Resolved issues

Resolved issues

The following issues have been fixed in FortiGate-6000 and FortiGate-7000 FortiOS 6.4.10 Build 1875. For inquires about a particular bug, please contact Customer Service & Support. The Resolved issues described in the FortiOS 6.4.10 release notes also apply to FortiGate-6000 and 7000 FortiOS 6.4.10 Build 1875.

Bug ID	Description
795313 771680	Configuring SSL VPN Web portals from the GUI now works correctly.
647254 802105 824224	Duplicate IPv4 ECMP routes no longer appear on FPCs or FPMs on the secondary FortiGate-6000 or 7000 in an FGCP cluster.
652140	Resolved an issue with CLI error checking when adding source and destination interfaces to an FGSP session sync filter.
654054 788959	Resolved an issue that could sometimes block incoming SSL VPN traffic terminated by the FortiGate-6000 or 7000.
667328 781548 849570 807476 850498	Resolve multiple issues that caused `unregister_vf` errors. These errors prevented administrators from changing the configuration and could also prevent configuration synchronization between FortiGate-6000s or 7000s in an FGCP HA cluster.
674979	The GUI now shows the correct amount of traffic on FortiGate-6000 HA interfaces.
682426 776795 806056 669211	The `ha-direct` FGCP HA option now works as expected on the FortiGate-6000 and 7000 to allow local out traffic (such as sending log messages out an HA dedicated management interface).
719609	Resolved an issue that blocked fragmented ICMP traffic from passing through EMAC VLAN interfaces.
731710	Resolved an issue with how console baud rate changes are synchronized to FPCs or FIMs and FPMs that caused the console to display unsupported characters after changing the console baud rate.
732009	Resolved an issue that could cause the `quard` process to crash with a signal 11 segmentation fault after adding and deleting multiple VDOMs.
734898	Resolved an issue that could cause the `cmdbsvr` process to crash with a signal 11 segmentation fault when a FortiGate-6000 or 7000 is very busy while making configuration changes.
752402	Resolved an issue that sometimes blocked traffic from passing through a FortiGate 7000F because FortiOS assigned an incorrect MAC address to a VLAN interface.
752558	Resolved an issue that added `DNS Safe Search Enforced` to DNS filter log messages when DNS safe search was not enabled in the DNS filtering profile.
764386	If FortGate-7000F management interfaces are not configured to be FGCP HA heartbeat interfaces or FGSP session synchronization interfaces, you can now assign them IPv6 addresses.
765407	Resolved an issue that prevented using management interfaces on the secondary FIM in a FortiGate-7000F for FGSP heartbeat traffic.
777336	Resolved a FortiGate-7000 issue that could cause local out traffic from FIMs and FPMs to have overlapping SNAT port ranges.
777415 780296 814330 821710 823335 819962	Resolved a number of issues with synchronizing SDN connector information among components within a FortiGate-6000 or 7000 or between FortiGate-6000s or 7000s in an FGCP HA configuration.
778260	DP session monitoring no longer incorrectly refreshes DP IPSec sessions.
779078	Resolved an issue that caused some synchronized sessions to stay in the CLOSE_WAIT state on the secondary FortiGate-6000 or 7000 in an FGCP cluster.
779839	Resolved a memory use issue that could cause deep proxy inspection to use excessive amounts of CPU time.
782338	A single SSL VPN user can no longer tie up multiple client IP addresses, resulting in fewer SSL VPN users being able to get IP addresses than expected.
783689	Resolved an issue that caused FortiGate-6000F DC models with only one DC PSU connected to power to become unstable, causing some FPCs to restart.
784653 827567	Resolved an issue with FortiGate-7000F signature handling that resulted in Fail to append signature error messages and caused the GUI and CLI to indicate that the firmware is not certified.
785815	FPMs no longer display an incorrect checksum message on the console while restarting.
786659	Resolved an issue that caused the `confsyncd` process running on the primary FIM of the primary FortiGate 7121F to crash, preventing configuration changes from synchronizing to the FPMs in the primary FortiGate 7121F.
789847	The CLI no longer allows you to split the FIM-7921F P1 and P2 interfaces. Splitting these interfaces is not supported by the FIM-7921F hardware.
792617 786529	Resolved multiple issues that could cause the `confsyncd` process to crash.
792717 783153	Resolved an issue that caused large numbers of IPsec VPN clients with dead peer detection (DPD) enabled to temporarily block dialup IPsec VPN tunnel traffic.
803536 850974 849618 850924 823970 825031	Resolved multiple issues that could prevent a FortiGate-6000 or 7000 from correctly synchronizing routes after various failover scenarios.
803585	Resolved memory leak issues that could cause a FortiGate-6000 or 7000 to enter conserve mode and become unresponsive because of high memory utilization.
808859	The Security Fabric no longer sends CSF discovery packets when the `log-unification` Security Fabric option is disabled.
809019	Resolved an issue that prevented the secondary FortiGate-6000 or 7000 in an FGCP HA cluster from replying to SNMP queries sent to one of the secondary FortiGate's in-band management IP addresses.
811615	Resolved an issue that prevented GTP tunnels from being synchronized to the secondary FortiGate-7000 in an FGCP HA cluster running FortiOS Carrier after the secondary FortiGate-7000 restarts.
813646	Time zone changes are now successfully synchronized to all FPCs or all FIMs and FPMs.
814698 852406	Multiple improvements to FGSP session synchronization.
816012	The FortiGate-6000 no longer indicates that interfaces configured for 1G speed are always up when the interface socket contains a CR transceiver.
817282	Fixed some `cmdb` and configuration synchronization memory leaks that could cause the FortiGate-6000 management board to experience high memory usage.
819329	Resolved an issue that prevented administrators from pinging the remote interface of a GRE tunnel from the FortiGate-6000 or 7000 CLI.
819521 818058	Resolved an issue that prevented the `miglogdisk_info` file from being updated correctly when a FortiGate-7121F starts up or restarts.The `miglogdisk_info` file that is present on all FIMs and FPMs should be updated by reading current log disk information every time a FortiGate-7121F chassis restarts. This problem also caused FPMs to be out of synchronization.
821125	Resolved an issue with IPsec tunnel synchronization that caused IPsec tunnels to block traffic if the firewall policy included one or more user groups. Traffic would be blocked because the user group id was not being synchronized correctly.
822791 807725 653092 811240 811279	When a FortiGate-6000 and 7000 management interface is configured to be an HA reserved management interface (using the `ha-mgmt-interface` HA option), the interface now correctly reverts to using its own permanent MAC address, instead of using the virtual MAC address assigned to the interface by the FGCP.
822976	Resolved an issue that caused some routes used by IPsec VPNs to be unexpectedly missing from the kernel routing table.
823129	The FortiGate-7121F now correctly forwards all ICMPv6 non-0x80/81 traffic to the primary FPM.
824205	Configuration synchronization problems no longer occur when an FPM completes starting up when no FIMs are running or all FIMs are in the process of starting up.
824789	IPsec tunnels now support authenticating users added to the FortiGate configuration as local users.
826344	Resolved an issue that created duplicate IPsec VPN event log messages.
828072	Resolved an issue that would sometimes mean that UTM security events are not linked to forward traffic logs.
830454	Changing the FPC or FPM that an IPsec tunnel is using can cause traffic in the tunnel to be blocked. The problem is a timing issue, so sometimes traffic will be unaffected when making this configuration change and other times it may be blocked.
830531	The SNMP `sysName` field no longer includes a serial number. The `sysName` field now just returns the host name.
831227 829767	Resolved an issue that could cause a FortiGate-6000 or 7000 to be out of synchronization after deleting or importing certificates.
832121	Resolved an issue that caused IPv6 link-local addresses to not be updated to use HA virtual MAC addresses after enabling FGCP HA.
833488	Resolved a CMDB issue that can cause the `fcnacd` process to add a VDOM during stress testing.
835699	Resolved an issue that caused configuration synchronization looping because incorrect checksums were generated for certificates. As a result, the system would incorrectly determine that certificates were not synchronized and attempt to re-synchronize them.
835847	Resolved an issue that prevented automation stitches from updating the password policy.
839987	Resolved an issue with FGCP HA status synchronization between the management board and FPCs or between FIMs and FPMs that could cause traffic to be blocked. The problem would usually occur after the FortiGate-6000s or 7000s in the cluster restarted (for example, after a firmware upgrade).
840459	The information displayed by the `diagnose load-balance switch stats egress` command is now correct.
841852	Resolved an issue that caused the `confsyncd` process to crash.
841785	Resolved an issue that could prevent FPMs from sending log messages to syslog servers.
843583 806401	Resolved an issue that caused FIM interfaces to have incorrect MAC addresses after reverting from FGCP HA to standalone mode.
844424	A Transceiver is not detected message is no longer displayed for FIM-7921F interfaces for some supported transceivers.
846164	Resolved a FortiGate-6000 issue that caused the DP processor to send IPv6 traffic to the wrong FPC.
846382	FortiGate-7000F FPM front panel interfaces now operate as expected.
847464	Resolved an issue that caused the DNS proxy process running on a FortiGate-6000 management board and on FPCs to use excessive amounts of CPU time when synchronizing wildcard FQDNs.
848609	Resolved an issue that blocked IPv6 VIP traffic.
849022 849787	IPv6 router advertisement (RA) packets received by the management board or primary FIM are now broadcast to all FPCs or FPMs.
850284	Active FTP data sessions are no longer handled by different FPCs or FPMs in the FortiGate-6000s or 7000s in an FGSP cluster.
850831	Resolved an issue that could cause the firewall policy GUI to display statistics for the implicit deny firewall policy when editing any firewall policy.
852500	The FortiGate-6000F management board and FPCs now have the same default IPS socket size. FortiGate-7000 FIMs and FPMs now also all have the same default IPS socket size.
852770	Resolved an issue that could prevent the GUI or CLI from displaying correct information about the transceivers installed in management interfaces.
853079 849650 848879	Resolved multiple issues related to support for EMAC VLAN interfaces.
855552	Resolved an issue that could sometimes prevent administrators from removing quarantined IP addresses from the Quarantine Monitor.
860197	Resolved an issue that could cause users to see an incomplete webfilter override page.

Common vulnerabilities and exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID	CVE references
853448	FortiOS 6.4.10 for FortiGate-6000 and 7000 is no longer vulnerable to the following CVE Reference: FG-IR-22-398 (see: https://fortiguard.com/psirt/FG-IR-22-398).

Bug ID

CVE references

853448

FortiOS 6.4.10 for FortiGate-6000 and 7000 is no longer vulnerable to the following CVE Reference:

FG-IR-22-398 (see: https://fortiguard.com/psirt/FG-IR-22-398).

Resolved issues

Bug ID	Description
795313 771680	Configuring SSL VPN Web portals from the GUI now works correctly.
647254 802105 824224	Duplicate IPv4 ECMP routes no longer appear on FPCs or FPMs on the secondary FortiGate-6000 or 7000 in an FGCP cluster.
652140	Resolved an issue with CLI error checking when adding source and destination interfaces to an FGSP session sync filter.
654054 788959	Resolved an issue that could sometimes block incoming SSL VPN traffic terminated by the FortiGate-6000 or 7000.
667328 781548 849570 807476 850498	Resolve multiple issues that caused `unregister_vf` errors. These errors prevented administrators from changing the configuration and could also prevent configuration synchronization between FortiGate-6000s or 7000s in an FGCP HA cluster.
674979	The GUI now shows the correct amount of traffic on FortiGate-6000 HA interfaces.
682426 776795 806056 669211	The `ha-direct` FGCP HA option now works as expected on the FortiGate-6000 and 7000 to allow local out traffic (such as sending log messages out an HA dedicated management interface).
719609	Resolved an issue that blocked fragmented ICMP traffic from passing through EMAC VLAN interfaces.
731710	Resolved an issue with how console baud rate changes are synchronized to FPCs or FIMs and FPMs that caused the console to display unsupported characters after changing the console baud rate.
732009	Resolved an issue that could cause the `quard` process to crash with a signal 11 segmentation fault after adding and deleting multiple VDOMs.
734898	Resolved an issue that could cause the `cmdbsvr` process to crash with a signal 11 segmentation fault when a FortiGate-6000 or 7000 is very busy while making configuration changes.
752402	Resolved an issue that sometimes blocked traffic from passing through a FortiGate 7000F because FortiOS assigned an incorrect MAC address to a VLAN interface.
752558	Resolved an issue that added `DNS Safe Search Enforced` to DNS filter log messages when DNS safe search was not enabled in the DNS filtering profile.
764386	If FortGate-7000F management interfaces are not configured to be FGCP HA heartbeat interfaces or FGSP session synchronization interfaces, you can now assign them IPv6 addresses.
765407	Resolved an issue that prevented using management interfaces on the secondary FIM in a FortiGate-7000F for FGSP heartbeat traffic.
777336	Resolved a FortiGate-7000 issue that could cause local out traffic from FIMs and FPMs to have overlapping SNAT port ranges.
777415 780296 814330 821710 823335 819962	Resolved a number of issues with synchronizing SDN connector information among components within a FortiGate-6000 or 7000 or between FortiGate-6000s or 7000s in an FGCP HA configuration.
778260	DP session monitoring no longer incorrectly refreshes DP IPSec sessions.
779078	Resolved an issue that caused some synchronized sessions to stay in the CLOSE_WAIT state on the secondary FortiGate-6000 or 7000 in an FGCP cluster.
779839	Resolved a memory use issue that could cause deep proxy inspection to use excessive amounts of CPU time.
782338	A single SSL VPN user can no longer tie up multiple client IP addresses, resulting in fewer SSL VPN users being able to get IP addresses than expected.
783689	Resolved an issue that caused FortiGate-6000F DC models with only one DC PSU connected to power to become unstable, causing some FPCs to restart.
784653 827567	Resolved an issue with FortiGate-7000F signature handling that resulted in Fail to append signature error messages and caused the GUI and CLI to indicate that the firmware is not certified.
785815	FPMs no longer display an incorrect checksum message on the console while restarting.
786659	Resolved an issue that caused the `confsyncd` process running on the primary FIM of the primary FortiGate 7121F to crash, preventing configuration changes from synchronizing to the FPMs in the primary FortiGate 7121F.
789847	The CLI no longer allows you to split the FIM-7921F P1 and P2 interfaces. Splitting these interfaces is not supported by the FIM-7921F hardware.
792617 786529	Resolved multiple issues that could cause the `confsyncd` process to crash.
792717 783153	Resolved an issue that caused large numbers of IPsec VPN clients with dead peer detection (DPD) enabled to temporarily block dialup IPsec VPN tunnel traffic.
803536 850974 849618 850924 823970 825031	Resolved multiple issues that could prevent a FortiGate-6000 or 7000 from correctly synchronizing routes after various failover scenarios.
803585	Resolved memory leak issues that could cause a FortiGate-6000 or 7000 to enter conserve mode and become unresponsive because of high memory utilization.
808859	The Security Fabric no longer sends CSF discovery packets when the `log-unification` Security Fabric option is disabled.
809019	Resolved an issue that prevented the secondary FortiGate-6000 or 7000 in an FGCP HA cluster from replying to SNMP queries sent to one of the secondary FortiGate's in-band management IP addresses.
811615	Resolved an issue that prevented GTP tunnels from being synchronized to the secondary FortiGate-7000 in an FGCP HA cluster running FortiOS Carrier after the secondary FortiGate-7000 restarts.
813646	Time zone changes are now successfully synchronized to all FPCs or all FIMs and FPMs.
814698 852406	Multiple improvements to FGSP session synchronization.
816012	The FortiGate-6000 no longer indicates that interfaces configured for 1G speed are always up when the interface socket contains a CR transceiver.
817282	Fixed some `cmdb` and configuration synchronization memory leaks that could cause the FortiGate-6000 management board to experience high memory usage.
819329	Resolved an issue that prevented administrators from pinging the remote interface of a GRE tunnel from the FortiGate-6000 or 7000 CLI.
819521 818058	Resolved an issue that prevented the `miglogdisk_info` file from being updated correctly when a FortiGate-7121F starts up or restarts.The `miglogdisk_info` file that is present on all FIMs and FPMs should be updated by reading current log disk information every time a FortiGate-7121F chassis restarts. This problem also caused FPMs to be out of synchronization.
821125	Resolved an issue with IPsec tunnel synchronization that caused IPsec tunnels to block traffic if the firewall policy included one or more user groups. Traffic would be blocked because the user group id was not being synchronized correctly.
822791 807725 653092 811240 811279	When a FortiGate-6000 and 7000 management interface is configured to be an HA reserved management interface (using the `ha-mgmt-interface` HA option), the interface now correctly reverts to using its own permanent MAC address, instead of using the virtual MAC address assigned to the interface by the FGCP.
822976	Resolved an issue that caused some routes used by IPsec VPNs to be unexpectedly missing from the kernel routing table.
823129	The FortiGate-7121F now correctly forwards all ICMPv6 non-0x80/81 traffic to the primary FPM.
824205	Configuration synchronization problems no longer occur when an FPM completes starting up when no FIMs are running or all FIMs are in the process of starting up.
824789	IPsec tunnels now support authenticating users added to the FortiGate configuration as local users.
826344	Resolved an issue that created duplicate IPsec VPN event log messages.
828072	Resolved an issue that would sometimes mean that UTM security events are not linked to forward traffic logs.
830454	Changing the FPC or FPM that an IPsec tunnel is using can cause traffic in the tunnel to be blocked. The problem is a timing issue, so sometimes traffic will be unaffected when making this configuration change and other times it may be blocked.
830531	The SNMP `sysName` field no longer includes a serial number. The `sysName` field now just returns the host name.
831227 829767	Resolved an issue that could cause a FortiGate-6000 or 7000 to be out of synchronization after deleting or importing certificates.
832121	Resolved an issue that caused IPv6 link-local addresses to not be updated to use HA virtual MAC addresses after enabling FGCP HA.
833488	Resolved a CMDB issue that can cause the `fcnacd` process to add a VDOM during stress testing.
835699	Resolved an issue that caused configuration synchronization looping because incorrect checksums were generated for certificates. As a result, the system would incorrectly determine that certificates were not synchronized and attempt to re-synchronize them.
835847	Resolved an issue that prevented automation stitches from updating the password policy.
839987	Resolved an issue with FGCP HA status synchronization between the management board and FPCs or between FIMs and FPMs that could cause traffic to be blocked. The problem would usually occur after the FortiGate-6000s or 7000s in the cluster restarted (for example, after a firmware upgrade).
840459	The information displayed by the `diagnose load-balance switch stats egress` command is now correct.
841852	Resolved an issue that caused the `confsyncd` process to crash.
841785	Resolved an issue that could prevent FPMs from sending log messages to syslog servers.
843583 806401	Resolved an issue that caused FIM interfaces to have incorrect MAC addresses after reverting from FGCP HA to standalone mode.
844424	A Transceiver is not detected message is no longer displayed for FIM-7921F interfaces for some supported transceivers.
846164	Resolved a FortiGate-6000 issue that caused the DP processor to send IPv6 traffic to the wrong FPC.
846382	FortiGate-7000F FPM front panel interfaces now operate as expected.
847464	Resolved an issue that caused the DNS proxy process running on a FortiGate-6000 management board and on FPCs to use excessive amounts of CPU time when synchronizing wildcard FQDNs.
848609	Resolved an issue that blocked IPv6 VIP traffic.
849022 849787	IPv6 router advertisement (RA) packets received by the management board or primary FIM are now broadcast to all FPCs or FPMs.
850284	Active FTP data sessions are no longer handled by different FPCs or FPMs in the FortiGate-6000s or 7000s in an FGSP cluster.
850831	Resolved an issue that could cause the firewall policy GUI to display statistics for the implicit deny firewall policy when editing any firewall policy.
852500	The FortiGate-6000F management board and FPCs now have the same default IPS socket size. FortiGate-7000 FIMs and FPMs now also all have the same default IPS socket size.
852770	Resolved an issue that could prevent the GUI or CLI from displaying correct information about the transceivers installed in management interfaces.
853079 849650 848879	Resolved multiple issues related to support for EMAC VLAN interfaces.
855552	Resolved an issue that could sometimes prevent administrators from removing quarantined IP addresses from the Quarantine Monitor.
860197	Resolved an issue that could cause users to see an incomplete webfilter override page.

Common vulnerabilities and exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID	CVE references
853448	FortiOS 6.4.10 for FortiGate-6000 and 7000 is no longer vulnerable to the following CVE Reference: FG-IR-22-398 (see: https://fortiguard.com/psirt/FG-IR-22-398).

Bug ID

CVE references

853448

FortiOS 6.4.10 for FortiGate-6000 and 7000 is no longer vulnerable to the following CVE Reference:

FG-IR-22-398 (see: https://fortiguard.com/psirt/FG-IR-22-398).

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

FortiGate-6000 and FortiGate-7000 Release Notes

Resolved issues

Common vulnerabilities and exposures

Resolved issues

Resolved issues

Common vulnerabilities and exposures