Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiOS Release Notes

    Home FortiGate / FortiOS 6.2.1 FortiOS Release Notes
    6.2.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.14
    5.6.13
    5.6.12
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.13
    5.4.12
    5.4.11
    5.4.10
    5.4.9
    5.4.8
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.15
    5.2.14
    5.2.13
    5.2.12
    5.2.11
    5.2.10
    5.2.9
    5.2.8
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.14
    5.0.13
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2

    Known Issues

    Known Issues

    The following issues have been identified in version 6.2.1. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

    Firewall

    Bug ID

    Description

    541348

    Shaper in shaping policy is not applied when URL category is configured.
    FortiView

    Bug ID

    Description

    375172

    FortiGate under a FortiSwitch may be shown directly connected to an upstream FortiGate.

    526956

    FortiView widgets get deleted upon upgrading to B222.

    544017

    FortiView > VPN 1 hour historical shows entries from 8 hours ago when logged in from FortiGate Cloud.

    555524

    ngfw-policy cannot be traced in FortiView.

    567049

    FortiView > Web Sites view issue when VDOM works with NGFW policy mode.
    GUI

    Bug ID

    Description

    442231

    Link cannot show different colors based on link usage legend in logical topology real time view.

    451776

    Admin GUI has limit of 10 characters for OTP.
    HA

    Bug ID

    Description

    479987

    FG MGMT1 does not authenticate Admin RADIUS users through primary unit (secondary unit works).
    Intrusion Prevention

    Bug ID

    Description

    445113

    IPS engine 3.428 on FortiGate sometimes cannot detect Psiphon packets that iscan can detect.
    IPsec VPN

    Bug ID

    Description

    469798

    The interface shaping with egress shaping profile doesn't work for offloaded traffic.
    Log & Report

    Bug ID

    Description

    412649

    In NGFW Policy mode, FortiGate does not create web filter logs.
    Proxy

    Bug ID

    Description

    548233

    SMTP, POP3, IMAP starttls cannot be exempted by FortiGate when first time traffic goes through FortiGate.

    550056

    When exempt SNI in SSL profile but SNI does not match CN, FortiGate closes the session and does not do deep inspection.

    560893

    When strict SNI check is enabled, FortiGate with certificate inspection cannot block session if SNI does not match CN.
    Routing

    Bug ID

    Description

    568908

    Dynamic change no longer applies to routing and rule after disabling SD-WAN probe packets. Since SD-WAN probe is specifically for debugging, changing the behavior under rules and routes during debugging is not advisable.
    Security Fabric

    Bug ID

    Description

    403229

    In FortiView display from FortiAnalyzer, the upstream FortiGate cannot drill down to final level for downstream traffic.

    411368

    In FortiView with FortiAnalyzer, the combined MAC address is displayed in the Device field.
    SSL VPN

    Bug ID

    Description

    405239

    URL rewritten incorrectly for a specific page in application server.

    476838

    Check domain log-on as SSL VPN host checks condition.

    495522

    RDP session freezes when using SSL VPN tunnel mode.

    564645

    NGFW policy mode SSL VPN web portal traffic doesn't check security policy.

    567073

    SSL VPN web portal should remove Citrix and port forward connections option from GUI.
    Switch Controller

    Bug ID

    Description

    304199

    Using HA with FortiLink can encounter traffic loss during failover.

    357360

    DHCP snooping may not work on IPv6.

    462552

    Add an extra dialog in the interface page to clean up config when changing a FortiLink interface back to a regular port.
    System

    Bug ID

    Description

    295292

    If private-data-encryption is enabled, when restoring config to a FortiGate, the FortiGate may not prompt the user to enter the key.

    364280

    User cannot use ssh-dss algorithm to login to FortiGate via SSH.

    385860

    FG-3815D does not support 1GE SFP transceivers.

    436746

    NP6 counter shows packet drops on FG-1500D. Pure firewall policy without UTM.

    472843

    When FortiManager is set for DM = set verify-install-disable, FortiGate does not always save script changes.

    474132

    FG-51E hang under stress test since build 0050.

    494042

    If we create VLAN in VDOM A, then we cannot create ZONE name with the same VLAN name in VDOM B.

    563410

    TP VDOM interfaces removed after upgraded image from build 1672 (v5.6.8) to build 0915 (v6.2.1).
    Upgrade

    Bug ID

    Description

    470575

    After upgrading from 5.6.3, g-sniffer-profile and sniffer-profile exist for IPS and web filter.

    473075

    When upgrading, multicast policies are lost when there is a zone member as interface.

    481408

    When upgrading from 5.6.3 to 6.0.0, the IPv6 policy is lost if there is SD-WAN member as interface.

    494217

    Peer user SSL VPN personal bookmarks do not show when upgrade to 6.0.1.

    Workaround: Use CLI to rename the user bookmark to the new name.

    539112

    Devices configured under security-exempt-list become void after upgrade.
    Web Filter

    Bug ID

    Description

    538593

    B0821: FGD service on https/8888 does not work well under specific wanopt topology.

    545334

    Web filter file filtering does not support FTP traffic inspection but user can still configure FTP protocol in GUI and CLI.
    WiFi Controller

    Bug ID

    Description

    560828

    When the dtls-policy=ipsec-vpn is set, the FAP cannot be managed by FortiGate when VDOM type is policy based.

    573024

    FortiGate cannot manage FAP when admin trusthost is configured.

    Workaround: Add the FAP IP address or subnet into trusthost list.
    Previous
    Next

    Known Issues

    Known Issues

    The following issues have been identified in version 6.2.1. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

    Firewall

    Bug ID

    Description

    541348

    Shaper in shaping policy is not applied when URL category is configured.
    FortiView

    Bug ID

    Description

    375172

    FortiGate under a FortiSwitch may be shown directly connected to an upstream FortiGate.

    526956

    FortiView widgets get deleted upon upgrading to B222.

    544017

    FortiView > VPN 1 hour historical shows entries from 8 hours ago when logged in from FortiGate Cloud.

    555524

    ngfw-policy cannot be traced in FortiView.

    567049

    FortiView > Web Sites view issue when VDOM works with NGFW policy mode.
    GUI

    Bug ID

    Description

    442231

    Link cannot show different colors based on link usage legend in logical topology real time view.

    451776

    Admin GUI has limit of 10 characters for OTP.
    HA

    Bug ID

    Description

    479987

    FG MGMT1 does not authenticate Admin RADIUS users through primary unit (secondary unit works).
    Intrusion Prevention

    Bug ID

    Description

    445113

    IPS engine 3.428 on FortiGate sometimes cannot detect Psiphon packets that iscan can detect.
    IPsec VPN

    Bug ID

    Description

    469798

    The interface shaping with egress shaping profile doesn't work for offloaded traffic.
    Log & Report

    Bug ID

    Description

    412649

    In NGFW Policy mode, FortiGate does not create web filter logs.
    Proxy

    Bug ID

    Description

    548233

    SMTP, POP3, IMAP starttls cannot be exempted by FortiGate when first time traffic goes through FortiGate.

    550056

    When exempt SNI in SSL profile but SNI does not match CN, FortiGate closes the session and does not do deep inspection.

    560893

    When strict SNI check is enabled, FortiGate with certificate inspection cannot block session if SNI does not match CN.
    Routing

    Bug ID

    Description

    568908

    Dynamic change no longer applies to routing and rule after disabling SD-WAN probe packets. Since SD-WAN probe is specifically for debugging, changing the behavior under rules and routes during debugging is not advisable.
    Security Fabric

    Bug ID

    Description

    403229

    In FortiView display from FortiAnalyzer, the upstream FortiGate cannot drill down to final level for downstream traffic.

    411368

    In FortiView with FortiAnalyzer, the combined MAC address is displayed in the Device field.
    SSL VPN

    Bug ID

    Description

    405239

    URL rewritten incorrectly for a specific page in application server.

    476838

    Check domain log-on as SSL VPN host checks condition.

    495522

    RDP session freezes when using SSL VPN tunnel mode.

    564645

    NGFW policy mode SSL VPN web portal traffic doesn't check security policy.

    567073

    SSL VPN web portal should remove Citrix and port forward connections option from GUI.
    Switch Controller

    Bug ID

    Description

    304199

    Using HA with FortiLink can encounter traffic loss during failover.

    357360

    DHCP snooping may not work on IPv6.

    462552

    Add an extra dialog in the interface page to clean up config when changing a FortiLink interface back to a regular port.
    System

    Bug ID

    Description

    295292

    If private-data-encryption is enabled, when restoring config to a FortiGate, the FortiGate may not prompt the user to enter the key.

    364280

    User cannot use ssh-dss algorithm to login to FortiGate via SSH.

    385860

    FG-3815D does not support 1GE SFP transceivers.

    436746

    NP6 counter shows packet drops on FG-1500D. Pure firewall policy without UTM.

    472843

    When FortiManager is set for DM = set verify-install-disable, FortiGate does not always save script changes.

    474132

    FG-51E hang under stress test since build 0050.

    494042

    If we create VLAN in VDOM A, then we cannot create ZONE name with the same VLAN name in VDOM B.

    563410

    TP VDOM interfaces removed after upgraded image from build 1672 (v5.6.8) to build 0915 (v6.2.1).
    Upgrade

    Bug ID

    Description

    470575

    After upgrading from 5.6.3, g-sniffer-profile and sniffer-profile exist for IPS and web filter.

    473075

    When upgrading, multicast policies are lost when there is a zone member as interface.

    481408

    When upgrading from 5.6.3 to 6.0.0, the IPv6 policy is lost if there is SD-WAN member as interface.

    494217

    Peer user SSL VPN personal bookmarks do not show when upgrade to 6.0.1.

    Workaround: Use CLI to rename the user bookmark to the new name.

    539112

    Devices configured under security-exempt-list become void after upgrade.
    Web Filter

    Bug ID

    Description

    538593

    B0821: FGD service on https/8888 does not work well under specific wanopt topology.

    545334

    Web filter file filtering does not support FTP traffic inspection but user can still configure FTP protocol in GUI and CLI.
    WiFi Controller

    Bug ID

    Description

    560828

    When the dtls-policy=ipsec-vpn is set, the FAP cannot be managed by FortiGate when VDOM type is policy based.

    573024

    FortiGate cannot manage FAP when admin trusthost is configured.

    Workaround: Add the FAP IP address or subnet into trusthost list.
    Previous
    Next