Fortinet black logo

Resolved issues

3.6.0
Copy Link
Copy Doc ID f2607b9c-200c-11e9-b6f6-f8bc1258b856:138654
Download PDF

Resolved issues

The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, contact Customer Service & Support.

Bug ID

Description

455193

Flow-based webfilter URL exemptions now generate UTM logs.

476219

The IPS engine now correctly updates timestamps for allowed tunnel sessions. This fix improves performance because the firewall doesn't have to re-create and re-scan the session.

485025, 508111

Resolved an issue that caused the IPS engine to use excessive memory.

487249

Fixed mini TCP stack-related IPS engine crashes.

488848

Resolved an issue that caused FortiOS to enter kernel conserve mode even when memory use was low.

500565

TCP sessions are renewed on New TCP Connection Initiations with Reused Ports.

503092

Resolved static web filtering issues that occurred when application control is enabled.

504002, 504229, 505859

Resolved an issue that would sometimes cause TLS errors with HTTPS websites when SSL deep inspection is enabled.

506672

Added a Missing Boundary Check in the IMAP FETCH Response Handler.

507316, 517224

Resolved a high memory and CPU usage issue caused by unsorted session lists in session groups.

509349

Tuning improvements to white listing and app deferral.

509349

Transient segments are now used for implicitly enabled rules.

509349

The IPS engine now resets the segment length to zero when skipping over transient segments.

509349, 512261

The IPS engine now uses segment ids to calculate the maximum deferral values.

509840

SSL/TLS traffic no longer fails when flow-based Web Filtering is enabled.

510709

Fixed crashes when SSL session is exempted from deep inspection by SNI

511626

Resolved an issue that sometimes prevented the IPS engine from scanning Windows executable files.

511626

Do not generate the FIN packet as derived if no derived session.

511662

Resolved an issue that sometimes caused IPS engine signal 11 crashes.

512244

The IPS engine now determines FTP file sizes correctly.

512577

Improved IPS performance on FortiGate devies with SOC2 processors.

518312

Fix an incorrect TCP sequence error proxy handover when client or server has previous data that was not sent to the proxy.

520777

Resolved an issue that disabled deep inspection after adding a new address to the deep inspection exemption list.

Resolved issues

The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, contact Customer Service & Support.

Bug ID

Description

455193

Flow-based webfilter URL exemptions now generate UTM logs.

476219

The IPS engine now correctly updates timestamps for allowed tunnel sessions. This fix improves performance because the firewall doesn't have to re-create and re-scan the session.

485025, 508111

Resolved an issue that caused the IPS engine to use excessive memory.

487249

Fixed mini TCP stack-related IPS engine crashes.

488848

Resolved an issue that caused FortiOS to enter kernel conserve mode even when memory use was low.

500565

TCP sessions are renewed on New TCP Connection Initiations with Reused Ports.

503092

Resolved static web filtering issues that occurred when application control is enabled.

504002, 504229, 505859

Resolved an issue that would sometimes cause TLS errors with HTTPS websites when SSL deep inspection is enabled.

506672

Added a Missing Boundary Check in the IMAP FETCH Response Handler.

507316, 517224

Resolved a high memory and CPU usage issue caused by unsorted session lists in session groups.

509349

Tuning improvements to white listing and app deferral.

509349

Transient segments are now used for implicitly enabled rules.

509349

The IPS engine now resets the segment length to zero when skipping over transient segments.

509349, 512261

The IPS engine now uses segment ids to calculate the maximum deferral values.

509840

SSL/TLS traffic no longer fails when flow-based Web Filtering is enabled.

510709

Fixed crashes when SSL session is exempted from deep inspection by SNI

511626

Resolved an issue that sometimes prevented the IPS engine from scanning Windows executable files.

511626

Do not generate the FIN packet as derived if no derived session.

511662

Resolved an issue that sometimes caused IPS engine signal 11 crashes.

512244

The IPS engine now determines FTP file sizes correctly.

512577

Improved IPS performance on FortiGate devies with SOC2 processors.

518312

Fix an incorrect TCP sequence error proxy handover when client or server has previous data that was not sent to the proxy.

520777

Resolved an issue that disabled deep inspection after adding a new address to the deep inspection exemption list.