Resolved issues
The following issues have been fixed in version 7.0.2. To inquire about a particular bug, please contact Customer Service & Support.
Anti Spam
Bug ID |
Description |
---|---|
743693 |
Anti spam engine crashes when extracting a malformed IP address from Received: headers. |
Anti Virus
Bug ID |
Description |
---|---|
665173 |
Crash logs are sometimes truncated/incomplete. |
702646 |
Re-enable JavaScript heuristic detection and fix detection blocking content despite low rating. |
724588 |
Flow AV quarantines a source IP when an AV scan error occurs. |
Application Control
Bug ID |
Description |
---|---|
701926 |
Stress test with application control only results in packet drops. |
Data Leak Prevention
Bug ID |
Description |
---|---|
745369 |
PDF corruption over HTTP by DLP. |
DNS Filter
Bug ID |
Description |
---|---|
722510 |
Rating requests to anycast SDNS server does not work as expected in SD-WAN. |
724657 |
Anycast SDNS server IP is not added to non-index 0 DNS proxy workers. |
Explicit Proxy
Bug ID |
Description |
---|---|
674996 |
WAD encounters segmentation crash at |
720363 |
When the client in web proxy mode uses the same session to send the HTTP requests with different host names, the HTTP host load balancing method does not take effect. |
721039 |
Short disconnections of streaming applications (Teams and Whereby) through explicit proxy. |
733863 |
Get 504 gateway timeout error when trying to access proxy.pac from remote users using dialup IPsec VPN. |
744564 |
Expand web proxy header content string size from 256 to 512, then to 1024. |
Firewall
Bug ID |
Description |
---|---|
644225 |
Challenge ACK is being dropped. |
726040 |
If a SYN has a different ISN in the SYN_SEND/SYN_RECV state, the FortiGate will let the SYN pass without updating the TCP sequence number, but drops the reply SYN/ACK because it fails the sequence number check. |
727790 |
The |
727809 |
Disabled deny firewall policy with virtual server objects is unable to be enabled after firewall reboot. |
729245 |
HTTP/1.0 health check should process the whole response when |
730803 |
Applying a traffic shaping profile and outbound bandwidth above 200000 blocks the traffic. |
735031 |
IPv6 policy is only allowing the first MAC address from the source list. |
736452 |
Unable to configure more than five health checks within virtual servers because of limitation of |
738584 |
Firewall is using the wrong NAT IP address to send out traffic after removing the VIP and its associated policy. |
741122 |
If a DCE/RPC packet has more than six string binding addresses, the expectation for the rest of the addresses will not be created, and the traffic will be denied. |
743800 |
SNAT hairpin traffic NATs to the incorrect IP address when central NAT is enabled without a central NAT rule. |
745853 |
FortiGate stops sending logs to Netflow traffic because the Netflow session cleanup routine runs for too long when there are many long live sessions in the cache. |
748226 |
In |
FortiView
Bug ID |
Description |
---|---|
707649 |
On the Dashboard > FortiView Sources page, when filtering by source and then drilling down to sessions , the GUI API call does not set the source IP filter. |
741792 |
Update FortiAnalyzer license REST API to use the FortiAnalyzer's licenses when in analyzer-collector mode. |
GUI
Bug ID |
Description |
---|---|
608770 |
When there is no IP/IPv6 address setting for Zone, the GUI incorrectly displays 0.0.0.0/0.0.0.0 for IP/Netmask and ::/0 for IPv6 Address. |
631201 |
When editing an SSL/SSH inspection profile, the Show in Address List toggle in Edit Wildcard FQDN Address does not work when creating a new wildcard FQDN address. |
653952 |
The web page cannot be found is displayed when a dashboard ID no longer exists. |
677611 |
On the Network > SD-WAN > SD-WAN Rules tab, an SD-WAN member with link status down is displayed as selected. |
681643 |
On the Network > Packet Capture page, the interface dropdown incorrectly lists interfaces that belong to a virtual wire pair. |
686500 |
Unable to specify a custom hostname during FortiGate setup. |
689661 |
On the Policy & Objects > Firewall Policy page, policies that have enabled |
699508 |
When an administrator ends a session by closing the browser, the administrator timeout event is not logged until the next time the administrator logs in. |
714304 |
Special characters |
714716 |
IPsec Monitor shows the same usernames and IPSec tunnel names for different users when the peer ID is configured on the FortiGate and/or FortiClient. |
716571 |
FortiSwitch topology view is missing the inter-chassis link (ICL) between FortiSwitches in the same tier of a topology containing two adjacent MC-LAG peer groups with at least two connections between the groups. |
720613 |
The event log sometimes contains duplicated lines when downloaded from the GUI. |
720657 |
Unable to reuse link local or multicast IPv6 addresses for multiple interfaces from the GUI. |
721710 |
Data fails to load when the Security Fabric is enabled for a downstream FortiGate that has an upstream PPPoE interface to connect to the root. |
722133 |
On the Policy & Objects > Central SNAT page, one-to-one IP pools do not appear in the NAT policy. |
722450 |
The rating rule Disable Username Sensitivity Check incorrectly fails for remote LDAP users with two-factor authentication disabled. |
722669 |
On the Network > Interfaces page, the DHCP range is incorrectly displayed when DHCP Server (status) is disabled. |
722832 |
When LDAP server settings involve FQDN, LDAPS, and an enabled server identity check, the following LDAP related GUI items do not work: LDAP setting dialog, LDAP credentials test, and LDAP browser. |
723988 |
On the WiFi & Switch Controller > FortiSwitch Ports page, the PoE option is grayed out so is cannot be configured. The CLI must be used. |
727035 |
Unable to change FortiSwitch port status when native VLAN is empty. |
727644 |
When the first row of sequence group in a policy table is deleted, the sequence group disappears. |
728651 |
When populating the BGP global table from the GUI (Network > BGP), BGPD process memory increases until it exhausts memory and goes into conserve mode. |
728742 |
Unable to reorder Favorites after upgrading to FortiOS 7.0. |
729075 |
Tooltip for FortiView Comprised Host fails with a JavaScript error. |
729675 |
System > Settings page does not load for a FortiGate in carrier mode with an administrator profile that has |
730069 |
On the Network > Static Routes page, users are unable to create a static route with Automatic gateway retrieval enabled when a DHCP interface is specified. |
730211 |
Interface widget does not show data when the browser time differs from FortiGate UTC time. |
732618 |
On the Network > Interfaces page, when Dedicated Management Port is enabled on an interface and the Trusted Host 1 IP address is set to 0.0.0.0/0, settings cannot be saved. |
733375 |
On the VPN > SSL-VPN Settings page, after clicking Apply, |
733582 |
The IP/Mac Based Access Control radio button is no longer present in the Firewall Policy dialog from implicit policy projects. |
734417 |
GUI incorrectly displays a warning saying there is not a valid upgrade path when upgrading firmware from 7.0.0 or 7.0.1 to 7.0.1 or 7.0.2. |
734773 |
On the System > HA page, when vCluster is enabled and the management VDOM is not the root VDOM, the GUI incorrectly displays management VDOM as primary VDOM. |
735114 |
In FortiView Sources, on a multi-VDOM FortiGate, if there is no cache for IOC (compromised hosts), a request to filter by IOC is sent to all VDOMs on the FortiGate, not just the current VDOM. |
739543 |
On the Network > Interfaces page, unable to create or edit a VLAN switch as the VLAN ID validation incorrectly fails. |
739827 |
On FG-VM64-AZURE, administrator is logged out every few seconds, and the following message appears in the browser: Some cookies are misusing the recommended "SameSite" attribute. |
743477 |
On the Log & Report > Forward Traffic page, filtering by the Source or Destination column with negation on the IP range does not work. |
744168 |
On the Security Profiles > SSL/SSH Inspection page, a new SSL/SSH inspection profile cannot be created when the Inspection method is SSL Certificate Inspection. |
744860 |
On the System > Settings page, when the time zone is set to (GMT-6:00) Central America, the current system time is off by one hour during Daylight Saving Time (DST). |
745325 |
When creating a new (public or private) SDN connector, users are unable to specify an Update interval that contains 60, as it will automatically switch to Use Default. |
745998 |
An IPsec phase 1 interface with a name that contains a |
746012 |
When a compromised host event is detected by a FortiGate Cloud instance, it cannot trigger the corresponding automation action. |
HA
Bug ID |
Description |
---|---|
695067 |
When there are more than two members in a HA cluster and the HA interface is used for the heartbeat interface, some RX packet drops are observed on the HA interface. However, no apparent impact is observed on the cluster operation. |
705237 |
Remote two-factor authentication is not working for HA secondary management interface. |
709963 |
When cluster members have a different size log disk configurations in the cluster system, failure occurs when users input a size higher than the default value on the primary device. |
714788 |
Uninterruptible upgrade might be broken in large scale environments. |
717788 |
FGSP has problem at failover when NTurbo or offloading is enabled (IPv4) with virtual wire pair traffic. |
721929 |
In an HA A-P scenario during failover, the new passive WCCP router ends up choosing a change number during the regular WCCP configuration initiation that will not trigger an assignment, which causes the WCCP assignment to be lost. |
723130 |
|
725240 |
HA cluster goes out of sync due to mismatched |
728670 |
In FGSP HA mode, the synchronizing mechanism of VWL daemon causes a synchronization message that goes back and forth infinitely, which causes the CPU and memory usage to keep increasing. |
729590 |
DDNS registration fails on vcluster2 VDOMs. |
729607 |
FTP transfers drop in active-active mode in cases where expectation sessions accumulated in the secondary unit reach the maximum number (128). |
734138 |
HA standby management IP does not reply to ping if the |
738350 |
In some cases, the hasync process has high memory on HA secondary device. |
744826 |
API key (token) on the secondary device is not synchronized to the primary when |
746008 |
DNS may not resolve correctly in a virtual cluster environment. It also impacts the FortiGate 6000F and 7000E/F series where DNS may not resolve on the correct blades (FPC/FPM). |
Intrusion Prevention
Bug ID |
Description |
---|---|
669089 |
IPS profile dialog in GUI shows misleading All Attributes in the Details field for filter entries with a CVE value. |
693800 |
IPS memory spike on firmware running version: 5.00229. |
698725 |
Custom IPS signature with deprecated options is causing a delay for the unit to boot up. |
699775 |
Fortinet logo is missing on web filter block page in Chrome. |
713508 |
Low download performance occurs when SSL deep Inspection is enabled on aggregate and VLAN interfaces when nTurbo is enabled. |
746467 |
IPS engine crashes when IPS injects packets to vNP and vNP/DPDK fails to restart (crashes and sometimes is out of service). |
IPsec VPN
Bug ID |
Description |
---|---|
668997 |
Duplicate entry found error shown when assigning multiple dialup IPsec tunnels with the same secondary IP in the GUI. |
685668 |
Modify IKE to check |
701404 |
Routes are not added or removed as expected when failover occurs with IPsec FGSP HA. |
707547 |
RADIUS accounting messages (IKEv2 EAP authentication) does not include the Class attribute (group name). |
722564 |
Missing peer ID in IKEv2 and IKEv1 main mode. |
725551 |
IKE idle timeout timers continue running when the HA state switches to secondary. |
726362 |
It is possible to add multiple domains, even though that functionality is currently not supported. |
726450 |
Local out dialup IPsec traffic does not match policy-based routes. |
729012 |
The NAT-T keep alive messages are being logged incorrectly, causing the FortiGate to generate a huge number of logs. |
729760 |
The ADVPN forwarder does not currently track the shortcut query that it forwards. Shortcut queries and replies are forwarded or terminated solely based on the route lookup. |
729879 |
Static IPsec tunnel with signature authentication method cannot be established on FIPS-CC mode FortiGate because the certificate subject verification changes to RDN bitwise comparison based. |
730449 |
SD-WAN service traffic will be interrupted after upgrading to 7.0.1 if all of the following conditions are matched in its 6.4.x configuration:
|
735430 |
TCP SYN-ACKs are silently dropped if the traffic is sourced from a dialup IPsec tunnel and UTM is enabled. |
735477 |
IKEv1 aggressive mode may crash if the initiator received its own message as the first response. |
743732 |
If a failure happens during negotiating a shortcut IPsec tunnel, the original tunnel NAT-T setting is reset by mistake. |
Log & Report
Bug ID |
Description |
---|---|
718140 |
Logs are missing on FortiGate Cloud from a certain point. |
724827 |
Syslogd is using the wrong source IP when configured with |
726690 |
Forward traffic log from disk is missing for virtual wire pair policy. |
726900 |
No traffic logs are shown after an overnight run. |
731154 |
SSL VPN tunnel down event log (log ID 39948) is missing. |
745310 |
Need to add the MIGSOCK send handler to flush the queue when the first item is added to the syslog queue to avoid logs getting stuck. |
Proxy
Bug ID |
Description |
---|---|
520176 |
Multiple WAD crashes observed with signal 6. The issue could be reproduced with a slow server that will not respond the connection in 10 seconds, and if the configuration changes during the 10 seconds. |
582464 |
WAD SSL crash due to wrong cipher options chosen. |
604373 |
When proxy-based deep inspection is enabled, a server requests a certificate from the client over TLS 1.2 and the client returns an ECDSA certificate. In a best case scenario, the handshake will fail. In a worst case scenario, WAD will crash. |
663088 |
Application control in Azure fails to detect and block SSH traffic with proxy inspection. |
688792 |
WAD crashes at |
696012 |
Video filter cannot block embedded video calling by channel or category. |
700073, 714109 |
YouTube server added new URLs ( |
706786 |
Multiple SSL connections without policies are being matched with multiple configuration changes for certificate updates, which may trigger a WAD crash. |
715280 |
When the user/interface count reaches the respective maximum, the operation of reducing this count could impact the CPU and cause WAD to crash. |
717995 |
Proxy mode generates untagged traffic in a virtual wire pair. |
719681 |
Flow control failure occurred while transferring large files when |
723104 |
Proxy mode deep inspection is causing website access problems. |
724129 |
WebSocket connection is not successful when IPS and application control are enabled in a proxy inspection policy. |
724670 |
Crash seen in WAD user information daemon when updating user group count upon user log off. |
725628 |
WAD HTTP parser string leak for hostname and scheme with |
726270 |
In deep scan mode when there is no SNI, WAD will use the server certificate CNAME for the URL filter check and ignores the host header. |
726999 |
WAD crash on |
728641 |
SSL renegotiation fails when Firefox offers TLS 1.3, but the server decides to use TLS 1.2. |
729797 |
CLI should block or warn users if an API gateway with the same service (protocol) and path are declared on the same ZTNA server. |
733760 |
Proxy inspection firewall policy with proxy AV blocks POP3 traffic of the Windows 10 built-in Mail app. |
737438 |
ZTNA HTTPS access proxy traffic is denied when a regular VIP and access proxy VIP (AP VIP) have the same external IP address. |
737737 |
WAD crashes when firewall FQDN address is null. |
738331 |
Excluded members in the address group are not excluded when the group is added to a proxy policy. |
744746 |
When a policy has both IPS and AV features enabled, WAD has a memory spike when downloading large files. |
744756 |
Web proxy forward server group could not recover sometimes if the FQDN is not resolved. |
744882 |
When using STARTTLS, proxyd performs deep inspection even when |
748194 |
Oversize log is not generated for a large EXE file when the |
REST API
Bug ID |
Description |
---|---|
731136 |
The following API has a change in response format, which may break backward compatibility for existing integration:
New format results: Old format results: Note that only the response format is changed. The actual configuration restoration operation still works as before. The integration application should handle this new response format so it can return correct response message back to the user. |
743743 |
httpsd crashes due to |
745926 |
Using multiple logical AND symbols (&) on monitor API filtering causes a 502 Bad Gateway error. |
Routing
Bug ID |
Description |
---|---|
537354 |
BFD/BGP dropping when |
724541 |
One IPv6 BGP neighbor is allowed to be configured with one IPv6 address format and shows a different IPv6 address format. |
724574, 731248 |
BFD neighborship is lost between hub and spoke. One side shows BFD as down, and other side does not show the neighbor in the list. |
725322 |
Improve the distance help text to indicate that 255 means unreachable. |
729002 |
PIM/PIM6 does not send out unicast packet with the correct source IP if interface is not specified. |
729621 |
High CPU on hub BGPD due to hub FortiGate being unable to maintain BGP connections with more than 1K branches when |
730194 |
When syncing a large number of service qualities, there is a chance of accessing out-of-boundary memory, which causes the VWL daemon to crash. |
730208 |
Traffic is not going through when the returning interface is changed. |
731683 |
SD-WAN did not check and properly handle cases of address groups with exclusion. |
733187 |
FortiGate to FortiManager connection issue when using a loopback interface with a non-default VRF as the source for central management. |
734628 |
SDNS traffic to the anycast IP servers does not follow the SD-WAN mode set in |
736705 |
ZEBOS launcher is unable to start and crashes constantly if |
737298 |
IPv6 fragmentation does not work as expected for VNE tunnel. |
737898 |
OSPFv3 cannot install IPv6 ECMP routes when both ABR next hops are in the same subnet. |
738366 |
VNE tunnel IPv6 reassembly does not work as expected when the IPv4 packet length is more than 1497 bytes. |
740377 |
HTTP probe response sends reset packets when the number of probes increases. |
741844 |
IPsec VPN does not come up due to incorrectly routed IKE packets. |
741947 |
SD-WAN routes are not installed in the kernel or FIB. |
742648 |
Health check over shortcut tunnel is dead after |
743138 |
OSPF does not use the correct netmask length after upgrading to 7.0.1 when sending a hello packet on an IPsec interface. |
743675 |
RIPv2 multiple routing entries are not reflected when receiving RIP updates via 802.3ad aggregate interface. |
746000 |
Multicast streams sourced on SSL VPN client are not registered in PIM-SM. |
Security Fabric
Bug ID |
Description |
---|---|
635183 |
ACI dynamic address cannot be retrieved in HA vcluster2 from SDN connector. |
670451 |
ACI SDN connector (connected by |
695424 |
SDN connector for GCP ignores project settings. |
717080 |
csfd shows high memory usage due to the JSON object not being used properly and the reference not being released properly. |
724071 |
Log disk usage from user information history daemon is high and can restrict the use for general logging purposes. |
726831 |
Security rating for Local Log Disk Not Full reporting as failed for FortiGate models without log disks. |
731292 |
Dashboard Security Fabric widget takes a long time to load in the GUI. |
731314 |
Security rating fails and displays Duplicate Firewall Objects message for FTP, FTP_GET, and FTP_PUT service objects. |
732268 |
Dynamic address configured with SDN connector for VMware is collecting less IP addresses than expected. |
733511 |
Automation stitch trigger count does not update when target device is a downstream device. |
735717 |
vmwd gives an error when folders are created in the vSphere web interface, and vmwd ignores the IP addresses from vApp. |
738344 |
When CSF root synchronizes a large automation setting (over 16000) to the downstream FortiGate, csfd crashes while trying to process the relay message. |
740673 |
OCI Fabric connector has DNS failure in UK government region. |
741346 |
The variable |
742603 |
Security rating fails due to duplicate address objects, even when no duplicate address objects exist. |
742743 |
Security rating Issue with unused deny policies. |
745263 |
AV & IPS DB Update automation trigger is not working when clicking Update Licenses & Definitions Now in the GUI. |
746950 |
When an Azure network interface ID contains upper case letters, the Azure SDN connector may not retrieve that network interface. |
SSL VPN
Bug ID |
Description |
---|---|
586035 |
The policy |
640169 |
When the FortiGate is set as the DUT monitored by another FortiGate , the SSL VPN has a memory leak because it continues to receive HTTP requests and creates an HTTP state and tasks to process the request. |
664276 |
SSL VPN host check validation not working for SAML user. |
677031 |
SSL VPN web mode does not rewrite playback URLs on the internal FileMaker WebDirect portal. |
706646 |
SolarWinds Orion NPM platform's web application has issues in SSL VPN web mode. |
710657 |
The |
711503 |
SSL VPN web mode access to internal web server http://10.2.1.78 is broken after upgrading to 7.0.0. |
711974 |
SSL VPN bookmarks are not working correctly with multiple SD-WAN zones. |
714155 |
SSL VPN bookmarks are not working correctly with customer internal website, https://it***.nt***.lo***. |
716289 |
Navigation menu of the internal web server, https://lm***.lm***.au***.vw***, is having issues in the SSL VPN web portal. |
718133 |
In some conditions, the web mode JavaScript parser will encounter an infinite loop that will cause SSL VPN crashes. |
718142 |
The map integrated in the public site is not visible when using SSL VPN web mode. |
718165 |
SSL VPN web mode redirection issue with http://10.3.24.14. |
718817 |
Customer internal website, http://192.168.*.28/mo***/index.php, cannot be shown SSL VPN web mode due to proxy error. |
722329 |
After SSL VPN proxy rewrite, some Nuage JS files have problems running. |
725986 |
SSL VPN web mode does not work as expected when accessing http://ot***.de***.sp***.go***. |
726338 |
The wildcard matching method does not always work as expected because the kernel sometimes does not have the address yet. |
726624 |
Jira web application (to***.cs***.tc***.co**) via SSL VPN web mode does not display website correctly. |
727286 |
Unable to browse directories hosted on Nextcloud server through SSL VPN. |
727551 |
When there are multiple user groups configured in a SSL VPN firewall policy, only the first user group is subjected for authentication verification. As a result, connection requests from other user groups may be terminated unexpectedly. A workaround is to use only one user group per SSL VPN policy. |
729426 |
The wildcard FQDN does not always work reliably in cases where the kernel does not have the address yet. |
729700 |
An internal website (https://cm***.va***.it***/cm***) does not load properly when connecting via SSL VPN web mode. |
729889 |
NexGEN server could not be displayed in SS LVPN web mode. |
730416 |
Forward traffic log does not generate logs for HTTP and HTTPS services with SSL VPN web mode. |
731278 |
Customer internal website (ac***.sa***.com) does not load properly when connecting via SSL VPN web mode. |
731606 |
Internal server (sa***.be***.com) is not loading after logging in with SSL VPN web mode. |
732943 |
If the client certificate is only set in a specific authentication rule of the SSL VPN, the peer user may not log in successfully. |
736436 |
Internal website (https://gg****.gl***.com/) shows a blank page in SSL VPN web mode. |
736822 |
Non-US keyboard layout in RDP session with SSL VPN web mode does not work correctly. |
737150 |
Internal website (oh***.com) could not be displayed in SSL VPN web mode. |
737154 |
Slow RDP response when using SSL VPN web mode access. |
737341 |
Some links and buttons are not working properly when accessing them through SSL VPN web mode. |
737751 |
HTML5 page is not fully loading for SSL VPN web mode users. |
738711 |
FortiClient error message is not pertinent when the client does not meet host checking requirements. |
738715 |
Contents of Jira application (in***.ds***.com) in SSL VPN web mode are not displayed correctly. |
738723 |
Video streaming does not work in SSL VPN web mode on https://te***.fortiddns.com:10443. |
739711 |
SSL VPN bookmark button for Jira (sa***.con***.com) malfunctions. |
740335 |
Internal website, https://te***.ko***.com, is not accessible in SSL VPN web mode. |
740378 |
Windows FortiClient 7.0.1 cannot work with FortiOS 7.0.1 over SSL VPN when the tunnel IP is in the same subnet as one of the outgoing interfaces and NAT is not enabled. |
741453 |
Unable to log in to VMware vSphere vCenter 7.0 through SSL VPN web portal. |
742332 |
SSL VPN web portal redirect fails in http://qu***.jj***.bu***. |
744494 |
Memory occupied by the SSL VPN daemon increases significantly while the process is busy. |
744899 |
SSL VPN RDP bookmark is not working when using Chrome 93 32-bit. Firefox 64-bit and Chrome 64-bit are still not supported on Windows 32-bit. |
745499 |
In cases where a user is establishing two tunnel connections, there is a chance that the second session knocks out the first session before it is updated, which causes a session leak. |
745554 |
Logging in with SSO to FortiAnalyzer with SSL VPN web mode fails. |
746938 |
Unable to authenticate to outlook.com/owa/vw***.com website in SSL VPN web mode. |
746990 |
RADIUS accounting messages after SSL VPN do not include the Class attribute (Group name). |
747352 |
Internal web server page, https://te***.ss***.es:10443, is not loading properly in SSL VPN web mode. |
747851 |
SSL VPN bookmark works on one URI (cu***.co***.cr***) and is not working on different URIs to the same destination server. |
749918 |
Keyboard keys do not work with RDP bookmarks when PT-BR and PT-BR-ABNT2 layouts are chosen. |
Switch Controller
Bug ID |
Description |
---|---|
723501 |
When STP is enabled on a hardware switch interface, FortiLink loses its connection to FortiSwitch. |
System
Bug ID |
Description |
---|---|
488400 |
NPU offload is disabled for IPsec over pure EMAC VLANs (EMAC interfaces without VLAN IDs). |
607565 |
Interface |
619839 |
In FIPS-CC mode, keep getting |
644616 |
NP6 does not update session timers for traffic IPsec tunnel if established over one pure EMAC VLAN interface. |
645848 |
FortiOS is providing self-signed CA certificate intermittently with flow-based SSL certificate inspection. |
666438 |
The iotd daemon has problems connecting to an anycast server when |
671824 |
On FG-40F, get |
681791 |
Install preview does not show all changes performed on the FortiGate. |
684563 |
Uploading a wrong script in the GUI can cause a continuous error. |
696852 |
Failure to synchronize with FortiGate NTP server, even if the FortiGate NTP server is not properly synchronized with its higher tier NTP server. |
698003 |
When creating a new administrator, the administrator profile's reference is visible in other administrator accounts from different VDOMs. |
698590 |
The |
700664 |
When the SD-WAN interface select method is configured in |
702966 |
There was a memory leak in the administrator login debug that caused the getty daemon to be killed. |
706686 |
LAG interface between FortiGate and Cisco switch flaps when adding/removing member interface. |
710635 |
GUI should hide the FortiGate Setup dialog if all setup steps are complete. |
712156 |
FortiCloud central management does not work if the FortiGate has trusted host enabled for the |
713835 |
The BLE pin hole behavior should not be applied on FG-100F generation 1 that has no BLE built in. |
715647 |
In VWP with |
715978 |
NTurbo does not work with EMAC VLAN interface. |
720858 |
DDNS update interval is abnormal on FG-140E-POE. |
721487 |
FortiGate often enters conserve mode due to high memory usage by httpsd process. |
722248 |
When |
722273 |
SA is freed while its timer is still pending, which leads to a kernel crash. |
722547 |
Fragmented SKB size occurs if the tail room is too small to carry the NTurbo |
724065 |
|
724446 |
High CPU for cmdbsvr when editing an address group. |
724779 |
HPE setting of NTurbo host queue is missing and causes IPS traffic to stop when HPE is enabled. |
725264 |
FG-600E copper speed LED does not work. |
726634 |
NTP daemon is not responding when using the manual setting. |
727343 |
Quarantined IP is not synchronized in FortiController mode. |
727829 |
DNS FQDN was not synchronized amongst all the working blade, so each blade might have different IP from the same FQDN. If policy a uses the FQDN as the address, it will cause the IP address of FQDN to not be in the list for the current blade, so the traffic will not match this FQDN policy. |
728647 |
DHCP discovery dropped on virtual wire pair when UTM is enabled. |
729636 |
FTLC1122RDNL transceiver is showing as not certified by Fortinet on FG-3800D. |
729939 |
Multiple processes crashing at the same time causes the device's management functionality to be unavailable when the packet size is smaller than |
731708 |
The FG-traffic VDOM is lost after restoring the configuration if split-VDOM mode is set in the configuration file. |
731789 |
Unable to set VDOM ID as filter in CLI for |
731821 |
MAP-E DDNS update request is not sent after booting up the device. |
732760 |
SNMP trap packets are sometimes not sent from the primary |
734120 |
IPv6 Ready Phase 2 test failed on destination options (local link). |
734565 |
Link monitor shows incorrect number of out-of-sequence packets. |
734631 |
SSH UMAC cipher was not configured for umac-128, which causes |
735492 |
Many processes are in a "D" state due to |
737711 |
When snmpd updates a huge table (~ 100K+) that might need more time than the SNMP client's timeout, the SNMP client meets a timeout error. |
738332 |
Connectivity issue with FortiGuard after upgrading from 7.0.0 to 7.0.1 when |
738640 |
Add support for FS-TRAN-FX 100 Mbps SFP optical transceivers on the FGR-60F and FGR-60F-3G4G models. Previously, there was no I2C reading/writing handler in drivers for FGR-60F and FGR-60F-3G4G. |
740649 |
FortiGate sends CSR configuration without double quote ( |
742416 |
DNS does not resolve on FIM01, but resolves on other blades. |
742471 |
Parsing FFDB may cause a crash when loading at reboot if the versions of FFDB_APP and FFDB_GEO_ID_FILE are different. |
743431 |
DDNS hostname is not correct when two VDOMs are configured. |
743735 |
Potential DHCP memory leak when lease is mocked from reserved address. |
745017 |
|
748628 |
Modem |
748987 |
L2TP tunnel is not working properly for Android; only ping traffic passes. |
User & Authentication
Bug ID |
Description |
---|---|
556724 |
LLDP neighbors cannot be seen on virtual switch ports. |
691838 |
Memory leaks and crashes observed during stress long duration performance test when using FortiToken Cloud. |
707057 |
TACACS server traffic will not go through the specific interface from the GUI irrespective of the interface set under the TAC. |
709964 |
Apple devices cannot load the FortiAuthenticator captive portal via the system pop-up only. |
711263 |
|
713503 |
When IdP uses optional SAML parameters, the firewall stops processing the login request. |
721747 |
Client certificate authentication fails with Windows Hello for Business certificates. |
725056 |
FSSO local poller fails after recent Microsoft Windows update ( KB5003646, KB5003638, ...). |
725327 |
FSSO user fails to log in with principal user name. |
725988 |
CRLs with the same name in different non-management VDOMs cannot be updated automatically. |
732413 |
Device IP is in the firewall user list , but it has no user name and group name, so the portal page cannot load. |
733065 |
When deauthorizing from the GUI, the notification is sent to fsae rather than fssod, even the if the authentication type is FSSO. |
739350 |
RADIUS response is sent even when the |
739702 |
There are unknown user logins on the FortiGate and the logs do not have any information for the unknown user. |
741403 |
Unknown user log in to FortiGate does not provide any information for the unknown user. |
742047 |
RADIUS Request Account-Status-Type Interim-Update Message does not have the Class attribute. |
744014 |
LLDP neighbors cannot be seen on virtual switch ports. |
VM
Bug ID |
Description |
---|---|
582123 |
EIP does not fail over if the primary FortiGate is rebooted or stopped from the Alibaba Cloud console. |
656701 |
FortiGate VMX Service Manager enters conserve mode (cmdbsvr has high memory utilization). |
721439 |
Problems occur when switching between HA broadcast heartbeat to unicast heartbeat and vice versa. |
722290 |
Azure slow path NetVSC SoftNIC has stuck RX. If using an IPsec tunnel, use UDP/4500 for ESP protocol (instead of IP/50 ) when SR-IOV is enabled. On the phase 1 interface, use If using cross-site IPsec data backup, use Azure VNet peering technology to build raw connectivity across the site, rather than using the default IP routing based on the assigned global IP address. |
729811 |
ASG synchronization is lost between secondary and primary instances if the secondary instance reboots. Affected platforms: all public cloud VMs and KVMs. |
732556 |
AliCloud SDN connector will not fetch information from the secondary ENI, so filtering IP addresses by Vswitch ID and security group might be incorrect. |
734148 |
The vmtoolsd and openvmtools processes are using a high amount of memory. |
736067 |
NSX connector sometimes stops updating addresses. |
739376 |
vmwd gives an error when folders are created in the vSphere web interface, and vmwd ignores the IP addresses from vApp. |
747194 |
EIP failed to update on Azure FG-VM. |
WAN Optimization
Bug ID |
Description |
---|---|
735049 |
The HEAD request fails when |
Web Filter
Bug ID |
Description |
---|---|
677234 |
Unable to block webpages present in the external list when accessing them through the Google Translate URL. |
739349 |
Web filter local rating configuration check might strip the URL, and the URL filter daemon does not start when |
744303 |
Websites are blocked when FortiGuard Category Based Filter is disabled in web filter profile while doing an SSL-exempt check. |
747591 |
Default web filter policy allows many of the potentially liable categories by default instead of blocking them. |
WiFi Controller
Bug ID |
Description |
---|---|
700356 |
CAPWAP daemon crashing due to IoT detection. |
719217 |
Interface Bandwidth widget should exclude bridge VAP interface (and mesh VAP interface). |
720674 |
cw_acd is crashing on FG-40F. |
733608 |
FG-5001D unable to display managed FortiAPs after upgrading. |
741946 |
FortiGate is not recognizing attribute 49, Acct-Terminate-Cause Value (6) Admin Reset, from RFC 2866. |
748154 |
802.1X clients are disconnected following FortiGuard update. |
751298 |
Cannot read properties of undefined (reading 'spectrum_analysis') error appears when viewing downstream FortiGate from upstream FortiGate in WiFi dashboard. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE references |
---|---|
722821 |
FortiOS 7.0.2 is no longer vulnerable to the following CVE References:
|
726300 |
FortiOS 7.0.2 is no longer vulnerable to the following CVE Reference:
|
744267 |
FortiOS 7.0.2 is no longer vulnerable to the following CVE References:
|