Copy/paste of IPv4 policy does not work once AV profile is applied.

Missed filename in the office365_Attachment. Download DLP log while it is blocked\Allowed.

WAD crash due to scheduler error occurs when oversized file is bypassing the DLP sensor.

DNS events are not included in the security event list.

Traffic blocked after enabling Compliance on SSL VPN interface.

FortiGate cannot upload file to FortiSandbox when AV profile added in only Proxy-policy.

Some DCE-RPC mapped connections are intermittently blocked by policy 0.

Session timers don’t update for VLAN traffic over VWP.

Sessions TTL expire timer is not reset when traffic goes through if traffic is offloaded in a TP VDOM.

VIP with central NAT does not hide real IP.

Firewall-session-dirty check-new is blocking traffic and causing session spike.

Cannot create VIP6 range over 31 bits.

DNS Filter column and Profile Group column is missing on policy list.

Not able to configure VIP from GUI with port forwarding for the same TCP and UDP port.

Changes to per-IP shaper settings not reflected in offloaded sessions.

Traffic shaper info missing under Shaper column in FortiView.

Introduce an enable/disable button in the GUI to toggle central SNAT table.

Custom device page keep loading and cannot create device group.

HTTPSD uses high CPU when accessing GUI network interfaces.

Unable to login into FortiGate GUI with Yubikey. CLI works as expected.

Forward traffic log cannot be shown on Windows Edge browser.

GUI still shows fortianalyzer-cloud connection status error even after FortiGate connects to fortianalyzer-cloud.

Cannot access VOIP profile list and only the default profile editor is shown.

Security rating event logs cannot be shown in split-vdom FortiGate GUI.

Cannot configure network interface IP addresses from GUI for FG-5001D and FG-5001E.

Requirement for disabling IPsec SA and IKE SA in FGSP cluster-sync solution.

FGT-HA does not fail over when pingserver is down the second time.

ha-direct option for OCSP.

After restoring configuration, FortiGate added unexpected parameters that are not set.

Being dual primary unit in specific situation if two pingsvr is set.

GARP is output even though GARP setting is disabled.

Cannot synchronize secondary device from scratch in v6.0.4 with 500 VDOMs, duplicate global profiles.

HA out of sync after upgraded in multi-VDOM environment.

FortiGate primary unit not sending all system events.

After upgrade to special build 5.6.7 b3638, cluster is out of sync when a new guest user is created.

fgLinkMonitorState is not accurate.

Moving VDOM between virtual clusters causes cluster to go out of sync.

After any configuration change is applied to FortiGate device, the Symantec ICAP server rejects connections due to too many connections.

IPS archive PCAP periodically cannot capture.

FortiOS runs to conserve mode because IPS engine is taking a lot of memory (memory leak in heap).

IPS custom signature is not detected after FortiGate is rebooted or upgraded.

SSL mirroring does not work on VLAN interface with NTURBO enabled.

IPS archive PCAP usage cannot clear by deleting IPS log and actual PCAP files.

TCP connections through IPsec (bound to loopback) do not work when IPS offload is enabled to NTurbo.

Source MAC address is not updated for offloaded IPsec sessions.

The OCVPN feature is delayed about one day after registering on FortiCare.

npu-offload enabled and failover occurred on the checkpoint firewall (upstream firewall) the tunnel is up but traffic is not passing.

Unable to delete IPsec VPN tunnel phase-1 interface config even though we do not have any reference.

Dialup IPsec "net-device" should continue to default to "disable" in 6.2.

IPsec tunnel can't establish if OCVPN members with different Fortinet_CA and Fortinet_factory cert.

Multiple ADVPN shortcuts should be allowed between two spokes.

IKE route overlap should be allowed across two distinct dialup phase1 with 'net-device disable'.

After VDOM config restore, routes are active for IPsec tunnels that are not active.

OSPF point-to-multipoint re-convergence with dailup IPsec.

Send interface information to FortiAnalyzer using miglogd.

WAD crashes on wad_http_client_notify_scan_result.isra.XXX.

Add GUI support for unsupported-ssl option in SSL inspection profile.

AV profile in proxy mode, with inspect-all enabled, causes timeout when accessing some sites.

WAD process crashing and affecting HTTP/HTTPS traffic.

When applying proxy address in transparent proxy policy, FortiGate blocks traffic and reports SSL_ERROR_SYSCALL.

WAD crash causes high CPU usage.

WAD crashes with signal 11.

Unable to fetch the Root and Intermediate Certificate.

Application PDMD crashes.

BGP Configuration gets applied to the wrong VDOM if user switches VDOM selection in between operations (slow GUI).

SSL VPN user gets disconnected when load-balance-mode is measured-volume-based in SD-WAN.

When adding more than seven VPN tunnels to SD-WAN, PPOE default routes disappear.

IPsec interface Internet service router can't work normally.

SD-WAN sends traffic to interfaces with volume-ratio set to 0.

SD-WAN performance SLA via GRE-Tunnel fails to set options or connect ping6 socket for monitor.

Kernel panic due to deletion of ECMp session.

Since upgrade to 6.2, getting RADVD IPv6 router advertisement logs, although IPv6 is not configured on receiving interface.

BGP neighbors are lost on configuration change (large configuration file).

BFD peers down, not seen (over BGP up).

OSPF MD5 authentication issues after upgrade to 6.2.0.

Traffic dropped by anti-replay in ECMP with IPS.

Session timer left at half-open value once established in an ECMP with IPS context.

When a route is evaluated with multiple match conditions including route tag in a route map, route tag is evaluated.

Wrong protocol and sport shown for SD-WAN and regular policy routes.

Security Fabric topology page always shows FortiGate HA secondary device has incompatible firmware version.

Fail to configure Security Fabric if only enable FortiAnalyzer cloud logging not FortiAnalyzer logging in GUI.

Access denied error when reviewing security recommendations from physical topology in VDOM mode.

SSL VPN web-mode fails to access Angular 5 application.

SSL VPN to Nextcloud doesn't open.

FortiGate not sending Framed-IP-Address attribute for SSL VPN tunnel in RADIUS accounting packet.

SSL VPN web portal login FGT6.0.3 B0191 admin gets blank page.

LAG interface not available for SSL VPN listening interface.

Update from web mode fails for SharePoint page using MS NLB.

Unable to get to http://spiceworks.int.efwnow.com:9750/tickets/v2#open_tickets via SSL VPN bookmark.

Signal 11 (segmentation fault) on application sslvpnd.

Graylog web application is not working through SSL VPN HTTPS.

SSL VPN web mode accessing internal server getting ERR_EMPTY_RESPONSE in browsers.

Internal server script stuck at loading when page accessed over SSL VPN web portal.

With groups and its users in different SSL VPN policies and accessing resources via web, only user based policies are processed.

RDP through SSL VPN web mode will disconnects if copying long text.

The command user-bookmark should not be a prerequisite command for allow-user-access as it also affects Quick Connections.

Subpages on internal websites are not working via SSL VPN web mode.

TX packet drops on ssl.root interface.

SSL VPN login auth times out if primary RADIUS server becomes unavailable.

Internal web site (confluence.1wa.local) not loading all elements with SSL VPN web mode (internally it works fine).

Cannot log in to internal server through SSL VPN web mode.

Customer application is displayed wrong through SSL VPN bookmark.

SSL VPN doesn not open QNAP shared folder link.

No Error: Permission denied prompt when using the wrong username/password login SSL VPN web with special replacement login page.

Citrix bookmarks should be disabled in SSL VPN portal.

Local resource web interface not loading through SSL VPN web mode.

http 302 redirection is not parsed by SSL VPN proxy (web mode / bookmark).

SSL VPN crashing constantly.

Web mode gets JavaScript errors when accessing internal web site.

Empty RADIUS accounting info supplied for SSL VPN users via account-interim-interval.

SSL VPN bookmark sending back to portal home after correct login inside backend application.

Fails to load web pages in SSL VPN web portal.

Internal web portal replies with HTTP 404 Not Found when accessed via SSL VPN web portal bookmark.

SSL VPN web mode JavaScript error accessing internal resources.

SSL VPN web-mode not performing proxy properly on internal websites.

Configuring FortiLink from GUI does not work on platforms that do not support hardware switch.

FortiSwitch export-to commands do not sync, causing HA sync problem.

bcm.user always takes nearly 70% CPU after running Nturbo over IPsec script.

SLBC FortiOS should prevent change of default management VDOM.

Primary DNS server is not queried even after 30 seconds.

After executing shutdown, FGT90E keeps responding to ICMP requests.

Device 80D reboots every 2-3 days with a kernel panic error.

IPS/AV not forwarding return traffic back to clients.

Kernel static route randomly lost.

Status of a port member of a redundant interface changes if an alias is set.

SNMP trap: FortiGate does not generate fgTrapAvOversizeBlock and fgTrapAvOversizePass.

Changing the order of VDOM in system admin when connected with TACACS+ wildcard admin is not propagated to other blades.

SNMP monitoring of the implicit deny policy not possible.

NTurbo is causing TX_XPX_QFULL.

FortiGate 301E consumes high memory even when there's no traffic.

USB Modem Huawei E173u-2 not working on FortiGate 60E device.

DHCPD is using more memory on the secondary unit than the active unit.

Cannot lease DHCP address over IPsec for dialup-forticlient users.

Physical interface, part of aggregate interface, disabled with CLI not going down after reboot.

FortiGate does not support DH 1024 bits as SSH server.

LACP member ports exhibit odd behavior regarding admin up and down.

FortiGateCloud cannot restore configuration on FortiGate.

Execute ping does not provide accurate time values.

DHCP enabled interface occasionally fails to perform discovery.

VDOM restore has config loss when interfaces have subnet overlap.

Cannot add description to security zones.

Misleading CLI help left over.

DNSProxy causes the device to go to conserve mode.

Status of a port member of a aggregated interface changes if a member's alias/description is set.

Restoring VDOM configuration removes interfaces from zones.

FortiGate admin access does not offer SSH-RSA when EC Certificate is used for GUI admin-server-cert.

Can't poll SNMP v3 statistics for BGP when ha-direct is enabled under SNMP user.

Increase firewall.address tablesize for 80-90 series.

Upgrading to v6.2 from v6.0.x causes CIFS/SMB configurations in AV profile to be lost.

Guest User Print Template doesn't insert the images.

FSSO failover is not graceful.

WAD re-signs valid web sites with Untrusted CA certificate.

auth-https-port (1003) for captive portal authentication cannot disable TLS1.1 support.

IP addresses of discovered devices in the device inventory menu are not showing after FortiGate reboots.

FSSO(polling) user names with special character are not showing up in FortiGate.

Mobile Token authentication fails in vCluster on physical secondary device.

FortiToken assignment on vCluster VDOM primary device on physical secondary device causes configuration mismatch and physical primary device overwrites.

Modifying Login Challenge Page to include RADIUS attributes.

RSSO user automatically gets added to a wrong user group.

Cannot set certificate under config certificate local.

set device-identification disable is reverted to default after VDOM restore.

RADIUS MSCHAPv2 authentication fails on Windows NPS with non-ASCII characters in password.

RSSO - wireless roaming causing undesirable removal of RSSO sessions.

LDAP - search-type recursive does not retrieve nested membership through user's primary group.

TCP re-transmission due to VMXNET3 RX ring buffer exhaustion.

FortiGate-VM deployed in OpenStack without bootstrapping doesn't have empty password.

Session size overflow on VMX causing timeout and error on NSX vMotion task.

FGT VMX: Default MTU of 65521 results in packet drops.

Azure SDN fabric connector is showing status down.

Ondemand platforms show error with FortiCare/FortinetOne login.

FGT-AWS HA failover and SDN using IAM role do not work due to AWS IAM role token length being +increased.

AliCloud: Native FortiGate HA A-P failover does not complete in Shanghai and Hangzhou.

Traffic keeps going through the DENY NGFW policy configured with URL category.

When encryption is set to yes, file-type incorrectly shows all file types when only zip files are supported.

FWF-60E crashes intermittently with no console access at the time.

Suggest to input at least 12 characters when configuring pre-shared key for WPA/WPA2-Personal SSID.

FortiGate doesn't send IPv6 router-advertisement towards one AP if the same SSID is being broadcast on two different APs.

Standby FortiGate reporting rogue AP on wire.

Region -N DFS support required for FAP-U422EV.

TCP SYN+ACK is not forwarded under specific conditions.

CAPWAP tunnel does not get established on secondary IP address unless we enable CAPWAP access on primary IP address.

FortiOS 6.2.1 is no longer vulnerable to the following CVE Reference:

• CVE-2018-13367

FortiOS 6.2.1 is no longer vulnerable to the following CVE Reference:

• CVE-2019-6693

FortiOS 6.2.1 is no longer vulnerable to the following CVE Reference:

• CVE-2019-5591

FortiOS 6.2.1 is no longer vulnerable to the following CVE Reference:

• CVE-2019-3855
• CVE-2019-3856
• CVE-2019-3857
• CVE-2019-3858
• CVE-2019-3859
• CVE-2019-3860
• CVE-2019-3861
• CVE-2019-3862
• CVE-2019-3863