Resolved issues
The following issues have been fixed in version 7.0.9. To inquire about a particular bug, please contact Customer Service & Support.
Explicit Proxy
Bug ID |
Description |
---|---|
805703 |
FortiGate does not load balance requests evenly when the |
Firewall
Bug ID |
Description |
---|---|
834301 |
Session dropped with timeout action after policy changes. |
835413 |
Inaccurate sFlow interface data reported to PRTG after upgrading to 7.0. |
843274 |
Source interface filter ( |
GUI
Bug ID |
Description |
---|---|
719476 |
FortiLink NAC matched device is displayed in the CLI but not in the GUI under WiFi & Switch Controller > NAC Policies > View Matched Devices. |
831885 |
Unable to access GUI via HA management interface of secondary unit. |
HA
Bug ID |
Description |
---|---|
832634 |
HA failovers occur due to the kernel hanging on FG-100F. |
840954 |
The HA pair primary keeps sending |
843907 |
Session load balancing is not working in HA A-A configuration for traffic flowing via the VLAN interface when the port1 link is down on platforms with a 4.19 kernel. |
IPsec VPN
Bug ID |
Description |
---|---|
819276 |
After changing the password policy to enable it, all non-conforming IPsec tunnels were wiped out after rebooting/upgrading. |
832920 |
Unable to edit the parent interface from the IPsec configuration if it was configured on an IPIP tunnel. |
840153 |
Unexpected dynamic selectors block traffic when |
840940 |
Unable to reestablish a new IPsec L2TP connection for 10 minutes after the previous one disconnected. The issue conditions are local in traffic and a policy-based IPsec tunnel. |
842528 |
Improper IKEv1 quick mode fragmentation from third-party client can cause an IKE crash. |
Proxy
Bug ID |
Description |
---|---|
827807 |
WAD crash at signal 11 is observed after configuring 250 CGN VDOMs (full offload is enabled in the VDOMs). |
837095 |
WAD daemon runs high with many child processes and is not coming down after configuring 250 CGN VDOMs. |
Routing
Bug ID |
Description |
---|---|
817670 |
IPv6 route redistribution metric value is not taking effect. |
833800 |
The |
836077 |
IPv6 SD-WAN health check is not working after a disconnection. |
840691 |
FortiGate as an NTP server is not using SD-WAN rules. |
Security Fabric
Bug ID |
Description |
---|---|
837347 |
Upgrading from 6.4.8 to 7.0.5 causes SDN firewall address configurations to be lost. |
843043 |
Only the first ACI SDN connector can be kept after upgrading from 6.4.8 if multiple ACI SDN connectors are configured. |
SSL VPN
Bug ID |
Description |
---|---|
705880 |
Updated empty group with SAML user does not trigger an SSL VPN firewall policy refresh, which causes the SAML user detection to not be successful in later usage. |
808569 |
sslvpnd crashes when no certificate is specified. |
808634 |
SSL VPN daemon sometimes could not be recovered, even when setting the server certificate back from empty to a specific certificate. |
820536 |
SSL VPN web mode bookmark incorrectly applies a URL redirect. |
822432 |
SSL VPN crashes after copying a string to the remote server using the clipboard in RDP web mode when using RDP security. |
848437 |
The sslvpn process crashes if a POST request with a body greater than 2 GB is received. |
856316 |
Browser displays an Error, Feature is not available message if a file larger than 1 MB is uploaded from FTP or SMB using a web bookmark, even though the file is uploaded successfully. There are no issues with downloading files. |
System
Bug ID |
Description |
---|---|
798992 |
Get newcli crash when running the |
827736 |
As the size of the internet service database expands, |
831486 |
HQIP memory test failed and triggered a log out with a newcli process crash. |
844316 |
IPS and application control is causing the FortiGate (VWP) to change either the source MAC address or the destination MAC address based on the flow. |
844908 |
Outbandwidth does not control traffic properly on platforms with a 4.19 kernel when VDOM links are used. |
844937 |
FG-3700D unexpectedly reboots after the COMLog reported a kernel panic due to an IPv6 failure to set up the master session for the expectation session under some conditions. |
850430 |
DHCP relay does not work properly with two DHCP relay servers configured. |
855151 |
There may be a race condition between the CMDB initializing and the customer language file loading, which causes the customer language file to be removed after upgrading. |
VM
Bug ID |
Description |
---|---|
848279 |
SFTP backup not working with Azure storage account. |
Web Application Firewall
Bug ID |
Description |
---|---|
838913 |
The WAF is indicating malformed request false positives caused by incorrect setups of four known headers: Access-Control-Max-Age, Access-Control-Allow-Headers, Access-Control-Allow-Methods, and Origin. |
Web Filter
Bug ID |
Description |
---|---|
742483 |
System events logs randomly contain a |
847676 |
|
WiFi Controller
Bug ID |
Description |
---|---|
844172 |
The cw_acd process is deleting dynamic IPsec tunnels on the secondary device, which causes the FortiAPs to disconnect on the primary device. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE references |
---|---|
843324 |
FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:
|
847483 |
FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:
|
850842 |
FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:
|
853448 |
FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:
|
854227 |
FortiOS 7.0.9 is no longer vulnerable to the following CVE Reference:
|