Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 7.0.5 FortiOS Release Notes

Known issues

7.0.5
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
Copy Link
Copy Doc ID b641b5e8-8903-11ec-9fd1-fa163e15d75b:236526
Download PDF

Known issues

The following issues have been identified in version 7.0.5. To inquire about a particular bug or report a bug, please contact Customer Service & Support.

Endpoint Control

Bug ID

Description

730767

The new HA primary FortiGate cannot get EMS Cloud information when HA switches over.

Workaround: delete the EMS Cloud entry then add it back.

Firewall

Bug ID

Description

770541

Within the Policy & Objects menu, the firewall, DoS, and traffic shaping policy pages take around five seconds to load when the FortiGate cannot reach the FortiGuard DNS servers.

Workaround: set the DNS server to the FortiGuard DNS server.

GUI

Bug ID

Description

440197

On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly.

677806

On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status.

685431

On the Policy & Objects > Firewall Policy page, the policy list can take around 30 seconds or more to load when there is a large number (over 20 thousand) of policies.

Workaround: use the CLI to configure policies.

707589

System > Certificates list sometimes shows an incorrect reference count for a certificate, and incorrectly allows a user to delete a referenced certificate. The deletion will fail even though a success message is shown. Users should be able to delete the certificate after all references are removed.

708005

When using the SSL VPN web portal in the Firefox, users cannot paste text into the SSH terminal emulator.

Workaround: use Chrome, Edge, or Safari as the browser.

713529

When a FortiGate is managed by FortiManager with FortiWLM configured, the HTTPS daemon may crash while processing some FortiWLM API requests. There is no apparent impact on the GUI operation.

755177

When upgrade firmware from 7.0.1 to 7.0.2, the GUI incorrectly displays a warning saying this is not a valid upgrade path.

777145

Managed FortiSwitches page incorrectly shows a warning about an unregistered FortiSwitch even though it is registered. This only impacts transferred or RMAed FortiSwitches. This is only a display issue with no impact on the FortiSwitch's operation.

Workaround: confirm the FortiSwitch registration status in the FortiCare portal.

787565

When logged in as guest management administrator, the custom image shows as empty on the user information printout.

Workaround: use the regular Guest Management page.

HA

Bug ID

Description

818432

When private data encryption is enabled, all passwords present in the configuration fail to load and may cause HA failures.

830463

After shutting down the HA primary unit and then restarting it, the uptime for both nodes is zero, and it fails back to the former primary unit.

Hyperscale

Bug ID

Description

782674

A few tasks are hung on issuing stat verbose on the secondary device.

795853

VDOM ID and IP addresses in the IPL table are incorrect after disabling EIF/EIM.

Intrusion Prevention

Bug ID

Description

780194

IPS engine 7.00105 has signal 14 (Alarm clock) crash during stress testing.

IPsec VPN

Bug ID

Description

761754

IPsec aggregate static route is not marked inactive if the IPsec aggregate is down.

773221

Traffic that goes through IPsec based on a loopback interface cannot be offloaded.

778243

When net-device is enabled on the hub, the tunnel interface IP is missing in the routing table.

810833

IPsec static router gateway IP is set to the gateway of the tunnel interface when it is not specified.

822651

NP dropping packet in the incoming direction for SoC4 models.

Log & Report

Bug ID

Description

776929

When submitting files for sandbox logging in flow mode, filetype="unknown" is displayed for PDF, DOC, JS, RTF, ZIP, and RAR files.

Proxy

Bug ID

Description

727629

An error case occurs in WAD while handling the HTTP requests for an explicit proxy policy.

766158

Video filter FortiGuard category takes precedence over allowed channel ID exception in the same category.

783112

FortiGate goes into conserve mode due to high memory usage of WAD user-info process. The WAD user-info process will query the user count information from the LDAP server every 24 hours. If any of the LDAP query messages are closed by exceptions, there is a memory leak. If obtain-user-info is enabled under config user ldap, this memory leak will be triggered on daily basis.

Workaround: create an automation stitch to restart the WAD daemon every day to avoid conserve mode.

Routing

Bug ID

Description

745856

The default SD-WAN route for the LTE wwan interface is not created.

Workaround: add a random gateway to the wwan member.

config system sdwan
    config members
        edit 2
            set interface "wwan"
            set gateway 10.198.58.58
            set priority 100
        next
    end
end

Security Fabric

Bug ID

Description

614691

Slow GUI performance in large Fabric topology with over 50 downstream devices.

779181

Security rating Optimization card shows failure for system uptime due to low uptime for FortiAP (less than 24 hours).

793234

Fabric Management page incorrectly shows some FortiAPs with an unregistered FortiCare status even though the FortiAP is already registered. This is just a display issue and does not impact FortiAP operation.

794703

Security Rating report for Rogue AP Detection and FortiCare Support checks show incorrect results.

SSL VPN

Bug ID

Description

757450

SNAT is not working in SSL VPN web mode when accessing an SFTP server.

852566

User peer feature for one group to match to multiple user peers in the authentication rules is broken.

System

Bug ID

Description

644782

A large number of detected devices causes httpsd to consume resources, and causes entry-level devices to enter conserve mode.

681322

TCP 8008 permitted by authd, even though the service in the policy does not include that port.

708228

A DNS proxy crash occurs during ssl_ctx_free.

724085

Traffic passing through an EMAC VLAN interface when the parent interface is in another VDOM is blocked if NP7 offloading is enabled.

Workaround: set the auto-asic-offload option to disable in the firewall policy.

751715

Random LTE modem disconnections due to certain carriers getting unstable due to WWAN modem USB speed under super-speed.

758490

The value of the extra-init parameter under config system lte-modem is not passed to the modem after rebooting the device.

763185

High CPU usage on platforms with low free memory upon IPS engine initialization.

764252

On FG-100F, no event is raised for PSU failure and the diagnostic command is not available.

768979

On a FortiGate with many FortiSwitches and FortiAPs, the Device Inventory widget and user-device-store list are empty.

798091

After upgrading from 6.4.9 to 7.0.5, the FG-110xE's 1000M SFP interface may fail to auto-negotiate and cannot be up due to the missed auto-negotiation.

799570

High memory usage occurs on FG-200F.

812957

When setting the speed of 1G SFP ports on FG-180xF platforms to 1000full, the interface does not come up after rebooting.

847077

Can't find xitem. Drop the response. error appears for DHCPOFFER packets in the DHCP relay debug.

User & Authentication

Bug ID

Description

754725

After updating the FSSO DC agent to version 5.0.0301, the DC agent keeps crashing on Windows 2012 R2 and 2016, which causes lsass.exe to reboot.

765184

RADIUS authentication failover between two servers for high availability does not work as expected.

778521

SCEP fails to renew if the local certificate name length is between 31 and 35 characters.

VM

Bug ID

Description

756510

FG-ARM64-AWS kernel panic occurs (Kernel panic - not syncing: Fatal exception in interrupt).

Web Filter

Bug ID

Description

766126

Block replacement page is not pushed automatically to replace the video content when using a video filter.
Previous
Next

Known issues

The following issues have been identified in version 7.0.5. To inquire about a particular bug or report a bug, please contact Customer Service & Support.

Endpoint Control

Bug ID

Description

730767

The new HA primary FortiGate cannot get EMS Cloud information when HA switches over.

Workaround: delete the EMS Cloud entry then add it back.

Firewall

Bug ID

Description

770541

Within the Policy & Objects menu, the firewall, DoS, and traffic shaping policy pages take around five seconds to load when the FortiGate cannot reach the FortiGuard DNS servers.

Workaround: set the DNS server to the FortiGuard DNS server.

GUI

Bug ID

Description

440197

On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly.

677806

On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status.

685431

On the Policy & Objects > Firewall Policy page, the policy list can take around 30 seconds or more to load when there is a large number (over 20 thousand) of policies.

Workaround: use the CLI to configure policies.

707589

System > Certificates list sometimes shows an incorrect reference count for a certificate, and incorrectly allows a user to delete a referenced certificate. The deletion will fail even though a success message is shown. Users should be able to delete the certificate after all references are removed.

708005

When using the SSL VPN web portal in the Firefox, users cannot paste text into the SSH terminal emulator.

Workaround: use Chrome, Edge, or Safari as the browser.

713529

When a FortiGate is managed by FortiManager with FortiWLM configured, the HTTPS daemon may crash while processing some FortiWLM API requests. There is no apparent impact on the GUI operation.

755177

When upgrade firmware from 7.0.1 to 7.0.2, the GUI incorrectly displays a warning saying this is not a valid upgrade path.

777145

Managed FortiSwitches page incorrectly shows a warning about an unregistered FortiSwitch even though it is registered. This only impacts transferred or RMAed FortiSwitches. This is only a display issue with no impact on the FortiSwitch's operation.

Workaround: confirm the FortiSwitch registration status in the FortiCare portal.

787565

When logged in as guest management administrator, the custom image shows as empty on the user information printout.

Workaround: use the regular Guest Management page.

HA

Bug ID

Description

818432

When private data encryption is enabled, all passwords present in the configuration fail to load and may cause HA failures.

830463

After shutting down the HA primary unit and then restarting it, the uptime for both nodes is zero, and it fails back to the former primary unit.

Hyperscale

Bug ID

Description

782674

A few tasks are hung on issuing stat verbose on the secondary device.

795853

VDOM ID and IP addresses in the IPL table are incorrect after disabling EIF/EIM.

Intrusion Prevention

Bug ID

Description

780194

IPS engine 7.00105 has signal 14 (Alarm clock) crash during stress testing.

IPsec VPN

Bug ID

Description

761754

IPsec aggregate static route is not marked inactive if the IPsec aggregate is down.

773221

Traffic that goes through IPsec based on a loopback interface cannot be offloaded.

778243

When net-device is enabled on the hub, the tunnel interface IP is missing in the routing table.

810833

IPsec static router gateway IP is set to the gateway of the tunnel interface when it is not specified.

822651

NP dropping packet in the incoming direction for SoC4 models.

Log & Report

Bug ID

Description

776929

When submitting files for sandbox logging in flow mode, filetype="unknown" is displayed for PDF, DOC, JS, RTF, ZIP, and RAR files.

Proxy

Bug ID

Description

727629

An error case occurs in WAD while handling the HTTP requests for an explicit proxy policy.

766158

Video filter FortiGuard category takes precedence over allowed channel ID exception in the same category.

783112

FortiGate goes into conserve mode due to high memory usage of WAD user-info process. The WAD user-info process will query the user count information from the LDAP server every 24 hours. If any of the LDAP query messages are closed by exceptions, there is a memory leak. If obtain-user-info is enabled under config user ldap, this memory leak will be triggered on daily basis.

Workaround: create an automation stitch to restart the WAD daemon every day to avoid conserve mode.

Routing

Bug ID

Description

745856

The default SD-WAN route for the LTE wwan interface is not created.

Workaround: add a random gateway to the wwan member.

config system sdwan
    config members
        edit 2
            set interface "wwan"
            set gateway 10.198.58.58
            set priority 100
        next
    end
end

Security Fabric

Bug ID

Description

614691

Slow GUI performance in large Fabric topology with over 50 downstream devices.

779181

Security rating Optimization card shows failure for system uptime due to low uptime for FortiAP (less than 24 hours).

793234

Fabric Management page incorrectly shows some FortiAPs with an unregistered FortiCare status even though the FortiAP is already registered. This is just a display issue and does not impact FortiAP operation.

794703

Security Rating report for Rogue AP Detection and FortiCare Support checks show incorrect results.

SSL VPN

Bug ID

Description

757450

SNAT is not working in SSL VPN web mode when accessing an SFTP server.

852566

User peer feature for one group to match to multiple user peers in the authentication rules is broken.

System

Bug ID

Description

644782

A large number of detected devices causes httpsd to consume resources, and causes entry-level devices to enter conserve mode.

681322

TCP 8008 permitted by authd, even though the service in the policy does not include that port.

708228

A DNS proxy crash occurs during ssl_ctx_free.

724085

Traffic passing through an EMAC VLAN interface when the parent interface is in another VDOM is blocked if NP7 offloading is enabled.

Workaround: set the auto-asic-offload option to disable in the firewall policy.

751715

Random LTE modem disconnections due to certain carriers getting unstable due to WWAN modem USB speed under super-speed.

758490

The value of the extra-init parameter under config system lte-modem is not passed to the modem after rebooting the device.

763185

High CPU usage on platforms with low free memory upon IPS engine initialization.

764252

On FG-100F, no event is raised for PSU failure and the diagnostic command is not available.

768979

On a FortiGate with many FortiSwitches and FortiAPs, the Device Inventory widget and user-device-store list are empty.

798091

After upgrading from 6.4.9 to 7.0.5, the FG-110xE's 1000M SFP interface may fail to auto-negotiate and cannot be up due to the missed auto-negotiation.

799570

High memory usage occurs on FG-200F.

812957

When setting the speed of 1G SFP ports on FG-180xF platforms to 1000full, the interface does not come up after rebooting.

847077

Can't find xitem. Drop the response. error appears for DHCPOFFER packets in the DHCP relay debug.

User & Authentication

Bug ID

Description

754725

After updating the FSSO DC agent to version 5.0.0301, the DC agent keeps crashing on Windows 2012 R2 and 2016, which causes lsass.exe to reboot.

765184

RADIUS authentication failover between two servers for high availability does not work as expected.

778521

SCEP fails to renew if the local certificate name length is between 31 and 35 characters.

VM

Bug ID

Description

756510

FG-ARM64-AWS kernel panic occurs (Kernel panic - not syncing: Fatal exception in interrupt).

Web Filter

Bug ID

Description

766126

Block replacement page is not pushed automatically to replace the video content when using a video filter.
Previous
Next