Known issues
The following issues have been identified in version 7.0.2. To inquire about a particular bug or report a bug, please contact Customer Service & Support.
Application Control
Bug ID |
Description |
---|---|
752569 |
Per IP shaper under application list does not work as expected for some applications. |
Endpoint Control
Bug ID |
Description |
---|---|
730767 |
The new HA primary FortiGate cannot get EMS Cloud information when HA switches over. Workaround: delete the EMS Cloud entry then add it back. |
GUI
Bug ID |
Description |
---|---|
440197 |
On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly. |
677806 |
On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status. |
685431 |
On the Policy & Objects > Firewall Policy page, the policy list can take around 30 seconds or more to load when there is a large number (over 20 thousand) of policies. Workaround: use the CLI to configure policies. |
707589 |
System > Certificates list sometimes shows an incorrect reference count for a certificate, and incorrectly allows a user to delete a referenced certificate. The deletion will fail even though a success message is shown. Users should be able to delete the certificate after all references are removed. |
708005 |
When using the SSL VPN web portal in the Firefox, users cannot paste text into the SSH terminal emulator. Workaround: use Chrome, Edge, or Safari as the browser. |
713529 |
When a FortiGate is managed by FortiManager with FortiWLM configured, the HTTPS daemon may crash while processing some FortiWLM API requests. There is no apparent impact on the GUI operation. |
735248 |
On a mobile phone, the WiFi captive portal may take longer to load when the default firewall authentication login template is used and the user authentication type is set to HTTP. Workaround: edit the login template to disable HTTP authentication or remove the href link to googleapis. |
738027 |
The Device Inventory widget shows no results when there are two user_info parameters. Workaround: use the CLI to retrieve the device list. |
746953 |
On the Network > Interfaces page, users cannot modify the TFTP server setting. A warning with the message This option may not function correctly. It is already configured using the CLI attribute: tftp-server. appears beside the DHCP Options entry. Workaround: use the CLI. |
755177 |
When upgrade firmware from 7.0.1 to 7.0.2, the GUI incorrectly displays a warning saying this is not a valid upgrade path. |
756420 |
On the Security Fabric > Fabric Connectors page, the connection to FortiManager is shown as down even if the connection is up. Workaround: check the status in the CLI using |
HA
Bug ID |
Description |
---|---|
701367 |
In an HA environment with multiple virtual clusters, System > HA will display statistics for Uptime, Sessions, and Throughput under virtual cluster 1. These statistics are for the entire device. Statistics are not displayed for any other virtual clusters. |
IPsec VPN
Bug ID |
Description |
---|---|
740624 |
FortiOS 7.0 has new design for dialup VPN (no more route tree in the IPsec tunnel), so traffic might not traverse over the dialup IPsec VPN after upgrading from FortiOS 6.4.6 to 7.0.1, 7.0.2, or 7.0.3 if the server replies on the static route over the dynamic tunnel interface to route the traffic back to the client. Workaround: configure the config vpn ipsec phase2-interface edit <name> set src-subnet <x.x.x.x/x> next end |
761754 |
IPsec aggregate static route is not marked inactive if the IPsec aggregate is down. |
767945 |
In a setup with IPsec VPN IKEv2 tunnel on the FortiGate to a Cisco device, the tunnel randomly disconnects after updating to 7.0.2 when there is a CMDB version change (configuration or interface). |
Proxy
Bug ID |
Description |
---|---|
727629 |
An error case occurs in WAD while handling the HTTP requests for an explicit proxy policy. |
735893 |
After the Chrome 92 update, in FOS 6.2, 6.4, or 7.0 running an IPS engine older than version 5.00246, 6.00099, or 7.00034, users are unable to reach specific websites in proxy mode with UTM applied. In flow mode everything works as expected. |
766158 |
Video filter FortiGuard category takes precedence over allowed channel ID exception in the same category. |
Routing
Bug ID |
Description |
---|---|
745856 |
The default SD-WAN route for the LTE wwan interface is not created. Workaround: add a random gateway to the wwan member. config system sdwan config members edit 2 set interface "wwan" set gateway 10.198.58.58 set priority 100 next end end |
Security Fabric
Bug ID |
Description |
---|---|
614691 |
Slow GUI performance in large Fabric topology with over 50 downstream devices. |
753056 |
Recommendation information for Failed Login Attempts security rating rule should display Lockout duration should be at least 30 minutes, instead of 1800 minutes. |
753358 |
Unable to trigger automation trigger with FortiDeceptor Fabric event. |
755187 |
The security rating test for Unused Policies is incorrectly evaluated as Pass when there are unused policies with the accept action. |
SSL VPN
Bug ID |
Description |
---|---|
753515 |
DTLS does not work for SSL VPN and switches to TLS. |
757450 |
SNAT is not working in SSL VPN web mode when accessing an SFTP server. |
System
Bug ID |
Description |
---|---|
644782 |
A large number of detected devices causes httpsd to consume resources, and causes entry-level devices to enter conserve mode. |
681322 |
TCP 8008 permitted by authd, even though the service in the policy does not include that port. |
708228 |
A DNS proxy crash occurs during |
751715 |
Random LTE modem disconnections due to certain carriers getting unstable due to WWAN modem USB speed under super-speed. |
756713 |
Packet loss on the LAG interface (eight ports) using SFP+/SFP28 ports in both static and active mode. Affected models: FG-110xE, FG-220xE, and FG-330xE. |
758490 |
The value of the |
763185 |
High CPU usage on platforms with low free memory upon IPS engine initialization. |
764252 |
On FG-100F, no event is raised for PSU failure and the diagnostic command is not available. |
1041457 |
On FortiGate, kernel 4.19 does not work as expected when concurrently reassembling fragmented packets that have more than 64 destination IPv4 addresses. |
User & Authentication
Bug ID |
Description |
---|---|
750551 |
DST_Root_CA_X3 certificate is expired. Workaround: see the Fortinet PSIRT blog, https://www.fortinet.com/blog/psirt-blogs/fortinet-and-expiring-lets-encrypt-certificates, for more information. |
754725 |
After updating the FSSO DC agent to version 5.0.0301, the DC agent keeps crashing on Windows 2012 R2 and 2016, which causes lsass.exe to reboot. |
778521 |
SCEP fails to renew if the local certificate name length is between 31 and 35 characters. |
VM
Bug ID |
Description |
---|---|
691337 |
When upgrading from 6.4.7 to 7.0.2, GCP SDN connector entries that have a |
WAN Optimization
Bug ID |
Description |
---|---|
754378 |
When an AV profile is enabled in a WANOpt proxy policy on a server side FortiGate, EICAR sent over HTTPS will not get blocked. |
Web Filter
Bug ID |
Description |
---|---|
766126 |
Block replacement page is not pushed automatically to replace the video content when using a video filter. |