Known issues
The following issues have been identified in version 7.0.1. To inquire about a particular bug or report a bug, please contact Customer Service & Support.
Endpoint Control
Bug ID |
Description |
---|---|
730767 |
The new HA primary FortiGate cannot get EMS Cloud information when HA switches over. Workaround: delete the EMS Cloud entry then add it back. |
Firewall
Bug ID |
Description |
---|---|
727790 |
The |
GUI
Bug ID |
Description |
---|---|
440197 |
On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly. |
677806 |
On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status. |
685431 |
On the Policy & Objects > Firewall Policy page, the policy list can take around 30 seconds or more to load when there is a large number (over 20 thousand) of policies. Workaround: use the CLI to configure policies. |
699508 |
When an administrator ends a session by closing the browser, the administrator timeout event is not logged until the next time the administrator logs in. |
707589 |
System > Certificates list sometimes shows an incorrect reference count for a certificate, and incorrectly allows a user to delete a referenced certificate. The deletion will fail even though a success message is shown. Users should be able to delete the certificate after all references are removed. |
708005 |
When using the SSL VPN web portal in the Firefox, users cannot paste text into the SSH terminal emulator. Workaround: use Chrome, Edge, or Safari as the browser. |
713529 |
When a FortiGate is managed by FortiManager with FortiWLM configured, the HTTPS daemon may crash while processing some FortiWLM API requests. There is no apparent impact on the GUI operation. |
720657 |
Unable to reuse link local or multicast IPv6 addresses for multiple interfaces from the GUI. Workaround: use the CLI. |
722832 |
When LDAP server settings involve FQDN, LDAPS, and an enabled server identity check, the following LDAP related GUI items do not work: LDAP setting dialog, LDAP credentials test, and LDAP browser. |
734417 |
GUI incorrectly displays a warning saying there is not a valid upgrade path when upgrading firmware from 7.0.0 or 7.0.1 to 7.0.1 or 7.0.2. |
735248 |
On a mobile phone, the WiFi captive portal may take longer to load when the default firewall authentication login template is used and the user authentication type is set to HTTP. Workaround: edit the login template to disable HTTP authentication or remove the href link to googleapis. |
738027 |
The Device Inventory widget shows no results when there are two user_info parameters. Workaround: use the CLI to retrieve the device list. |
743477 |
On the Log & Report > Forward Traffic page, filtering by the Source or Destination column with negation on the IP range does not work. |
745325 |
When creating a new (public or private) SDN connector, users are unable to specify an Update interval that contains 60, as it will automatically switch to Use Default. |
745998 |
An IPsec phase 1 interface with a name that contains a |
746953 |
On the Network > Interfaces page, users cannot modify the TFTP server setting. A warning with the message This option may not function correctly. It is already configured using the CLI attribute: tftp-server. appears beside the DHCP Options entry. Workaround: use the CLI. |
HA
Bug ID |
Description |
---|---|
701367 |
In an HA environment with multiple virtual clusters, System > HA will display statistics for Uptime, Sessions, and Throughput under virtual cluster 1. These statistics are for the entire device. Statistics are not displayed for any other virtual clusters. |
IPsec VPN
Bug ID |
Description |
---|---|
729879 |
Static IPsec tunnel with signature authentication method cannot be established on FIPS-CC mode FortiGate because the certificate subject verification changes to RDN bitwise comparison based. |
730449 |
SD-WAN service traffic will be interrupted after upgrading to 7.0.1 if all of the following conditions are matched in its 6.4.x configuration:
Workaround: Before upgrading, update the hub and spoke configurations as follows:
|
740624 |
FortiOS 7.0 has new design for dialup VPN (no more route tree in the IPsec tunnel), so traffic might not traverse over the dialup IPsec VPN after upgrading from FortiOS 6.4.6 to 7.0.1, 7.0.2, or 7.0.3 if the server replies on the static route over the dynamic tunnel interface to route the traffic back to the client. Workaround: configure the config vpn ipsec phase2-interface edit <name> set src-subnet <x.x.x.x/x> next end |
761754 |
IPsec aggregate static route is not marked inactive if the IPsec aggregate is down. |
Proxy
Bug ID |
Description |
---|---|
724670 |
Crash seen in WAD user information daemon when updating user group count upon user log off. |
727629 |
An error case occurs in WAD while handling the HTTP requests for an explicit proxy policy. |
735893 |
After the Chrome 92 update, in FOS 6.2, 6.4, or 7.0 running an IPS engine older than version 5.00246, 6.00099, or 7.00034, users are unable to reach specific websites in proxy mode with UTM applied. In flow mode everything works as expected. |
REST API
Bug ID |
Description |
---|---|
731136 |
The following API has a change in response format, which may break backward compatibility for existing integration:
New format results: Old format results: Note that only the response format is changed. The actual configuration restoration operation still works as before. The integration application should handle this new response format so it can return correct response message back to the user. |
Routing
Bug ID |
Description |
---|---|
745856 |
The default SD-WAN route for the LTE wwan interface is not created. Workaround: add a random gateway to the wwan member. config system sdwan config members edit 2 set interface "wwan" set gateway 10.198.58.58 set priority 100 next end end |
Security Fabric
Bug ID |
Description |
---|---|
726831 |
Security rating for Local Log Disk Not Full reporting as failed for FortiGate models without log disks. |
731292 |
Dashboard Security Fabric widget takes a long time to load in the GUI. |
733511 |
Automation stitch trigger count does not update when target device is a downstream device. |
SSL VPN
Bug ID |
Description |
---|---|
718133 |
In some conditions, the web mode JavaScript parser will encounter an infinite loop that will cause SSL VPN crashes. |
757450 |
SNAT is not working in SSL VPN web mode when accessing an SFTP server. |
Switch Controller
Bug ID |
Description |
---|---|
723501 |
When STP is enabled on a hardware switch interface, FortiLink loses its connection to FortiSwitch. |
System
Bug ID |
Description |
---|---|
644782 |
A large number of detected devices causes httpsd to consume resources, and causes entry-level devices to enter conserve mode. |
681322 |
TCP 8008 permitted by authd, even though the service in the policy does not include that port. |
708228 |
A DNS proxy crash occurs during |
715978 |
NTurbo does not work with EMAC VLAN interface. |
728647 |
DHCP discovery dropped on virtual wire pair when UTM is enabled. |
751715 |
Random LTE modem disconnections due to certain carriers getting unstable due to WWAN modem USB speed under super-speed. |
756713 |
Packet loss on the LAG interface (eight ports) using SFP+/SFP28 ports in both static and active mode. Affected models: FG-110xE, FG-220xE, and FG-330xE. |
User & Authentication
Bug ID |
Description |
---|---|
750551 |
DST_Root_CA_X3 certificate is expired. Workaround: see the Fortinet PSIRT blog, https://www.fortinet.com/blog/psirt-blogs/fortinet-and-expiring-lets-encrypt-certificates, for more information. |
754725 |
After updating the FSSO DC agent to version 5.0.0301, the DC agent keeps crashing on Windows 2012 R2 and 2016, which causes lsass.exe to reboot. |
778521 |
SCEP fails to renew if the local certificate name length is between 31 and 35 characters. |
VM
Bug ID |
Description |
---|---|
729811 |
ASG synchronization is lost between secondary and primary instances if the secondary instance reboots. Affected platforms: all public cloud VMs and KVMs. Workaround: run |