Known issues
The following issues have been identified in version 6.2.6. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.
DNS Filter
Bug ID |
Description |
---|---|
582374 |
License shows expiry date of 0000-00-00 . |
Explicit Proxy
Bug ID |
Description |
---|---|
540091 |
Cannot access explicit FTP proxy via VIP. |
Firewall
Bug ID |
Description |
---|---|
651321 |
|
FortiView
Bug ID |
Description |
---|---|
635309 |
When choosing to view Compromised Hosts, FortiGate returns an error 500 when FQDN is set in |
673225 |
FortiView Top Traffic Shaping widget does not show data for outbound traffic if the source interface's role is WAN. The data can be shown if source interface's role is LAN, DMZ, or undefined. |
GUI
Bug ID |
Description |
---|---|
354464 |
AntiVirus archive logging enabled from the CLI will be disabled by editing the AntiVirus profile in the GUI, even if no changes are made. |
514632 |
Inconsistent reference count when using ports in HA |
529094 |
When creating an anti-spam block/allowlist entry, Mark as Reject should be grayed out. |
535099 |
The SSID dialog page does not have support for the new MAC address filter. |
541042 |
Log viewer forwarded traffic does not support multiple filters for one field. |
584915 |
OK button missing from many pages when viewed in Chrome on an Android device. |
584939 |
VPN event logs shows incorrectly when adding two Action filters and one of them contains "-". |
602102 |
Warning message is not displayed when a user configures an interface with a static IP address that is already in use. |
602397 |
Managed FortiSwitch and FortiSwitch Ports pages are slow to load when there are many managed FortiSwitches. |
621254 |
When creating or editing an IPv4 policy or address group, firewall address searching does not work if there is an empty wildcard address due to a configuration error. |
656429 |
Intermittent GUI process crash if a managed FortiSwitch returns a reset status. |
662640 |
Some GUI pages (dashboard, topology, policy list, interface list) are slow to load on low-end platforms when there are many concurrent HTTPSD requests. |
664007 |
GUI incorrectly shows warning, Botnet package update unavailable, if antivirus entitlement is expiring within 30 days. The actual botnet package update still works within the active entitlement duration. |
672599 |
After performing a search on firewall Addresses, the matched count over total count displayed for each address type shows an incorrect total count number. The search functionality still works correctly. |
688994 |
Web filter profile edit page incorrectly shows that URL filter is configured (even though it is not) if the URL filter entry has the same name as the web filter profile in the CLI. |
689605 |
On some browser versions, GUI shows a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0. |
691277 |
GUI displays the same traffic logs for primary and secondary HA view when logs are retrieved from FortiAnalyzer. |
HA
Bug ID |
Description |
---|---|
616345 |
Secondary device failed to sync with primary device when FGSP is peer configured, but hasync fails to bind socket. |
678309 |
Cluster is out of sync because of |
Intrusion Prevention
Bug ID |
Description |
---|---|
565747 |
IPS engine 5.00027 has signal 11 crash. |
586544 |
IPS intelligent mode not working when reflect sessions are created on different physical interfaces. |
587668 |
IPS engine 5.00035 has signal 11 crash. |
590087 |
When IPS pcap is enabled, traffic is intermittently disrupted after disk I/O reaches IOPS limit. |
668631 |
IPS is constantly crashing, and ipshelper has high CPU when IPS extended database has too many rules (more than 256) sharing the same pattern. Affected models: SoC3-based FortiGates. Workaround: disable CP or disable the extended database. config ips global set database regular set cp-accel-mode none end |
IPsec VPN
Bug ID |
Description |
---|---|
610203 |
When an offloaded IPsec SA uses NP6 reserved space, it gets stuck and packets on the tunnel start to drop. |
644780 |
Rectify the consequences if password renewal on FortiClient is canceled. |
645196 |
Static routes added by iked in non-root VDOM are not removed when tunnel interface status is set to down by configuration change. |
655895 |
Unable to route traffic to a spoke VPN site from the hub FortiGate when the dialup IPsec VPN interface is dual stacked (IPv4/IPv6). |
663126 |
Packets for the existing session are still forwarded via the old tunnel after the routing changed on the ADVPN hub. |
668554 |
Upon upgrading to FortiOS 6.2.6, a device with IPsec configured may experience IKE process crashes when any configuration change is made or an address change occur on a dynamic interface. |
Log & Report
Bug ID |
Description |
---|---|
606533 |
User observes |
651581 |
FortiGate tried to connect to FortiGate Cloud with the primary IP after reboot, although the secondary IP is the source in the FortiGuard log. |
REST API
Bug ID |
Description |
---|---|
584631 | REST API admin with token unable to configure HA setting (via login session works). |
Routing
Bug ID |
Description |
---|---|
537354 |
BFD/BGP dropping when |
654032 |
SD-WAN IPv6 route tag command is not available in the SD-WAN services. |
661769 |
SD-WAN rule disappears when an SD-WAN member experiences a dynamic change, such as during a dynamic PPPoE interface update. |
668982 |
Possible memory leak when BGP table version increases. |
670017 |
FortiGate as first hop router sometimes does not send register messages to the RP. |
672061 |
In IPsec topology with hub and ~1000 spokes, hundreds of spoke tunnels are flapping, causing BGP instability for other spokes. |
Security Fabric
Bug ID |
Description |
---|---|
614691 |
Slow GUI performance in large Fabric topology with over 50 downstream devices. |
649556 |
FortiNAC requests to FortiGate can timeout on low-end models when there are many concurrent requests. |
669436 |
Filter lookup for Azure connector in Subnet and Virtual Network sections only shows results for VMSS instance. |
SSL VPN
Bug ID |
Description |
---|---|
505986 | On IE 11, SSL VPN web portal displays blank page title {{::data.portal.heading}} after authentication. |
666194 |
WALLIX Manager GUI interface is not loading through SSL VPN web mode. |
667780 |
Policy check cache should include user or group information. |
669685 |
Split tunneling is not adding FQDN addresses to the routes. |
669707 |
The jstor.org webpage is not loading via SSL VPN bookmark. |
670803 |
Internal website, http://gd***.local/share/page?pt=login, log in page does not load in SSL VPN web mode. |
Switch Controller
Bug ID |
Description |
---|---|
588584 |
GUI should add support to allow using switch VLAN interface under a tenant VDOM on a managed switch VDOM. |
605864 |
If the firewall is downgraded from 6.2.3 to 6.2.2, the FortiLink interface looses its CAPWAP setting. |
671135 |
flcfg crashes while configuring FortiSwitches through FortiLink. |
System
Bug ID |
Description |
---|---|
464340 |
EHP drops for units with no NP service module. |
578031 |
FortiManager Cloud cannot be removed once the FortiGate has trouble on contract. |
600032 |
SNMP does not provide routing table for non-management VDOM. |
607565 |
Interface |
635308 |
|
637014 |
FortiGate in LENC mode unable to pass firmware signature verification and shows as uncertified after GUI upgrade. |
657629 |
ARM-based platforms do not have sensor readings included in SNMP MIBs. |
660709 |
The sflowd process has high CPU usage when application control is enabled. |
663083 |
Offloaded traffic from IPsec crossing the NPU VDOM link is dropped. |
666205 |
High CPU on L2TP process caused by loop. |
669951 |
confsyncd may crash when there is an error parsing through the internet service database, but no error is returned. |
676697 |
When a VRF is used on SoC4 platforms, nTurbo traffic is wrongly categorized as GTPU. |
694202 |
|
695803 |
Unable to reorder firewall DoS policy in GUI or CLI. |
Upgrade
Bug ID |
Description |
---|---|
658664 |
FortiExtender status becomes Workaround: change the config extender-controller extender edit <id> set admin enable next end |
User & Device
Bug ID |
Description |
---|---|
595583 |
Device identification via LLDP on an aggregate interface does not work. |
667689 |
Cannot select remote certificate imported from CLI for SAML IdP. |
682711 |
TACACS users cannot log in via the console. |
VM
Bug ID |
Description |
---|---|
587757 |
FG-VM image unable to be deployed on AWS with additional HDD (st1) disk type. |
596742 |
Azure SDN connector replicates configuration from primary device to secondary device during configuration restore. |
605511 |
FG-VM-GCP reboots a couple of times due to kernel panic. |
608881 |
IPsec VPN tunnel not staying up after failing over with AWS A-P cross-AZ setup. |
620654 |
Spoke dialup IPsec VPN does not initiate connection to hub after FG-VM HA failover in Azure. |
640436 |
FortiGate AWS bootstrapped from configuration does not read SAML settings. |
682420 |
Dialup IPsec tunnel from Azure may not be re-established after HA failover. |
668625 |
During every FortiGuard UTM update, there is high CPU usage because only one vCPU is available. |
WiFi Controller
Bug ID |
Description |
---|---|
609549 |
In the CLI, the WTP profile for |
680503 |
The current Fortinet_Wifi certificate will expire on 2021-02-11. |