FG-3000D cluster kernel panic occurs when upgrading from 7.0.5 to 7.0.6 and later.

Increased CPU usage in softirq after upgrading from 7.0.5 to 7.0.6.

On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly.

On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status.

On the Policy & Objects > Firewall Policy page, the policy list can take around 30 seconds or more to load when there is a large number (over 20 thousand) of policies.

Workaround: use the CLI to configure policies.

System > Certificates list sometimes shows an incorrect reference count for a certificate, and incorrectly allows a user to delete a referenced certificate. The deletion will fail even though a success message is shown. Users should be able to delete the certificate after all references are removed.

When using the SSL VPN web portal in the Firefox, users cannot paste text into the SSH terminal emulator.

Workaround: use Chrome, Edge, or Safari as the browser.

When upgrade firmware from 7.0.1 to 7.0.2, the GUI incorrectly displays a warning saying this is not a valid upgrade path.

An undefined error is displayed when changing an administrator password for the first time. Affected models: NP7 platforms.

FGSP local sessions exist after rebooting an HA pair with A-P mode, and the HW SSE/session count is incorrect.

VDOM ID and IP addresses in the IPL table are incorrect after disabling EIF/EIM.

After packets go through host interface TX/RX queues, some packet buffers can still hold references to a VDOM when the host queues are idle. This causes a VDOM delete error with unregister_vf. If more packets go through the same host queues for other VDOMs, the issue should resolve by itself because those buffers holding the VDOM reference can be pushed and get freed and recycled.

FortiGate 4200F, 4201F, 4400F, and 4401F HA1, HA2, AUX1, and AUX2 interfaces cannot be added to an LAG.

Sessions being processed by hyperscale firewall policies with hardware logging may be dropped when dynamically changing the log-processor setting from hardware to host for the hardware log sever added to the hyperscale firewall policy. To avoid dropping sessions, change the log-processor setting during quiet periods.

Hit count not ticking for implicit deny policy for hardware session in case of NAT46 and NAT64 traffic.

service-negate does not work as expected in a hyperscale deny policy.

srcaddr-negate and dstaddr-negate are not working properly for IPv6 traffic with FTS.

Output of diagnose sys npu-session list/list-full does not mention policy route information.

Diagnose command should be available to show hit_count/last_used for policy route and NPU session on hyperscale VDOM.

Get PARSE SKIP ERROR=17 NPD ERR PBR ADDRESS console error log when system boots up.

The diagnose firewall ippool list command does not show the correct output for overload type IP pools.

IPsec aggregate static route is not marked inactive if the IPsec aggregate is down.

IPsec static router gateway IP is set to the gateway of the tunnel interface when it is not specified.

Slow GUI performance in large Fabric topology with over 50 downstream devices.

Security Rating report for Rogue AP Detection and FortiCare Support checks show incorrect results.

Multiple DNS suffixes cannot be set for the SSL VPN portal.

Traffic passing through an EMAC VLAN interface when the parent interface is in another VDOM is blocked if NP7 offloading is enabled.

Workaround: set the auto-asic-offload option to disable in the firewall policy.

High memory usage occurs on FG-200F.

When setting the speed of 1G SFP ports on FG-180xF platforms to 1000full, the interface does not come up after rebooting.

Can't find xitem. Drop the response. error appears for DHCPOFFER packets in the DHCP relay debug.

NP7 platforms may encounter random kernel crash after reboot or factory reset.

Console may display mce: [Hardware Error] error message after fresh image burn or reboot.

Console keeps displaying bcm_nl.nr_request_drop ... after the FortiGate reboots because of the cfg-save revert setting under config system global. Affected platforms: FG-10xF and FG-20xF.

FG-20xF system halts if setting cfg-save to revert under config system global and after the cfg-revert-timeout occurs.

False alarm of the PSU2 occurs with only one installed.

The FortiGate is only offering the ssh-ed25519 algorithm for an SSH connection.

Workaround: factory reset the FortiGate, then restore the same configuration without making any changes to the configuration.

Optimize memory usage caused by the high volume of disk traffic logs.

Kernel panic occurs due to null pointer dereference.

The endpoint-control fctems entry 0 is added after upgrading from 6.4 to 7.0.8 when the FortiGate does not have EMS server, which means the endpoint-control fctems feature was not enabled previously. This leads to a FortiManager installation failure.

Workaround: upgrade from FortiOS 6.4.x to 7.0.7 and then 7.0.8. If you have already upgraded to FortiOS 7.0.8, reboot the FortiGate to automatically set endpoint-control fctems to 1. If autoupdate is disabled on FortiManager, use Retrieve Config to synchronize the fix to FortiManager.