Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known issues

The following issues have been identified in version 6.2.7. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

DNS Filter

Bug ID

Description

511729

Domain filter entries whose action is set to allow should not be logged.

582374

License shows expiry date of 0000-00-00.

Explicit Proxy

Bug ID

Description

540091

Cannot access explicit FTP proxy via VIP.

662931

Browsers change default SameSite cookie settings to Lax, and Kerberos authentication does not work in transparent proxy.

664548

When the FortiGate is configured as an explicit proxy and AV is enabled on the proxy policy, users cannot access certain FTP sites.

Firewall

Bug ID

Description

643446

Fragmented UDP traffic is silently dropped when fragments have different ECN values.

654356

Traffic is not hitting the rule it should in policy-based NGFW mode.

661014

FortiCarrier has GTP dropped packet log after configuring GTP allow list.

675353

Security policy (NGFW mode) flow-based UTM logs are still generated when policy traffic log is disabled.

682956

ISDB is empty/crashes after upgrading from 6.2.4/6.2.5 to 6.2.6.

683426

No hit counts on policy for DHCP broadcast packets in transparent mode.

FortiView

Bug ID

Description

628225

Compromised Hosts dashboard cannot show data if FortiAnalyzer is configured using the FQDN address in the log setting. FortiAnalyzer configured with an IP address does not have this issue.

635309

When choosing to view Compromised Hosts, FortiGate returns an error 500 when FQDN is set in config log fortianalyzer setting.

673225

FortiView Top Traffic Shaping widget does not show data for outbound traffic if the source interface's role is WAN. The data can be shown if source interface's role is LAN, DMZ, or undefined.

GUI

Bug ID

Description

354464

AntiVirus archive logging enabled from the CLI will be disabled by editing the AntiVirus profile in the GUI, even if no changes are made.

514632

Inconsistent reference count when using ports in HA session-sync-dev.

529094

When creating an anti-spam block/allowlist entry, Mark as Reject should be grayed out.

535099

The SSID dialog page does not have support for the new MAC address filter.

541042

Log viewer forwarded traffic does not support multiple filters for one field.

584915

OK button missing from many pages when viewed in Chrome on an Android device.

584939

VPN event logs are incorrectly filtered when there are two Action filters and one of them contains "-".

588159

When disabling Allow Endpoint Registration on the VPN Creation Wizard, the action succeeds, but the error Unable to setup VPN is incorrectly displayed.

592854

An address created by the VPN wizard cannot save changes due to an incorrect validation check for parentheses, (), in the Comments field.

601879

Get The web page cannot be found error message after factory reset.

602102

Warning message is not displayed when a user configures an interface with a static IP address that is already in use.

602397

Managed FortiSwitch and FortiSwitch Ports pages are slow to load when there are many managed FortiSwitches.

621254

When creating or editing an IPv4 policy or address group, firewall address searching does not work if there is an empty wildcard address due to a configuration error.

650708

When the client browser is in a different time zone from the FortiGate, the Guest Management page displays an incorrect expiry time for guest users. The CLI returns the correct expiry.

654626

Unable to change the action setting of Freeware and Software Downloads using the FortiGuard Category Based Filter of the DNS filter profile.

655255

FortiGuard resource retrieval delay causes GUI pages to respond slowly. Affected pages include: Firewall Policy, Settings (log and system), Explicit Proxy (web and FTP), System Global, and System CSF.

662640

Some GUI pages (dashboard, topology, policy list, interface list) are slow to load on low-end platforms when there are many concurrent HTTPSD requests.

664007

GUI incorrectly shows warning, Botnet package update unavailable, if antivirus entitlement is expiring within 30 days. The actual botnet package update still works within the active entitlement duration.

666500

The Confirm version downgrade warning message is not displayed when a user downgrades firmware between minor patch release versions using the manual upload option. Firmware downgrades from FortiGuard do not have this issue.

667863

GUI does not display FortiSwitch ports when multiple FortiLink interfaces are configured. FortiOS 6.4.0 and later supports multiple FortiLink configurations via the GUI.

672599

After performing a search on firewall Addresses, the matched count over total count displayed for each address type shows an incorrect total count number. The search functionality still works correctly.

672906

GUI does not redirect to the system reboot progress page after successfully restoring a configuration.

682440

On Firewall Policy list, tooltip for IP pool shows incorrect warning for port block allocation (PBA) being exhausted if there are still expiring PBAs available, which can be reallocated right away.

684076

Erroneous duplication error displayed when creating a phase 2 with Named IPv6 Address set to all if there is already a phase 2 entry defined with Named IPv4 Address set to all. The CLI must be used for this configuration.

688994

Web filter profile edit page incorrectly shows that URL filter is configured (even though it is not) if the URL filter entry has the same name as the web filter profile in the CLI.

689605

On some browser versions, GUI shows a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.

691277

GUI displays the same traffic logs for primary and secondary HA view when logs are retrieved from FortiAnalyzer.

HA

Bug ID

Description

540600

The HA hello-holddown value is divided by 10 in the hatalk daemon, which makes the hello-holddown time 10 times less than the configuration.

609631

Both nodes in HA simultaneous reboot when gtp-enhance-mode is enabled or disabled.

627851

After the HA peer node has been replaced, there needs to be a way to reset the HA health status back to OK.

652507

Sessions with syn_ses flags are not synced after reboot.

653095

Inband management IP connection breaks when failover occurs (only in virtual cluster setup).

657376

VLAN interfaces are created on a different virtual cluster primary instead of the root primary do not sync.

678309

Cluster is out of sync because of config vpn certificate ca after upgrade.

Intrusion Prevention

Bug ID

Description

565747

IPS engine 5.00027 has signal 11 crash.

590087

When IPS pcap is enabled, traffic is intermittently disrupted after disk I/O reaches IOPS limit.

617588

Unable to open TCP application via IPsec tunnel when np-accel-mode is enabled.

691395

Signature false positives causing outage after IPS database update.

IPsec VPN

Bug ID

Description

566076

IKED process signal 11 crash in an ADVPN and BGP scenario.

631804

OCVPN errors showing in logs when OCVPN is disabled.

642543

IPsec did not rekey when keylife expired after back-to-back HA failover.

644780

Rectify the consequences if password renewal on FortiClient is canceled.

650599

IKE HA sync truncates phase 2 options flags after the first eight bits.

655895

Unable to route traffic to a spoke VPN site from the hub FortiGate when the dialup IPsec VPN interface is dual stacked (IPv4/IPv6).

666693

If NAT-T IP changes, the dynamic IPsec spoke add route entry is stuck on the hub.

673049

FortiGate not sending its external interface IP in the IKE negotiation (Google Cloud Platform).

678800

Kernel may crash on link event update with net-device enabled.

687749

iked HA sync crashed on secondary with authenticated user group in firewall policy.

Log & Report

Bug ID

Description

606533

User observes FGT internal error while trying to log in or activate FortiGate Cloud from the web UI.

623471

FortiGate did not change the time after daylight saving time.

654363

Traffic log shows Policy violation for traffic hitting the allow policy in NGFW policy mode.

667274

FortiGate does not have log disk auto scan failure status log.

675347

During a local log search, it returns results immediately as the logs are checked.

677540

First TCP connection to syslog server is not stable.

Proxy

Bug ID

Description

603195

Multiple WAD crashes with signal 11.

655356

Proxy deep inspection fails if server uses TLS 1.3 cookies or record padding.

661063

If a client sends an RST to a WAD proxy, the proxy can close the connection to the server. In this case, the relatively long session expiration (which is usually 120 seconds by default) could lead to session number spikes in some tests.

675525

No WAD sessions displayed when running diagnose wad filter.

680651

Memory leak when retrieving the thumbnailPhoto information from the LDAP server.

681134

Proxy-based SSL certification inspection session might hang if there are no routes for the outbound connection.

REST API

Bug ID

Description

584631 REST API admin with token unable to configure HA setting (via login session works).

663441

REST API unable to change interface status when VDOMs are enabled.

Routing

Bug ID

Description

537354

BFD/BGP dropping when outbandwidth is set on interface.

641928

When BGP's recursive next hop can be resolved by multiple routes, the recursive distance is not taken into account when installing the routes. Multiple ECMP paths can be installed with different recursive distances to the next hop.

681433

GRE local-out traffic is not following SD-WAN rules.

685871

OSPFv3 routes are missing from routing table when unsetting or setting the ASBR table.

687034

bgpd memory leak if running BGP on 6.2.7 and 6.4.4.

Workaround: enable SD-WAN to avoid BGP memory leaking.

In 6.4:

config system sdwan
    set status enable
end

In 6.2:

config system virtual-wan-link
    set status enable
end

692241

BGP daemon consumes high CPU in ADVPN setup when disconnecting after socket writing error.

Security Fabric

Bug ID

Description

614691

Slow GUI performance in large Fabric topology with over 50 downstream devices.

649556

FortiNAC requests to FortiGate can timeout on low-end models when there are many concurrent requests.

660624

FortiAnalyzer Cloud should be taken into consideration when doing CLI check for CSF setting.

SSL VPN

Bug ID

Description

505986 On IE 11, SSL VPN web portal displays blank page title {{::data.portal.heading}} after authentication.

608195

AngularJS web application cannot load via SSL VPN web mode.

610905

SSL VPN bypassing logon count limit with different case in user name.

610995

SSL VPN web mode gets error when accessing internal website at https://st***.st***.ca/.

619296

FortiGate reverts default values of text on buttons in SSL VPN log on page.

628597

Unable to load the SSL VPN bookmark internal website, https://fi***.co.nz.

646339

SSL-SSH inspection profile changes to no-inspection after device reboots.

661290

https://mo***.be site is non-accessible in SSL VPN web mode.

662042

The https://outlook.office365.com and https://login.microsoft.com websites cannot be accessed in the SSL VPN web portal.

662871

SSL VPN web mode has problem accessing some pages on FortiAnalyzer 6.2.

673320

Pop-up window does not load correctly when accessing internal application at https://re***.wo***.nl using SSL VPN web mode.

678132

SSL VPN web portal SSO credentials for alternative option are not working.

685269

SSL VPN web mode is not working properly for aw***.co***.com website.

688023

SSL VPN bookmarked website shows empty page after logging in to SSL VPN gateway https://vd***.vi***.com

Switch Controller

Bug ID

Description

588584

GUI should add support to allow using switch VLAN interface under a tenant VDOM on a managed switch VDOM.

605864

If the firewall is downgraded from 6.2.3 to 6.2.2, the FortiLink interface looses its CAPWAP setting.

System

Bug ID

Description

464340

EHP drops for units with no NP service module.

572847

The wan1, wan2, and dmz interfaces should not be configured as hardware switch members on the 60F series. The wan interface should not be configured as a hardware switch member on the 40F series.

578031

FortiManager Cloud cannot be removed once the FortiGate has trouble on contract.

591078

Get zip conf file failed -1 error message when doing cfg-save.

600032

SNMP does not provide routing table for non-management VDOM.

607565

Interface emac-vlan feature does not work on SoC4 platform.

627236

TCP traffic disruption when traffic shaper takes effect with NP offloading enabled.

627629

DHCP client sent invalid DHCPREQUEST format during INIT state.

638738

In VDOM, config log syslogd xxx is not shown in show full-configuration.

642005

FortiGate does not send service-account-id to FortiManager via fgfm tunnel when FortiCloud is activated directly on the FortiGate.

643033

get system interface transceiver port1 should return RX power and TX power for all Ch0[1-4] with a 0 value or N/A when the admin port is down on one side and the link status is down.

664279

snmpd crashes when sorting a list-based ARP table if it has about 50,000 or more entries.

665332

When VDOM has large number of VIPs and policies, any firewall policy change causes cmdbsvr to become busy and use high CPU.

666418

SFP interfaces on FG-330xE do not show link light.

668856

Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped.

669914

No statistics for TX and RX counters for VLAN interfaces.

670897

Update GTP code to be compatible with newer versions (GTPv1 and GTPv2).

672183

UDP 4500 inter-VDOM traffic not offloaded, causing BFD/IPsec to drop.

673609

The auto-join FortiCloud re-try timer 600 second value is too large.

675171

L2TP enabled status should be configured before EIP and SIP.

677568

Failed to parse execute restore config properly when the command is from a FortiManager script.

678809

dhcpd crashes with signal 6.

680881

Rebooting device causes interface mode to change from static to DHCP.

694202

stpforward does not work with LAG interfaces on a transparent VDOM.

695803

Unable to reorder firewall DoS policy in GUI or CLI.

Upgrade

Bug ID

Description

658664

FortiExtender status becomes discovered after upgrading from 6.0.10 (build 0365).

Workaround: change the admin from discovered to enable after upgrading.

config extender-controller extender
    edit <id>
        set admin enable
    next
end

User & Device

Bug ID

Description

595583

Device identification via LLDP on an aggregate interface does not work.

643583

radius-vdom-override and accprofile-override do not work when administrator has 2FA enabled.

675226

The ssl-ocsp-source-ip setting not configurable in non-management VDOMs.

675539

FSSO collector status is down, despite that it is reported as connected by authd in a multi-VDOM environment.

VM

Bug ID

Description

587757

FG-VM image unable to be deployed on AWS with additional HDD (st1) disk type.

596742

Azure SDN connector replicates configuration from primary device to secondary device during configuration restore.

605511

FG-VM-GCP reboots a couple of times due to kernel panic.

608881

IPsec VPN tunnel not staying up after failing over with AWS A-P cross-AZ setup.

627106

FG-VM64 console shows hw csum failure for VLAN interface on mlx5_core PF.

640436

FortiGate AWS bootstrapped from configuration does not read SAML settings.

668625

During every FortiGuard UTM update, there is high CPU usage because only one vCPU is available.

Web Filter

Bug ID

Description

668325

Hanging FortiGuard connection is not torn down in some situations.

676403

Replacement message pictures (FortiGuard web filter) are not displayed in Chrome.

678467

Safe search URL option is not working while the original query in Google Images has the same parameter name.

Known issues

The following issues have been identified in version 6.2.7. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

DNS Filter

Bug ID

Description

511729

Domain filter entries whose action is set to allow should not be logged.

582374

License shows expiry date of 0000-00-00.

Explicit Proxy

Bug ID

Description

540091

Cannot access explicit FTP proxy via VIP.

662931

Browsers change default SameSite cookie settings to Lax, and Kerberos authentication does not work in transparent proxy.

664548

When the FortiGate is configured as an explicit proxy and AV is enabled on the proxy policy, users cannot access certain FTP sites.

Firewall

Bug ID

Description

643446

Fragmented UDP traffic is silently dropped when fragments have different ECN values.

654356

Traffic is not hitting the rule it should in policy-based NGFW mode.

661014

FortiCarrier has GTP dropped packet log after configuring GTP allow list.

675353

Security policy (NGFW mode) flow-based UTM logs are still generated when policy traffic log is disabled.

682956

ISDB is empty/crashes after upgrading from 6.2.4/6.2.5 to 6.2.6.

683426

No hit counts on policy for DHCP broadcast packets in transparent mode.

FortiView

Bug ID

Description

628225

Compromised Hosts dashboard cannot show data if FortiAnalyzer is configured using the FQDN address in the log setting. FortiAnalyzer configured with an IP address does not have this issue.

635309

When choosing to view Compromised Hosts, FortiGate returns an error 500 when FQDN is set in config log fortianalyzer setting.

673225

FortiView Top Traffic Shaping widget does not show data for outbound traffic if the source interface's role is WAN. The data can be shown if source interface's role is LAN, DMZ, or undefined.

GUI

Bug ID

Description

354464

AntiVirus archive logging enabled from the CLI will be disabled by editing the AntiVirus profile in the GUI, even if no changes are made.

514632

Inconsistent reference count when using ports in HA session-sync-dev.

529094

When creating an anti-spam block/allowlist entry, Mark as Reject should be grayed out.

535099

The SSID dialog page does not have support for the new MAC address filter.

541042

Log viewer forwarded traffic does not support multiple filters for one field.

584915

OK button missing from many pages when viewed in Chrome on an Android device.

584939

VPN event logs are incorrectly filtered when there are two Action filters and one of them contains "-".

588159

When disabling Allow Endpoint Registration on the VPN Creation Wizard, the action succeeds, but the error Unable to setup VPN is incorrectly displayed.

592854

An address created by the VPN wizard cannot save changes due to an incorrect validation check for parentheses, (), in the Comments field.

601879

Get The web page cannot be found error message after factory reset.

602102

Warning message is not displayed when a user configures an interface with a static IP address that is already in use.

602397

Managed FortiSwitch and FortiSwitch Ports pages are slow to load when there are many managed FortiSwitches.

621254

When creating or editing an IPv4 policy or address group, firewall address searching does not work if there is an empty wildcard address due to a configuration error.

650708

When the client browser is in a different time zone from the FortiGate, the Guest Management page displays an incorrect expiry time for guest users. The CLI returns the correct expiry.

654626

Unable to change the action setting of Freeware and Software Downloads using the FortiGuard Category Based Filter of the DNS filter profile.

655255

FortiGuard resource retrieval delay causes GUI pages to respond slowly. Affected pages include: Firewall Policy, Settings (log and system), Explicit Proxy (web and FTP), System Global, and System CSF.

662640

Some GUI pages (dashboard, topology, policy list, interface list) are slow to load on low-end platforms when there are many concurrent HTTPSD requests.

664007

GUI incorrectly shows warning, Botnet package update unavailable, if antivirus entitlement is expiring within 30 days. The actual botnet package update still works within the active entitlement duration.

666500

The Confirm version downgrade warning message is not displayed when a user downgrades firmware between minor patch release versions using the manual upload option. Firmware downgrades from FortiGuard do not have this issue.

667863

GUI does not display FortiSwitch ports when multiple FortiLink interfaces are configured. FortiOS 6.4.0 and later supports multiple FortiLink configurations via the GUI.

672599

After performing a search on firewall Addresses, the matched count over total count displayed for each address type shows an incorrect total count number. The search functionality still works correctly.

672906

GUI does not redirect to the system reboot progress page after successfully restoring a configuration.

682440

On Firewall Policy list, tooltip for IP pool shows incorrect warning for port block allocation (PBA) being exhausted if there are still expiring PBAs available, which can be reallocated right away.

684076

Erroneous duplication error displayed when creating a phase 2 with Named IPv6 Address set to all if there is already a phase 2 entry defined with Named IPv4 Address set to all. The CLI must be used for this configuration.

688994

Web filter profile edit page incorrectly shows that URL filter is configured (even though it is not) if the URL filter entry has the same name as the web filter profile in the CLI.

689605

On some browser versions, GUI shows a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.

691277

GUI displays the same traffic logs for primary and secondary HA view when logs are retrieved from FortiAnalyzer.

HA

Bug ID

Description

540600

The HA hello-holddown value is divided by 10 in the hatalk daemon, which makes the hello-holddown time 10 times less than the configuration.

609631

Both nodes in HA simultaneous reboot when gtp-enhance-mode is enabled or disabled.

627851

After the HA peer node has been replaced, there needs to be a way to reset the HA health status back to OK.

652507

Sessions with syn_ses flags are not synced after reboot.

653095

Inband management IP connection breaks when failover occurs (only in virtual cluster setup).

657376

VLAN interfaces are created on a different virtual cluster primary instead of the root primary do not sync.

678309

Cluster is out of sync because of config vpn certificate ca after upgrade.

Intrusion Prevention

Bug ID

Description

565747

IPS engine 5.00027 has signal 11 crash.

590087

When IPS pcap is enabled, traffic is intermittently disrupted after disk I/O reaches IOPS limit.

617588

Unable to open TCP application via IPsec tunnel when np-accel-mode is enabled.

691395

Signature false positives causing outage after IPS database update.

IPsec VPN

Bug ID

Description

566076

IKED process signal 11 crash in an ADVPN and BGP scenario.

631804

OCVPN errors showing in logs when OCVPN is disabled.

642543

IPsec did not rekey when keylife expired after back-to-back HA failover.

644780

Rectify the consequences if password renewal on FortiClient is canceled.

650599

IKE HA sync truncates phase 2 options flags after the first eight bits.

655895

Unable to route traffic to a spoke VPN site from the hub FortiGate when the dialup IPsec VPN interface is dual stacked (IPv4/IPv6).

666693

If NAT-T IP changes, the dynamic IPsec spoke add route entry is stuck on the hub.

673049

FortiGate not sending its external interface IP in the IKE negotiation (Google Cloud Platform).

678800

Kernel may crash on link event update with net-device enabled.

687749

iked HA sync crashed on secondary with authenticated user group in firewall policy.

Log & Report

Bug ID

Description

606533

User observes FGT internal error while trying to log in or activate FortiGate Cloud from the web UI.

623471

FortiGate did not change the time after daylight saving time.

654363

Traffic log shows Policy violation for traffic hitting the allow policy in NGFW policy mode.

667274

FortiGate does not have log disk auto scan failure status log.

675347

During a local log search, it returns results immediately as the logs are checked.

677540

First TCP connection to syslog server is not stable.

Proxy

Bug ID

Description

603195

Multiple WAD crashes with signal 11.

655356

Proxy deep inspection fails if server uses TLS 1.3 cookies or record padding.

661063

If a client sends an RST to a WAD proxy, the proxy can close the connection to the server. In this case, the relatively long session expiration (which is usually 120 seconds by default) could lead to session number spikes in some tests.

675525

No WAD sessions displayed when running diagnose wad filter.

680651

Memory leak when retrieving the thumbnailPhoto information from the LDAP server.

681134

Proxy-based SSL certification inspection session might hang if there are no routes for the outbound connection.

REST API

Bug ID

Description

584631 REST API admin with token unable to configure HA setting (via login session works).

663441

REST API unable to change interface status when VDOMs are enabled.

Routing

Bug ID

Description

537354

BFD/BGP dropping when outbandwidth is set on interface.

641928

When BGP's recursive next hop can be resolved by multiple routes, the recursive distance is not taken into account when installing the routes. Multiple ECMP paths can be installed with different recursive distances to the next hop.

681433

GRE local-out traffic is not following SD-WAN rules.

685871

OSPFv3 routes are missing from routing table when unsetting or setting the ASBR table.

687034

bgpd memory leak if running BGP on 6.2.7 and 6.4.4.

Workaround: enable SD-WAN to avoid BGP memory leaking.

In 6.4:

config system sdwan
    set status enable
end

In 6.2:

config system virtual-wan-link
    set status enable
end

692241

BGP daemon consumes high CPU in ADVPN setup when disconnecting after socket writing error.

Security Fabric

Bug ID

Description

614691

Slow GUI performance in large Fabric topology with over 50 downstream devices.

649556

FortiNAC requests to FortiGate can timeout on low-end models when there are many concurrent requests.

660624

FortiAnalyzer Cloud should be taken into consideration when doing CLI check for CSF setting.

SSL VPN

Bug ID

Description

505986 On IE 11, SSL VPN web portal displays blank page title {{::data.portal.heading}} after authentication.

608195

AngularJS web application cannot load via SSL VPN web mode.

610905

SSL VPN bypassing logon count limit with different case in user name.

610995

SSL VPN web mode gets error when accessing internal website at https://st***.st***.ca/.

619296

FortiGate reverts default values of text on buttons in SSL VPN log on page.

628597

Unable to load the SSL VPN bookmark internal website, https://fi***.co.nz.

646339

SSL-SSH inspection profile changes to no-inspection after device reboots.

661290

https://mo***.be site is non-accessible in SSL VPN web mode.

662042

The https://outlook.office365.com and https://login.microsoft.com websites cannot be accessed in the SSL VPN web portal.

662871

SSL VPN web mode has problem accessing some pages on FortiAnalyzer 6.2.

673320

Pop-up window does not load correctly when accessing internal application at https://re***.wo***.nl using SSL VPN web mode.

678132

SSL VPN web portal SSO credentials for alternative option are not working.

685269

SSL VPN web mode is not working properly for aw***.co***.com website.

688023

SSL VPN bookmarked website shows empty page after logging in to SSL VPN gateway https://vd***.vi***.com

Switch Controller

Bug ID

Description

588584

GUI should add support to allow using switch VLAN interface under a tenant VDOM on a managed switch VDOM.

605864

If the firewall is downgraded from 6.2.3 to 6.2.2, the FortiLink interface looses its CAPWAP setting.

System

Bug ID

Description

464340

EHP drops for units with no NP service module.

572847

The wan1, wan2, and dmz interfaces should not be configured as hardware switch members on the 60F series. The wan interface should not be configured as a hardware switch member on the 40F series.

578031

FortiManager Cloud cannot be removed once the FortiGate has trouble on contract.

591078

Get zip conf file failed -1 error message when doing cfg-save.

600032

SNMP does not provide routing table for non-management VDOM.

607565

Interface emac-vlan feature does not work on SoC4 platform.

627236

TCP traffic disruption when traffic shaper takes effect with NP offloading enabled.

627629

DHCP client sent invalid DHCPREQUEST format during INIT state.

638738

In VDOM, config log syslogd xxx is not shown in show full-configuration.

642005

FortiGate does not send service-account-id to FortiManager via fgfm tunnel when FortiCloud is activated directly on the FortiGate.

643033

get system interface transceiver port1 should return RX power and TX power for all Ch0[1-4] with a 0 value or N/A when the admin port is down on one side and the link status is down.

664279

snmpd crashes when sorting a list-based ARP table if it has about 50,000 or more entries.

665332

When VDOM has large number of VIPs and policies, any firewall policy change causes cmdbsvr to become busy and use high CPU.

666418

SFP interfaces on FG-330xE do not show link light.

668856

Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped.

669914

No statistics for TX and RX counters for VLAN interfaces.

670897

Update GTP code to be compatible with newer versions (GTPv1 and GTPv2).

672183

UDP 4500 inter-VDOM traffic not offloaded, causing BFD/IPsec to drop.

673609

The auto-join FortiCloud re-try timer 600 second value is too large.

675171

L2TP enabled status should be configured before EIP and SIP.

677568

Failed to parse execute restore config properly when the command is from a FortiManager script.

678809

dhcpd crashes with signal 6.

680881

Rebooting device causes interface mode to change from static to DHCP.

694202

stpforward does not work with LAG interfaces on a transparent VDOM.

695803

Unable to reorder firewall DoS policy in GUI or CLI.

Upgrade

Bug ID

Description

658664

FortiExtender status becomes discovered after upgrading from 6.0.10 (build 0365).

Workaround: change the admin from discovered to enable after upgrading.

config extender-controller extender
    edit <id>
        set admin enable
    next
end

User & Device

Bug ID

Description

595583

Device identification via LLDP on an aggregate interface does not work.

643583

radius-vdom-override and accprofile-override do not work when administrator has 2FA enabled.

675226

The ssl-ocsp-source-ip setting not configurable in non-management VDOMs.

675539

FSSO collector status is down, despite that it is reported as connected by authd in a multi-VDOM environment.

VM

Bug ID

Description

587757

FG-VM image unable to be deployed on AWS with additional HDD (st1) disk type.

596742

Azure SDN connector replicates configuration from primary device to secondary device during configuration restore.

605511

FG-VM-GCP reboots a couple of times due to kernel panic.

608881

IPsec VPN tunnel not staying up after failing over with AWS A-P cross-AZ setup.

627106

FG-VM64 console shows hw csum failure for VLAN interface on mlx5_core PF.

640436

FortiGate AWS bootstrapped from configuration does not read SAML settings.

668625

During every FortiGuard UTM update, there is high CPU usage because only one vCPU is available.

Web Filter

Bug ID

Description

668325

Hanging FortiGuard connection is not torn down in some situations.

676403

Replacement message pictures (FortiGuard web filter) are not displayed in Chrome.

678467

Safe search URL option is not working while the original query in Google Images has the same parameter name.