Large file downloads may intermittently stall when flow-based UTM and SSL deep inspection are enabled.

FortiOS High Security Alert block page reference URL is incorrect.

An error is displayed when downloading a file from a browser with FortiSandbox scan-mode default enabled using an antivirus profile.

When logged in as an administrator with Security Fabric access permissions set to none, trying to create a new antivirus profile on the Security Profiles > Antivirus page shows an error.

Incorrect service and action values occur in AV logs when converting fields from bytes to strings.

FortiGate cannot connect to FortiSandboxCloud when inline content block scan mode is set to default in an antivirus profile.

When FortiGate is in HA AA mode, the secondary unit does not connect to all FSA types for inline scanning.

Remote TACACS+ administrators cannot edit application control profiles using the GUI due to transaction failure.

Workaround: TACACS+ administrators can make changes to the application control using the CLI or local administrators can make changes using the GUI.

DLP Reference check slide window is empty on Global level.

An upgrade issue may prevent the upload or download of large files using HTTP2.

When a DLP policy is set to block the upload or download of test PDF documents, the policy does not function as expected.

DNS server latency increases by 15 seconds when a request times out. This increase may give a perception that this server is unreachable or has a latency value that doesn't reflect real-world conditions.

When the DNS filter is enabled with external-ip-blocklist, the IPS Engine remains in D status for an extended period of time and the DNS session ends.

Support Encrypted ClientHello (ECH) in flow mode.

When IP is not resolved or does not exist, the DNS alters the response for the domain and results in a performance issue on the client device.

FortiOS experiences a CPU usage issue in the daemon when connecting to an EMS that has a large amount of EMS tags.

The WAD does not function as expected due to a memory allocation issue.

Website content does not load properly when using an explicit proxy.

The GUI-explicit-proxy setting on the System > Feature Visibility page is not retained after a FortiGate reboot or upgrade.

HTTP requests are forwarded to the server through a web proxy even when forward-server group-down is set to block.

In some cases, the explicit proxy policy list can take a long time to load due to a delay in retrieving the proxy statistics. This issue does not impact explicit proxy functionality.

Traffic that should not be matching a policy is incorrectly matching an allow policy or a deny policy.

FortiGate blocks pages when browsing websites though a transparent proxy-redirect policy on SD-WAN.

Traffic logs and security events cannot be viewed in the SASE portal caused by the WAD not functioning as expected.

If explicit webproxy uses SAML authentication and the PAC file is enabled at the same time, the browser will report a too many redirects error when trying to visit any websites.

Health check issues occur when forward server is configured in proxy mode firewall policy.

Debug daemon may be blocked while handling client connection and increases the GUI load time.

The proxy policy does not work as expected when the session-ttl value is greater than the global session-ttl value.

Files do not get uploaded on webmail applications with antivirus, app control, or IPS enabled on an explicit proxy policy.

The WAD may not forward HTTP requests through an explicit web proxy.

The server-down-option-block command does not work as expected when creating a connection to a forward proxy server.

Traffic is blocked when enabling EMS with custom client certificate in secure web proxy policy.

When FortiGate is configured as a downstream proxy with an FQDN type, browsing traffic may encounter a gateway timeout error.

Web pages do not load when persistent-cookie is disabled for session-cookie-based authentication with captive-portal.

FortiGate generates a replacement error message when the message-upon-server-error option is disabled.

Traffic is not blocked when HTTP request length exceeds the limit value set in web-proxy global.

On FortiGate, the diagnose netlink interface list command shows no traffic running through the policy, even with NP offload enabled or disabled.

Local-in policy does not deny IKE UDP 500/4500.

On the Query > Routing Menu page in FortiManager, the routing table does not include the static or BGP types in get router info routing-table all.

On the NP7 platform, traffic is blocked when egress-shaping-profile and outbandwidth are enabled on a VLAN parent interface.

On FortiGate 7000 models, the hit counter on the FortiManager GUI does not display the correct values.

Corner case: failure to download file from web server with Proxy mode inspection and AV/IPS enabled.

On an FG-3001F NP7 device, packet loss occurs even on local-in traffic.

Packet drop occurs when NP7 SCTP CRC check is enabled.

On the Policy & Objects > Firewall Policy page, the Log violation traffic checkbox displays as being unchecked when the policy is configured and reopened for editing. This purely a GUI display issue and does impact system operation.

On the Policy & Objects > Addresses page, address objects are not sorted in alphabetical order for address group or firewall policies.

The source interface displays the name of the VDOM and local out traffic displays as forward traffic.

Adding IPv6 address group memberships to a policy using FortiGate REST API does not work as expected.

On the Policy & Objects > Firewall Policy page, the Firewall/Network options are missing in the GUI when enabling a security profile group in a policy.

When a schedule is added to a firewall policy, the schedule is not activated at the time configured in the policy.

On the Policy & Objects > Firewall Policy page, when searching for an address object with a comment keyword, no results are displayed.

On FortiOS, the Dashboard > FortiView Destination Interfaces, Dashboard > FortiView Source Interfaces pages, and Policy & Objects > Firewall Policy > Edit Policy page display incorrect bandwidth units.

SNAT type port-block-allocation does not work as expected in NAT64.

When editing object address on the Policy & Objects > Addresses page, the GUI does not function as expected if the address being edited contains a slash character.

FortiGate creates dummy destination IP logs when pinging a FortiGate VIP.

On the Policy & Objects > Firewall Policy List page, the Interface Pair View does not display policies alphanumerically and by interface alias.

When creating a new policy using the GUI in TP mode, NAT is automatically enabled.

On the Policy & Objects > Firewall Policy page, searching for service port numbers in the Firewall Policy list does not return any results.

On the Policy & Objects > Firewall Policy page, firewall policies with FQDN show as unresolved in the table.

On the Policy & Objects > Firewall Policy page, when hovering over addresses in the Source or Destination columns, the tooltip window does not scroll when there are a large number of addresses.

After editing a policy on the Interface Pair View window on the Policy & Objects > Firewall Policy page, the display order changes.

Registration issues occur when GTP tunnel timeout expires.

Cannot set profile-group in firewall policy when inspection-mode is proxy.

The DHCPv6 client does not work with vcluster2.

On FortiGate 7000 models, the Power Supply status displays as Normal in the GUI when there is a logged power failure.

On the Query > Routing Menu page in FortiManager, the routing table does not include the static or BGP types in get router info routing-table all.

IPv6 ECMP is not supported for the FortiGate 6000F and 7000E platforms. IPv6 ECMP is supported for the FortiGate 7000F platform.

On FortiGate 7000 models, the hit counter on the FortiManager GUI does not display the correct values.

A permanent MAC address is used instead of an HA virtual MAC address during automation.

On the Policy & Objects > Firewall Policy page, address entries cannot be edited using the Edit button from the tooltip pop-up window.

Under normal conditions, a FortiGate 6000 or 7000 may generate event log messages due to a known issue with a feature added to FortiOS 7.2 and 7.4. The feature is designed to create event log messages for certain DP channel traffic issues but also generates event log messages when the DP processor detects traffic anomalies that are part of normal traffic processing. This causes the event log messages to detect false positives that don't affect normal operation.

For example, DP channel 15 RX drop detected! messages can be created when a routine problem is detected with a packet that would normally cause the DP processor to drop the packet.

Similar discard message may also appear if the DP buffer is full.

High latency occurs when sending UDP fragments through FortiGate at high rates.

DHCP response issues occur when traffic is tagged and sent via LAN extension method.

Incorrect SLBC traffic-related statistics may be displayed on the FortiGate 6000 or FortiGate 7000 GUI (for example, in a dashboard widgets). This can occur if an FPC or FPM is not correctly registered for statistic collection during startup. This is purely a GUI display issue and does not impact system operation.

Full-cone NAT support for 7KF.

On FortiGate 6000 and 7000 models, interested traffic cannot trigger the IPsec tunnel.

On FortiGate 7000, if gtp-mode is enabled and then disabled, after disabling gtp-enhanced mode and rebooting the device, traffic is disrupted on the FIM and cannot be recovered.

IPv6 routes are not fully synchronized between HA primary and secondary units.

After a firmware upgrade, the configuration does not synchronize because the SDN connector password is unmatched.

On FortiGate 7000E and 7000F models in an HA cluster, FortiGate experiences a split brain scenario between the primary and secondary units when the primary unit is rebooted.

On FortiGate 6000 models in an HA cluster, the secondary unit does not send out logs when an interface is configured.

FortiGate displays an erroneous error for high/low warning alarms. SFP data transfer functions as expected.

On FortiGate 6000 models in an HA cluster, the secondary unit does not send out automated stitch emails for certain events.

On the Dashboard > FortiView Websites page, the Category filter does not work in the Japanese GUI.

On wide resolution screens, the GUI-based CLI console widget has text overlap display issues on very wide screens.

On the System > Interfaces page, the set monitor-bandwidth setting is not automatically disabled set when the interface bandwidth monitor for a port is deleted.

On the Firmware & Registration page, the GUI displays a Cannot determine mkey for cmdb source entry. error message. This is purely a GUI display issue and does not impact system function.

GUI dashboards show all the IPv6 sessions on every VDOM.

The hsts-max-age is not enforced as set under config system global.

FortiGate GUI should not show a license expired notification due to an expired device-level FortiManager Cloud license if it still has a valid account-level FortiManager Cloud license (function is not affected).

On the Security Profiles > Inline-CASB page, when a SaaS application is added to a CASB profile, the option is not grayed out and the SaaS application can be added again.

On the FortiGate GUI, IPsec or GRE configurations are missing when using set type tunnel.

A GTP profile cannot be applied to policy using the GUI.

Node.JS restarts and causes a kill ESRCH error after an upgrade.

The Node.JS daemon restarts with a kill ESRCH error on FortiGate after an upgrade.

The CLI GUI console is disconnected after creating a new VDOM.

When saving a packet capture, the file name saves as a generic file name with no identifiable information.

The Node.JS restarts and causes a Cannot read properties of undefined (reading 'on') error on FortiGate after an upgrade.

When changing administrator account settings, the trusthost10 setting is duplicated.

On the FortiGuard page, when setting a schedule using the Scheduled updates option on the GUI, the CLI displays the wrong value.

FortiGate may experience a memory usage issue with the node daemon once a connection is closed.

On the FortiGate GUI, inter-VDOM links are not available for packet capture.

The category action change is not saved if the category number is the same as the existing entry ID.

The Node.JS restarts and causes an Error: The socket was closed while data was being compressed error.

An error condition in httpsd occurs when accessing api_cmdb_is_cacheable on FortiGate-201E v7.6.0

When workspace configuration save mode is set to manual in the System > Settings, configuration changes made on the primary unit and then saved do not synchronize with the secondary unit when one of the cluster units are rebooted or shutdown after the change.

In HA mode, FortiGate uses ha-mgmt-interface as the portal for the DNS resolver, even if this port may not be able to reach the DNS server.

When configuring VDOMs in an HA cluster, the VDOM assigned to the VDOM link in vcluster2 active on the secondary unit is incorrect.

Session synced with FGSP does not allow immediate failover when UTM is enabled in flow mode.

The Fabric Management page displays inconsistent information when accessed through secondary HA units on some FortiGate models.

When uploading certificates, HA can go out of synchronization.

After restoring a VDOM configuration, the HA is not synchronized.

An issue with hasync in the secondary unit may cause FortiGate to enter into conserve mode.

When the HA management interface is set a LAG, it is not synchronized to newly joining secondary HA devices.

A secondary HA unit may go into conserve mode when joining an HA cluster if the FortiGate's configuration is large.

FortiGate in an HA setup has an unnecessary primary unit selection when a new member joins or reboots one member in the VC cluster when the VC has more than 2 units.

HA-direct remains enabled when declining confirmation after setting HA-direct option.

The VMware SDN connector does not respect the ha-direct setting and uses the management interface, causing traffic to be dropped.

Error message occurs when configuring HA management interfaces from GUI at hyperscale system.

Local out traffic from the primary HA unit uses the wrong interface when SNMP points to the secondary HA unit.

Using RADIUS login on the secondary unit does not work as expected when trying to login to the primary and secondary units at the same time.

When downgrading to a 7.2.x firmware version, an error message displays on the primary HA device and does not get removed when the device is rebooted.

Both FGTs appear as primary in an HA virtual cluster during setup of two HA virtual clusters.

Hitless failover issues occur when FortiGate is in WAN-extension CAPWAP mode.

After a factory reset, the FortiGate HA cluster may remain out of synchronization between the primary and secondary units.

When upgrading a FortiGate VM Analyzer, a CPU usage issue causes the auto scale cluster to go out of synchronization.

A WAD processing issue causes the SNMP to not respond in an HA cluster.

In a FortiGate HA configuration, the tunnel connection to FortiManager is disrupted due to a mismatched serial number and local certificate issue.

In an FGSP cluster configuration running in TP mode, reply traffic in asymmetric flow is not offloaded to NP.

Network traffic may be disrupted due to a linking issue with upstream routers.

When creating a new VDOM in an HA configuration, FortiGate may not operate as expected due to an hasync issue.

In an HA cluster on the SCO4 platform, the secondary unit enters a continuous rebooting cycle due to an interruption in the kernel after a firmware upgrade.

On the System > HA page, all HA vcluster device roles display as Primary in the Role column.

HA sessions are not synchronized properly causing a high number of sessions on the primary unit and the standby unit enters into conserve mode.

During a firewall failover, the multicast traffic is not forwarded within an appropriate time frame.

In a HA cluster using FGSP mode, the primary and secondary units cannot synchronize the lease agreements due to a synchronization issue with the DHCP server.

SCTP session sync issue occurs when protocol state is in closing stage.

When DoS policies are used and the system is under stress conditions, BGP might go down.

TCP or UDP timer profiles configured using config-system npu may not work as intended.

The Gentree Compiler is enabled by default on all NP7 platforms for threat feed support.

New primary can get stuck on failover with HTTP CC sessions.

Harpin traffic may not work due to a rare situation caused by a race condition.

Resource usage issues caused by changing ippool for hyperscale case.

When modifying existing policies with a BOA loaded configuration, NPD is not working as expected.

When Hyperscale logging is enabled with multicast log, the log is not sent to servers that are configured to receive multicast logs.

The template for the netflow v9 log packets is not included in the configuration.

After FTP traffic passes, the npu-session stat does not display the accurate amount of actual sessions on FortiGate.

Logs are not sent out from FGT with log2host setting when log-server becomes reachable, and it has correct dmac.

When rebooting the secondary unit in an FGSP setup, the session information is not visible in the secondary unit.

The NPD process is interrupted in a Hyperscale VDOM configuration after an upgrade and sessions are not setup on hardware.

Log cache is not cleared and holding the wrong dmac for unreachable gateway.

syslog over TCP not working.

The number of IPS sessions is higher than kernel sessions, which causes the FortiGate to enter conserve mode.

In an FGSP setup running emix traffic, nTurbo values run in the negative.

In rare cases, the IPS engine may not handle buffer overflow.

nTurbo passes the wrong ID to the IPS engine when the set vrf value is above 32.

When applying an IPS profile with offloading enabled, WLAN authentication does not function as expected caused by EAP transaction timeouts.

ISDB is shown in 'diag test app ipsmonitor 1' output when IPS/AppCtrl feature are not enabled.

HTTPS connections to a Virtual IP (VIP) on TCP port 8015 are incorrectly blocked by the firewall, displaying an IPS block page even when no packet from the outside to TCP port 8015 should reach the internal VIP address.

The IPS DB is not preserved when upgrading to 7.2.5 or later.

Because of how IPS handles long-lived nTurbo sessions, throughput capacity may be reduced after an FGCP HA failover. Once all failed-over nTurbo sessions have been completed, throughput will return to normal.

FortiGate experiences a CPU usage issue which may lead to an interruption in the kernel when dos-policy is enabled.

IPS engine attempts to use FortiGuard for vulnerability lookup even though FMG is configured as override server in a closed network, causing vulnerability lookup to fail.

IPsec VPN fails to connect if ftm-push is configured.

IPsec VPN types are not saved to the configuration when edited using the GUI.

Traffic does not pass through an vpn-id-ipip IPsec tunnel when wanopt is enabled on a firewall policy.

After a third-party router failover, traffic traversing the IPsec tunnel is lost.

IKEv2 authorization with an invalid certificate can cause tunnel status mismatch.

After an upgrade, L2TP/IPsec connections using the RIP protocol do not function as expected.

Changes to the IPsec tunnel type from a static to dialup user on the GUI does not change the actual configuration.

Editing existing IPsec aggregate members does not update in the bundle list.

Unable to send all prefixes through FortiClient using dial-up IPsec VPN split tunnel to macOS devices.

VPN traffic does not pass between VDOMs through intervdom links.

On FortiGate, firewall address groups created using the VPN wizard cannot be edited.

When ASIC offload is enabled and packet size is larger than 1422, FortiGate does not generate an ICMP Type 3, Code 4 error message.

Unable to create a FortiClient dial-up VPN with certificate authentication because a peer CA certificate cannot be selected.

Traffic loss is experienced on inter-region ADVPN tunnels after phase 2 rekey.

A peername conflict error occurs when users configure static tunnels and then dynamic tunnels. There is no conflict when done in the reverse order.

Using IPSec over back to back EMAC VLAN interfaces does not work as expected with NPU offload enabled.

The iked does not function as expected due to a misplaced object being created in the secondary HA during failover.

IPsec VPN tunnel phase 2 instability after upgrading to 7.4.2 on the NP6xlite platform.

On NP7 platforms that are used a hub in a hub and spoke configuration, traffic packets are dropped on IPsec tunnel spokes due to an anti-replay error.

When an ipip tunnel over IPsec is configured, the configuration may cause running traffic to access the deleted SA.

Iked may experience an interruption in operation resulting in all VPN tunnels going down.

If there are more than 2000 dialup IPsec tunnel interfaces used in multiple FGT firewall polices, and IKE policy update may not able to complete before IKE watchdog timeout.

On the VPN > IPsec Tunnels page, after creating an IPsec tunnel in phase 2, the Named Address field does not show any results.

On the VPN > IPsec Tunnels page, when language setting on FortiOS is set to anything other than English, the Status column displays active (green up arrow) when the tunnel is inactive.

A second IPsec tunnel cannot be added on different IP versions that use the same peerid.

After a peer-side interface shutdown and reboot, the dpd status does not return to OK, even when the peer-interface is up and SA renegotiated.

IPsec VPN traffic does not pass over the tunnel when the HA heartbeat cable is reconnected.

IPSec VPN tunnel does not go down when the VPN peer route is removed from the routing table.

FortiGate does not unregister the net_device causing the unit to encounter a performance issue.

Tunnel traffic is encrypted as FortiGate-ESP packets when transport is UDP and FortiGate-ESP is enabled.

When QKD dialup is enabled, IKE SA cannot establish a connection and generates an error.

Disk logging files are cached in the kernel, causing high memory usage.

An interruption may occur in the daemon locallogd when the system is in memory conserve mode.

On the Log & Report > Forward Traffic page, when running version 7.2.3 of FortiGate, log retrieval speed from FortiAnalyzer is slow.

FortiAnalyzer report is not available to view for the secondary unit in the HA cluster on the Log & Report > Reports page.

The monitor-failure-retry-period is not working as expected when the log daemon restarts the next oftp connection after a connection timeout.

On FortiGate, the locallogd process encounters a CPU usage issue for a few minutes after a reboot or a restart.

Frequent API queries to add and remove objects can result in a memory usage issue on FortiGate.

When a log output is generated, the position of the rawdata field is not consistent, causing some information to be missing.

Add log when duplicate IP detected.

After upgrading to version 7.0.14, the system event log generates false positives for individual ports that are not used in any configuration.

FortiOS may not function as expected when the miglogd application attempts to process logs.

ReportD does not function as expected when event logs have message fields over 2000 bytes.

The miglogd does not function as expected due to a CPU usage issue.

When uploading the log file to the FTP server, some parts of the log files are not included in the upload.

On the Log & Report > System Events page, the log displays an FortiGate has experienced an unexpected power off error message when an interruption occurs in the kernel.

The miglogd does not forward log packages to FortiAnalyzer due to a memory usage issue.

User equipment IP addresses are not visible in traffic logs.

A memory usage issue in the fgtlogd daemon causes FortiGate to enter into conserve mode.

The IPS engine sends a high frequency of IoT device queries even when the device identification is set to disabled.

SD-WAN information is not logged in forward traffic logs for certain IPv6 traffic.

The appcat field location is inconsistently placed in the system log.

Traffic log fields for applications are missing when proxy-inline-IPS is enabled.

A system log message is not generated when syslogd setting is enabled or disabled in the GUI or CLI.

On FortiGate, a CPU usage issue occurs in the locallogd.

When the kernel API tries to access the command buffer, the device enters D state due to a kernel interruption.

DNS proxy may resolve with an IPv4 address, even when pref-dns-result is set to IPv6, if the IPv4 response comes first and there is no DNS cache.

FortiGate experiences a CPU usage issue and halts traffic when there are a large amount of addresses and external resource is updated frequently.

CPU usage issue in WAD caused by source port exhaustion when using WAN optimization.

When a forward server with proxy authorization is configured with certain traffic, a memory usage issue in the WAD process interrupts to operation of FortiGate.

On FortiGate, a memory usage issue in the WAD may cause the unit to enter into conserve mode.

On FortiGate 6000 models, when an explicit proxy is configured, the TCP 3-way handshake does complete as expected.

TLS session blockage occurs when encrypted-client-hello extension is detected in ClientHello.

After an upgrade, FortiOS encounters an error condition in the application daemon wad caused by an SSL cache error.

After upgrading from version 6.4.13 to version 7.0.12 or 7.0.13, FortiGate experiences a memory usage issue.

Certificate validation fails on FortiGate/FortiProxy when using root CAs with identical subjects but distinct public keys and serial numbers.

On FortiGate, the WAD daemon does not work as expected due to a NULL pointer issue.

RPM files could not be blocked in HTTP downloading on Box Cloud website in proxy mode.

On FortiGate 61E and 81E models, a daemon WAD issue causes high memory usage.

An error condition in WAD occurs when executing vulnerability lookup responses on FortiGate-1101E

SSL Logs show certificate-probe-failed error when web profile is enabled.

TCP connections are not distributed properly when src-affinity-exempt is enabled.

The proxy policy does not validate IP addresses in the XFF when an HTTP address is sent by AGW.

When proxy-based policies are enabled, HTTP2 resources cannot be accessed.

FortiGate may not work as expected due to an error condition in the daemon WAD.

Memory usage increase for WAD process.

The proxy inspection mode policy is deleted from the configuration without notification after an upgrade.

Deep inspection and web filter for an explicit proxy policy do not work if profile-protocol-options has additional ports for HTTP.

High memory usage in WAD causes FortiGate to enter into conserve mode.

On FortiGate, a memory usage issue in the WAD causes the unit to enter into conserve mode.

Due to the removal of proxy-related options in devices with 2GB, within firewall profile-protocol-options, SSH and MAPI are not supported.

An HTTP2 stream issue causes an error condition in the WAD.

Starting from version 7.4.4, FortiOS no longer supports proxy-related features for FortiGate models with 2 GB RAM or less. When upgrading from FOS 7.4.3 or earlier to later versions, the UTM profile feature set was not properly changed from proxy to flow.

When some regex objects do not match the policy, it can result in all other objects in the same policy to not match.

Change the default value of cert-probe-failure in firewall ssl-ssh-profile to allow.

An IMAP connection to an external application email server is not established in a proxy mode policy with DPI enabled.

A memory usage issue occurs in the WAD daemon process for wad-config-notify.

Some websites cannot open subpages when the HTTP2 header value exceeds 16MB.

In an HA setup with vCluster, a CMDB API request to the primary cluster does not synchronize the configuration to the secondary cluster.

REST API query /api/v2/monitor/system/ha-peer does not return the primary attribute of an HA cluster member.

Packet capture issues occur when starting packet capture on an LAN extension interface.

Discrepancy in external resource handling occurs when making requests over the in-band management IP of passive units in HA AP clusters.

In SD-WAN with interface-select-method enabled, if link performance is affected, local out traffic continues on the same link.

The dashboard Session widget cannot display the correct IPv6 session count per VDOM.

lpmd fails to correctly handle different VRFs, treating all as vrf 0, causing improper route management and affecting network traffic isolation.

On the Network > Static Routes page, VRF information does not display in the VRF column.

On the Network > SD-WAN > SD-WAN Rules page, member interfaces that are down are incorrectly shown as up. The tooltip on the interface shows the correct status.

FortiGate cannot ping an IPv6 loopback address.

The link-down-failover command does not bring the BGP peering down when the IPsec tunnel is brought down on the peer FortiGate.

SD-WAN health checks are not deleted after all related references are removed when applied over ADVPN.

The ICMP_TIME_EXCEEDED packet does not follow the original ICMP path displays the incorrect traceroute from the user.

On the Network > BGP > Neighbor Groups page, an error message is shown under IPv4 Filtering for routes that are already have in and out routes configured in the GUI.

On FortiGate 1800F models, the VXLAN tunnel on a Loopback interface does not match SD-WAN rules.

When accessing the ZebOS in chroot, the ospfd does not work as expected.

The IPv6 route with dynamic gateway enabled cannot be configured after an upgrade and reboot.

VXLAN does not match SD-WAN rule when a service is specified.

A BGP neighbor over GRE tunnel does not get established after upgrading due to anti-spoofing not functioning as expected.

Existing dcerpc sessions do not follow SD-WAN rules for routing tables.

BGP Stale routes do not function as expected in an HA configuration.

FortiGate routes traffic to an interface with a physical status of DOWN.

OSPF logs for neighbor status are not generated when using multiple VRFs.

When renewing the LTE WWAN IP, some packets are sent using the old IP address causing traffic to drop.

In a hub and spoke configuration, the spoke cannot resolve BGP routes to HUB when a shortcut is established.

The default configuration of the Fabric Overlay Orchestrator causes concurrent disconnects with the BGP.

The OSPF daemon does not function as expected causing routing to stop working after an HA cluster failover.

FortiGate does not advertise default route to its EBGP neighbor when capability-default-originate is enabled.

When modifying an address in VDOM DAF, the session is routed to the default static route instead of the policy routing.

The set-regexp command does not function as expected in the extcommunity-list.

FortiGate does not automatically add the set LTE dynamic route to the routing table.

After an HA failover and the SD-WAN neighbor role is selected as the primary, the SD-WAN service with role set as primary is disabled.

The OSPF process encounters a CPU usage issue when there are a high number of prefixes and redistribute bgp is enabled.

On the Network > Routing Objects page, route map objects cannot be edited and saved.

In a hub and spoke configuration, the IPsec SA MTU calculation does not match with the vpn-id-ipip encapsulation resulting in a fragmentation issue.

When adding a route using SD-WAN zone, there is no overlap check on existing gateway IP addresses which prevents routes from being added.

When the SNAT does not match the outgoing interface during failover from the secondary to the primary, SD-WAN traffic does not failover back to the primary WAN.

SD-WAN SLA shows intermittent disruptions of packet loss on all links simultaneously, even though there is no actual packet loss.

FortiGate encounters a duplication issue in a hub and spoke configuration with set packet-duplication force enabled on a spoke and set packet-de-duplication enabled on the hub.

IBGP routes are not accepted on the neighbor-group with remote-as-filter.

On the Network > Routing Objects page, the Set AS path on the Edit Rule pane does not allow the use of the full range AS numbers.

When setting a prefix using the set prefix option, the prefix entry is created using a default route instead of the desired configuration.

BGP multipath routing does not work as expected in a BGP confederation setup.

HTTPS/SSH traffic fails on the interface when policy routing is enabled due to incorrect ARP requests from cached routes.

Egress shaping profile application issue occurs when using static tunnels on IPsec spoke

When running a security rating check, the security rating endpoints do not use the latest endpoint data.

On FortiOS, GUI access can be prevented when requesting a security rating over CSF from FortiAnalyzer.

After deauthorizing a downstream FortiGate from the System > Firmware & Registration page, the page may appear to be stuck to loading.

On the Security Fabric > Automation page, the webhook request header does not contain Content-type: application/json when using the JSON format. This causes Microsoft Teams to reject the request.

Erroneous memory allocation resulting in unexpected behavior in csfd after upgrading.

On the Security Fabric > External Connectors page, the comments are not working as expected in the threat feed list for the domain threat feed.

FortiGate shows the wrong notification to setup an upstream device that is not a FortiGate to the Security Fabric.

Threat Feed connectors in different VDOMs cannot use the source IP when using internal interfaces.

The Security Fabric root device takes longer than expected to synchronize with downstream secondary HA devices in an HA configuration.

In certain scenarios, dynamic addresses managed by the Azure SDN connector may be removed leading to potential network interruptions.

An issue with the csfd results in FortiGate being disconnected from the Security Fabric.

When renaming an existing address name on a downstream FortiGate from the root FortiGate, a new address is created on the downstream FortiGate with the updated name.

During a full fabric upgrade where a PoE powered device (PD) connected to a Power Sourcing Equipment (PSE) are upgraded, the upgrade of the PD may be interrupted if the PSE finishes upgrading first, causing a boot loop on the PD. This behavior is now avoided by performing upgrades on PDs first before upgrading PSEs and the FortiGate itself.

STIX threat feeds cannot download properly due to a JSON parsing issue.

Automation stitches are not synced to downstream FortiGate memory when using CSF external sync API.

The SDN Connector for nutanix does not return all the entries.

Configuration issue occurs when setting low-end FGT as CSF root.

On the System > Firmware & Registration page, the firmware information for the secondary device is not shown when the Security Fabric is enabled in the GUI.

Internal REST API requests are routed through the httpsd CSF proxy, leading to issues with chunked encoding for large responses and blocking behavior.

kubed crashed with signal 6 (Aborted) when testing kubernetes sdn connector during robot auto test.

Incorrect FortiGates field is displayed in GUI when automation-destination is configured.

Intermittent behavior in samld due to an absent crucial parameter in the SP login response may lead to SSL VPN users experiencing disconnections.

SSL VPN crashes on corporate FortiGate due to watchdog timeout when a single connection enters an infinite loop of read iterations and the worker process becomes unresponsive to new connections

When editing a security policy, the custom signature is removed from the policy.

The two-factor-fac-expiry command is not working as expected for remote RADIUS users with a remote token set in FortiAuthenticator.

When the GUI tries to write a QR code for the SSL VPN configuration to the file system to send in an email, it tries to write it in a read-only folder.

When changing SSL VPN access in the Restrict Access field to Allow access from any host and enabling the Negate Source option on the VPN > SSL VPN page, the changes made in the GUI are not reflected in the CLI.

When generating function backtrace in crash logs for ARM32, SSL VPN frequently crashes due to segmentation faults.

The SAML DB Insert does not function as expected and causes a CPU usage issue.

When RDP is accessed through SSL VPN web mode, keyboard strokes on-screen lag behind what is being typed by users.

FortiGate does not respond to ARP packets related to SSL VPN client IP addresses.

Security vulnerability occurs when SSL VPN performs early validation on incoming HTTP messages from clients.

SSL VPN OS checklist does not include minor version numbers of macOS 13 and 14.

A CPU usage issue occurs in the tvc daemon when the vpn server cannot be reached.

SAMLD encounters a memory usage issue, preventing successful login attempts on SSL VPN.

The SSL VPN IP pool may get exhausted when tunnel-connect-without-reauth is enabled.

OneLogin SAML does not work with SSL VPN after upgrading to 7.0.15 or 7.4.3.

SSL VPN encounters a CPU usage issue in the daemon after updating the language from the GUI.

NAS-IP per SSL-VPN realm does not work as expected under the config vpn ssl web realm after upgrading firmware.

SSH and telnet service disruption occurs when hterm_all.js is incorrectly removed in SSL VPN web portal.

When using an SSL VPN quick connection in web mode, web page images are distorted.

SSL VPN does not work as expected if an LDAP user UPN exceeds 35 characters.

A non-default LLDP profile with a configured med-network-policy cannot be applied on a switch port.

On the WiFi & Switch Controller > WiFi maps page Diagnostics and Tools panel, and on the WiFi & Switch Controller > FortiSwitch Clients page, the status of the LACP interface is incorrectly shown as down when it is up.

This is a GUI issue that does not affect the operations of the LACP interface. To view the correct status of the LACP interface, go to the WiFi & Switch Controller > FortiSwitch Ports page, or use the CLI.

After configuring the switch-controller lldp-profile, the changes are not reflected in the CLI when the show switch-controller lldp-profile command is run.

On the WiFi & Switch Controller > Managed FortiSwitches page, ISL links do not display as solid connections.

On the System > Firmware & Registration page, after upgrading the version 7.4.2, the FortiSwitch shows as not registered in the GUI.

The access-mode and storm control policy commands are not visible in FortiGate clusters causing them to go out of synchronization and does not send updated configurations to the FortiSwitch.

On the WiFi & Switch Controller > Managed FortiSwitches > Upgrade page, the FortiGuard option is not available to upgrade when new firmware is available.

The switch-controller managed-switch ports' configurations are getting removed after each reboot.

DPP matching issues occur when multiple devices are connected to the same DPP port.

On the WiFi & Switch Controller > FortiSwitch Ports page, changes made to the Allowed VLANs and Native VLAN columns are not saved when edited on the GUI.

FortiGate in an HA configuration goes out of synchronization due to a split-port interface on FortiSwitch.

FortiGate does not work as expected due an issue with a null variable in the cu_acd.

CPU usage issues observed during flcfgd iteration over WAD user-device-store entries in FortiLink setup.

VDOM settings are removed after rebooting FortiGate in TP mode with multiple VDOMs enabled.

FortiGate enters into conserve mode due to a memory usage issue.

In a certain edge case, traffic directed towards a VLAN interface could cause an kernel interruption.

CPU usage issue in miglogd caused by constant updates to the ZTNA tags.

GRE traffic is still allowed to flow through when the GRE interface is disabled.

On FortiGate, fragmented packets with specific flow types are not forwarded to the correct ports on a LAG interface.

On the Network > Interfaces page, hardware and software switches show VLAN interfaces as down instead of up. The actual status of the VLAN interface can be verified using the command line.

Possible infinite loop can cause FortiOS to become unresponsive until the FortiGate goes through a power cycle.

The FortiGate console prints check_gui_redir_file: No such file or directory after rebooting.

A memory usage issue occurs when multiple threads try to access VLAN group.

On FortiGate, the software switch does not send an ARP reply from OIF.

When an EMAC VLAN interface is set up on top of a redundant interface, the kernel may encounter an error when rebooting.

The passthrough GRE keepalive packets are not offloaded on NP7 platforms.

A FortiGate with 2 GB of memory enters conserve mode when a node uses 20% of the memory.

SCTP traffic does not get forwarded by a connected hardware switch on FortiGate.

On NP7 platforms, the FortiGate maybe reboot twice when upgrading to 7.4.2 or restoring a configuration after a factory reset or burn image. This issue does not impact FortiOS functionality.

The private-data-encryption configuration does not use the configured private key.

Administrators with read-write permission for WiFi and read permission for network configuration cannot create SSIDs on the System > Administrator Profiles page.

Traffic forwarding on Dialup VPN IPSec does not work as expected when npu-offload is enabled.

On NP7 platforms, egress shaping on a physical interface is not enforced on traffic according to the shaping profile definition.

On FortiGate 401F and 601F models, the CR mediatype option on x5-x8 ports is not available.

DAC cable between FortiGate and FortiSwitch stops working after upgrading from 7.2.6 to 7.2.7.

FortiGate 200F experiences a performance issue due to Marvell switch HOL mode.

When a different transceiver type is added to FortiGate, the new transceiver information does not update in the GUI or CLI.

On FortiGate 80F models, the 100FULL speed option is not available for the SPF port.

FortiGate 2600F does not set 10G ports to 100G.

FortiGate 200F experiences slow download and upload speeds when traversing from a 1G to a 10G interface.

VLAN traffic is stopped when created on LACP with split-port-mode configured.

After upgrading FortiGate and not changing any configuration details, the output of s_duplex in get hardware nic port command displays Half instead of Full. This is purely a display issue and does not affect system operation.

FortiGate experiences packet drop when egress-shaping-profile is applied to a LAG interface.

TCP traffic is classified as ip-frag and dropped when HPE entries are incorrectly configured in FortiOS versions prior to the fix.

The ipmcsensord does not work as expected when executing sensor-related commands before the high-end device sensor finishes booting up.

When restoring a FortiGate from a backup configuration, the device enters into system maintenance mode and is not accessible.

On the FortiGate 90xG models, the ULL interfaces for x5 - x8 are down after being set to 25G speed.

With NGFW mixed traffic, FortiGate experiences a CPU usage issue.

On FortiGate, the device may not work as expected due to a memory usage issue with the cmdbsvr.

FortiGate does not show additional speed options outside of auto on a WAN interface.

After an upgrade on FortiOS, the kernel operation is interrupted and reboots due to a switch command issue.

The locallogd process may cause a CPU usage issue on FortiGate.

On FortiGate, the multicast session walker is rescheduled on the same CPU instead of the next CPU.

FortiGate may generate a Power Redundancy Alarm error when there is no power loss. The error also does not show up in the system log.

On FortiWiFi 81F-2R-3G4G-POE models, GPS service cannot be activated.

SNMP ifSpeed OID show values as zero on VLAN interfaces in hardware switches.

FortiGate does not show QoS statistics in the diagnose netlink interface list command when offloading is disabled in a firewall policy and IPsec phase 1 tunnel on NP7 platforms.

After an integrity check, the dates on the hash files do not match causing a false positive error message.

After an upgrade, FortiGate receives a PSU RPS LOST traps error despite not having any RPS connected.

On FortiGate, TCP and UDP traffic cannot pass through with dos-offload enabled.

A kernel interruption on FortiGate prevents it from rebooting after an upgrade with a specific configuration.

VLAN/EMAC VLAN traffic is unexpectedly blocked under certain conditions.

Support Kazakhstan time zone change to a single time zone, UTC+5.

After restoring a configuration on FortiGate with the interface changed from aggregate to physical, the interface switches back to aggregate and cannot be changed back to physical.

FortiGate prevents select interface a as an option for traceroute, ssl, and telnet services.

On SoC3/SoC4 platforms, a kernel interruption may occur when running WAD monitoring scripts.

CPU usage issue in WAD after upgrading from 7.4.1 to 7.4.3 when using address group member.

After deleting a redundant port on FortiGate, the port does not register as being available and generates an error.

FortiGate running firmware 7.2.7, the device encounters an error condition in the application daemon.

FortiGate incorrectly sends set csr instead of set certificate to FortiManager after auto enrolling a certificate using SCEP.

Administrator accounts using an admin profile with only FortiGuard Updates read-write permissions cannot open the FortiGuard page.

FortiGate may encounter a memory usage issue on the flpold process, causing the primary and secondary units to go out of synchronization.

The I2C bus becomes stuck during an upgrade due to an error in the switch-config-init command.

Traffic does not hit a new policy created in the GUI or CLI due to an auto-script command issue.

Outgoing traffic from EMAC-VLAN uses default cos tag when traffic is not offloaded.

On FortiGate, a slab memory usage issue causes the device to enter into conserve mode.

Jumbo frame packets do not pass through all split ports and may cause packets to drop.

Some FortiGate models on NP6/NP6Lite/NP6xLite platforms experience unexpected behavior due to certain traffic conditions after upgrading to 7.2.8. Traffic may be interrupted momentarily.

On some FortiGates, 25 GB transceivers are displayed as 10 GB transceivers in the get system interface transceiver command.

On FortiGate, SNMP v3 cannot use -u <username-pri/sec-SN> for both IPv4 or IPv6 address queries and SNMP v2 cannot use -c <comm-SN> for IPv6 address queries.

On FortiWiFi 60/61F models, the STATUS LED light does not turn on after rebooting the device.

Some TTL exceeded packets are not forwarded on their destination and an error message is not always generated.

On FortiGate, VXLAN traffic is not offloaded properly resulting in some packets being dropped.

On a VDOM, running sudo global show does not return any system interfaces information.

FortiGate encounters a CPU usage issue when there are a high volume of traffic and scripts running on the device which could lead to an issue with performance.

FortiGate reboots twice after a factory reset when gtp-enchanced-mode is enabled.

FortiGate may experience intermittent traffic loss on an LACP interface in a virtual wire pair with l2forward enabled.

On FortiGate, when set ull-port-mode is set to 25G, ports x5-x8 show a status of DOWN.

On the Network > Diagnostics page, FortiGate shows that the packet capture capacity has been reached when there is no captured packet on the device.

Passthrough GRE traffic using Transparent Ethernet Bridging packets as the protocol type are not offloaded on NP7 platforms.

In an HA configuration, FortiGate cannot access the GUI after a firmware upgrade due to a certificate matching issue.

Interface cannot ping out with dos-offloading enabled but no DoS policy.

The OPC VM does not boot up when in native mode.

FortiCron does not work as expected due to a memory usage issue in the daemon.

Password change occurs when admin's password is unset after burn image

The SFP+ port LED does not illuminate and displays a speed 10Mbps even though the link status up and speed is set to 1000Mbps.

FortiGates using a SOC4 platform with a virtual switch configured may continuously reboot when upgrading due to an interruption in the kernel.

On FortiGate, an interruption occurs in the kernel when running WAD process monitoring scripts.

FortiGate reboots due to the maximum buffer length difference between nTurbo and NPU HW.

The kernel 4.19 cannot concurrently reassemble IPv4 fragments for a source IP with more than 64 destination IP addresses.

FortiGate encounters a memory usage issue in the node.js daemon when there is no traffic running through it.

FortiGate does not upgrade if private-data-encryption is enabled and the device is not rebooted.

An interruption occurs in the kernel resulting in intermittent power disruptions and rebooting of FortiGate.

After installing a .deb image during bootup device shows "File - 1 seems to be corrupted" error and cannot boot up.

FGT-80F-BP fails to boot up after burning image, showing error message "cli 161 die in an exception in line 300: end".

System hang occurs when removing VDOMs after IPv6 connection through IP VDOM management.

User names for some cloud-based services cannot be configured under config system email-server that exceed 64 characters.

FortiGate encounters a memory usage issue when there is no traffic running and the configuration is not fully loaded.

When upgrading multiple firmware versions in the GUI, the Follow upgrade path option does not respect the recommended upgrade path.

The automatic patch upgrade feature overlooks patch release with the Feature label. Consequently, a FortiGate running 7.4.2 GA does not automatically upgrade to 7.4.3 GA.

Upgrading FortiOS is unsuccessful due to unmount shared data partition failed error.

When auto-upgrade is disabled, scheduled upgrades on FortiGate are not automatically canceled. To cancel any scheduled upgrades, exec federated-upgrade cancel must be done manually.

After the FortiGate in an HA environment is upgraded using the Fabric upgrade feature, the GUI might incorrectly show the status Downgrade to 7.2.X shortly, even though the upgrade has completed.

This is only a display issue; the Fabric upgrade will not recur unless it is manually scheduled.

FortiGate Pay-As-You-Go or On-demand VM versions cannot upload firmware using the System > Firmware & Registration > File Upload page.

On FortiGate, an interruption occurs in the kernel in both HA FortiGates when an HA cluster's firmware is upgraded.

Auto firmware-upgrade may run when a FortiGate is added to a FortiManager that is added behind a NAT.

FGFM allowance removal occurs when central-mgmt is set to FMG during upgrade.

After a firmware upgrade, the config system npu-post command does not work as expected.

When restoring an FortiGate, the 7.4.1 config file with deprecated Inline CASB entries displays errors messages and causes the confsyncd to not function as expected.

During a graceful upgrade, the confsync daemon and updated daemon encounter a memory usage issue, causing a race condition.

The auth-pwd and private-key error after upgrading from B2662 when private-data-encryption enabled.

On FortiOS, passwords cannot be changed using the GUI with password-policy enabled.

CPU usage issue in WAD caused by a high number of devices being detected by the device detection feature.

When using the local-in firewall authentication with SAML method, SAML users cannot get access using the authentication portal.

WiFi clients are not authenticated when using the Use my windows user account option for LDAP authentication.

When rsso user groups are updated, the session table is not cleared of old sessions and traffic still hits the old policy.

On the System > Certificates page, error Unable to create certificate displays when uploading certificates using the PKCS12 (.pfx) format. The certificates are still uploaded.

Users are unable to use passwords that contain the ñ character for authentication.

Intermittent traffic disruption occurs when SAML is configured in IPsec tunnel.

After upgrading firmware on FortiGate, an interruption occurs in the fnbamd resulting in auto-connect not working as expected.

SSL VPN access is prevented when the LDAP server includes a two-factor authentication filter.

The default certificate bundle in FortiOS is updated to CRDB 1.50.

When SCEP is used with SSL connections, some TLS connections are missing the SNI extension on FortiGate.

Users are unable to use passwords that contain Polish characters ńżźćłśąó for RADIUS authentication.

Multiple errors observed in the IOTD debug log caused by connection timeouts.

After a firmware upgrade, FortiToken does not work as expected when using the GUI.

The reply-to option under config system alertmail is removed even for custom mail-servers with 2-factor authentication after an upgrade.

The username-case-sensitive disable setting is not respected for RSSO when a username has a capital letter.

MTU issues occur when underlying interface MTU exceeds 1500.

AWS SDN Connector stops processing caused by the IAM external account role missing the sts:AssumeRolevalue.

The FortiGate-VM system stops after sending an image to the HA secondary during an firmware upgrade due to different Flex-VM CPU license.

On FortiGate AWS, the IPsec configuration goes missing after an upgrade due to an inconsistent table-size.

A newly created FGT-VM64 could not configure the vapp options settings.

VPN tunnels go down due to IKE authentication loss after a firmware upgrade on the VM.

Error condition in WAD occurs when handling large traffic bursts with DPDK

Password reset issues occur when using Azure portal to reset FortiGate admin username/password.

After rebooting, DPDK mode is disabled on a VLAN interface and traffic stops.

When the underlying interface is removed, the IPsec tunnel interface will still hold a dst reference.

The SDN connector does not update the correct IP addresses for either the upscale or downscale VMSS.

The SDN connector does not update the correct IP addresses when using Flexible VMSS.

On FortiGate, an HA failover does not work as expected when using an OCI environment.

When a intended policy is configured for interesting traffic subnets, traffic flow hits the implicit deny rule instead of the configured policy.

Memory usage issues caused by an error condition in WanOpt.

Unable to customize replacement message for FortiGuard category in web filter profile.

Custom Images are not seen on Web Filter block replacement page for HTTP traffic in flow mode.

FortiGate prevents adding a regex string to a static URL filter table.

Web filtering does not update rating servers if there is a FortiGuard DNS change.

On FortiGate, an interruption occurs with the cw_acd during failover to the secondary FortiGate.

On a secondary FortiGate in an HA cluster, user and vlan-id values do not show up when using the diagnose wireless-controller wlac -d sta online command in the CLI.

Intermittent traffic disruption observed in cw_acd caused by a rare error condition.

The diagnostics of online FortiAPs shows Link Down in the trunk port Connected Via field when the FortiAP has an LACP connection to a FortiSwitch.

Image download failure occurs when upgrading multiple FAP models through FortiGuard.

A kernel interruption occurs on FWF-40F/60F models when WiFi stations connect to SSID on the local radio.

A memory issue on the secondary firewall causes FortiGate to enter into conserve mode.

FortiAP units repeated joining and leaving FortiGate HA cluster when the secondary FortiGate has stored FortiAP images.

FortiWiFi reboots or becomes unresponsive when connecting to SSID after upgrading to 7.0.14.

On FortiGate, the sta count is not accurate when some wireless clients connect to APs managed by FortiGate.

Wi-Fi client disconnection occurs in FGT HA setup as the authentication state is not synchronized.

Guest WiFi clients cannot be removed using RADIUS CoA after FortiGate reboots.

Country codes BB, BZ, CO, DO, GD, GY, HN, FM, and PA moved from region N to A in FortiWiFi platforms.

On the WiFi & Switch Controller > SSIDs page, new SSIDs cannot be created with captive portal enabled and a Portal Type of Disclaimer Only or Email Collect.

Unable to manage FortiAP from FortiGate.

FortiWiFi cannot access internal FAP consoles due to a login prompt issue in diagnose sys modem com.

FortiGate does not use data from FortiClient to send the VPN snapshot to EMS.

When first connecting to the ZTNA server, the EMS websocket can become stuck and an error displays ZTNA Access Denied - Policy restriction!.

When visiting SaaS application web pages using ZTNA, web pages can stall or return an ERR_CERT_COMMON_NAME_INVALID error.

ZTNA intermittently does not match the firewall policy due to missing information in the policy.

An interruption occurs in the WAD when trying to access the ZTNA server due to map matchers not being present.

ZTNA does not allow tcp-forwarding SSH traffic to pass through.

Health check on the ZTNA realserver does not work as expected if a blackhole route is added to the realserver address.

An interruption occurs in the WAD process causing TCP connections to stop for ZTNA proxy policies.

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-26015

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2025-47295

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-26010

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-26011

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-50565

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-26008

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-50568

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-26013

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-36504

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-32122

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-35279

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-46668

FortiOS 7.6.0 is no longer vulnerable to the following CVE Reference:

• CVE-2024-48886