Resolved issues
The following issues have been fixed in version 7.2.12. To inquire about a particular bug, please contact Customer Service & Support.
Firewall
|
Bug ID |
Description |
|---|---|
|
1117165 |
Because of an internal coding change, leaving the To configure GTP APN traffic shaping: config gtp apn-shaper
edit <policy-id>
set apn [<apn-name> <apngrp-name> ...]
set rate-limit <limit>
set action {drop | reject}
set back-off-time <time>
next
end
|
FortiGate 6000 and 7000 platforms
|
Bug ID |
Description |
|---|---|
|
998615 |
When doing a GUI-packet capture on FortiGate, the through-traffic packets are not captured. |
|
1108181 |
Unexpected behavior observed in the confsyncd daemon due to an erroneous memory allocation. |
|
1129283 |
Bandwidth Widget showing cumulative Tx and Rx rather than current throughput. |
FortiSASE
|
Bug ID |
Description |
|---|---|
|
1140953 |
Unable to download large files using HTTPS traffic over internet via SASE. |
GUI
|
Bug ID |
Description |
|---|---|
|
1145475 |
Multicast traffic dropped when add/remove interface bandwidth widget on dashboard. |
|
1186997 |
Incorrect bandwidth values occur when viewing bandwidth widgets in the GUI after upgrading to 7.2.11. |
HA
|
Bug ID |
Description |
|---|---|
|
1117725 |
HA synchronization fails due to checksum mismatches on CA certificates across all VDOMs when adding or modifying certificates sourced from a bundle. |
|
1121117 |
When two HA clusters are on the same subnet, the L2 session-sync packets could be received by each other even if they are two different HA clusters. |
|
1137565 |
vSN support added in 7.2.9, 7.4.6, and 7.6.1. FG-100F/101F do not yet support vSN and logical-sn. |
|
1138763 |
IKE hasync loop and high memory consumption when peer address/port changes. |
|
1163147 |
Token license activation fails when using a virtual serial number (vSN) on a new HA FortiGate. |
Hyperscale
|
Bug ID |
Description |
|---|---|
|
1153963 |
System error when an IPv6 FTP client uses passive mode in NAT64 and the IPv4 FTP server responds with a non-standard response to the PASV command. |
Intrusion Prevention
|
Bug ID |
Description |
|---|---|
|
1158024 |
Packet drops and lower CPU utilization on FPC blades when using IPv6 traffic with np-accel-mode enabled and auto-asic-offload. |
IPsec VPN
|
Bug ID |
Description |
|---|---|
|
958103 |
BGP neighbor establishment issues occur over IPsec tunnels when DPDK is enabled in Azure environments. |
|
1012615 |
After upgrade to 7.4.3 IPsec VPN is dropping traffic |
|
1016927 |
New kernel platform fails to process UDP-encapsulated ESP packets when customer ike-port is used. |
|
1059778 |
IPsec does not work as expected when the traffic path is from spoke dial-up to hub1, and then from hub1 to another site via a site-to-site tunnel. |
|
1061176 |
CPU usage issues observed during IPsec tunnel establishment with large number of tunnels. |
|
1110093 |
IPSec SA offloading stops on some FortiGate models when handling more than 50,000 concurrent secure associations. |
|
1113354 |
Group list got truncated because of fixed size buffers |
|
1118547 |
L2TP over IPSec cannot be established when offloading is enabled on FortiGate-90G . |
|
1127782 |
Traffic is dropped by anti-spoof check when passing traffic through phase2 transport mode with GRE encap. |
|
1136536 |
VPN authentication fails on FortiSASE when a large number of RADIUS groups are configured. |
Proxy
|
Bug ID |
Description |
|---|---|
|
877333 |
WAD crash with a signal 11 error due to a memory corruption issue when handling VIP cases. |
|
1113201 |
SSL protocol error occurs when FortiOS incorrectly handles TLS 1.3 session IDs during flow-based deep inspection of client-to-proxy and proxy-to-Internet traffic. |
|
1135475 |
WAD crashes with signal 11 by accessing a null pointer if the client session is close before server connection is done in vs server pool mode. |
Routing
|
Bug ID |
Description |
|---|---|
|
912070 |
The client learned the physical MAC address of the FortiGate secondary instead of the VR MAC when requesting the VIP, despite the primary FortiGate sending the initial ARP response. |
|
1002132 |
A BGP neighbor over GRE tunnel does not get established after upgrading due to anti-spoofing not functioning as expected. |
SSL VPN
|
Bug ID |
Description |
|---|---|
|
1001272 |
The SAML DB Insert does not function as expected and causes a CPU usage issue. |
|
1026775 |
Remove SSL-VPN from FG9xG. |
|
1122349 |
SSL-VPN crashes and disconnects client connections due to a DHCP state machine issue, causing high CPU usage and watchdog timeouts. |
System
|
Bug ID |
Description |
|---|---|
|
928743 |
Management interface shows up when set status is down. |
|
986926 |
FGT-90xG ULL interface x5, x6, x7, x8 are all down after set to 25G speed. |
|
1005020 |
Firmware upgrade timeout occurs when upgrading LTE modem from FortiGuard. |
|
1048496 |
On FortiGate, the snmp daemon does not work as expected resulting in the SNMP queries timing out. |
|
1061593 |
Firmware upgrade failure occurs when LTE modem is in download mode. |
|
1087270 |
Unexpected traffic increase over the FortiGate 6000 base backplane. |
|
1117005 |
CPU spikes and management access issues occur on certain FortiGate models post-upgrade when IPsec Phase 1 NPU-offload is enabled during maintenance. |
|
1127534 |
Update built-in CRDB bundle to version 1.56. |
|
1164092 |
On NP7 platforms, a change in the destination MAC address or fib change may cause traffic to stop on certain interfaces. |
VM
|
Bug ID |
Description |
|---|---|
|
956592 |
Memory usage issues caused by OVERRUN found in DPDKHelper. |
|
1019467 |
When the underlying interface is removed, the ipsec tunnel interface will still hold a dst reference. |
|
1092977 |
PPPoE interfaces on VM not getting IP address after firmware upgrade. |
|
1157674 |
Incorrect system time occurs when FortiGate-VM64-GCP boots up on GCP. |
|
1161380 |
License becomes invalid when system time is incorrect on FortiGate-VM64-GCP devices. |
WAN Optimization
|
Bug ID |
Description |
|---|---|
|
642875 |
Memory usage issues caused by an error condition in WanOpt. |
Web Filter
|
Bug ID |
Description |
|---|---|
|
1118132, 1122036, 1127984 |
Webfilter local category override not working after reboot in flow mode. |
|
1131440 |
Webfilter user category override not working after reboot in flow mode. |
|
1138711 |
Webfilter user category (local and external) override databases are not recreated after Fortigate reboot after reboot or IPS engine restart. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
|
Bug ID |
CVE references |
|---|---|
|
958468 |
FortiOS 7.2.12 is no longer vulnerable to the following CVE Reference:
|
|
1063464 |
FortiOS 7.2.12 is no longer vulnerable to the following CVE Reference:
|
|
1081022 |
FortiOS 7.2.12 is no longer vulnerable to the following CVE Reference:
|
|
1126271 |
FortiOS 7.2.12 is no longer vulnerable to the following CVE Reference:
|
|
1173156 |
FortiOS 7.2.12 is no longer vulnerable to the following CVE:
|
|
1177284 |
FortiOS7.2.12 is no longer vulnerable to the following CVE Reference:
|
|
1184468 |
FortiOS 7.2.12 is no longer vulnerable to the following CVE Reference:
|