The VIP group hit count in the table (Policy & Objects > Virtual IPs) is not reflecting the correct sum of VIP members.

Promethean Screen Share (multicast) is not working on the member interfaces of a software switch.

On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly.

On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status.

FortiLink NAC matched device is displayed in the CLI but not in the GUI under WiFi & Switch Controller > NAC Policies > View Matched Devices.

New IPsec design tunnel-id still displays the gateway as an IP address, when it should be a tunnel ID.

Bandwidth widget does not display traffic information for VLAN interfaces when a large number of VLAN interfaces are configured.

WiFi & Switch Controller > Managed FortiAPs list does not load if there is an invalid or unsupported FortiAP configured.

After rebooting, the Licenses widget shows an Unable to connect to FortiGuard servers message for ten minutes.

On the policy dialog page, the Select Entries box for the Service field does not list all service objects if an IPv6 address is in the policy.

High iowait CPU usage and memory consumption issues caused by report runner.

When a VLAN belongs to a zone, and the zone is used in a policy, editing the VLAN ID changes the policy's position in the table.

On the Policy & Objects > Schedules page, when the end date of a one-time schedule is set to the 31st of a month, it gets reset to the 1st of the same month.

Workaround: use CLI to set schedules with an end date of 31st.

Incorrect information is being displayed for the HA role on the System > HA page.

Unable to load the Network > SD-WAN > SD-WAN Rules table sometimes due to a JavaScript error.

On the WiFi & Switch Controller > SSIDs page, multiple DHCP servers for the same range can be configured on an interface if the interface name contains a comma (,) character.

Unable to access GUI via HA management interface of secondary unit.

Intermittent error, Failed to retrieve FortiView data, appears on real-time FortiView Sources and FortiView Destination monitor pages.

GUI needs to allow the members of the software switch interface to be used in IPv4/IPv6 multicast policy.

The Network > Interfaces faceplate shows two SFP interfaces, which do not exist on that FortiGate model.

When upgrading the FortiGate firmware upgrade from FortiGuard, update the API description text for the file name.

On the System > HA page, a Failed to retrieve info caution message appears when hovering over the secondary unit's Hostname. The same issue is observed on the Dashboard > Status > Security Fabric widget.

On G-model profiles, changing the platform mode change from single 5G (dedicated scan enabled) to dual 5G is not taking effect.

On the View/Edit Entries slide-out pane (Policy & Objects > Internet Service Database dialog), users cannot scroll down to the end if there are over 100000 entries.

Due to an HA port (Intel i40e) driver issue, not all SW sessions are synchronized to the secondary, so there is a difference.

When private data encryption is enabled, all passwords present in the configuration fail to load and may cause HA failures.

When the internet service name management checksum is changed, it is out-of-sync when the auto-update is disabled on FortiManager.

HA A-P clusters keeps getting out-of-sync due to local VPN certificate.

Static ARP entry is removed after reboot or HA failover.

HA A-P virtual cluster information is not correctly presented in the GUI and CLI.

Session load balancing is not working in HA A-A configuration for traffic flowing via the VLAN interface when the port1 link is down on platforms with a 4.19 kernel.

After changing hyperscale firewall policies, it may take longer than expected for the policy changes to be applied to traffic. The delay occurs because the hyperscale firewall policy engine enhancements added to FortiOS may cause the FortiGate to take extra time to compile firewall policy changes and generate a new policy set that can be applied to traffic by NP7 processors. The delay is affected by hyperscale policy set complexity, the total number of established sessions to be re-evaluated, and the rate of receiving new sessions.

Unrelated background traffic gets impacted when changing a policy where a hyperscale license is used.

IPv6 traffic continues to pass through a multi-VDOM setup, even when the static route is deleted.

DSE entry is being created for ALG sessions, and EIF sessions pass through.

Interface routes under DHCP mode remain in LPMD after moving the interface to another VDOM.

Output of diagnose sys npu-session list/list-full does not mention policy route information.

FG-200E memory is not released and enters conserve mode, even after the traffic stopped.

IKE crashes after HA failover when the enforce-unique-id option is enabled.

NP7 offloaded egress ESP traffic that was not sent out of the FortiGate.

Get an intermittent error when running execute log fortianalyzer-cloud test-connectivity.

FortiGate appears to have a limitation in the syslogd filter configuration.

Archived Data tab is missing from intrusion prevention and application control log Details pane once log-packet is enabled.

The dstname log field cannot store more than 66 characters.

Policy ID filter is not working as expected.

On the Log & Report > ZTNA Traffic page, the client's Device ID is shown as [object Object]. The Log Details pane show the correct ID information.

Packet captured by firewall policy cannot be downloaded.

FortiCloud log statistics chart on the Log Settings page shows incorrect data.

FortiAnalyzer log statistics chart on the Log Settings page shows incorrect data.

Unable to view logs longer than 500 lines by scrolling down or using the drag down function.

Unable to mouse over an IP address in FortiGate logs.

Older Forward Traffic logs are not visible on the FortiGate with 1 hour, 24 hours, and 7 days time period after upgrading.

WAD crash occurs when TLS/SSL renegotiation encounters an error.

When an LDAP user is authenticated in a firewall policy, the WAD user-info process has a memory leak causing the FortiGate to enter conserve mode.

One WAD daemon is consistently using 99% CPU.

There is no replacement message for an IPS custom signature block in a proxy inspection mode firewall policy or proxy policy.

WAD crash occurs.

Traffic does not fail over to alternate path upon interface being down (FGR-60F in transparent mode).

When changing interfaces from dense mode to sparse mode, and then back to dense mode, the interfaces did not show up under dense mode.

Unable to configure IPsec static route.

Static routes are incorrectly added to the routing table, even if the IPsec tunnel type is static.

Traffic behaves differently for connected routes and IGP routes in an ADVPN or SD-WAN environment.

GUI does not allow an AS path to be to configured with multiple similar AS numbers.

Security Fabric widget and Fabric Connectors page do not identify FortiGates properly in HA.

The threat level threshold in the compromised host trigger does not work.

After adding a Fabric device widget, the device widget does not appear in the dashboard.

After authorizing a downstream FortiGate, an empty name and offline status appear in the device registration wizard.

Automation stitch trigger is not working when the threshold based email alert is enabled in the configuration.

Only the first ACI SDN connector can be kept after upgrading from 6.4.8 if multiple ACI SDN connectors are configured.

Security rating failed for custom LLDP profiles.

Security Rating report incorrectly lists the latest AP and switch firmware as unknown.

Various places in the GUI do not show the secondary HA device.

Updated empty group with SAML user does not trigger an SSL VPN firewall policy refresh, which causes the SAML user detection to not be successful in later usage.

Unable to select vip64 in nat64 firewall policy in the CLI if the srcintf is an SSL VPN interface.

FortiClient Windows cannot be launched with SSL VPN web portal.

FortiGate is not sending Accounting-Request packet that contains the Interim-Update AVP when two-factor authentication is assigned to a user (defined on the FortiGate) while connecting using SSL VPN.

Multiple DNS suffixes cannot be set for the SSL VPN portal.

The 40000cr4 port speed is not available under the switch-controller managed-switch port speed settings.

Layer 3 FortiLink does not come up after upgrading.

Poor CPS performance with VLAN interfaces in firewall only mode (NP7 and NP6 platforms).

After upgrading from 6.4.9 to 7.0.5, the FG-110xE's 1000M SFP interface may fail to auto-negotiate and cannot be up due to the missed auto-negotiation.

The threshold for conserve mode is lowered.

In FIPS-CC mode, if cfg-save is set to revert, the system will halt a configuration change or certificate purge.

Traffic loss occurs when running SNAT PBA pool in a hyperscale VDOM. The NP7 hardware module PRP got stuck, which caused the NP7 to hang.

CMDB checksum is not updated when a certificate is renewed over CMP, causing a FortiManager failure to synchronize with the certificate.

Get disk error message after changing disk usage to wanopt.

FortiGate in HA may freeze and reboot. Before the reboot, softIRQ may be seen as high. This leads to a kernel panic.

Unable to resolve sp***.saas.ap***.com on a specific VDOM.

Trusted hosts are not working correctly in FortiOS 7.2.1.

The GUI and API stopped working after loading many interfaces due to httpsd stuck in a D state (kernel I/O socket).

Can't find xitem. Drop the response. error appears for DHCPOFFER packets in the DHCP relay debug.

Network device kernel null pointer is causing a kernel crash.

Issue with the server_host_key_algorithm compatibility when using SSH on SolarWinds.

Link lights on the FG-1100E fail to come up and are inoperative after upgrading.

Observed Node exiting due to unhandled rejection error messages in crash log after upgrading to 7.2.1.

The Device detection option is missing in the GUI for redundant interfaces (CLI is OK).

RADIUS Access Request message needs to be sent when the client reconnects during firewall authentication session expiration.

FortiGate is not sending RADIUS accounting message consistently to RADIUS server for wireless SSO.

CAPWAP traffic is dropped when capwap-offload is enabled.

FG-1800F drops wireless client traffic in L2 tunneled VLAN with capwap-offload enabled.

Suggest replacing the IP Address column with MAC Address in the Collected Email widget.

Dynamic VLAN assignment is disabled in the GUI when editing an SSID with radius mac-auth and dynamic-vlan enabled.

The voice-enterprise value changed after upgrading.

The EMS tag name (defined in the EMS server's Zero Trust Tagging Rules) format changed in 7.2.1 from FCTEMS<serial_number>_<tag_name> to EMS<id>_ZTNA_<tag_name>.

After upgrading from 7.2.0 to 7.2.1, the EMS tag format was converted properly in the CLI configuration, but the WAD daemon is unable to recognize this new format, so the ZTNA traffic will not match any ZTNA policies with EMS tag name checking enabled.

Workaround: unset the ztna-ems-tag in the ZTNA firewall proxy policy, and then set it again.