Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 6.4.1 FortiOS Release Notes
6.4.1
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2

Known issues

Known issues

The following issues have been identified in version 6.4.1. To inquire about a particular bug or report a bug, please contact Customer Service & Support.

Application Control

Bug ID

Description

630075

After upgrading, FortiGate faced an internet access issue when IPS and AC profiles are enabled and the outgoing interface is an npu_vlink.

Endpoint Control

Bug ID

Description

640142

FortiOS 6.4 cannot verify EMS cloud certificate.

Firewall

Bug ID

Description

596633

In NGFW mode, IPS engine drops RPC data channel when IPS profile is applied to a security policy.

FortiView

Bug ID

Description

573138

When the data source is FortiGate Cloud, there is no paging to load sessions; only entries 1-499 are rendered.

639109

 Top Countries/Regions by Bytes widget keeps trying to load.

640759

Unable to filter FortiView sessions in FortiOS 6.4.x.

643198

Threats drilldown for Sources, Destinations, and Country/Region (1 hour, 24 hours, 7 days) gives the error Failed to retrieve FortiView data.

GUI

Bug ID

Description

602102

Warning message is not displayed when a user configures an interface with a static IP address that is already in use.

604682

GUI takes two minutes to load VPN > IPsec Tunnels for 1483 tunnels.

605030

Send Logs to FortiCloud and Cloud Logging options not available in GUI for FG-900D.

606967

One-time schedules are not displayed correctly in Safari browser.

621902

Default gateway address of DHCP server setting does not follow the interface address when Same as Interface IP is selected.

624662

CLI panel allows read-only managed device to be configured by read-only admin.

630638

Add a warning when Capture Packets is enabled in policy dialog.

638034

Ctrl + V does not paste command in GUI CLI console and Ctrl + C does not copy selected output in CLI console.

638277

Firewall address group object (including interface subnet) is invisible in Accessible Networks.

638615

SSO admin cannot open CLI console.

638911

IPS and application control actions cannot be modified to Quarantine.

639129

IPsec aggregate is not shown in Dashboard > Network > IPsec widget.

639163

GUI does not show user group information on firewall user widget.

639288

No historical sessions can be displayed when FortiView widget opens from Show in FortiView.

639542

The Edit pane for PAC File Content on the Explicit Proxy page cannot be opened.

642028

On some platforms (FG-60E-61E/81E), the CLI console in the GUI may not function immediately after bootup.

642402

LCP-1250RJ3SR-K transceiver shows a warning in the GUI even though it is certified.

650307

GUI does not show the configured external FortiGuard category in the SSL-SSH profile's exempt list.

655891

Web CLI console cannot load due to Connection lost if port 8080 is used (HTTP).

656668

On the System > HA page, GUI tooltip for the reserved management interface incorrectly shows the connecting IP address instead of the configured IP address.

689605

On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.

HA

Bug ID

Description

609631

Simultaneous reboot of both nodes in HA when gtp-enhance-mode enabled or disabled.

638287

private-data-encryption causes cluster to be periodically out of sync due to customer certificates.

643958

Inconsistent data from FFDB caused several confsyncd crashes.

645387

HA pingsvr is in up state in spite of lnkmtd showing it as being in die state.

678309

Cluster is out of sync because of config vpn certificate ca after upgrade.

Intrusion Prevention

Bug ID

Description

631381

RDP NLA authentication blocked by FortiGate when enabling IPS profile in the security group (central NAT).

IPsec VPN

Bug ID

Description

634883

IKE crashes at ike_hasync__xauth.

635325

Static route for site-to site VPN remains active even when the tunnel is down.

Log & Report

Bug ID

Description

589782

IPS sensor log-attack-context output truncated.

635013

FortiOS gives wrong time stamp when querying FortiGate Cloud log view.

637117

Incomplete log field returned from CEF formatted syslog message.

Routing

Bug ID

Description

641928

When BGP's recursive next hop can be resolved by multiple routes, the recursive distance is not taken into account when installing the routes. Multiple ECMP paths can be installed with different recursive distances to the next hop.

666829

Application bfdd crashes.

Security Fabric

Bug ID

Description

614691

Slow GUI performance in large Fabric topology with over 50 downstream devices.

637464

FortiMail appears as Unknown fabric device when multi-vdom is enabled.

641006

Automation stitch causes HA sync failure.

652737

FortiGate does not send interface configuration to FortiIPAM.

SSL VPN

Bug ID

Description
505986

On IE 11, SSL VPN web portal displays blank page titled {{::data.portal.heading}} after authentication.

620946

All sslvpnd daemons use 99.9% CPU when policy is being updated.

629190

After SSL VPN proxy, some JS files of hapi website could not work.

637018

After the upgrade to 6.0.10/6.2.4/6.4.0, SSL VPN portal mapping/remote authentication is matching user into the incorrect group.

Switch Controller

Bug ID

Description

620718

FortiSwitch port goes down and up too quickly when bounce-nac-port is enabled, and the device interface does not get the new DHCP IP.

646178

It is possible to view information of shared FortiSwitch ports in a tenant VDOM from the GUI, but there should not be recommended configuration changes in the GUI. Please use CLI for configuration changes.

System

Bug ID

Description

567019

CP9 VPN queue tasklet unable to handle kernel NULL pointer dereference at 0000000000000120 and device reboots.

576323

SFP+ 1G speed should be supported on FG-1100E, FG-1800F, FG-2200E, and FG-3300E series.

605723

FG-600E stops sending out packets on its SPF and copper port on NP6.

617134

Traffic not showing statistics for VLAN interfaces based on hardware switch.

618762

Fail to detect transceiver on all SFP28/QSFP ports. Affected platforms: FG-3300E and FG-3301E.

626371

Request to blocked signature with SSL mirrored traffic capture causes FG-500E to reboot.

641419

FG-40F LAN interfaces are down after upgrading to 6.2.4 (build 5632).

644427

Interface forward-error-correction setting not honored after reboot. Affected platforms: FG-1100E, FG-1101E, FG-2200E, FG-2201E, FG-3300E, FG-3301E, FG-3400E, and FG-3600E.

644782

A large number of detected devices causes httpsd to consume resources, and causes low-end devices to enter conserve mode.

648977

Sometimes when updating the FortiGate license, there is a certificate verification failure.

649506

Sometimes FortiGate does not boot when restoring configuration using private data encryption.

Upgrade

Bug ID

Description

635589

Upon upgrading to an affected 6.2 or 6.4 firmware, DoS policies configured on interfaces may drop traffic that is passing through the DoS policy configuration. Note that this can occur if the DoS policy is configured in drop or monitor mode.

Workaround: disable the DoS policy.

VM

Bug ID

Description

603100

Autoscale not syncing certificate among the cluster members

629709

AWS VM stops processing traffic in some interfaces when running diagnose debug application ike -1.

634499

AWS FortiGate NIC gets swapped between port2 and port3 after FortiGate reboots.

639258

Autoscale GCP health check is not successful (port 8443 HTTPS).

644130

FortiGates in multi-Azure sync their SP addresses for SAML admin authentication.

653567

Admin cannot log in to FortiGate VM GUI after license expired.

Web Filter

Bug ID

Description

654160

Web filter profile count decreased after upgrading to 6.4.0 on FG-100F.

WiFi Controller

Bug ID

Description

638537

Applications, Destinations, and Policies keep loading for WiFi Clients > Diagnostics and Tools drill-down.
Previous
Next

Known issues

The following issues have been identified in version 6.4.1. To inquire about a particular bug or report a bug, please contact Customer Service & Support.

Application Control

Bug ID

Description

630075

After upgrading, FortiGate faced an internet access issue when IPS and AC profiles are enabled and the outgoing interface is an npu_vlink.

Endpoint Control

Bug ID

Description

640142

FortiOS 6.4 cannot verify EMS cloud certificate.

Firewall

Bug ID

Description

596633

In NGFW mode, IPS engine drops RPC data channel when IPS profile is applied to a security policy.

FortiView

Bug ID

Description

573138

When the data source is FortiGate Cloud, there is no paging to load sessions; only entries 1-499 are rendered.

639109

 Top Countries/Regions by Bytes widget keeps trying to load.

640759

Unable to filter FortiView sessions in FortiOS 6.4.x.

643198

Threats drilldown for Sources, Destinations, and Country/Region (1 hour, 24 hours, 7 days) gives the error Failed to retrieve FortiView data.

GUI

Bug ID

Description

602102

Warning message is not displayed when a user configures an interface with a static IP address that is already in use.

604682

GUI takes two minutes to load VPN > IPsec Tunnels for 1483 tunnels.

605030

Send Logs to FortiCloud and Cloud Logging options not available in GUI for FG-900D.

606967

One-time schedules are not displayed correctly in Safari browser.

621902

Default gateway address of DHCP server setting does not follow the interface address when Same as Interface IP is selected.

624662

CLI panel allows read-only managed device to be configured by read-only admin.

630638

Add a warning when Capture Packets is enabled in policy dialog.

638034

Ctrl + V does not paste command in GUI CLI console and Ctrl + C does not copy selected output in CLI console.

638277

Firewall address group object (including interface subnet) is invisible in Accessible Networks.

638615

SSO admin cannot open CLI console.

638911

IPS and application control actions cannot be modified to Quarantine.

639129

IPsec aggregate is not shown in Dashboard > Network > IPsec widget.

639163

GUI does not show user group information on firewall user widget.

639288

No historical sessions can be displayed when FortiView widget opens from Show in FortiView.

639542

The Edit pane for PAC File Content on the Explicit Proxy page cannot be opened.

642028

On some platforms (FG-60E-61E/81E), the CLI console in the GUI may not function immediately after bootup.

642402

LCP-1250RJ3SR-K transceiver shows a warning in the GUI even though it is certified.

650307

GUI does not show the configured external FortiGuard category in the SSL-SSH profile's exempt list.

655891

Web CLI console cannot load due to Connection lost if port 8080 is used (HTTP).

656668

On the System > HA page, GUI tooltip for the reserved management interface incorrectly shows the connecting IP address instead of the configured IP address.

689605

On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0.

HA

Bug ID

Description

609631

Simultaneous reboot of both nodes in HA when gtp-enhance-mode enabled or disabled.

638287

private-data-encryption causes cluster to be periodically out of sync due to customer certificates.

643958

Inconsistent data from FFDB caused several confsyncd crashes.

645387

HA pingsvr is in up state in spite of lnkmtd showing it as being in die state.

678309

Cluster is out of sync because of config vpn certificate ca after upgrade.

Intrusion Prevention

Bug ID

Description

631381

RDP NLA authentication blocked by FortiGate when enabling IPS profile in the security group (central NAT).

IPsec VPN

Bug ID

Description

634883

IKE crashes at ike_hasync__xauth.

635325

Static route for site-to site VPN remains active even when the tunnel is down.

Log & Report

Bug ID

Description

589782

IPS sensor log-attack-context output truncated.

635013

FortiOS gives wrong time stamp when querying FortiGate Cloud log view.

637117

Incomplete log field returned from CEF formatted syslog message.

Routing

Bug ID

Description

641928

When BGP's recursive next hop can be resolved by multiple routes, the recursive distance is not taken into account when installing the routes. Multiple ECMP paths can be installed with different recursive distances to the next hop.

666829

Application bfdd crashes.

Security Fabric

Bug ID

Description

614691

Slow GUI performance in large Fabric topology with over 50 downstream devices.

637464

FortiMail appears as Unknown fabric device when multi-vdom is enabled.

641006

Automation stitch causes HA sync failure.

652737

FortiGate does not send interface configuration to FortiIPAM.

SSL VPN

Bug ID

Description
505986

On IE 11, SSL VPN web portal displays blank page titled {{::data.portal.heading}} after authentication.

620946

All sslvpnd daemons use 99.9% CPU when policy is being updated.

629190

After SSL VPN proxy, some JS files of hapi website could not work.

637018

After the upgrade to 6.0.10/6.2.4/6.4.0, SSL VPN portal mapping/remote authentication is matching user into the incorrect group.

Switch Controller

Bug ID

Description

620718

FortiSwitch port goes down and up too quickly when bounce-nac-port is enabled, and the device interface does not get the new DHCP IP.

646178

It is possible to view information of shared FortiSwitch ports in a tenant VDOM from the GUI, but there should not be recommended configuration changes in the GUI. Please use CLI for configuration changes.

System

Bug ID

Description

567019

CP9 VPN queue tasklet unable to handle kernel NULL pointer dereference at 0000000000000120 and device reboots.

576323

SFP+ 1G speed should be supported on FG-1100E, FG-1800F, FG-2200E, and FG-3300E series.

605723

FG-600E stops sending out packets on its SPF and copper port on NP6.

617134

Traffic not showing statistics for VLAN interfaces based on hardware switch.

618762

Fail to detect transceiver on all SFP28/QSFP ports. Affected platforms: FG-3300E and FG-3301E.

626371

Request to blocked signature with SSL mirrored traffic capture causes FG-500E to reboot.

641419

FG-40F LAN interfaces are down after upgrading to 6.2.4 (build 5632).

644427

Interface forward-error-correction setting not honored after reboot. Affected platforms: FG-1100E, FG-1101E, FG-2200E, FG-2201E, FG-3300E, FG-3301E, FG-3400E, and FG-3600E.

644782

A large number of detected devices causes httpsd to consume resources, and causes low-end devices to enter conserve mode.

648977

Sometimes when updating the FortiGate license, there is a certificate verification failure.

649506

Sometimes FortiGate does not boot when restoring configuration using private data encryption.

Upgrade

Bug ID

Description

635589

Upon upgrading to an affected 6.2 or 6.4 firmware, DoS policies configured on interfaces may drop traffic that is passing through the DoS policy configuration. Note that this can occur if the DoS policy is configured in drop or monitor mode.

Workaround: disable the DoS policy.

VM

Bug ID

Description

603100

Autoscale not syncing certificate among the cluster members

629709

AWS VM stops processing traffic in some interfaces when running diagnose debug application ike -1.

634499

AWS FortiGate NIC gets swapped between port2 and port3 after FortiGate reboots.

639258

Autoscale GCP health check is not successful (port 8443 HTTPS).

644130

FortiGates in multi-Azure sync their SP addresses for SAML admin authentication.

653567

Admin cannot log in to FortiGate VM GUI after license expired.

Web Filter

Bug ID

Description

654160

Web filter profile count decreased after upgrading to 6.4.0 on FG-100F.

WiFi Controller

Bug ID

Description

638537

Applications, Destinations, and Policies keep loading for WiFi Clients > Diagnostics and Tools drill-down.
Previous
Next