Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known issues

The following issues have been identified in version 6.4.0. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

File Filter

Bug ID

Description

626652

The unknown and bin file types catch too many random files, which leads to inconsistent results for web traffic.

Firewall

Bug ID

Description

622045

Traffic not matched by security policy when using service groups in NGFW policy mode.

622258

Move command does not work for firewall service category.

635074

Firewall policy dstaddr does not show virtual server available based on virtual WAN link member.

FortiView

Bug ID

Description

615524

FortiView > All Sessions should be supported as a standalone dashboard widget in navigation bar.

643198

Threats drilldown for Sources, Destinations, and Country/Region (1 hour, 24 hours, 7 days) gives the error, Failed to retrieve FortiView data.

GUI

Bug ID

Description

528145

BGP configuration gets applied on the wrong VDOM if user switches VDOM selection in between operations (slow GUI).

564849

HA warning message remains after primary device takes back control.

602102

Warning message is not displayed when a user configures an interface with a static IP address that is already in use.

622510

Page is stuck and there is a blank message field when doing policy lookup with non-IP protocol.

624551

On POE devices, several sections of the GUI take over 15 seconds to fully load.

628373

Software switch members and their VLANs are not visible in the GUI interfaces list.

631734

GUI not displaying PoE total power budget on FOS 6.2.3.

634677

User group not visible in GUI when editing the user with a single right-click.

689605

On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.

Intrusion Prevention

Bug ID

Description

622741

Traffic was blocked during the test with flow UTMs enabled.

IPsec VPN

Bug ID

Description

622506 L2TP over IPsec tunnel established, but traffic cannot pass because wrong interface gets in route lookup.

623238

ADVPN shortcut cannot be established if both spokes are behind NAT.

Proxy

Bug ID

Description

619637

In transparent proxy policy with authentication on corporate firewall, it shows Access Denied after authentication.

621787

On some smaller models, WAD watchdog times out when there is a lot of SSL traffic.

623213

Firewall does not handle 308 redirects properly for threat feed list.

624245

WAD crashes when all of these conditions are met: policy is doing deep inspection, SNI in client hello is in the exempt list, server certificate CNAME is not in the exempt list.

636508

FortiGate blocks traffic in transparent proxy policy, even if the traffic matches the proxy address.

Routing

Bug ID

Description

580207

Policy route does not apply to local-out traffic.

618100

Link health monitor with HTTP/TCP echo cannot send out probe packets in the setting interval when the server is unreachable.

626549

SD-WAN rules created using ISDB do not match/forward via the correct interface.

666829

Application bfdd crashes.

Security Fabric

Bug ID

Description

609182

Security Fabric Settings page sometimes cannot load FortiSandbox URL threat detection version despite FortiSandbox being connected.

614691

Slow GUI performance in large Fabric topology with over 50 downstream devices.

623689

CSF branch FortiGate cannot successfully connect/verify certificate with remote EMS server.

SSL VPN

Bug ID

Description

613111

Traffic cannot pass through FortiGate in SSL VPN web mode if the user is a PKI peer.

613612

Important GUI pages in 6.4.0 are not rendered well by SSL VPN portal.

616429

Local user assigned with FortiToken cannot log in to SSL VPN web/tunnel mode when password change is required.

616879

Traffic cannot pass through FortiGate for SSL VPN web mode if the user is a PKI peer.

619914

Split-tunnel information is not recognized by legacy FortiClient SSL VPN Linux tool.

629373

SAML login button is lost on SSL VPN portal.

637018

After the upgrade to 6.0.10/6.2.4/6.4.0 SSL VPN portal mapping/remote authentication is matching user into the incorrect group.

Switch Controller

Bug ID

Description

622812

VLANs on a FortiLink interface configured to use a hardware switch interface may fail to come up after upgrading or rebooting.

System

Bug ID

Description

610900

Low throughput on FG-2201E for traffic with ECN flag enabled.

613136

Uninitialized variable that may potentially cause httpsd signal 6 and 11 crash issue.

617154

Fortinet_CA is missing in FG-3400E.

617409

The FG-800D HA LED is off when HA status is normal.

617453

fgfmsd crash due to REST agent.

636069

Unable to handle kernel NULL pointer dereference at 000000000000008f.

644782

A large number of detected devices causes httpsd to consume resources, and causes low-end devices to enter conserve mode.

User & Authentication

Bug ID

Description

605437

FortiOS does not understand CMPv2 grantedWithMods response.

VM

Bug ID

Description

622031

azd keeps crashing if Azure VM contains more than 15 tags.

623376

Multi zone HA breaks after upgrading to 6.4.0 because upgrade process does not add relevant items under VDOM exception.

Web Filter

Bug ID

Description

621807

Filtering Services Availability status is down on the GUI when HTTP/80 is used for web filtering rating service.

625897

Filtering Services Availability status is down on the GUI when HTTP/80 is used for web filtering rating service.

654160

Web filter profile count decreased after upgrading to 6.4.0 on FG-100F.

Known issues

The following issues have been identified in version 6.4.0. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

File Filter

Bug ID

Description

626652

The unknown and bin file types catch too many random files, which leads to inconsistent results for web traffic.

Firewall

Bug ID

Description

622045

Traffic not matched by security policy when using service groups in NGFW policy mode.

622258

Move command does not work for firewall service category.

635074

Firewall policy dstaddr does not show virtual server available based on virtual WAN link member.

FortiView

Bug ID

Description

615524

FortiView > All Sessions should be supported as a standalone dashboard widget in navigation bar.

643198

Threats drilldown for Sources, Destinations, and Country/Region (1 hour, 24 hours, 7 days) gives the error, Failed to retrieve FortiView data.

GUI

Bug ID

Description

528145

BGP configuration gets applied on the wrong VDOM if user switches VDOM selection in between operations (slow GUI).

564849

HA warning message remains after primary device takes back control.

602102

Warning message is not displayed when a user configures an interface with a static IP address that is already in use.

622510

Page is stuck and there is a blank message field when doing policy lookup with non-IP protocol.

624551

On POE devices, several sections of the GUI take over 15 seconds to fully load.

628373

Software switch members and their VLANs are not visible in the GUI interfaces list.

631734

GUI not displaying PoE total power budget on FOS 6.2.3.

634677

User group not visible in GUI when editing the user with a single right-click.

689605

On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.

Intrusion Prevention

Bug ID

Description

622741

Traffic was blocked during the test with flow UTMs enabled.

IPsec VPN

Bug ID

Description

622506 L2TP over IPsec tunnel established, but traffic cannot pass because wrong interface gets in route lookup.

623238

ADVPN shortcut cannot be established if both spokes are behind NAT.

Proxy

Bug ID

Description

619637

In transparent proxy policy with authentication on corporate firewall, it shows Access Denied after authentication.

621787

On some smaller models, WAD watchdog times out when there is a lot of SSL traffic.

623213

Firewall does not handle 308 redirects properly for threat feed list.

624245

WAD crashes when all of these conditions are met: policy is doing deep inspection, SNI in client hello is in the exempt list, server certificate CNAME is not in the exempt list.

636508

FortiGate blocks traffic in transparent proxy policy, even if the traffic matches the proxy address.

Routing

Bug ID

Description

580207

Policy route does not apply to local-out traffic.

618100

Link health monitor with HTTP/TCP echo cannot send out probe packets in the setting interval when the server is unreachable.

626549

SD-WAN rules created using ISDB do not match/forward via the correct interface.

666829

Application bfdd crashes.

Security Fabric

Bug ID

Description

609182

Security Fabric Settings page sometimes cannot load FortiSandbox URL threat detection version despite FortiSandbox being connected.

614691

Slow GUI performance in large Fabric topology with over 50 downstream devices.

623689

CSF branch FortiGate cannot successfully connect/verify certificate with remote EMS server.

SSL VPN

Bug ID

Description

613111

Traffic cannot pass through FortiGate in SSL VPN web mode if the user is a PKI peer.

613612

Important GUI pages in 6.4.0 are not rendered well by SSL VPN portal.

616429

Local user assigned with FortiToken cannot log in to SSL VPN web/tunnel mode when password change is required.

616879

Traffic cannot pass through FortiGate for SSL VPN web mode if the user is a PKI peer.

619914

Split-tunnel information is not recognized by legacy FortiClient SSL VPN Linux tool.

629373

SAML login button is lost on SSL VPN portal.

637018

After the upgrade to 6.0.10/6.2.4/6.4.0 SSL VPN portal mapping/remote authentication is matching user into the incorrect group.

Switch Controller

Bug ID

Description

622812

VLANs on a FortiLink interface configured to use a hardware switch interface may fail to come up after upgrading or rebooting.

System

Bug ID

Description

610900

Low throughput on FG-2201E for traffic with ECN flag enabled.

613136

Uninitialized variable that may potentially cause httpsd signal 6 and 11 crash issue.

617154

Fortinet_CA is missing in FG-3400E.

617409

The FG-800D HA LED is off when HA status is normal.

617453

fgfmsd crash due to REST agent.

636069

Unable to handle kernel NULL pointer dereference at 000000000000008f.

644782

A large number of detected devices causes httpsd to consume resources, and causes low-end devices to enter conserve mode.

User & Authentication

Bug ID

Description

605437

FortiOS does not understand CMPv2 grantedWithMods response.

VM

Bug ID

Description

622031

azd keeps crashing if Azure VM contains more than 15 tags.

623376

Multi zone HA breaks after upgrading to 6.4.0 because upgrade process does not add relevant items under VDOM exception.

Web Filter

Bug ID

Description

621807

Filtering Services Availability status is down on the GUI when HTTP/80 is used for web filtering rating service.

625897

Filtering Services Availability status is down on the GUI when HTTP/80 is used for web filtering rating service.

654160

Web filter profile count decreased after upgrading to 6.4.0 on FG-100F.