 1010 displays Malware Hash Threat Feed is not found or enabled error.

Login page shows random characters when system language is not English.

Nessus vulnerability scan tool reported more medium level vulnerabilities for 6.2.3 compared with the 6.2.2 result.

pyfcgid crashed with signal 11 (Segmentation fault) received.

FortiGuard quota category details displays No matching entries found for local category.

Reduce the number of core used by httpsd for low-end platforms.

Interface status is not displayed on faceplate when viewing from the System > HA page.

When deleting an AV profile in the GUI, there is no confirmation message prompt.

Warning message is not displayed when a user configures an interface with a static IP address that is already in use.

Block intra-zone traffic toggle button function is inverted in FortiOS 6.2.3.

FortiGate enters conserve mode when accessing Amazon AWS ISDB object.

When deleting an AV profile in the GUI, there is no confirmation message prompt.

Interfaces is missing in the GUI in sections for IPv4 Policy and SSL-VPN Settings after upgrading from 6.2.2 to 6.2.3.

GUI does not allow multiple IPsec tunnels with the same destination IP bound to the same interface but sourced from a different IP.

FG-OPC-ONDEMAND (FGVMPG license) shows FortiCare is not supported even though the license was registered in FortiCare.

FortiGate displays a hacked webpage after selecting an IPS log.

When creating or editing an IPv4 policy or address group, firewall address searching does not work if there is an empty wildcard address due to a configuration error.

GUI takes 10-15 seconds to load Device Inventory, IPv4 Policy, and Interfaces pages.

GUI does not list AliCoud SDN address filter.

FG-101F GUI should not add speed to virtual switch member port.

FortiGates in an HA A-P configuration may lose GUI access to the HA secondary device after a period of 8 days of inactivity, when at least one static IPv6 address is configured on an interface.

GUI incorrectly displays the warning, Botnet package update unavailable, AntiVirus subscription not found., when the antivirus entitlement is expiring within 30 days. The actual botnet package update still works within the active entitlement duration.

On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.

FG-3400E hasync reports the "Network is unreachable".

Local user creation causes HA to be out of sync for several minutes.

Application hasync might crash several times due to accessing some out of bound memory when processing hastats data.

The configuration of the SD-WAN interface gateway IP should not sync.

In a FortiGate HA cluster, performance SLA (SD-WAN) information does not sync with the secondary unit.

HA failover takes over one minute when monitored aggregate interface goes down on primary unit.

IPS engine 5.00027 has signal 11 crash.

IPS intelligent mode not working when reflect sessions are created on different physical interfaces.

IPS engine 5.00035 has signal 11 crash.

When IPS pcap is enabled, traffic is intermittently disrupted after disk I/O reaches IOPS limit.

Remove the IPsec global lock.

In IPsec after HA failover, performance regression and IKESAs is lost.

Packet loss observed after ADVPN shortcut is created.

Cannot pass traffic over ADVPN if: tunnel-search is set to nexthop, net-device disable, mode-cfg enable, and add-route disable.

IPsec VPN IKEv2 interoperability issue when the FortiGate uses a group as P2 selectors with a non-FortiGate in a remote peer gateway.

Unable to reach network resources via L2TP over IPsec with WAN PPPoE connection.

L2TP/IPsec VPN disconnects frequently.

The OCVPN log file was not closed or properly trimmed due to the incorrect state_refcnt. The OCVPN log file stayed open, grew extremely large, and was never trimmed.

IKEv2 DPD is not triggered if network overlay network ID was mismatched when first configured.

After two HA failovers, one VPN interface member of SD-WAN cannot forward packets.

L2TP/IPsec does not send framed IP address in RADIUS accounting updates.

MTU calculation of shared dynamic phase 1 interface is too low compared to its phase 2 MTU and makes fragmentation high.

OCVPN secondary hub cannot register.

Logs to syslog server configured with FQDN addresses fail when the DNS entry gets updated for the FQDN address.

GUI shows 401 Unauthorized error when downloading forward traffic logs with the time stamp as the filter criterion.

Incorrect sentdelta/rcvddelta in statistic traffic logs.

User observes FGT internal error while trying to log in or activate FortiGate Cloud from the web UI.

WAD is crashing with signal 6 in wad_fmem_free when processing SMB2/CIFS.

Multiple WAD crash on FG-500D after upgrading from 6.2.3 (wad_url_filter_user_cat_load_entry.constprop.7).

BFD/BGP dropping when outbandwidth is set on interface.

Policy route does not apply to local-out traffic.

Improve algorithm to distribute ECMP traffic for source IP-based/destination IP-based.

IPv6 ECMP routes cannot be synchronized correctly to HA secondary unit.

Traffic not following SD-WAN rules when one of the interfaces is VLAN.

SD-WAN GUI page bandwidth shows 0 issues when there is traffic running.

SD-WAN health check reports have packet loss if response time is longer than the check interval.

Policy routes with large address groups containing FQDNs no longer work after upgrading to 6.2.2.

FortiOS 6.2.3 by default drops reply packets received from a different interface (unlike 6.2.2).

FortiGate SDN connector not seeing all available tag name-value pairs.

Two-factor authentication with FortiToken easily bypassed when using LDAP authentication.

SSL VPN LDAP group object matching only matches the first policy; is not consistent with normal firewall policy.

Cannot access some specific sites through SSL VPN web mode.

SSL VPN daemon crash.

In SSL VPN web mode, page keeps loading after user authenticates into internal application.

In SSL VPN web mode, cannot display complete content on page, and cannot paste or type in the comments section.

RADIUS user and local token push cannot log in to SSL VPN portal/tunnel when the password needs to be changed.

Sslvpnd crashes when trying to query a DNS host name without a period (.).

SSL VPN synology NAS web bookmark log in page does not work after upgrading to 6.2.3.

SSL VPN LDAPS authentication does not work in multiple user group configurations after upgrading the firewall to 6.0.7.

Internal HRIS website dropdown list box not loading in SSL VPN web mode.

Traffic cannot pass through FortiGate in SSL VPN web mode if the user is a PKI peer.

Traffic cannot pass through FortiGate for SSL VPN web mode if the user is a PKI peer.

For a managed FortiSwitch already running the latest GA image, Upgrade Available tag shows unexpectedly.

GUI should add support to allow using switch VLAN interface under a tenant VDOM on a managed switch VDOM.

If the firewall is downgraded from 6.2.3 to 6.2.2, the FortiLink interface looses its CAPWAP setting.

Unable to push configuration changes from FortiGate to FortiSwitch.

LLDP policy did not download completely to the managed FortiSwitch 108Es.

Get fgt140d_i2c_write_byte_data:874 i2c_write_byte_data(0, 0x73, 0x00, 0x04) error! message by detecting transceiver. Affected platforms: FG-140D and FG-140D-POE.

EHP drops for units with no NP service module.

SDN address filter unable to handle space character.

SNMP polling stopped when FortiManager API script executed onto FortiGate.

FortiManager Cloud cannot be removed once the FortiGate has trouble on contract.

Traffic cannot be offloaded to both NTurbo and NP6 when DoS policy is applied on ingress/egress interface in a policy with IPS.

QSFP interface goes down when the get system interface transceiver command is interrupted.

Wrong source IP is bound for config system fortiguard.

Enabling auto-asic-offload results in keeping action=deny in traffic log with an accept entry.

VLAN switch does not work on FG-100E.

FortiGate is not sending DHCP request after receiving offer.

Update daemon is locked to one resolved update server.

diagnose internet-service match does not return the IP value of the IP reputation database object.

Unable to execute ping6 when configuring execute ping6-options tos, except for default.

Invalid multicast policy created after transparent VDOM restored.

ISDB may cause crashes after downgrading FortiGate firmware.

SNMP does not provide routing table for non-management VDOM.

DDNS monitor-interface uses the monitored interface if DDNS services other than FortiGuard DDNS are used.

Some of the clients are not getting their IP through DHCP intermittently.

NP multicast session remains after the kernel session is deleted.

DHCPv6 relay does not work on FG-2200E.

Locally-originated DHCP relay traffic on non-default VRF may follow route on VRF 0.

Header line that is not freed might cause system to enter conserve mode in a transparent mode deployment.

More than usual NTP client traffic caused by frequent DNS lookups and NTP sync for new servers, which happens quite often on some global NTP servers.

Automatically logged out of CLI when trying to configure STP due to /bin/newcli crash.

Low throughput on FG-2201E for traffic with ECN flag enabled.

SMC NTP functions are enabled on some of the models that do not support the feature.

Get kernel panic when creating VLAN on GENEVE interface.

xcvrd attaches shared memory multiple times causing huge memory consumption.

fgfmsd crash due to REST agent.

FortiGate cannot be accessed by ping/telnet/ssh/capwap in transparent VDOM.

FG-101F should support the same WTP size (128) as FG-100F.

Cannot create hardware switch on FG-100F.

SSO admin with a user name over 35 characters cannot log in after the first login.

FortiGate does not send user IP to TACACS server during authentication.

GUI RADIUS test fails with vdom-dns configuration.

Device identification via LLDP on an aggregate interface does not work.

Admin GUI login makes the FortiGate unstable when there are lots of devices detected by device identification.

No source IP option available for OCSP certificate checking.

UPN extraction does not work for particular PKI.

FortiClient server certificate in FSSO CA uses weak public key strength of 1024 bits and certificate expiring in May 2020.

FortiGate does not respond to disclaimer page request when traffic hits a disclaimer-enabled policy with thousands of address objects.

FortiOS does not understand CMPv2 grantedWithMods response.

gui-wanopt cache missing under system settings after upgrading a FortiGate VM with two disks.

FG-VM64-KVM is unable to boot up properly when doing a hard reboot with the host.

FG-VM image unable to be deployed on AWS with additional HDD(st1) disk type.

Azure SDN connector replicates configuration from primary unit to secondary unit during configuration restore.

Unable to bypass self-signed certificates on Chrome in macOS Catalina.

Static routes are not in sync on FortiGate Azure.

FG-VM-AZURE fails to boot up due to rtnl_lock deadlock.

Race condition may prevent FG-VM-Azure from booting up because of deadlock when processing NETVSC offering and vPCI offering at the same time.

FortiGate VM Azure in HA has unsuccessful failover.

License validation failure log message missing when using FortiManager to validate a VM.

AWS-PAYG in HA setup can lose its VM license after rebooting with certain setup.

VIP in autoscale on GCP not syncing to other nodes.

API call to associate elastic IP is triggered only when the unit becomes the primary device.

FG-VM-GCP reboots a couple of times due to kernel panic.

GUI and CLI interface dropdown lists are inconsistent.

IPsec VPN tunnel not staying up after failing over with AWS A-P cross-AZ setup.

IP pools are synchronized in FortiGate Azure HA.

Very hard to download image for FG-AWSONDEMAND from FDS.

Unable to update routing table for a resource group in a different subscription with FortiGate Azure SDN.

azd keeps crashing if Azure VM contains more than 15 tags.

Kernel panic observed on FWF-60E.

Unable to perform COA with device MAC address for 802.1x wireless connection when use-management-vdom is enabled.

When upgrading from 5.6.9 to 6.0.8, channels 120, 124, and 128 are no longer there for NZ country code.