The hatalk process crashed when creating a disabled VLAN interface in an A-P cluster.

ISDB is not updating; last update attempt is stuck at an older date.

When an authentication log on length is longer than the hasync packet length and when there is a large number of logons, hasync is busy.

Due to an HA port (Intel i40e) driver issue, not all SW sessions are synchronized to the secondary, so there is a difference.

The hasync process is stuck with high CPU usage when a failover occurs, there is a large number of logons, and the authentication logon length is longer than hasync packet length.

FGSP synchronizes NP sessions of all VDOMs when syncvd is only set for hyperscale VDOM.

Firewall virtual IP (VIP) features that are not supported by hyperscale firewall policies are no longer visible from the CLI or GUI when configuring firewall VIPs in a hyperscale firewall VDOM.

A few tasks are hung on issuing stat verbose on the secondary device.

VDOM ID and IP addresses in the IPL table are incorrect after disabling EIF/EIM.

After packets go through host interface TX/RX queues, some packet buffers can still hold references to a VDOM when the host queues are idle. This causes a VDOM delete error with unregister_vf. If more packets go through the same host queues for other VDOMs, the issue should resolve by itself because those buffers holding the VDOM reference can be pushed and get freed and recycled.

Using EIF to support hairpinning does not work for NAT64 sessions.

Unrelated background traffic gets impacted when changing a policy where a hyperscale license is used.

Packets with DF bit set that does not need fragmentation are dropped with the message, fragmentation required but not allowed.

Implementing the route-overlap setting on phase 2 configurations brings tunnels down until a reboot is not performed on the FGSP cluster.

IKE crashes after HA failover when the enforce-unique-id option is enabled.

IPsec DPD packets keep getting sent while IPsec traffic passes through the tunnel (DPD mode is on-idle).

Application wad crash (Segmentation fault) , which is the first crash in a series.

Secure SD-WAN Monitor in FortiAnalyzer does not show graphs when the SLA target is not configured in SD-WAN performance SLA.

Veeam Backup Enterprise website has SSL VPN access problem in web mode.

L2TP tunnel is not removed after Android client VPN disconnects.

SFP port with 1G copper SFP always is up.

Many processes are in a "D" state due to unregister_netdevice.

FortiAnalyzer serial number automatically learned from miglogd does not send it to FortiManager through the automatic update.

Hardware logs sent to syslog server with an incorrect timestamp in hyperscale mode.

DoS offload does not work in 6.4.9 and the npd daemon keeps crashing if the policy-offload-level is set to dos-offload under config system npu. Affected platforms: NP6XLite.

Session anomaly was incorrectly triggered though concurrent sessions on the FortiGate that were below the configured threshold.

Traffic loss occurs when running SNAT PBA pool in a hyperscale VDOM. The NP7 hardware module PRP got stuck, which caused the NP7 to hang.

Running diagnose hardware deviceinfo psu shows the incorrect PSU slot.

The ifLastChange SNMP OID only shows zeros.

CAPWAP data traffic over redundant IPsec tunnels failing when the primary IPsec tunnel is down (failover to backup tunnel).

FortiOS 6.4.11 is no longer vulnerable to the following CVE Reference:

• CVE-2022-41335