Resolved issues
The following issues have been fixed in version 7.2.1. To inquire about a particular bug, please contact Customer Service & Support.
Anti Virus
Bug ID |
Description |
---|---|
722304 |
AV does not block malicious file uploads to the MS Exchange server (OWA). |
727067 |
FortiGate should fix the interface between FortiGate and FortiAnalyzer for the CDR file. |
794575 |
If FortiGate Cloud is selected as sandbox server under Security Fabric > Fabric Connectors, an anti virus profile with settings to Send files to FortiSandbox for inspection does not get saved in the GUI. |
805655 |
A scanunit crash with signal 11 occurs for SMTP and QP encoding. |
823677 |
When a FortiGate with DLP patterns configured is connected to FortiSandbox, scanunit crashes when the FortiSandbox extension reloads or worker shuts down. |
Application Control
Bug ID |
Description |
---|---|
787130 |
Application control does not block FTP traffic on an explicit proxy. |
Data Leak Prevention
Bug ID |
Description |
---|---|
807327 |
A scanunit crash occurs after upgrading to 6.4.9. |
DNS Filter
Bug ID |
Description |
---|---|
744572 |
In multi-VDOM with default |
790974 |
When the DNS static domain filter entry's action set to allow, it skips DNS translation. |
796052 |
If local-in and transparent requests are hashed into the same local ID list, when the DNS proxy receives a response, it finds the wrong query for requests with the same ID and domain. |
798562 |
DNS filter does not work when the FortiGate is working as a DNS server. |
800497 |
In flow mode with |
Endpoint Control
Bug ID |
Description |
---|---|
775742 |
Upgrade EMS tags to include classification and severity to guarantee uniqueness. |
803198 |
Intermittent FortiOS failure when using a redundant EMS configuration because the EMS FQDN was resolved once before, and when DNS entry expires or the DNS is used for load balancing. |
Explicit Proxy
Bug ID |
Description |
---|---|
770440 |
Explicit web proxy encounter lots of WAD crashes. |
774442 |
WAD is NATting to the wrong IP pool address for the interface. |
778339 |
Improve logic of removing HTTP Proxy-Authorization/Authorization header to prevent user credential leaking. |
794124 |
HTTPS websites are not accessible if |
794255 |
Microsoft website (microsoft.com) cannot be mapped to the Microsoft-Web ISDB name for proxy policy. |
796364 |
Renaming a ClearPass dynamic address object that is configured in a proxy policy causes the address not to be matched. |
798647 |
Explicit web proxy firewall policy can not pass through HTTP traffic. |
801602 |
In agentless NTLM authentication, the source IP in |
802829 |
Explicit proxy encounters a 504 timeout after |
811251 |
WAD daemon may crash upon user log off when using two type of messages (UI and group) at the same time. |
816879 |
When an explicit proxy is enabled with IP pools, certificate inspection probe sessions use the interface IP instead of IPs from the configured IP pool. Therefore, when an interface IP is not allowed to connect externally, the probe session fails and causes traffic to not work. |
Firewall
Bug ID |
Description |
---|---|
599638 |
Get unexpected count for |
677855 |
cmdbsrv and other processes take CPU resources upon every configuration change in devices with over ten thousand firewall policies. |
750081 |
Traffic can pass through an EMAC VLAN interface but cannot be offloaded. |
752267 |
Load Balance Monitor detects a server in standby mode as being down. |
770383 |
In multi-VDOM mode, nothing is exported to the NetFlow collector. |
777231 |
Dashboard > FortiView Traffic Shaping page sometimes displays an undefined traffic shaper. This is cosmetic and does not impact functionality. |
781144 |
On the Edit Virtual Server dialog under Policy & Objects > Virtual Servers, a Duplicate entry found error is displayed for the Virtual server IP and Virtual server port fields when there are no duplicate entries. |
791735 |
The number of sessions in |
794648 |
Cannot set |
794901 |
Unable to create a |
797017 |
The FortiGate does not refresh the iprope group for central SNAT policies after moving a newly created SNAT policy. |
797318 |
NAT64 is not forwarding traffic to the destination IP. |
798587 |
NGFW security policy is missing |
801483 |
Packet drops noticed in the network when FortiGate is running 7.2.0 GA. |
802834 |
On the Traffic Shaping > Traffic Shapers tab, the Bandwidth Utilization column indicates zero traffic when there is traffic present. |
803270 |
Unexpected value for |
806113 |
The Traffic Shaping Policies edit dialog shows configured reverse shapers as disabled. This is a cosmetic issue and the reverse shaper is configured as defined. |
806904 |
IPv6 source with the same 32-bit prefix always NATs to the same IPv4 address. |
820622 |
IPS engine crashes in NGFW policy mode with |
FortiView
Bug ID |
Description |
---|---|
787886 |
The tooltip for the Bandwidth column always displays the receiving bandwidth as zero on the Dashboard > FortiView Traffic Shaping page. |
804177 |
When setting the time period to now filter, the table cannot be filtered by policy type. |
811095 |
Threat type N/A - Static URL Filter is showing on sources that do not have the URL filter enabled. |
819924 |
Information disappears after some time on the FortiView pages. |
GUI
Bug ID |
Description |
---|---|
695163 |
When there are a lot of historical logs from FortiAnalyzer, the FortiGate GUI Forward Traffic log page can take time to load if there is no specific filter for the time range. |
740508 |
Bandwidth widget shows incorrect traffic on FG-40F. |
741745 |
On certain pages, the loading spinner in the GUI is slow to load, and the page remains blank for a long time. |
746618 |
Export port link status is not correct on tenant VDOM FortiSwitch Ports page. |
750727 |
Log viewer negate filter does not work as expected for Application Name column. |
774159 |
Signature not found in IPS database message when editing the IPS profile from the policy. |
778844 |
Dashboard and Managed FortiAPs pages can take a long time to load when there are over 1000 FortiAPs configured. |
781310 |
Policy & Objects > DNAT & Virtual IPs page can take more than 30 seconds to load if there are more than 25 thousand virtual IPs. |
787550 |
HTTPSD daemon crashes frequently with |
787565 |
When logged in as guest management administrator, the custom image shows as empty on the user information printout. |
792045 |
FortiGate failed to view matched endpoints after viewing it successfully several times. |
798161 |
System > Certificates page keeps spinning when trying to access it from Safari. |
799160 |
Modem 1 Health is incorrectly displayed as Disconnected in the Diagnostics and Tools pane of the FortiExtenders page. |
800632 |
Search bar on Addresses page does not complete loading and return a result when format is <IP>-<number>. |
800959 |
CPU usage is visible in the Sessions widget when it should not appear there. |
802292 |
Logs sourced from FortiAnalyzer Big Data show the incorrect time. |
806218 |
Get |
810225 |
An undefined error is displayed when changing an administrator password for the first time. Affected models: NP7 platforms. |
821606 |
Unable to change the member order for SD-WAN rules in the GUI. |
821734 |
Log & Report > Forward Traffic logs do not show the Policy ID if there is no Policy Name. |
822991 |
On the Log & Report > Forward Traffic page, using the filter Result : Deny(all) does not work as expected. |
HA
Bug ID |
Description |
---|---|
722703 |
ISDB is not updating; last update attempt is stuck at an older date. |
734040 |
Need a way for FortiManager to retrieve an HA-specific configuration of a secondary device through the primary device. |
744033 |
HA |
750087 |
Multicast convergence on HA failover. |
750978 |
Interface link status of HA members go down when |
779180 |
FGSP does not synchronize the |
779587 |
When an authentication log on length is longer than the |
781463 |
FortiGate does not respond to ARP request for |
782734 |
Cluster is out-of-sync due to switch controller managed switch checksum mismatch. |
786592 |
Failure in self-pinging towards the management IP. |
794707 |
Get invalid IP address when creating a firewall object in the CLI; it synchronized to the secondary in FGSP |
799659 |
Unusually large uptime and HA behavior occurs. |
799765 |
Multicast is failing after HA failover. |
801872 |
Unexpected HA failover on AWS A-P cluster when |
803354 |
After HA-AP failover, the FortiExtender WAN interface of the new primary cannot get the LTE IP address from FortiExtender. |
803697 |
The |
805663 |
After upgrading, rebooting the primary in HA (A-A) results in unusually high bandwidth utilization on redundant interfaces. |
806660 |
Internet service database object cannot be synchronized to the secondary unit after a FortiGuard update. |
807322 |
AWS HA does not update the prefix list in the route table. |
810175 |
|
812090 |
FGCP with in-band management mode does not send logs to newly added syslog server after being switched from out-of-band. |
816883 |
High CPU usage on secondary device, and CPU lacks the AVX feature needed to load |
817942 |
Secondary cluster member's iprope traffic statistics are not updated to the original primary after an A-P HA failover. |
Hyperscale
Bug ID |
Description |
---|---|
810025 |
Using EIF to support hairpinning does not work for NAT64 sessions. |
812844 |
Default static route does not work well for hypsercale VDOM. |
Intrusion Prevention
Bug ID |
Description |
---|---|
698247 |
Flow mode web filter |
771000 |
High CPU in all cores with device running with one interface set as a one-arm sniffer. |
779377 |
IPS fails to load a configuration if an NGFW policy uses the unrated category group or category of 0. |
809691 |
High CPU usage on IPS engine when certain flow-based policies are active. |
813998 |
IPv6 static routes are not generated for IP-based URL entries in one-arm IPS URL filtering solution. |
IPsec VPN
Bug ID |
Description |
---|---|
636602 |
Tunnel to spoke is down on hub after enabling FortiClient access. |
765868 |
The packets did not pass through QTM, and SYN packets bypass the IPsec tunnel once traffic is offloaded. Affected platforms: NP7 models. |
771935 |
Offloaded transit ESP is dropped in one direction until session is deleted. |
773221 |
Traffic that goes through IPsec based on a loopback interface cannot be offloaded. |
775011 |
In VPN peering using IKEv2, the signature and |
781403 |
IKE is consuming excessive memory. |
787949 |
FortiGate sends duplicate SNMP traps if the tunnel is brought down on the local side. |
790486 |
Support IPsec FGSP per tunnel failover. |
793863 |
File downloads over L2TP IPsec VPN failed when using the VIP mapped to the internal server. |
796546 |
IPv6 traffic through IPsec tunnel from learned BGP routes is not forwarding to Prisma Cloud provider. |
798709 |
Shortcut fails to be triggered by interested traffic. |
803010 |
The |
803336 |
VPN certificate private key changes on SCEP renewal. |
803686 |
Tooltip in Dashboard > Network IPsec widget only displays one address for the local and remote addresses of the phase 2 selector. |
810988 |
GUI does not allow IP overlap for a tunnel interface when |
814366 |
There are no incoming ESP packets from the hub to spoke after upgrading. |
815969 |
Cannot apply dialup IPsec VPN settings modifications in the GUI when |
Log & Report
Bug ID |
Description |
---|---|
692237 |
FortiOS is truncating the group field to 35 characters in traffic logs. |
699019 |
The source IP under |
740157 |
Event log is missing when the FortiGate Cloud Sandbox server is connected, disconnected, or switched. |
769300 |
Traffic denied by security policy (NGFW policy-based mode) is shown as |
770352 |
On the Log & Report > Forward Traffic page, filters applied to an interface name with a comma (,) do not show the correct filtered results for that interface. |
781357 |
Add upgrade code for using free-style filter in miglogd for FortiOS 7.0 and later. |
788724 |
The secondary FortiGate did not send the logs to the syslog server ( |
789459 |
Empty log Summary tab for System Events and Security Events pages. |
790893 |
Free-style filter for UTM logs does not work when |
795595 |
Date/Time filter changes after setting the time. |
797789 |
FortiGate goes into conserve mode because fgtlogd occupies too much memory. |
803262 |
Anti-spam logs are empty when the log source is FortiCloud (adding a time filter may return a result). |
806914 |
|
807661 |
In a FortiAnalyzer with lots of logs, the log view shows no result if the user scrolls down to the bottom of the list. |
814427 |
FortiGate error in FortiAnalyzer connectivity test on secondary device after upgrade. |
815150 |
Negating a range or subnet does not work in the GUI log display. |
Proxy
Bug ID |
Description |
---|---|
678815 |
WAD crashes with signal 11 if the client sends a client hello containing a key share that does not match the key share that the server prefers. |
760471 |
WAD crashes and there is high memory after upgrading. |
766158 |
Video filter FortiGuard category takes precedence over allowed channel ID exception in the same category. |
768278 |
WAD crashes frequently, authentication stops, and firewall freezes once proxy policy changes are pushed out. |
781161 |
WAD has signal 11 crash due to invalid reading after freeing WAD user information daemon. |
785927 |
Unexpected behavior in WAD when multiple DHCP servers are configured. |
786939 |
The |
789703 |
WAD continually crashing at signal 11. |
791662 |
FortiGate is silently dropping server hello in TLS negotiation. |
792505 |
Memory leak identified for WAD worker |
793651 |
An expired certificate can be chosen when creating an SSL/SSH profile for deep inspection. |
795321 |
WAD crash signal 11 and unit goes into conserve mode. |
796910 |
Application wad crash ( |
800125 |
Even if the policy is set to deny FTP_PUT, file uploads are permitted when the UTM feature is enabled. |
800436 |
In proxy inspection, IPS packet logging does not work as expected with HTTPS. |
802935 |
FortiGate cannot block a virus file when using the HTTP PATCH upload method. |
803136 |
|
803260 |
Memory increase suddenly and is not released until rebooting. |
803380 |
Device is consuming high memory and going in conserve mode, possible due to a WAD memory leak. |
805808 |
In proxy inspection mode with AV enabled, TCP traffic is dropped after a while. |
807332 |
WAD does not forward the 302 HTTP redirect to the end client. |
807431 |
File from AWS S3 fails to download with UTM, deep inspection, and proxy configured. |
808072 |
When accessing a specific website using UTF8 content encoding (which is unexpected according to the RFC) the FortiGate blocks the traffic as an HTTP evasion when applying an AV profile with deep inspection. |
809346 |
FTPS helper is not opening pinholes for expected traffic for non-standard ports. |
811259 |
WAD memory leak occurs with IPS enabled. |
815313 |
WAD crash occurred due to a certificate validation failure. |
817750 |
WAD daemon keeps crashing when web proxy forward server group does not have a server list. |
822039 |
WAD crash occurs on FG-61E, FG-101F, FG-61F, FG-200E, and FG-401E during stress testing. |
822271 |
Unable to access a website when deep inspection is enabled in a proxy policy. |
823814 |
When ZTNA access proxy is configured with |
Routing
Bug ID |
Description |
---|---|
618684 |
When HA failover is performed to the other cluster member that is not able to reach the BFD neighbor, the BFD session is down as expected but the static route is present in the routing table. |
704322 |
After configuring static routes on IPsec tunnels using the Network > Static Routes page, a warning icon appears. This is cosmetic and does not affect functionality. |
720618 |
Passive health check is not report packet loss when it occurs in the network. |
756955 |
Routing table does not reflect the new changes for the static route until the routing process is restarted when cmdbsrv and other processes take CPU resources upon every configuration change in devices with over ten thousand firewall policies. |
769523 |
Multicast is not working in VRRP. |
774136 |
VPN traffic is not being metered by DoS policy when using SD-WAN. |
779113 |
A new route check to make sure the route is removed when the link monitor object fails on ARM based platforms. |
787476 |
BGP |
787487 |
Default priority value in static route is set as 0, even though the range is 1- 65535 in transparent mode. |
788793 |
Unable to receive BGP routes on redundant tunnel interfaces. |
795213 |
On the Network > SD-WAN page, adding a named static route to an SD-WAN zone creates a default blackhole route. |
796070 |
Incorrect SD-WAN kernel routes are used on the secondary device. |
796409 |
GUI pages related to SD-WAN rules and performance SLA take 15 to 20 seconds to load. |
797530 |
SD-WAN health check event log shows the incorrect protocol. |
797590 |
GRE tunnel configured using a loopback interface is not working after changing the interface back and forth. |
798245 |
ICMP traffic is using the incorrect VRF. |
799969 |
BGP neighbor |
805285 |
SIP-RTP fails after a route or interface change. |
806939 |
Routing issue with ADVPN and SD-WAN if IPsec aggregate interfaces are configured. |
807635 |
BGP routes hit the wrong route map. |
808840 |
After cloning a static route, the URL gets stuck with |
809321 |
IS-IS LSP packets do not include the checksum and the authentication key ( |
812982 |
SD-WAN performance SLAs on a dialup IPsec VPN tunnel do not work as expected. |
816582 |
Connected subnet in VRF, other than VRF 0, gets an RPF failure after HA failover. |
817670 |
IPv6 route redistribution metric value is not taking effect. |
Security Fabric
Bug ID |
Description |
---|---|
614691 |
Slow GUI performance in large Fabric topology with over 50 downstream devices. |
741084 |
Entry-level FortiGate with Security Fabric enabled for 30 or more downstream FortiGates can go into conserve mode when loading the physical or logical topology pages, or running security rating reports. |
753742 |
Add distributed security rating and topology reports. |
778511 |
PPPoE interface is unable to accept Fabric connections. |
782518 |
Threat feeds are showing that the connection status has not started when it should be connected. |
788543 |
Topology tree shows No connection or Unauthorized for FortiAnalyzer while sending log data to FortiAnalyzer. |
791324 |
Test Automation Stitch function only works on the root FortiGate, and is not working on the downstream FortiGate. |
795687 |
On the Fabric Management page, some managed FortiSwitches are not shown. |
798795 |
API that registers appliances to the Fabric stopped working. |
799832 |
GCP bearer token is too long for the header in a |
801048 |
During the FortiOS initialization process, there is a small chance that other services using UDP take the specific port that caused csfd initialization to fail. |
803600 |
Automation stitch for a scheduled backup is not working. |
807967 |
Add reliable message for creating event logs on upstream device for use by Report Runner. |
815984 |
Azure SDN connector has a 403 error when the AZD restarts. |
SSL VPN
Bug ID |
Description |
---|---|
486837 |
SSL VPN with external DHCP servers is not working. |
616896 |
Link in SSL VPN portal to FortiClient iOS redirects to legacy FortiClient 6.0 rather than the latest 6.2. |
626311 |
SSL VPN users are remaining logged on past the |
676278 |
Custom host check AV and firewall for macOS fails for FortiClient SSL VPN. |
677031 |
SSL VPN web mode does not rewrite playback URLs on the internal FileMaker WebDirect portal. |
697142 |
SharePoint server (de***.sc***.gov.sa) is not working on web-based VPN. |
757726 |
SSL VPN web portal does not serve updated certificate. |
763611 |
Slow upload speed on SSL VPN dual-stack configuration. |
767832 |
After upgrading from 6.4.7 to 7.0.1, the |
767869 |
SCADA portal will not fully load with SSL VPN web bookmark. |
768323 |
Certain websites do not load properly in SSL VPN web mode. |
768983 |
SSL VPN web mode access to the FortiGate GUI is slow after upgrading. |
778034 |
FortiGate GUI in SSL VPN web mode is very slow. |
780305 |
SSL VPN web mode is unable to redirect from port 62843 to port 8443. |
780765 |
High CPU usage in SSL VPN using libssh2. |
781581 |
Customer internal website is not shown correctly in SSL VPN web mode. |
784887 |
A blank page appears after logging in to an SSL VPN bookmark. |
787978 |
Unable to load NFMT routing display through SSL VPN web mode. |
789117 |
SSL VPN web mode RDP bookmark always asks for credentials. |
789267 |
SSO SSL VPN web mode user cannot connect to RDP intermittently. |
789642 |
Unable to load Grafana application through SSL VPN web mode. |
791700 |
SSL VPN crashes and disconnects users at the same time. |
792075 |
SSL VPN web portal does not load internal e-learning website content. |
792944 |
Internal redirect webpage is not working in SSL VPN web mode. |
794800 |
SSL VPN /remote/logoutok screen loads in basic text. |
794820 |
Slow performance to manage FortiGate trough the bookmark configured in SSL VPN web mode. |
795730 |
Non-Google CAPTCHA cannot be displayed in SSL VPN web mode. |
796768 |
SSL VPN RDP is unable to connect to load-balanced VMs. |
797136, 797139 |
Internal site does not load completely using SSL VPN web mode bookmark. |
799308 |
SSL VPN bookmark is not working. |
799780 |
Website is not loading in SSL VPN web mode. |
800751 |
Unable to download files over 2 GB to and from an SMB file share using SSL VPN web mode. |
801308 |
FortiGuard should only provide an installer for FortiClient VPN, instead of the full FortiClient version. |
801588 |
After Kronos (third-party) update from 8.1.3 to 8.1.13, SSL VPN web portal users get a blank page after logging in successfully. |
802379 |
SSL VPN has memory leaks and crashes. |
803576 |
Comments in front of |
803622 |
High CPU in SSL VPN once SAML is used with FortiAuthenticator and an LDAP server. |
805922 |
Unable to configure ssl.root as the |
806143 |
JavaScript error in SSL VPN web mode. |
807268 |
Many SSL VPN users are disconnected periodically, and sslvpnd crashes. |
808569 |
sslvpnd crashes when no certificate is specified. |
808634 |
SSL VPN daemon sometimes could not be recovered, even when setting the server certificate back from empty to a specific certificate. |
809209 |
SSL VPN process memory leak is causing the FortiGate to enter conserve mode over a short period of time. |
809473 |
When sslvpnd debugs are enabled, the SSL VPN process crashes more often. |
810715 |
Web application is not loading in the SSL VPN web mode. |
811007 |
The auto-generated URL on the VPN > SSL-VPN Settings page shows the management IP of the FortiGate instead of the SSL VPN interface port IP as defined on the VPN > SSL-VPN Realms page when a realm is created. |
812006 |
The PROD-MDN-WS1 SSL VPN portal is not loading properly, and cannot navigate within the page. |
814040 |
SSL VPN bookmark configuration is added automatically after client logs in to web mode. |
814708 |
The same SAML user failed to establish a tunnel when a stale web session exists with |
816716 |
sslvpnd crashed when deleting a VLAN interface. |
816881 |
TX packet loss on ssl.root interface. |
817843 |
Logging out of SSL VPN tunnel mode does not clear the authenticated list. |
826582 |
SSH via SSL VPN web mode does not work for some SSH servers. |
Switch Controller
Bug ID |
Description |
---|---|
774441 |
FortiLink topology only displays partially. |
794026 |
The number of quarantined MAC addresses is stuck at 256 due to table size limitations on the FortiGate. |
799860 |
FortiSwitch online/offline status is not consistent between the CLI and SNMP. |
803307 |
The Enable STP security control description should be reworded to mention that Edge ports should have STP enabled once the network topology is stable. |
805154 |
Switch controller preconfiguration of FortiSwitch 108F-POE is incorrect. |
810550 |
When |
System
Bug ID |
Description |
---|---|
540389 |
Remote administrator password renewal shows remote token instead of new password (CLI and GUI). |
716250 |
Incorrect bandwidth utilization traffic widget for VLAN interface based on LACP interface. |
725273 |
|
734912 |
When VDOMs are enabled, changing system settings causes the GUI to display a failure to save message. |
736144 |
AirCard 340U LTE Modem does not work. |
743831 |
When global daylight saving time (DST) is disabled, the system time in the GUI still shows the time with DST. |
753912 |
FortiGate calculates faulty FDS weight with DST enabled. |
756139 |
When split port is enabled on four 10 GB ports, only one LACP port is up, and the other ports do not send/receive the LACP PDU. |
758490 |
The value of the |
761971 |
AirCard 340U LTE modem does not work on FG-61F. |
764483 |
After restoring the VDOM configuration, |
766058 |
FortiGate central management is configured on the backup mode ADOM, and any changes done on the FortiGate are not recorded in the FortiManager. |
771331 |
Incorrect bandwidth utilization traffic widget for VLAN interface on NP6 platforms. |
773829 |
Get |
781960 |
A dhcpd crash log occurs. |
782392 |
ICMP traceroute with more than one probe is not working, and drops are seen on NP6 platforms. |
783241 |
Manually updating |
783939 |
IPv4 session is flushed after creating a new VDOM. |
786255 |
Cached topology reports causes the FortiGate to run out of flash storage on entry-level models. |
786998 |
When enabling the |
787557 |
Sudo command is not working inconsistently. |
787595 |
FFDB cannot be updated with |
789203 |
High memory usage due to DoT leak at |
790656 |
DNS fails to correctly resolve hosts using the DNS database. |
792544 |
A request is made to the remote authentication server before checking |
793864 |
Repeated FortiDDNS failed messages are in the system event logs output. |
796094 |
Egress traffic on EMAC VLAN is using base MAC address instead. |
796398 |
BPDUs packets are blocked even though STF forwarding is enabled on FG-800D in transparent mode (UTP and SFP). |
797428 |
SNMP status for NPU is not available on NP6xlite. |
799255 |
Any configuration changes on FG-2601F causes cmbdr crash with signal 6 and traffic to stop flowing. |
799487 |
The debug zone uses over 400 MB of RAM. |
800294 |
Interface migration wizard fails to migrate interfaces when VLANs have dependencies within dependencies. |
800295 |
NTP server has intermittent unresolvable logs after upgrading to 6.4. |
801053 |
FG-1800F existing hardware switch configuration fails after upgrading. |
801474 |
DHCP IP lease is flushed within the lease time. |
801738 |
Kernel panic occurs on FG-2610F when collecting debug flow information. |
802917 |
PPPoE virtual tunnel drops traffic after logon credentials are changed. |
805412 |
DHCPv6 authentication option offer is not accepted from the server. |
805644 |
Trunk port is removed from the VLAN switch after rebooting. |
807947 |
Unable to create new interface and VDOM link with names that contain spaces. |
810104 |
Under certain trace condition scenarios, a kernel panic may be triggered on new kernel platforms after failover with HTTP CCS followed by SIP64 traffic. |
810466 |
EHP and HRX drop on NP6 FortiGate, causing low throughput. |
810583 |
Running |
810622 |
Message regarding VDOM names longer than 11 characters is shown when |
811449 |
New DNS system servers with DoT enabled, applying a DNS filter to the FortiGate DNS server fails. |
812499 |
When traffic gets offloaded, an incorrect MAC address is used as a source. |
813223 |
Random kernel panic occurs when the following IPsec VPN phase 2 interface configuration is used: config vpn ipsec phase2-interface edit <name> set keylife-type both set keylifeseconds 28800 set keylifekbs 4608000 next end |
813606 |
DHCP relay offers to iPhones is blocked by the FortiGate. |
814002 |
FortiGate may enter kernel panic in HA environment and when sending multicast traffic on new kernel platforms. |
815360 |
NP7 platforms may encounter a kernel panic when deleting more than two hardware switches at the same time. |
816278 |
Memory increase due to iked process. |
816823 |
NP6xLite test failed when running |
818461 |
When an aggregate is created after all VLANs and added to a software switch, all VLANs are lost after rebooting. |
818811 |
NTurbo crash occurs when offloading SSL mirror traffic. |
821773 |
Manual license for air-gap environments is lost after rebooting the FortiGate. |
Upgrade
Bug ID |
Description |
---|---|
792831 |
|
803171 |
Upgrade takes longer than expected and get synchronization error caused by PPP when HA upgrades. |
User & Authentication
Bug ID |
Description |
---|---|
738846 |
FAS ends up in endless loop while synchronizing with LDAP when a special character ( |
754725 |
After updating the FSSO DC agent to version 5.0.0301, the DC agent keeps crashing on Windows 2012 R2 and 2016, which causes lsass.exe to reboot. |
760740 |
|
778521 |
SCEP fails to renew if the local certificate name length is between 31 and 35 characters. |
782158 |
The |
790941 |
When logged in with an administrator profile using a wildcard RADIUS user, creating a new dashboard widgets fails. |
792924 |
Incorrect captive portal page certificate is used after upgrading. |
804133 |
The |
808884 |
Device information is not fully detected on NP7. |
810033 |
The samld process is killed if the SP certificate set has an ECC 384-bit public key. |
813355 |
Additional information from user ID login should be displayed. |
813407 |
Captive portal authentication with RADIUS user group truncates the token code to eight characters. |
813987 |
No traffic is generated when creating an ACME certificate that uses a domain name with an uppercase letter. |
VM
Bug ID |
Description |
---|---|
764392 |
Incorrect VMDK file size in the OVF file for hw13 and hw15. |
782073 |
IBM HA is unable to fail over route properly when route table has a delegate VPC route. |
786278 |
Bandwidth usage is not shown when DPDK is enabled. |
799536 |
Data partition is almost full on FG-VM64 platforms. |
800473 |
FG-VM64 deployed with 6.4 loses configuration and license after upgrading to 7.2.1 (no issue if deployed with 7.0). |
800935 |
ESXi VLAN interface based on LACP does not work. |
803219 |
Azure SDN connector might miss dynamic IP addresses due to only the first page of the network interface being processed. |
809963 |
Get cmdbsvr crash after concurrent performance test on FG-KVM32. |
VoIP
Bug ID |
Description |
---|---|
794517 |
VoIP daemon memory leak occurs when the following conditions are met:
|
WAN Optimization
Bug ID |
Description |
---|---|
804662 |
WANOpt tunnels are not established for traffic matching the profile. |
Web Application Firewall
Bug ID |
Description |
---|---|
795554 |
Inspecting all ports in an SSL/SSH inspection profile does not work with the WAF profile. |
Web Filter
Bug ID |
Description |
---|---|
743195 |
Disclaimer module does not load and breaks the website. |
786448 |
Web filtering with WISP functionality is intermittent in flow mode. |
798557 |
When a new URL filter entry is created and the list is re-ordered, the list position is not maintained. |
801792 |
IPS daemon has socket FD leaks. |
WiFi Controller
Bug ID |
Description |
---|---|
790367 |
FWF-60F has kernel panic and reboots by itself every few hours. |
795821 |
The new
Solution:
|
796036 |
Manual quarantine for wireless client connected to SSID on multi-VDOM with |
807605 |
FortiOS exhibits segmentation fault on hostapd on the secondary controller configured in HA. |
ZTNA
Bug ID |
Description |
---|---|
792829 |
WAD re-challenges user authentication upon HA failover. |
797433 |
WAD treats ZTNA SAML URL with multiple query characters as invalid and closes. |
799530 |
Found wad crash at |
799759 |
Applying a ZTNA rule in the GUI removes configured IP pools. |
802715 |
ZTNA failed to match the policy when a tag is found for an endpoint in the EMS response. |
808178 |
After upgrading from 7.0 to 7.2, the |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE references |
---|---|
789153 |
FortiOS 7.2.1 is no longer vulnerable to the following CVE Reference:
|
795784 |
FortiOS 7.2.1 is no longer vulnerable to the following CVE Reference:
|
797229 |
FortiOS 7.2.1 is no longer vulnerable to the following CVE Reference:
|
800259 |
FortiOS 7.2.1 is no longer vulnerable to the following CVE Reference:
|
803283 |
FortiOS 7.2.1 is no longer vulnerable to the following CVE Reference:
|
810989 |
FortiOS 7.2.1 is no longer vulnerable to the following CVE Reference:
|
811492 |
FortiOS 7.2.1 is no longer vulnerable to the following CVE Reference:
|
819640 |
FortiOS 7.2.1 is no longer vulnerable to the following CVE Reference:
|
825695 |
FortiOS 7.2.1 is no longer vulnerable to the following CVE Reference:
|
863856 |
FortiOS 7.2.1 is no longer vulnerable to the following CVE Reference:
|