scanunit crashes with signal 11 in dlpscan_mailheader when AV scans files via IMAP.

Web proxy should support forward server on TLS 1.3 certificate inspection connection.

IP pool address in proxy policy is not used sometimes when enabling a security profile.

Traffic not matched by security policy when using service groups in NGFW policy mode.

Move command in firewall service category does not work.

Monitor page display incorrect virtual server entries for IPv6, VIP46, and VIP64; right-clicking gives an error.

Reorder function on Authentication Rules page does not work.

User cannot log in to GUI when password change is required and has pre-login or post-login banner enabled or FIPS mode.

BGP configuration gets applied on the wrong VDOM if user switches VDOM selection in between operations (slow GUI).

GUI response is very slow when accessing IPsec Monitor (api/v2/monitor/vpn/ipsec is taking a long time).

HA warning message remains after primary device takes back control.

Status button in Tunnel column on IPsec Tunnels page should be removed.

When sorting the interface list by the Name column, the ports are not always in the correct order (port10 appears before port2).

Interface status is not displayed on faceplate when viewed from System > HA page.

GUI does not allow multiple IPsec tunnels with the same destination IP bound to the same interface but sourced from a different IP.

GUI CMDB API to support case sensitive/insensitive filtering.

Custom admin profile not showing logs as expected.

Disabling the Idle Logout toggle on the SSL-VPN Settings page does not change the idle timeout setting, so the change does not persist after clicking Apply.

Cannot add wildcard FQDN address into group in Edit SSL/SSH Inspection Profile page.

Page gets stuck and message field is blank when doing policy lookup with a non-IP protocol.

Interface bandwidth widgets for WAN, PPPoE and VDOM link interfaces are not loading.

On POE devices, several sections of the GUI take over 15 seconds to fully load.

Server certificate does not load into IPS after configuring SSL inspection profile in replace mode.

Software switch members and their VLANs are not visible in the GUI interfaces list.

GUI not displaying PoE total power budget on FOS 6.2.3.

In a HA system, the two FortiGates cannot sync when enabling vcluster2 and adding a CRL file on vcluster2 VDOM.

HA sync has high CPU due to large number of IPv6 routes.

Connectivity issue between Azure App and MySQL server. FortiGate is marking the SYN packet with ECN=CE flag.

HA cannot display status in GUI when heartbeat cables reconnect.

Ether-type HA cannot be changed.

It takes up to 10 seconds to get NPU VDOM link up when rebooting primary unit.

Out of sync issue caused by firewall address group member is either duplicated or out of order.

ADVPN cannot establish after primary ISP has recovered from failure and traffic between spokes is dropped.

ADVPN one spoke behind NAT shortcut cannot connect to another spoke that is not behind NAT.

L2TP over IPsec tunnel establishes but traffic cannot pass because wrong interface gets in route lookup.

ADVPN shortcut cannot establish if both spokes are behind NAT.

OCVPN errors showing in logs when OCVPN is disabled.

Five fields (devtype, devcategory, mastersrcmac, srcmac, srcserver) are not included in the traffic log.

FG-AWS unable to view log from FortiAnalyzer.

Log ID 20114 missing in FGT_log_reference.xml and text.html.

Inconsistent log output relating to the local-in policy.

FortiGate did not change the time after daylight saving time.

Application WAD crash several times due to signal alarm.

ISDB static route cannot be active for proxy policy.

In FortiGate with squid configuration (proxy chain), get ERR_SSL_PROTOCOL_ERROR when using Google Chrome with certificate/deep inspection.

Abbreviated handshake randomly receives fatal illegal_parameter against zendesk.com services/sites.

WAD failed to do an error handling for bypass case.

WAD crashes every few minutes.

AV profiles block WSUS service.

In transparent proxy policy with authentication on corporate firewall, it shows Access Denied after authentication.

Application WAD crash several times due to signal alarm.

On some smaller models, WAD watchdog times out when there is a lot of SSL traffic.

FTP-TP reaches high memory usage and triggers conserve mode.

Firewall does not handle 308 redirects properly for threat feed list.

WAD crashes when all of these conditions are met: policy is doing deep inspection, SNI in client hello is in the exempt list, server certificate CNAME is not in the exempt list.

BFD/BGP dropping when outbandwidth is set on interface.

Policy route does not apply to local-out traffic.

Policy route should not kick in for destination exclude-member.

With multiple PPPoE links, local traffic to a link will cause RPF check fail if priority of the route is higher than the distance.

Link health monitor with HTTP/TCP echo cannot send out probe packets in the setting interval when the server is unreachable.

Cannot ping old VRIPs when adding new VRIPs.

Disabling SD-WAN service caused no outgoing path to be recorded duplicate times.

The single BGP update message contains the same prefix in withdrawn routes and NLRI (advertised route).

SD-WAN rules created using ISDB do not match/forward via the correct interface.

set dscp-forward option is missing when using maximize bandwidth strategy in SD-WAN rule.

Security Fabric Settings page sometimes cannot load FortiSandbox URL threat detection version despite FortiSandbox being connected.

Automation stitch traffic is sent via mgmt with ha-direct to AWS Lambda after upgrading from 6.0.9 to 6.2.3.

SSH as automation action is not working as expected.

SSL VPN group bookmarks shown only for the first matched policy.

Use jQuery to customize FortiGate SSL VPN log in page.

SSL VPN web access prompts for certificate authentication irrespective of realm.

SMB/CIFS bookmark name gets scrambled if it contains special characters like space, backslash, colon, etc.

Internal website is not accessible from SSL VPN due to some Sage X3 JS files with errors.

Host check related settings should not be skipped when IPv6 tunnel mode is enabled.

RDP over web mode SSL VPN to a Windows Server changes the time zone to GMT.

SSL VPN bypassing logon count limit with different case in user name.

SSL VPN SNI realm check does not work as expected when accessing non-specified SNI.

SSL VPN web mode has problem accessing EPX website.

Traffic cannot pass through FortiGate in SSL VPN web mode if the user is a PKI peer.

Important GUI pages in 6.4.0 are not rendered well by SSL VPN portal.

Web socket using socket.io could not be established through SSL VPN web mode.

Cannot access, read, or download SharePoint 2019 or OneDrive documents; times out.

Local user assigned with FortiToken cannot log in to SSL VPN web/tunnel mode when password change is required.

Traffic cannot pass through FortiGate for SSL VPN web mode if the user is a PKI peer.

https://outlook.office365.com cannot be accessed in SSL VPN web portal.

FortiGate reverts default values of text on buttons in SSL VPN log on page.

SSL VPN web mode has access problem for engage.leithaeusl website.

Split-tunnel information is not recognized by FortiClient Linux and legacy forticlientsslvpn_linux.

File downloaded from SFTP server of SSL VPN portal is sometimes falsified.

SSL VPN user groups are corrupted in auth list when the user is a member of more than 100 groups.

Adding FQDN routing address in split tunnel configuration injects single route in client for multiple A records.

SSL VPN web mode not displaying full customer webpage after logging in.

Pages could not be shown after logging in to back-end application server.

An internal website via SSL VPN web portal failed to load an external resource.

SSL VPN web mode does not completely load the redirected corporate SSO page when accessing an internal resource.

After SSL VPN proxy, one JS file runs with error.

FortiClient SSL VPN split tunnel is not working from macOS Catalina.

Riverbed SteelCentral AppResponse login form is not displaying in SSL VPN web mode.

sslvpnd crashing with signal 7 on get_free_idx.

SSL VPN connection was used when the DTLS UDP packet process failed and connection was destroyed.

SAP portal link is not working in SSL VPN web mode.

Online Excel file could not be displayed in SSL VPN web mode.

In web mode, after entering the username/password in back-end application server, logging in, and waiting for a while, the URL automatically changes to a direct connection to the back-end.

Traffic cannot pass when SAML user logs in to SSL VPN portal with group match.

FortiSwitch trunk configuration sync issue after FortiGate failover.

When system is in an extremely high memory usage state (~90%), a power supply status Power supply 1 AC is lost might be mistakenly logged.

NP6 VLAN LACP-based interface RX/TX counters not increasing.

Secondary members of a redundant interface process frames creating duplicates when NP6 offload is enabled.

Potential memory leak triggered by FTP command in WAD.

SMC time has big drift after running a long time without rebooting.

Low throughput on FG-2201E for traffic with ECN flag enabled.

When a LAG is created between 10 GE SFP+ slots and 25 GE SFP28/10 GE SFP+ slots, only about 50% of the sessions can be created. Affected models: FG-110xE, FG-220xE, and FG-330xE.

Uninitialized variable that may potentially cause httpsd signal 6 and 11 crash issue.

Traffic with priority field fails to traverse NP6 shaper.

Crashes might happen due to CMDB query allocation failure causing a segmentation fault.

Empty VIP groups allowed when restoring a configuration file.

Fortinet_CA is missing in FG-3400E.

The FG-800D HA LED is off when HA status is normal.

fgfmsd crash due to REST agent.

Proxy ARP configuration not loaded after interface shut/not shut.

Purge policy is very slow when the number of policies is close to the maximum.

FortiGate not entering A records in shadow DNS database for cross-subdomain CNAME requests.

TCP SYN-ACK sent to different gateway when proxy-based UTM profiles are used.

source-ip under system fortiguard is not taken for directregistration.fortinet.com when using Register with FortiCare window.

Unable to handle kernel NULL pointer dereference at 000000000000008f.

Auto-script output file size over 400 MB when configured output size is default 10 MB.

Sessions authenticated by email time out by the policy timeout, which is much shorter than the timeout used by email/MAC authentication in the original pre-6.0 behavior.

Sessions are removed from session table when FSSO group order is changed.

FortiOS does not prompt for token when using RADIUS and two-factor authentication to connect to IPsec IKEv2.

FortiOS does not understand CMPv2 grantedWithMods response.

Captive portal exemption after upgrading the device from 6.2.2 to 6.2.3.

Persistent sessions for de-authenticated users.

Two-factor authentication using FortiClient SSL VPN and FortiToken Cloud is not working due to push notification delay.

src-vis crashes on receipt of certain ONVIF packets.

Fix IoT daemon segfault crashes.

fnbamd is not sending Calling-Station-Id in Acces-Request for L2TP/IPsec since 5.4.0.

GUI and CLI interface dropdown lists are inconsistent.

Unable to update routing table for a resource group in a different subscription for Azure SDN.

Azure VM IPsec VPN crashed with mlx5 driver (to_HUB1: hw csum failure).

azd keeps crashing if Azure VM contains more than 15 tags.

Cross-zone HA breaks after upgrading to 6.4.0 because upgrade process does not add relevant items under vdom-exception.

Azure changes FPGA for Accelerated Networking live and VM loses SR-IOV interfaces.

RAS helper does not NAT the port 1720 in the callSignalAddress field of the RegistrationRequest packet sent from the endpoint.

Remove XOR from FortiGuard communications from URL filter, spam filter, and AV query.

Custom replacement message is not shown when using web filter.

FSSO users cannot proceed on web filter warning page in flow-based inspection.

Group name missing on web filter warning page in proxy-based inspection.

Filtering Services Availability status is down on the GUI when HTTP/80 is used for web filtering rating service.

Only the first Fortinet-Group-Name VSA is evaluated in authorized firewall WSSO users.