In NGFW policy mode, sessions are not re-validated when security policies are changed.

Workaround: clear the session after policy change.

Compromised Hosts dashboard cannot show data if FortiAnalyzer is configured using the FQDN address in the log setting. FortiAnalyzer configured with an IP address does not have this issue.

When FortiAnalyzer logging is configured using an FQDN domain, the GUI displays a 500 error message on the FortiView Compromised Hosts page.

Antivirus archive logging enabled from the CLI will be disabled by editing the antivirus profile in the GUI, even if no changes are made.

Inconsistent reference count when using ports in HA session-sync-dev.

When creating an antispam block/allowlist entry, Mark as Reject should be grayed out.

Log viewer forwarded traffic does not support multiple filters for one field.

OK button missing from many pages when viewed in Chrome on an Android device.

VPN event logs are incorrectly filtered when there are two Action filters and one of them contains "-".

Warning message is not displayed when a user configures an interface with a static IP address that is already in use.

Managed FortiSwitch and FortiSwitch Ports pages are slow to load when there are many managed FortiSwitches. This performance issue needs a fix on both FortiOS and FortiSwitch. A fix was provided in FortiOS 7.0.1 GA and FortiSwitch 7.0.1 GA.

When creating or editing an IPv4 policy or address group, firewall address searching does not work if there is an empty wildcard address due to a configuration error.

Some GUI pages (dashboard, topology, policy list, interface list) are slow to load on low-end platforms when there are many concurrent HTTPSD requests.

GUI incorrectly displays the warning, Botnet package update unavailable, AntiVirus subscription not found., when the antivirus entitlement is expiring within 30 days. The actual botnet package update still works within the active entitlement duration.

GUI does not display FortiSwitch ports when multiple FortiLink interfaces are configured. FortiOS 6.4.0 and later supports multiple FortiLink configurations via the GUI.

After performing a search on firewall Addresses, the matched count over total count displayed for each address type shows an incorrect total count number. The search functionality still works correctly.

On Firewall Policy list, the tooltip for IP Pool incorrectly shows Port Block Allocation as being exhausted if there are expiring PBAs available to be reallocated.

The Edit Web Filter Profile page incorrectly shows that a URL filter is configured (even though it is not) if the URL filter entry has the same name as the web filter profile in the CLI.

On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.

When logs are retrieved from FortiAnalyzer, the GUI displays the same traffic logs for primary and secondary HA devices.

Sessions with syn_ses flags are not synced after reboot.

Cluster is out of sync because of config vpn certificate ca after upgrade.

IPS engine 5.00027 has signal 11 crash.

When IPS pcap is enabled, traffic is intermittently disrupted after disk I/O reaches IOPS limit.

On FG-80D, the IPS engine daemon count drops to 0 when the CPU number is 4.

Unable to route traffic to a spoke VPN site from the hub FortiGate when the dialup IPsec VPN interface is dual stacked (IPv4/IPv6).

User observes FGT internal error while trying to log in or activate FortiGate Cloud from the web UI.

No WAD sessions displayed when running diagnose wad filter.

BFD/BGP dropping when outbandwidth is set on interface.

Slow GUI performance in large Fabric topology with over 50 downstream devices.

GUI should add support to allow using switch VLAN interface under a tenant VDOM on a managed switch VDOM.

EHP drops for units with no NP service module.

FortiManager Cloud cannot be removed once the FortiGate has trouble on contract.

There is duplicate information when checking interface references in global.

SNMP does not provide routing table for non-management VDOM.

Interface emac-vlan feature does not work on SoC4 platform.

Offloaded traffic passing through two VDOMs connected with EMAC-VLANs is sometimes dropped.

VXLAN VNI interface cannot be used with a hardware switch.

stpforward does not work with LAG interfaces on a transparent VDOM.

Device identification via LLDP on an aggregate interface does not work.

FG-VM image unable to be deployed on AWS with additional HDD (st1) disk type.

Azure SDN connector replicates configuration from primary device to secondary device during configuration restore.

FG-VM-GCP reboots a couple of times due to kernel panic.

IPsec VPN tunnel not staying up after failing over with AWS A-P cross-AZ setup.

FortiGate AWS bootstrapped from configuration does not read SAML settings.

During every FortiGuard UTM update, there is high CPU usage because only one vCPU is available.