Enabling or disabling a vcluster causes some backup routes (proto = 20) to be lost when a routing table has a significant amount of routes (over 10000 routes).

If the secondary reboots, after it rejoins the cluster SIP sessions are not resynchronized.

After shutting down FortiGate, the system automatically boots up again.

On the Policy & Objects > Traffic Shaping page, when deleting or creating a shaper, the counters for the other shapers are cleared.

When the FortiGate has thousands of addresses and hundreds address groups, the GUI can take a few minutes to search for a specific address inside the address group dialog.

Workaround: User can create the address group in the CLI instead by using the exact address name. User can also perform a search in the CLI using a partial match. For example:

config firewall addrgrp
    edit address_group
        set member <pattern>?
    next
end

After a failover, ARP entries are removed from all slots when an ARP query of single slot does not respond.

FortiGate 7000E IPv6 routes may not be synchronized correctly among FIMs and FPMs.

On FortiGate 6000 models, a CPU usage issue occurs in the node process when navigating a policy list with a large number (+7000) of policies in a VDOM.

After an HA failover, there is no IPsec route in the kernel.

On FortiGate 7000, if gtp-mode is enabled and then disabled, after disabling gtp-enhanced mode and rebooting the device, traffic is disrupted on the FIM and cannot be recovered.

Workaround: downgrade to version 7.2.x or 7.4.3.

On the FortiGate 7000F platform with virtual clustering enabled and syslog logging configured, when running the diagnose log test command from a primary vcluster VDOM, some FPMs may not send log messages to the configured syslog servers.

On FortiGate, IPv6 VRF routing tables appear under the new and old FPC primary units when the primary FPC slot is changed.

CSF is not working as expected.

When viewing entries in slide-out window of the Policy & Objects > Internet Service Database page, users cannot scroll down to the end if there are over 100K entries.

FortiGate in an HA setup has an unnecessary primary unit selection when a new member joins or reboots one member in the VC cluster when the VC has more than 2 units.

On FortiGate's in an HA environment, DHCP clients can not connect to the DHCP server.

NPD/LPMD cannot differentiate the different VRFs, and considers all VRFs as 0.

The parse error, NPD-0:NPD PARSE ADDR GRP gmail.com MEMBER ERR, appears after rebooting the system.

FortiGate does not choose a random port when set to random mode.

FG-4201F has a 10% performance drop during a CPS test case with DoS policy.

When Hyperscale logging is enabled with multicast log, the log is not sent to servers that are configured to receive multicast logs.

After FTP traffic passes, the npu-session stat does not display the accurate amount of actual sessions on FortiGate.

Traffic over GRE tunnel over IPsec tunnel, or traffic over IPsec tunnel with GRE encapsulation is not offloaded on NP7-based units.

GRE over IPsec does not work in transport mode.

CPU usage issues occurred when IPsec VPN traffic was received on the VLAN interface of an NP7 vlink.

CPU usage issue in WAD caused by a high number of devices being detected by the device detection feature.

After deauthorizing a downstream FortiGate from the System > Firmware & Registration page, the page may appear to be stuck to loading.

Workaround: perform a full page refresh to allow the page to load again.

FortiGate experiences a CPU usage issue in the node process when there multiple administrator sessions running simultaneously on the GUI in a Security Fabric with multiple downstream devices. This may result in slow loading times for multiple GUI pages.

FGR-70F and FGR-70F-3G4G failed to perform regular reboot process (using execute reboot command) with an SD card inserted.

FortiGate 60F and 61F models may experience a memory usage issue during a FortiGuard update due to the ips-helper process. This can cause the FortiGate to go into conserve mode if there is not enough free memory.

Workaround: User can disable CP acceleration to reduce the memory usage.

config ips global
    set cp-accel-mode none
end

On FortiGate 601F models, the X5 - X8 interfaces with 25G SFP28 DAC are down after upgrading to version 7.4.4 or later.

After an interface role change, the updated role does not show in the le-switch member list.

When restoring an FortiGate, the 7.4.1 config file with deprecated Inline CASB entries displays errors messages and causes the confsyncd to not function as expected.

On the User & Authentication > User Definition page, when a remote LDAP user with Two-factor Authentication enabled and Authentication type FortiToken tries to access the internet through firewall authentication, the web page does not receive the FortiToken notification or proceed to authenticate the user.

Workaround: click the Continue button on the authentication page after approving the FortiToken on the mobile device.

NTLM authentication does not work with Chrome.

RADIUS group is not properly displayed as used.

VNI length is zero in the GENEVE header when in FTP passive mode.

When there are extra large number of managed FortiAP devices (over 500) and large number of WiFi clients (over 5000), the Managed FortiAPs page and FortiAP Status widget can take a long time to load. This issue does not impact FortiAP operation.

CAPWAP tunnel traffic over tunnel SSID is dropped when offloading is enabled.

Physical and logical topology is slow to load when there are a lot of managed FortiAP devices (over 50). This issue does not impact FortiAP management and operation.

Clients randomly unable to connect to 802.1X SSID when FortiAP has a DTLS policy enabled.

RADIUS accounting data usage is different between the bridge and tunnel VAP.

SMB drive mapping made through a ZTNA access proxy is inaccessible after rebooting.