Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiOS Release Notes

    Home FortiGate / FortiOS 6.4.6 FortiOS Release Notes
    6.4.6
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.10
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.9
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.14
    5.0.13
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2

    Built-in IPS engine

    Built-in IPS engine

    Resolved engine issues

    Bug ID

    Description

    580391

    Unable to create MAC address-based policies in NGFW mode.

    654356

    In NGFW policy mode, sessions are not re-validated when security policies are changed. A workaround is to clear sessions after a policy change.

    662698

    One-arm sniffer logging shows inaccurate SNMP application sent bytes.

    672994

    Web filter warning message does not contain certification chain.

    676705

    Custom IEC-104 application control signatures skipped after signature database update.

    677834

    HTTP traffic is dropped when custom proxy options are applied to a policy.

    681611

    IPS engine crashes (5.218 ips_dlp_alert).

    683669

    Firewall schedule settings are not following daylight saving time.

    688888

    BZIP2 file including EICAR is detected in the original direction of the flow mode firewall policy even though scan-bzip2 is disabled.

    691196

    One-arm IPS URL filter unable to block HTTPS websites.

    695441

    Not getting past block/override page or warning page when doing a web filter override in flow mode.

    695774

    Remote category flow and proxy mode wildcard matching difference

    696619

    FGSP synchronized UDP sessions may be blocked in NGFW policy mode when asymmetric routing is used due to a policy matching failure. Other types of traffic may also be affected (such as TCP) in the case of failover of the reply direction traffic to a different FortiGate in the FGSP cluster.

    696753

    Chassis has multiple IPS crashes and UTM web filter is impacted after enabling web filter content header.

    696811

    IPSA self test failed, disable IPSA! IPSA disabled: self test failed message appears in system event logs.

    696819

    IPS archive timestamp is dated from 1970.

    702142

    File filter monitor blocks files in flow AV if there is a scan error.

    707907

    IPS engine (flow mode deep inspection) does not decrypt some TLS 1.3 sessions, which causes problems with application control detection.

    713068

    FGSP support in NGFW policy mode.

    715136

    High memory usage for some slab objects.

    718452

    set https-replacemsg disable causing connection RST on URLs in URL filter list (flow-based inspection).

    719007

    URL filtering followed by /* causes rating error.

    719252

    IPS engine crash.

    721410

    Unable to open fb.watch website in flow mode using SSL deep inspection with application control.

    721462

    Memory usage increases up to conserve mode after upgrading IPS engine to 5.00239.

    724400

    Facebook.com website gives error in Firefox version 89 with flow mode and deep inspection.

    724767

    Hostname is garbled in event log that is detected by HTTP.Suspicious.Headers.With.Special.Characters.
    Previous
    Next

    Built-in IPS engine

    Built-in IPS engine

    Resolved engine issues

    Bug ID

    Description

    580391

    Unable to create MAC address-based policies in NGFW mode.

    654356

    In NGFW policy mode, sessions are not re-validated when security policies are changed. A workaround is to clear sessions after a policy change.

    662698

    One-arm sniffer logging shows inaccurate SNMP application sent bytes.

    672994

    Web filter warning message does not contain certification chain.

    676705

    Custom IEC-104 application control signatures skipped after signature database update.

    677834

    HTTP traffic is dropped when custom proxy options are applied to a policy.

    681611

    IPS engine crashes (5.218 ips_dlp_alert).

    683669

    Firewall schedule settings are not following daylight saving time.

    688888

    BZIP2 file including EICAR is detected in the original direction of the flow mode firewall policy even though scan-bzip2 is disabled.

    691196

    One-arm IPS URL filter unable to block HTTPS websites.

    695441

    Not getting past block/override page or warning page when doing a web filter override in flow mode.

    695774

    Remote category flow and proxy mode wildcard matching difference

    696619

    FGSP synchronized UDP sessions may be blocked in NGFW policy mode when asymmetric routing is used due to a policy matching failure. Other types of traffic may also be affected (such as TCP) in the case of failover of the reply direction traffic to a different FortiGate in the FGSP cluster.

    696753

    Chassis has multiple IPS crashes and UTM web filter is impacted after enabling web filter content header.

    696811

    IPSA self test failed, disable IPSA! IPSA disabled: self test failed message appears in system event logs.

    696819

    IPS archive timestamp is dated from 1970.

    702142

    File filter monitor blocks files in flow AV if there is a scan error.

    707907

    IPS engine (flow mode deep inspection) does not decrypt some TLS 1.3 sessions, which causes problems with application control detection.

    713068

    FGSP support in NGFW policy mode.

    715136

    High memory usage for some slab objects.

    718452

    set https-replacemsg disable causing connection RST on URLs in URL filter list (flow-based inspection).

    719007

    URL filtering followed by /* causes rating error.

    719252

    IPS engine crash.

    721410

    Unable to open fb.watch website in flow mode using SSL deep inspection with application control.

    721462

    Memory usage increases up to conserve mode after upgrading IPS engine to 5.00239.

    724400

    Facebook.com website gives error in Firefox version 89 with flow mode and deep inspection.

    724767

    Hostname is garbled in event log that is detected by HTTP.Suspicious.Headers.With.Special.Characters.
    Previous
    Next