The date in the graph of Last 7 Days traffic statistics for the policy is incorrect.

Once a traffic shaper is applied to a traffic shaping firewall policy, the counters should not clear when deleting or creating a traffic shaper.

On an FG-3001F NP7 device, packet loss occurs even on local-in traffic.

Transceiver information in unavailable for FPM/FIM2 ports in the GUI.

Existing ARP entries are removed from all slots when an ARP query of a single slot does not respond.

IPv6 ECMP is not supported for the FortiGate 6000F and 7000E platforms. IPv6 ECMP is supported for the FortiGate 7000F platform.

UTM traffic is blocked by an FGSP configuration with asymmetric routing.

The FortiGate 6000s or 7000s in an FGSP cluster may load balance FTP data sessions to different FPCs or FPMs. This can cause delays while the affected FortiGate 6000 or 7000 re-installs the sessions on the correct FPC or FPM.

FortiGate 7000E IPv6 routes may not be synchronized correctly among FIMs and FPMs.

FIM installed NPU session causes the SSE to get stuck.

FortiGate does not honor worker port partition when SNATing connections using a fixed port range IP pool.

Read-only administrator may encounter a Maximum number of monitored interfaces reached error when viewing an interface bandwidth widget for an interface that does not have the monitor bandwidth feature enabled.

Workaround: super_admin users can enable the monitor bandwidth feature on the interface first, then the widget can work for read-only administrators.

When viewing entries in slide-out pan of the Policy & Objects > Internet Service Database page, users cannot scroll down to the end if there are over 100K entries.

Suggest showing the SFP status information on the faceplate of FGR-60F/60F-3G4G devices.

Unexpected behavior in httpsd when the user has a lot of FQDN addresses.

When administrator GUI access (HTTPS) is enabled on SD-WAN member interfaces, the GUI may not be accessible on the SD-WAN interface due to incorrect routing of the response packet.

Workaround: access the GUI using another internal interface that is not part of an SD-WAN link.

GUI dashboards show all the IPv6 sessions on every VDOM.

List of security profiles it is not displayed correctly in the GUI.

On the Policy & Objects > Firewall Policy page, searching for automatically created addresses that have IP addresses does not show any matching results.

FortiGate removes the ? from custom replacement messages.

The Operation Technology category cannot be turned on or off from the GUI. The option to enable/disable the Operational Technology category on application control profiles when hovering the mouse over the category name is missing.

Workaround: use the CLI to configure it.

A GTP profile cannot be applied to policy using the GUI.

Workaround: use the CLI to apply the GTP profile.

NPD/LPMD cannot differentiate the different VRFs, and considers all VRFs as 0.

The parse error, NPD-0:NPD PARSE ADDR GRP gmail.com MEMBER ERR, appears after rebooting the system.

Hyperscale should not support threat feed addresses with the negate option.

New primary can get stuck on failover with HTTP CC sessions.

FG-4201F has a 10% performance drop during a CPS test case with DoS policy.

Traffic over GRE tunnel over IPsec tunnel, or traffic over IPsec tunnel with GRE encapsulation is not offloaded on NP7-based units.

GRE over IPsec does not work in transport mode.

CPU usage issues occurred when IPsec VPN traffic was received on the VLAN interface of an NP7 vlink.

FortiGate 6K and 7K models do not support IPsec VPN over vdom-link/npu-vlink.

DNS proxy may resolve with an IPv4 address, even when pref-dns-result is set to IPv6, if the IPv4 response comes first and there is no DNS cache.

CPU usage issue in WAD caused by a high number of devices being detected by the device detection feature.

CPU usage issue in WAD caused by source port exhaustion when using WAN optimization.

Memory usage issue in WAD caused by a rare error condition.

The diagnose ip rtcache list command is no longer supported in the FortiOS 4.19 kernel.

When creating or editing a rule on the Network > Routing Objects page, if the weight is set to 0 the changes are not saved.

Workaround: Use the CLI to edit and save the set-weight field.

After deauthorizing a downstream FortiGate from the System > Firmware & Registration page, the page may appear to be stuck to loading.

Workaround: perform a full page refresh to allow the page to load again.

On the Security Fabric > Security Rating page, the format of the Unused Policies test Last Used date is incorrect.

The automation stitch triggered by the FortiAnalyzer event handler does not work as expected.

Unexpected behavior in cu_acd and fortilinkd is causing the CPU to handle the majority of the traffic instead of the NPU.

CPU usage issue in miglogd caused by constant updates to the ZTNA tags.

FGR-70F and FGR-70F-3G4G failed to perform regular reboot process (using execute reboot command) with an SD card inserted.

GUI is inaccessible when using a SHA1 certificate as admin-server-cert.

On the FortiGate 601F, the ports (x7) have no cables attached but the link LEDs are green.

SNMP stops working when a second server is added. The FortiGate stops answering SNMP requests to both servers.

On NP7 platforms, the FortiGate maybe reboot twice when upgrading to 7.4.2 or restoring a configuration after a factory reset or burn image. This issue does not impact FortiOS functionality.

Administrators with read-write permission for WiFi and read permission for network configuration cannot create SSIDs.

Workaround: give read-write permission for network configuration to the administrator.

After the upgrade to 7.4, the NP7 L2P is dropping packets at the L2TI module.

Session expiration does not get updated for offloaded traffic between a specific host range.

FGR 60F faces packet loss with a Cisco switch directly connected to it.

The automatic patch upgrade feature overlooks patch release with the Feature label. Consequentaly, a FortiGate running 7.4.2 GA does not automatically upgrade to 7.4.3 GA.

Workaround: Manually upgrade to a 7.4 Feature patch on the System > Firmware & Registration page.

When a remote LDAP user with Two-factor Authentication enabled and Authentication type 'FortiToken' tries to access the internet through firewall authentication, the web page does not receive the FortiToken notification or proceed to authenticate the user.

Workaround: click the Continue button on the authentication page after approving the FortiToken on the mobile device.

NTLM authentication does not work with Chrome.

Upon expiration, the SSL certificate is removed from GUI but not from the CLI.

RADIUS group is not properly displayed as used.

On the User & Authentication > Guest Management page, the Print option does not work if the Guest User Print Template replacement message has been customized.

OpenStack Queens FortiGate VM HA heartbeat on broadcast is not working as expected.

An interrupt distribution issue may cause the CPU load to not be balanced on the FG-VM cores.

Interface disappears after enabling unicast-status on HA.

When there are extra large number of managed FortiAP devices (over 500) and large number of WiFi clients (over 5000), the Managed FortiAPs page and FortiAP Status widget can take a long time to load. This issue does not impact FortiAP operation.

CAPWAP tunnel traffic over tunnel SSID is dropped when offloading is enabled.

Flooded wireless STA traffic seen in L2 tunneled VLAN (FG-1800F).

Physical and logical topology is slow to load when there are a lot of managed FortiAP (over 50). This issue does not impact FortiAP management and operation.

Intermittent traffic disruption observed in cw_acd caused by a rare error condition.

Clients randomly unable to connect to 802.1X SSID when FortiAP has a DTLS policy enabled.

RADIUS accounting data usage is different between the bridge and tunnel VAP.