7.0.14 Application Control
Bug ID
Description
820481
For firewall policies using inspection-mode proxy, some HTTP/2 sessions may be invalidly detected as unknown application.
DNS Filter
Bug ID
Description
907365
DNS proxy caches DNS responses with only one CNAME record.
Endpoint Control
Bug ID
Description
979811
The ZTNA channel is not cleaned when overwriting old lls entries.
Explicit Proxy
Bug ID
Description
901627
Explicit proxy and SD-WAN fail to match a policy if the destination has multiple zones set.
942612
Web proxy forward server does not convert HTTP version to the original version when sending them back to the client.
978473
Explicit proxy policy function issues when matching external-threat feed categories.
Firewall
Bug ID
Description
898938
NAT64 does not recover when the interface changes.
953907
Virtual wire pair interface drops all packet if the prp-port-in/prp-port-out setting is configured under system npu-setting prp on FG-101F. 977641
In transparent mode, multicast packets are not forwarded through the bridge and are dropped.
GUI
Bug ID
Description
848660
Read-only administrator may encounter a Maximum number of monitored interfaces reached error when viewing an interface bandwidth widget for an interface that does not have the monitor bandwidth feature enabled.
867802
GUI always displays Access denied error after logging in.
874502
A prompt to Login as ReadOnly/ReadWrite is not displayed when post-login-banner is enabled on a FortiGate managed by FortiManager.
969101
Managed FortiAP-s page is not loading for non super-admin users.
HA
Bug ID
Description
871636
HA configuration synchronization packets (Ethertype 0x8893) are dropped when going through VXLAN.
904117
When walking through the session list to change the ha_id, some dead sessions could be freed one more time.
924671
There is no response on ha-mgmt-interfaces after a reboot when using a VLAN interface based on hd-sw as the ha-mgmt interface.
937246
An error condition occurred while forwarding over a VRRP address, caused by the creation of a new VLAN.
949352
The user.radius checksum is the same in both HA units, but the GUI shows a different checksum on the secondary and the HA status is out of sync.
962681
In a three member A-P cluster, the dhcp lease list (execute dhcp lease-list) might be empty on secondary units.
Hyperscale
Bug ID
Description
839958
service-negate does not work as expected in a hyperscale deny policy.
940511
In some cases, carrier-grade NAT is dropping traffic.
984852
The HA/AUX ports are not enabled on boot up when using the NPU path option.
Intrusion Prevention
Bug ID
Description
923393
IPS logs show incorrect source and destination IP addresses and policy IDs, and the ports are zeros.
IPsec VPN
Bug ID
Description
897867
IPsec VPN between two FortiGates (100F and 60F) experiences slow throughput compared to the available underlay bandwidth.
898961
diagnose traffictest issues with dynamic IP addresses and loopback interfaces.
914418
File transfer stops after a while when offloading is enabled.
921691
In FGSP, IKE routes are not removed from the kernel when secondary-add-ipsec-routes is disabled.
926002
Incorrect traffic order in IPsec aggregate redundant member list after upgrade.
945873
Inconsistency of mode-cfg between phase 1 assigned IP address and destination selector addition.
950012
IPsec tunnels stuck on NP6XLite spoke drop the ESP packet.
950445
After a third-party router failover, traffic traversing the IPsec tunnel is lost.
961305
FortiGate is sending ESP packets with source MAC address of port1 HA virtual MAC address.
968218
When the IPsec tunnel destination MAC address is changed, tunnel traffic may stop.
Log & Report
Bug ID
Description
940814
Administrators without read permissions for the threat weight feature cannot see the event log menu.
954565
Although there is enough disk space for logging, IPS archive full message is shown.
965247
FortiGate syslog format in reliable transport mode is not compliant with RFC 6587.
967692
The received traffic counter is not increasing when the traffic is HTTPS with webfilter.
987261
In the webfilter content block UTM log in proxy inspection mode, sentbyte and rcvdbyte are zero.
Proxy
Bug ID
Description
790426
An error case occurs in WAD while redirecting the web filter HTTPS sessions.
806556
Unexpected behavior in WAD when the ALPN is set to http2 in the ssl-ssh-profile.
828917, 919781
Unexpected behavior in WAD when there are multiple LDAP servers configured on the FortiGate.
845361
A rare error condition occurred in WAD caused by compounded SMB2 requests.
940149
Inadvertent traffic disruption caused by WAD when it receives an HTTP2 data frame payload on a dead stream.
947814
Too many redirects on TWPP after the second KRB keytab is configured.
954104
An error case occurs in WAD when WAD gets the external authenticated users from other daemons.
Routing
Bug ID
Description
781483
Incorrect BGP Originator_ID from route reflector seen on receiving spokes.
890954
The change of an IPv6 route does not mark sessions as dirty nor trigger a route change.
897666
Issue with SD-WAN rule for FortiGuard.
914815
FortiGate 40F-3G4G not adding LTE dynamic route to route table.
926525
Routing information changed log is being generated from secondary in an HA cluster.
952908
Locally originated type 5 and 7 LSAs' forward address value is incorrect.
954100
Packet loss status in SD-WAN health check occur after an HA failover.
Security Fabric
Bug ID
Description
782518
Threat feeds are showing that the connection status has not started when it should be connected.
841364
Cisco APIC SDN update times out on large datasets.
956423
In HA, the primary unit may sometimes show a blank GUI screen.
SSL VPN
Bug ID
Description
894704
FortiOS check would block iOS and Android mobile devices from connecting to the SSL VPN tunnel.
898889
The internal website does not load completely with SSL VPN web mode.
906756
Update SSL VPN host check logic for unsupported OS.
957406
OS checklist for SSL VPN in FortiOS does not include macOS Sonoma 14.
Switch Controller
Bug ID
Description
816790
Console printed DSL related error messages when disconnecting the managed FortiSwitch and connecting to the FortiGate again.
858749
Redirected traffic should not hit the firewall policy when allow-traffic-redirect is enabled.
911232
Security rating shows an incorrect warning for unregistered FortiSwitches on the WiFi & Switch Controller > Managed FortiSwitches.
937065
An exported FortiSwitch port is not correctly showing up/down status.
System
Bug ID
Description
631046
diagnose sys logdisk smart does not work for NVMe disk models.
733096
FG-100F HA secondary's unused ports flaps from down to up, then to down.
763739
On FG-200F, the Outbound bandwidth in the Bandwidth widget does not match outbandwidth setting.
861661
SNMP OID 1.3.6.1.2.1.4.32 ipAddressPrefixTable is not available.
882187
FortiGate enters conserve mode in a few hours after enabling UTM on the policies.
888655
FortiGate queries system DNS for A <Root> and AAAA <Root> servers.
894045
Sensor information widget continuously loading.
909225
ISP traffic is failing with the LAG interfaces on upstream switches.
910700
Ports are flapping and down on the FortiGate 3980E.
912092
FortiGate does not send ARP probe for UDP NP-offloaded sessions.
916493
Fail detection function does not work properly on X1 and X2 10G ports.
919901
For FIPS-CC mode, the strict check for basic constraints should be removed for end entity certificates.
926817
Review the temperature sensor for the SoC4 system.
929904
When L3 or L4 hashing algorithm is used, traffic is not forwarded over the same aggregate member after being offloaded by NP7.
937982
High CPU usage might be observed on entry-level FortiGates if the cache size reaches 10% of the system memory.
938174
ARP issue with VXLAN over IPsec and Soft Switch.
938981
The virtual server http-host algorithm is redirecting requests to an unexpected server.
943948
FortiGate as L2TP client is not working with Cisco ASR as L2TP server.
946413
Temperature sensor value missing for FG-180xF, FG-420xF, and FG-440xF platforms.F
947240
FortiGate is not able to resolve ARPs of few hosts due to their ARP replies not reaching the primary FPM.
955074
MSS clamping is not working on VXLAN over IPsec after upgrading.
960707
Egress shaping does not work on NP when applied on the WAN interface.
962153
A port that uses a copper-transceiver does not update the link status in real-time.
963600
SolarWinds unable to negotiate encryption, no matching host key type found.
966761
SNMP OID 1.3.6.1.2.1.4.34.1.5 ipAddressPrefix is not fully implemented.
971404
Session expiration does not get updated for offloaded traffic between a specific host range.
977231
An error condition occurred in fgfm caused by an out-of-band management configuration.
User & Authentication
Bug ID
Description
837185
Automatic certificate name generation is the same for global and VDOM remote certificates, which can cause certificates to exist with the same name. 864703
ACME client fails to work with some CA servers.
868994
FortiGate receives FSSO user in the format of HOSTNAME$.
VM
Bug ID
Description
938382
OpenStack Queens FortiGate VM HA heartbeat on broadcast is not working as expected.
968740
Unexpected behavior in awsd caused by tags with an empty value on AWS instances while adding a new AWS Fabric connector.
WAN Optimization
Bug ID
Description
954541
In WANOpt transparent mode, WAN optimization does not keep the original source address of the packets.
Web Filter
Bug ID
Description
925801
Custom Images are not seen on Web Filter block replacement page for HTTP traffic in flow mode.
982156
The URL local/user category rating result has only one best match category (longest URL pattern match), and other matched local/user categories cannot be chosen even if the category is configured in the profile.
WiFi Controller
Bug ID
Description
874997
Fetching the registration status does not always work.
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID
CVE references
956553
FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:
CVE-2024-23112 959918
FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:
CVE-2023-38545
989429
FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:
CVE-2024-21762 993323
FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:
CVE-2024-23113
- Read more...
- 0 comments
- 122 views