Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 7.2.3 FortiOS Release Notes

Known issues

7.2.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
Copy Link
Copy Doc ID 5631fad7-53f0-11ed-9d74-fa163e15d75b:236526
Download PDF

Known issues

The following issues have been identified in version 7.2.3. To inquire about a particular bug or report a bug, please contact Customer Service & Support.

Anti Spam

Bug ID

Description
877613

Mark as Reject can be still chosen as an Action in an Anti-Spam Block/Allow List in the GUI.

Anti Virus

Bug ID

Description
869398

FortiGate sends too many unnecessary requests to FortiSandbox and causes high resource usage.

Firewall

Bug ID

Description

808264

Stress test shows packet loss when testing with flow inspection mode and application control.

864612

When the service protocol is an IP with no specific port, it is skipped to be cached and causes a protocol/port service name in the log.

895946

Access to some websites fails after upgrading to FortiOS 7.2.3 when the firewall policy is in flow-based inspection mode.

Workaround: access is possible with one of the following settings.

  • Change the firewall policy inspection mode to proxy-based.

  • Remove the IPS security profile from the firewall policy.

  • Set tcp-mss-sender and tcp-mss-receiver in the firewall policy to 1300.

  • Set tcp-mss to 1300 on the VPN tunnel interface.

  • Bypass the inter-VDOM link (may work in applicable scenarios, such as if the VDOM default route points to physical interface instead of an inter-VDOM).

GUI

Bug ID

Description

677806

On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status.

719476

FortiLink NAC matched device is displayed in the CLI but not in the GUI under WiFi & Switch Controller > NAC Policies > View Matched Devices.

729406

New IPsec design tunnel-id still displays the gateway as an IP address, when it should be a tunnel ID.

825598

The FortiGate may display a false alarm message TypeError [ERR_INVALID_URL]: Invalid URL in the crashlog for the node process. This error does not affect the operation of the GUI.

833306

Intermittent error, Failed to retrieve FortiView data, appears on real-time FortiView Sources and FortiView Destination monitor pages.

842079

On the System > HA page, a Failed to retrieve info caution message appears when hovering over the secondary unit's Hostname. The same issue is observed on the Dashboard > Status > Security Fabric widget.

853352

On the View/Edit Entries slide-out pane (Policy & Objects > Internet Service Database dialog), users cannot scroll down to the end if there are over 100000 entries.

854180

On the policy list page, all policy organization with sequence and label grouping is lost.

HA

Bug ID

Description

818432

When private data encryption is enabled, all passwords present in the configuration fail to load and may cause HA failures.

Hyperscale

Bug ID

Description

824071

ECMP does not load balance IPv6 traffic between two routes in a multi-VDOM setup.

824733

IPv6 traffic continues to pass through a multi-VDOM setup, even when the static route is deleted.

843197

Output of diagnose sys npu-session list/list-full does not mention policy route information.

IPsec VPN

Bug ID

Description

763205

IKE crashes after HA failover when the enforce-unique-id option is enabled.

Proxy

Bug ID

Description

799237

WAD crash occurs when TLS/SSL renegotiation encounters an error.

Routing

Bug ID

Description

833399

Static routes are incorrectly added to the routing table, even if the IPsec tunnel type is static.

Security Fabric

Bug ID

Description

809106

Security Fabric widget and Fabric Connectors page do not identify FortiGates properly in HA.

825291

Security rating test for FortiAnalyzer fails when connected to FortiAnalyzer Cloud.

SSL VPN

Bug ID

Description

777790

Unable to select vip64 in nat64 firewall policy in the CLI if the srcintf is an SSL VPN interface.

795381

FortiClient Windows cannot be launched with SSL VPN web portal.

819754

Multiple DNS suffixes cannot be set for the SSL VPN portal.

System

Bug ID

Description

798303

The threshold for conserve mode is lowered.

832429

Random kernel panic may occur due to an incorrect address calculation for the internet service entry's IP range.

837730

Trusted hosts are not working correctly in FortiOS 7.2.1.

847077

Can't find xitem. Drop the response. error appears for DHCPOFFER packets in the DHCP relay debug.

861962

When configuring an 802.3ad aggregate interface with a 1 Gbps speed, the port's LED is off and traffic cannot pass through. Affected platforms: 110xE, 220xE, 330xE, 340xE, and 360xE.

User & Authentication

Bug ID

Description

823884

When a search is performed on a user (User & Authentication > User Definition page), the search results highlight all the groups the user belongs to.

825505

After a few days, some devices are not displayed in the Users & Devices > Device Inventory widget and WiFi & Switch Controller > FortiSwitch Ports page's Device Information column due to a mismatch in the device count between the following commands.

  • diagnose user device list
  • diagnose user device stats
  • diagnose user-device-store device memory list

Workaround: restart the WAD process or reboot the FortiGate to recover the device count for the user device store list.

Web Filter

Bug ID

Description

766126

Block replacement page is not pushed automatically to replace the video content when using a video filter.

WiFi Controller

Bug ID

Description

869978

CAPWAP tunnel traffic over tunnel SSID is dropped when offloading is enabled.

873273

The Automatically connect to nearest saved network option does not work as expected when FWF-60E client-mode local radio loses connection.

ZTNA

Bug ID

Description

832508

The EMS tag name (defined in the EMS server's Zero Trust Tagging Rules) format changed in 7.2.1 from FCTEMS<serial_number>_<tag_name> to EMS<id>_ZTNA_<tag_name>.

After upgrading from 7.2.0 to 7.2.1, the EMS tag format was converted properly in the CLI configuration, but the WAD daemon is unable to recognize this new format, so the ZTNA traffic will not match any ZTNA policies with EMS tag name checking enabled.

Workaround: unset the ztna-ems-tag in the ZTNA firewall proxy policy, and then set it again.
Previous
Next

Known issues

The following issues have been identified in version 7.2.3. To inquire about a particular bug or report a bug, please contact Customer Service & Support.

Anti Spam

Bug ID

Description
877613

Mark as Reject can be still chosen as an Action in an Anti-Spam Block/Allow List in the GUI.

Anti Virus

Bug ID

Description
869398

FortiGate sends too many unnecessary requests to FortiSandbox and causes high resource usage.

Firewall

Bug ID

Description

808264

Stress test shows packet loss when testing with flow inspection mode and application control.

864612

When the service protocol is an IP with no specific port, it is skipped to be cached and causes a protocol/port service name in the log.

895946

Access to some websites fails after upgrading to FortiOS 7.2.3 when the firewall policy is in flow-based inspection mode.

Workaround: access is possible with one of the following settings.

  • Change the firewall policy inspection mode to proxy-based.

  • Remove the IPS security profile from the firewall policy.

  • Set tcp-mss-sender and tcp-mss-receiver in the firewall policy to 1300.

  • Set tcp-mss to 1300 on the VPN tunnel interface.

  • Bypass the inter-VDOM link (may work in applicable scenarios, such as if the VDOM default route points to physical interface instead of an inter-VDOM).

GUI

Bug ID

Description

677806

On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status.

719476

FortiLink NAC matched device is displayed in the CLI but not in the GUI under WiFi & Switch Controller > NAC Policies > View Matched Devices.

729406

New IPsec design tunnel-id still displays the gateway as an IP address, when it should be a tunnel ID.

825598

The FortiGate may display a false alarm message TypeError [ERR_INVALID_URL]: Invalid URL in the crashlog for the node process. This error does not affect the operation of the GUI.

833306

Intermittent error, Failed to retrieve FortiView data, appears on real-time FortiView Sources and FortiView Destination monitor pages.

842079

On the System > HA page, a Failed to retrieve info caution message appears when hovering over the secondary unit's Hostname. The same issue is observed on the Dashboard > Status > Security Fabric widget.

853352

On the View/Edit Entries slide-out pane (Policy & Objects > Internet Service Database dialog), users cannot scroll down to the end if there are over 100000 entries.

854180

On the policy list page, all policy organization with sequence and label grouping is lost.

HA

Bug ID

Description

818432

When private data encryption is enabled, all passwords present in the configuration fail to load and may cause HA failures.

Hyperscale

Bug ID

Description

824071

ECMP does not load balance IPv6 traffic between two routes in a multi-VDOM setup.

824733

IPv6 traffic continues to pass through a multi-VDOM setup, even when the static route is deleted.

843197

Output of diagnose sys npu-session list/list-full does not mention policy route information.

IPsec VPN

Bug ID

Description

763205

IKE crashes after HA failover when the enforce-unique-id option is enabled.

Proxy

Bug ID

Description

799237

WAD crash occurs when TLS/SSL renegotiation encounters an error.

Routing

Bug ID

Description

833399

Static routes are incorrectly added to the routing table, even if the IPsec tunnel type is static.

Security Fabric

Bug ID

Description

809106

Security Fabric widget and Fabric Connectors page do not identify FortiGates properly in HA.

825291

Security rating test for FortiAnalyzer fails when connected to FortiAnalyzer Cloud.

SSL VPN

Bug ID

Description

777790

Unable to select vip64 in nat64 firewall policy in the CLI if the srcintf is an SSL VPN interface.

795381

FortiClient Windows cannot be launched with SSL VPN web portal.

819754

Multiple DNS suffixes cannot be set for the SSL VPN portal.

System

Bug ID

Description

798303

The threshold for conserve mode is lowered.

832429

Random kernel panic may occur due to an incorrect address calculation for the internet service entry's IP range.

837730

Trusted hosts are not working correctly in FortiOS 7.2.1.

847077

Can't find xitem. Drop the response. error appears for DHCPOFFER packets in the DHCP relay debug.

861962

When configuring an 802.3ad aggregate interface with a 1 Gbps speed, the port's LED is off and traffic cannot pass through. Affected platforms: 110xE, 220xE, 330xE, 340xE, and 360xE.

User & Authentication

Bug ID

Description

823884

When a search is performed on a user (User & Authentication > User Definition page), the search results highlight all the groups the user belongs to.

825505

After a few days, some devices are not displayed in the Users & Devices > Device Inventory widget and WiFi & Switch Controller > FortiSwitch Ports page's Device Information column due to a mismatch in the device count between the following commands.

  • diagnose user device list
  • diagnose user device stats
  • diagnose user-device-store device memory list

Workaround: restart the WAD process or reboot the FortiGate to recover the device count for the user device store list.

Web Filter

Bug ID

Description

766126

Block replacement page is not pushed automatically to replace the video content when using a video filter.

WiFi Controller

Bug ID

Description

869978

CAPWAP tunnel traffic over tunnel SSID is dropped when offloading is enabled.

873273

The Automatically connect to nearest saved network option does not work as expected when FWF-60E client-mode local radio loses connection.

ZTNA

Bug ID

Description

832508

The EMS tag name (defined in the EMS server's Zero Trust Tagging Rules) format changed in 7.2.1 from FCTEMS<serial_number>_<tag_name> to EMS<id>_ZTNA_<tag_name>.

After upgrading from 7.2.0 to 7.2.1, the EMS tag format was converted properly in the CLI configuration, but the WAD daemon is unable to recognize this new format, so the ZTNA traffic will not match any ZTNA policies with EMS tag name checking enabled.

Workaround: unset the ztna-ems-tag in the ZTNA firewall proxy policy, and then set it again.
Previous
Next