Process scanunit crashes in removeTransformCleanup when Outbreak prevention is enabled.

FortiGate not sending email headers to FortiSandbox.

DLP incorrectly blocking .deb file extension (DLP log unclear for matches in archive files).

DLP profile to block the file name pattern "*" not blocking uploaded files.

Traffic blocked after enabling Compliance on SSL VPN interface.

Traffic not matching expected sessions and getting denied.

Session marked dirty when routing table update for route which is not related to the session.

Firewall policies with action DENY show Default proxy-options applied in GUI.

Disappearing policy add. Also happens in 6.0.3 build 0200.

The FortiView All Sessions real time view is missing right-click menu to end session/ban ip.

Policy ID hyper link in policy view is missing.

No user name on Fortiview > Sources main page

FortiView logs entries do not refresh on log drill down page.

FortiView > WiFi Clients > drill down > Sessions gets nothing at final drill down if device identification is disabled.

FortiView > Bubble Chart cannot drill down on Firefox 63 with ReferenceError: "event is not defined".

FortiView > Traffic Shaping displays data with error message if switched from other pages in custom period.

FortiView > Web Sites > Web Categories drill down displays all entries in Policies tab.

System Events widget shows No matching entries found when drilling down HA event.

Traffic shaper info missing under Shaper column in FortiView.

FGT5001D Sessions widget in Dashboard show negative % for nTurbo after throughput test.

GUI fails to read correct Last Used time for firewall policy.

Timeout does not work properly if user moves away from FortiGate GUI.

While accessing FortiGate page, browser memory usage keeps spiking and finally PC hangs.

GUI creating B/W widget referencing SIT-Tunnel generates error.

Editing Address Objects name within SSL-SSH inspection profile selection pane cause loss of Address/Web exemption objects.

Unable to download the results of the scheduled script.

LAG interface is not listed on the dropdown list when configuring DNS Service.

Interface faceplate on System > HA shows inconsistent port link status with interface faceplate on Network > Interface.

Enormous amount of session between heartbeat Interfaces for port 703 (HASYNC).

GUI checksums show secondary is not synchronized when the primary unit is synchronized.

MTU of session-sync-dev does not come into effect.

High memory caused by updated daemon.

FGSP between two FGCP clusters - session expectation.

FGSP of FGCP cluster, does not pickup NAT'ed sessions.

Factory reset box failed to sync with primary unit in multi-VDOM upgraded from 6.0.3.

Application hasync *** signal 11 (Segmentation fault) received ***.

High CPU on Core1 due to session sync process.

Old primary unit keeps forwarding traffic after failover.

Network loop over virtual-wire-pair in HA mode if running diagnose sys ha reset-uptime.

ipsengine up time on FG-51E is a negative number after changing db from extended to regular.

Delay for BFD in IPinIP traffic hitting policy with IPS while IPsec calculates new key.

Disabled and enabled IPS Signatures looks the same in IPS Sensor GUI.

OSPF neighbor can't up because IPsec tunnel interface MTU keeps changing.

DPD shows unnegotiated and is not functioning correctly on ADVPN Spoke.

IKE route should not be deleted if it is needed by other proxyids.

Local GW disappears from GUI.

KEv2 EAP - FortiGate fails to respond to IKE_AUTH when ECDSA certificate is used by ForitGate.

Site-to-site VPN policy based - with DDNS destination fail to connect.

Archive mark is always on under UTM logs page when log-display location set to FAZ.

VPN usage duration days in local report is not correct.

Constant DNS query on built-in FQDN cause network congestion.

IPv6-Happy-Eyeballs-Mechanism not working with proxy-based Webfilter-Profile.

FTP Server is not accessible when AV profile is set to proxy based inspection.

SSL certificate inspection in proxy mode doesn't use CN from Valid Certificate for categorization when SNI is not present.

Webproxy learn-client-ip webfilter's auth/warn/ovrd does not work.

Skype call drops when handled by WAD process after around three sec of being answered.

FortiGate doesn't forward request:port command after 0 byte file transmission.

Web site access failure due to OCSP check in WAD + Deep SSL inspection.

WAD uses high CPU with "netlink recvmsg No buffer space available" after upgrade to 6.0.3+.

WAD re-signs valid web sites with Untrusted CA certificate.

WAD memory leak on OCSP certificate caching.

FortiGate does not follow Authority key identifier when sending certificate chain in deep inspection.

WAD process crashing and affecting HTTP/HTTPS traffic.

FortiManager sends requests to FortiGate to collect proxy policy hit_count/bytes, and the response from FortiGate misses the uuid attribute.

Differences between routing table and kernel forward information. ADVPN + BGP.

Proute list fill "null " application name.

GRE tunnel does not come up.

Upgrade from 5.6 to 6.0 causes all routes to be advertised in BGP.

With VRRP use VRDST checking without default gateway.

SD WAN IPsec interfaces keep failing over when link selection strategy is set to Custom-profile.

Process nsm with high CPU when displaying the GUI section of IPv4 and IPv6 policy when receiving full routing of BGP.

link-monitor cannot recover after the device in between reboot.

BGP/BFD packets marked as CS0.

Multicast failed after failover from another interface.

BGPd crash.

Multicast on interfaces with secondary IP addresses.

Connection to web server freezes when using SSL VPN web bookmark.

SSL VPN to Nextcloud doesn't open.

SSL VPN access denied if address object added after group object in firewall policy.

Unable to load web page in SSL VPN web mode.

Unable to load web page for some internal web sites in SSL VPN web mode.

Unable to load WebPage through SSL VPN webmode. Some js files of xunta internal web sites have problems.

SSL VPN web mode SMB connection doesn't work when enable then disable SMBCD debug.

IBM QRadar page not displaying in SSL VPN web-mode.

SSL VPN web mode access problem.

Backup and restore the VDOM config with SSL VPN settings causes some critical flags and counter for SSL VPN to not update so SSL VPN stops working.

Unable to access internal website via bookmark in SSL VPN web mode.

Search result gives empty output upon accessing the URL https://ieeexplore.ieee.org via SSL VPN bookmark.

Dropdown list can not get expanded through bookmarks (SSL VPN).

Atlassian Confluence wiki Javascript problem via SSL VPN web mode.

JavaScript script is not available when connecting using SSL VPN web mode.

Update from web mode fails for SharePoint page using MS NLB.

SSL VPN crashes when it receives HTTP request with header "X-Forwarded-For" because of the wrong use of sslvpn_ap_pstrcat.

Problem loading reaching internal web server through SSL VPN Web bookmark when using HTTPS. Some js files of "srvdnsmgt" do not run correctly.

SSL VPN user gets disconnected when load-balance-mode is measured-volume-based in SD-WAN.

SSL VPN wants client certificate even when no client-cert for realm is configured.

Synology NAS login page stuck after login when accessing by SSL VPN Web portal.

Active cache memory leak after upgrade to 6.0.3 GA.

FortiSIEM WebGUI does not load on web portal.

SSL web mode is not modifying links on certain web pages.

Redirected port is not entered in the URL through SSL VPN web mode.

Unable to receive SSL tunnel IP address.

SSL VPN random stale sessions exhausting IP pool.

Multiple fortilinks flapped during staging upgrade.

On FortiSwitch Ports page, Display More does not work.

CPU doesn't remove dirty flag when returns session back to NP6.

Adding USB Host devices to a virtual machine connected by USB to FortiGate 500D causes the units to restart in loop.

EHP drop improvement for units using NP_SERVICE_MODULE.

skippingBad tar header message flooding on console after rebooting box and retrieving logs.

DNSproxy does not seem to update link-monitor module.

bcm.user always takes nearly 70% CPU after running Nturbo over IPsec script.

New feature merge: DNS Domain List.

EMAC VLAN: SNMP data is incorrect.

Intermittent failure of DHCP address assignment.

FortiGate with disk and send logs to FAZ has PCI alerts.

SSH/SSL VPN connection to external VLAN interface drop by changing unrelated interface IP or restart OSPF.

High CPU on some cores of CPU & packet drops around 2-3%.

ipmc_sensord process not checking sensors due to pending jobs.

MCLAG: if remote side change systemID, only one port goes down, the other remains up.

DNSPROXY causing high CPU usage.

Merge br_6-0_sp back to 6.0 and 6.2.

FortiGate managed by FortiManager intermittently going offline after rebooting FortiGate.

LAG interface flaps when the member ports go up.

Allow sit-tunnel to not specify the source address.

Password policy forces password change even if expire-status is disabled.

Kernel panic in the HA cluster with FortiGate-3800D units running FortiOS v6.0.0 build 0200

TXT records are truncated in DNS replies, when FortiGate is used as DNS server.

Add global log device statistics to SNMP.

Primary DNS server is not queried even after 30 seconds.

Kernel Panic when Fragmented Multicast Traffic received on EMAC-VLAN interface.

Read-only admin account can delete IPsec SA.

Device 80D reboots every 2-3 days with a kernel panic error.

Memory leak after upgrade to 6.0.4.

FortiGate sending DHCP offer using broadcast.

Aggregate interface (four member) flapps when the third member interface goes down.

Modifying FortiGate administrator password to complex ones via SSH triggers a FortiManager password change by auto-update.

5001D blade rebooted on its own due to kernel panic.

SNMP monitoring of the implicit deny policy not possible.

Upgrade from 5.2.13 to 5.4.9 is affected by application list global limit.

config-error-log shows after upgrade from v5.6.6 to v5.6.7.

VPN certificate CA: shows newly added entry before reboot but not after.

FortiOS does not prompt for token when Access-Challenge is received - RADIUS authentication fails.

Unable to login to FortiGate using Symantec 2-factor authentication.

LDAPS requests fail with fnbamd stop error "Not enough bytes". LDAP works fine. Additional timeout observed.

Local certificate content changes should be directly applied for the admin-server-cert sent to the client browser.

Should handle multiple IP address failover better during HA failover.

VMX: Adding a security group with ~30+ devices into the redirection policy the connection starts to experience huge delay.

Kernel panic after upgrade from 5.6.7 to 5.6.8.

Session size overflow on VMX causing timeout and error on NSX vMotion task.

Regex case insensitivity flag is ignored in 5.6.5 and 6.0.2 when FortiGate is in proxy mode.

FGT D series number of web filter profiles decreased globally.

Web Filter inspection proxy mode unable to resolve hostname because website is unrated.

URL filter wildcard expression not matched correctly on proxy mode.

CAPWAP traffic from non-VLAN SSID is blocked when dtls-policy=ipsec-vpn and NP6 offload are enabled.

CAPWAP traffic dropped when offloaded if packets are fragmented.

cwEncryptKeyRstHandler failed to generate vdom xxx key messages on FIMs.

FortiGate IPsec VPN phase1-interface and phase2-interface configurations are not saved into configuration file.

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

• CVE-2017-14186

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13371

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13384

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13380

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13379

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13381

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13383

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13382

FortiOS 6.0.5 is no longer vulnerable to the following CVE Reference:

• CVE-2019-5587