Quarantined CDR files cannot be downloaded. Encountered 404 error when clicking Archived File.

Shared memory does not empty out properly under /tmp.

Cannot download DLP archived file from GUI for HTTPS, FTPS, SMTP and SMTPS.

Excessive false positives for credit card DLP profiles.

DLP blocks Gmail with deep inspection.

EPSV does not work when using an FTP proxy.

FTP traffic over HTTP explicit proxy does not generate traffic logs once receiving error message.

Enabling proxy policies (+400) increases memory by 30% and up to 80% total.

The specified port configurations of https-incoming-port for config web-proxy explicit disappeared after rebooting.

When a policy denies traffic for a VIP and send-deny-packet is enabled, ICMP unreachable message references the mapped address, not the external.

Get new CLI signal 11 crash log when performing execute internet-service refresh.

Hit Count column does not work for security policy with multiple VDOMs.

ISDB ID is missing when configuring internet service group objects.

ISDB matches all objects and chooses the best one based on their weight values and the firewall policy.

GUI traffic shaper Bandwidth Utilization should use KBps units.

Cannot establish the connection to the real servers using VIP server load-balancing after upgrading to FortiOS 6.2.2.

IPS engine did not resolve nested address groups when parsing the address group table for NGFW security policies.

Virtual load-balance VIP and intermittent HTTP health check failures.

Session stuck in proto_state=61 only when flow-based AV is enabled in the policy.

Adding more than one dynamic FSSO firewall address results in GUI and CLI error.

GUI response is very slow when accessing IPsec Monitor (api/v2/monitor/vpn/ipsec is taking a long

time).

Application groups improvements.

Cannot run Security Rating due to disk issue (diagnose security-rating clean fails).

NGFW mode should have a link to show all applications in the list.

High CPU utilization by httpsd daemon if there are too many API connections.

Wrong traffic shaper bandwidth unit on 32-bit platform GUI pages.

Status icon in Tunnel column on IPsec Tunnels page should be removed.

GUI behavior is different with local user using super admin profile and TACACS user using super admin profile.

Upgrading from build 0932 to build 1010 displays Malware Hash Threat Feed is not found or enabled error.

One-minute memory; CPU and Sessions widgets stopped updating after system entered and exited conserve mode.

Login page shows random characters when system language is not English.

Nessus vulnerability scan tool reported more medium level vulnerabilities for 6.2.3 compared with the 6.2.2 result.

pyfcgid crashed with signal 11 (Segmentation fault) received.

FortiGuard quota category details displays No matching entries found for local category.

GUI should allow user to create redundant IPsec tunnel over different interface to the same remote gateway.

Reduce the number of core used by httpsd for low-end platforms.

When deleting an AV profile in the GUI, there is no confirmation message prompt.

Block intra-zone traffic toggle button function is inverted in FortiOS 6.2.3.

Security Rating result for SSL VPN certificate fails when using a 384-bit elliptic curve certificate.

Data source is missing in child table entries in a complex type property.

GUI should add interface value check when creating a new zone.

Admin cannot log in to FortiGate GUI.

System goes into conserve mode when editing ISDB entries through GUI.

Interfaces is missing in the GUI in sections for IPv4 Policy and SSL-VPN Settings after upgrading from 6.2.2 to 6.2.3.

DPD setting in GUI cannot be reflected correctly when Dialup User and On Demand are set by the IPsec wizard.

GUI does not allow multiple IPsec tunnels with the same destination IP bound to the same interface but sourced from a different IP.

Firewall address page keeps loading addresses with read-write permission.

FortiGate enters conserve mode when accessing Amazon AWS ISDB object.

Revoke Token in GUI reports URL not found on server.

FG-OPC-ONDEMAND (FGVMPG license) shows FortiCare is not supported even though the license was registered in FortiCare.

When saving configuration under global interface, explicit proxy settings are removed.

FortiGate displays a hacked web page after selecting an IPS log.

Slow GUI response with httpsd intermittently consuming high CPU when GUI is accessed.

GUI takes 10-15 seconds to load Device Inventory, IPv4 Policy, and Interfaces pages.

Application hasync might crash several times due to accessing some out of bound memory when processing hastats data.

FG-3400E hasync reports the network is unreachable.

HA active-active primary unit attempts to steer HTTP and SMTP sessions to secondary unit over NPU-VLINK interfaces.

Deleting tunnel on primary unit via API call will not delete it from the secondary unit.

Local user creation causes HA to be out of sync for several minutes.

The configuration of the SD-WAN interface gateway IP should not sync.

In a FortiGate HA cluster, performance SLA (SD-WAN) information does not sync with the secondary unit.

HA failover takes over one minute when monitored aggregate interface goes down on primary device.

Security Policy page is slow to load due to empty security firewall statistic returning from IPS engine.

Remove the IPsec global lock.

IPsec does not support the new interface-subnet type in its phase2-interface and ipv4-split-include settings for dialup VPN.

In IPsec after HA failover, performance regression and IKESAs are lost.

Packet loss observed after ADVPN shortcut is created.

IPsec VPN IKEv2 interoperability issue when the FortiGate uses a group as P2 selectors with a non-FortiGate in a remote peer gateway.

Unable to reach network resources via L2TP over IPsec with WAN PPPoE connection.

Traffic unable to pass through for certain phase 2 selectors when there is double SA.

Problem establishing ADVPN shortcuts between spokes when the spoke has an additional VPN running.

L2TP/IPsec VPN disconnects frequently.

IKEv2 responder can delete static selectors when local narrowing occurs.

IKEv2 EAP-TLS handshake detected retransmit of client, but FortiGate does not retransmit its response.

The OCVPN log file was not closed or properly trimmed due to the incorrect state_refcnt. The OCVPN log file stayed open, grew extremely large, and was never trimmed.

L2TP disconnection when transferring large files.

IKE memory leak when IKEv2 certificate subject alternative name/peer ID matching occurs.

IKEv2 DPD is not triggered if network overlay network ID was mismatched when first configured.

After two HA failovers, one VPN interface member of SD-WAN cannot forward packets.

L2TP/IPsec does not send framed IP address in RADIUS accounting updates.

MTU calculation of shared dynamic phase 1 interface is too low compared to its phase 2 MTU and makes fragmentation high.

OCVPN secondary hub cannot register.

Logs to syslog server configured with FQDN addresses fail when the DNS entry gets updated for the FQDN address.

Log filter for user name in UPN format is not consistent when the log location is set to FortiAnalyzer and local disk.

GUI shows 401 Unauthorized error when downloading forward traffic logs with the time stamp as the filter criterion.

WAD crashed with signal 6 (MAPI/RPC).

FTP connection is not working with AV profile in proxy inspection mode when FTP user name contains an @.

Policy route does not apply to local-out traffic.

Improve algorithm to distribute ECMP traffic for source IP-based/destination IP-based.

IPv6 ECMP routes cannot be synchronized correctly to HA secondary unit.

BGP route is in routing table but not in FIB (kernel routing table).

OSPF over ADVPN flapping after shortcut tunnel established.

Traffic not following SD-WAN rules when one of the interfaces is VLAN.

SD-WAN GUI page bandwidth shows 0 issues when there is traffic running.

SD-WAN health check reports have packet loss if response time is longer than the check interval.

Policy routes with large address groups containing FQDNs no longer work after upgrading to 6.2.2.

SD-WAN route is not added in routing table when the SD-WAN interface members are IPv4 over IPv6 IPsec.

Prevent BGP daemon crashing when peer breaks TCP connection.

Locally originated traffic on non-default VRF may follow route on VRF 0 when there are routes with the same prefix on both VRFs.

Automation stitch cannot execute shutdown command when FortiGate enters kernel conserve mode.

IP address Threat Feed fabric connector not working.

FortiGate SDN connector not seeing all available tag name-value pairs.

Internal website not working through SSL VPN web mode.

SSL VPN does not correctly show Windows Admin center application.

SSL VPN LDAP group object matching only matches the first policy; is not consistent with normal firewall policy.

Third-party (Ultimo) web app does not load over SSL VPN web portal.

RDP sessions are terminated (disconnect) unexpectedly.

In web mode, third-party webpage stuck on loading animation; JavaScript error in console.

The SSL VPN web mode SSH widget is not connecting to the SSH server.

SSO for HTTPS fails when using "\" (backslash) with the domain\username format.

Different portals of SIPLAN COMPESA do not show properly in web mode.

SSL VPN bookmark does not load after clicking from the portal.

Website not fully loading through web portal bookmark; loads correctly with iPad user agent.

Cannot access some specific sites through SSL VPN web mode.

SSL VPN fails 90% when connecting with FortiClient.

SAML user name is not correctly recorded in logs when logging in to SSL VPN portal via SSO entry, and history cannot be shown.

Not possible to download PDF file after connecting to portal through SSL VPN bookmark.

FortiOS does not correctly re-write the Exchange OWA logoff URL when accessed via SSL VPN bookmark.

SSL VPN connection stuck at 95% or 98%.

Unable to deauthenticate FSSO user in GUI, but it works in CLI.

Webpage does not load properly through SSL VPN web mode (fails to show CAPTCHA).

Add SSL VPN SSO user logged in from SAML response.

In SSL VPN web mode, internal web services not working and tunnel mode is working fine.

Internal custom web application page running on Apache Tomcat is not displaying in SSL VPN web mode.

SSL VPN daemon crash.

Internal website is not accessible from SSL VPN as the URL is being modified.

SAML authentication group match does not work for SSL VPN; mismatched SAML user can also log in.

SSL VPN web portal bookmarks are not fully loading for Vivendi SelfService application.

GUI is not rendered well by SSL VPN portal when using domain and user to log in.

In SSL VPN web mode, page keeps loading after user authenticates into internal application.

In SSL VPN web mode, cannot display complete content on page, and cannot paste or type in the comments section.

Problem with rat***.com portal accessed via SSL VPN web mode.

RADIUS user and local token push cannot log in to SSL VPN portal/tunnel when the password needs to be changed.

Sending RADIUS accounting interim update messages with SSL VPN client framed IP are delayed.

Sslvpnd crashes when trying to query a DNS host name without a period (.).

Site in .NET framework 4.6 or 4.7 not loading in SSL VPN web mode.

SSL VPN web mode cannot open DFS share subdirectories, gives invalid HTTP request message.

Cannot access remote site using SSL VPN web mode after upgrading to FOS 6.2.2.

SSL VPN synology NAS web bookmark log in page does not work after upgrading to 6.2.3.

Internal website not working in SSL VPN web mode; cannot load ESS/MSS page.

Chinese characters are garbled when downloading from SMB/CIFS in SSL VPN web mode.

Internal website is not shown properly in SSL VPN web mode.

SSL VPN LDAP authentication does not work in multiple user group configurations after upgrading the firewall to 6.0.7.

Internal SAP website not working in SSL VPN web mode.

Mobile token is not required when LDAP user and LDAP group are set in SSL VPN policy together.

Internal HRIS website dropdown list box not loading in SSL VPN web mode.

SMB/CIFS bookmark name gets scrambled if it contains special characters like space, backslash, colon, etc.

Internal website is not accessible from SSL VPN due to some Sage X3 JS files with errors.

RDP over web mode SSL VPN to a Windows Server changes the time zone to GMT.

Traffic cannot pass through FortiGate for SSL VPN web mode if the user is a PKI peer.

SSL VPN web mode custom FortiClient download URL with %s causing sslvpnd to crash.

Traffic cannot pass through FortiGate for SSL VPN web mode if the user is a PKI peer.

SSL VPN user groups are corrupted in auth list when the user is a member of more than 100 groups.

SSL VPN web mode does not completely load the redirected corporate SSO page when accessing an internal resource.

sslvpnd crashing with signal 7 on get_free_idx.

On a managed FortiSwitch already running the latest GA image, Upgrade Available is shown.

Unable to push user group configuration from FortiGate to FortiSwitch, and user.group configuration is deleted.

Unable to push configuration changes from FortiGate to FortiSwitch.

LLDP policy did not download completely to the managed FortiSwitch 108Es.

Get fgt140d_i2c_write_byte_data:874 i2c_write_byte_data(0, 0x73, 0x00, 0x04) error! message by detecting transceiver. Affected platforms: FG-140D and FG-140D-POE.

FortiGate cannot display the script name from FortiManager.

SSDN address filter unable to handle space character.

SNMP polling stopped when FortiManager API script executed onto FortiGate.

Traffic can not be offloaded to both NTurbo and NP6 when DOS policy is applied on ingress/egress interface in a policy with IPS.

NP6 VLAN LACP-based interface RX/TX counters not increasing.

Customer with FG-50E getting high CPU with 6.2.1.

QSFP interface goes down when the get system interface transceiver command is interrupted.

Wrong source IP is bound for config system fortiguard.

Enabling auto-asic-offload results in keeping action=deny in traffic log with an accept entry.

FortiManager needs patch and minor number to update global database when FortiGate firmware upgrade does not trigger an auto-retrieve configuration.

Issue with TCP packets when traversing the virtual wire pair in transparent mode.

VLAN switch does not work on FG-100E.

FortiGate is not sending DHCP request after receiving offer.

Remove DST for Brazil.

Update daemon is locked to one resolved update server.

Out of order packets for an offloaded multicast stream.

diagnose internet-service match does not return the IP value of the IP reputation database object.

Unable to execute ping6 when configuring execute ping6-options tos, except for

default.

Invalid multicast policy created after transparent VDOM restored.

ISDB may cause crashes after downgrading FortiGate firmware.

DDNS monitor-interface uses the monitored interface if DDNS services other than FortiGuard DDNS are used.

Some of the clients are not getting their IP through DHCP intermittently.

NP multicast session remains after the kernel session is deleted.

DHCPv6 relay does not work on FG-2200E.

xcvrd crashed with signal 11.

Locally-originated DHCP relay traffic on non-default VRF may follow route on VRF 0.

Header line that is not freed might cause system to enter conserve mode in a transparent mode deployment.

When changing time zone on FG-101E, get Failed to set SMC timezone message.

More than usual NTP client traffic caused by frequent DNS lookups and NTP sync for new servers, which happens quite often on some global NTP servers.

Automatically logged out of CLI when trying to configure STP due to /bin/newcli crash.

Low throughput on FG-2201E for traffic with ECN flag enabled.

SMC NTP functions are enabled on some of the models that do not support the feature.

Get kernel panic when creating VLAN on GENEVE interface.

xcvrd attaches shared memory multiple times causing huge memory consumption.

fgfmsd crash due to REST agent.

FortiGate cannot be accessed by ping/telnet/ssh/capwap in transparent VDOM.

FortiGate not entering A records in shadow DNS database for cross-subdomain CNAME requests.

FG-101F should support the same WTP size (128) as FG-100F.

SSO admin with a user name over 35 characters cannot log in after the first login.

GUI RADIUS test fails with vdom-dns configuration.

No source IP option available for OCSP certificate checking.

UPN extraction does not work for particular PKI.

Admin GUI login makes the FortiGate unstable when there are lots of devices detected by device identification.

Deny log messages do not contain the username and group information.

FortiClient server certificate in FSSO CA uses weak public key strength of 1024 bits and certificate expiring in May 2020.

FortiGate does not respond to disclaimer page request when traffic hits a disclaimer-enabled policy with thousands of address objects.

FortiOS does not understand CMPv2 grantedWithMods response.

RDP sessions are terminated (disconnect) unexpectedly.

Captive portal exemption after upgrading the device from 6.2.2 to 6.2.3.

gui-wanopt cache missing under system settings after upgrading a FortiGate VM with two disks.

Enabling or disabling SR-IOV under vNIC creates duplicate MAC addresses and extra interfaces on the FortiGate.

Unable to bypass self-signed certificates on Chrome in macOS Catalina.

Static routes are not in sync on FortiGate Azure.

FG-VM-AZURE fails to boot up due to rtnl_lock deadlock.

Race condition may prevent FG-VM-Azure from booting up because of deadlock when processing NETVSC offering and vPCI offering at the same time.

FortiGate VM Azure in HA has unsuccessful failover.

License validation failure log message missing when using FortiManager to validate a VM.

HA secondary member instance shuts down due to RAM difference after stopping/starting the cluster instances.

VIP in autoscale on GCP not syncing to other nodes.

AWS-PAYG in HA setup can lose its VM license after rebooting with certain setup.

E1000 network adapter will be deleted if there is a VMXNET3 network adapter.

API call to associate elastic IP is triggered only when the unit becomes the primary device.

License validation failure log message missing when using FortiManager to validate VM.

IP pools are synchronized in FortiGate Azure HA.

Very hard to download image for FG-AWSONDEMAND from FDS.

AWS VM sometimes could not get fdsm image list from FDS.

voipd process crash.

Proxy web filtering blocks innocent sites due to urlsource="FortiSandBox Block".

Cannot enter a name for a web rating override and save—error message appears when entering the name.

Kernel panic observed on FWF-60E.

FortiAPs not shown in the GUI.

FortiGate in transparent mode cannot manage FortiAP devices successfully.

Unable to perform COA with device MAC address for 802.1x wireless connection when use-management-vdom is enabled.

When upgrading from 5.6.9 to 6.0.8, channels 120, 124, and 128 are no longer there for NZ country code.

Packet loss over CAPWAP tunneled SSID.