Resolved issues
The following issues have been fixed in version 6.4.12. To inquire about a particular bug, please contact Customer Service & Support.
Explicit Proxy
Bug ID |
Description |
---|---|
763796 |
FTP proxy refuses a connection on a freshly configured FortiGate. |
774442 |
WAD is NATting to the wrong IP pool address for the interface. |
GUI
Bug ID |
Description |
---|---|
794757 |
Inbound traffic on the interface bandwidth widget shows 0 bps on the VLAN interface. |
HA
Bug ID |
Description |
---|---|
662978 |
Long lasting sessions are expired on HA secondary device with a 10G interface. |
750978 |
Interface link status of HA members go down when |
785514 |
In some cases, the fgfmd daemon is blocked by a query to the HA secondary checksum, and it will cause the tunnel between FortiManager and the FortiGate to go down. |
838541 |
HA is out-of-sync due to |
859242 |
Unable to synchronize IPsec SA between FGCP members after upgrading. |
Hyperscale
Bug ID |
Description |
---|---|
805846 |
In the FortiOS MIB files, the trap fields |
IPsec VPN
Bug ID |
Description |
---|---|
675838 |
iked ignores phase 1 configuration changes due to frequent FortiExtender CMDB changes. |
855772 |
FortiGate IPsec tunnel role could be incorrect after rebooting or upgrading, and causes negotiation to be stuck when it comes up. |
858715 |
IPsec phase 2 fails when both HA cluster members reboot at the same time. |
Log & Report
Bug ID |
Description |
---|---|
838357 |
A deny policy with log traffic disabled is generating logs. |
Proxy
Bug ID |
Description |
---|---|
650348 |
FortiGate refuses incoming TCP connection to FTP proxy port after explicit proxy related configurations are changed. |
799381 |
WAD crash occurs when TLS 1.2 receives the client certificate and that server-facing SSL port has been closed due to the SSL bypass. |
Routing
Bug ID |
Description |
---|---|
817670 |
IPv6 route redistribution metric value is not taking effect. |
Security Fabric
Bug ID |
Description |
---|---|
837347 |
Upgrading from 6.4.8 to 7.0.5 causes SDN firewall address configurations to be lost. |
843043 |
Only the first ACI SDN connector can be kept after upgrading from 6.4.8 if multiple ACI SDN connectors are configured. |
857441 |
Azure Fabric connector process (azd) has high memory consumption during updates, which leads to entry-level FortiGate models entering conserve mode. |
SSL VPN
Bug ID |
Description |
---|---|
705880 |
Updated empty group with SAML user does not trigger an SSL VPN firewall policy refresh, which causes the SAML user detection to not be successful in later usage. |
742332 |
SSL VPN web portal redirect fails in http://qu***.jj***.bu***. |
746230 |
SSL VPN web mode cannot display certain websites that are internal bookmarks. |
748085 |
Authentication request of SSL VPN realm can now only be sent to user group, local user, and remote group that is mapped to that realm in the SSL VPN settings. The authentication request will not be applied to the user group and remote group of non-realm or other realms. |
784522 |
When trying to create a support ticket in Jira with SSL VPN proxy web mode, the dropdown field does not contain any values. |
822432 |
SSL VPN crashes after copying a string to the remote server using the clipboard in RDP web mode when using RDP security. |
825810 |
SSL VPN web mode is unable to access EMS server. |
834713 |
Getting re-authentication pop-up window for VNC quick connection over SSL VPN web proxy. |
848067 |
RDP over VPN SSL web mode stops work after upgrading to 6.4.10. |
852566 |
User peer feature for one group to match to multiple user peers in the authentication rules is broken. |
854143 |
Unable to access Synology NAS server through SSL VPN web mode. |
856316 |
Browser displays an Error, Feature is not available message if a file larger than 1 MB is uploaded from FTP or SMB using a web bookmark, even though the file is uploaded successfully. There are no issues with downloading files. |
Switch Controller
Bug ID |
Description |
---|---|
845667 |
Enabling |
859690 |
The flcfgd daemon crashes frequently on the HA passive unit. |
System
Bug ID |
Description |
---|---|
649729 |
HA synchronization packets are hashed to a single queue when |
713951 |
Not all ports are coming up after an LAG bounce on 8 × 10 GB LAG with ASR9K. Affected platforms: FG-3960E and FG-3980E. |
733096 |
FG-100F HA secondary's unused ports flaps from down to up, then to down. |
776052 |
Add SNMP MIB support for PBA pools. |
783939 |
IPv4 session is flushed after creating a new VDOM. |
784169 |
When a virtual switch member port is set to be an alternate by STP, it should not reply with ARP; otherwise, the connected device will learn the MAC address from the alternate port and send subsequent packets to the alternate port. |
787929 |
Deleting a VDOM that contains EMAC interfaces might affect the interface bandwidth widget of the parent VLAN. |
807334 |
DDNS is not working when cleartext is enabled. |
810466 |
EHP and HRX drop on NP6 FortiGate, causing low throughput. |
811367 |
Ports 33-35 constantly show suspect messaging in the transceiver output. Affected platforms: FG-2600F and FG-2601F. |
813607 |
LACP interfaces are flapping after upgrading to 6.4.9. |
815692 |
Slow upload speeds when connected to FIOS connection. Affected platforms: NP6Lite and NP6xLite. |
821000 |
QSFP and QSFP+ Fortinet transceivers are not operational on FG-3401E. |
824543 |
The |
827240 |
FortiGate in HA may freeze and reboot. Before the reboot, softIRQ may be seen as high. This leads to a kernel panic. |
827736 |
As the size of the internet service database expands, |
834850 |
GUI CLI console displays a |
847077 |
|
850774 |
Session synchronization packets may be dropped when using HA1/HA2. Affected platforms: FGT-420xF and FGT-440xF. |
Upgrade
Bug ID |
Description |
---|---|
848926 |
After upgrading, the AV filter feature set is changed from proxy mode to flow mode. |
User & Authentication
Bug ID |
Description |
---|---|
751763 |
When MAC-based authentication is enabled, multiple RADIUS authentication requests may be sent at the same time. This results in duplicate sessions for the same device. |
824999 |
Subject Alternative Name (SAN) is missing from the certificate upon automatic certificate renewal made by the FortiGate. |
845198 |
Local-in policies for authentication disappear and the authentication page returns a ERR_CONNECTION_TIMED_OUT error. The authentication page is not displayed because it is not rebuilt when |
853793 |
FG-81F 802.1X MAC authentication bypass (MAB) failed to authenticate Cisco AP. |
WiFi Controller
Bug ID |
Description |
---|---|
761836 |
FWF-8xF platforms should allow the DHCP server configuration of an aggregate interface (aplink) to be edited in the GUI. |
807713 |
FortiGate is not sending RADIUS accounting message consistently to RADIUS server for wireless SSO. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE references |
---|---|
843331 |
FortiOS 6.4.12 is no longer vulnerable to the following CVE Reference:
|
844920 |
FortiOS 6.4.12 is no longer vulnerable to the following CVE Reference:
|
845847 |
FortiOS 6.4.12 is no longer vulnerable to the following CVE Reference:
|
854227 |
FortiOS 6.4.12 is no longer vulnerable to the following CVE Reference:
|
865932 |
FortiOS 6.4.12 is no longer vulnerable to the following CVE Reference:
|