Quarantined CDR files cannot be downloaded. Encountered 404 error when clicking Archived File.

Shared memory does not empty out properly under /tmp.

Advanced threat protection statistics widget clean file count is incorrect.

Cannot clear scanunit vdom-stats to reset the statistics on ATP widget.

DLP cannot detect attached zip files when receiving emails via MAPI over HTTP.

DLP sensors and DLP options in firewall policy and profile groups are removed.

Cannot download DLP archived file from GUI for HTTPS, FTPS, SMTP and SMTPS.

Excessive false positives for credit card DLP profiles.

DLP blocks Gmail with deep inspection.

Downloading a file with an FTP client in EPSV mode will hang.

WAD fails to determine the correct file name when downloading a file from Nextcloud.

DNS filtering does not perform well on the zone transfer when a large DNS zone's AXFR response consists of one or more messages.

7K DNS filter breaking DNS zone transfer.

DNS translation is not working when request is checked against the local FortiGate.

DNS request to a second DNS server with same Transaction ID is discarded when DNS Filter is enabled on a policy.

Cannot re-order DNS domain filter list.

License shows expiry date of 0000-00-00.

DNS filter explicit block all (wildcard FQDN) not working in 6.2 firmware.

In domain threat feed, some URLs cannot be fetched due to SSL error.

Unable to change DNS filter profile category action after upgrading from 6.0.5 to 6.2.0.

EMS serial number format should be flexible.

FortiGate does not generate traffic logs for SOCKS proxy.

Cannot access explicit FTP proxy via VIP.

App traffic cannot be blocked in a proxy policy with certificate inspection while it works in a firewall policy.

Unwanted traffic log generated for firewall policy with web filter profile as MonitorAll.

Block page is not displayed for a URL in the frames of an allowed web page.

WAD cannot learn policy if multiple policies use the same FQDN address.

FSSO-based NTLM sessions from explicit proxy do not respect timeout duration and type.

EPSV does not work when using an FTP proxy.

urfilter process does not started when adding a category as dstaddr in a proxy policy with the deny action.

AV does not forward reply when GET for FTP over HTTP is used.

FortiGate returns 500 internal error instead of 521 Not logged in - Secure authentication required.

WAD crashed at wad_disclaimer_get with signal 11 when disclaimer is enabled in proxy policy and the browser is Chrome.

FTP traffic over HTTP explicit proxy does not generate traffic logs once receiving error message.

Enabling proxy policies (+400) increases memory by 30% and up to 80% total.

The specified port configurations of https-incoming-port for config web-proxy explicit disappeared after rebooting.

LDAP ignores source-ip with web proxy Kerberos authentication.

Editing a policy in the GUI changes the FSSO setting to disable.

GTP-authorized SGSNs and authorized GGSNs are not functioning properly.

Should not be allow to change address type that is used in an excluded group.

FortiGate sends type-3 code-1 IP unreachable for VIP.

Fabric device object does not work in NGFW policy.

Traffic is blocked by NGFW policy when SDN connector firewall address is configured in policy.

Application control causing NAT hairpin traffic to be dropped.

Workaround: Create a new firewall policy from scratch and the default application control can be applied again.

Session created by RPC session helper does not honor delay-tcp-npu-session.

Policy with a VIP with a destination interface of a zone is dropping packets.

Policy push from FortiManager failed, issue caused by abandoned ISDB entr.y

NGFW default block page partially loads.

Adding too many address objects to a local-in policy causes all blocking to fail.

Should not be allowed to rename VIP or address with the same name as an existing VIP group or address group object.

Samsung OEM internet browser cannot connect to FortiGate VS/VIP.

When a policy denies traffic for a VIP and send-deny-packet is enabled, ICMP unreachable message references the mapped address, not the external.

Get new CLI signal 11 crash log when performing execute internet-service refresh.

Some NetFlows have an active-flow-timeout when the session does not have any packets and the session cache in NetFlow expires and clears.

ISDB ID is missing when configuring internet service group objects.

Firewall policy hit count is incorrect.

When creating a firewall address with the associated-interface setting, CMD gets stuck if there is a large nested address group.

When SCTP is in closing state and there is traffic passing through to keep it from timing out, even when an INIT is received, the traffic still passes through the old session.

ISDB matches all objects and chooses the best one based on their weight values and the firewall policy.

GUI traffic shaper Bandwidth Utilization should use KBps units.

Cannot establish the connection to the real servers using VIP server load-balancing after upgrading to FortiOS 6.2.2.

IPS engine did not resolve nested address groups when parsing the address group table for NGFW security policies.

Virtual load-balance VIP and intermittent HTTP health check failures.

Increase the maximum limit for the optional parameters in SCTP INIT packet. After the fix, the maximum limit is 10 instead of 4 parameters.

Multiple entries do not take effect for internet-service-addition after refreshing.

Cannot use the same real server for multiple HTTP host information (server load-balancing).

Session stuck in proto_state=61 only when flow-based AV is enabled in the policy.

Adding more than one dynamic FSSO firewall address results in GUI and CLI errors.

FortiGate VIP object offers weak elliptic curves since VS implementation in WAD for FortiOS 6.0 and above.

FTP and Telnet do not work with IPv6 when application control is enabled.

Firewall policy search with decimal in the name fails in GUI.

Cannot add multicast-policy6, adding it causes CLI to crash.

On multiple FortiView sub-menus, the Quarantine Host option is no longer available.

FortiView All Sessions page tooltip for geography IP shows as undefined.

GUI does not show byte information for aggregate and VLAN interfaces.

Should hide Override internal DNS option if vdom-dns is set to disable.

Antivirus archive logging enabled from the CLI will be disabled by editing the antivirus profile in the GUI, even if no changes are made.

When VDOM is enabled, the interface faceplate should only show data for interfaces managed by the admin.

The MMS profiles pages have been removed from the FortiOS Carrier GUI.

Workaround: You can configure MMS profiles from the CLI using the config firewall mms-profile command.

Add a tooltip for IPS Rate Based Signatures.

There is no uptime information in the HA Status widget for the secondary unit's GUI.

A message stating that all source interfaces have no members is erroneously displayed for the explicit proxy policy list when a user enables a policy immediately after pasting or inserting it into the list.

Options 150, 15, and 51 for the DHCP server should not be shown after removing them and having no related configuration in the backend.

Interface filter gets incorrect result (EMAC VLAN, VLAN ID, etc.) when entries are collapsed.

SD-WAN member number is not correct in Interfaces page.

GUI on FG-3800D with 5.6.3 is very slow for configurations with numerous policies.

Compliance events GUI page does not load when redirected from the advanced compliance page.

While accessing the FortiGate page, PC browser memory usage keeps spiking and finally PC hangs.

GUI shows wrong relationship between VLAN and physical interface after adding them to a zone.

Editing system interface via the GUI causes the explicit web proxy to be disabled.

Get Fail to retrieve info for default VDOM link on Network > Interfaces page.

GUI should not log out if there is a 401 error on the downstream device.

Not possible to select value for DN field in LDAP GUI browser.

Hardware Switch row is shown indicating a number of interfaces but without any interfaces below.

Cannot disable CORS setting on GUI.

Inconsistent reference count when using ports in HA session-sync-dev.

GUI navigation menu notification should match with issue in the dialog box.

OK button grayed out when editing an interface that has DHCP option 224 in the list with FortiClient-On-Net Status enabled.

Interface page keeps loading when VDOM admin have netgrp permission.

When creating an antispam block/allow list entry, Mark as Reject should be grayed out.

Get Internal Server Error when editing an aggregate link that has a name with a space in it.

Suggest GUI Interfaces list includes SIT tunnels.

Cannot change MAC address setting when configuring a reserved DHCP client.

LACP aggregate interface flaps when adding/removing a member interface (first position in member list).

Failed to retrieve info message appears for ha-mgmt-interface in Network > Interfaces.

Hovering mouse over FortiExtender virtual interface shows incorrect information.

GUI does not display the status for VLAN and loopback in the Network > Interfaces > Status column.

In Log & Report, filtering for blank values (None) always shows no results.

Virtual IPs page should not show port range dialog box when the protocol is ICMP.

Admin with netgrp privilege unable to get interface page and got pyfcgid crash (signal 11 (Segmentation fault)).

Routing monitor network filter does not filter subnets after upgrading.

Policy list page should not show inline editing icon in column field when logged in as a read-only user.

Scripts pushed from FortiCloud do not show up in System > Advanced Settings when FortiCloud remote access is used.

The tooltip for VLAN interfaces displays as Failed to retrieve info.

Context menu of AP group has unsupported actions enabled after change view on Managed FortiAPs page.

Network mask of a VPN interface is changed to 255.255.255.255 without an actual configuration change.

When sending CSF proxied request, segfault happens (httpsd crashes) if FortiExplorer accesses root FortiGate via the management tunnel.

Change/remove FortiCloud standalone reference.

After OSPF change via GUI, password for virtual-link will completely disappear and must be re-entered.

Application group improvements.

New interface pair consolidated policy added via CLI is not displayed on GUI policy page.

Application Name field shows vuln_id for custom signature, not its application name in logs.

AP comments do not appear on the columns for Managed AP page.

Cannot save DHCP Relay configuration when the Relay IP address list is separated by a comma.

IPS sensor not configurable in GUI with Firefox.

GUI response is very slow when accessing Route Monitor page in GUI.

SSL VPN Settings page shows undefined error.

FortiGate without disk email alert settings page should remove Disk usage exceeds option.

Editing policies inline can result in previously selected policies being changed.

GUI shifts central management type to FortiManager after clicking Apply to enable FortiManager Cloud.

Signature name should be shown when VDOM admin has WAF read/write permission only.

Log search index files are never deleted when the log disk is out of space.

Empty firmware version in managed FortiSwitch from FortiGate GUI.

Port Link speed option is missing on the FortiGate GUI after upgrading the managed FortiSwitch to 6.2.1.

Local category for g-default, g-wifi-default web filter profiles should not be displayed.

Firewall User Monitor shows "Failed to retrieve info" and no entries if session-based proxy authentication is used.

Cannot run Security Rating (Fabric device error).

Connected routes in the routing monitor are showing up with 1969/12/31 18:59:59 for Up Since times.

Email filter page keeps loading and cannot create a new profile when the VDOM admin only has

emailfilter permission.

Filtering service availability check always fails once anycast is enabled and override server is set.

Internal server error while trying to create a new interface.

After adding few web rating overrides via GUI to an already existing long list of URIs, Web Rating Overrides page does not load and keeps spinning.

IpSec Monitor window Bring Up function does not work.

NGFW mode should have a link to show all applications in the list.

Issue with application and filter overrides.

Add Selected button does not show up under FSSO Fabric Connector with custom admin profile.

GUI does not have the option to disable the interface when creating a VLAN interface.

VPN event logs are incorrectly filtered when there are two Action filters and one of them contains "-".

When the link status is up, the aggregate interface status icon is incorrectly displayed in red.

High CPU utilization by httpsd daemon if there are too many API connections

Wrong traffic shaper bandwidth unit on 32-bit platform GUI pages.

No matching IPS signatures are found when Severity or Target filter is applied.

Enable/disable Disarm and Reconstruction in the GUI only affects the SMTP protocol in AV profiles.

When logged in as administrator with web filter read/write only privilege, the Web Rating Overrides GUI page cannot load.

The Interface Pair View option is always unavailable for the Proxy Policy list.

Wrong warning message, All source interface(s) has no members, appears in Proxy Policy page.

If the Endpoint Control feature is disabled, the exempt options for captive portal are not shown in the GUI.

WAN Opt. Monitor displays Total Savings as negative integers during file transfers.

Option to reset statistics from Monitor > WAN Opt. Monitor in GUI does not clear the counters.

Web filter profile warning message when logged in with read/write admin on VDOM environment.

VIPs dialog page should be able to create VIP with the same extip/extport but different source IP address.

FortiGate with no anti-spam license is showing incorrect information under FortiGuard > Filtering Services Availability.

DHCP offset option 2 has to be removed before changing the address range for the DHCP server in the GUI.

GUI behavior is different with local user using super admin profile and TACACS user using super admin profile.

Upgrading from build 0932 to build 1010 displays Malware Hash Threat Feed is not found or enabled error.

Interface hierarchy is not respected in the GUI when a LAG interface belongs to SD-WAN and its VLANs belong to a zone.

Wrong Sub-Category appears in the Edit Web Rating Override page.

One-minute memory; CPU and Sessions widgets stopped updating after system entered and exited conserve mode.

Login page shows random characters when system language is not English.

Nessus vulnerability scan tool reports more medium level vulnerabilities for 6.2.3 (B1056) compared with the 6.2.2 result.

Pyfcgid crashed with signal 11 (Segmentation fault) received.

FortiGuard quota category details displays No matching entries found for local category.

GUI should allow user to create redundant IPsec tunnel over different interface to the same remote gateway.

Reduce the number of core used by httpsd for low-end platforms.

When deleting an AV profile in the GUI, there is no confirmation message prompt.

Block intra-zone traffic toggle button function is inverted in FortiOS 6.2.3.

Security Rating result for SSL VPN certificate fails when using a 384-bit elliptic curve certificate.

Data source is missing in child table entries in a complex type property.

GUI should add interface value check when creating a new zone.

Admin cannot log in to FortiGate GUI.

System goes into conserve mode when editing ISDB entries through GUI.

Interfaces is missing in the GUI in sections for IPv4 Policy and SSL-VPN Settings after upgrading from 6.2.2 to 6.2.3.

Cannot activate or log out of FortiGate Cloud from widget.

DPD setting in GUI cannot be reflected correctly when Dialup User and On Demand are set by the IPsec wizard.

GUI does not allow multiple IPsec tunnels with the same destination IP bound to the same interface but sourced from a different IP.

Physical and logical topology pages do not load when admin has read-only permission in Security Fabric.

FortiGate enters conserve mode when accessing Amazon AWS ISDB object.

Edit DNS Filter Profile page cannot be displayed if botnet domain is enabled.

Revoke Token in GUI reports URL not found on server.

FG-OPC-ONDEMAND (FGVMPG license) shows FortiCare is not supported even though the license was registered in FortiCare.

When saving configuration under global interface, explicit proxy settings are removed.

Firewall Policy page does not show destination when using external block address.

FortiGate displays a hacked web page after selecting an IPS log.

Policy historical view shows policies from other VDOMs.

No warning is shown in GUI when FortiGuard filtering protocol/port setting is not saved.

Get [__svr_d_commit:1508] Update table index error: type=4 when changing the feature set to flow-based with FortiSandbox enabled.

GUI does not list AliCoud SDN address filter.

Application hasync might crash several times due to accessing some memory out of bound when processing hastat data.

In HA, management-ip that is set on a hardware switch interface does not respond to ping after executing reboot.

Some long VDOM name configurations are changed and failed to be in sync after rebooting.

Read-only admin account can failover a HA.

HA A-A local FQDN not resolving on secondary unit.

HA failing config sync on VM01 with error (secondary and primary units have different hdisk status) when primary unit is pre-configured.

Unable to sync the local gateway in FGSP.

Crash occurs when changing the standalone mode for A-A and A-P in config system ha.

HA secondary device sending out GARP packets in 16-20 seconds after HA monitored interface failed.

hatalk keeps exchanging heartbeat packet incorrectly with FortiManager.

default-gateway injected by dynamic-gateway on PPP interface deleted by other interface down.

exe backup disk alllogs ftp command causes FortiGate to enter conserve mode.

Moving VDOM via GUI between virtual clusters causes cluster to go out of sync and VDOM state work/standby does not change.

HA secondary device unable to get checksum from primary device. HA sync in Z state.

SIP HA message could overwhelm HA secondary box and drive the secondary box to conserve mode.

FG-3400E hasync reports the network is unreachable.

Heartbeat device (interface) up messages not triggered.

Multiple PPPoE connections on a single interface does not sync PPPoE dynamic assigned IP and cannot start re-negotiation.

Deleting tunnel on primary unit via API call will not delete it from the secondary unit.

HA active-active primary unit attempts to steer HTTP and SMTP sessions to secondary unit over NPU-VLINK interfaces.

Local user creation causes HA to be out of sync for several minutes.

Application hasync might crash several times due to accessing some memory out of bound when processing hastat data.

The configuration of the SD-WAN interface gateway IP should not sync.

In a FortiGate HA cluster, performance SLA (SD-WAN) information does not sync with the secondary unit.

HA failover takes over one minute when monitored aggregate interface goes down on primary unit.

New constraint added in config icap server entries in FortiOS ICAP client feature.

Signal 14 alarm crashes were observed on DFA rebuild.

IPS engine 5.009 crashes when updated new FFDB has different size from the old one.

IPS engine 5.030 signal 14 alarm clock crash at nturbo_on_event.

The CPU consumption of ipsengine gets high with customer configuration file.

When IPS pcap is enabled, traffic is intermittently disrupted after disk I/O reaches IOPS limit.

Security Policy page is slow to load due to empty security firewall statistic returning from IPS engine.

Remove the IPsec global lock.

Traffic will not pass through VXLAN over dynamic IPsec tunnel.

IPsec does not support the new interface-subnet type in its phase2-interface and ipv4-split-include settings for dialup VPN.

PKI certificates with OU and/or DC as subject fail for PKI user filters.

mode-cfg IP is missing from the routing table.

OCVPN cannot register, status is undefined.

IKEv2 with EAP peer ID authentication validation does not work.

ADVPN connections from the hub disconnects one-by-one and IKE gets stuck.

The customer is unable to log in to VPN with RADIUS intermittently.

In IPsec after HA failover, performance regression and IKESAs is lost.

Dialup IPsec tunnel DPD discrepancy.

Packet loss observed after ADVPN shortcut is created.

IPsec VPN IKEv2 interoperability issue when the FortiGate uses a group as P2 selectors with a non-FortiGate in a remote peer gateway.

Unable to reach network resources via L2TP over IPsec with WAN PPPoE connection.

Traffic unable to pass through for certain phase 2 selectors when there is double SA.

When disabling and re-enabling OCVPN after HA failover, cannot establish IPsec tunnel.

Problem establishing ADVPN shortcuts between spokes when the spoke has an additional VPN running.

L2TP/IPsec VPN disconnects frequently.

IPsec VPN over IPv6 ISAKMP SA negotiation failure when setting is IPv4 DHCP mode.

IKEv2 responder can delete static selectors when local narrowing occurs.

IKEv2 EAP-TLS handshake detected retransmit of client, but FortiGate does not retransmit its response.

The OCVPN log file was not closed or properly trimmed due to the incorrect state_refcnt. The OCVPN log file stayed open, grew extremely large, and was never trimmed.

L2TP disconnection when transferring large files.

IKE memory leak when IKEv2 certificate subject alternative name/peer ID matching occurs.

iked crashes when proposal is AES-GCM.

IKEv2 DPD is not triggered if network overlay network ID was mismatched when first configured.

After two HA failovers, one VPN interface member of SD-WAN cannot forward packets.

IKEv2 EAP certificate authentication failings after upgrading from to 6.2.1 to 6.2.3.

L2TP/IPsec does not send framed IP address in RADIUS accounting updates.

Application miglogd crashes when numerous DLP logs are generated, where DLP archive files use up system inodes.

miglogd has signal 11 crash.

Set sniffer policy to only log logtraffic=utm but many traffic log stats are still generated in disk or FortiAnalyzer.

Action field in traffic log cannot record security policy action—it shows the consolidated policy action.

No traffic log after reducing miglogd child to 1.

Improve local log search logic from aggressive to passive mode to save resources and CPU.

FortiOS 6.0.6 reports too long VPN tunnel durations in local report.

FortiGate sends change notice for global REST APIs once a minute.

vwlservice traffic log has wrong internet-service name when internet-service is enabled in the SD-WAN rule.

Log viewer application control cannot show any logs (page is stuck loading).

Log filter can return empty result when there are too many logs, but the filter result is small.

IPS logs set srcintf(role)/dstinf(role) reversely at the time of IPS signature reverse pattern.

When refreshing logs in GUI, some log_se processes are running extremely long and consuming CPU.

Total sum of vdom log-disk-quota can be set to surpass total HD logging space.

Logs to syslog server configured with FQDN addresses fail when the DNS entry gets updated for the FQDN address.

Miglogd still uses the daylight savings time after daylight savings ends.

Proxy policy forward traffic log should have "timeout" action for no-reply or timeout case.

When logtraffic is set to all, existing sessions cannot change the egress interfaces when the routing table is updated with a new outgoing interface.

GUI shows 401 Unauthorized error when downloading forward traffic logs with the time stamp as the filter criterion.

Incorrect sentdelta/rcvddelta in traffic log statistics.

User observes FGT internal error while trying to log in or activate FortiGate Cloud from the web UI.

FortiGate sends incorrect long session logs to FortiGate Cloud.

radvd records daemon started log when daemon-log is disabled.

FortiGate does not bypass the forward server if upstream proxy is down and server-down-option is set to pass.

External resource does not support no content length.

WAD crash with signal 11.

When SNI is exempt in an SSL profile, and the SNI does not match the CN, the FortiGate closes the session and does not perform deep inspection.

Certificate blocklist not working correctly in proxy mode.

When strict SNI check is enabled, FortiGate with certificate inspection cannot block session if SNI does not match CN.

WAD crashed with signal 6 (MAPI/RPC).

In WAD conserve mode 5.6.8, max_blocks value is high on some workers.

SSL mirroring is not working under proxy inspection mode.

WAD crash causing traffic interruption.

For FortiGate with client certificate inspect mode, traffic will trigger WAD crash.

Fail to connect https://drive.google.com by TLS 1.3.

FTP proxy traffic is blocked for FSSO guest users.

High CPU with authd process caused by WAD paring multiple line content-encoding error and IPC broken between wad and authd.

Policy in proxy-based mode with AV and WAF profile denies access to Nginx with enabled gzip compression.

SSL decryption breaks App store and Google Play store traffic even though both sites are exempted in the decryption profile.

FortiGate blocklist certificate info is not shown in replace message on certificate inspect case in TLS 1.3.

Improve scanunit to support multiple content encodings.

In Proxy inspection with Application control and certificate inspection, TLS error for certain web pages, in EDGE browser only.

WAD is crashing with signal 6 in wad_fmem_free when processing SMB2/CIFS.

WAD might leak memory during SSL session ticket resumption.

WAD application crashing in 6.2.1.

WAD reads ftp over-limit multi-line response incorrectly.

When CIFS profile is loaded, using MacOS to access Windows Share causes WAD to crash.

WAD crash for wad_ssl_port_on_ocsp_notify.

In case of TLS 1.3 with certificate inspection and a certificate with an empty CN name, WAD workers would locate a random size for CN name and then cause unexpected high memory usage in WAD workers.

FSSO-based NTLM sessions from explicit proxy do not respect timeout duration and type.

Potential memory leak that will be triggered by certificate inspection CIC connection in WAD.

WAD crash due to user learned from proxy not purged from the kernel when user is deleted from proxy or zone with empty interface member.

WAD memory leak detected on cert_hash in wad_ssl_cert.

FTP connection is not working with AV profile in proxy inspection mode when FTP user name contains an "@".

Receive SSL fatal alert with source IP 0.0.0.0.

WAD may encounter memory corruption issue if the resources allocated by FTS are not cleaned up properly.

WAD virtual server with http-multiplex enabled causes crash after server is detached because the http_server object is detached from http_session.

Multiple WAD crash on FG-500D after upgrading from 6.2.3 (wad_url_filter_user_cat_load_entry.constprop.7).

Cannot modify ge and le attributes for router prefix-list table without plugin flag.

REST API to support transaction operation.

When managing FortiGate via FortiGate Cloud, sometimes user only gets read-only access.

OSPF translated type 5 LSA not flushed according to RFC-3101.

SD-WAN health-check keep records useless logs under some circumstances.

BFD/BGP dropping when outbandwidth is set on interface.

FortiOS 6.2.1 introduces asymmetric return path on the hub in SD-WAN after the link change due to SLA on the spoke.

Time stamps missing in routing debugs.

Gradual memory increase with full BGP table.

VRF configuration in WWAN interface has no effect after rebooting.

BGP confederation router sending incorrect AS to neighbor group routers.

ISDB ID is changed after restoring the configuration under the situation where the FortiGate has a previous ISDB version.

SD-WAN option of set gateway enable/set default enable override available on connected routes.

VRRP on LAG cannot forward packet after vrrp-virtual-mac is enabled.

In transparent mode with asymmetric routing, packet in the reply direction does not use asymmetric route.

There is no indication in proute if the SD-WAN service is default or not.

IPv6 route cannot be inactive after link-monitor is down when link-monitor are set with ipv4 and ipv6.

After failover/recovery of link, E2 route with non-zero forward address recurses to itself as a next hope.

Routing monitor policy view cannot show source and destination data for SD-WAN route and wildcard destination.

SD-WAN rules route-tag still used in service rule but not in diagnose sys virtual-wan-link route-tag-list.

Link monitor with tunnel as srcintf cannot recover after remote server down/up.

FortiGate sends malformed OSPFv3 LSAReq/LSAck packets on interfaces with MTU = 9k.

OSPF NSSA with multiple ASBR losing valid external OSPF routes in upstream neighbors as different ASBRs are power cycled.

Routing table is not always updated when BGP gets an update with changed next hop.

Improve algorithm to distribute ECMP traffic for source IP-based/destination IP-based.

Unable to create the IPsec VPN directly in Network > SD-WAN.

PPPoE interface bandwidth is mistakenly calculated as 0 in SD-WAN.

IPv6 ECMP routes cannot be synchronized correctly to HA secondary unit.

BGP route is in routing table but not in FIB (kernel routing table).

OSPF over ADVPN flapping after shortcut tunnel established.

Traffic not following SD-WAN rules when one of the interfaces is VLAN.

SD-WAN GUI page bandwidth shows 0 issues when there is traffic running.

SSH packets marked as CS0.

SD-WAN health check reports have packet loss if response time is longer than the check interval.

Policy routes with large address groups containing FQDNs no longer work after upgrading to 6.2.2.

SD-WAN route is not added in routing table when the SD-WAN interface members are IPv4 over IPv6 IPsec.

Prevent BGP daemon crashing when peer breaks TCP connection.

BGP route is not added in to kernel during ADVPN test.

Locally originated traffic on non-default VRF may follow route on VRF 0 when there are routes with the same prefix on both VRFs.

BGP daemon crashes when TCP connection is broken by peer.

Editing/adding any address object that is referenced in policy is generating false positive SD-WAN alert messages.

FGCP dynamic objects are not populated in the secondary unit.

Automation stitch cannot execute shutdown command when FortiGate enters kernel conserve mode.

Security Fabric widget keeps loading when FortiSwitches are in a loop, or the FortiSwitch is in MCLAG mode.

Invalid CIDR format shows as valid by the Security Fabric threat feed.

IP address Threat Feed fabric connector not working.

Threat Feeds show the URL is invalid if there is a special character in the URL.

ACI SDN connector dynamic address cannot be resolved.

CSF automation configuration cannot be synced to downstream from root.

Crash happens due to segfault in CSF.

FortiGate SDN connector not seeing all available tag name-value pairs.

Time zone of scheduled automation stitches will always be taken as GMT-08:00 regardless of the system's timezone configuration.

On E model, get Failed to load Topology Report Result error after clicking Update Now button.

SSL VPN web portal login history is not displayed if logs are stored in FortiAnalyzer.

In some special cases, SSL VPN main state machine reads function pointer is empty that will cause SSL VPN daemon crash.

SSL bookmark is not loading SAP portal information.

Cannot fully load a website through SSL VPN bookmark.

interface subnet object not available in SSL VPN split-tunneling-routing-address.

SSL VPN LDAP group object matching only matches the first policy; is not consistent with normal firewall policy.

SSL VPN users create multiple connections.

Error for proxy SSH database through SSL VPN.

When accessing ACT application through SSL VPN web mode, the embedded calendar request gets wrong response and redirects to login page.

CMAT application through SSL VPN.

SSL VPN web mode not displaying custom web application's JavaScript parts.

In some lower-end FortiGates, the threshold of available memory is not calculated correctly for entering SSL VPN conserve mode. Threshold should be 10% of total memory when the memory is larger than 512 MB and less than 2 GB.

The SSL VPN web mode webserver link is not rewritten correctly after login.

FSSO groups set in rule with SSL VPN interface.

SSL VPN daemon crashes when logging in several times with RADIUS user that is related to a framed IP address.

SSL web mode VPN portal freezing when opening some websites using JavaScript.

Fails to load bookmark site over SSL VPN portal.

Unable to access https://outlook.office365.com as bookmark in SSL VPN web mode.

SSL VPN web mode not redirecting URL as expected after successful login.

Accessing http://nlyte.ote.gr/nlyte/ configured with bookmark name 'NLYTE' not getting authentication page.

Third-party (Ultimo) web app does not load over SSL VPN web portal.

Internal web application is not accessible through web SSL VPN.

RDP sessions are terminated (disconnect) unexpectedly.

Support HSTS include SubDomains and preload option under SSL VPN settings.

When the SSL VPN portal theme is set to red, the style is lost in the SSL VPN portal.

A VPN SSL bookmark failed to load the Proxmox GUI interface.

Unable to download report from an internal server via SSL VPN web mode connection.

The policy "script-src 'self'" will block the SSL VPN proxy URL.

SAML login is not stable for SSL VPN, it requires restarting sslvpnd to enable the function.

SSL handshake failure with Server Architect in web mode.

In web mode, third-party webpage stuck on loading animation; JavaScript error in console.

The SSL VPN web mode SSH widget is not connecting to the SSH server.

SSO for HTTPS fails when using "\" (backslash) with the domain\username format.

There is no OS support for the latest macOS Catalina version (10.15) when using SSL VPN tunnel mode.

Different portals of SIPLAN COMPESA do not show properly in web mode.

SSL VPN web portal bookmarks cannot resolve hostname.

SSO does not correctly URL-encode POST-ed credentials.

href rewrite has some issues with the customer's JS file.

Most charts and diagrams on the website could not be shown in SSL VPN web mode when using a special tool.

After sslvpn proxy, some Kurim JS files run with an error.

sslvpnd crashed on FortiGate.

SSL VPN bookmark does not load Google Maps on internal server.

SSL VPN bookmark does not load after clicking from the portal.

Website not fully loading through web portal bookmark; loads correctly with iPad user agent.

Cannot access HTTPS bookmark, get a blank page.

SSL VPN logs out after some users click through the remote application.

Screen shot feature is not working though SSL VPN portal.

Cannot access https://cdn***.com through SSL VPN web portal.

FortiGate does not send client IP address as a framed IP address to RADIUS server in RADIUS accounting request message.

Cannot access some specific sites through SSL VPN web mode.

SSL VPN web mode goes to 99% on a specific bookmark.

sslvpnd worker process crashes, causing a zombie tunnel session.

SSL VPN fails 90% when connecting with FortiClient.

SAML user name is not correctly recorded in logs when logging in to SSL VPN portal via SSO entry, and history cannot be shown.

Not possible to download PDF file after connecting to portal through SSL VPN bookmark.

FortiOS does not correctly re-write the Exchange OWA logoff URL when accessed via SSL VPN bookmark.

SSL VPN connection stuck at 95% or 98%.

Internal website not working in SSL VPN web mode.

Unable to deauthenticate FSSO user in GUI, but it works in CLI.

The latest FortiOS GUI does not render when accessing it by the SSL VPN portal.

Webpage does not load properly through SSL VPN web mode (fails to show CAPTCHA).

Add SSL VPN SSO user logged in from SAML response.

In SSL VPN web mode, internal web services not working and tunnel mode is working fine.

Internal custom web application page running on Apache Tomcat is not displaying in SSL VPN web mode.

SSL VPN daemon crash.

Internal website is not accessible from SSL VPN as the URL is being modified.

SAML authentication group match does not work for SSL VPN; mismatched SAML user can also log in.

SSL VPN web portal bookmarks are not full loading for Vivendi SelfService application.

GUI is not rendered well by SSL VPN portal when using domain and user to log in.

In SSL VPN web mode, page keeps loading after user authenticates into internal application.

In SSL VPN web mode, cannot display complete content on page, and cannot paste or type in the comments section.

Problem with rat***.com portal accessed via SSL VPN web mode.

RADIUS user and local token push cannot log in to SSL VPN portal/tunnel when the password needs to be changed.

Sending RADIUS accounting interim update messages with SSL VPN client framed IP are delayed.

Unable to access internal web URL via web mode in Safari browser.

sslvpnd crashes when trying to query a DNS host name without a period (.).

Site in .NET framework 4.6 or 4.7 not loading in SSL VPN web mode.

SSL VPN web mode cannot open DFS share subdirectories, gives invalid HTTP request message.

Cannot access remote site using SSL VPN web mode after upgrading to FOS 6.2.2.

SSL VPN synology NAS web bookmark log in page does not work after upgrading to 6.2.3.

Internal website not working in SSL VPN web mode; cannot load ESS/MSS page.

Download progress is not shown for the FTP files of the SSL portal.

Chinese characters are garbled when downloading from SMB/CIFS in SSL VPN web mode.

Internal website is not shown properly in SSL VPN web mode.

SSL VPN LDAP authentication does not work in multiple user group configurations after upgrading the firewall to 6.0.7.

Internal SAP website not working in SSL VPN web mode.

Remedy application website is not accessible from SSL VPN as the URL is being modified.

Mobile token is not required when LDAP user and LDAP group are set in SSL VPN policy together.

Internal HRIS website dropdown list box not loading in SSL VPN web mode.

SSL VPN web mode is not working; SSL VPN portal cannot be accessed.

Double redirection through SSL web mode not working.

RDP connection via SSL VPN web portal does not work with UserPrincipalName (UPN) and NLA security.

AngularJS web application cannot load via SSL VPN web mode.

SSL VPN will renew local user password, even though use is not related to SSL VPN. The remote LDAP user password should renew.

SSL VPN access top*** -- Any*** website problem with SSL VPN web bookmark.

Webpage keep loading using through SSL VPN and bookmark.

Videos from live cameras via SSL VPN web mode not working.

SSL VPN web mode custom FortiClient download URL with %s causing sslvpnd to crash.

On a managed FortiSwitch already running the latest GA image, Upgrade Available is shown.

On a network running FortiSwitch prior to 6.0.0, a syn-error occurs. The network will still function normally.

Workaround: Users with 6.0.x should upgrade to remove the sync-error or disable vlan-optimization. On a network with switch-controller.global.vlan-all-mode all configured, the setting will revert to the default value of defined. Users who wish to maintain the vlan-all-mode all behavior may restore it after upgrading.

FortiSwitch managed by FortiGate not updating the RADIUS settings and user group in the FortiSwitch.

Adding factory-reset device to HA fails with switch-controller.qos settings in root.

FortiSwitch shows offline CAPWAP response packet getting dropped/failed after upgrading from 6.2.2.

set key-outbound and set key-inbound parameters are missing for GRE tunnel in config system gre-tunnel.

Unable to push user group configuration from FortiGate to FortiSwitch, and user.group configuration is deleted.

Unable to push configuration changes from FortiGate to FortiSwitch.

LLDP policy did not download completely to the managed FortiSwitch 108Es.

Some error padding formats of SHA-256 SSL encrypted packets can stop the output function of command queue in CP8.

Get fgt140d_i2c_write_byte_data:874 i2c_write_byte_data(0, 0x73, 0x00, 0x04) error! message by detecting transceiver. Affected platforms: FG-140D and FGT-140D-POE.

Firewall policy is deleted after a hard power cycle and subsequent file system check and reboot.

TCP traffic with tcp_ecn tag cannot go through ipip ipv6 tunnel with NP6 offload enabled.

Router info does not update after plugging out/plugging in USB modem.

diagnose command on VDOM disclose other VDOM information.

SDN address filter unable to handle space character.

Internal prioritization of OSPF/BGP/BFD packets in conjunction with HPE feature to ensure these routing packets are handled in time. It affects all NP6 platforms.

FortiGuard filtering services show as unavailable for read-only admin.

FGR-30D cannot add ports SFP1 and SFP2 on a virtual hardware switch.

Primary unit does not send SNMP trap for all SNMP servers if the cable is plugged out from the interface configured as LAG.

HPE does not protect against DDoS attacks like flood on IKE and BGP destination ports.

Memory (SKB) which is no longer needed is not released in NP6 and NP6lite drivers (FG-100E, FG-140E, FG-3600D, FG-3800D).

CPU goes to 100% when modifying members of an addrgrp object.

Add support for # character in SNMP community name.

PoE ports no longer deliver power.

RX/TX counters for VLAN interfaces based on LACP interface are 0.

There was a hardware defect in an earlier revision of SSD used for FG-61E. When powering off then powering on in a very short time, the SSD may jump into ROM mode and cannot recover until a power circle.

Making a change to a policy through inline editing is very slow with large table sizes.

GUI cannot save edits made on replacement messages in a VDOM. When using CLI, user gets logged out while editing.

Session TTL expiry timer is not reset for VLAN traffic when offloading is enabled.

ASIC offloading sessions sticking to interfaces after SD-WAN SLA interface selection.

FortiGate CSR traffic to SCEP server generated from the root VDOM instead of the VDOM createf for the CSR.

ospfNbrState OID takes too long to update.

FortiGate can't extract the user principal name UPN from user certificate when certificate contains UPN and additional names.

Missing mpsk-schedules option when restoring configuration via VDOM.

SNMP polling stopped when FortiManager API script executed onto FortiGate.

Cannot see the IP in diag ip address list if the secondary IP is deleted, set as the primary IP, and secondary-IP is disabled.

FortiGate takes a long time to reboot when it has many firewall addresses used in many policies.

FG-80D and FG-92D kernel error in CLI during FortiGate boot up.

FG-3980E VLANs over LAG interface show no TX/RX statistics.

Mismatch between number of lists with CPU usage OID and number of CPU threads.

forticldd deamon resolved mgrctrl1.fortinet.com to wrong IP address.

High CPU usage due to dnsproxy process as high at 99%.

FortiGate does not accept FortiManager created country code and causes address install fails.

The status of port in aggregate is not correct after changing its status.

Problems with cmdbsvr while handling a large number of FSSO address groups and security policies.

authd4 crashes when deleting a VDOM or rebooting the FortiGate.

DNS servers acquired via PPPoE in non-management VDOMs are used for DHCP DNS server option 6.

FG-201E stops sending out packets and NP6lite is stuck.

SSH/RDP sessions are terminated unexpectedly.

Session clash event log found on FG-6500F when passing a lot of the same source IP ICMP traffic over load-balance VIP.

Traffic cannot be offloaded to both NTurbo and NP6 when DOS policy is applied on ingress/egress interface in a policy with IPS.

Enabling offloading drops fragmented packets.

fgfmsd crash makes connection to FortiManager go down.

fgfmsd crashed with signal 11 when some code accesses a VDOM that has been deleted, but does not check the return value from CMDB query.

Script to purge and re-create a local-in-policy ran against the remote FortiGate directly (in the CLI) is causing auto-update issues.

SNMP trap cannot display FortiGate model in OSPF trap information.

Console outputs unregister_netdevice error on UoM setup.

NTPD does not requery the DNS server unless it restarts.

GUI cannot show default Fortinet logo for replacement messages.

When an SD-WAN member is disabled or VWL is disabled, snmpwalk shows "No Such Object available on this agent at this OID" message.

FortiGate sends ICMP type 3 code 3 (port unreachable) for UDP 500 and UDP 520 against vulnerability scan.

VIP server load-balancing persistence HTTP cookie not refreshed after the timer.

NetFlow traffic records sent with wrong interface index 0 (inputint = 0 and outputint = 0)

get system inter transceiver reports error for some transceivers.

Packet loss happened in FTP traffic for some cases.

Kernel crashes when sniffing packets on interfaces that are related to EMAC VLAN.

FortiGate returns invalid configuration during FortiManager retrieving configuration.

EMAC VLAN drops traffic when asymmetric roue enabled on internet VDOM.

QSFP interface goes down when the get system interface transceiver command is interrupted.

Local system DNS setting instead of DNS setting acquired from upstream DHCP server was assigned to client under management VDOM.

Dedicated management CPU running on high CPU (soft IRQ).

Wrong source IP is bound for config system fortiguard.

alertemail username length cannot go beyond 35 characters.

Enabling auto-asic-offload results in keeping action=deny in traffic log with an accept entry.

OID for the IPsec VPN phase 2 selector only displays the first one on the list.

FortiManager needs patch and minor number to update global database when FortiGate firmware upgrade does not trigger an auto-retrieve configuration.

Get zip conf file failed -1 error message when doing cfg-save.

Cannot change the mask for an existing secondary IP on interfaces.

Issue with TCP packets when traversing the virtual wire pair in transparent mode.

VLAN switch does not work on FG-100E.

FortiGate got rebooted automatically due to kernel crash.

FortiGate is not sending DHCP request after receiving offer.

Remove DST for Brazil.

diagnose hardware test suite all fails due to FortiLink loopback test.

Update daemon is locked to one resolved update server.

Communication over PPPoE fails after installing PPPoE configuration from FortiManager.

Crash caused by JSON filter because a null check is not done.

diagnose internet-service match does not return the IP value of the IP reputation database object.

There is duplicate information when checking interface references in global.

Unable to execute ping6 when configuring execute ping6-options tos, except for

default.

Invalid multicast policy created after transparent VDOM restored.

Constant DHCPD crashes.

FG-3400E/FG-3600E link is up on 25G ports only when the FEC is disabled on the Ixia tester.

ISDB may cause crashes after downgrading FortiGate firmware.

SNMP does not provide routing table for non-management VDOM.

For 32-bit system, there is no bandwidth-unit option in traffic-shaper, but the guaranteed-bandwidth/maximum-bandwidth help text still says Units depend on the bandwidth-unit setting.

nTurbo set IRQ affinity as failed when platform has quite a few PCIe devices and many interrupts are requested during system bootup.

DDNS monitor-interface uses the monitored interface if DDNS services other than FortiGuard DDNS are used.

Some of the clients are not getting their IP through DHCP intermittently.

Interfaces get removed from SD-WAN after rebooting when interface is defined in both SD-WAN and zone.

DHCPv6 relay does not work on FG-2200E.

GCM ciphers should be supported on SSH management.

xcvrd crashed with signal 11.

Locally-originated DHCP relay traffic on non-default VRF may follow route on VRF 0.

sentbyte of NTP on local traffic log shows as 0 bytes, even though NTP client receives the packet.

Header line that is not freed might cause system to enter conserve mode in a transparent mode deployment.

When changing time zone on FG-101E, get Failed to set SMC timezone message.

More than usual NTP client traffic caused by frequent DNS lookups and NTP sync for new servers, which happens quite often on some global NTP servers.

High CPU usage issue caused by high depth expectation sessions in the same hash table slot.

Automatically logged out of CLI when trying to configure STP due to /bin/newcli crash.

Failed to set ping-option source to Auto.

Number of resource records is limited to 16384 on DSN server.

After a reboot of the PPPoE server, the FortiGate (PPPoE clients, 35 clients) keeps flapping (connection down and up) for a long time before connecting successfully.

FortiCarrier 3000D kernel panic when establishing GTP tunnel.

IPv6 push update fails.

SNMP failed to retrieve HA cluster secondary information from secondary serial number in TP mode.

A single IP existing in IP range format may cause some issues in other daemons.

SMC NTP functions are enabled on some of the models that do not support the feature.

Get kernel panic when creating VLAN on GENEVE interface.

xcvrd attaches shared memory multiple times causing huge memory consumption.

FortiOS is not sending out IPv6 router advertisements from the link-local addresses added on the fly.

Many no session matched logs while managing FortiGate.

ip6-extra-addr does not perform router advertisement after reboot in HA.

Host header has been added to the HTTP 1.0 request for CRL file.

Long delay and cmdbsvr at 100% CPU consumption when modifying address objects and address groups via GUI or REST API.

Policies were removed after an upgrade in NGFW policy mode. Error message that Maximum number of entries has been reached.

Service group lost default members when restoring a configuration file via VDOM.

The FortiToken Mobile push functionality on the FortiGate lacks the ability to map to a custom SSL certificate.

De-authentication of RSSO user does not clear the login from the motherboard.

Non-RSSO RADIUS server shows in FSSO GUI, which should only show RSSO RADIUS servers.

Local FSSO poller regularly missing logon events.

SSO admin with a user name over 35 characters cannot log in after the first login.

Creating SCEP enrollment in context global no longer seems to work if VDOM is configured as the management VDOM.

Wrong categorization of OS from device detection.

Brief connectivity loss on shared service when RDP session is logged in to from local device.

Authentication list entry is not created/updated after changing the client PC with another user in FSSO polling mode.

The session to the SQL database is closed as timeout when a new user logs in to terminal server.

fnbamd takes high CPU usage and user not able to authenticate.

Mobile token authentication does not work for SSL VPN on SOC3 platforms.

Affected models include: FG-60E, FG-60E-POE, FG-61E, FG-80E, FG-80E-POE, FG-81E, FG-81E-POE, FG-100E, FG-100EF, FG-101E, FG-140E, FWF-60E, FWF-61E.

FortiGate does not send user IP to TACACS server during authentication.

GUI RADIUS test fails with vdom-dns configuration.

Gmail POP3 authentication fails with certificate error since version 6.0.5.

RADIUS state attribute truncated in access request when using third-party MFA (ping ID).

Client PC matching multiple authentication methods (firewall, FSSO, RSSO, WSSO) may not be matched to NGFW policies correctly.

No source IP option available for OCSP certificate checking.

Two-factor LDAP and token authentication silently fails for users with many memberships.

UPN extraction does not work for particular PKI.

Device identification of LLDP on an aggregate does not work.

Admin GUI login makes the FortiGate unstable when there are lots of devices detected by device identification.

URL redirection is not supported when making up a certificate chain list.

Guest user log in expires after first log in and no longer works; user is not removed from the firewall authentication list after the set time.

Deny log messages do not contain the username and group information.

Guest user groups cannot be deleted.

auth-concurrent setting in user group is not working as expected.

FortiClient server certificate in FSSO CA uses weak public key strength of 1024 bits and certificate expiring in May 2020.

FortiGate does not respond to disclaimer page request when traffic hits a disclaimer-enabled policy with thousands of address objects.

Application cloudinitd has signal 11 crash on FortiGate-VM64-GCP.

Azure SDN connector tries querying invalid FQDN when using Azure Stack integrated systems.

Only one CPU core in AWS is being used for traffic processing.

gui-wanopt cache missing under system settings after upgrading a FortiGate VM with two disks.

In Azure SDN, the firewall address filter cannot fetch the secondary public and private IP addresses of the NICs.

vMotion tasks cause connections to be dropped as sessions related to vMotion VMs do not appear on the destination VMX.

Add missing AWS HA failover error log and set firewall.vip/vip46/vip6/vip64 not syncing when cross zone HA is configured.

FG-VM-OPC unable to failover the route properly during failover.

OpenStack PCI pass through sub-interface VLAN cannot receive traffic.

Should replace GUI option to register to FortiCare from AWS PAYG with link to portal for registration.

New FGCP primary device is not updated in AWS route tables to reference the correct ENI.

In the cluster setup, secondary unit can have different fingerprint for the OCI SDN connector, which can cause unit to fail to connect to the OCI metatdata server properly.

EIP assigned to the secondary IP address on the OCI does not fail over during HA failover.

EIP does not failover if the primary FortiGate is rebooted or stopped from the Alibaba Cloud console.

FGCP cluster member reboots in infinite loop and hatalk daemon dumps the core with segmentation fault.

FG-VM image unable to be deployed on AWS with additional HDD (st1) disk type.

Azure SDN connector unable to connect to Azure Kubneretes integrated with AAD.

VM deployed in ESX platform with VMXNET3 does not show the correct speed and duplex settings.

FG-VM-LENC unable to validate new license.

Azure FortiGate crashing frequently when MLX4 driver RX jumbo.

VLAN not working on FortiGate in a Hyper-V deployment.

Allow PAYG AWS VM to bootstrap the configuration first before acquiring FortiCare license.

Azure FortiGate-VM (BYOL) unable to boot up when loading a lower vCPU license than the instance's vCPU.

Azure autoscale not syncing after upgrading to 6.2.2.

In Alibaba Cloud, multiple VPC route entries fail to switch when HA fails over.

HA not fully failing over when using OCI.

FG-VM64-AWS not responding to ICMP6 request when destination IPv6 address is in the neighbor cache entry.

Enabling or disabling SR-IOV under vNIC creates duplicate MAC addresses and extra interfaces on the FortiGate.

If central-management server is set to FortiManager IP address and FortiGuard update-server-location is set to usa, the FOS-VM is able to get web filter license and server list from FortiManager, but the GUI shows the service availability as down.

Unable to bypass self-signed certificates on Chrome in macOS Catalina.

Static routes are not in sync on FortiGate Azure.

FG-VM-AZURE fails to bootup due to rtnl_lock deadlock.

Race condition may prevent FG-VM-Azure from booting up because of deadlock when processing NETVSC offering and vPCI offering at the same time.

FortiGate VM Azure in HA has unsuccessful failover.

License validation failure log message missing when using FortiManager to validate a VM.

HA secondary member instance shuts down due to RAM difference after stopping/starting the cluster instances.

AWS-PAYG in HA setup can lose its VM license after rebooting with certain setup.

VIP in autoscale on GCP not syncing to other nodes.

E1000 network adapter will be deleted if there is a VMXNET3 network adapter.

API call to associate elastic IP is triggered only when the unit becomes the primary device.

License validation failure log message missing when using FortiManager to validate a VM.

IP pools are synchronized in FortiGate Azure HA.

Very hard to download image for FG-AWSONDEMAND from FDS.

SIP ALG generates a VoIP session with wrong direction.

SDP information fields are not being NATted in multipart media encapsulation traffic.

Add support for Cisco IP Phone keepalive packet.

voipd process crash.

Proxy web filtering blocks innocent sites due to urlsource="FortiSandBox Block".

In NGFW mode, Security Profiles GUI is missing Web Rating Overrides page.

Wrong web filter category when using flow-based inspection.

Administrator logged in with web filter read/write privilege cannot create or edit web filter profiles in the GUI.

Cannot enter a name for a web rating override and save—error message appears when entering the name.

Unable to allow specific YouTube channel when all other YouTube channels or videos are blocked.

When editing a FortiAP profile on the FortiGate web UI, the previously selected SSID group(s) cannot be displayed.

FortiWiFi working as client mode cannot see and connect to the hotspot SSID from iOS devices.

When FortiAP is managed with cross VDOM links, the WiFi client cannot join to SSID when auto-asic-offload is enabled.

darrp-optimize-schedules configurations move to the global settings instead of VDOM.

Kernel panic observed on FWF-60E.

Errors pop up while creating or editing as SSID.

WPA2-Enterprise SSID should support acct-all-servers setting in RADIUS to send accounting messages to all servers.

FortiAP unable to connect to FortiGate via IPsec VPN tunnel with dtls-policy clear-text.

FortiOS GUI cannot support FAP-U431F and FAP-U433F profiles.

Workaround: Edit wtp-profile of FAP-U431F and FAP-U433F in the CLI.

hostapd (wpad_ac) crashed while removing RADIUS accounting servers.

Tunnel mode SSID packet loss seen from FAP-U24JEV and 800 connected APs.

Captive portal (disclaimer) redirect not working for Android phones.

Auto-generated consolidated policy should skip saving in configuartion file/CMDB.

cw_acd crashes multiple times.

FortiAPs not shown in the GUI.

FortiGate in transparent mode cannot manage FortiAP devices successfully.

Unable to perform COA with device MAC address for 802.1x wireless connection when use-management-vdom is enabled.

When upgrading from 5.6.9 to 6.0.8, channels 120, 124, and 128 are no longer there for NZ country code.

Interim accounting update message was not sent after acct-interim-interval was set from 0 if the RADIUS server was used.

Packet loss over CAPWAP tunneled SSID.

FortiOS 6.4.0 is no longer vulnerable to the following CVE Reference:

• CVE-2020-12812

FortiOS 6.4.0 is no longer vulnerable to the following CVE Reference:

• CVE-2019-15706

FortiOS 6.4.0 is no longer vulnerable to the following CVE Reference:

• CVE-2019-17656

FortiOS 6.4.0 is no longer vulnerable to the following CVE Reference:

• CVE-2020-6648