Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 7.0.12 FortiOS Release Notes
7.0.12
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2

Resolved issues

Resolved issues

The following issues have been fixed in version 7.0.12. To inquire about a particular bug, please contact Customer Service & Support.

Application Control

Bug ID

Description

857632

Unable to access to some websites when application control with deep inspection is enabled.

DNS Filter

Bug ID

Description

871854

DNS UTM log still presents unknown FortiGuard category even when the DNS proxy received a rating value.

878674

Forward traffic log is generated for allowed DNS traffic if the DNS filter is enabled but the policy is set to log security events only.

Firewall

Bug ID

Description

804603

An httpsd singal 6 crash occurs due to /api/v2/monitor/license/forticare-resllers.

GUI

Bug ID

Description

750727

Applying a negate for the Application Name column in the log viewer is not working as expected.

827893

Security rating test for FortiCare Support fails when connected to FortiManager Cloud or FortiAnalyzer Cloud.

862474

IPsec tunnel interface Bandwidth widget inbound is zero and outbound value is lower than the binding interface.

890683

GUI being exposed to port 80 on the interfaces defined in the ACME settings, even if administrative access is disabled on the interface.

897004

On rare occasions, the GUI may display blank pages when the user navigates from one menu to another if there is a managed FortiSwitch present.

HA

Bug ID

Description

846015

First ICMP redirected from FGSP secondary is dropped on FGSP primary when UTM is enabled.

868622

The session is not synchronized after HA failover by detecting monitored interface as down.

872686

Configuration backup on standby unit fails when using SFTP.

881847

HA interfaces flapping on FG-3401E.

883546

In HA, sending lot of CLI configurations causes the creation of a VDOM on the secondary unit.

Intrusion Prevention

Bug ID

Description

810783

The number of IPS sessions is higher than kernel sessions, which causes the FortiGate to enter conserve mode.

839170

Improvements to IPS engine monitor to resolve an error condition during periods of heavy traffic loads.

IPsec VPN

Bug ID

Description

788751

IPsec VPN Interface shows incorrect TX/RX counter.

855705

NAT detection in shortcut tunnel sometimes goes wrong.

858681

When upgrading from 6.4.9 to 7.0.6 or 7.0.8, the traffic is not working between the spokes on the ADVPN environment.

873097

Phase 2 not initiating the rekey at soft limit timeout on new kernel platforms.

885818

If a tunnel in an IPsec aggregate is down but its DPD link is on, the IPsec aggregate interface may still forward traffic to a down tunnel causing traffic to drop.

891462

The Peer ID field in the IPsec widget should not show a warning message that Two-factor authentication is not enabled.

892699

In an HA cluster, static routes via the IPsec tunnel interface are not inactive in the routing table when the tunnel is down.

898456

NP7 devices become unresponsive until power cycle with rcu_sched self-detected stall on CPU because phase 2 is not initiating rekey at soft limit timeout.

Log & Report

Bug ID

Description

823183

FortiGates are showing Logs Queued in the GUI after a FortiAnalyzer reboot, even tough the queued logs were actually all uploaded to FortiAnalyzer and cleared when the connection restores.

837116

FortiCloud log statistics chart on the Log Settings page shows incorrect data.

838253

FortiAnalyzer log statistics chart on the Log Settings page shows incorrect data.

857573

Log filter with negation of destination IP display all logs.

860141

Syslog did not update the time after daylight saving time (DST) adjustment.

864219

A miglogd crash occurs when creating a dynamic interface cache on an ADVPN environment.

901545

FG-40F/FWF-61F halts after upgrading.

918571

The log_se process resource utilization is causing a network outage.

Proxy

Bug ID

Description

727629, 901296

An error case occurs in WAD while handling the HTTP requests for an explicit proxy policy.

796150, 857507

When a server sends a connection close response too early, traffic from the client may be interrupted inadvertently before the request is completed.

874563

User information attributes can cause disruption when they are not properly merged.

893022

Proxy ARP returns no response.

Routing

Bug ID

Description

821149

Early packet drop occurs when running UTM traffic on virtual switch interface.

858299

Redistributed BGP routes to the OSPF change its forward address to the tunnel ID.

863318

Application forticron signal 11 (Segmentation fault) occurs.

864626

FortiGate local traffic does not follow SD-WAN rules.

883918

Delay in joining (S,G) in PIM-SM.

884372

All BGP routes in dual ADVPN redundant configuration are not getting updated to the correct WAN interface post-rollback to WAN failover.

890379

After upgrading, SD-WAN is unable to fail over the traffic when one interface is down.

897940

Link monitor's probe timeout value range is not appropriate when the user decreases the minimum interval.

Security Fabric

Bug ID

Description

825291

Security rating test for FortiAnalyzer fails when connected to FortiAnalyzer Cloud.

853406

External resource full certificate check does not validate certificate when URI is an IP address.

SSL VPN

Bug ID

Description

781581

Customer internal website is not shown correctly in SSL VPN web mode.

868491

SSL VPN web mode connection to VMware vCenter 7 is not working.

871039

Internal website is not displaying user-uploaded PDF files when visited through SSL VPN web mode.

872745

SSL VPN web mode to RDP broker leads to connection being closed.

873313

SSL VPN policy is ignored if no user or user group is set and the FSSO group is set.

873995

Problem with the internal website using SSL VPN web mode.

877124

RDP freezes in web mode with high CPU usage of SSL VPN process.

884860

SSL VPN tunnel mode gets disconnected when SSL VPN web mode is disconnected by limit-user-logins.

896007

Specific SAP feature is not working with SSL VPN web mode.

System

Bug ID

Description

666664

Interface belonging to other VDOMs should be removed from interface list when configuring a GENEVE interface.

766834

High memory usage caused by downloading a large CRL list.

796094

Egress traffic on EMAC VLAN is using base MAC address instead.

805122

In FIPS-CC mode, if cfg-save is set to revert, the system will halt a configuration change or certificate purge.

812957

When setting the speed of 1G SFP ports on FG-180xF platforms to 1000full, the interface does not come up after rebooting.

820268

VIP traffic access to the EMAC VLAN interface uses incorrect MAC address on NP7 platform.

821000

QSFP and QSFP+ Fortinet transceivers are not operational on FG-3401E.

859795

High CPU utilization occurs when relay is enabled on VLAN, and this prevents users from getting an IP from DHCP.

867663

The FEC configuration under the interface is not respected when port23 and port24 are members of an LACP and the connection is 100G. Affected platforms: FGT-340xE, FGT-360xE.

869305

SNMP multicast counters are not increasing.

876403

ACME auto-renewal is not performed after HA failover.

878400

When traffic is offloaded to an NP7 source MAC, the packets sent from the EMAC VLAN interface are not correct.

881094

FG-3501F NP7 is dropping all traffic after it is offloaded.

883071

Kernel panic occurs due to null pointer dereference.

887268

Unable to configure dscp-based-priority when traffic-priority dscp is configured under system global.

892195

LAG interface has NOARP flag after interface settings change.

899884

FG-3000F reboots unexpectedly with NULL pointer dereference.

900670

QSFP/QSFP+ port23/port24 are down after upgrading to 7.0.11 on FG-3401E.

909345

An error condition occurs caused by receiving ICMP redirect messages.

Upgrade

Bug ID

Description

900761

FG-601E crashes randomly after upgrading to 7.0.8 and 7.0.11.

903113

Upgrading FortiOS firmware with a local file from 6.2.13, 6.4.12, 7.0.11, or 7.2.4 and earlier may fail for certain models because the image file size exceeds the upload limit. Affected models: FortiGate 6000 and 7000 series, FWF-80F-2R, and FWF-81F-2R-POE.

Web Filter

Bug ID

Description

863728

The urlfilter process causes a memory leak, even when the firewall policy is not using the web filter feature.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

894168

FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-29183

894631

FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-29178

896403

IPS Engine 7.00167 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-40718

898402

FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-27997

899434

FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-41841

918991

FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-36639
Previous
Next

Resolved issues

The following issues have been fixed in version 7.0.12. To inquire about a particular bug, please contact Customer Service & Support.

Application Control

Bug ID

Description

857632

Unable to access to some websites when application control with deep inspection is enabled.

DNS Filter

Bug ID

Description

871854

DNS UTM log still presents unknown FortiGuard category even when the DNS proxy received a rating value.

878674

Forward traffic log is generated for allowed DNS traffic if the DNS filter is enabled but the policy is set to log security events only.

Firewall

Bug ID

Description

804603

An httpsd singal 6 crash occurs due to /api/v2/monitor/license/forticare-resllers.

GUI

Bug ID

Description

750727

Applying a negate for the Application Name column in the log viewer is not working as expected.

827893

Security rating test for FortiCare Support fails when connected to FortiManager Cloud or FortiAnalyzer Cloud.

862474

IPsec tunnel interface Bandwidth widget inbound is zero and outbound value is lower than the binding interface.

890683

GUI being exposed to port 80 on the interfaces defined in the ACME settings, even if administrative access is disabled on the interface.

897004

On rare occasions, the GUI may display blank pages when the user navigates from one menu to another if there is a managed FortiSwitch present.

HA

Bug ID

Description

846015

First ICMP redirected from FGSP secondary is dropped on FGSP primary when UTM is enabled.

868622

The session is not synchronized after HA failover by detecting monitored interface as down.

872686

Configuration backup on standby unit fails when using SFTP.

881847

HA interfaces flapping on FG-3401E.

883546

In HA, sending lot of CLI configurations causes the creation of a VDOM on the secondary unit.

Intrusion Prevention

Bug ID

Description

810783

The number of IPS sessions is higher than kernel sessions, which causes the FortiGate to enter conserve mode.

839170

Improvements to IPS engine monitor to resolve an error condition during periods of heavy traffic loads.

IPsec VPN

Bug ID

Description

788751

IPsec VPN Interface shows incorrect TX/RX counter.

855705

NAT detection in shortcut tunnel sometimes goes wrong.

858681

When upgrading from 6.4.9 to 7.0.6 or 7.0.8, the traffic is not working between the spokes on the ADVPN environment.

873097

Phase 2 not initiating the rekey at soft limit timeout on new kernel platforms.

885818

If a tunnel in an IPsec aggregate is down but its DPD link is on, the IPsec aggregate interface may still forward traffic to a down tunnel causing traffic to drop.

891462

The Peer ID field in the IPsec widget should not show a warning message that Two-factor authentication is not enabled.

892699

In an HA cluster, static routes via the IPsec tunnel interface are not inactive in the routing table when the tunnel is down.

898456

NP7 devices become unresponsive until power cycle with rcu_sched self-detected stall on CPU because phase 2 is not initiating rekey at soft limit timeout.

Log & Report

Bug ID

Description

823183

FortiGates are showing Logs Queued in the GUI after a FortiAnalyzer reboot, even tough the queued logs were actually all uploaded to FortiAnalyzer and cleared when the connection restores.

837116

FortiCloud log statistics chart on the Log Settings page shows incorrect data.

838253

FortiAnalyzer log statistics chart on the Log Settings page shows incorrect data.

857573

Log filter with negation of destination IP display all logs.

860141

Syslog did not update the time after daylight saving time (DST) adjustment.

864219

A miglogd crash occurs when creating a dynamic interface cache on an ADVPN environment.

901545

FG-40F/FWF-61F halts after upgrading.

918571

The log_se process resource utilization is causing a network outage.

Proxy

Bug ID

Description

727629, 901296

An error case occurs in WAD while handling the HTTP requests for an explicit proxy policy.

796150, 857507

When a server sends a connection close response too early, traffic from the client may be interrupted inadvertently before the request is completed.

874563

User information attributes can cause disruption when they are not properly merged.

893022

Proxy ARP returns no response.

Routing

Bug ID

Description

821149

Early packet drop occurs when running UTM traffic on virtual switch interface.

858299

Redistributed BGP routes to the OSPF change its forward address to the tunnel ID.

863318

Application forticron signal 11 (Segmentation fault) occurs.

864626

FortiGate local traffic does not follow SD-WAN rules.

883918

Delay in joining (S,G) in PIM-SM.

884372

All BGP routes in dual ADVPN redundant configuration are not getting updated to the correct WAN interface post-rollback to WAN failover.

890379

After upgrading, SD-WAN is unable to fail over the traffic when one interface is down.

897940

Link monitor's probe timeout value range is not appropriate when the user decreases the minimum interval.

Security Fabric

Bug ID

Description

825291

Security rating test for FortiAnalyzer fails when connected to FortiAnalyzer Cloud.

853406

External resource full certificate check does not validate certificate when URI is an IP address.

SSL VPN

Bug ID

Description

781581

Customer internal website is not shown correctly in SSL VPN web mode.

868491

SSL VPN web mode connection to VMware vCenter 7 is not working.

871039

Internal website is not displaying user-uploaded PDF files when visited through SSL VPN web mode.

872745

SSL VPN web mode to RDP broker leads to connection being closed.

873313

SSL VPN policy is ignored if no user or user group is set and the FSSO group is set.

873995

Problem with the internal website using SSL VPN web mode.

877124

RDP freezes in web mode with high CPU usage of SSL VPN process.

884860

SSL VPN tunnel mode gets disconnected when SSL VPN web mode is disconnected by limit-user-logins.

896007

Specific SAP feature is not working with SSL VPN web mode.

System

Bug ID

Description

666664

Interface belonging to other VDOMs should be removed from interface list when configuring a GENEVE interface.

766834

High memory usage caused by downloading a large CRL list.

796094

Egress traffic on EMAC VLAN is using base MAC address instead.

805122

In FIPS-CC mode, if cfg-save is set to revert, the system will halt a configuration change or certificate purge.

812957

When setting the speed of 1G SFP ports on FG-180xF platforms to 1000full, the interface does not come up after rebooting.

820268

VIP traffic access to the EMAC VLAN interface uses incorrect MAC address on NP7 platform.

821000

QSFP and QSFP+ Fortinet transceivers are not operational on FG-3401E.

859795

High CPU utilization occurs when relay is enabled on VLAN, and this prevents users from getting an IP from DHCP.

867663

The FEC configuration under the interface is not respected when port23 and port24 are members of an LACP and the connection is 100G. Affected platforms: FGT-340xE, FGT-360xE.

869305

SNMP multicast counters are not increasing.

876403

ACME auto-renewal is not performed after HA failover.

878400

When traffic is offloaded to an NP7 source MAC, the packets sent from the EMAC VLAN interface are not correct.

881094

FG-3501F NP7 is dropping all traffic after it is offloaded.

883071

Kernel panic occurs due to null pointer dereference.

887268

Unable to configure dscp-based-priority when traffic-priority dscp is configured under system global.

892195

LAG interface has NOARP flag after interface settings change.

899884

FG-3000F reboots unexpectedly with NULL pointer dereference.

900670

QSFP/QSFP+ port23/port24 are down after upgrading to 7.0.11 on FG-3401E.

909345

An error condition occurs caused by receiving ICMP redirect messages.

Upgrade

Bug ID

Description

900761

FG-601E crashes randomly after upgrading to 7.0.8 and 7.0.11.

903113

Upgrading FortiOS firmware with a local file from 6.2.13, 6.4.12, 7.0.11, or 7.2.4 and earlier may fail for certain models because the image file size exceeds the upload limit. Affected models: FortiGate 6000 and 7000 series, FWF-80F-2R, and FWF-81F-2R-POE.

Web Filter

Bug ID

Description

863728

The urlfilter process causes a memory leak, even when the firewall policy is not using the web filter feature.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE references

894168

FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-29183

894631

FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-29178

896403

IPS Engine 7.00167 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-40718

898402

FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-27997

899434

FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-41841

918991

FortiOS 7.0.12 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-36639
Previous
Next