820481

For firewall policies using inspection-mode proxy, some HTTP/2 sessions may be invalidly detected as unknown application.

907365

DNS proxy caches DNS responses with only one CNAME record.

979811

The ZTNA channel is not cleaned when overwriting old lls entries.

901627

Explicit proxy and SD-WAN fail to match a policy if the destination has multiple zones set.

942612

Web proxy forward server does not convert HTTP version to the original version when sending them back to the client.

978473

Explicit proxy policy function issues when matching external-threat feed categories.

898938

NAT64 does not recover when the interface changes.

953907

977641

In transparent mode, multicast packets are not forwarded through the bridge and are dropped.

848660

Read-only administrator may encounter a Maximum number of monitored interfaces reached error when viewing an interface bandwidth widget for an interface that does not have the monitor bandwidth feature enabled.

867802

GUI always displays Access denied error after logging in.

874502

A prompt to Login as ReadOnly/ReadWrite is not displayed when post-login-banner is enabled on a FortiGate managed by FortiManager.

969101

Managed FortiAP-s page is not loading for non super-admin users.

871636

HA configuration synchronization packets (Ethertype 0x8893) are dropped when going through VXLAN.

904117

When walking through the session list to change the ha_id, some dead sessions could be freed one more time.

924671

There is no response on ha-mgmt-interfaces after a reboot when using a VLAN interface based on hd-sw as the ha-mgmt interface.

937246

An error condition occurred while forwarding over a VRRP address, caused by the creation of a new VLAN.

949352

The user.radius checksum is the same in both HA units, but the GUI shows a different checksum on the secondary and the HA status is out of sync.

962681

In a three member A-P cluster, the dhcp lease list (execute dhcp lease-list) might be empty on secondary units.

839958

service-negate does not work as expected in a hyperscale deny policy.

940511

In some cases, carrier-grade NAT is dropping traffic.

984852

The HA/AUX ports are not enabled on boot up when using the NPU path option.

923393

IPS logs show incorrect source and destination IP addresses and policy IDs, and the ports are zeros.

897867

IPsec VPN between two FortiGates (100F and 60F) experiences slow throughput compared to the available underlay bandwidth.

898961

diagnose traffictest issues with dynamic IP addresses and loopback interfaces.

914418

File transfer stops after a while when offloading is enabled.

921691

In FGSP, IKE routes are not removed from the kernel when secondary-add-ipsec-routes is disabled.

926002

Incorrect traffic order in IPsec aggregate redundant member list after upgrade.

945873

Inconsistency of mode-cfg between phase 1 assigned IP address and destination selector addition.

950012

IPsec tunnels stuck on NP6XLite spoke drop the ESP packet.

950445

After a third-party router failover, traffic traversing the IPsec tunnel is lost.

961305

FortiGate is sending ESP packets with source MAC address of port1 HA virtual MAC address.

968218

When the IPsec tunnel destination MAC address is changed, tunnel traffic may stop.

940814

Administrators without read permissions for the threat weight feature cannot see the event log menu.

954565

Although there is enough disk space for logging, IPS archive full message is shown.

965247

FortiGate syslog format in reliable transport mode is not compliant with RFC 6587.

967692

The received traffic counter is not increasing when the traffic is HTTPS with webfilter.

987261

In the webfilter content block UTM log in proxy inspection mode, sentbyte and rcvdbyte are zero.

790426

An error case occurs in WAD while redirecting the web filter HTTPS sessions.

806556

Unexpected behavior in WAD when the ALPN is set to http2 in the ssl-ssh-profile.

828917, 919781

Unexpected behavior in WAD when there are multiple LDAP servers configured on the FortiGate.

845361

A rare error condition occurred in WAD caused by compounded SMB2 requests.

940149

Inadvertent traffic disruption caused by WAD when it receives an HTTP2 data frame payload on a dead stream.

947814

Too many redirects on TWPP after the second KRB keytab is configured.

954104

An error case occurs in WAD when WAD gets the external authenticated users from other daemons.

781483

Incorrect BGP Originator_ID from route reflector seen on receiving spokes.

890954

The change of an IPv6 route does not mark sessions as dirty nor trigger a route change.

897666

Issue with SD-WAN rule for FortiGuard.

914815

FortiGate 40F-3G4G not adding LTE dynamic route to route table.

926525

Routing information changed log is being generated from secondary in an HA cluster.

952908

Locally originated type 5 and 7 LSAs' forward address value is incorrect.

954100

Packet loss status in SD-WAN health check occur after an HA failover.

782518

Threat feeds are showing that the connection status has not started when it should be connected.

841364

Cisco APIC SDN update times out on large datasets.

956423

In HA, the primary unit may sometimes show a blank GUI screen.

894704

FortiOS check would block iOS and Android mobile devices from connecting to the SSL VPN tunnel.

898889

The internal website does not load completely with SSL VPN web mode.

906756

Update SSL VPN host check logic for unsupported OS.

957406

OS checklist for SSL VPN in FortiOS does not include macOS Sonoma 14.

816790

Console printed DSL related error messages when disconnecting the managed FortiSwitch and connecting to the FortiGate again.

858749

Redirected traffic should not hit the firewall policy when allow-traffic-redirect is enabled.

911232

Security rating shows an incorrect warning for unregistered FortiSwitches on the WiFi & Switch Controller > Managed FortiSwitches.

937065

An exported FortiSwitch port is not correctly showing up/down status.

631046

diagnose sys logdisk smart does not work for NVMe disk models.

733096

FG-100F HA secondary's unused ports flaps from down to up, then to down.

763739

On FG-200F, the Outbound bandwidth in the Bandwidth widget does not match outbandwidth setting.

861661

SNMP OID 1.3.6.1.2.1.4.32 ipAddressPrefixTable is not available.

882187

FortiGate enters conserve mode in a few hours after enabling UTM on the policies.

888655

FortiGate queries system DNS for A <Root> and AAAA <Root> servers.

894045

Sensor information widget continuously loading.

909225

ISP traffic is failing with the LAG interfaces on upstream switches.

910700

Ports are flapping and down on the FortiGate 3980E.

912092

FortiGate does not send ARP probe for UDP NP-offloaded sessions.

916493

Fail detection function does not work properly on X1 and X2 10G ports.

919901

For FIPS-CC mode, the strict check for basic constraints should be removed for end entity certificates.

926817

Review the temperature sensor for the SoC4 system.

929904

When L3 or L4 hashing algorithm is used, traffic is not forwarded over the same aggregate member after being offloaded by NP7.

937982

High CPU usage might be observed on entry-level FortiGates if the cache size reaches 10% of the system memory.

938174

ARP issue with VXLAN over IPsec and Soft Switch.

938981

The virtual server http-host algorithm is redirecting requests to an unexpected server.

943948

FortiGate as L2TP client is not working with Cisco ASR as L2TP server.

946413

Temperature sensor value missing for FG-180xF, FG-420xF, and FG-440xF platforms.F

947240

FortiGate is not able to resolve ARPs of few hosts due to their ARP replies not reaching the primary FPM.

955074

MSS clamping is not working on VXLAN over IPsec after upgrading.

960707

Egress shaping does not work on NP when applied on the WAN interface.

962153

A port that uses a copper-transceiver does not update the link status in real-time.

963600

SolarWinds unable to negotiate encryption, no matching host key type found.

966761

SNMP OID 1.3.6.1.2.1.4.34.1.5 ipAddressPrefix is not fully implemented.

971404

Session expiration does not get updated for offloaded traffic between a specific host range.

977231

An error condition occurred in fgfm caused by an out-of-band management configuration.

837185

864703

ACME client fails to work with some CA servers.

868994

FortiGate receives FSSO user in the format of HOSTNAME$.

938382

OpenStack Queens FortiGate VM HA heartbeat on broadcast is not working as expected.

968740

Unexpected behavior in awsd caused by tags with an empty value on AWS instances while adding a new AWS Fabric connector.

954541

In WANOpt transparent mode, WAN optimization does not keep the original source address of the packets.

925801

Custom Images are not seen on Web Filter block replacement page for HTTP traffic in flow mode.

982156

The URL local/user category rating result has only one best match category (longest URL pattern match), and other matched local/user categories cannot be chosen even if the category is configured in the profile.

874997

Fetching the registration status does not always work.

956553

FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:

• CVE-2024-23112

959918

FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:

• CVE-2023-38545

989429

FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:

• CVE-2024-21762

993323

FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:

• CVE-2024-23113