Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved issues

The following issues have been fixed in version 6.2.8. For inquires about a particular bug, please contact Customer Service & Support.

DNS Filter

Bug ID

Description

511729

Domain filter entries whose action is set to allow should not be logged.

Explicit Proxy

Bug ID

Description

624513

IP pool address in proxy policy is not used sometimes when enabling a security profile.

662931

Browsers change default SameSite cookie settings to Lax, and Kerberos authentication does not work in transparent proxy.

664548

When the FortiGate is configured as an explicit proxy and AV is enabled on the proxy policy, users cannot access certain FTP sites.

681054

Web proxy users are disconnected due to external resource update flushing the user even if they do not have an authentication rule using the related proxy address or IP list.

689002

Proxy traffic failed after modifying resource setting in external connector.

697566

Explicit proxy unable to access a particular URL (https://***.my.salesforce.com) after upgrading from 5.6.12 to 6.2.7.

Firewall

Bug ID

Description

474612

SNAT is using low ports below 1023 for NTP.

611781

Search option on IPv4 policy page not working; after typing in the search bar, no results are displayed.

616220

ICMP reply packets are dropped by the FortiGate.

643446

Fragmented UDP traffic is silently dropped when fragments have different ECN values.

661014

FortiCarrier has GTP dropped packet log after configuring GTP allow list.

675353

Security policy (NGFW mode) flow-based UTM logs are still generated when policy traffic log is disabled.

682956

ISDB is empty/crashes after upgrading from 6.2.4/6.2.5 to 6.2.6.

683426

No hit counts on policy for DHCP broadcast packets in transparent mode.

683604

When changing a policy and creating a firewall sniffer concurrently, there is traffic that is unrelated to the policy that is being changed and matching the implicit deny policy. Some IPv4 firewall policies were missing after the change.

699785

Firewall performance may degrade when thousands of VIPs are configured.

FortiView

Bug ID

Description

628225

Compromised Hosts dashboard cannot show data if FortiAnalyzer is configured using the FQDN address in the log setting. FortiAnalyzer configured with an IP address does not have this issue.

GUI

Bug ID

Description

592854

An address created by the VPN wizard cannot save changes due to an incorrect validation check for parentheses, (), in the Comments field.

593860

Users are able to apply modifications to a policy inline from within the policy list when FortiManager GUI read-only restrictions are in place.

601879

When logging in to the dashboard after a factory reset, the dashboard displays The web page cannot be found.

631041

Assigning an RSSO group to a firewall policy does not enable RSSO on the policy.

639617

On Explicit Web Proxy Policy page, unable to change Outgoing Source IP option from IP Pools to Proxy Default or Original Source IP. CLI does not have this issue.

650708

When the client browser is in a different time zone from the FortiGate, the Guest Management page displays an incorrect expiry time for guest users. The CLI returns the correct expiry.

654626

Unable to change the action setting of Freeware and Software Downloads using the FortiGuard Category Based Filter of the DNS filter profile.

655255

FortiGuard resource retrieval delay causes GUI pages to respond slowly. Affected pages include: Firewall Policy, Settings (log and system), Explicit Proxy (web and FTP), System Global, and System CSF.

656599

After upgrading firmware, the CLI script action has a required administrator profile to restrict capabilities. This profile cannot exceed the current administrator's permissions. When configuring a stitch, an administrator can only choose a CLI script that has equal or lesser permissions that the current administrator.

656668

On the System > HA page, GUI tooltip for the reserved management interface incorrectly shows the connecting IP address instead of the configured IP address.

661703

High latency when selecting Security Fabric > Physical Topology/Logical Topology pages in Firefox.

662640

Some GUI pages (dashboard, topology, policy list, interface list) are slow to load on low-end platforms when there are many concurrent HTTPSD requests.

665597

When set server-identity-check is enabled, Test User Credentials fails when performed on the CLI and passes when run from the GUI. The GUI implementation has been updated to match that of the CLI.

666500

The Confirm version downgrade warning message is not displayed when a user downgrades firmware between minor patch release versions using the manual upload option. Firmware downgrades from FortiGuard do not have this issue.

667863

GUI does not display FortiSwitch ports when multiple FortiLink interfaces are configured. FortiOS 6.4.0 and later supports multiple FortiLink configurations via the GUI.

672906

GUI does not redirect to the system reboot progress page after successfully restoring a configuration.

689605

On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.

691277

When logs are retrieved from FortiAnalyzer, the GUI displays the same traffic logs for primary and secondary HA devices.

HA

Bug ID

Description

540600

The HA hello-holddown value is divided by 10 in the hatalk daemon, which makes the hello-holddown time 10 times less than the configuration.

609631

Both nodes in HA simultaneous reboot when gtp-enhance-mode is enabled or disabled.

627851

After the HA peer node has been replaced, there needs to be a way to reset the HA health status back to OK.

650624

HA GARP sending was delayed due to lots of transceiver reading.

652507

Sessions with syn_ses flags are not synced after reboot.

653095

Inband management IP connection breaks when failover occurs (only in virtual cluster setup).

657376

VLAN interfaces are created on a different virtual cluster primary instead of the root primary do not sync.

678309

Cluster is out of sync because of config vpn certificate ca after upgrade.

690248

Malicious certificate database is not getting updated on the secondary unit.

693223

hasync crashes with signal 11 in ha_same_fosver_with_manage_master.

703047

hbdev goes up and down quickly, then the cluster keeps changing rapidly. hasync objects might access invalid cluster information that causes it to crash.

Intrusion Prevention

Bug ID

Description

657541

On FG-80D, the IPS engine daemon count drops to 0 when the CPU number is 4.

668631

IPS is constantly crashing, and ipshelper has high CPU when IPS extended database has too many rules (more than 256) sharing the same pattern. Affected models: SoC3-based FortiGates.

686301

ipshelper CPU spikes when configuration changes are made.

689259

Flow-based AV scanning does not send specific extension files to FortiSandbox.

689590

IP quarantine is not working on FG-80D.

691395

Signature false positives causing outage after IPS database update.

IPsec VPN

Bug ID

Description

566076

IKED process signal 11 crash in an ADVPN and BGP scenario.

597246

When disabling and re-enabling OCVPN after HA failover, the IPsec tunnel cannot be established.

631804

OCVPN errors showing in logs when OCVPN is disabled.

638352

In extreme situations when thousands of tunnels are negotiating simultaneously (IKEv2), iked process gets exhausted and stuck.

642543

IPsec did not rekey when keylife expired after back-to-back HA failover.

650599

IKE HA sync truncates phase 2 options flags after the first eight bits.

655895

Unable to route traffic to a spoke VPN site from the hub FortiGate when the dialup IPsec VPN interface is dual stacked (IPv4/IPv6).

666693

If NAT-T IP changes, the dynamic IPsec spoke add route entry is stuck on the hub.

678800

Kernel may crash on link event update with net-device enabled.

684133

Site-to-site IPsec VPN cannot establish in asymmetric routing scenario where the IPsec VPN bound interface is a loopback interface.

687749

iked HA sync crashed on secondary with authenticated user group in firewall policy. Affected models: all except NP7 platforms (FG-180xF, FG-260xF, FG-420xF, FG-440xF).

691878

Creating or updating a user with two-factor authentication causes dialup VPN traffic to stop.

694992

Issue establishing IPsec and L2TP tunnel with Chromebook behind NAT.

710961

Hub is dropping packets due to Failed to find IPsec Common after upgrading from 6.2.6 to 6.2.7.

Log & Report

Bug ID

Description

623471

FortiGate did not change the time after daylight saving time.

654363

Traffic log shows Policy violation for traffic hitting the allow policy in NGFW policy mode.

667274

FortiGate does not have log disk auto scan failure status log.

675347

When searching for some rarely-found logs within a large volume of logs, there is a long period of time before the results are returned. During the waiting period, if any new requests arrive, the old search session cannot be cleared. There is then a risk that multiple processes exist together, which may cause performance issues.

677540

First TCP connection to syslog server is not stable.

682444

No event log generated when log disk needs format.

694296

Memory leak issue in miglogd when log daemon has connection issue or FortiAnalyzer setting changes.

710344

Reliable syslog is sent in the wrong format when flushing the logs queued in the log daemon when working in TCP reliable mode.

Proxy

Bug ID

Description

603195

Multiple WAD crashes with signal 11.

633108

When FOH server is disconnected from a HTTP session, the HTTP session client port peer is not cleared. After this, the HTTP client port shutdown causes a crash because the peer port is freed.

655356, 660857

Proxy deep inspection fails if server uses TLS 1.3 cookies or record padding.

661063

If a client sends an RST to a WAD proxy, the proxy can close the connection to the server. In this case, the relatively long session expiration (which is usually 120 seconds by default) could lead to session number spikes in some tests.

675525

No WAD sessions displayed when running diagnose wad filter.

680651

Memory leak when retrieving the thumbnailPhoto information from the LDAP server.

681134

Proxy-based SSL certification inspection session hangs if the outbound probe connection has no routes.

693951

Cannot access Java-based application in proxy mode.

Routing

Bug ID

Description

579884

VRF configuration in WWAN interface has no effect after reboot.

628896

DHCP relay does not match the SD-WAN policy route.

687034

bgpd memory leak if running BGP on 6.2.7 and 6.4.4.

692241

BGP daemon consumes high CPU in ADVPN setup when disconnecting after socket writing error.

Security Fabric

Bug ID

Description

649556

FortiNAC requests to FortiGate can timeout on low-end models when there are many concurrent requests.

660624

FortiAnalyzer Cloud should be taken into consideration when doing CLI check for CSF setting.

SSL VPN

Bug ID

Description

602480

Use jQuery to customize FortiGate SSL VPN log in page.

608195

AngularJS web application cannot load via SSL VPN web mode.

610905

SSL VPN bypassing logon count limit with different case in user name.

610995

SSL VPN web mode gets error when accessing internal website at https://st***.st***.ca/.

619296

FortiGate reverts default values of text on buttons in SSL VPN log on page.

620946

All sslvpnd daemons use 99.9% CPU when policy is being updated.

628597

Unable to load the SSL VPN bookmark internal website, https://fi***.co.nz.

646339

SSL-SSH inspection profile changes to no-inspection after device reboots.

649197

Unable to use editor in Atlassian internal Confluence portal over SSL VPN web mode.

659322

SSL VPN will disconnect all connections after new address is added to IP pool.

661290

https://mo***.be site is non-accessible in SSL VPN web mode.

662042

The https://outlook.office365.com and https://login.microsoft.com websites cannot be accessed in the SSL VPN web portal.

662871

SSL VPN web mode has problems accessing some pages on FortiAnalyzer 6.2.

670731

Internal application server/website bookmark (https://***.***.***.***:****/nexgen/) not working in SSL VPN web mode.

672743

sslvpnd segmentation fault crash due to old DNS entries in cache that cannot be released if the same results were added into the cache but in a different order.

673320

Pop-up window does not load correctly when accessing internal application at https://re***.wo***.nl using SSL VPN web mode.

677167

SSL VPN web mode has problem accessing Sapepronto server.

678132

SSL VPN web portal SSO credentials for alternative option are not working.

680711

Unable to access OWA web server on mobile device in SSL VPN web mode.

681764

Video could not load for https://le***.sm***.ca in SSL VPN web mode.

683601

Changing DNS or WINS server under VPN SSL settings logs off connected users.

685269

SSL VPN web mode is not working properly for aw***.co***.com website.

688023

SSL VPN bookmarked website shows empty page after logging in to SSL VPN gateway https://vd***.vi***.com.

696009

Tunnel IP pool leak when DTLS tunnel user session is deleted due to timeout (idle or authentication).

706270

sslvpnd signal 11 (Segmentation fault) received caused by a pointer arithmetic error.

Switch Controller

Bug ID

Description

700842

FortiSwitch MAC delete logs are not being generated.

System

Bug ID

Description

488400

FGFM sessions timeout when the sessions between two non-VLAN ID EMAC VLANs are offloaded.

521213

Read-only administrators should be able to run diagnose sniffer packet command.

564477

VLAN switch creation fails every other time on FG-140D-POE.

584622

SNMP trap cannot display FortiGate model in OSPF trap information.

598527

ISDB may cause crashes after downgrading FortiGate firmware.

618158

DHCP client cannot get IP address when NTP server option in DHCP server settings is set to Same as System NTP.

620902

Application fgfmsd crashed and signal 11 received __cmdb_config_write_by_fname + 0x01cd.

627629

DHCP client sent invalid DHCPREQUEST format during INIT state.

628642

Issue when packets from the same session are forwarded to each LACP member when NPx offloading is enabled.

642005

FortiGate does not send service-account-id to FortiManager via fgfm tunnel when FortiCloud is activated directly on the FortiGate.

643033

get system interface transceiver port1 should return RX power and TX power for all Ch0[1-4] with a 0 value or N/A when the admin port is down on one side and the link status is down.

644616

NP6 does not update session timers for traffic IPsec tunnel if established over one pure EMAC VLAN interface.

650878

DHCP relay will honor the broadcast flag set to 0 (unicast) in only one VDOM at a time in a multi-VDOM environment.

654131

No statistics for TX and RX counters for VLAN interfaces.

659539

FortiGate running 6.2.7 GA cannot validate license via FortiManager due to FortiManager hardware missing Fortinet_CA2 and Fortinet_SUBCA2001.

664279

snmpd crashes when sorting a list-based ARP table if it has about 50,000 or more entries.

665332

When VDOM has large number of VIPs and policies, any firewall policy change causes cmdbsvr to become busy and use high CPU.

665550

Fragmented UDP traffic does not assemble on the FortiGate and does not forward out.

666418

SFP interfaces on FG-330xE do not show link light.

667722

VLAN interface created on top of a 10 GB interface is not showing the actual TX/RX counters.

668856

Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped.

668856

Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped.

669914

No statistics for TX and RX counters for VLAN interfaces.

670897

Update GTP code to be compatible with newer versions (GTPv1 and GTPv2).

670962

Packet loss occurs when traffic flow between VLAN interfaces is created under 10G LACP link.

672011

LTE DHCP IP addressing not installed in the routing table.

672183

UDP 4500 inter-VDOM traffic is not offloaded, causing BFD/IPsec to drop.

673263

High memory issue is caused by heavy traffic on the VDOM link.

673609

The auto-join FortiCloud re-try timer 600 second value is too large.

673918

Read-only administrator with packet capture read-write permission cannot run diagnose sniffer command.

675171

L2TP enabled status should be configured before EIP and SIP.

677568

Failed to parse execute restore config properly when the command is from a FortiManager script.

678809

dhcpd crashes with signal 6 because the timer is not canceled before calling the free release function.

680881

Rebooting device causes interface mode to change from static to DHCP.

686442

Traffic was stopped because PBA IP pool has the wrong relationship information.

690797

Huawei E8372h-320 LTE modem does not receive IP on FG-30E.

693757

Secondary FG-5001D blades in SLBC cluster do not show updated contract dates.

696622

FortiGate cannot get gateway from built-in LTE modem on all LTE capable FortiGate platforms.

698014

When running execute speed-test command, it shows all VLAN and SSL interfaces from other VDOMs.

710807

FGR-60F WAN1 and WAN2 fail to connect to the network due to board ID GPIO assignment being incorrect.

User & Device

Bug ID

Description

643191

FSSO TS-Agent is not working properly when FortiGates use NGFW policy-based mode.

658794

FortiGate sent CSR certificate instead of signed certificate to FortiManager when retrieve is performed.

662391

Persistent sessions for de-authenticated FSSO users.

675226

The ssl-ocsp-source-ip setting not configurable in non-management VDOMs.

675539

FSSO collector status is down, despite that it is reported as connected by authd in a multi-VDOM environment.

VM

Bug ID

Description

627106

FG-VM64 console shows hw csum failure for VLAN interface on mlx5_core PF.

711525

FG-VM-AWS PAYG instance randomly loses license after reboot.

Web Filter

Bug ID

Description

593203

Cannot enter a name for the web rating override or save it due to name input error.

668325

Hanging FortiGuard connection is not torn down in some situations.

676403

Replacement message pictures (FortiGuard web filter) are not displayed in Chrome.

678467

Safe search URL option is not working while the original query in Google Images has the same parameter name.

WiFi Controller

Bug ID

Description

621346

Dynamic VLAN on SSID cannot pass traffic through FG-100F/101F and FG-60F/61F when offloading is enabled.

698961

FWF-60F/61F and FWF-40F encounters kernel panic (LR is at capwap_find_sta_by_mac) when one managed FortiAP is authenticating WiFi clients.

707635

AP with MAC E0-23-FF not coming online through mesh with FortiWiFi radio set to root.

Resolved issues

The following issues have been fixed in version 6.2.8. For inquires about a particular bug, please contact Customer Service & Support.

DNS Filter

Bug ID

Description

511729

Domain filter entries whose action is set to allow should not be logged.

Explicit Proxy

Bug ID

Description

624513

IP pool address in proxy policy is not used sometimes when enabling a security profile.

662931

Browsers change default SameSite cookie settings to Lax, and Kerberos authentication does not work in transparent proxy.

664548

When the FortiGate is configured as an explicit proxy and AV is enabled on the proxy policy, users cannot access certain FTP sites.

681054

Web proxy users are disconnected due to external resource update flushing the user even if they do not have an authentication rule using the related proxy address or IP list.

689002

Proxy traffic failed after modifying resource setting in external connector.

697566

Explicit proxy unable to access a particular URL (https://***.my.salesforce.com) after upgrading from 5.6.12 to 6.2.7.

Firewall

Bug ID

Description

474612

SNAT is using low ports below 1023 for NTP.

611781

Search option on IPv4 policy page not working; after typing in the search bar, no results are displayed.

616220

ICMP reply packets are dropped by the FortiGate.

643446

Fragmented UDP traffic is silently dropped when fragments have different ECN values.

661014

FortiCarrier has GTP dropped packet log after configuring GTP allow list.

675353

Security policy (NGFW mode) flow-based UTM logs are still generated when policy traffic log is disabled.

682956

ISDB is empty/crashes after upgrading from 6.2.4/6.2.5 to 6.2.6.

683426

No hit counts on policy for DHCP broadcast packets in transparent mode.

683604

When changing a policy and creating a firewall sniffer concurrently, there is traffic that is unrelated to the policy that is being changed and matching the implicit deny policy. Some IPv4 firewall policies were missing after the change.

699785

Firewall performance may degrade when thousands of VIPs are configured.

FortiView

Bug ID

Description

628225

Compromised Hosts dashboard cannot show data if FortiAnalyzer is configured using the FQDN address in the log setting. FortiAnalyzer configured with an IP address does not have this issue.

GUI

Bug ID

Description

592854

An address created by the VPN wizard cannot save changes due to an incorrect validation check for parentheses, (), in the Comments field.

593860

Users are able to apply modifications to a policy inline from within the policy list when FortiManager GUI read-only restrictions are in place.

601879

When logging in to the dashboard after a factory reset, the dashboard displays The web page cannot be found.

631041

Assigning an RSSO group to a firewall policy does not enable RSSO on the policy.

639617

On Explicit Web Proxy Policy page, unable to change Outgoing Source IP option from IP Pools to Proxy Default or Original Source IP. CLI does not have this issue.

650708

When the client browser is in a different time zone from the FortiGate, the Guest Management page displays an incorrect expiry time for guest users. The CLI returns the correct expiry.

654626

Unable to change the action setting of Freeware and Software Downloads using the FortiGuard Category Based Filter of the DNS filter profile.

655255

FortiGuard resource retrieval delay causes GUI pages to respond slowly. Affected pages include: Firewall Policy, Settings (log and system), Explicit Proxy (web and FTP), System Global, and System CSF.

656599

After upgrading firmware, the CLI script action has a required administrator profile to restrict capabilities. This profile cannot exceed the current administrator's permissions. When configuring a stitch, an administrator can only choose a CLI script that has equal or lesser permissions that the current administrator.

656668

On the System > HA page, GUI tooltip for the reserved management interface incorrectly shows the connecting IP address instead of the configured IP address.

661703

High latency when selecting Security Fabric > Physical Topology/Logical Topology pages in Firefox.

662640

Some GUI pages (dashboard, topology, policy list, interface list) are slow to load on low-end platforms when there are many concurrent HTTPSD requests.

665597

When set server-identity-check is enabled, Test User Credentials fails when performed on the CLI and passes when run from the GUI. The GUI implementation has been updated to match that of the CLI.

666500

The Confirm version downgrade warning message is not displayed when a user downgrades firmware between minor patch release versions using the manual upload option. Firmware downgrades from FortiGuard do not have this issue.

667863

GUI does not display FortiSwitch ports when multiple FortiLink interfaces are configured. FortiOS 6.4.0 and later supports multiple FortiLink configurations via the GUI.

672906

GUI does not redirect to the system reboot progress page after successfully restoring a configuration.

689605

On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.

691277

When logs are retrieved from FortiAnalyzer, the GUI displays the same traffic logs for primary and secondary HA devices.

HA

Bug ID

Description

540600

The HA hello-holddown value is divided by 10 in the hatalk daemon, which makes the hello-holddown time 10 times less than the configuration.

609631

Both nodes in HA simultaneous reboot when gtp-enhance-mode is enabled or disabled.

627851

After the HA peer node has been replaced, there needs to be a way to reset the HA health status back to OK.

650624

HA GARP sending was delayed due to lots of transceiver reading.

652507

Sessions with syn_ses flags are not synced after reboot.

653095

Inband management IP connection breaks when failover occurs (only in virtual cluster setup).

657376

VLAN interfaces are created on a different virtual cluster primary instead of the root primary do not sync.

678309

Cluster is out of sync because of config vpn certificate ca after upgrade.

690248

Malicious certificate database is not getting updated on the secondary unit.

693223

hasync crashes with signal 11 in ha_same_fosver_with_manage_master.

703047

hbdev goes up and down quickly, then the cluster keeps changing rapidly. hasync objects might access invalid cluster information that causes it to crash.

Intrusion Prevention

Bug ID

Description

657541

On FG-80D, the IPS engine daemon count drops to 0 when the CPU number is 4.

668631

IPS is constantly crashing, and ipshelper has high CPU when IPS extended database has too many rules (more than 256) sharing the same pattern. Affected models: SoC3-based FortiGates.

686301

ipshelper CPU spikes when configuration changes are made.

689259

Flow-based AV scanning does not send specific extension files to FortiSandbox.

689590

IP quarantine is not working on FG-80D.

691395

Signature false positives causing outage after IPS database update.

IPsec VPN

Bug ID

Description

566076

IKED process signal 11 crash in an ADVPN and BGP scenario.

597246

When disabling and re-enabling OCVPN after HA failover, the IPsec tunnel cannot be established.

631804

OCVPN errors showing in logs when OCVPN is disabled.

638352

In extreme situations when thousands of tunnels are negotiating simultaneously (IKEv2), iked process gets exhausted and stuck.

642543

IPsec did not rekey when keylife expired after back-to-back HA failover.

650599

IKE HA sync truncates phase 2 options flags after the first eight bits.

655895

Unable to route traffic to a spoke VPN site from the hub FortiGate when the dialup IPsec VPN interface is dual stacked (IPv4/IPv6).

666693

If NAT-T IP changes, the dynamic IPsec spoke add route entry is stuck on the hub.

678800

Kernel may crash on link event update with net-device enabled.

684133

Site-to-site IPsec VPN cannot establish in asymmetric routing scenario where the IPsec VPN bound interface is a loopback interface.

687749

iked HA sync crashed on secondary with authenticated user group in firewall policy. Affected models: all except NP7 platforms (FG-180xF, FG-260xF, FG-420xF, FG-440xF).

691878

Creating or updating a user with two-factor authentication causes dialup VPN traffic to stop.

694992

Issue establishing IPsec and L2TP tunnel with Chromebook behind NAT.

710961

Hub is dropping packets due to Failed to find IPsec Common after upgrading from 6.2.6 to 6.2.7.

Log & Report

Bug ID

Description

623471

FortiGate did not change the time after daylight saving time.

654363

Traffic log shows Policy violation for traffic hitting the allow policy in NGFW policy mode.

667274

FortiGate does not have log disk auto scan failure status log.

675347

When searching for some rarely-found logs within a large volume of logs, there is a long period of time before the results are returned. During the waiting period, if any new requests arrive, the old search session cannot be cleared. There is then a risk that multiple processes exist together, which may cause performance issues.

677540

First TCP connection to syslog server is not stable.

682444

No event log generated when log disk needs format.

694296

Memory leak issue in miglogd when log daemon has connection issue or FortiAnalyzer setting changes.

710344

Reliable syslog is sent in the wrong format when flushing the logs queued in the log daemon when working in TCP reliable mode.

Proxy

Bug ID

Description

603195

Multiple WAD crashes with signal 11.

633108

When FOH server is disconnected from a HTTP session, the HTTP session client port peer is not cleared. After this, the HTTP client port shutdown causes a crash because the peer port is freed.

655356, 660857

Proxy deep inspection fails if server uses TLS 1.3 cookies or record padding.

661063

If a client sends an RST to a WAD proxy, the proxy can close the connection to the server. In this case, the relatively long session expiration (which is usually 120 seconds by default) could lead to session number spikes in some tests.

675525

No WAD sessions displayed when running diagnose wad filter.

680651

Memory leak when retrieving the thumbnailPhoto information from the LDAP server.

681134

Proxy-based SSL certification inspection session hangs if the outbound probe connection has no routes.

693951

Cannot access Java-based application in proxy mode.

Routing

Bug ID

Description

579884

VRF configuration in WWAN interface has no effect after reboot.

628896

DHCP relay does not match the SD-WAN policy route.

687034

bgpd memory leak if running BGP on 6.2.7 and 6.4.4.

692241

BGP daemon consumes high CPU in ADVPN setup when disconnecting after socket writing error.

Security Fabric

Bug ID

Description

649556

FortiNAC requests to FortiGate can timeout on low-end models when there are many concurrent requests.

660624

FortiAnalyzer Cloud should be taken into consideration when doing CLI check for CSF setting.

SSL VPN

Bug ID

Description

602480

Use jQuery to customize FortiGate SSL VPN log in page.

608195

AngularJS web application cannot load via SSL VPN web mode.

610905

SSL VPN bypassing logon count limit with different case in user name.

610995

SSL VPN web mode gets error when accessing internal website at https://st***.st***.ca/.

619296

FortiGate reverts default values of text on buttons in SSL VPN log on page.

620946

All sslvpnd daemons use 99.9% CPU when policy is being updated.

628597

Unable to load the SSL VPN bookmark internal website, https://fi***.co.nz.

646339

SSL-SSH inspection profile changes to no-inspection after device reboots.

649197

Unable to use editor in Atlassian internal Confluence portal over SSL VPN web mode.

659322

SSL VPN will disconnect all connections after new address is added to IP pool.

661290

https://mo***.be site is non-accessible in SSL VPN web mode.

662042

The https://outlook.office365.com and https://login.microsoft.com websites cannot be accessed in the SSL VPN web portal.

662871

SSL VPN web mode has problems accessing some pages on FortiAnalyzer 6.2.

670731

Internal application server/website bookmark (https://***.***.***.***:****/nexgen/) not working in SSL VPN web mode.

672743

sslvpnd segmentation fault crash due to old DNS entries in cache that cannot be released if the same results were added into the cache but in a different order.

673320

Pop-up window does not load correctly when accessing internal application at https://re***.wo***.nl using SSL VPN web mode.

677167

SSL VPN web mode has problem accessing Sapepronto server.

678132

SSL VPN web portal SSO credentials for alternative option are not working.

680711

Unable to access OWA web server on mobile device in SSL VPN web mode.

681764

Video could not load for https://le***.sm***.ca in SSL VPN web mode.

683601

Changing DNS or WINS server under VPN SSL settings logs off connected users.

685269

SSL VPN web mode is not working properly for aw***.co***.com website.

688023

SSL VPN bookmarked website shows empty page after logging in to SSL VPN gateway https://vd***.vi***.com.

696009

Tunnel IP pool leak when DTLS tunnel user session is deleted due to timeout (idle or authentication).

706270

sslvpnd signal 11 (Segmentation fault) received caused by a pointer arithmetic error.

Switch Controller

Bug ID

Description

700842

FortiSwitch MAC delete logs are not being generated.

System

Bug ID

Description

488400

FGFM sessions timeout when the sessions between two non-VLAN ID EMAC VLANs are offloaded.

521213

Read-only administrators should be able to run diagnose sniffer packet command.

564477

VLAN switch creation fails every other time on FG-140D-POE.

584622

SNMP trap cannot display FortiGate model in OSPF trap information.

598527

ISDB may cause crashes after downgrading FortiGate firmware.

618158

DHCP client cannot get IP address when NTP server option in DHCP server settings is set to Same as System NTP.

620902

Application fgfmsd crashed and signal 11 received __cmdb_config_write_by_fname + 0x01cd.

627629

DHCP client sent invalid DHCPREQUEST format during INIT state.

628642

Issue when packets from the same session are forwarded to each LACP member when NPx offloading is enabled.

642005

FortiGate does not send service-account-id to FortiManager via fgfm tunnel when FortiCloud is activated directly on the FortiGate.

643033

get system interface transceiver port1 should return RX power and TX power for all Ch0[1-4] with a 0 value or N/A when the admin port is down on one side and the link status is down.

644616

NP6 does not update session timers for traffic IPsec tunnel if established over one pure EMAC VLAN interface.

650878

DHCP relay will honor the broadcast flag set to 0 (unicast) in only one VDOM at a time in a multi-VDOM environment.

654131

No statistics for TX and RX counters for VLAN interfaces.

659539

FortiGate running 6.2.7 GA cannot validate license via FortiManager due to FortiManager hardware missing Fortinet_CA2 and Fortinet_SUBCA2001.

664279

snmpd crashes when sorting a list-based ARP table if it has about 50,000 or more entries.

665332

When VDOM has large number of VIPs and policies, any firewall policy change causes cmdbsvr to become busy and use high CPU.

665550

Fragmented UDP traffic does not assemble on the FortiGate and does not forward out.

666418

SFP interfaces on FG-330xE do not show link light.

667722

VLAN interface created on top of a 10 GB interface is not showing the actual TX/RX counters.

668856

Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped.

668856

Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped.

669914

No statistics for TX and RX counters for VLAN interfaces.

670897

Update GTP code to be compatible with newer versions (GTPv1 and GTPv2).

670962

Packet loss occurs when traffic flow between VLAN interfaces is created under 10G LACP link.

672011

LTE DHCP IP addressing not installed in the routing table.

672183

UDP 4500 inter-VDOM traffic is not offloaded, causing BFD/IPsec to drop.

673263

High memory issue is caused by heavy traffic on the VDOM link.

673609

The auto-join FortiCloud re-try timer 600 second value is too large.

673918

Read-only administrator with packet capture read-write permission cannot run diagnose sniffer command.

675171

L2TP enabled status should be configured before EIP and SIP.

677568

Failed to parse execute restore config properly when the command is from a FortiManager script.

678809

dhcpd crashes with signal 6 because the timer is not canceled before calling the free release function.

680881

Rebooting device causes interface mode to change from static to DHCP.

686442

Traffic was stopped because PBA IP pool has the wrong relationship information.

690797

Huawei E8372h-320 LTE modem does not receive IP on FG-30E.

693757

Secondary FG-5001D blades in SLBC cluster do not show updated contract dates.

696622

FortiGate cannot get gateway from built-in LTE modem on all LTE capable FortiGate platforms.

698014

When running execute speed-test command, it shows all VLAN and SSL interfaces from other VDOMs.

710807

FGR-60F WAN1 and WAN2 fail to connect to the network due to board ID GPIO assignment being incorrect.

User & Device

Bug ID

Description

643191

FSSO TS-Agent is not working properly when FortiGates use NGFW policy-based mode.

658794

FortiGate sent CSR certificate instead of signed certificate to FortiManager when retrieve is performed.

662391

Persistent sessions for de-authenticated FSSO users.

675226

The ssl-ocsp-source-ip setting not configurable in non-management VDOMs.

675539

FSSO collector status is down, despite that it is reported as connected by authd in a multi-VDOM environment.

VM

Bug ID

Description

627106

FG-VM64 console shows hw csum failure for VLAN interface on mlx5_core PF.

711525

FG-VM-AWS PAYG instance randomly loses license after reboot.

Web Filter

Bug ID

Description

593203

Cannot enter a name for the web rating override or save it due to name input error.

668325

Hanging FortiGuard connection is not torn down in some situations.

676403

Replacement message pictures (FortiGuard web filter) are not displayed in Chrome.

678467

Safe search URL option is not working while the original query in Google Images has the same parameter name.

WiFi Controller

Bug ID

Description

621346

Dynamic VLAN on SSID cannot pass traffic through FG-100F/101F and FG-60F/61F when offloading is enabled.

698961

FWF-60F/61F and FWF-40F encounters kernel panic (LR is at capwap_find_sta_by_mac) when one managed FortiAP is authenticating WiFi clients.

707635

AP with MAC E0-23-FF not coming online through mesh with FortiWiFi radio set to root.