FortiGate should fix the interface between FortiGate and FortiAnalyzer for the CDR file.

If FortiGate Cloud is selected as sandbox server under Security Fabric > Fabric Connectors, an anti virus profile with settings to Send files to FortiSandbox for inspection does not get saved in the GUI.

Workaround: configure the anti virus profile using the CLI.

Able to bypass FortiOS AV inspection on email traffic when manipulating a MIME attachment with junk and pad characters in Base64.

WAD is NATting to the wrong IP pool address for the interface.

Microsoft website (microsoft.com) cannot be mapped to the Microsoft-Web ISDB name for proxy policy.

Traffic can pass through EMAC VLAN interface but can not be offloaded.

Dashboard > FortiView Traffic Shaping page sometimes displays an undefined traffic shaper. This is cosmetic and does not impact functionality.

On the Edit Virtual Server dialog under Policy & Objects > Virtual Servers, a Duplicate entry found error is displayed for the Virtual server IP and Virtual server port fields when there are no duplicate entries.

Workaround edit the virtual server entries in the CLI.

Cannot set src-vendor-mac in policy. The src-vendor-mac policy setting is not lost after upgrading from 7.0.5 and is still in the iprope.

Packet drops noticed in the network when FortiGate is running 7.2.0 GA.

On the Traffic Shaping > Traffic Shapers tab, the Bandwidth Utilization column indicates zero traffic when there is traffic present.

Workaround: view the traffic on the shaper in the CLI.

The tooltip for the Bandwidth column always displays the receiving bandwidth as zero on the Dashboard > FortiView Traffic Shaping page.

On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status.

When there are a lot of historical logs from FortiAnalyzer, the FortiGate GUI Forward Traffic log page can take time to load if there is no specific filter for the time range.

Workaround: provide a specific time range filter, or use the FortiAnalyzer GUI to view the logs.

Bandwidth widget shows incorrect traffic on FG-40F.

Dashboard and Managed FortiAPs pages can take a long time to load when there are over 1000 FortiAPs configured.

Policy & Objects > DNAT & Virtual IPs page can take more than 30 seconds to load if there are more than 25 thousand virtual IPs.

HTTPSD daemon crashes frequently with signal 6 (aborted) at api_v2_page_result.

FortiGate failed to view matched endpoints after viewing it successfully several times.

System -> Certificates page keeps spinning when trying to access it from Safari.

Modem 1 Health is incorrectly displayed as Disconnected in the Diagnostics and Tools pane of the FortiExtenders page.

Search bar on Addresses page does not complete loading and return a result when format is <IP>-<number>.

Need a way for FortiManager to retrieve an HA-specific configuration of a secondary device through the primary device.

Multicast convergence on HA failover.

Interface link status of HA members go down when cfg-revert tries to reboot post cfg-revert-timeout.

FortiGate does not respond to ARP request for management-ip on interface if the interface IP is changed.

After HA-AP failover, the FortiExtender WAN interface of the new primary cannot get the LTE IP address from FortiExtender.

Traffic going through IPsec based on a loopback interface cannot be offload.

IKE is consuming excessive memory.

FortiGate sends duplicate SNMP traps if the tunnel is brought down on the local side.

Support IPsec FGSP per tunnel failover.

Tooltip in Dashboard > Network IPsec widget only displays one address for the local and remote addresses of the phase 2 selector.

GUI does not allow IP overlap for a tunnel interface when allow-subnet-overlap is enabled (CLI allows it).

On the Log & Report > Forward Traffic page, filters applied to an interface name with a comma (,) do not show the correct filtered results for that interface.

The secondary FortiGate did not send the logs to the syslog server (sendmmsg failed to send data).

Date/Time filter changes after setting the time.

Video filter FortiGuard category takes precedence over allowed channel ID exception in the same category.

An expired certificate can be chosen when creating an SSL/SSH profile for deep inspection.

Static route will still in routing table after HA failover, and the BFD is down on the new primary.

After configuring static routes on IPsec tunnels using the Network > Static Routes page, a warning icon appears. This is cosmetic and does not affect functionality.

On the Network > SD-WAN page, adding a named static route to an SD-WAN zone creates a default blackhole route.

GUI pages related to SD-WAN rules and performance SLA take 15 to 20 seconds to load.

Slow GUI performance in large Fabric topology with over 50 downstream devices.

Entry-level FortiGate with Security Fabric enabled for 30 or more downstream FortiGates can go into conserve mode when loading the physical or logical topology pages, or running security rating reports.

Workaround: configure fewer downstream FortiGates in a Security Fabric configuration.

Add distributed security rating and topology reports.

On the Fabric Management page, some managed FortiSwitches are not shown.

GCP bearer token is too long for the header in a google-cloud-function automation action.

Automation stitch for a scheduled backup is not working.

SSL VPN with external DHCP servers is not working.

Link in SSL VPN portal to FortiClient iOS redirects to legacy FortiClient 6.0 rather than the latest 6.2.

If dual-stack is enabled, the user connects to the tunnel with IPv6 and the tunnel is established successfully. When the user tries to access the IPv4 server to upload or download files, the network speed is very slow.

After upgrading from 6.4.7 to 7.0.1, the Num Lock key is turned off on the SSL VPN webpage.

FortiClient Windows cannot be launched with SSL VPN web portal.

FortiGuard should only provide an installer for FortiClient VPN, instead of the full FortiClient version.

SSL VPN has memory leaks and crashes.

When sslvpnd debugs are enabled, the SSL VPN process crashes more often.

The auto-generated URL on the VPN > SSL-VPN Settings page shows the management IP of the FortiGate instead of the SSL VPN interface port IP as defined on the VPN > SSL-VPN Realms page when a realm is created.

SSL VPN should not leak information while performing Telnet.

FortiLink topology only displays partially.

FortiGates quarantines are stuck at 256.

FortiSwitch online/offline status is not consistent between the CLI and SNMP.

The Enable STP security control description should be reworded to mention that Edge ports should have STP enabled once the network topology is stable.

Switch controller preconfiguration of FortiSwitch 108F-POE is incorrect.

Remote administrator password renewal shows remote token instead of new password (CLI and GUI).

Incorrect bandwidth utilization traffic widget for VLAN interface based on LACP interface.

When VDOMs are enabled, changing system settings causes the GUI to display a failure to save message.

The value of the extra-init parameter under config system lte-modem is not passed to the modem after rebooting the device.

FortiGate central management is configured on the backup mode ADOM, and any changes done on the FortiGate are not recorded in the FortiManager.

Cached topology reports causes the FortiGate to run out of flash storage on low-end models.

Sudo command is not working inconsistently.

FFDB cannot be updated with exec update-now or execute internet-service refresh after upgrading the firmware in a large configuration.

Any configuration changes on FG-2601F causes cmbdr crash with signal 6 and traffic to stop flowing.

Interface migration wizard fails to migrate interfaces when VLANs have dependencies within dependencies.

FG-1800F existing hardware switch configuration fails after upgrading.

PPPoE virtual tunnel drops traffic after logon credentials are changed.

Message regarding VDOM names longer than 11 characters is shown when set long-vdom-name is enabled.

SSH public key changes after every reboot.

SCEP fails to renew if the local certificate name length is between 31 and 35 characters.

When logged in with an administrator profile using a wildcard RADIUS user, creating a new dashboard widgets fails.

Additional information from user ID login should be displayed.

Data partition is almost full on FG-VM64 platforms.

IBM HA is unable to fail over route properly when route table has a delegate VPC route.

WAD re-challenges user authentication upon HA failover.

Found wad crash at wad_sched.c upon device tag matching.