Jump to content
  • SeedTheNet
  • FortiOS 7.0.14 Resolved Issues


    SeedTheNet

    Resolved issues

    7.0.14 

    Application Control

    Bug ID

    Description

    820481

    For firewall policies using inspection-mode proxy, some HTTP/2 sessions may be invalidly detected as unknown application.

    DNS Filter

    Bug ID

    Description

    907365

    DNS proxy caches DNS responses with only one CNAME record.

    Endpoint Control

    Bug ID

    Description

    979811

    The ZTNA channel is not cleaned when overwriting old lls entries.

    Explicit Proxy

    Bug ID

    Description

    901627

    Explicit proxy and SD-WAN fail to match a policy if the destination has multiple zones set.

    942612

    Web proxy forward server does not convert HTTP version to the original version when sending them back to the client.

    978473

    Explicit proxy policy function issues when matching external-threat feed categories.

    Firewall

    Bug ID

    Description

    898938

    NAT64 does not recover when the interface changes.

    953907

    Virtual wire pair interface drops all packet if the prp-port-in/prp-port-out setting is configured under system npu-setting prp on FG-101F.

    977641

    In transparent mode, multicast packets are not forwarded through the bridge and are dropped.

    GUI

    Bug ID

    Description

    848660

    Read-only administrator may encounter a Maximum number of monitored interfaces reached error when viewing an interface bandwidth widget for an interface that does not have the monitor bandwidth feature enabled.

    867802

    GUI always displays Access denied error after logging in.

    874502

    A prompt to Login as ReadOnly/ReadWrite is not displayed when post-login-banner is enabled on a FortiGate managed by FortiManager.

    969101

    Managed FortiAP-s page is not loading for non super-admin users.

    HA

    Bug ID

    Description

    871636

    HA configuration synchronization packets (Ethertype 0x8893) are dropped when going through VXLAN.

    904117

    When walking through the session list to change the ha_id, some dead sessions could be freed one more time.

    924671

    There is no response on ha-mgmt-interfaces after a reboot when using a VLAN interface based on hd-sw as the ha-mgmt interface.

    937246

    An error condition occurred while forwarding over a VRRP address, caused by the creation of a new VLAN.

    949352

    The user.radius checksum is the same in both HA units, but the GUI shows a different checksum on the secondary and the HA status is out of sync.

    962681

    In a three member A-P cluster, the dhcp lease list (execute dhcp lease-list) might be empty on secondary units.

    Hyperscale

    Bug ID

    Description

    839958

    service-negate does not work as expected in a hyperscale deny policy.

    940511

    In some cases, carrier-grade NAT is dropping traffic.

    984852

    The HA/AUX ports are not enabled on boot up when using the NPU path option.

    Intrusion Prevention

    Bug ID

    Description

    923393

    IPS logs show incorrect source and destination IP addresses and policy IDs, and the ports are zeros.

    IPsec VPN

    Bug ID

    Description

    897867

    IPsec VPN between two FortiGates (100F and 60F) experiences slow throughput compared to the available underlay bandwidth.

    898961

    diagnose traffictest issues with dynamic IP addresses and loopback interfaces.

    914418

    File transfer stops after a while when offloading is enabled.

    921691

    In FGSP, IKE routes are not removed from the kernel when secondary-add-ipsec-routes is disabled.

    926002

    Incorrect traffic order in IPsec aggregate redundant member list after upgrade.

    945873

    Inconsistency of mode-cfg between phase 1 assigned IP address and destination selector addition.

    950012

    IPsec tunnels stuck on NP6XLite spoke drop the ESP packet.

    950445

    After a third-party router failover, traffic traversing the IPsec tunnel is lost.

    961305

    FortiGate is sending ESP packets with source MAC address of port1 HA virtual MAC address.

    968218

    When the IPsec tunnel destination MAC address is changed, tunnel traffic may stop.

    Log & Report

    Bug ID

    Description

    940814

    Administrators without read permissions for the threat weight feature cannot see the event log menu.

    954565

    Although there is enough disk space for logging, IPS archive full message is shown.

    965247

    FortiGate syslog format in reliable transport mode is not compliant with RFC 6587.

    967692

    The received traffic counter is not increasing when the traffic is HTTPS with webfilter.

    987261

    In the webfilter content block UTM log in proxy inspection mode, sentbyte and rcvdbyte are zero.

    Proxy

    Bug ID

    Description

    790426

    An error case occurs in WAD while redirecting the web filter HTTPS sessions.

    806556

    Unexpected behavior in WAD when the ALPN is set to http2 in the ssl-ssh-profile.

    828917, 919781

    Unexpected behavior in WAD when there are multiple LDAP servers configured on the FortiGate.

    845361

    A rare error condition occurred in WAD caused by compounded SMB2 requests.

    940149

    Inadvertent traffic disruption caused by WAD when it receives an HTTP2 data frame payload on a dead stream.

    947814

    Too many redirects on TWPP after the second KRB keytab is configured.

    954104

    An error case occurs in WAD when WAD gets the external authenticated users from other daemons.

    Routing

    Bug ID

    Description

    781483

    Incorrect BGP Originator_ID from route reflector seen on receiving spokes.

    890954

    The change of an IPv6 route does not mark sessions as dirty nor trigger a route change.

    897666

    Issue with SD-WAN rule for FortiGuard.

    914815

    FortiGate 40F-3G4G not adding LTE dynamic route to route table.

    926525

    Routing information changed log is being generated from secondary in an HA cluster.

    952908

    Locally originated type 5 and 7 LSAs' forward address value is incorrect.

    954100

    Packet loss status in SD-WAN health check occur after an HA failover.

    Security Fabric

    Bug ID

    Description

    782518

    Threat feeds are showing that the connection status has not started when it should be connected.

    841364

    Cisco APIC SDN update times out on large datasets.

    956423

    In HA, the primary unit may sometimes show a blank GUI screen.

    SSL VPN

    Bug ID

    Description

    894704

    FortiOS check would block iOS and Android mobile devices from connecting to the SSL VPN tunnel.

    898889

    The internal website does not load completely with SSL VPN web mode.

    906756

    Update SSL VPN host check logic for unsupported OS.

    957406

    OS checklist for SSL VPN in FortiOS does not include macOS Sonoma 14.

    Switch Controller

    Bug ID

    Description

    816790

    Console printed DSL related error messages when disconnecting the managed FortiSwitch and connecting to the FortiGate again.

    858749

    Redirected traffic should not hit the firewall policy when allow-traffic-redirect is enabled.

    911232

    Security rating shows an incorrect warning for unregistered FortiSwitches on the WiFi & Switch Controller > Managed FortiSwitches.

    937065

    An exported FortiSwitch port is not correctly showing up/down status.

    System

    Bug ID

    Description

    631046

    diagnose sys logdisk smart does not work for NVMe disk models.

    733096

    FG-100F HA secondary's unused ports flaps from down to up, then to down.

    763739

    On FG-200F, the Outbound bandwidth in the Bandwidth widget does not match outbandwidth setting.

    861661

    SNMP OID 1.3.6.1.2.1.4.32 ipAddressPrefixTable is not available.

    882187

    FortiGate enters conserve mode in a few hours after enabling UTM on the policies.

    888655

    FortiGate queries system DNS for A <Root> and AAAA <Root> servers.

    894045

    Sensor information widget continuously loading.

    909225

    ISP traffic is failing with the LAG interfaces on upstream switches.

    910700

    Ports are flapping and down on the FortiGate 3980E.

    912092

    FortiGate does not send ARP probe for UDP NP-offloaded sessions.

    916493

    Fail detection function does not work properly on X1 and X2 10G ports.

    919901

    For FIPS-CC mode, the strict check for basic constraints should be removed for end entity certificates.

    926817

    Review the temperature sensor for the SoC4 system.

    929904

    When L3 or L4 hashing algorithm is used, traffic is not forwarded over the same aggregate member after being offloaded by NP7.

    937982

    High CPU usage might be observed on entry-level FortiGates if the cache size reaches 10% of the system memory.

    938174

    ARP issue with VXLAN over IPsec and Soft Switch.

    938981

    The virtual server http-host algorithm is redirecting requests to an unexpected server.

    943948

    FortiGate as L2TP client is not working with Cisco ASR as L2TP server.

    946413

    Temperature sensor value missing for FG-180xF, FG-420xF, and FG-440xF platforms.F

    947240

    FortiGate is not able to resolve ARPs of few hosts due to their ARP replies not reaching the primary FPM.

    955074

    MSS clamping is not working on VXLAN over IPsec after upgrading.

    960707

    Egress shaping does not work on NP when applied on the WAN interface.

    962153

    A port that uses a copper-transceiver does not update the link status in real-time.

    963600

    SolarWinds unable to negotiate encryption, no matching host key type found.

    966761

    SNMP OID 1.3.6.1.2.1.4.34.1.5 ipAddressPrefix is not fully implemented.

    971404

    Session expiration does not get updated for offloaded traffic between a specific host range.

    977231

    An error condition occurred in fgfm caused by an out-of-band management configuration.

    User & Authentication

    Bug ID

    Description

    837185

    Automatic certificate name generation is the same for global and VDOM remote certificates, which can cause certificates to exist with the same name.

    864703

    ACME client fails to work with some CA servers.

    868994

    FortiGate receives FSSO user in the format of HOSTNAME$.

    VM

    Bug ID

    Description

    938382

    OpenStack Queens FortiGate VM HA heartbeat on broadcast is not working as expected.

    968740

    Unexpected behavior in awsd caused by tags with an empty value on AWS instances while adding a new AWS Fabric connector.

    WAN Optimization

    Bug ID

    Description

    954541

    In WANOpt transparent mode, WAN optimization does not keep the original source address of the packets.

    Web Filter

    Bug ID

    Description

    925801

    Custom Images are not seen on Web Filter block replacement page for HTTP traffic in flow mode.

    982156

    The URL local/user category rating result has only one best match category (longest URL pattern match), and other matched local/user categories cannot be chosen even if the category is configured in the profile.

    WiFi Controller

    Bug ID

    Description

    874997

    Fetching the registration status does not always work.

    Common Vulnerabilities and Exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE references

    956553

    FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-23112

    959918

    FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:

    • CVE-2023-38545

    989429

    FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-21762

    993323

    FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-23113

    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...

Important Information

Privacy Policy