Fortinet black logo

Resolved issues

Resolved issues

The following issues have been fixed in version 6.4.1. To inquire about a particular bug, please contact Customer Service & Support.

Anti Virus

Bug ID

Description

582368

URL threat detection version show a large negative number after the FortiGate reboots.

Data Leak Prevention

Bug ID

Description

582480

scanunit crashes with signal 11 in dlpscan_mailheader when AV scans files via IMAP.

611513 DLP triggers scan unit watchdog timer and does not block the files.

Explicit Proxy

Bug ID

Description

617934

Web proxy should support forward server on TLS 1.3 certificate inspection connection.

624513

IP pool address in proxy policy is not used sometimes when enabling a security profile.

630434

WAD crashed at wad_ssl_port_p2s_supported_versions with signal 11.

File Filter

Bug ID

Description

626652

The unknown and BIN file types catch too many random files, which leads to inconsistent results for web traffic.

Firewall

Bug ID

Description

622045

Traffic not matched by security policy when using service groups in NGFW policy mode.

622258

Move command in firewall service category does not work.

635074

Firewall policy dstaddr does not show virtual server available based on virtual WAN link member.

FortiView

Bug ID

Description

615524

FortiView > All Sessions should be supported as a standalone dashboard widget in navigation bar.

GUI

Bug ID

Description

401862

Monitor page display incorrect virtual server entries for IPv6, VIP46, and VIP64; right-clicking gives an error.

493819

Reorder function on Authentication Rules page does not work.

513694

User cannot log in to GUI when password change is required and has pre-login or post-login banner enabled or FIPS mode.

528145

BGP configuration gets applied on the wrong VDOM if user switches VDOM selection in between operations (slow GUI).

557786

GUI response is very slow when accessing IPsec Monitor (api/v2/monitor/vpn/ipsec is taking a long time).

564849

HA warning message remains after primary device takes back control.

589709

Status button in Tunnel column on IPsec Tunnels page should be removed.

594702

When sorting the interface list by the Name column, the ports are not always in the correct order (port10 appears before port2).

601568

Interface status is not displayed on faceplate when viewed from System > HA page.

606428

GUI does not allow multiple IPsec tunnels with the same destination IP bound to the same interface but sourced from a different IP.

607549

GUI CMDB API to support case sensitive/insensitive filtering.

611857

Custom admin profile not showing logs as expected.

614056

Disabling the Idle Logout toggle on the SSL-VPN Settings page does not change the idle timeout setting, so the change does not persist after clicking Apply.

617937

Cannot add wildcard FQDN address into group in Edit SSL/SSH Inspection Profile page.

622510

Page gets stuck and message field is blank when doing policy lookup with a non-IP protocol.

623939

Interface bandwidth widgets for WAN, PPPoE and VDOM link interfaces are not loading.

624551

On POE devices, several sections of the GUI take over 15 seconds to fully load.

625747

Server certificate does not load into IPS after configuring SSL inspection profile in replace mode.

628373

Software switch members and their VLANs are not visible in the GUI interfaces list.

631734

GUI not displaying PoE total power budget on FOS 6.2.3.

634677

User group not visible in GUI when editing the user with a single right-click.

HA

Bug ID

Description

596075

In a HA system, the two FortiGates cannot sync when enabling vcluster2 and adding a CRL file on vcluster2 VDOM.

610324

HA sync has high CPU due to large number of IPv6 routes.

620093

Connectivity issue between Azure App and MySQL server. FortiGate is marking the SYN packet with ECN=CE flag.

621583

HA cannot display status in GUI when heartbeat cables reconnect.

621621

Ether-type HA cannot be changed.

623642

It takes up to 10 seconds to get NPU VDOM link up when rebooting primary unit.

626715

Out of sync issue caused by firewall address group member is either duplicated or out of order.

631342

FG-100D HA active-passive mode not syncing.

Intrusion Prevention

Bug ID

Description

622741

Traffic was blocked during the test with flow UTMs enabled.

IPsec VPN

Bug ID

Description

610558

ADVPN cannot establish after primary ISP has recovered from failure and traffic between spokes is dropped.

611451

ADVPN one spoke behind NAT shortcut cannot connect to another spoke that is not behind NAT.

622506

L2TP over IPsec tunnel establishes but traffic cannot pass because wrong interface gets in route lookup.

623238

ADVPN shortcut cannot establish if both spokes are behind NAT.

631804

OCVPN errors showing in logs when OCVPN is disabled.

631968

IKE daemon signal 6 crash when phase1 add-gw-route is enabled.

Log & Report

Bug ID

Description

608187

Five fields (devtype, devcategory, mastersrcmac, srcmac, srcserver) are not included in the traffic log.

611778

FG-AWS unable to view log from FortiAnalyzer.

616485

Log ID 20114 missing in FGT_log_reference.xml and text.html.

622954

Inconsistent log output relating to the local-in policy.

623471

FortiGate did not change the time after daylight saving time.

628358

Logs are not generated in GUI and CLI after checking the file system (after power cable disconnected).

Proxy

Bug ID

Description

578850

Application WAD crash several times due to signal alarm.

601493

ISDB static route cannot be active for proxy policy.

612333

In FortiGate with squid configuration (proxy chain), get ERR_SSL_PROTOCOL_ERROR when using Google Chrome with certificate/deep inspection.

615791

Abbreviated handshake randomly receives fatal illegal_parameter against zendesk.com services/sites.

616577

WAD failed to do an error handling for bypass case.

617099

WAD crashes every few minutes.

617373

AV profiles block WSUS service.

619637

In transparent proxy policy with authentication on corporate firewall, it shows Access Denied after authentication.

620453

Application WAD crash several times due to signal alarm.

621787

On some smaller models, WAD watchdog times out when there is a lot of SSL traffic.

623108

FTP-TP reaches high memory usage and triggers conserve mode.

623213

Firewall does not handle 308 redirects properly for threat feed list.

624245

WAD crashes when all of these conditions are met: policy is doing deep inspection, SNI in client hello is in the exempt list, server certificate CNAME is not in the exempt list.

636508

FortiGate blocks traffic in transparent proxy policy, even if the traffic matches the proxy address.

Routing

Bug ID

Description

537354

BFD/BGP dropping when outbandwidth is set on interface.

580207

Policy route does not apply to local-out traffic.

616483

Policy route should not kick in for destination exclude-member.

617906

With multiple PPPoE links, local traffic to a link will cause RPF check fail if priority of the route is higher than the distance.

618100

Link health monitor with HTTP/TCP echo cannot send out probe packets in the setting interval when the server is unreachable.

619343

Cannot ping old VRIPs when adding new VRIPs.

622721

Disabling SD-WAN service caused no outgoing path to be recorded duplicate times.

625345

The single BGP update message contains the same prefix in withdrawn routes and NLRI (advertised route).

626549

SD-WAN rules created using ISDB do not match/forward via the correct interface.

627901

set dscp-forward option is missing when using maximize bandwidth strategy in SD-WAN rule.

629521

SD-WAN IPv6 default route cannot be redistributed into BGP using set default-originate-routemap6.

Security Fabric

Bug ID

Description

609182

Security Fabric Settings page sometimes cannot load FortiSandbox URL threat detection version despite FortiSandbox being connected.

619696

Automation stitch traffic is sent via mgmt with ha-direct to AWS Lambda after upgrading from 6.0.9 to 6.2.3.

622032

SSH as automation action is not working as expected.

623689

CSF branch FortiGate cannot successfully connect/verify certificate with remote EMS server.

SSL VPN

Bug ID

Description

556314

SSL VPN group bookmarks shown only for the first matched policy.

602480

Use jQuery to customize FortiGate SSL VPN log in page.

604402

SSL VPN web access prompts for certificate authentication irrespective of realm.

607413

SMB/CIFS bookmark name gets scrambled if it contains special characters like space, backslash, colon, etc.

608453

Internal website is not accessible from SSL VPN due to some Sage X3 JS files with errors.

609358

Host check related settings should not be skipped when IPv6 tunnel mode is enabled.

610564

RDP over web mode SSL VPN to a Windows Server changes the time zone to GMT.

610905

SSL VPN bypassing logon count limit with different case in user name.

611190

SSL VPN SNI realm check does not work as expected when accessing non-specified SNI.

612540

SSL VPN web mode has problem accessing EPX website.

613111

Traffic cannot pass through FortiGate in SSL VPN web mode if the user is a PKI peer.

613612

Important GUI pages in 6.4.0 are not rendered well by SSL VPN portal.

615453

Web socket using socket.io could not be established through SSL VPN web mode.

616189

Cannot access, read, or download SharePoint 2019 or OneDrive documents; times out.

616429

Local user assigned with FortiToken cannot log in to SSL VPN web/tunnel mode when password change is required.

616879

Traffic cannot pass through FortiGate for SSL VPN web mode if the user is a PKI peer.

617170

https://outlook.office365.com cannot be accessed in SSL VPN web portal.

619296

FortiGate reverts default values of text on buttons in SSL VPN log on page.

619369

SSL VPN web mode has access problem for engage.leithaeusl website.

619914

Split-tunnel information is not recognized by FortiClient Linux and legacy forticlientsslvpn_linux.

620221

File downloaded from SFTP server of SSL VPN portal is sometimes falsified.

621270

SSL VPN user groups are corrupted in auth list when the user is a member of more than 100 groups.

622068

Adding FQDN routing address in split tunnel configuration injects single route in client for multiple A records.

622871

SSL VPN web mode not displaying full customer webpage after logging in.

623231

Pages could not be shown after logging in to back-end application server.

624145

An internal website via SSL VPN web portal failed to load an external resource.

624197

SSL VPN web mode does not completely load the redirected corporate SSO page when accessing an internal resource.

624288

After SSL VPN proxy, one JS file runs with error.

624477

FortiClient SSL VPN split tunnel is not working from macOS Catalina.

625301

Riverbed SteelCentral AppResponse login form is not displaying in SSL VPN web mode.

625338

sslvpnd crashing with signal 7 on get_free_idx.

625554

SSL VPN connection was used when the DTLS UDP packet process failed and connection was destroyed.

626237

SAP portal link is not working in SSL VPN web mode.

626351

Online Excel file could not be displayed in SSL VPN web mode.

626816

In web mode, after entering the username/password in back-end application server, logging in, and waiting for a while, the URL automatically changes to a direct connection to the back-end.

627456

Traffic cannot pass when SAML user logs in to SSL VPN portal with group match.

629373

SAML login button is lost on SSL VPN portal.

Switch Controller

Bug ID

Description

613323

FortiSwitch trunk configuration sync issue after FortiGate failover.

622812

VLANs on a FortiLink interface configured to use a hardware switch interface may fail to come up after upgrading or rebooting.

System

Bug ID

Description

583472

When system is in an extremely high memory usage state (~90%), a power supply status Power supply 1 AC is lost might be mistakenly logged.

585053

NP6 VLAN LACP-based interface RX/TX counters not increasing.

589792

Secondary members of a redundant interface process frames creating duplicates when NP6 offload is enabled.

594871

Potential memory leak triggered by FTP command in WAD.

600560

SMC time has big drift after running a long time without rebooting.

610900

Low throughput on FG-2201E for traffic with ECN flag enabled.

611512

When a LAG is created between 10 GE SFP+ slots and 25 GE SFP28/10 GE SFP+ slots, only about 50% of the sessions can be created. Affected models: FG-110xE, FG-220xE, and FG-330xE.

613136

Uninitialized variable that may potentially cause httpsd signal 6 and 11 crash issue.

615168

Traffic with priority field fails to traverse NP6 shaper.

615435

Crashes might happen due to CMDB query allocation failure causing a segmentation fault.

615451

Empty VIP groups allowed when restoring a configuration file.

617154

Fortinet_CA is missing in FG-3400E.

617409

The FG-800D HA LED is off when HA status is normal.

617453

fgfmsd crash due to REST agent.

619023

Proxy ARP configuration not loaded after interface shut/not shut.

619234

Purge policy is very slow when the number of policies is close to the maximum.

623113

FortiGate not entering A records in shadow DNS database for cross-subdomain CNAME requests.

625053

TCP SYN-ACK sent to different gateway when proxy-based UTM profiles are used.

628124

source-ip under system fortiguard is not taken for directregistration.fortinet.com when using Register with FortiCare window.

636069

Unable to handle kernel NULL pointer dereference at 000000000000008f.

630658

Auto-script output file size over 400 MB when configured output size is default 10 MB.

632407

Cannot delete VDOM due to ssl.vdom1 interface after changing mode from split-task VDOM to multi VDOM.

Upgrade

Bug ID

Description

615972

After upgrading from 6.2.2 to 6.2.3, the description field in the table has disappeared under DHCP reservation.

User & Authentication

Bug ID

Description

544035

Sessions authenticated by email time out by the policy timeout, which is much shorter than the timeout used by email/MAC authentication in the original pre-6.0 behavior.

591170

Sessions are removed from session table when FSSO group order is changed.

604906

FortiOS does not prompt for token when using RADIUS and two-factor authentication to connect to IPsec IKEv2.

605437

FortiOS does not understand CMPv2 grantedWithMods response.

609655

Captive portal exemption after upgrading the device from 6.2.2 to 6.2.3.

620097

Persistent sessions for de-authenticated users.

620941

Two-factor authentication using FortiClient SSL VPN and FortiToken Cloud is not working due to push notification delay.

621161

src-vis crashes on receipt of certain ONVIF packets.

624328

Fix IoT daemon segfault crashes.

626532

fnbamd is not sending Calling-Station-Id in Acces-Request for L2TP/IPsec since 5.4.0.

627144

Remote admin LDAP user login has authentication failure when the same LDAP user has local two-factor authentication.

VM

Bug ID

Description

606527

GUI and CLI interface dropdown lists are inconsistent.

613730

Unable to update routing table for a resource group in a different subscription for Azure SDN.

613759

Azure VM IPsec VPN crashed with mlx5 driver (to_HUB1: hw csum failure).

622031

azd keeps crashing if Azure VM contains more than 15 tags.

623376

Cross-zone HA breaks after upgrading to 6.4.0 because upgrade process does not add relevant items under vdom-exception.

624657

Azure changes FPGA for Accelerated Networking live and VM loses SR-IOV interfaces.

627106

FG-VM64 console shows hw csum failure for VLAN interface on mlx5_core PF.

VoIP

Bug ID

Description

620742

RAS helper does not NAT the port 1720 in the callSignalAddress field of the RegistrationRequest packet sent from the endpoint.

630024

voipd crashes repeatedly.

Web Filter

Bug ID

Description

612217

Remove XOR from FortiGuard communications from URL filter, spam filter, and AV query.

616162

Custom replacement message is not shown when using web filter.

618153

FSSO users cannot proceed on web filter warning page in flow-based inspection.

620803

Group name missing on web filter warning page in proxy-based inspection.

621807

Filtering Services Availability status is down on the GUI when HTTP/80 is used for web filtering rating service.

625897

Filtering Services Availability status is down on the GUI when HTTP/80 is used for web filtering rating service.

WiFi Controller

Bug ID

Description

604853

Only the first Fortinet-Group-Name VSA is evaluated in authorized firewall WSSO users.

618456

High cw_acd usage upon polling a large number of wireless clients with REST API.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

558685

FortiOS 6.4.1 is no longer vulnerable to the following CVE Reference:

  • CVE-2020-12812

Resolved issues

The following issues have been fixed in version 6.4.1. To inquire about a particular bug, please contact Customer Service & Support.

Anti Virus

Bug ID

Description

582368

URL threat detection version show a large negative number after the FortiGate reboots.

Data Leak Prevention

Bug ID

Description

582480

scanunit crashes with signal 11 in dlpscan_mailheader when AV scans files via IMAP.

611513 DLP triggers scan unit watchdog timer and does not block the files.

Explicit Proxy

Bug ID

Description

617934

Web proxy should support forward server on TLS 1.3 certificate inspection connection.

624513

IP pool address in proxy policy is not used sometimes when enabling a security profile.

630434

WAD crashed at wad_ssl_port_p2s_supported_versions with signal 11.

File Filter

Bug ID

Description

626652

The unknown and BIN file types catch too many random files, which leads to inconsistent results for web traffic.

Firewall

Bug ID

Description

622045

Traffic not matched by security policy when using service groups in NGFW policy mode.

622258

Move command in firewall service category does not work.

635074

Firewall policy dstaddr does not show virtual server available based on virtual WAN link member.

FortiView

Bug ID

Description

615524

FortiView > All Sessions should be supported as a standalone dashboard widget in navigation bar.

GUI

Bug ID

Description

401862

Monitor page display incorrect virtual server entries for IPv6, VIP46, and VIP64; right-clicking gives an error.

493819

Reorder function on Authentication Rules page does not work.

513694

User cannot log in to GUI when password change is required and has pre-login or post-login banner enabled or FIPS mode.

528145

BGP configuration gets applied on the wrong VDOM if user switches VDOM selection in between operations (slow GUI).

557786

GUI response is very slow when accessing IPsec Monitor (api/v2/monitor/vpn/ipsec is taking a long time).

564849

HA warning message remains after primary device takes back control.

589709

Status button in Tunnel column on IPsec Tunnels page should be removed.

594702

When sorting the interface list by the Name column, the ports are not always in the correct order (port10 appears before port2).

601568

Interface status is not displayed on faceplate when viewed from System > HA page.

606428

GUI does not allow multiple IPsec tunnels with the same destination IP bound to the same interface but sourced from a different IP.

607549

GUI CMDB API to support case sensitive/insensitive filtering.

611857

Custom admin profile not showing logs as expected.

614056

Disabling the Idle Logout toggle on the SSL-VPN Settings page does not change the idle timeout setting, so the change does not persist after clicking Apply.

617937

Cannot add wildcard FQDN address into group in Edit SSL/SSH Inspection Profile page.

622510

Page gets stuck and message field is blank when doing policy lookup with a non-IP protocol.

623939

Interface bandwidth widgets for WAN, PPPoE and VDOM link interfaces are not loading.

624551

On POE devices, several sections of the GUI take over 15 seconds to fully load.

625747

Server certificate does not load into IPS after configuring SSL inspection profile in replace mode.

628373

Software switch members and their VLANs are not visible in the GUI interfaces list.

631734

GUI not displaying PoE total power budget on FOS 6.2.3.

634677

User group not visible in GUI when editing the user with a single right-click.

HA

Bug ID

Description

596075

In a HA system, the two FortiGates cannot sync when enabling vcluster2 and adding a CRL file on vcluster2 VDOM.

610324

HA sync has high CPU due to large number of IPv6 routes.

620093

Connectivity issue between Azure App and MySQL server. FortiGate is marking the SYN packet with ECN=CE flag.

621583

HA cannot display status in GUI when heartbeat cables reconnect.

621621

Ether-type HA cannot be changed.

623642

It takes up to 10 seconds to get NPU VDOM link up when rebooting primary unit.

626715

Out of sync issue caused by firewall address group member is either duplicated or out of order.

631342

FG-100D HA active-passive mode not syncing.

Intrusion Prevention

Bug ID

Description

622741

Traffic was blocked during the test with flow UTMs enabled.

IPsec VPN

Bug ID

Description

610558

ADVPN cannot establish after primary ISP has recovered from failure and traffic between spokes is dropped.

611451

ADVPN one spoke behind NAT shortcut cannot connect to another spoke that is not behind NAT.

622506

L2TP over IPsec tunnel establishes but traffic cannot pass because wrong interface gets in route lookup.

623238

ADVPN shortcut cannot establish if both spokes are behind NAT.

631804

OCVPN errors showing in logs when OCVPN is disabled.

631968

IKE daemon signal 6 crash when phase1 add-gw-route is enabled.

Log & Report

Bug ID

Description

608187

Five fields (devtype, devcategory, mastersrcmac, srcmac, srcserver) are not included in the traffic log.

611778

FG-AWS unable to view log from FortiAnalyzer.

616485

Log ID 20114 missing in FGT_log_reference.xml and text.html.

622954

Inconsistent log output relating to the local-in policy.

623471

FortiGate did not change the time after daylight saving time.

628358

Logs are not generated in GUI and CLI after checking the file system (after power cable disconnected).

Proxy

Bug ID

Description

578850

Application WAD crash several times due to signal alarm.

601493

ISDB static route cannot be active for proxy policy.

612333

In FortiGate with squid configuration (proxy chain), get ERR_SSL_PROTOCOL_ERROR when using Google Chrome with certificate/deep inspection.

615791

Abbreviated handshake randomly receives fatal illegal_parameter against zendesk.com services/sites.

616577

WAD failed to do an error handling for bypass case.

617099

WAD crashes every few minutes.

617373

AV profiles block WSUS service.

619637

In transparent proxy policy with authentication on corporate firewall, it shows Access Denied after authentication.

620453

Application WAD crash several times due to signal alarm.

621787

On some smaller models, WAD watchdog times out when there is a lot of SSL traffic.

623108

FTP-TP reaches high memory usage and triggers conserve mode.

623213

Firewall does not handle 308 redirects properly for threat feed list.

624245

WAD crashes when all of these conditions are met: policy is doing deep inspection, SNI in client hello is in the exempt list, server certificate CNAME is not in the exempt list.

636508

FortiGate blocks traffic in transparent proxy policy, even if the traffic matches the proxy address.

Routing

Bug ID

Description

537354

BFD/BGP dropping when outbandwidth is set on interface.

580207

Policy route does not apply to local-out traffic.

616483

Policy route should not kick in for destination exclude-member.

617906

With multiple PPPoE links, local traffic to a link will cause RPF check fail if priority of the route is higher than the distance.

618100

Link health monitor with HTTP/TCP echo cannot send out probe packets in the setting interval when the server is unreachable.

619343

Cannot ping old VRIPs when adding new VRIPs.

622721

Disabling SD-WAN service caused no outgoing path to be recorded duplicate times.

625345

The single BGP update message contains the same prefix in withdrawn routes and NLRI (advertised route).

626549

SD-WAN rules created using ISDB do not match/forward via the correct interface.

627901

set dscp-forward option is missing when using maximize bandwidth strategy in SD-WAN rule.

629521

SD-WAN IPv6 default route cannot be redistributed into BGP using set default-originate-routemap6.

Security Fabric

Bug ID

Description

609182

Security Fabric Settings page sometimes cannot load FortiSandbox URL threat detection version despite FortiSandbox being connected.

619696

Automation stitch traffic is sent via mgmt with ha-direct to AWS Lambda after upgrading from 6.0.9 to 6.2.3.

622032

SSH as automation action is not working as expected.

623689

CSF branch FortiGate cannot successfully connect/verify certificate with remote EMS server.

SSL VPN

Bug ID

Description

556314

SSL VPN group bookmarks shown only for the first matched policy.

602480

Use jQuery to customize FortiGate SSL VPN log in page.

604402

SSL VPN web access prompts for certificate authentication irrespective of realm.

607413

SMB/CIFS bookmark name gets scrambled if it contains special characters like space, backslash, colon, etc.

608453

Internal website is not accessible from SSL VPN due to some Sage X3 JS files with errors.

609358

Host check related settings should not be skipped when IPv6 tunnel mode is enabled.

610564

RDP over web mode SSL VPN to a Windows Server changes the time zone to GMT.

610905

SSL VPN bypassing logon count limit with different case in user name.

611190

SSL VPN SNI realm check does not work as expected when accessing non-specified SNI.

612540

SSL VPN web mode has problem accessing EPX website.

613111

Traffic cannot pass through FortiGate in SSL VPN web mode if the user is a PKI peer.

613612

Important GUI pages in 6.4.0 are not rendered well by SSL VPN portal.

615453

Web socket using socket.io could not be established through SSL VPN web mode.

616189

Cannot access, read, or download SharePoint 2019 or OneDrive documents; times out.

616429

Local user assigned with FortiToken cannot log in to SSL VPN web/tunnel mode when password change is required.

616879

Traffic cannot pass through FortiGate for SSL VPN web mode if the user is a PKI peer.

617170

https://outlook.office365.com cannot be accessed in SSL VPN web portal.

619296

FortiGate reverts default values of text on buttons in SSL VPN log on page.

619369

SSL VPN web mode has access problem for engage.leithaeusl website.

619914

Split-tunnel information is not recognized by FortiClient Linux and legacy forticlientsslvpn_linux.

620221

File downloaded from SFTP server of SSL VPN portal is sometimes falsified.

621270

SSL VPN user groups are corrupted in auth list when the user is a member of more than 100 groups.

622068

Adding FQDN routing address in split tunnel configuration injects single route in client for multiple A records.

622871

SSL VPN web mode not displaying full customer webpage after logging in.

623231

Pages could not be shown after logging in to back-end application server.

624145

An internal website via SSL VPN web portal failed to load an external resource.

624197

SSL VPN web mode does not completely load the redirected corporate SSO page when accessing an internal resource.

624288

After SSL VPN proxy, one JS file runs with error.

624477

FortiClient SSL VPN split tunnel is not working from macOS Catalina.

625301

Riverbed SteelCentral AppResponse login form is not displaying in SSL VPN web mode.

625338

sslvpnd crashing with signal 7 on get_free_idx.

625554

SSL VPN connection was used when the DTLS UDP packet process failed and connection was destroyed.

626237

SAP portal link is not working in SSL VPN web mode.

626351

Online Excel file could not be displayed in SSL VPN web mode.

626816

In web mode, after entering the username/password in back-end application server, logging in, and waiting for a while, the URL automatically changes to a direct connection to the back-end.

627456

Traffic cannot pass when SAML user logs in to SSL VPN portal with group match.

629373

SAML login button is lost on SSL VPN portal.

Switch Controller

Bug ID

Description

613323

FortiSwitch trunk configuration sync issue after FortiGate failover.

622812

VLANs on a FortiLink interface configured to use a hardware switch interface may fail to come up after upgrading or rebooting.

System

Bug ID

Description

583472

When system is in an extremely high memory usage state (~90%), a power supply status Power supply 1 AC is lost might be mistakenly logged.

585053

NP6 VLAN LACP-based interface RX/TX counters not increasing.

589792

Secondary members of a redundant interface process frames creating duplicates when NP6 offload is enabled.

594871

Potential memory leak triggered by FTP command in WAD.

600560

SMC time has big drift after running a long time without rebooting.

610900

Low throughput on FG-2201E for traffic with ECN flag enabled.

611512

When a LAG is created between 10 GE SFP+ slots and 25 GE SFP28/10 GE SFP+ slots, only about 50% of the sessions can be created. Affected models: FG-110xE, FG-220xE, and FG-330xE.

613136

Uninitialized variable that may potentially cause httpsd signal 6 and 11 crash issue.

615168

Traffic with priority field fails to traverse NP6 shaper.

615435

Crashes might happen due to CMDB query allocation failure causing a segmentation fault.

615451

Empty VIP groups allowed when restoring a configuration file.

617154

Fortinet_CA is missing in FG-3400E.

617409

The FG-800D HA LED is off when HA status is normal.

617453

fgfmsd crash due to REST agent.

619023

Proxy ARP configuration not loaded after interface shut/not shut.

619234

Purge policy is very slow when the number of policies is close to the maximum.

623113

FortiGate not entering A records in shadow DNS database for cross-subdomain CNAME requests.

625053

TCP SYN-ACK sent to different gateway when proxy-based UTM profiles are used.

628124

source-ip under system fortiguard is not taken for directregistration.fortinet.com when using Register with FortiCare window.

636069

Unable to handle kernel NULL pointer dereference at 000000000000008f.

630658

Auto-script output file size over 400 MB when configured output size is default 10 MB.

632407

Cannot delete VDOM due to ssl.vdom1 interface after changing mode from split-task VDOM to multi VDOM.

Upgrade

Bug ID

Description

615972

After upgrading from 6.2.2 to 6.2.3, the description field in the table has disappeared under DHCP reservation.

User & Authentication

Bug ID

Description

544035

Sessions authenticated by email time out by the policy timeout, which is much shorter than the timeout used by email/MAC authentication in the original pre-6.0 behavior.

591170

Sessions are removed from session table when FSSO group order is changed.

604906

FortiOS does not prompt for token when using RADIUS and two-factor authentication to connect to IPsec IKEv2.

605437

FortiOS does not understand CMPv2 grantedWithMods response.

609655

Captive portal exemption after upgrading the device from 6.2.2 to 6.2.3.

620097

Persistent sessions for de-authenticated users.

620941

Two-factor authentication using FortiClient SSL VPN and FortiToken Cloud is not working due to push notification delay.

621161

src-vis crashes on receipt of certain ONVIF packets.

624328

Fix IoT daemon segfault crashes.

626532

fnbamd is not sending Calling-Station-Id in Acces-Request for L2TP/IPsec since 5.4.0.

627144

Remote admin LDAP user login has authentication failure when the same LDAP user has local two-factor authentication.

VM

Bug ID

Description

606527

GUI and CLI interface dropdown lists are inconsistent.

613730

Unable to update routing table for a resource group in a different subscription for Azure SDN.

613759

Azure VM IPsec VPN crashed with mlx5 driver (to_HUB1: hw csum failure).

622031

azd keeps crashing if Azure VM contains more than 15 tags.

623376

Cross-zone HA breaks after upgrading to 6.4.0 because upgrade process does not add relevant items under vdom-exception.

624657

Azure changes FPGA for Accelerated Networking live and VM loses SR-IOV interfaces.

627106

FG-VM64 console shows hw csum failure for VLAN interface on mlx5_core PF.

VoIP

Bug ID

Description

620742

RAS helper does not NAT the port 1720 in the callSignalAddress field of the RegistrationRequest packet sent from the endpoint.

630024

voipd crashes repeatedly.

Web Filter

Bug ID

Description

612217

Remove XOR from FortiGuard communications from URL filter, spam filter, and AV query.

616162

Custom replacement message is not shown when using web filter.

618153

FSSO users cannot proceed on web filter warning page in flow-based inspection.

620803

Group name missing on web filter warning page in proxy-based inspection.

621807

Filtering Services Availability status is down on the GUI when HTTP/80 is used for web filtering rating service.

625897

Filtering Services Availability status is down on the GUI when HTTP/80 is used for web filtering rating service.

WiFi Controller

Bug ID

Description

604853

Only the first Fortinet-Group-Name VSA is evaluated in authorized firewall WSSO users.

618456

High cw_acd usage upon polling a large number of wireless clients with REST API.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

558685

FortiOS 6.4.1 is no longer vulnerable to the following CVE Reference:

  • CVE-2020-12812