Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Built-in IPS engine

Resolved engine issues

Bug ID

Description

580391

Unable to create MAC address-based policies in NGFW mode.

638341

In some cases, IPS fails to get interface ID information that would result in IPS incorrectly dropping the session during static matching.

645848

FortiOS is providing self-signed CA certificate intermittently with flow-based SSL certificate inspection.

646961

Explicit FTPS data channel cannot be established through policy with flow-based inspection mode and AV enabled

654356

In NGFW policy mode, sessions are not re-validated when security policies are changed. A workaround is to clear sessions after a policy change.

669138

IPS Engine 4.067 crashes (segmentation fault and alarm clock).

672994

Web filter warning message does not contain certification chain.

676705

Custom IEC-104 application control signatures skipped after signature database update.

677834

HTTP traffic is dropped when custom proxy options are applied to a policy.

681611

IPS engine crashes (5.218 ips_dlp_alert).

683669

Firewall schedule settings are not following daylight saving time.

688888

BZIP2 file including EICAR is detected in the original direction of the flow mode firewall policy even though scan-bzip2 is disabled.

691196

One-arm IPS URL filter unable to block HTTPS websites.

691395

Signature false positives causing outage after IPS database update.

695441

Not getting past block/override page or warning page when doing a web filter override in flow mode.

695774

Remote category flow and proxy mode wildcard matching difference

696619

FGSP synchronized UDP sessions may be blocked in NGFW policy mode when asymmetric routing is used due to a policy matching failure. Other types of traffic may also be affected (such as TCP) in the case of failover of the reply direction traffic to a different FortiGate in the FGSP cluster.

696753

Chassis has multiple IPS crashes and UTM web filter is impacted after enabling web filter content header.

696819

IPS archive timestamp is dated from 1970.

707907

IPS engine (flow mode deep inspection) does not decrypt some TLS 1.3 sessions, which causes problems with application control detection.

713068

FGSP support in NGFW policy mode.

715136

High memory usage for some slab objects.

718452

set https-replacemsg disable causing connection RST on URLs in URL filter list (flow-based inspection).

719007

URL filtering followed by /* causes rating error.

719252

IPS engine crash.

721462

Memory usage increases up to conserve mode after upgrading IPS engine to 5.00239.

Built-in IPS engine

Resolved engine issues

Bug ID

Description

580391

Unable to create MAC address-based policies in NGFW mode.

638341

In some cases, IPS fails to get interface ID information that would result in IPS incorrectly dropping the session during static matching.

645848

FortiOS is providing self-signed CA certificate intermittently with flow-based SSL certificate inspection.

646961

Explicit FTPS data channel cannot be established through policy with flow-based inspection mode and AV enabled

654356

In NGFW policy mode, sessions are not re-validated when security policies are changed. A workaround is to clear sessions after a policy change.

669138

IPS Engine 4.067 crashes (segmentation fault and alarm clock).

672994

Web filter warning message does not contain certification chain.

676705

Custom IEC-104 application control signatures skipped after signature database update.

677834

HTTP traffic is dropped when custom proxy options are applied to a policy.

681611

IPS engine crashes (5.218 ips_dlp_alert).

683669

Firewall schedule settings are not following daylight saving time.

688888

BZIP2 file including EICAR is detected in the original direction of the flow mode firewall policy even though scan-bzip2 is disabled.

691196

One-arm IPS URL filter unable to block HTTPS websites.

691395

Signature false positives causing outage after IPS database update.

695441

Not getting past block/override page or warning page when doing a web filter override in flow mode.

695774

Remote category flow and proxy mode wildcard matching difference

696619

FGSP synchronized UDP sessions may be blocked in NGFW policy mode when asymmetric routing is used due to a policy matching failure. Other types of traffic may also be affected (such as TCP) in the case of failover of the reply direction traffic to a different FortiGate in the FGSP cluster.

696753

Chassis has multiple IPS crashes and UTM web filter is impacted after enabling web filter content header.

696819

IPS archive timestamp is dated from 1970.

707907

IPS engine (flow mode deep inspection) does not decrypt some TLS 1.3 sessions, which causes problems with application control detection.

713068

FGSP support in NGFW policy mode.

715136

High memory usage for some slab objects.

718452

set https-replacemsg disable causing connection RST on URLs in URL filter list (flow-based inspection).

719007

URL filtering followed by /* causes rating error.

719252

IPS engine crash.

721462

Memory usage increases up to conserve mode after upgrading IPS engine to 5.00239.