Resolved issues
Application Control
Bug ID |
Description |
---|---|
820481 |
For firewall policies using inspection-mode proxy, some HTTP/2 sessions may be invalidly detected as unknown application. |
DNS Filter
Bug ID |
Description |
---|---|
907365 |
DNS proxy caches DNS responses with only one CNAME record. |
Endpoint Control
Bug ID |
Description |
---|---|
979811 |
The ZTNA channel is not cleaned when overwriting old lls entries. |
Explicit Proxy
Bug ID |
Description |
---|---|
901627 |
Explicit proxy and SD-WAN fail to match a policy if the destination has multiple zones set. |
942612 |
Web proxy forward server does not convert HTTP version to the original version when sending them back to the client. |
978473 |
Explicit proxy policy function issues when matching external-threat feed categories. |
Firewall
Bug ID |
Description |
---|---|
898938 |
NAT64 does not recover when the interface changes. |
953907 |
Virtual wire pair interface drops all packet if the prp-port-in /prp-port-out setting is configured under system npu-setting prp on FG-101F.
|
977641 |
In transparent mode, multicast packets are not forwarded through the bridge and are dropped. |
GUI
Bug ID |
Description |
---|---|
848660 |
Read-only administrator may encounter a Maximum number of monitored interfaces reached error when viewing an interface bandwidth widget for an interface that does not have the monitor bandwidth feature enabled. |
867802 |
GUI always displays Access denied error after logging in. |
874502 |
A prompt to Login as ReadOnly/ReadWrite is not displayed when |
969101 |
Managed FortiAP-s page is not loading for non super-admin users. |
HA
Bug ID |
Description |
---|---|
871636 |
HA configuration synchronization packets (Ethertype 0x8893) are dropped when going through VXLAN. |
904117 |
When walking through the session list to change the |
924671 |
There is no response on |
937246 |
An error condition occurred while forwarding over a VRRP address, caused by the creation of a new VLAN. |
949352 |
The user.radius checksum is the same in both HA units, but the GUI shows a different checksum on the secondary and the HA status is out of sync. |
962681 |
In a three member A-P cluster, the dhcp lease list ( |
Hyperscale
Bug ID |
Description |
---|---|
839958 |
|
940511 |
In some cases, carrier-grade NAT is dropping traffic. |
984852 |
The HA/AUX ports are not enabled on boot up when using the NPU path option. |
Intrusion Prevention
Bug ID |
Description |
---|---|
923393 |
IPS logs show incorrect source and destination IP addresses and policy IDs, and the ports are zeros. |
IPsec VPN
Bug ID |
Description |
---|---|
897867 |
IPsec VPN between two FortiGates (100F and 60F) experiences slow throughput compared to the available underlay bandwidth. |
898961 |
|
914418 |
File transfer stops after a while when offloading is enabled. |
921691 |
In FGSP, IKE routes are not removed from the kernel when |
926002 |
Incorrect traffic order in IPsec aggregate redundant member list after upgrade. |
945873 |
Inconsistency of |
950012 |
IPsec tunnels stuck on NP6XLite spoke drop the ESP packet. |
950445 |
After a third-party router failover, traffic traversing the IPsec tunnel is lost. |
961305 |
FortiGate is sending ESP packets with source MAC address of port1 HA virtual MAC address. |
968218 |
When the IPsec tunnel destination MAC address is changed, tunnel traffic may stop. |
Log & Report
Bug ID |
Description |
---|---|
940814 |
Administrators without read permissions for the threat weight feature cannot see the event log menu. |
954565 |
Although there is enough disk space for logging, IPS archive full message is shown. |
965247 |
FortiGate syslog format in reliable transport mode is not compliant with RFC 6587. |
967692 |
The received traffic counter is not increasing when the traffic is HTTPS with webfilter. |
987261 |
In the webfilter content block UTM log in proxy inspection mode, |
Proxy
Bug ID |
Description |
---|---|
790426 |
An error case occurs in WAD while redirecting the web filter HTTPS sessions. |
806556 |
Unexpected behavior in WAD when the ALPN is set to |
828917, 919781 |
Unexpected behavior in WAD when there are multiple LDAP servers configured on the FortiGate. |
845361 |
A rare error condition occurred in WAD caused by compounded SMB2 requests. |
940149 |
Inadvertent traffic disruption caused by WAD when it receives an HTTP2 data frame payload on a dead stream. |
947814 |
Too many redirects on TWPP after the second KRB keytab is configured. |
954104 |
An error case occurs in WAD when WAD gets the external authenticated users from other daemons. |
Routing
Bug ID |
Description |
---|---|
781483 |
Incorrect BGP Originator_ID from route reflector seen on receiving spokes. |
890954 |
The change of an IPv6 route does not mark sessions as dirty nor trigger a route change. |
897666 |
Issue with SD-WAN rule for FortiGuard. |
914815 |
FortiGate 40F-3G4G not adding LTE dynamic route to route table. |
926525 |
|
952908 |
Locally originated type 5 and 7 LSAs' forward address value is incorrect. |
954100 |
Packet loss status in SD-WAN health check occur after an HA failover. |
Security Fabric
Bug ID |
Description |
---|---|
782518 |
Threat feeds are showing that the connection status has not started when it should be connected. |
841364 |
Cisco APIC SDN update times out on large datasets. |
956423 |
In HA, the primary unit may sometimes show a blank GUI screen. |
SSL VPN
Bug ID |
Description |
---|---|
894704 |
FortiOS check would block iOS and Android mobile devices from connecting to the SSL VPN tunnel. |
898889 |
The internal website does not load completely with SSL VPN web mode. |
906756 |
Update SSL VPN host check logic for unsupported OS. |
957406 |
OS checklist for SSL VPN in FortiOS does not include macOS Sonoma 14. |
Switch Controller
Bug ID |
Description |
---|---|
816790 |
Console printed DSL related error messages when disconnecting the managed FortiSwitch and connecting to the FortiGate again. |
858749 |
Redirected traffic should not hit the firewall policy when |
911232 |
Security rating shows an incorrect warning for unregistered FortiSwitches on the WiFi & Switch Controller > Managed FortiSwitches. |
937065 |
An exported FortiSwitch port is not correctly showing up/down status. |
System
Bug ID |
Description |
---|---|
631046 |
|
733096 |
FG-100F HA secondary's unused ports flaps from down to up, then to down. |
763739 |
On FG-200F, the Outbound bandwidth in the Bandwidth widget does not match outbandwidth setting. |
861661 |
SNMP OID 1.3.6.1.2.1.4.32 ipAddressPrefixTable is not available. |
882187 |
FortiGate enters conserve mode in a few hours after enabling UTM on the policies. |
888655 |
FortiGate queries system DNS for A <Root> and AAAA <Root> servers. |
894045 |
Sensor information widget continuously loading. |
909225 |
ISP traffic is failing with the LAG interfaces on upstream switches. |
910700 |
Ports are flapping and down on the FortiGate 3980E. |
912092 |
FortiGate does not send ARP probe for UDP NP-offloaded sessions. |
916493 |
Fail detection function does not work properly on X1 and X2 10G ports. |
919901 |
For FIPS-CC mode, the strict check for basic constraints should be removed for end entity certificates. |
926817 |
Review the temperature sensor for the SoC4 system. |
929904 |
When L3 or L4 hashing algorithm is used, traffic is not forwarded over the same aggregate member after being offloaded by NP7. |
937982 |
High CPU usage might be observed on entry-level FortiGates if the cache size reaches 10% of the system memory. |
938174 |
ARP issue with VXLAN over IPsec and Soft Switch. |
938981 |
The virtual server http-host algorithm is redirecting requests to an unexpected server. |
943948 |
FortiGate as L2TP client is not working with Cisco ASR as L2TP server. |
946413 |
Temperature sensor value missing for FG-180xF, FG-420xF, and FG-440xF platforms.F |
947240 |
FortiGate is not able to resolve ARPs of few hosts due to their ARP replies not reaching the primary FPM. |
955074 |
MSS clamping is not working on VXLAN over IPsec after upgrading. |
960707 |
Egress shaping does not work on NP when applied on the WAN interface. |
962153 |
A port that uses a copper-transceiver does not update the link status in real-time. |
963600 |
SolarWinds unable to negotiate encryption, no matching host key type found. |
966761 |
SNMP OID 1.3.6.1.2.1.4.34.1.5 ipAddressPrefix is not fully implemented. |
971404 |
Session expiration does not get updated for offloaded traffic between a specific host range. |
977231 |
An error condition occurred in fgfm caused by an out-of-band management configuration. |
User & Authentication
Bug ID |
Description |
---|---|
837185 |
Automatic certificate name generation is the same for global and VDOM remote certificates, which can cause certificates to exist with the same name. |
864703 |
ACME client fails to work with some CA servers. |
868994 |
FortiGate receives FSSO user in the format of HOSTNAME$. |
VM
Bug ID |
Description |
---|---|
938382 |
OpenStack Queens FortiGate VM HA heartbeat on broadcast is not working as expected. |
968740 |
Unexpected behavior in awsd caused by tags with an empty value on AWS instances while adding a new AWS Fabric connector. |
WAN Optimization
Bug ID |
Description |
---|---|
954541 |
In WANOpt transparent mode, WAN optimization does not keep the original source address of the packets. |
Web Filter
Bug ID |
Description |
---|---|
925801 |
Custom Images are not seen on Web Filter block replacement page for HTTP traffic in flow mode. |
982156 |
The URL local/user category rating result has only one best match category (longest URL pattern match), and other matched local/user categories cannot be chosen even if the category is configured in the profile. |
WiFi Controller
Bug ID |
Description |
---|---|
874997 |
Fetching the registration status does not always work. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE references |
---|---|
956553 |
FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:
|
959918 |
FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:
|
989429 |
FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:
|
993323 |
FortiOS 7.0.14 is no longer vulnerable to the following CVE Reference:
|
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now