Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known issues

The following issues have been identified in version 7.0.1. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Application Control

Bug ID

Description

701926

Stress test with application control only results in packet drops.

Endpoint Control

Bug ID

Description

708545

The WAD daemon is triggered to fetch the FortiClient information based on a ZTNA EMS tag enabled for checking in a proxy policy. It is then possible to get a ZTNA EMS tag in the firewall dynamic address and get the expected traffic control.

730767

The new HA primary FortiGate cannot get EMS Cloud information when HA switches over.

Workaround: delete the EMS Cloud entry then add it back.

Firewall

Bug ID

Description

738584

Firewall is using the wrong NAT IP address to send out traffic after removing the VIP and its associated policy.

GUI

Bug ID

Description

440197

On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly.

608770

When there is no IP/IPv6 address setting for Zone, the GUI incorrectly displays 0.0.0.0/0.0.0.0 for IP/Netmask and ::/0 for IPv6 Address.

631201

When editing an SSL/SSH inspection profile, the Show in Address List toggle in Edit Wildcard FQDN Address does not work when creating a new wildcard FQDN address.

653952

The web page cannot be found is displayed when a dashboard ID no longer exists.

Workaround: load another page in the navigation pane. Once loaded, load the original dashboard page (that displayed the error) again.

677611

On the Network > SD-WAN > SD-WAN Rules tab, an SD-WAN member with link status down is displayed as selected.

685431

On the Policy & Objects > Firewall Policy page, the policy list can take around 30 seconds or more to load when there is a large number (over 20 thousand) of policies.

Workaround: use the CLI to configure policies.

686500

Unable to specify a custom hostname during FortiGate setup.

689661

On the Policy & Objects > Firewall Policy page, policies that have enabled internet-service-src-custom and/or have specified an internet-service-src-custom-group are not listed in the policy list.

699508

When an administrator ends a session by closing the browser, the administrator timeout event is not logged until the next time the administrator logs in.

707589

System > Certificates list sometimes shows an incorrect reference count for a certificate, and incorrectly allows a user to delete a referenced certificate. The deletion will fail even though a success message is shown. Users should be able to delete the certificate after all references are removed.

708005

SSH from web portal does not copy/paste in Firefox.

713529

When FortiAnalyzer is configured, the HTTPS daemon may crash while processing some FortiAnalyzer log requests. There is no apparent impact on the GUI operation.

714304

Special characters <, >, (, ), #, ', and " are allowed in the name when set from the CLI. When set from the GUI they are flagged as invalid.

716571

Missing ICL connection between switches in the same tier of a topology.

720613

The event log sometimes contains duplicated lines when downloaded from the GUI.

720657

Unable to reuse link local or multicast IPv6 addresses for multiple interfaces from the GUI.

Workaround: use the CLI.

721710

Data fails to load when the Security Fabric is enabled for a downstream FortiGate that has an upstream PPPoE interface to connect to the root.

722133

On the Policy & Objects > Central SNAT page, one-to-one IP pools do not appear in the NAT policy.

722450

The rating rule Disable Username Sensitivity Check incorrectly fails for remote LDAP users with two-factor authentication disabled.

722832

When LDAP server settings involve FQDN, LDAPS, and an enabled server identity check, the following LDAP related GUI items do not work: LDAP setting dialog, LDAP credentials test, and LDAP browser.

723988

On the WiFi & Switch Controller > FortiSwitch Ports page, the PoE option is grayed out so is cannot be configured. The CLI must be used.

727035

Unable to change FortiSwitch port status when native VLAN is empty.

728651

When populating the BGP global table from the GUI (Network > BGP), BGPD process memory increases until it exhausts memory and goes into conserve mode.

728742

Unable to reorder Favorites after upgrading to FortiOS 7.0.

729075

Tooltip for FortiView Comprised Host fails with a JavaScript error.

729675

System > Settings page does not load for a FortiGate in carrier mode with an administrator profile that has custom firewall settings.

730069

On the Network > Static Routes page, users are unable to create a static route with Automatic gateway retrieval enabled when a DHCP interface is specified.

730211

Interface widget does not show data when the browser time differs from FortiGate UTC time.

732618

On the Network > Interfaces page, when Dedicated Management Port is enabled on an interface and the Trusted Host 1 IP address is set to 0.0.0.0/0, settings cannot be saved.

733375

On the VPN > SSL-VPN Settings page, after clicking Apply, source-address objects become source-address6 objects if IPv6 is enabled.

733582

The IP/Mac Based Access Control radio button is no longer present in the Firewall Policy dialog from implicit policy projects.

734417

When upgrading firmware from 7.0.0 to 7.0.1, GUI incorrectly displays a warning saying this is not a valid upgrade path.

735114

In FortiView Sources, on a multi-VDOM FortiGate, if there is no cache for IOC (compromised hosts), a request to filter by IOC is sent to all VDOMs on the FortiGate, not just the current VDOM.

735248

On a mobile phone, the WiFi captive portal may take longer to load when the default firewall authentication login template is used and the user authentication type is set to HTTP.

Workaround: disable HTTP authentication in the login template, or remove the href link to googleapis in the login template.

738027

Device Inventory widget displays No results although devices are listed in the CLI.

742561

GUI shows The minimum value is 2 error message for VLAN ID of a VLAN switch.

743743

httpsd crashes due to GET /api/v2/log/.../virus/archive request when the mkey is not provided.

744168

On the Security Profiles > SSL/SSH Inspection page, a new SSL/SSH inspection profile cannot be created when the Inspection method is SSL Certificate Inspection.

744860

On the System > Settings page, when the time zone is set to (GMT-6:00) Central America, the current system time is off by one hour during Daylight Saving Time (DST).

745325

Update interval for SDN connectors in the GUI cannot be set to 60. It automatically switches to the Use Default option.

745998

Unable to delete IPsec phase 1 interface if the name contains a /.

746012

FortiGate Cloud IOC is unable to generate IOC events on the FortiGate.

746953

TFTP server (under DHCP Server) configured in the CLI is not reflected in the GUI.

HA

Bug ID

Description

695067

When there are more than two members in a HA cluster and the HA interface is used for the heartbeat interface, some RX packet drops are observed on the HA interface. However, no apparent impact is observed on the cluster operation.

Workaround: do not use the HA interface as a heartbeat interface.

701367

In an HA environment with multiple virtual clusters, System > HA will display statistics for Uptime, Sessions, and Throughput under virtual cluster 1. These statistics are for the entire device. Statistics are not displayed for any other virtual clusters.

705237

Remote two-factor authentication is not working for HA secondary management interface.

717788

FGSP has problem at failover when NTurbo or offloading is enabled (IPv4) with virtual wire pair traffic.

725240

HA cluster goes out of sync due to mismatched vpn.certificate.crl checksum.

729590

DDNS registration fails on vcluster2 VDOMs.

734138

HA standby management IP does not reply to ping if the link-failed-signal option is enabled and when the monitor interface is down.

Intrusion Prevention

Bug ID

Description

669089

IPS profile dialog in GUI shows misleading All Attributes in the Details field for filter entries with a CVE value.

IPsec VPN

Bug ID

Description

668997

Duplicate entry found error shown when assigning multiple dialup IPsec tunnels with the same secondary IP in the GUI.

726450

Local out dialup IPsec traffic does not match policy-based routes.

729879

Static IPsec tunnel with signature authentication method cannot be established on FIPS-CC mode FortiGate because the certificate subject verification changes to RDN bitwise comparison based.

730449

SD-WAN service traffic will be interrupted after upgrading to 7.0.1 if all of the following conditions are matched in its 6.4.x configuration:

  • Using set gateway enable in a particular SD-WAN service

  • Having mode-cfg configured

  • Not having ADVPN configured on the hub

Workaround: Before upgrading, update the hub and spoke configurations as follows:

  • On the hub, enable the exchange-interface-ip option on the dial-up phase1 interface with mode-cfg configured.

  • On the spoke, enable auto-discovery-receiver on the related phase1 interface.

Log & Report

Bug ID

Description

724827

Syslogd is using the wrong source IP when configured with interface-select-method auto.

731154

SSL VPN tunnel down event log (log ID 39948) is missing.

Proxy

Bug ID

Description

663088

Application control in Azure fails to detect and block SSH traffic with proxy inspection.

724670

Crash seen in WAD user information daemon when updating user group count upon user log off.

725628

WAD HTTP parser string leak for hostname and scheme with trace-auth-no-rsp enabled.

735893

After the Chrome 92 update, in FOS 6.2, 6.4, or 7.0 running an IPS engine older than version 5.00246, 6.00099, or 7.00034, users are unable to reach specific websites in proxy mode with UTM applied. In flow mode everything works as expected.

REST API

Bug ID

Description

731136

The following API has a change in response format, which may break backward compatibility for existing integration:

POST /api/v2/monitor/system/config/restore

New format results: {'config_restored': True}

Old format results: {'restore_started': True, 'session_id': 'nTuRkV'}

Note that only the response format is changed. The actual configuration restoration operation still works as before. The integration application should handle this new response format so it can return correct response message back to the user.

Security Fabric

Bug ID

Description

670451

ACI SDN connector (connected by aci-direct) shows curl error 7 when updating from second VDOM.

717080

csfd shows high memory usage due to the JSON object not being used properly and the reference not being released properly.

724071

Log disk usage from user information history daemon is high and can restrict the use for general logging purposes.

726831

Security rating for Local Log Disk Not Full reporting as failed for FortiGate models without log disks.

731292

Dashboard Security Fabric widget takes a long time to load in the GUI.

731314

Security rating fails and displays Duplicate Firewall Objects message for FTP, FTP_GET, and FTP_PUT service objects.

733511

Automation stitch trigger count does not update when target device is a downstream device.

738344

When CSF root synchronizes a large automation setting (over 16000) to the downstream FortiGate, csfd crashes while trying to process the relay message.

740673

OCI Fabric connector has DNS failure in UK government region.

741346

The variable %%date%% resolves into 1900-01-00 instead of actual date when the schedule trigger type is used.

742743

Security rating Issue with unused deny policies.

SSL VPN

Bug ID

Description

718133

In some conditions, the web mode JavaScript parser will encounter an infinite loop that will cause SSL VPN crashes.

730416

Forward traffic log does not generate logs for HTTP and HTTPS services with SSL VPN web mode.

736822

Non-US keyboard layout in RDP session with SSL VPN web mode does not work correctly.

740378

Windows FortiClient 7.0.1 cannot work with FortiOS 7.0.1 over SSL VPN when the tunnel IP is in the same subnet as one of the outgoing interfaces and NAT is not enabled.

Switch Controller

Bug ID

Description

723501

When STP is enabled on a hardware switch interface, FortiLink loses its connection to FortiSwitch.

System

Bug ID

Description

619839

In FIPS-CC mode, keep getting fcron_set_mgmt_vdom()-122: Invalid mgmt- vfid=-1 message on console.

644616

NP6 does not update session timers for traffic IPsec tunnel if established over one pure EMAC VLAN interface.

644782

A large number of detected devices causes httpsd to consume resources, and causes low-end devices to enter conserve mode.

681322

TCP 8008 permitted by authd, even though the service in the policy does not include that port.

681791

Install preview does not show all changes performed on the FortiGate.

698003

When creating a new administrator, the administrator profile's reference is visible in other administrator accounts from different VDOMs.

706686

LAG interface between FortiGate and Cisco switch flaps when adding/removing member interface.

710635

GUI should hide the FortiGate Setup dialog if all setup steps are complete.

713835

The BLE pin hole behavior should not be applied on FG-100F generation 1 that has no BLE built in.

715978

NTurbo does not work with EMAC VLAN interface.

721487

FortiGate often enters conserve mode due to high memory usage by httpsd process.

722273

SA is freed while its timer is still pending, which leads to a kernel crash.

724779

HPE setting of NTurbo host queue is missing and causes IPS traffic to stop when HPE is enabled.

727343

Quarantined IP is not synchronized in FortiController mode.

728647

DHCP discovery dropped on virtual wire pair when UTM is enabled.

729636

FTLC1122RDNL transceiver is showing as not certified by Fortinet on FG-3800D.

731708

The FG-traffic VDOM is lost after restoring the configuration if split-VDOM mode is set in the configuration file.

740649

FortiGate sends CSR configuration without double quote (") to FortiManager.

748628

Modem init-string failed on 7.0.0 and 7.0.1 because it was unable to find the endpoint address.

748987

L2TP tunnel is not working properly for Android; only ping traffic passes.

User & Authentication

Bug ID

Description

707057

TACACS server traffic will not go through the specific interface from the GUI irrespective of the interface set under the TAC.

725056

FSSO local poller fails after recent Microsoft Windows update ( KB5003646, KB5003638, ...).

VM

Bug ID

Description

721439

Problems occur when switching between HA broadcast heartbeat to unicast heartbeat and vice versa.

729811

ASG synchronization is lost between secondary and primary instances if the secondary instance reboots. Affected platforms: all public cloud VMs and KVMs.

Workaround: run execute factoryreset2 on the secondary instance, and reconfigure the auto scaling group.

732556

AliCloud SDN connector will not fetch information from the secondary ENI, so filtering IP addresses by Vswitch ID and security group might be incorrect.

739376

vmwd gives an error when folders are created in the vSphere web interface, and vmwd ignores the IP addresses from vApp.

747194

EIP failed to update on Azure FG-VM.

WAN Optimization

Bug ID

Description

728861

HTTP/HTTPS traffic cannot go through when wanopt is set to manual mode and an external proxy is used.

Workaround: set wanopt to automatic mode, or set transparent disable in the wanopt profile.

WiFi Controller

Bug ID

Description

700356

CAPWAP daemon crashing due to IoT detection.

719217

Interface Bandwidth widget should exclude bridge VAP interface (and mesh VAP interface).

733608

FG-5001D unable to display managed FortiAPs after upgrading.

Known issues

The following issues have been identified in version 7.0.1. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

Application Control

Bug ID

Description

701926

Stress test with application control only results in packet drops.

Endpoint Control

Bug ID

Description

708545

The WAD daemon is triggered to fetch the FortiClient information based on a ZTNA EMS tag enabled for checking in a proxy policy. It is then possible to get a ZTNA EMS tag in the firewall dynamic address and get the expected traffic control.

730767

The new HA primary FortiGate cannot get EMS Cloud information when HA switches over.

Workaround: delete the EMS Cloud entry then add it back.

Firewall

Bug ID

Description

738584

Firewall is using the wrong NAT IP address to send out traffic after removing the VIP and its associated policy.

GUI

Bug ID

Description

440197

On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly.

608770

When there is no IP/IPv6 address setting for Zone, the GUI incorrectly displays 0.0.0.0/0.0.0.0 for IP/Netmask and ::/0 for IPv6 Address.

631201

When editing an SSL/SSH inspection profile, the Show in Address List toggle in Edit Wildcard FQDN Address does not work when creating a new wildcard FQDN address.

653952

The web page cannot be found is displayed when a dashboard ID no longer exists.

Workaround: load another page in the navigation pane. Once loaded, load the original dashboard page (that displayed the error) again.

677611

On the Network > SD-WAN > SD-WAN Rules tab, an SD-WAN member with link status down is displayed as selected.

685431

On the Policy & Objects > Firewall Policy page, the policy list can take around 30 seconds or more to load when there is a large number (over 20 thousand) of policies.

Workaround: use the CLI to configure policies.

686500

Unable to specify a custom hostname during FortiGate setup.

689661

On the Policy & Objects > Firewall Policy page, policies that have enabled internet-service-src-custom and/or have specified an internet-service-src-custom-group are not listed in the policy list.

699508

When an administrator ends a session by closing the browser, the administrator timeout event is not logged until the next time the administrator logs in.

707589

System > Certificates list sometimes shows an incorrect reference count for a certificate, and incorrectly allows a user to delete a referenced certificate. The deletion will fail even though a success message is shown. Users should be able to delete the certificate after all references are removed.

708005

SSH from web portal does not copy/paste in Firefox.

713529

When FortiAnalyzer is configured, the HTTPS daemon may crash while processing some FortiAnalyzer log requests. There is no apparent impact on the GUI operation.

714304

Special characters <, >, (, ), #, ', and " are allowed in the name when set from the CLI. When set from the GUI they are flagged as invalid.

716571

Missing ICL connection between switches in the same tier of a topology.

720613

The event log sometimes contains duplicated lines when downloaded from the GUI.

720657

Unable to reuse link local or multicast IPv6 addresses for multiple interfaces from the GUI.

Workaround: use the CLI.

721710

Data fails to load when the Security Fabric is enabled for a downstream FortiGate that has an upstream PPPoE interface to connect to the root.

722133

On the Policy & Objects > Central SNAT page, one-to-one IP pools do not appear in the NAT policy.

722450

The rating rule Disable Username Sensitivity Check incorrectly fails for remote LDAP users with two-factor authentication disabled.

722832

When LDAP server settings involve FQDN, LDAPS, and an enabled server identity check, the following LDAP related GUI items do not work: LDAP setting dialog, LDAP credentials test, and LDAP browser.

723988

On the WiFi & Switch Controller > FortiSwitch Ports page, the PoE option is grayed out so is cannot be configured. The CLI must be used.

727035

Unable to change FortiSwitch port status when native VLAN is empty.

728651

When populating the BGP global table from the GUI (Network > BGP), BGPD process memory increases until it exhausts memory and goes into conserve mode.

728742

Unable to reorder Favorites after upgrading to FortiOS 7.0.

729075

Tooltip for FortiView Comprised Host fails with a JavaScript error.

729675

System > Settings page does not load for a FortiGate in carrier mode with an administrator profile that has custom firewall settings.

730069

On the Network > Static Routes page, users are unable to create a static route with Automatic gateway retrieval enabled when a DHCP interface is specified.

730211

Interface widget does not show data when the browser time differs from FortiGate UTC time.

732618

On the Network > Interfaces page, when Dedicated Management Port is enabled on an interface and the Trusted Host 1 IP address is set to 0.0.0.0/0, settings cannot be saved.

733375

On the VPN > SSL-VPN Settings page, after clicking Apply, source-address objects become source-address6 objects if IPv6 is enabled.

733582

The IP/Mac Based Access Control radio button is no longer present in the Firewall Policy dialog from implicit policy projects.

734417

When upgrading firmware from 7.0.0 to 7.0.1, GUI incorrectly displays a warning saying this is not a valid upgrade path.

735114

In FortiView Sources, on a multi-VDOM FortiGate, if there is no cache for IOC (compromised hosts), a request to filter by IOC is sent to all VDOMs on the FortiGate, not just the current VDOM.

735248

On a mobile phone, the WiFi captive portal may take longer to load when the default firewall authentication login template is used and the user authentication type is set to HTTP.

Workaround: disable HTTP authentication in the login template, or remove the href link to googleapis in the login template.

738027

Device Inventory widget displays No results although devices are listed in the CLI.

742561

GUI shows The minimum value is 2 error message for VLAN ID of a VLAN switch.

743743

httpsd crashes due to GET /api/v2/log/.../virus/archive request when the mkey is not provided.

744168

On the Security Profiles > SSL/SSH Inspection page, a new SSL/SSH inspection profile cannot be created when the Inspection method is SSL Certificate Inspection.

744860

On the System > Settings page, when the time zone is set to (GMT-6:00) Central America, the current system time is off by one hour during Daylight Saving Time (DST).

745325

Update interval for SDN connectors in the GUI cannot be set to 60. It automatically switches to the Use Default option.

745998

Unable to delete IPsec phase 1 interface if the name contains a /.

746012

FortiGate Cloud IOC is unable to generate IOC events on the FortiGate.

746953

TFTP server (under DHCP Server) configured in the CLI is not reflected in the GUI.

HA

Bug ID

Description

695067

When there are more than two members in a HA cluster and the HA interface is used for the heartbeat interface, some RX packet drops are observed on the HA interface. However, no apparent impact is observed on the cluster operation.

Workaround: do not use the HA interface as a heartbeat interface.

701367

In an HA environment with multiple virtual clusters, System > HA will display statistics for Uptime, Sessions, and Throughput under virtual cluster 1. These statistics are for the entire device. Statistics are not displayed for any other virtual clusters.

705237

Remote two-factor authentication is not working for HA secondary management interface.

717788

FGSP has problem at failover when NTurbo or offloading is enabled (IPv4) with virtual wire pair traffic.

725240

HA cluster goes out of sync due to mismatched vpn.certificate.crl checksum.

729590

DDNS registration fails on vcluster2 VDOMs.

734138

HA standby management IP does not reply to ping if the link-failed-signal option is enabled and when the monitor interface is down.

Intrusion Prevention

Bug ID

Description

669089

IPS profile dialog in GUI shows misleading All Attributes in the Details field for filter entries with a CVE value.

IPsec VPN

Bug ID

Description

668997

Duplicate entry found error shown when assigning multiple dialup IPsec tunnels with the same secondary IP in the GUI.

726450

Local out dialup IPsec traffic does not match policy-based routes.

729879

Static IPsec tunnel with signature authentication method cannot be established on FIPS-CC mode FortiGate because the certificate subject verification changes to RDN bitwise comparison based.

730449

SD-WAN service traffic will be interrupted after upgrading to 7.0.1 if all of the following conditions are matched in its 6.4.x configuration:

  • Using set gateway enable in a particular SD-WAN service

  • Having mode-cfg configured

  • Not having ADVPN configured on the hub

Workaround: Before upgrading, update the hub and spoke configurations as follows:

  • On the hub, enable the exchange-interface-ip option on the dial-up phase1 interface with mode-cfg configured.

  • On the spoke, enable auto-discovery-receiver on the related phase1 interface.

Log & Report

Bug ID

Description

724827

Syslogd is using the wrong source IP when configured with interface-select-method auto.

731154

SSL VPN tunnel down event log (log ID 39948) is missing.

Proxy

Bug ID

Description

663088

Application control in Azure fails to detect and block SSH traffic with proxy inspection.

724670

Crash seen in WAD user information daemon when updating user group count upon user log off.

725628

WAD HTTP parser string leak for hostname and scheme with trace-auth-no-rsp enabled.

735893

After the Chrome 92 update, in FOS 6.2, 6.4, or 7.0 running an IPS engine older than version 5.00246, 6.00099, or 7.00034, users are unable to reach specific websites in proxy mode with UTM applied. In flow mode everything works as expected.

REST API

Bug ID

Description

731136

The following API has a change in response format, which may break backward compatibility for existing integration:

POST /api/v2/monitor/system/config/restore

New format results: {'config_restored': True}

Old format results: {'restore_started': True, 'session_id': 'nTuRkV'}

Note that only the response format is changed. The actual configuration restoration operation still works as before. The integration application should handle this new response format so it can return correct response message back to the user.

Security Fabric

Bug ID

Description

670451

ACI SDN connector (connected by aci-direct) shows curl error 7 when updating from second VDOM.

717080

csfd shows high memory usage due to the JSON object not being used properly and the reference not being released properly.

724071

Log disk usage from user information history daemon is high and can restrict the use for general logging purposes.

726831

Security rating for Local Log Disk Not Full reporting as failed for FortiGate models without log disks.

731292

Dashboard Security Fabric widget takes a long time to load in the GUI.

731314

Security rating fails and displays Duplicate Firewall Objects message for FTP, FTP_GET, and FTP_PUT service objects.

733511

Automation stitch trigger count does not update when target device is a downstream device.

738344

When CSF root synchronizes a large automation setting (over 16000) to the downstream FortiGate, csfd crashes while trying to process the relay message.

740673

OCI Fabric connector has DNS failure in UK government region.

741346

The variable %%date%% resolves into 1900-01-00 instead of actual date when the schedule trigger type is used.

742743

Security rating Issue with unused deny policies.

SSL VPN

Bug ID

Description

718133

In some conditions, the web mode JavaScript parser will encounter an infinite loop that will cause SSL VPN crashes.

730416

Forward traffic log does not generate logs for HTTP and HTTPS services with SSL VPN web mode.

736822

Non-US keyboard layout in RDP session with SSL VPN web mode does not work correctly.

740378

Windows FortiClient 7.0.1 cannot work with FortiOS 7.0.1 over SSL VPN when the tunnel IP is in the same subnet as one of the outgoing interfaces and NAT is not enabled.

Switch Controller

Bug ID

Description

723501

When STP is enabled on a hardware switch interface, FortiLink loses its connection to FortiSwitch.

System

Bug ID

Description

619839

In FIPS-CC mode, keep getting fcron_set_mgmt_vdom()-122: Invalid mgmt- vfid=-1 message on console.

644616

NP6 does not update session timers for traffic IPsec tunnel if established over one pure EMAC VLAN interface.

644782

A large number of detected devices causes httpsd to consume resources, and causes low-end devices to enter conserve mode.

681322

TCP 8008 permitted by authd, even though the service in the policy does not include that port.

681791

Install preview does not show all changes performed on the FortiGate.

698003

When creating a new administrator, the administrator profile's reference is visible in other administrator accounts from different VDOMs.

706686

LAG interface between FortiGate and Cisco switch flaps when adding/removing member interface.

710635

GUI should hide the FortiGate Setup dialog if all setup steps are complete.

713835

The BLE pin hole behavior should not be applied on FG-100F generation 1 that has no BLE built in.

715978

NTurbo does not work with EMAC VLAN interface.

721487

FortiGate often enters conserve mode due to high memory usage by httpsd process.

722273

SA is freed while its timer is still pending, which leads to a kernel crash.

724779

HPE setting of NTurbo host queue is missing and causes IPS traffic to stop when HPE is enabled.

727343

Quarantined IP is not synchronized in FortiController mode.

728647

DHCP discovery dropped on virtual wire pair when UTM is enabled.

729636

FTLC1122RDNL transceiver is showing as not certified by Fortinet on FG-3800D.

731708

The FG-traffic VDOM is lost after restoring the configuration if split-VDOM mode is set in the configuration file.

740649

FortiGate sends CSR configuration without double quote (") to FortiManager.

748628

Modem init-string failed on 7.0.0 and 7.0.1 because it was unable to find the endpoint address.

748987

L2TP tunnel is not working properly for Android; only ping traffic passes.

User & Authentication

Bug ID

Description

707057

TACACS server traffic will not go through the specific interface from the GUI irrespective of the interface set under the TAC.

725056

FSSO local poller fails after recent Microsoft Windows update ( KB5003646, KB5003638, ...).

VM

Bug ID

Description

721439

Problems occur when switching between HA broadcast heartbeat to unicast heartbeat and vice versa.

729811

ASG synchronization is lost between secondary and primary instances if the secondary instance reboots. Affected platforms: all public cloud VMs and KVMs.

Workaround: run execute factoryreset2 on the secondary instance, and reconfigure the auto scaling group.

732556

AliCloud SDN connector will not fetch information from the secondary ENI, so filtering IP addresses by Vswitch ID and security group might be incorrect.

739376

vmwd gives an error when folders are created in the vSphere web interface, and vmwd ignores the IP addresses from vApp.

747194

EIP failed to update on Azure FG-VM.

WAN Optimization

Bug ID

Description

728861

HTTP/HTTPS traffic cannot go through when wanopt is set to manual mode and an external proxy is used.

Workaround: set wanopt to automatic mode, or set transparent disable in the wanopt profile.

WiFi Controller

Bug ID

Description

700356

CAPWAP daemon crashing due to IoT detection.

719217

Interface Bandwidth widget should exclude bridge VAP interface (and mesh VAP interface).

733608

FG-5001D unable to display managed FortiAPs after upgrading.