FortiGate sends traffic to an incorrect port using a wrong source NAT IP address.

Cluster VDOM policy statistics data is not correct when VFID is different for same VDOM on primary/secondary.

SCTP secondary path not working in ECMP context; incorrect expectation session created from auxiliary session.

ICMP reply packets dropped by the FortiGate.

Threats drilldown for Sources, Destinations, and Country/Region (1 hour, 24 hours, 7 days) gives the error, Failed to retrieve FortiView data.

Using the GUI to update a VDOM license fails when the new license has lower VDOM count than the current license.

The help message for gui-dynamic-profile-display is not correct.

When creating a firewall with an invalid subnet mask, an error is not generated.

Managed FortiSwitch and FortiSwitch Ports pages cannot load when there is a large number of managed FortiSwitches.

When disabling Allow Endpoint Registration on the VPN Creation Wizard, the action succeeds, but the error Unable to setup VPN is incorrectly displayed.

Warning message is not displayed when a user configures an interface with a static IP address that is already in use.

When creating a profile group with an SSL/SSH profile of no-inspection, the profile group correctly displays this, but when you edit the profile, certificate-inspection is displayed.

GUI does not allow user to select SSL VPN tunnel when configuring Multicast routing.

GARP is not sent when using the GUI to move a VDOM from one virtual cluster to another. GARP is sent when using the CLI.

FortiGates in an HA A-P configuration may lose GUI access to the HA secondary device after a period of 8 days of inactivity, when at least one static IPv6 address is configured on an interface.

On Dashboard Setup page, changes made by super administrator and administrator of multiple VDOMs should be reflected in all managed VDOMs.

The FortiAnalyzer Cloud card on the Fabric Connectors page displays status as connected when it is not connected.

Web filter profile dialog cannot load URL filter table if there are a lot of URL filters.

The FortiLink Interface pane incorrectly displays high CPU usage and poor health.

GUI does not show the configured external FortiGuard category in the SSL-SSH profile's exempt list.

Unable to print user data for guest management.

Unable to select an address group when configuring Source IP Pools for an SSL VPN portal.

GUI cannot change action for the web-based email category in DNS filter profile.

When refreshing the FortiGuard page, connectivity status for Web Filtering and Anti-Spam incorrectly changes from up to down.

When VDOM is enabled, the GUI cannot be used to edit a remote user group from within the Administrators dialog.

The top charts of the Device Inventory Monitor dashboard are empty when the visualization is set to table view.

Firewall users cannot change their password via web captive portal when password renewal is enforced by the firewall policy for remote users.

GUI interface speed test fails when there are multiple VDOMs.

GUI search does not work in the interface list if DHCP client and range columns are present.

Users cannot deselect Administrative Access options for VLAN interfaces from the GUI; the CLI must be used.

Web CLI console cannot load due to Connection lost if port 8080 is used (HTTP).

When editing the Interface column from the Multicast Policy page, an empty column appears when the any entry is selected from Select Entries and applied. The same occurs from the NAT64 and NAT46 policy pages.

Intermittent GUI process crash if a managed FortiSwitch returns a reset status.

On the System > HA page, GUI tooltip for the reserved management interface incorrectly shows the connecting IP address instead of the configured IP address.

For AV profiles, the outbreak-prevention setting on enabled protocols is not automatically configured when enabling Use External Malware Block List.

Enabling the Dynamic Gateway toggle for a static route fails without warning when the configuration is incorrect.

Date/Time filter does not work on FortiGate Cloud logs.

Editing the LDAP server in the GUI removes the line set server-identity-check disable from the configuration.

Connectivity test for RADIUS server using CHAP authentication always returns failure.

Unable to load web CLI console for LDAP admin with a login name that contains a space.

When multiple favorite menus are configured, the new features video pops up after each GUI login, even though user previously selected Don't show again.

FortiGuard DDNS setting incorrectly displays truncated unique location and empty server selection after saving changes.

FortiSwitch topology is not shown on Managed FortiSwitch page topology view.

After performing a search on firewall Addresses, the matched count over total count displayed for each address type shows an incorrect total count number. The search functionality still works correctly.

The list of firewall schedules displays time based on the browser time, even though the global time preference is set to use the FortiGate system time. The Edit Schedule page does not have this issue.

On SSL-VPN Settings page, the option to send an SSL VPN configuration to a user for FortiClient provisioning does not support showing a domain name for the VPN gateway.

GUI interface bandwidth widget does not show correct data for tunnel interface when ASIC offload is enabled on the firewall policy.

When secondary device reboots, it adds an interface to the virtual switch. Secondary cannot synchronize after it starts, as that interface disappears in system interface and virtual-switch.

The new join-in secondary chassis failed to sync, while primary chassis has 6K policies in one VDOM.

mgmt interfaces are excluded for heartbeat interfaces (even if dedicate-mgmt is not enabled).

HA cluster goes out of sync if SAML SSO admin logs in to the device.

Cannot pass traffic over ADVPN if: tunnel-search is set to nexthop, net-device disable, mode-cfg enable, and add-route disable.

IPsec over DHCP randomly works when net-device is disabled.

OCVPN spoke-to-spoke communication intermittently fails with mixed topology where some spokes have two ISPs and some have one, but the hubs have two.

vwlservice should log the SD-WAN rule and not an internet service; impacts FortiAnalyzer SD-WAN monitor widgets and reports.

WAD memory leak caused by Kerberos proxy authentication.

Need support for SSL VPN web mode traffic to follow SD-WAN rules/policy route.

SD-WAN rule disappears when an SD-WAN member experiences a dynamic change, such as during a dynamic PPPoE interface update.

Slow GUI performance in large Fabric topology with over 50 downstream devices.

When viewing CSF child Dashboard > WiFi from parent FortiGate, GUI reports, Cannot read property 'spectrum_analysis' of undefined.

FortiGate does not send interface configuration to FortiIPAM.

Root FortiGate fails to load Fabric topology if HA downstream device has a trusted device in both primary and secondary FortiGates.

IPAMD causes high memory after a few days as the JSON was not freed.

Redirected URLs do not work in web mode for am***.com.

SSL VPN log entries display users from other VDOMs.

HA cluster not synchronizing when configuring an active LACP with MCLAG via FortiManager.

Out-of order packets for an offloaded multicast stream.

Reboot of FG-1500D in 5.6.x during upgrade causes an L2 loop on the heartbeat interface and VLAN is disabled on switch side.

Interface emac-vlan feature does not work on SoC4 platform.

Wildcard FQDN not resolved on the secondary unit.

Errors during fuzzy tests on FG-1500D.

FortiGate unable to boot with kernel panic by cmdbsvr when VLAN is configured on redundant interface with non-NPU port.

FG-40F/60F kernel panic if upgrading from 6.4.0 due to configuration file having a name conflict of fortilink as both aggregate interface and virtual switch name.

Workaround: back up the 6.4.0 configuration, perform a clean install via TFTP of FortiOS 6.4.2, and restore the 6.4.0 configuration.

A large number of detected devices causes httpsd to consume resources and causes entry-level devices enter conserve mode.

cmdbsvr may crash with signal 11 (segmentation fault) when frequently changing firewall policies.

FG-101F crashed and rebooted when adding vlan-protocol 8021ad VLAN.

Error message shown (get_ha_sync_obj_sig_4dir delete broken symbolic link/etc/cert/ca/5c44d531.0) when upgrading from 6.4.1.

Configuration changes take a long time and cmdbsrv processes use up to 100% CPU.

FGR-60F-3G4G hardware switch span does not work.

The maximum number of IPS supported by each NTurbo load balancer should be 7 instead of 8 on FG-3300E and FG-3301E.

A space after a comma within CN is incorrectly removed during the bind request causing authentication failure (LDAP).

Autoscale GCP health check is not successful (port 8443 HTTPS).

Azure SDN connector replicates configuration from primary device to secondary device during configuration restore.

FG-VMX manager not showing all the nodes deployed.

Merge FIPS ciphers to 6.4.3 and 7.0 trunk (visible to AWS and Azure only).

AWS Fabric connector always uses root VDOM even though it is not a management VDOM.

On FG-AWS, changing health check protocol to tcp-connect causes kernel panic and reboot.

Azure SDN connector filter count is not showing a stable value.

After cloning the OCI instance, the OCID does not refresh to the new OCID.

Should add router policy in vdom-exception list.

Support vfNIC driving for Broadcom 100G NIC.

EIP is not updating properly on FG-VM Azure.

During every FortiGuard UTM update, there is high CPU usage because only one vCPU is available.

HTTPS server certificate is not presented when WiFi controller feature is disabled in Feature Visibility.

Wireless hostapd daemon crashes upon WPA3-SAE connection.

Spectrum analysis disable/enable command removed in CLI from wtp-profile and causing a bottleneck for APs, such as FAP-222C/223C at 100% CPU.

FAP-U431F cannot view what channel is operating, and the override channel setting must be unset to change to a different channel.