Cannot access explicit FTP proxy via VIP.

WAD crashed at wad_disclaimer_get with signal 11 when disclaimer is enabled in proxy policy and the browser is Chrome.

Compare and sync the VSD change in V5.6 to WAD VS.

In NGFW mode, IPS engine drops RPC data channel when IPS profile is applied to a security policy.

Increase the maximum limit for the optional parameters in SCTP INIT packet. After the fix, the maximum limit is 10 instead of 4 parameters.

When the data source is FortiGate Cloud, there is no paging to load sessions; only entries 1-499 are rendered.

When FortiAnalyzer logging is configured using an FQDN domain, the GUI displays a 500 error message on the FortiView Compromised Hosts page.

AntiVirus archive logging enabled from the CLI will be disabled by editing the AntiVirus profile in the GUI, even if no changes are made.

Inconsistent reference count when using ports in HA session-sync-dev.

When creating an antispam block/allow list entry, Mark as Reject should be grayed out.

Log viewer forwarded traffic does not support multiple filters for one field.

HA warning message remains after primary device takes back control.

OK button missing from many pages when viewed in Chrome on an Android device.

VPN event logs are incorrectly filtered when there are two Action filters and one of them contains "-".

Status icon in Tunnel column on IPsec Tunnels page should be removed.

GUI shows Invalid LDAP server error while LDAP query successfully finished.

When sorting the interface list by the Name column, the ports are not always in the correct order (port10 appears before port2).

Interface status is not displayed on faceplate when viewing from the System > HA page.

When deleting an AV profile in the GUI, there is no confirmation message prompt.

Warning message is not displayed when a user configures an interface with a static IP address that is already in use.

GUI takes two minutes to load VPN > IPsec Tunnels for 1483 tunnels.

FG-101F GUI should not add speed to virtual switch member port.

When creating or editing an IPv4 policy or address group, firewall address searching does not work if there is an empty wildcard address due to a configuration error.

On POE devices, several sections of the GUI take over 15 seconds to fully load.

Software switch members and their VLANs are not visible in the GUI interfaces list.

Firewall address group object (including interface subnet) is invisible in Accessible Networks.

FortiGates in an HA A-P configuration may lose GUI access to the HA secondary device after a period of 8 days of inactivity, when at least one static IPv6 address is configured on an interface.

Monitor > SD-WAN Monitor keeps loading after disabling VPN member.

LCP-1250RJ3SR-K transceiver shows a warning in the GUI even though it is certified.

GUI search does not work in the interface list if DHCP client and range columns are present.

Some GUI pages (dashboard, topology, policy list, interface list) are slow to load on low-end platforms when there are many concurrent HTTPSD requests.

GUI incorrectly displays the warning, Botnet package update unavailable, AntiVirus subscription not found., when the antivirus entitlement is expiring within 30 days. The actual botnet package update still works within the active entitlement duration.

On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.

It takes up to 10 seconds to get NPU VDOM link up when rebooting primary unit.

HA secondary device is reporting multiple events (DDNS update failed).

private-data-encryption causes cluster to be periodically out of sync due to customer certificates.

traceroute not working in asymmetric FGSP environment.

IPS engine 5.00027 has signal 11 crash.

IPS intelligent mode not working when reflect sessions are created on different physical interfaces.

IPS engine 5.00035 has signal 11 crash.

When IPS pcap is enabled, traffic is intermittently disrupted after disk I/O reaches IOPS limit.

Cannot pass traffic over ADVPN if: tunnel-search is set to nexthop, net-device disable, mode-cfg enable, and add-route disable.

iked crash when proposal is AES-GCM.

IKEv2 EAP certificate authentication failings after upgrading from to 6.2.1 to 6.2.3.

ADVPN cannot establish after primary ISP has recovered from failure and traffic between spokes is dropped.

IKE daemon signal 6 crash when phase1 add-gw-route is enabled.

IKE crashes at ike_hasync__xauth.

IPS logs are recorded twice with TCP offloading on virtual server.

User observes FGT internal error while trying to log in or activate FortiGate Cloud from the web UI.

FortiGate sends incorrect long session logs to FortiGate Cloud.

Logs from HA secondary unit cannot be uploaded to FortiCloud.

Logs are not generated in GUI and CLI after checking the file system (after power cable disconnected).

FortiOS gives wrong time stamp when querying FortiGate Cloud log view.

WAD is crashing with signal 6 in wad_fmem_free when processing SMB2/CIFS.

When CIFS profile is loaded, using MacOS to access Windows Share causes WAD to crash.

In FortiGate with squid configuration (proxy chain), get ERR_SSL_PROTOCOL_ERROR when using Google Chrome with certificate/deep inspection.

Abbreviated handshake randomly receives fatal illegal_parameter against zendesk.com services/sites.

SSH status in SSL profile changes to deep-inspection from disable after upgrading.

The WAD process is crashing multiple times.

Web proxy WAD crash under WAN Opt auto-active mode.

BFD/BGP dropping when outbandwidth is set on interface.

BGP route is not added in to kernel during ADVPN test.

BGP daemon crashes when TCP connection is broken by peer.

Editing/adding any address object that is referenced in policy is generating false positive SD-WAN alert messages.

Local-out TCP traffic changes output interface when irrelevant interface is flapping that causes disconnections.

Cannot ping old VRIPs when adding new VRIPs.

The single BGP update message contains the same prefix in withdrawn routes and NLRI (advertised route).

NTP and FSSO not following SD-WAN rules.

SD-WAN IPv6 default route cannot be redistributed into BGP using set default-originateroutemap6.

FortiGuard web filter traffic also needs to follow SD-WAN service.

Crash happens due to segfault in CSF.

On IE 11, SSL VPN web portal displays blank page title {{::data.portal.heading}} after authentication.

FortiGate does not send client IP address as a framed IP address to RADIUS server in RADIUS accounting request message.

Double redirection through SSL web mode not working.

RDP connection via SSL VPN web portal does not work with UserPrincipalName (UPN) and NLA security.

Videos from live cameras via SSL VPN web mode not working.

CLI command get vpn ssl monitor displays users from other VDOM.

Adding FQDN routing address in split tunnel configuration injects single route in client for multiple A records.

SSL VPN disconnected when importing or renaming CA certificates.

Pages could not be shown after logging in to back-end application server.

Memory corrupt in some DNS callback cases causes SSL VPN crash.

An internal website via SSL VPN web portal failed to load an external resource.

Log entry for tunnel stats shows wrong tunnel ID when using RDP bookmark.

Riverbed SteelCentral AppResponse login form is not displaying in SSL VPN web mode.

Internal aixws7test2 portal is not loading in SSL VPN web mode.

After SSL VPN proxy, some JS files of hapi website could not work.

Internal site http://vau***.com not completely loading through SSL VPN web mode bookmark.

For guacd daemon generated for RDP session, it would sometimes be in an unknown state with 100% CPU and could not be released.

Internal server error 500 while accessing contolavdip portal in SSL VPN web mode.

Map could not be displayed correctly in SSL VPN web mode.

Pro***.com not loading properly in SSL VPN web mode.

After the upgrade to 6.0.10/6.2.4/6.4.0, SSL VPN portal mapping/remote authentication is matching user into the incorrect group.

Internal website hosted in bookmark https://int***.cat is not loading completely in SSL VPN web mode.

Some JS files of jira.***.vwg could not run in SSL VPN web mode.

SSL VPN log entries display users from other VDOMs.

GUI should add support to allow using switch VLAN interface under a tenant VDOM on a managed switch VDOM.

EHP drops for units with no NP service module.

FG-100D traffic traversing port1-port16 only saturates CPU0.

CP9 VPN queue tasklet unable to handle kernel NULL pointer dereference at 0000000000000120 and device reboots.

SFP+ 1G speed should be supported on FG-1100E, FG-1800F, FG-2200E, and FG-3300E series.

FortiManager Cloud cannot be removed once the FortiGate has trouble on contract.

Potential memory leak triggered by FTP command in WAD.

SNMP does not provide routing table for non-management VDOM.

sentbyte of NTP on local traffic log shows as 0 bytes, even though NTP client receives the packet.

High CPU usage issue caused by high depth expectation sessions in the same hash table slot.

After a reboot of the PPPoE server, the FortiGate (PPPoE clients, 35 clients) keeps flapping (connection down and up) for a long time before connecting successfully.

When a LAG is created between 10 GE SFP+ slots and 25 GE SFP28/10 GE SFP+ slots, only about 50% of the sessions can be created. Affected models: FG-110xE, FG-220xE, and FG-330xE.

Many no session matched logs while managing FortiGate.

ip6-extra-addr does not perform router advertisement after reboot in HA.

Uninitialized variable that may potentially cause httpsd signal 6 and 11 crash issue.

Crashes might happen due to CMDB query allocation fail that causes a segfault.

Long delay and cmdbsvr at 100% CPU consumption when modifying address objects and address groups via GUI or REST API.

Traffic not showing statistics for VLAN interfaces base on hardware switch.

Fortinet_CA is missing in FG-3400E.

The FG-800D HA LED is off when HA status is normal.

Fail to detect transceiver on all SFP28/QSFP ports. Affected platforms: FG-3300E and FG-3301E.

Over a period of time, FG-60E goes into memory conserve mode caused by resource leak of sepmd daemon.

FG-80D may fail to boot due to a limitation in the size of the bootloader and kernel.

Request to blocked signature with SSL mirrored traffic capture causes FG-500E to reboot.

Virtual WAN link stops responding after 45 members.

Frame size option in sniffer does not work.

DHCPv6 client's DUID generated on two different FortiGates match.

FWF-60E-DSL ADSL2+ connection provided by BT in the UK does not work after upgrading from 6.0.9 to 6.2.4.

Unable to handle kernel NULL pointer dereference at 000000000000008f.

SFP28 port group (ha1, ha2, port1 and port2) missing 1000full speed option. Affected platforms: FG-220xE, FG-330xE, FG-340xE, and FG-360xE.

FG-40F LAN interfaces are down after upgrading to 6.2.4 (build 5632).

VDOM with long name cannot be deleted.

Sometimes when updating the FortiGate license, there is a certificate verification failure.

NP6Xlite traffic not sent over the tunnel when NPU is enabled.

After upgrading from 6.2.2 to 6.2.3, the description field in the table has disappeared under DHCP reservation.

Upon upgrading to FortiOS 6.2.4, DoS policies configured on interfaces may drop traffic that is passing through the DoS policy configuration. Note that this can occur if the DoS policy is configured in drop or monitor mode.

Workaround: disable the DoS policy.

Sessions are removed from the session table when FSSO group order is changed.

FortiGate does not send user IP to TACACS server during authentication.

Device identification via LLDP on an aggregate interface does not work.

Device identification scanner crashes on receipt of SSDP search.

src-vis crashes on receipt of certain ONVIF packets.

FG-VM64-KVM is unable to boot up properly when doing a hard reboot with the host.

FG-VM image unable to be deployed on AWS with additional HDD(st1) disk type.

Azure SDN connector replicates configuration from primary device to secondary device during configuration restore.

FG-VM-GCP reboots a couple of times due to kernel panic.

GUI and CLI interface dropdown lists are inconsistent.

IPsec VPN tunnel not staying up after failing over with AWS A-P cross-AZ setup.

Unable to update routing table for a resource group in a different subscription with FortiGate Azure SDN.

Cross-zone HA breaks after upgrading to 6.4.0 because upgrade process does not add relevant items under vdom-exception.

Azure changes FPGA for Accelerated Networking live and VM loses SR-IOV interfaces.

By assigning port1 as the HA management port, the HA secondary unit node is now able to send system information to the Azure portal through waagent so that up-to-date information is displayed on the Azure dashboard.

If port1 is not used as the HA management port, the Azure display and Azure Security Center alerts will not reflect the correct state of the node, which may result in unnecessary alarms.

AWS FortiGate NIC gets swapped between port2 and port3 after FortiGate reboots.

RAS helper does not NAT the port 1720 in the callSignalAddress field of the RegistrationRequest packet sent from the endpoint.

FortiAP not coming online on FG-PPPoE interface.