Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Built-in IPS engine

Resolved engine issues

Bug ID

Description

654356

In NGFW policy mode, sessions are not re-validated when security policies are changed. A workaround is to clear sessions after a policy change.

672994

Web filter warning message does not contain certification chain.

673117

TFTP traffic does not work well when TFTP application is set in security policy.

681611

IPS engine crashes (5.218 ips_dlp_alert).

696619

FGSP synchronized UDP sessions may be blocked in NGFW policy mode when asymmetric routing is used due to a policy matching failure. Other types of traffic may also be affected (such as TCP) in the case of failover of the reply direction traffic to a different FortiGate in the FGSP cluster.

707907

IPS engine (flow mode deep inspection) does not decrypt some TLS 1.3 sessions, which causes problems with application control detection.

713068

FGSP support in NGFW policy mode.

715136

High memory usage for some slab objects.

718452

set https-replacemsg disable causing connection RST on URLs in URL filter list (flow-based inspection).

719007

URL filtering followed by /* causes rating error.

719252

IPS engine crash.

720605

URL filter with exempt setting does not avoid anti virus and IPS inspection.

721410

Unable to open fb.watch website in flow mode using SSL deep inspection with application control.

721462

Memory usage increases up to conserve mode after upgrading IPS engine to 5.00239.

724400

Facebook.com website gives error in Firefox version 89 with flow mode and deep inspection.

724767

Hostname is garbled in event log that is detected by HTTP.Suspicious.Headers.With.Special.Characters.

Built-in IPS engine

Resolved engine issues

Bug ID

Description

654356

In NGFW policy mode, sessions are not re-validated when security policies are changed. A workaround is to clear sessions after a policy change.

672994

Web filter warning message does not contain certification chain.

673117

TFTP traffic does not work well when TFTP application is set in security policy.

681611

IPS engine crashes (5.218 ips_dlp_alert).

696619

FGSP synchronized UDP sessions may be blocked in NGFW policy mode when asymmetric routing is used due to a policy matching failure. Other types of traffic may also be affected (such as TCP) in the case of failover of the reply direction traffic to a different FortiGate in the FGSP cluster.

707907

IPS engine (flow mode deep inspection) does not decrypt some TLS 1.3 sessions, which causes problems with application control detection.

713068

FGSP support in NGFW policy mode.

715136

High memory usage for some slab objects.

718452

set https-replacemsg disable causing connection RST on URLs in URL filter list (flow-based inspection).

719007

URL filtering followed by /* causes rating error.

719252

IPS engine crash.

720605

URL filter with exempt setting does not avoid anti virus and IPS inspection.

721410

Unable to open fb.watch website in flow mode using SSL deep inspection with application control.

721462

Memory usage increases up to conserve mode after upgrading IPS engine to 5.00239.

724400

Facebook.com website gives error in Firefox version 89 with flow mode and deep inspection.

724767

Hostname is garbled in event log that is detected by HTTP.Suspicious.Headers.With.Special.Characters.