Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 7.0.9 FortiOS Release Notes

Resolved issues

7.0.9
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
Copy Link
Copy Doc ID 46848b7a-5616-11ed-96f0-fa163e15d75b:289806
Download PDF

Resolved issues

The following issues have been fixed in version 7.0.9. To inquire about a particular bug, please contact Customer Service & Support.

Explicit Proxy

Bug ID

Description

805703

FortiGate does not load balance requests evenly when the ldb-method is set to least-session.

Firewall

Bug ID

Description

834301

Session dropped with timeout action after policy changes.

835413

Inaccurate sFlow interface data reported to PRTG after upgrading to 7.0.

843274

Source interface filter (srcintf-filter) is not working with virtual servers.

GUI

Bug ID

Description

719476

FortiLink NAC matched device is displayed in the CLI but not in the GUI under WiFi & Switch Controller > NAC Policies > View Matched Devices.

831885

Unable to access GUI via HA management interface of secondary unit.

HA

Bug ID

Description

832634

HA failovers occur due to the kernel hanging on FG-100F.

840954

The HA pair primary keeps sending fgFmTrapIfChange and fnTrapIpChange after upgrading to 7.0.6.

843907

Session load balancing is not working in HA A-A configuration for traffic flowing via the VLAN interface when the port1 link is down on platforms with a 4.19 kernel.

IPsec VPN

Bug ID

Description

819276

After changing the password policy to enable it, all non-conforming IPsec tunnels were wiped out after rebooting/upgrading.

832920

Unable to edit the parent interface from the IPsec configuration if it was configured on an IPIP tunnel.

840153

Unexpected dynamic selectors block traffic when set mesh-selector-type subnet is configured.

840940

Unable to reestablish a new IPsec L2TP connection for 10 minutes after the previous one disconnected. The issue conditions are local in traffic and a policy-based IPsec tunnel.

842528

Improper IKEv1 quick mode fragmentation from third-party client can cause an IKE crash.

Proxy

Bug ID

Description

827807

WAD crash at signal 11 is observed after configuring 250 CGN VDOMs (full offload is enabled in the VDOMs).

837095

WAD daemon runs high with many child processes and is not coming down after configuring 250 CGN VDOMs.

Routing

Bug ID

Description

817670

IPv6 route redistribution metric value is not taking effect.

833800

The speed-test-server list cannot be loaded due to limited buffer size.

836077

IPv6 SD-WAN health check is not working after a disconnection.

840691

FortiGate as an NTP server is not using SD-WAN rules.

Security Fabric

Bug ID

Description

837347

Upgrading from 6.4.8 to 7.0.5 causes SDN firewall address configurations to be lost.

843043

Only the first ACI SDN connector can be kept after upgrading from 6.4.8 if multiple ACI SDN connectors are configured.

SSL VPN

Bug ID

Description

705880

Updated empty group with SAML user does not trigger an SSL VPN firewall policy refresh, which causes the SAML user detection to not be successful in later usage.

808569

sslvpnd crashes when no certificate is specified.

808634

SSL VPN daemon sometimes could not be recovered, even when setting the server certificate back from empty to a specific certificate.

820536

SSL VPN web mode bookmark incorrectly applies a URL redirect.

822432

SSL VPN crashes after copying a string to the remote server using the clipboard in RDP web mode when using RDP security.

848437

The sslvpn process crashes if a POST request with a body greater than 2 GB is received.

856316

Browser displays an Error, Feature is not available message if a file larger than 1 MB is uploaded from FTP or SMB using a web bookmark, even though the file is uploaded successfully. There are no issues with downloading files.

System

Bug ID

Description

798992

Get newcli crash when running the diagnose hardware test memory command.

827736

As the size of the internet service database expands, ffdb_err_msg_print: ret=-4, Error: kernel error is observed frequently on 32-bit CPU platforms, such as the FG-100E.

831486

HQIP memory test failed and triggered a log out with a newcli process crash.

844316

IPS and application control is causing the FortiGate (VWP) to change either the source MAC address or the destination MAC address based on the flow.

844908

Outbandwidth does not control traffic properly on platforms with a 4.19 kernel when VDOM links are used.

844937

FG-3700D unexpectedly reboots after the COMLog reported a kernel panic due to an IPv6 failure to set up the master session for the expectation session under some conditions.

850430

DHCP relay does not work properly with two DHCP relay servers configured.

855151

There may be a race condition between the CMDB initializing and the customer language file loading, which causes the customer language file to be removed after upgrading.

VM

Bug ID

Description

848279

SFTP backup not working with Azure storage account.

Web Application Firewall

Bug ID

Description

838913

The WAF is indicating malformed request false positives caused by incorrect setups of four known headers: Access-Control-Max-Age, Access-Control-Allow-Headers, Access-Control-Allow-Methods, and Origin.

Web Filter

Bug ID

Description

742483

System events logs randomly contain a msg=UrlBwl-black gzopen fail message.

847676

Unrated is displayed, even if the system language is set to Japanese when the policy inspection mode is set to flow.

WiFi Controller

Bug ID

Description

844172

The cw_acd process is deleting dynamic IPsec tunnels on the secondary device, which causes the FortiAPs to disconnect on the primary device.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

843324

FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-42472

847483

FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-41327

850842

FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-41335

853448

FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-42475

854227

FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-42476
Previous
Next

Resolved issues

The following issues have been fixed in version 7.0.9. To inquire about a particular bug, please contact Customer Service & Support.

Explicit Proxy

Bug ID

Description

805703

FortiGate does not load balance requests evenly when the ldb-method is set to least-session.

Firewall

Bug ID

Description

834301

Session dropped with timeout action after policy changes.

835413

Inaccurate sFlow interface data reported to PRTG after upgrading to 7.0.

843274

Source interface filter (srcintf-filter) is not working with virtual servers.

GUI

Bug ID

Description

719476

FortiLink NAC matched device is displayed in the CLI but not in the GUI under WiFi & Switch Controller > NAC Policies > View Matched Devices.

831885

Unable to access GUI via HA management interface of secondary unit.

HA

Bug ID

Description

832634

HA failovers occur due to the kernel hanging on FG-100F.

840954

The HA pair primary keeps sending fgFmTrapIfChange and fnTrapIpChange after upgrading to 7.0.6.

843907

Session load balancing is not working in HA A-A configuration for traffic flowing via the VLAN interface when the port1 link is down on platforms with a 4.19 kernel.

IPsec VPN

Bug ID

Description

819276

After changing the password policy to enable it, all non-conforming IPsec tunnels were wiped out after rebooting/upgrading.

832920

Unable to edit the parent interface from the IPsec configuration if it was configured on an IPIP tunnel.

840153

Unexpected dynamic selectors block traffic when set mesh-selector-type subnet is configured.

840940

Unable to reestablish a new IPsec L2TP connection for 10 minutes after the previous one disconnected. The issue conditions are local in traffic and a policy-based IPsec tunnel.

842528

Improper IKEv1 quick mode fragmentation from third-party client can cause an IKE crash.

Proxy

Bug ID

Description

827807

WAD crash at signal 11 is observed after configuring 250 CGN VDOMs (full offload is enabled in the VDOMs).

837095

WAD daemon runs high with many child processes and is not coming down after configuring 250 CGN VDOMs.

Routing

Bug ID

Description

817670

IPv6 route redistribution metric value is not taking effect.

833800

The speed-test-server list cannot be loaded due to limited buffer size.

836077

IPv6 SD-WAN health check is not working after a disconnection.

840691

FortiGate as an NTP server is not using SD-WAN rules.

Security Fabric

Bug ID

Description

837347

Upgrading from 6.4.8 to 7.0.5 causes SDN firewall address configurations to be lost.

843043

Only the first ACI SDN connector can be kept after upgrading from 6.4.8 if multiple ACI SDN connectors are configured.

SSL VPN

Bug ID

Description

705880

Updated empty group with SAML user does not trigger an SSL VPN firewall policy refresh, which causes the SAML user detection to not be successful in later usage.

808569

sslvpnd crashes when no certificate is specified.

808634

SSL VPN daemon sometimes could not be recovered, even when setting the server certificate back from empty to a specific certificate.

820536

SSL VPN web mode bookmark incorrectly applies a URL redirect.

822432

SSL VPN crashes after copying a string to the remote server using the clipboard in RDP web mode when using RDP security.

848437

The sslvpn process crashes if a POST request with a body greater than 2 GB is received.

856316

Browser displays an Error, Feature is not available message if a file larger than 1 MB is uploaded from FTP or SMB using a web bookmark, even though the file is uploaded successfully. There are no issues with downloading files.

System

Bug ID

Description

798992

Get newcli crash when running the diagnose hardware test memory command.

827736

As the size of the internet service database expands, ffdb_err_msg_print: ret=-4, Error: kernel error is observed frequently on 32-bit CPU platforms, such as the FG-100E.

831486

HQIP memory test failed and triggered a log out with a newcli process crash.

844316

IPS and application control is causing the FortiGate (VWP) to change either the source MAC address or the destination MAC address based on the flow.

844908

Outbandwidth does not control traffic properly on platforms with a 4.19 kernel when VDOM links are used.

844937

FG-3700D unexpectedly reboots after the COMLog reported a kernel panic due to an IPv6 failure to set up the master session for the expectation session under some conditions.

850430

DHCP relay does not work properly with two DHCP relay servers configured.

855151

There may be a race condition between the CMDB initializing and the customer language file loading, which causes the customer language file to be removed after upgrading.

VM

Bug ID

Description

848279

SFTP backup not working with Azure storage account.

Web Application Firewall

Bug ID

Description

838913

The WAF is indicating malformed request false positives caused by incorrect setups of four known headers: Access-Control-Max-Age, Access-Control-Allow-Headers, Access-Control-Allow-Methods, and Origin.

Web Filter

Bug ID

Description

742483

System events logs randomly contain a msg=UrlBwl-black gzopen fail message.

847676

Unrated is displayed, even if the system language is set to Japanese when the policy inspection mode is set to flow.

WiFi Controller

Bug ID

Description

844172

The cw_acd process is deleting dynamic IPsec tunnels on the secondary device, which causes the FortiAPs to disconnect on the primary device.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

843324

FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-42472

847483

FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-41327

850842

FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-41335

853448

FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-42475

854227

FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-42476
Previous
Next