tcp-timewait-timer does not have any effect when WAD is running.

Repeated scanunit signal 11 crash scan_for_base64_objects.

AV full scan mode causes traffic to fail.

Proxy AV profile blocks Dell Command Update.

Certain PDF files are blocked when DLP filter is set to block .bat file.

Some XML-based MS Office files are recognized as ZIP file.

FortiTelemetry not blocking VIP.

SNMP value returned OID of fgExplicitProxyMemUsage and fgExplicitProxyUpTime is always 0.

Explicit web proxy does not learn session TTL correctly.

Presence of X-XSS-Protection header causes response to be not cacheable.

High memory usage on WAD.

Agentless NTLM proxy authentication incorrectly returns 403 Authorization Failed to empty credential login attempt.

Web proxy internet service as dst address cannot work for some IP address range overlap cases.

FortiView is not populated by xff-learned original client IP address.

nat-source-vip enabled shouldn't affect SNAT in normal policy.

Traffic shaper bandwidth cannot exceed guaranteed bandwidth if max bandwidth is not configured.

FortiGate needs to support NAT64 fragmentation inbound DF-set feature.

Unable to show information from GUI in Fortiview > Sources.

Administrator with read-write permission on Firewall Configuration is not able to read or write firewall policies.

Permission denied error is shown when an admin user clicked Create New in Traffic Shaping Policy.

In interface list, when logged in as VDOM admin, the GUI should gray out enable/disable option on interface that does not belong to the admin.

VPN setting should not show IPv6.

WiFi & Switch Controller > FortiSwitch Ports keeps on spinning.

Not possible to do FW policy search based on an interface name itself when Interface Pair View is used.

SD-WAN interface cannot be set as dstintf in IPv6 firewall policy.

The GUI policy page won't load for restricted admin.

fwgrp read&read-write access profile doesn't work properly.

FortiGate GUI using unsecure telnet to connect to CLI of switches instead of SSH through GUI.

Cannot restore configuration when GUI access to the FortiGate is via a connection with small bandwidth.

Need GUI functionality added back to HUGHES branch for script execution from FortiManager.

When accessing FortiView > Websites page, gets error Failed to get FortiView data and httpsd keeps crashing.

For FG-30D, the default admin has insufficient privileges to access Antivirus profiles in GUI.

FortiGuard Filtering Services Availability showing Unavailable on GUI when no valid Anti-spam license is present.

Some GUI pages not displayed for administrators who have no access for Web Filter in profile.

Device Definitions Page is not loading for a read-only account.

GUI does not allow valid BGP router-id in GUI.

Network > Interfaces > Internal error: VDOM.

Suggest GUI Disk_Usage_Widget graph Y-axes scale's maximum unit value to be 100%.

Trusted hosts list is partial within admin details page on GUI and it allows duplicate entries of trusted IPs.

Widgets Host Scan Summary and FortiClient Detected Vulnerabilities do not count online offnet devices (via WAN).

V3.3.0_533151 remote access stuck loading main dashboard page and login with Fortimanager_Access user.

Sometimes cannot set or change guest user expiration time in Mozilla Firefox.

Local domain name cannot be removed from GUI, can only be done through CLI.

In POE, POE status not showing and POE port not shown in blue.

In GUI, some certificates break the Certificate page.

DHCP client list for MAC reservation keeps on loading from GUI.

peertype one in ikev2 phase1-interface can be chosen in GUI.

When using Edge, a page is reloaded when hovering on a connecting line between objects in the topology.

FortiSwitch Topology in GUI not showing an ISL.

Address object associated virtual pair port is not seen in Select Entries dialog box.

Need to improve Dial Codes for Dominican Republic and Puerto Rico.

IP6-mode changed from delegated to static after some parameter was changed on WebGUI.

GUI Dashboard > Interface Bandwidth widget cannot be added for GRE tunnel interfaces.

If NAT is configured to Use Outgoing Interface Address the Preserve Source Port switch is hidden or missing.

Wrong diagnose sys ha dump-by vcluster display when cluster V5.4 and V5.2 are on the same LAN.

HA-mgmt interface is displayed on every VDOM.

Secondary unit sends several false alert emails everyday after upgrade to 5.6.

hasync daemon crashes when admin session times out and cluster could be out of sync for a short period.

Debugzone and checksum output do not match.

HA does not recognize proper ping-server status, hence does not failover when ping-server is down.

DHCP doesn't work properly in TP when IPS is enabled.

DoS policies consume 20% more CPU than in FortiOS 5.2.

After upgrading, sniffer packet on any interface causes drops on kernel and traffic impact. DoS policies used.

Traffic drops for 15 seconds when UTM is enabled.

IPS extended-utm-log rawdata log field should include Url field.

Cannot configure IPS sensor severity or threat-weight category.

NAT -T broken with AWS and FortiGate.

IKE does not release the mode-cfg framed-IP assigned from RADIUS.

Using transparent mode and policy base VPN, about 4 ICMP packets which exceed over MTU 1375 byte are dropped.

100% system CPU usage when re-keying idle IPsec tunnels.

Unable to manage FortiGate with FortiManager over IPsec tunnel.

Long-live session statistics logs add sentdelta and rcvddelta fields for FortiCloud and FortiView as required.

Support WCCP set up with one arm WCCP web cache diagram.

Incorrect log action blocked even user is "passthrough" in web filter log with warning-prompt per domain.

DNS events are not included in the security event list.

All logs in the log disk are erased after upgrading to 6.0.

WAD crash: signal 11 (Segmentation fault) received everytime when static route is disabled.

In FG-200E kernel conserve mode, WAD process consuming high memory.

Some traffic forwarded to different gateway when proxy based UTM profiles are used.

Numerous WAD process crashes and WAD counter errors.

WAD process crash with signal 11.

FG-1200D WAD crashing 5.6.5 (WAD MAPI).

System went into conserve mode due to WAD after upgrade to 5.6.5.

REST API for system CSF didn't return CSF group name.

REST API 403 error on IPS log retrieval with loggrp.data-access group.

When we set keepalive-interval > 0 in GRE tunnel, static route to remote site becomes inactive.

eBGP attempts to reach neighbor via a non-connected route from an IPsec VPN tunnel even though ebgp-force-multihop is disabled.

SD-WAN with IPPool not respecting associated interface if one of the links has a dynamic IP.

OSPF - LSA checksum error.

Kernel is missing routes.

For some OSPFv3 intra-area routes, the next-hop link-local address is not displayed.

SD-WAN SLA's restore link value is too small and doesn't account for dynamic routing/convergence.

SD-WAN traffic dropped by tunnel when we create a SD-WAN health check from the HUB.

Dynamic tunnel (shortcut in ADVPN) cannot be established.

Unable to log in to VMware vSphere vCenter 6.5 through SSL VPN web portal.

SSL VPN process taking 99% of CPU utilization {tunnel mode only).

SSLVPND process crashes and users are disconnected from SSL-VPN.

Some URLs in SSL VPN return HTTP404.

SSL VPN bad password attempt causes excessive bindRequests against LDAP and lockout of accounts.

SSL VPN logon fails if user is member of a large number of LDAP groups.

Web-mode SSL VPN login attempt fails for user with locally assigned token if GROUP name contains plus(+) sign.

SSL VPN web portal connected to FortiManager (5.6.3) unable to view managed devices and policy packages.

SSL VPN creates user bookmark placeholder where user bookmarks are not allowed.

SSLVPND crashes after upgrading from 5.6.3 to 6.0.1.

Unable to render icons via web based SSL VPN bookmark.

Bookmark cannot load successfully in SSL web mode.

JQuery errors when accessing PDF documents through SSL VPN web portal.

Internal server page does not display in SSL VPN web-mode; displays OK in tunnel mode.

Internal web site not working through SSL VPN web mode.

SSLVPND is continuously crashing.

Internal server web app not accessible when using SSL VPN web mode and gives error.

SSL VPN users get a JavaScript error when accessing bookmarks in web mode.

Application cu_acd has segmentation fault on FortiGate.

Unable to delete SVI on FortiGate and VLAN from switch interface under FortiGate-managed switch after it becomes part of auto-ISL trunk.

Monitor NP6 IPsec engine status.

GeoIP database mismatch on cluster after every new database release.

DNS filter getting purged by FortiManager when not used in a policy because FortiGate DNS filter does not contain static entry.

Fnbamd crashes after upgrading ca_bundle file.

After modifying system settings in GUI, gets wrong message and FGFM status is changed.

Bug in the config revision diff function (for comparing two configs).

Running diagnose npu np6lite session in FG-201E results in high CPU and system instability.

FortiGuard service is unavalable since upgrading.

Port2 goes down after running for right days on FG-800D.

Central-management settings do not allow push configuration and upgrade versions but do not take effect.

Suggest set IPv6 address as NTP source.

FQDN address object does not accept numbers at the end.

Sometimes 5001E blade crashes during traffic testing with UTM enabled in firewall policy.

DHCPv6c / PD: Single DUID on multiple WAN connections to same carrier causing issues with carrier DHCP utilizing only DUID.

config system ipip-tunnel is lost after reboot when using pppoe interface.

NP6 affecting all user traffic when enabled on policy.

Changing primary 5001E/5001D blade FortiController Trunk Interface MTU setting loses kernel static routes in all secondary 5001E/5001D.

Enhancements for maintainer account.

DHCP lease new IP to same EFTPOS S800 device causes DHCP lease exhausted.

SoC2-based platform might encounter kernel panic.

FG-3700D freezes when deleting VDOM.

SLBC cluster never in sync after policy push.

Worker blade doesn't update the FT routing cache when phase1 is bound to a loopback interface.

FortiGate is not compliant with RFC 3397 (Domain Search Option Format).

Cannot disable DNS override from CLI, can't disable default gateway from server.

Packet loss on startup when interfaces are in bypass mode.

Longer time to put interfaces in bypass mode during shutdown.

No session match for IPsec communication on worker blade primary device.

FortiGate 300E is bridging OSPF packets during boot phase.

IP is not updating in DDNS with 60D models.

FortiGate DNS configuration doesn't allow single-word domain names.

HTTP link-monitor - response parser is case-sensitive (Content-Length header).

DHCP client is not getting IP address/route in HA A-P context.

Bypass port pairs getting triggered even without any power failure or reboot.

Mobile FortiTokens not assignable VDOM in vcluster on secondary unit.

FSSO session interferes with SSL VPN auth sessions, prevents users from accessing allowed destinations.

Email two-factor sending two codes and failing for GUI admin login.

FortiGate reply RADIUS disconnect nak to FAC with log of User name is too long.

Authenticated users have time-left 49710 days timeout.

WAD user list does not update list based on FSSO.

FOSVM serial number changes during firmware upgrade.

Virtual disk is automatically divided into three partitions.

No packets received by FortiGate VM virtual NIC when using type=vhostuser, model=virtio.

FortiOS VM stops passing traffic after failover.

Fortinet Azure crashes infrequently.

FortiGate VM encounters kernel panic on boot when running on ESXi 6.7.

Cloud native default password and SSH authorized key.

XFF header enhancements (strip-off & enforcement) for URL filtering module.

Web filter proceed page loading very slowly when setting FortiGuard category to authenticate.

Renaming web filter profile does not take effect.

Fail to retrieve external resource files - Transfer-Encoding: chunked.

Wrong log for FortiGuard block page.

Cannot get crash trace when hostapd crashes.

In managed FortiAP, the client filter is not working.

FAP info (apsn, apname, channel, radioband) missing from traffic logs.

FortiOS 6.0.3 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13371

FortiOS 6.0.3 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13374