Known issues
The following issues have been identified in version 7.4.2. To inquire about a particular bug or report a bug, please contact Customer Service & Support.
Anti Virus
Bug ID |
Description |
---|---|
977634 |
FortiOS High Security Alert block page reference URL is incorrect. |
Application Control
Bug ID |
Description |
---|---|
934197 |
Selected applications will disappear after searching or filtering for other applications in override. |
Firewall
Bug ID |
Description |
---|---|
760292 |
The date in the graph of Last 7 Days traffic statistics for the policy is incorrect. |
959065 |
Once a traffic shaper is applied to a traffic shaping firewall policy, the counters should not clear when deleting or creating a traffic shaper. |
966466 |
On an FG-3001F NP7 device, packet loss occurs even on local-in traffic. |
981283 |
NAT64/46 HTTP virtual server does not work as expected in the policy. |
FortiGate 6000 and 7000 platforms
Bug ID |
Description |
---|---|
787604 |
Transceiver information in unavailable for FPM/FIM2 ports in the GUI. |
790464 |
Existing ARP entries are removed from all slots when an ARP query of a single slot does not respond. |
885205 |
IPv6 ECMP is not supported for the FortiGate 6000F and 7000E platforms. IPv6 ECMP is supported for the FortiGate 7000F platform. |
887946 |
UTM traffic is blocked by an FGSP configuration with asymmetric routing. |
910883 |
The FortiGate 6000s or 7000s in an FGSP cluster may load balance FTP data sessions to different FPCs or FPMs. This can cause delays while the affected FortiGate 6000 or 7000 re-installs the sessions on the correct FPC or FPM. |
911244 |
FortiGate 7000E IPv6 routes may not be synchronized correctly among FIMs and FPMs. |
973407 |
FIM installed NPU session causes the SSE to get stuck. |
978241 |
FortiGate does not honor worker port partition when SNATing connections using a fixed port range IP pool. |
983236 |
Under normal conditions, a FortiGate 6000 or 7000 may generate event log messages due to a known issue with a feature added to FortiOS 7.2 and 7.4. The feature is designed to create event log messages for certain DP channel traffic issues but also generates event log messages when the DP processor detects traffic anomalies that are part of normal traffic processing. This causes the event log messages to detect false positives that don't affect normal operation. For example, DP channel 15 RX drop detected! messages can be created when a routine problem is detected with a packet that would normally cause the DP processor to drop the packet. Similar discard message may also appear if the DP buffer is full. |
GUI
Bug ID |
Description |
---|---|
848660 |
Read-only administrator may encounter a Maximum number of monitored interfaces reached error when viewing an interface bandwidth widget for an interface that does not have the monitor bandwidth feature enabled. Workaround: super_admin users can enable the monitor bandwidth feature on the interface first, then the widget can work for read-only administrators. |
853352 |
When viewing entries in slide-out pan of the Policy & Objects > Internet Service Database page, users cannot scroll down to the end if there are over 100K entries. |
885427 |
Suggest showing the SFP status information on the faceplate of FGR-60F/60F-3G4G devices. |
931486 |
Unexpected behavior in httpsd when the user has a lot of FQDN addresses. |
961796 |
When administrator GUI access (HTTPS) is enabled on SD-WAN member interfaces, the GUI may not be accessible on the SD-WAN interface due to incorrect routing of the response packet. Workaround: access the GUI using another internal interface that is not part of an SD-WAN link. |
964386 |
GUI dashboards show all the IPv6 sessions on every VDOM. |
966702 |
List of security profiles it is not displayed correctly in the GUI. |
972887 |
On the Policy & Objects > Firewall Policy page, searching for automatically created addresses that have IP addresses does not show any matching results. |
975403 |
FortiGate removes the |
979508 |
The Operation Technology category cannot be turned on or off from the GUI. The option to enable/disable the Operational Technology category on application control profiles when hovering the mouse over the category name is missing. Workaround: use the CLI to configure it. |
983422 |
A GTP profile cannot be applied to policy using the GUI. Workaround: use the CLI to apply the GTP profile. |
989512 |
When the number of users in the Firewall User monitor exceeds 2000, the search bar is no longer be displayed. |
HA
Bug ID |
Description |
---|---|
971075 |
The last interface belonging to the non-root management VDOM is not visible when accessing the GUI using the HA management interface. |
Hyperscale
Bug ID |
Description |
---|---|
817562 |
NPD/LPMD cannot differentiate the different VRFs, and considers all VRFs as 0. |
896203 |
The parse error, |
975264 |
Hyperscale should not support threat feed addresses with the negate option. |
976972 |
New primary can get stuck on failover with HTTP CC sessions. |
977376 |
FG-4201F has a 10% performance drop during a CPS test case with DoS policy. |
981918 |
Hyperscale policy loses the |
Intrusion Prevention
Bug ID |
Description |
---|---|
782966 |
IPS sensor GUI shows All Attributes in the filter table when IPS filters with default values are selected in the CLI. |
IPsec VPN
Bug ID |
Description |
---|---|
866413 |
Traffic over GRE tunnel over IPsec tunnel, or traffic over IPsec tunnel with GRE encapsulation is not offloaded on NP7-based units. |
897871 |
GRE over IPsec does not work in transport mode. |
944600 |
CPU usage issues occurred when IPsec VPN traffic was received on the VLAN interface of an NP7 vlink. |
970703 |
FortiGate 6K and 7K models do not support IPsec VPN over vdom-link/npu-vlink. |
1003830 |
IPsec VPN tunnel phase 2 instability after upgrading to 7.4.2 on the NP6xlite platform. Workaround: disable replay detection on the phase 2 interface on both sides of the IPsec VPN: config vpn ipsec phase2-interface edit <name> set replay disable next end |
Log & Report
Bug ID |
Description |
---|---|
960661 |
FortiAnalyzer report is not available to view for the secondary unit in the HA cluster on the Log & Report > Reports page. Workaround: view the report directly in FortiAnalyzer. |
Proxy
Bug ID |
Description |
---|---|
900546 |
DNS proxy may resolve with an IPv4 address, even when |
910678 |
CPU usage issue in WAD caused by a high number of devices being detected by the device detection feature. |
922093 |
CPU usage issue in WAD caused by source port exhaustion when using WAN optimization. |
933002 |
Memory usage issue in WAD caused by a rare error condition. |
965966 |
An error condition occurred in WAD due to heavy HTTP video traffic when using a video filter profile with deep inspection enabled. |
REST API
Bug ID |
Description |
---|---|
964424 |
REST API GET |
Routing
Bug ID |
Description |
---|---|
903444 |
The |
974921 |
When creating or editing a rule on the Network > Routing Objects page, if the weight is set to 0 the changes are not saved. Workaround: Use the CLI to edit and save the |
989840 |
Issue with PIM neighborship over an IPSec tunnel with NP offload. |
Security Fabric
Bug ID |
Description |
---|---|
948322 |
After deauthorizing a downstream FortiGate from the System > Firmware & Registration page, the page may appear to be stuck to loading. Workaround: perform a full page refresh to allow the page to load again. |
966740 |
On the Security Fabric > Security Rating page, the format of the Unused Policies test Last Used date is incorrect. |
968585 |
The automation stitch triggered by the FortiAnalyzer event handler does not work as expected. |
972921 |
The comments are not working as expected in the threat feed list for the domain threat feed. |
SSL VPN
Bug ID |
Description |
---|---|
951827 |
SSL VPN client certificate verification failed after importing the VDOM user peer CA certificate into the global VDOM. |
Switch Controller
Bug ID |
Description |
---|---|
955550 |
Unexpected behavior in cu_acd and fortilinkd is causing the CPU to handle the majority of the traffic instead of the NPU. |
988335 |
If a user's network has more than 20 MAC addresses in a NAC environment, it is possible for the CAPWAP to come down. |
System
Bug ID |
Description |
---|---|
910364 |
CPU usage issue in miglogd caused by constant updates to the ZTNA tags. |
912383 |
FGR-70F and FGR-70F-3G4G failed to perform regular reboot process (using |
921134 |
GUI is inaccessible when using a SHA1 certificate as |
921604 |
On the FortiGate 601F, the ports (x7) have no cables attached but the link LEDs are green. |
953692 |
SNMP stops working when a second server is added. The FortiGate stops answering SNMP requests to both servers. |
956697 |
On NP7 platforms, the FortiGate maybe reboot twice when upgrading to 7.4.2 or restoring a configuration after a factory reset or burn image. This issue does not impact FortiOS functionality. |
964465 |
Administrators with read-write permission for WiFi and read permission for network configuration cannot create SSIDs. Workaround: give read-write permission for network configuration to the administrator. |
968618 |
After the upgrade to 7.4, the NP7 L2P is dropping packets at the L2TI module. |
971404 |
Session expiration does not get updated for offloaded traffic between a specific host range. |
971466 |
FGR 60F faces packet loss with a Cisco switch directly connected to it. |
977231 |
An error condition occurred in fgfm caused by an out-of-band management configuration. |
Upgrade
Bug ID |
Description |
---|---|
952828 |
The automatic patch upgrade feature overlooks patch release with the Feature label. Consequentaly, a FortiGate running 7.4.2 GA does not automatically upgrade to 7.4.3 GA. Workaround: Manually upgrade to a 7.4 Feature patch on the System > Firmware & Registration page. |
999324 |
FortiGate Pay-As-You-Go or On-demand VM versions cannot upload firmware using the System > Firmware & Registration > File Upload page. Workaround: Use the Latest Firmware or All Upgrade page to upgrade the firmware. |
User & Authentication
Bug ID |
Description |
---|---|
667150 |
When a remote LDAP user with Two-factor Authentication enabled and Authentication type 'FortiToken' tries to access the internet through firewall authentication, the web page does not receive the FortiToken notification or proceed to authenticate the user. Workaround: click the Continue button on the authentication page after approving the FortiToken on the mobile device. |
884462 |
NTLM authentication does not work with Chrome. |
967146 |
Upon expiration, the SSL certificate is removed from GUI but not from the CLI. |
972391 |
RADIUS group is not properly displayed as used. |
975689 |
On the User & Authentication > Guest Management page, the Print option does not work if the Guest User Print Template replacement message has been customized. |
982573 |
Dashboard > Assets & Identities page shows devices and interfaces from all VDOMs. |
VM
Bug ID |
Description |
---|---|
938382 |
OpenStack Queens FortiGate VM HA heartbeat on broadcast is not working as expected. |
967134 |
An interrupt distribution issue may cause the CPU load to not be balanced on the FG-VM cores. |
977110 |
Interface disappears after enabling |
978021 |
VNI length is zero in the GENEVE header when in FTP passive mode. |
Web Filter
Bug ID |
Description |
---|---|
634781 |
Unable to customize replacement message for FortiGuard category in web filter profile. |
WiFi Controller
Bug ID |
Description |
---|---|
814541 |
When there are extra large number of managed FortiAP devices (over 500) and large number of WiFi clients (over 5000), the Managed FortiAPs page and FortiAP Status widget can take a long time to load. This issue does not impact FortiAP operation. |
869978 |
CAPWAP tunnel traffic over tunnel SSID is dropped when offloading is enabled. |
883938 |
Flooded wireless STA traffic seen in L2 tunneled VLAN (FG-1800F). |
903922 |
Physical and logical topology is slow to load when there are a lot of managed FortiAP (over 50). This issue does not impact FortiAP management and operation. |
949682 |
Intermittent traffic disruption observed in cw_acd caused by a rare error condition. |
964757 |
Clients randomly unable to connect to 802.1X SSID when FortiAP has a DTLS policy enabled. |
972093 |
RADIUS accounting data usage is different between the bridge and tunnel VAP. |
998578 |
On FortiGate devices running 7.4.2 or 7.4.3, managed FortiAP-W2 devices might randomly go offline. Workaround: Reboot the FortiAP-W2 device, or use version 7.4.1 or earlier on the FortiGate. |
ZTNA
Bug ID |
Description |
---|---|
819987 |
SMB drive mapping made through a ZTNA access proxy is inaccessible after rebooting. |