Known issues
The following issues have been identified in version 7.0.0. To inquire about a particular bug or report a bug, please contact Customer Service & Support.
Anti Virus
Bug ID |
Description |
---|---|
705591 |
When av-scan is enabled on the load end box, the FortiGate CPU hits 100% for over one minute. Such high CPU might cause WAD daemon signal 6 abort during that period.
|
Endpoint Control
Bug ID |
Description |
---|---|
707388 |
When EMS has an offline status, most of time the FortiClient de-registers from EMS and the client certificate will be empty in web browser certificate store. Workaround: configure the FortiGate access proxy with |
Explicit Proxy
Bug ID |
Description |
---|---|
708851 |
When visiting a website for the first time in Firefox, the disclaimer page is shown and the webpage loads normally. When visiting a website for a second time, Firefox may take a few minutes to show the disclaimer and then another few minutes to load the webpage. Workaround:use Chrome and Edge to visit websites. |
GUI
Bug ID |
Description |
---|---|
440197 |
On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly. |
610572 |
Guest user credentials never expire if a guest user logs in via the WiFi portal while an administrator is actively viewing the user's account via the GUI. If the administrator clicks OK in the user edit dialog after the guest user has logged in, the user's current login session is not subject to the configured expiration time. Workaround: do not click the OK button. Click the Cancel button to close the page. |
645158 |
When logging into the GUI via FortiAuthenticator with two-factor authentication, the FortiToken Mobile push notification is not sent until the user clicks Login. |
677806 |
On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status. |
685431 |
On the Policy & Objects > Firewall Policy page, the policy list can take around 30 seconds or more to load when there is a large number (over 20 thousand) of policies. Workaround: use the CLI to configure policies. |
695815 |
When editing the external connector Poll Active Directory Server from the GUI, the Users/Groups option is always an empty value, even if there is an existing group configured. Workaround: manage the option from the CLI. |
699508 |
When an administrator ends a session by closing the browser, the administrator timeout event is not logged until the next time the administrator logs in. |
701742 |
Items added to Favorites are lost after a logout or reboot. |
704618 |
When login banner is enabled, and a user is forced to re-login to the GUI (due to password enforcement or VDOM enablement), users may see a Bad gateway error and HTTPSD crash. Workaround: refresh the browser. |
707589 |
System > Certificates list sometimes shows an incorrect reference count for a certificate, and incorrectly allows a user to delete a referenced certificate. The deletion will fail even though a success message is shown. Users should be able to delete the certificate after all references are removed. |
708005 |
When using the SSL VPN web portal in the Firefox, users cannot paste text into the SSH terminal emulator. Workaround: use Chrome, Edge, or Safari as the browser. |
708121 |
After a user creates or edits an SSID interface, the GUI incorrectly navigates to the interfaces list instead of SSIDs list. |
708211 |
Administrators with VDOM scope cannot change their own password in the GUI. Workaround: use the CLI to change the password. |
708947 |
Policy dialogs (Firewall, NAT46, NAT64, Proxy) sometimes get stuck loading due to an error when generating a security rating report. Workaround: manually re-run the security rating report from the Security Fabric > Security Rating page. |
720657 |
Unable to reuse link local or multicast IPv6 addresses for multiple interfaces from the GUI. Workaround: use the CLI. |
722832 |
When LDAP server settings involve FQDN, LDAPS, and an enabled server identity check, the following LDAP related GUI items do not work: LDAP setting dialog, LDAP credentials test, and LDAP browser. |
734417 |
GUI incorrectly displays a warning saying there is not a valid upgrade path when upgrading firmware from 7.0.0 or 7.0.1 to 7.0.1 or 7.0.2. |
743477 |
On the Log & Report > Forward Traffic page, filtering by the Source or Destination column with negation on the IP range does not work. |
746953 |
On the Network > Interfaces page, users cannot modify the TFTP server setting. A warning with the message This option may not function correctly. It is already configured using the CLI attribute: tftp-server. appears beside the DHCP Options entry. Workaround: use the CLI. |
HA
Bug ID |
Description |
---|---|
703047 |
|
717525 |
FortiGate sends its serial number at the beginning of the file path via TFTP backup for CLI automation script or automation stitch when in the cluster. |
717785 |
HA primary does not send anti-spam and outbreak prevention license information to the secondary. |
Intrusion Prevention
Bug ID |
Description |
---|---|
721462 |
Memory usage increases up to conserve mode after upgrading IPS engine to 5.00239. |
IPsec VPN
Bug ID |
Description |
---|---|
691718 |
Traffic cannot pass through IPsec tunnel after FEC is enabled on server side if NAT is enabled between VPN peers. |
708940 |
When ADVPN with BGP has |
Proxy
Bug ID |
Description |
---|---|
709623 |
WAD crashes seen in user information upon user purge and during signal handling of user information history. |
724670 |
Crash seen in WAD user information daemon when updating user group count upon user log off. |
727629 |
An error case occurs in WAD while handling the HTTP requests for an explicit proxy policy. |
735893 |
After the Chrome 92 update, in FOS 6.2, 6.4, or 7.0 running an IPS engine older than version 5.00246, 6.00099, or 7.00034, users are unable to reach specific websites in proxy mode with UTM applied. In flow mode everything works as expected. |
REST API
Bug ID |
Description |
---|---|
713445 |
For API user tokens with CORS enabled and set to wildcard *, direct API requests using this token are not processed properly. This issue impacts FortiOS version 5.6.1 and later. Workaround: set CORS to an explicit domain. |
714075 |
When CORS is enabled for REST API administrators, POST and PUT requests with body data do not work with CORS due to the pre-flight requests being handled incorrectly. This only impacts newer browser versions that use pre-flight requests. |
Routing
Bug ID |
Description |
---|---|
703782 |
Traffic to FortiToken Mobile push server does not follow SD-WAN/PBR rules. |
Security Fabric
Bug ID |
Description |
---|---|
726831 |
Security rating for Local Log Disk Not Full reporting as failed for FortiGate models without log disks. |
SSL VPN
Bug ID |
Description |
---|---|
715928 |
SSL VPN signal 11 crashes at |
718133 |
In some conditions, the web mode JavaScript parser will encounter an infinite loop that will cause SSL VPN crashes. |
System
Bug ID |
Description |
---|---|
568399 |
FG-200E has |
644782 |
A large number of detected devices causes httpsd to consume resources, and causes entry-level devices to enter conserve mode. |
681322 |
TCP 8008 permitted by authd, even though the service in the policy does not include that port. |
705878 |
Local certificates could not be saved properly, which caused issues such as not being able to properly restore them with configuration files and causing certificates and keys to be mismatched. |
708228 |
A DNS proxy crash occurs during |
712506 |
25G-capable ports do not receive any traffic. Affected platforms: FG-1100E and FG-1101E. |
715978 |
NTurbo does not work with EMAC VLAN interface. |
721119 |
The forticron process uses high CPU. |
728647 |
DHCP discovery dropped on virtual wire pair when UTM is enabled. |
751715 |
Random LTE modem disconnections due to certain carriers getting unstable due to WWAN modem USB speed under super-speed. |
756713 |
Packet loss on the LAG interface (eight ports) using SFP+/SFP28 ports in both static and active mode. Affected models: FG-110xE, FG-220xE, and FG-330xE. |
1041457 |
On FortiGate, kernel 4.19 does not work as expected when concurrently reassembling fragmented packets that have more than 64 destination IPv4 addresses. |
Upgrade
Bug ID |
Description |
---|---|
701571 |
After upgrading from 6.4.5 to 7.0.0, all flow-based polices are switched to proxy if there is a SIP profile attached to the firewall policy. |
708250 |
Console prints |
713724 |
SD-WAN health check over IPsec interfaces no longer work if there is a specified gateway under the IPsec SD-WAN member. Workaround: remove the specified gateway. |
716912 |
SSH access may be lost in some cases after upgrading to 6.2.8, 6.4.6, or 7.0.0. |
User & Authentication
Bug ID |
Description |
---|---|
750551 |
DST_Root_CA_X3 certificate is expired. Workaround: see the Fortinet PSIRT blog, https://www.fortinet.com/blog/psirt-blogs/fortinet-and-expiring-lets-encrypt-certificates, for more information. |
778521 |
SCEP fails to renew if the local certificate name length is between 31 and 35 characters. |
WAN Optimization
Bug ID |
Description |
---|---|
702876 |
FortiGate web cache does not work in proxy mode. |
WiFi Controller
Bug ID |
Description |
---|---|
709871 |
After the firmware upgrade, the AP cannot register to the central WLC because NPU offload changed the source and destination ports from 4500 to 0. |