Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.4
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    FortiOS Release Notes

    Home FortiGate / FortiOS 7.6.4 FortiOS Release Notes
    7.6.4
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.10
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.9
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.14
    5.0.13
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2

    Known issues

    Known issues

    Known issues are organized into the following categories:

    To inquire about a particular bug or report a bug, please contact Customer Service & Support.

    New known issues

    The following issues have been identified in version 7.6.4.

    Agentless VPN (formerly SSL VPN web mode)

    See also SSL VPN tunnel mode replaced with IPsec VPN.

    Bug ID

    Description

    1173772

    Unable to connect to SMB over SSL VPN web mode in FIPS-CC mode.

    FortiGate 6000 and 7000 platforms

    Bug ID

    Description

    1242828

    Erroneous memory allocation may occur under specific conditions on FIMs and the primary FPM during IPv4 and IPv6 routing operations.

    1162187

    FortiAP retains the same image after the upgrade.

    1170210

    FGT Wireless controller Wifi client cannot ping GW/FGT interface. Pass through traffic works fine.

    1171183

    The Global Traffic widget does not load after factory reset because legacy authentication is disabled by default.

    1183709

    FortiGate models fail to install proto=18 routes during initial SD-WAN health check configuration, causing secondaries to miss updated routes unless manually triggered.

    1185009

    Traffic on VLAN interfaces is dropped when changing LAG members in emac over VLAN setups due to MAC address changes not being updated.

    1185869

    Multicast traffic not working.

    1188338

    The MLD state transitions to "Stopped" on the primary FIM when FortiOS incorrectly uses the FPM as the primary instead of the FIM, disrupting multicast6 traffic.

    GUI

    Bug ID

    Description

    1098643

    Unexpected behavior observed in the WebSocket caused by stale connections, resulting in persistent memory allocation errors or Node.js restarts.

    1193206

    Faceplate fails to load after editing an interface.

    HA

    Bug ID

    Description

    1234340

    Asymmetric session handling fails when two FGSP links are configured and only the second link recovers after both go down.

    Hyperscale

    Bug ID

    Description

    1151441

    (4801F-HA) "ha1/ha2" port as hw-session-sync-dev shows out-of-sync even though it is connected to NP7

    IPsec VPN

    Bug ID

    Description

    1106454

    IKE debug prints large number of compute DH shared secret request pending when rekeying or when DH group setting is not matched on both sides.

    Workaround: Use IKEv2 or IKEv1 main mode, or use only one DH group in phase1 and phase2 settings.

    1192598

    IPsec phase1-interface option 'loopback-asymroute' is not available for IKEv1.

    System

    Bug ID

    Description

    1209793

    Interface configuration loss occurs when FortiGate reboots after a power cycle

    Upgrade

    Bug ID

    Description

    1135049

    An error condition in ips_load_json_gzfile occurs during FortiOS same-image upgrade.

    VM

    Bug ID

    Description

    1194713

    ARM_KVM/GCP/OCI unable to format shared data partition on ARM VMs.

    Existing known issues

    The following issues have been identified in a previous version of FortiOS and remain in FortiOS 7.6.4.

    Endpoint Control

    Bug ID

    Description

    1019658

    On FortiGate, not all registered endpoint EMS tags are displayed in the GUI.

    1038004

    FortiGate may not display the correct user information for some FortiClient instances.

    Firewall

    Bug ID

    Description

    959065

    On the Policy & Objects > Traffic Shaping page, when deleting or creating a shaper, the counters for the other shapers are cleared.

    990528

    When searching for an IP address on the Firewall Policy page, the search/filter functionality does not return the expected results.

    FortiGate 6000 and 7000 platforms

    Bug ID

    Description

    653335

    SSL VPN user status does not display on the FortiManager GUI.

    835847

    Password policy was not correctly updated when using automation stitch.

    936320

    When there is a heavy traffic load, there are no results displayed on any FortiView pages in the GUI.

    947982

    On NP7 platforms, DSW packets are missing resulting in VOIP experiencing performance issues during peak times.

    950983

    Feature Visibility options are visible in the GUI on a mgmt-vdom.

    994241

    On FortiGate 7000F using FGSP and FGCP, when TCP traffic takes an asymmetric path, the TCP ACK and data packets might be dropped in NP7.

    1006759

    After an HA failover, there is no IPsec route in the kernel.

    Workaround: Bring down and bring up the tunnel.

    1102072

    On the FortiGate 7000 platform, cmdbsvr CPU usage can be higher than normal for extended periods on one or more FPM.

    1112582

    Under some conditions, such as during conserve mode, you may be unable to log in to the FortiGate 6000 management board GUI or CLI, or when you log in to the management board console, a message similar to fork failed() continuously repeats.

    1130491

    Traffic disruption occurs when WCCP is enabled on FortiGate

    Workaround: Direct all related traffic to master FPC

    1132294

    ip nat port-preserve feature is not working when client's source port doesn't fall under FPM's nat port-range.

    1185528

    Subscription license on the secondary chassis is missing after the graceful upgrade from 7.2.10 to 7.2.12

    Workaround: Run execute update-now again.

    FortiView

    Bug ID

    Description

    1034148

    The Application Bandwidth widget on the Dashboard > Status page does not display some external applications bandwidth data.

    GUI

    Bug ID

    Description

    793029

    Unexpected behavior occurs on some FortiGate models when a FortiClient lacks a required MAC address attribute.

    1112727

    FortiCare/FortiCloud registration is not enforced correctly when accessing FOS GUI, resulting in potential security risks. Registration level is not properly indicated, and admin access is not restricted as expected.

    This feature is initially supported on the FortiGate 900G series and FortiGate 200G series.

    HA

    Bug ID

    Description

    1135376

    When HA members are not registered under the same FortiCare account, the HA cluster cannot obtain contract info of all members from FortiGuard servers.

    1226122

    System > HA: There is no upgrade button on secondary GUI page when HA in local-only or secondary-only MVC upgrade mode.

    Workaround: upgrade the secondary via the command line.

    Hyperscale

    Bug ID

    Description

    1030907

    With a FGSP and FGCP setup, sessions do not show on the HA secondary when the FGSP peer is in HA.

    1042011

    Observed NPD-0 :DEL PRP FAIL! 0xffffffff; NPD-0 :PRP ADD FAIL! 0xffffffff nat_type=00000044 block_sz=128 port_base=11000.

    1130107

    Session-helper DNS session is created by hw and can be seen in log2host table.

    Intrusion Prevention

    Bug ID

    Description

    1076213

    FortiGate's with 4GB memory might enter conserve mode during the FortiGuard update when IPS or APP control is enabled.

    Workaround: Disable the proxy-inline-ips option under config ips settings.

    1093769

    Unexpected IPS UTM logs may be generated in NGFW policy mode for unknown applications.

    1140846

    Unexpected behavior observed in the IPSEngine when handling HTTPS traffic using HTTP/2 in certain configurations.

    IPsec VPN

    Bug ID

    Description

    1131269

    UESP packet drop occurs when VPN peer uses different source ports for IKE-NATT and UESP

    Workaround: Add a flow rule to work around the issue

    Proxy

    Bug ID

    Description

    1035490

    The firewall policy works with proxy-based inspection mode on FortiGate models with 2GB RAM after an upgrade.

    Workaround: After an upgrade, reboot the FortiGate.

    REST API

    Bug ID

    Description

    938349

    Unsuccessful API user login attempts do not get reset within the time specified in admin-lockout-threshold.

    993345

    The router API does not include all ECMP routes for SD-WAN included in the get router info routing-table command.

    Security Fabric

    Bug ID

    Description

    1040058

    The Security Rating topology and results does not display non-FortiGate devices.

    Switch Controller

    Bug ID

    Description

    1113304

    FortiSwitch units are offline after FortiGate is upgraded from 7.4.6 or 7.6.0 to 7.6.1 or later when LLDP configuration is set to vdom/disable under the FortiLink interface.

    Workaround: In LLDP configuration, enable lldp-reception and lldp-transmission under the FortiLink interface, or rebuild the FortiLink interface.

    System

    Bug ID

    Description

    945871

    D-NAT functionality fails when using a Software Switch in explicit mode due to incorrect session matching during packet forwarding.

    1041726

    Traffic flow speed is reduced or interrupted when the traffic shaper is enabled.

    1058256

    Some FortiGate models experience unexpected interface down time when using DAC cables after upgrade, due to improper Signal-OK loss detection.

    1142465

    ARP entries age out quickly after a system reboot, despite a long reachable-time setting.

    1145397

    When editing user exemption configurations via the GUI on FortiGate devices, unexpected behavior occurs due to a mismatch between GUI and CLI data structures.

    1203193

    FGR-70G and FGR-70G-5G-Dual do not support CLI for automation-stitch notifications when DIO module alarm functionality is activated, namely, 'set condition-type input' is not available under 'config system automation-condition'.

    User & Authentication

    Bug ID

    Description

    1082800

    When performing LDAP user searches from the GUI against LDAP servers with a large number of users (more than 100000), FortiGate may experience a performance issue and not operate as expected due to the HTTPSD process consuming too much memory. User may need to stop the HTTPSD process or perform a reboot to recover.

    Workaround: Perform an LDAP user search using the CLI.

    1157003

    Agentless FSSO connector issues occur when using Windows 2025 due to MS introduced additional restrictions to remote Event log reading.

    1157003

    Agentless FSSO connector issues occur when using Windows 2025 due to Microsoft introducing additional restrictions to remote Event log reading.

    VM

    Bug ID

    Description

    1125805

    Unable to access the FortiGate VM web interface deployed on AWS when ACME is enabled.

    Web Filter

    Bug ID

    Description

    1040147

    Options set in ftgd-wf cannot be undone for a web filter configuration.

    1074960

    Internet connectivity slowness may occur in proxy-mode inspection policies due to traffic cannot fully utilize queues from all NPUs.
    Previous
    Next

    Known issues

    Known issues

    Known issues are organized into the following categories:

    To inquire about a particular bug or report a bug, please contact Customer Service & Support.

    New known issues

    The following issues have been identified in version 7.6.4.

    Agentless VPN (formerly SSL VPN web mode)

    See also SSL VPN tunnel mode replaced with IPsec VPN.

    Bug ID

    Description

    1173772

    Unable to connect to SMB over SSL VPN web mode in FIPS-CC mode.

    FortiGate 6000 and 7000 platforms

    Bug ID

    Description

    1242828

    Erroneous memory allocation may occur under specific conditions on FIMs and the primary FPM during IPv4 and IPv6 routing operations.

    1162187

    FortiAP retains the same image after the upgrade.

    1170210

    FGT Wireless controller Wifi client cannot ping GW/FGT interface. Pass through traffic works fine.

    1171183

    The Global Traffic widget does not load after factory reset because legacy authentication is disabled by default.

    1183709

    FortiGate models fail to install proto=18 routes during initial SD-WAN health check configuration, causing secondaries to miss updated routes unless manually triggered.

    1185009

    Traffic on VLAN interfaces is dropped when changing LAG members in emac over VLAN setups due to MAC address changes not being updated.

    1185869

    Multicast traffic not working.

    1188338

    The MLD state transitions to "Stopped" on the primary FIM when FortiOS incorrectly uses the FPM as the primary instead of the FIM, disrupting multicast6 traffic.

    GUI

    Bug ID

    Description

    1098643

    Unexpected behavior observed in the WebSocket caused by stale connections, resulting in persistent memory allocation errors or Node.js restarts.

    1193206

    Faceplate fails to load after editing an interface.

    HA

    Bug ID

    Description

    1234340

    Asymmetric session handling fails when two FGSP links are configured and only the second link recovers after both go down.

    Hyperscale

    Bug ID

    Description

    1151441

    (4801F-HA) "ha1/ha2" port as hw-session-sync-dev shows out-of-sync even though it is connected to NP7

    IPsec VPN

    Bug ID

    Description

    1106454

    IKE debug prints large number of compute DH shared secret request pending when rekeying or when DH group setting is not matched on both sides.

    Workaround: Use IKEv2 or IKEv1 main mode, or use only one DH group in phase1 and phase2 settings.

    1192598

    IPsec phase1-interface option 'loopback-asymroute' is not available for IKEv1.

    System

    Bug ID

    Description

    1209793

    Interface configuration loss occurs when FortiGate reboots after a power cycle

    Upgrade

    Bug ID

    Description

    1135049

    An error condition in ips_load_json_gzfile occurs during FortiOS same-image upgrade.

    VM

    Bug ID

    Description

    1194713

    ARM_KVM/GCP/OCI unable to format shared data partition on ARM VMs.

    Existing known issues

    The following issues have been identified in a previous version of FortiOS and remain in FortiOS 7.6.4.

    Endpoint Control

    Bug ID

    Description

    1019658

    On FortiGate, not all registered endpoint EMS tags are displayed in the GUI.

    1038004

    FortiGate may not display the correct user information for some FortiClient instances.

    Firewall

    Bug ID

    Description

    959065

    On the Policy & Objects > Traffic Shaping page, when deleting or creating a shaper, the counters for the other shapers are cleared.

    990528

    When searching for an IP address on the Firewall Policy page, the search/filter functionality does not return the expected results.

    FortiGate 6000 and 7000 platforms

    Bug ID

    Description

    653335

    SSL VPN user status does not display on the FortiManager GUI.

    835847

    Password policy was not correctly updated when using automation stitch.

    936320

    When there is a heavy traffic load, there are no results displayed on any FortiView pages in the GUI.

    947982

    On NP7 platforms, DSW packets are missing resulting in VOIP experiencing performance issues during peak times.

    950983

    Feature Visibility options are visible in the GUI on a mgmt-vdom.

    994241

    On FortiGate 7000F using FGSP and FGCP, when TCP traffic takes an asymmetric path, the TCP ACK and data packets might be dropped in NP7.

    1006759

    After an HA failover, there is no IPsec route in the kernel.

    Workaround: Bring down and bring up the tunnel.

    1102072

    On the FortiGate 7000 platform, cmdbsvr CPU usage can be higher than normal for extended periods on one or more FPM.

    1112582

    Under some conditions, such as during conserve mode, you may be unable to log in to the FortiGate 6000 management board GUI or CLI, or when you log in to the management board console, a message similar to fork failed() continuously repeats.

    1130491

    Traffic disruption occurs when WCCP is enabled on FortiGate

    Workaround: Direct all related traffic to master FPC

    1132294

    ip nat port-preserve feature is not working when client's source port doesn't fall under FPM's nat port-range.

    1185528

    Subscription license on the secondary chassis is missing after the graceful upgrade from 7.2.10 to 7.2.12

    Workaround: Run execute update-now again.

    FortiView

    Bug ID

    Description

    1034148

    The Application Bandwidth widget on the Dashboard > Status page does not display some external applications bandwidth data.

    GUI

    Bug ID

    Description

    793029

    Unexpected behavior occurs on some FortiGate models when a FortiClient lacks a required MAC address attribute.

    1112727

    FortiCare/FortiCloud registration is not enforced correctly when accessing FOS GUI, resulting in potential security risks. Registration level is not properly indicated, and admin access is not restricted as expected.

    This feature is initially supported on the FortiGate 900G series and FortiGate 200G series.

    HA

    Bug ID

    Description

    1135376

    When HA members are not registered under the same FortiCare account, the HA cluster cannot obtain contract info of all members from FortiGuard servers.

    1226122

    System > HA: There is no upgrade button on secondary GUI page when HA in local-only or secondary-only MVC upgrade mode.

    Workaround: upgrade the secondary via the command line.

    Hyperscale

    Bug ID

    Description

    1030907

    With a FGSP and FGCP setup, sessions do not show on the HA secondary when the FGSP peer is in HA.

    1042011

    Observed NPD-0 :DEL PRP FAIL! 0xffffffff; NPD-0 :PRP ADD FAIL! 0xffffffff nat_type=00000044 block_sz=128 port_base=11000.

    1130107

    Session-helper DNS session is created by hw and can be seen in log2host table.

    Intrusion Prevention

    Bug ID

    Description

    1076213

    FortiGate's with 4GB memory might enter conserve mode during the FortiGuard update when IPS or APP control is enabled.

    Workaround: Disable the proxy-inline-ips option under config ips settings.

    1093769

    Unexpected IPS UTM logs may be generated in NGFW policy mode for unknown applications.

    1140846

    Unexpected behavior observed in the IPSEngine when handling HTTPS traffic using HTTP/2 in certain configurations.

    IPsec VPN

    Bug ID

    Description

    1131269

    UESP packet drop occurs when VPN peer uses different source ports for IKE-NATT and UESP

    Workaround: Add a flow rule to work around the issue

    Proxy

    Bug ID

    Description

    1035490

    The firewall policy works with proxy-based inspection mode on FortiGate models with 2GB RAM after an upgrade.

    Workaround: After an upgrade, reboot the FortiGate.

    REST API

    Bug ID

    Description

    938349

    Unsuccessful API user login attempts do not get reset within the time specified in admin-lockout-threshold.

    993345

    The router API does not include all ECMP routes for SD-WAN included in the get router info routing-table command.

    Security Fabric

    Bug ID

    Description

    1040058

    The Security Rating topology and results does not display non-FortiGate devices.

    Switch Controller

    Bug ID

    Description

    1113304

    FortiSwitch units are offline after FortiGate is upgraded from 7.4.6 or 7.6.0 to 7.6.1 or later when LLDP configuration is set to vdom/disable under the FortiLink interface.

    Workaround: In LLDP configuration, enable lldp-reception and lldp-transmission under the FortiLink interface, or rebuild the FortiLink interface.

    System

    Bug ID

    Description

    945871

    D-NAT functionality fails when using a Software Switch in explicit mode due to incorrect session matching during packet forwarding.

    1041726

    Traffic flow speed is reduced or interrupted when the traffic shaper is enabled.

    1058256

    Some FortiGate models experience unexpected interface down time when using DAC cables after upgrade, due to improper Signal-OK loss detection.

    1142465

    ARP entries age out quickly after a system reboot, despite a long reachable-time setting.

    1145397

    When editing user exemption configurations via the GUI on FortiGate devices, unexpected behavior occurs due to a mismatch between GUI and CLI data structures.

    1203193

    FGR-70G and FGR-70G-5G-Dual do not support CLI for automation-stitch notifications when DIO module alarm functionality is activated, namely, 'set condition-type input' is not available under 'config system automation-condition'.

    User & Authentication

    Bug ID

    Description

    1082800

    When performing LDAP user searches from the GUI against LDAP servers with a large number of users (more than 100000), FortiGate may experience a performance issue and not operate as expected due to the HTTPSD process consuming too much memory. User may need to stop the HTTPSD process or perform a reboot to recover.

    Workaround: Perform an LDAP user search using the CLI.

    1157003

    Agentless FSSO connector issues occur when using Windows 2025 due to MS introduced additional restrictions to remote Event log reading.

    1157003

    Agentless FSSO connector issues occur when using Windows 2025 due to Microsoft introducing additional restrictions to remote Event log reading.

    VM

    Bug ID

    Description

    1125805

    Unable to access the FortiGate VM web interface deployed on AWS when ACME is enabled.

    Web Filter

    Bug ID

    Description

    1040147

    Options set in ftgd-wf cannot be undone for a web filter configuration.

    1074960

    Internet connectivity slowness may occur in proxy-mode inspection policies due to traffic cannot fully utilize queues from all NPUs.
    Previous
    Next