When the DNS filter is enabled with external-ip-blocklist, the IPS Engine remains in D status for an extended period of time and the DNS session ends.

Unrelated route changes will cause the existing session to be marked dirty.

When allow-traffic-redirect is enabled, redirect traffic that ingresses and egresses from the same interface may incorrectly get dropped if the source address of the incoming packet is different from the FortiGate's interface subnet and there is no firewall policy to allow the matched traffic.

In a FortiGate HA configuration, the tunnel connection to FortiManager is disrupted due to a mismatched serial number and local certificate issue.

After a third-party router failover, traffic traversing the IPsec tunnel is lost.

Using IPSec over back to back EMAC VLAN interfaces does not work as expected with NPU offload enabled.

IPsec VPN tunnel phase 2 instability after upgrading to 7.4.2 on the NP6xlite platform.

Traffic is interrupted on SPOKEs after upgrading to version 7.0.14 due to one NPU SA race condition.

Disk logging files are cached in the kernel, causing high memory usage.

On FortiGate, the locallogd process encounters a CPU usage issue for a few minutes after a reboot or a restart.

When the kernel API tries to access the command buffer, the device enters D state due to a kernel interruption.

CPU usage issue in WAD caused by source port exhaustion when using WAN optimization.

When a forward server with proxy authorization is configured with certain traffic, a memory usage issue in the WAD process interrupts the operation of FortiGate.

On FortiGate, a memory usage issue in the WAD process may cause the unit to enter into conserve mode.

After an upgrade, FortiOS encounters an error condition in the application daemon wad caused by an SSL cache error.

After upgrading from version 6.4.13 to version 7.0.12 or 7.0.13, FortiGate experiences a memory usage issue.

FortiGate may not work as expected due to an error condition in the daemon WAD.

Some websites cannot open subpages when the HTTP2 header value exceeds 16MB.

DHCP relay fails after a period of time with SD-WAN.

API call returns recursive next-hop for the gateway address.

The link-down-failover command does not bring the BGP peering down when the IPsec tunnel is brought down on the peer FortiGate.

The ICMP_TIME_EXCEEDED packet does not follow the original ICMP path displays the incorrect traceroute from the user.

When RDP is accessed through SSL VPN web mode, keyboard strokes on-screen lag behind what is being typed by users.

FortiGate does not respond to ARP packets related to SSL VPN client IP addresses.

A CPU usage issue occurs in the tvc daemon when the vpn server cannot be reached.

OneLogin SAML does not work with SSL VPN after upgrading to version 7.0.15 or 7.4.3.

The SSL VPN web mode flag is determined incorrectly causing the authenticated POST request to be dropped.

In a certain edge case, traffic directed towards a VLAN interface could cause a kernel interruption.

FortiGate encounters increasing Rx_CRC_Errors on SFP ports on the NP6 platform when an Ethernet frame contains carrier extension symbols to Cisco devices.

Possible infinite loop can cause FortiOS to become unresponsive until the FortiGate goes through a power cycle.

High CPU usage caused by DHCP packets.

When cmdbsvr receives a request to update the version number, it also receives a copy of the query, but this copy is not freed.

When an EMAC VLAN interface is set up on top of a redundant interface, the kernel may encounter an error when rebooting.

The diagnose npu sniffer stop command can lead to a traffic outage.

EMAC VLAN interface uses two MAC addresses when it should only use an internally generated MAC address.

High CPU usage caused by DHCP packets.

The EMAC VLAN, with a vlanid over a physical interface and a VIP configuration, has the incorrect mac address once traffic is offloaded.

FortiGate may generate a Power Redundancy Alarm error when there is no power loss. The error also does not show up in the system log.

After an upgrade, FortiGate receives a PSU RPS LOST traps error despite not having any RPS connected.

FortiGate loses connections to FortiManager due to a fatal unknown CA after upgrading from version 7.0.13 to 7.0.14.

When FortiGate experiences a memory usage issue and enters into conserve mode, the system file integrity check may not work as expected and cause the device to shutdown.

Insufficient free memory on entry-level Fortigate devices with 2 GB RAM may cause unexpected behavior in the IPS engine.

In a policy-based NGFW, when configuring the FSSO Agent on Windows AD External Connector, traffic is not forwarded.

On FortiGate, an interruption occurs in the kernel when running WAD process monitoring scripts.

FortiGate reboots due to the maximum buffer length difference between nTurbo and NPU HW. NPU will fragment packets which are more than 10000, but carries wrong extend info to nTurbo in the 2nd fragment.

The kernel 4.19 cannot concurrently reassemble IPv4 fragments for a source IP with more than 64 destination IP addresses.

If Azure accelerated networking is enabled, IPsec traffic cannot be redistributed using round-robin. This results in a CPU usage issue.

VPN tunnels go down due to IKE authentication loss after a firmware upgrade on the VM.

A FortiGate VM HA in Azure Cloud may intermittently go out of synchronization due to an issue in the daemon process.

FortiToken does not work as expected after moving a FortiGate-VM license to a new VM with the same serial number.

An kernel interruption occurs on FWF-40F/60F models when WiFi stations connect to SSID on the local radio.