Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved issues

The following issues have been fixed in version 6.2.7. For inquires about a particular bug, please contact Customer Service & Support.

Firewall

Bug ID

Description

651321

sflowd is crashing due to invalid custom application category.

GUI

Bug ID

Description

656429

Intermittent GUI process crash if a managed FortiSwitch returns a reset status.

HA

Bug ID

Description

616345

Secondary device failed to sync with primary device when FGSP is peer configured, but hasync fails to bind socket.

671737

HA is not syncing after upgrading to 6.2.5 due to failure to bind socket.

Intrusion Prevention

Bug ID

Description

668631

IPS is constantly crashing, and ipshelper has high CPU when IPS extended database has too many rules (more than 256) sharing the same pattern. Affected models: SoC3-based FortiGates.

IPsec VPN

Bug ID

Description

610203

When an offloaded IPsec SA uses NP6 reserved space, it gets stuck and packets on the tunnel start to drop.

645196

Static routes added by iked in non-root VDOM are not removed when tunnel interface status is set to down by configuration change.

663126

Packets for the existing session are still forwarded via the old tunnel after the routing changed on the ADVPN hub.

668554

Upon upgrading to FortiOS 6.2.6, a device with IPsec configured may experience IKE process crashes when any configuration change is made or an address change occur on a dynamic interface.

670025

IKEv2 fragmentation-mtu option is not respected when EAP is used for authentication.

673258

FortiGate to Cisco IKEv2 tunnel randomly disconnects after rekey.

Log & Report

Bug ID

Description

651581

FortiGate tried to connect to FortiGate Cloud with the primary IP after reboot, although the secondary IP is the source in the FortiGuard log.

Routing

Bug ID

Description

654032

SD-WAN IPv6 route tag command is not available in the SD-WAN services.

661769

SD-WAN rule disappears when an SD-WAN member experiences a dynamic change, such as during a dynamic PPPoE interface update.

668982

Possible memory leak when BGP table version increases.

670017

FortiGate as first hop router sometimes does not send register messages to the RP.

672061

In IPsec topology with hub and ~1000 spokes, hundreds of spoke tunnels are flapping, causing BGP instability for other spokes.

Security Fabric

Bug ID

Description

631607

CSF root FortiGate cannot listen on loopback interface.

669436

Filter lookup for Azure connector in Subnet and Virtual Network sections only shows results for VMSS instance.

SSL VPN

Bug ID

Description

664121

SCM VPN disconnects when performing an SVN checkout.

666194

WALLIX Manager GUI interface is not loading through SSL VPN web mode.

667780

Policy check cache should include user or group information.

669685

Split tunneling is not adding FQDN addresses to the routes.

669707

The jstor.org webpage is not loading via SSL VPN bookmark.

670803

Internal website, http://gd***.local/share/page?pt=login, log in page does not load in SSL VPN web mode.

Switch Controller

Bug ID

Description

671135

flcfg crashes while configuring FortiSwitches through FortiLink.

System

Bug ID

Description

634202

STP does not work in transparent mode.

635308

factoryreset2 does not preserve all interfaces.

637014

FortiGate in LENC mode unable to pass firmware signature verification and shows as uncertified after GUI upgrade.

657629

ARM-based platforms do not have sensor readings included in SNMP MIBs.

660709

The sflowd process has high CPU usage when application control is enabled.

663083

Offloaded traffic from IPsec crossing the NPU VDOM link is dropped.

663815

Low IPS HTTP throughput on SoC4 platforms.

664478

Kernel crash caused race condition on vlif accessing.

666205

High CPU on L2TP process caused by loop.

669951

confsyncd may crash when there is an error parsing through the internet service database, but no error is returned.

676697

When a VRF is used on SoC4 platforms, nTurbo traffic is wrongly categorized as GTPU.

User & Device

Bug ID

Description

667689

Cannot select remote certificate imported from CLI for SAML IdP.

682711

TACACS users cannot log in via console.

VM

Bug ID

Description

620654

Spoke dialup IPsec VPN does not initiate connection to hub after FG-VM HA failover in Azure.

682420

Dialup IPsec tunnel from Azure may not be re-established after HA failover.

WiFi Controller

Bug ID

Description

609549

In the CLI, the WTP profile for radio-2 802.11ac and 80 MHz channels does not match the syntax collection files.

680503

The current Fortinet_Wifi certificate will expire on 2021-02-11.

Resolved issues

The following issues have been fixed in version 6.2.7. For inquires about a particular bug, please contact Customer Service & Support.

Firewall

Bug ID

Description

651321

sflowd is crashing due to invalid custom application category.

GUI

Bug ID

Description

656429

Intermittent GUI process crash if a managed FortiSwitch returns a reset status.

HA

Bug ID

Description

616345

Secondary device failed to sync with primary device when FGSP is peer configured, but hasync fails to bind socket.

671737

HA is not syncing after upgrading to 6.2.5 due to failure to bind socket.

Intrusion Prevention

Bug ID

Description

668631

IPS is constantly crashing, and ipshelper has high CPU when IPS extended database has too many rules (more than 256) sharing the same pattern. Affected models: SoC3-based FortiGates.

IPsec VPN

Bug ID

Description

610203

When an offloaded IPsec SA uses NP6 reserved space, it gets stuck and packets on the tunnel start to drop.

645196

Static routes added by iked in non-root VDOM are not removed when tunnel interface status is set to down by configuration change.

663126

Packets for the existing session are still forwarded via the old tunnel after the routing changed on the ADVPN hub.

668554

Upon upgrading to FortiOS 6.2.6, a device with IPsec configured may experience IKE process crashes when any configuration change is made or an address change occur on a dynamic interface.

670025

IKEv2 fragmentation-mtu option is not respected when EAP is used for authentication.

673258

FortiGate to Cisco IKEv2 tunnel randomly disconnects after rekey.

Log & Report

Bug ID

Description

651581

FortiGate tried to connect to FortiGate Cloud with the primary IP after reboot, although the secondary IP is the source in the FortiGuard log.

Routing

Bug ID

Description

654032

SD-WAN IPv6 route tag command is not available in the SD-WAN services.

661769

SD-WAN rule disappears when an SD-WAN member experiences a dynamic change, such as during a dynamic PPPoE interface update.

668982

Possible memory leak when BGP table version increases.

670017

FortiGate as first hop router sometimes does not send register messages to the RP.

672061

In IPsec topology with hub and ~1000 spokes, hundreds of spoke tunnels are flapping, causing BGP instability for other spokes.

Security Fabric

Bug ID

Description

631607

CSF root FortiGate cannot listen on loopback interface.

669436

Filter lookup for Azure connector in Subnet and Virtual Network sections only shows results for VMSS instance.

SSL VPN

Bug ID

Description

664121

SCM VPN disconnects when performing an SVN checkout.

666194

WALLIX Manager GUI interface is not loading through SSL VPN web mode.

667780

Policy check cache should include user or group information.

669685

Split tunneling is not adding FQDN addresses to the routes.

669707

The jstor.org webpage is not loading via SSL VPN bookmark.

670803

Internal website, http://gd***.local/share/page?pt=login, log in page does not load in SSL VPN web mode.

Switch Controller

Bug ID

Description

671135

flcfg crashes while configuring FortiSwitches through FortiLink.

System

Bug ID

Description

634202

STP does not work in transparent mode.

635308

factoryreset2 does not preserve all interfaces.

637014

FortiGate in LENC mode unable to pass firmware signature verification and shows as uncertified after GUI upgrade.

657629

ARM-based platforms do not have sensor readings included in SNMP MIBs.

660709

The sflowd process has high CPU usage when application control is enabled.

663083

Offloaded traffic from IPsec crossing the NPU VDOM link is dropped.

663815

Low IPS HTTP throughput on SoC4 platforms.

664478

Kernel crash caused race condition on vlif accessing.

666205

High CPU on L2TP process caused by loop.

669951

confsyncd may crash when there is an error parsing through the internet service database, but no error is returned.

676697

When a VRF is used on SoC4 platforms, nTurbo traffic is wrongly categorized as GTPU.

User & Device

Bug ID

Description

667689

Cannot select remote certificate imported from CLI for SAML IdP.

682711

TACACS users cannot log in via console.

VM

Bug ID

Description

620654

Spoke dialup IPsec VPN does not initiate connection to hub after FG-VM HA failover in Azure.

682420

Dialup IPsec tunnel from Azure may not be re-established after HA failover.

WiFi Controller

Bug ID

Description

609549

In the CLI, the WTP profile for radio-2 802.11ac and 80 MHz channels does not match the syntax collection files.

680503

The current Fortinet_Wifi certificate will expire on 2021-02-11.