The GeoIP configuration is lost after upgrading to version 8.0.4. This occurs because version 8.0.3 fails to perform a mandatory automatic backup of the GeoIP database during the upgrade process. Consequently, the missing database prevents the GeoIP module from restoring its country-list settings in version 8.0.4, leading to parsing errors and empty policies.

Workaround: After the GeoIP database is automatically recovered following the upgrade, you must restore the configuration from a backup file or manually reconfigure the GeoIP policies.

FortiAI chat history export in PNG format may become unresponsive when handling large histories.

With sufficiently large transcripts, exporting to PNG may cause the browser to freeze or display a long-running script warning.

This issue affects only the PNG export function; all other FortiAI features operate normally.

Recommendation: For long chat histories, export the transcript in HTML format, which does not experience this performance issue.

When multiple administrators use FortiAI concurrently on the same FortiWeb appliance, FortiAI authentication tokens may intermittently become invalid.

To improve service availability and distribute load, FortiAI login requests are load-balanced across multiple FortiAI service domains. However, in some concurrent multi-user scenarios, login requests may be routed to different FortiAI domains, which can overwrite the stored domain information on FortiWeb.

As a result, previously issued tokens may no longer match the active FortiAI domain, causing subsequent FortiAI requests to fail.

This issue occurs sporadically and only in concurrent multi-user scenarios.

CRL files cannot be restored using the execute backup cert-config and execute restore cert-config commands, and must be manually re-imported after restoring certificate configuration.

Because large CRLs generate substantial encoded data during backup, including them can exceed CMDB capacity and lead to system instability. As a result, these commands intentionally back up and restore only certificate and key objects; the CRL store under /var/log/crl/ remains empty after a restore. Deployments that rely on CRL-based revocation checking will not retain their CRL configuration and may experience incomplete certificate-validation behavior until CRLs are reinstalled.

When upgrading to FortiWeb 8.0.3 or 7.6.6, the system may display console messages such as:

Parsing error at 'ssl-custom-cipher'. err=1
Parsing error at 'tls13-custom-cipher'. err=1

These messages occur because 8.0.3 and 7.6.6 include changes that eliminate the need for ssl-custom-cipher and tls13-custom-cipher entries when standard cipher categories are used. Older configurations may still contain these settings, and the parser logs errors when rejecting them during the upgrade process.

This behavior is cosmetic and does not affect SSL operation or any existing configuration. The issue appears only during this upgrade, and subsequent upgrades will not display these messages.