Resolved issues
The following issues have been fixed in version 7.0.12. To inquire about a particular bug, please contact Customer Service & Support.
Application Control
Bug ID |
Description |
---|---|
857632 |
Unable to access to some websites when application control with deep inspection is enabled. |
DNS Filter
Bug ID |
Description |
---|---|
871854 |
DNS UTM log still presents unknown FortiGuard category even when the DNS proxy received a rating value. |
878674 |
Forward traffic log is generated for allowed DNS traffic if the DNS filter is enabled but the policy is set to log security events only. |
Firewall
Bug ID |
Description |
---|---|
804603 |
An httpsd singal 6 crash occurs due to |
GUI
Bug ID |
Description |
---|---|
750727 |
Applying a negate for the Application Name column in the log viewer is not working as expected. |
827893 |
Security rating test for FortiCare Support fails when connected to FortiManager Cloud or FortiAnalyzer Cloud. |
862474 |
IPsec tunnel interface Bandwidth widget inbound is zero and outbound value is lower than the binding interface. |
890683 |
GUI being exposed to port 80 on the interfaces defined in the ACME settings, even if administrative access is disabled on the interface. |
897004 |
On rare occasions, the GUI may display blank pages when the user navigates from one menu to another if there is a managed FortiSwitch present. |
HA
Bug ID |
Description |
---|---|
846015 |
First ICMP redirected from FGSP secondary is dropped on FGSP primary when UTM is enabled. |
868622 |
The session is not synchronized after HA failover by detecting monitored interface as down. |
872686 |
Configuration backup on standby unit fails when using SFTP. |
881847 |
HA interfaces flapping on FG-3401E. |
883546 |
In HA, sending lot of CLI configurations causes the creation of a VDOM on the secondary unit. |
Intrusion Prevention
Bug ID |
Description |
---|---|
810783 |
The number of IPS sessions is higher than kernel sessions, which causes the FortiGate to enter conserve mode. |
839170 |
Improvements to IPS engine monitor to resolve an error condition during periods of heavy traffic loads. |
IPsec VPN
Bug ID |
Description |
---|---|
788751 |
IPsec VPN Interface shows incorrect TX/RX counter. |
855705 |
NAT detection in shortcut tunnel sometimes goes wrong. |
858681 |
When upgrading from 6.4.9 to 7.0.6 or 7.0.8, the traffic is not working between the spokes on the ADVPN environment. |
873097 |
Phase 2 not initiating the rekey at soft limit timeout on new kernel platforms. |
885818 |
If a tunnel in an IPsec aggregate is down but its DPD link is on, the IPsec aggregate interface may still forward traffic to a down tunnel causing traffic to drop. |
891462 |
The Peer ID field in the IPsec widget should not show a warning message that Two-factor authentication is not enabled. |
892699 |
In an HA cluster, static routes via the IPsec tunnel interface are not inactive in the routing table when the tunnel is down. |
898456 |
NP7 devices become unresponsive until power cycle with |
Log & Report
Bug ID |
Description |
---|---|
823183 |
FortiGates are showing Logs Queued in the GUI after a FortiAnalyzer reboot, even tough the queued logs were actually all uploaded to FortiAnalyzer and cleared when the connection restores. |
837116 |
FortiCloud log statistics chart on the Log Settings page shows incorrect data. |
838253 |
FortiAnalyzer log statistics chart on the Log Settings page shows incorrect data. |
857573 |
Log filter with negation of destination IP display all logs. |
860141 |
Syslog did not update the time after daylight saving time (DST) adjustment. |
864219 |
A miglogd crash occurs when creating a dynamic interface cache on an ADVPN environment. |
901545 |
FG-40F/FWF-61F halts after upgrading. |
918571 |
The log_se process resource utilization is causing a network outage. |
Proxy
Bug ID |
Description |
---|---|
727629, 901296 |
An error case occurs in WAD while handling the HTTP requests for an explicit proxy policy. |
796150, 857507 |
When a server sends a connection close response too early, traffic from the client may be interrupted inadvertently before the request is completed. |
874563 |
User information attributes can cause disruption when they are not properly merged. |
893022 |
Proxy ARP returns no response. |
Routing
Bug ID |
Description |
---|---|
821149 |
Early packet drop occurs when running UTM traffic on virtual switch interface. |
858299 |
Redistributed BGP routes to the OSPF change its forward address to the tunnel ID. |
863318 |
Application forticron signal 11 (Segmentation fault) occurs. |
864626 |
FortiGate local traffic does not follow SD-WAN rules. |
883918 |
Delay in joining |
884372 |
All BGP routes in dual ADVPN redundant configuration are not getting updated to the correct WAN interface post-rollback to WAN failover. |
890379 |
After upgrading, SD-WAN is unable to fail over the traffic when one interface is down. |
897940 |
Link monitor's probe timeout value range is not appropriate when the user decreases the minimum interval. |
Security Fabric
Bug ID |
Description |
---|---|
825291 |
Security rating test for FortiAnalyzer fails when connected to FortiAnalyzer Cloud. |
853406 |
External resource full certificate check does not validate certificate when URI is an IP address. |
SSL VPN
Bug ID |
Description |
---|---|
781581 |
Customer internal website is not shown correctly in SSL VPN web mode. |
868491 |
SSL VPN web mode connection to VMware vCenter 7 is not working. |
871039 |
Internal website is not displaying user-uploaded PDF files when visited through SSL VPN web mode. |
872745 |
SSL VPN web mode to RDP broker leads to connection being closed. |
873313 |
SSL VPN policy is ignored if no user or user group is set and the FSSO group is set. |
873995 |
Problem with the internal website using SSL VPN web mode. |
877124 |
RDP freezes in web mode with high CPU usage of SSL VPN process. |
884860 |
SSL VPN tunnel mode gets disconnected when SSL VPN web mode is disconnected by |
896007 |
Specific SAP feature is not working with SSL VPN web mode. |
System
Bug ID |
Description |
---|---|
666664 |
Interface belonging to other VDOMs should be removed from interface list when configuring a GENEVE interface. |
766834 |
High memory usage caused by downloading a large CRL list. |
796094 |
Egress traffic on EMAC VLAN is using base MAC address instead. |
805122 |
In FIPS-CC mode, if |
812957 |
When setting the |
820268 |
VIP traffic access to the EMAC VLAN interface uses incorrect MAC address on NP7 platform. |
821000 |
QSFP and QSFP+ Fortinet transceivers are not operational on FG-3401E. |
859795 |
High CPU utilization occurs when relay is enabled on VLAN, and this prevents users from getting an IP from DHCP. |
867663 |
The FEC configuration under the interface is not respected when port23 and port24 are members of an LACP and the connection is 100G. Affected platforms: FGT-340xE, FGT-360xE. |
869305 |
SNMP multicast counters are not increasing. |
876403 |
ACME auto-renewal is not performed after HA failover. |
878400 |
When traffic is offloaded to an NP7 source MAC, the packets sent from the EMAC VLAN interface are not correct. |
881094 |
FG-3501F NP7 is dropping all traffic after it is offloaded. |
883071 |
Kernel panic occurs due to null pointer dereference. |
887268 |
Unable to configure |
892195 |
LAG interface has |
899884 |
FG-3000F reboots unexpectedly with NULL pointer dereference. |
900670 |
QSFP/QSFP+ port23/port24 are down after upgrading to 7.0.11 on FG-3401E. |
909345 |
An error condition occurs caused by receiving ICMP redirect messages. |
Upgrade
Bug ID |
Description |
---|---|
900761 |
FG-601E crashes randomly after upgrading to 7.0.8 and 7.0.11. |
903113 |
Upgrading FortiOS firmware with a local file from 6.2.13, 6.4.12, 7.0.11, or 7.2.4 and earlier may fail for certain models because the image file size exceeds the upload limit. Affected models: FortiGate 6000 and 7000 series, FWF-80F-2R, and FWF-81F-2R-POE. |
Web Filter
Bug ID |
Description |
---|---|
863728 |
The urlfilter process causes a memory leak, even when the firewall policy is not using the web filter feature. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE references |
---|---|
894168 |
FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:
|
894631 |
FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:
|
896403 |
IPS Engine 7.00167 is no longer vulnerable to the following CVE Reference:
|
898402 |
FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:
|
899434 |
FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:
|
918991 |
FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:
|