Known issues
The following issues have been identified in version 6.4.3. To inquire about a particular bug or report a bug, please contact Customer Service & Support.
Anti Virus
Bug ID |
Description |
---|---|
752420 |
If a .TAR.BZ2 or .TAR.GZ archive contains an archive bomb inside its compressed stream, the AV engine will time out. |
Endpoint Control
Bug ID |
Description |
---|---|
664654 |
EMS host tags are not synced with the FortiGate when the user connects to a tunnel mode SSID. |
Firewall
Bug ID |
Description |
---|---|
666612 |
Get internet service name configuration error on version 7.01011 when FortiGate reboots or upgrades. |
669665 |
All ISDB groups are lost when upgrading from 6.2.5 to 6.4.2. |
FortiView
Bug ID |
Description |
---|---|
621453 |
FortiGate cannot get detailed information on FortiClient vulnerabilities from FortiAnalyzer. |
683627 |
FortiView does not display any data when FortiAnalyzer Cloud is the data source. |
GUI
Bug ID |
Description |
---|---|
567996 |
Managed FortiSwitch and FortiSwitch Ports pages cannot load when there is a large number of managed FortiSwitches. |
602102 |
Warning message is not displayed when a user configures an interface with a static IP address that is already in use. |
602397 |
Managed FortiSwitch and FortiSwitch Ports pages are slow to load when there are many managed FortiSwitches. |
650708 |
When the client browser is in a different time zone from the FortiGate, the Guest Management page displays an incorrect expiry time for guest users. The CLI returns the correct expiry. |
652394 |
GUI cannot change action for the web-based email category in DNS filter profile. |
656668 |
On the System > HA page, GUI tooltip for the reserved management interface incorrectly shows the connecting IP address instead of the configured IP address. |
662873 |
Editing the LDAP server in the GUI removes the line |
663351 |
Connectivity test for RADIUS server using CHAP authentication always returns failure. |
664007 |
GUI incorrectly displays the warning, Botnet package update unavailable, AntiVirus subscription not found., when the antivirus entitlement is expiring within 30 days. The actual botnet package update still works within the active entitlement duration. |
665444 |
Log Details does not resize the log columns and covers existing log columns. |
665712 |
When multiple favorite menus are configured, the new features video pops up after each GUI login, even though user previously selected Don't show again. |
666999 |
When editing the Poll Active Directory Server page, the configured LDAP server saved in FSSO polling is not displayed. Users must use the CLI to modify the setting. |
668020 |
Disclaimer users are not shown in the user monitor; they must be displayed in the CLI with |
668470 |
FortiGuard DDNS setting incorrectly displays truncated unique location and empty server selection after saving changes. |
672599 |
After performing a search on firewall Addresses, the matched count over total count displayed for each address type shows an incorrect total count number. The search functionality still works correctly. |
672906 |
GUI does not redirect to the system reboot progress page after successfully restoring a configuration. |
673478 |
Some FortiView graphs and drilldown views show empty data due to filtering issue. Affected graphs/views: Top System Events, Top Authentication Failures, Policy View, and Compromised Host View. |
675170 |
The Applications and Destinations tabs on the Diagnostic and Tools pane show the same data for different clients on the WiFi Clients monitor page. |
680805 |
The list of firewall schedules displays time based on the browser time, even though the global time preference is set to use the FortiGate system time. The Edit Schedule page does not have this issue. |
682008 |
On SSL-VPN Settings page, the option to send an SSL VPN configuration to a user for FortiClient provisioning does not support showing a domain name for the VPN gateway. |
688016 |
GUI interface bandwidth widget does not show correct data for tunnel interface when ASIC offload is enabled on the firewall policy. |
689605 |
On some browser versions, the GUI displays a blank dialog when creating custom application or IPS signatures. Affected browsers: Firefox 85.0, Microsoft Edge 88.0, and Chrome 88.0. |
HA
Bug ID |
Description |
---|---|
615001 |
LAG does not come up after link failed signal is triggered. |
677246 |
Unable to contact TACACS+ server when using HA dedicated management interface in 6.4.3. |
678309 |
Cluster is out of sync because of |
Intrusion Prevention
Bug ID |
Description |
---|---|
654307 |
Wrong direction and banned location by quarantine action for |
668631 |
IPS is constantly crashing, and ipshelper has high CPU when IPS extended database has too many rules (more than 256) sharing the same pattern. Affected models: SoC3-based FortiGates. Workaround: disable CP or disable the extended database. config ips global set database regular set cp-accel-mode none end |
IPsec VPN
Bug ID |
Description |
---|---|
652774 |
OCVPN spoke-to-spoke communication intermittently fails with mixed topology where some spokes have two ISPs and some have one, but the hubs have two. |
655895 |
Unable to route traffic to a spoke VPN site from the hub FortiGate when the dialup IPsec VPN interface is dual stacked (IPv4/IPv6). |
663126 |
Packets for the existing session are still forwarded via the old tunnel after the routing changed on the ADVPN hub. |
667129 |
In ADVPN with SLA mode, traffic does not switch back to the lowest cost link after its recovery. |
Log & Report
Bug ID |
Description |
---|---|
661040 |
Cyrillic characters not displayed properly in local reports. |
Proxy
Bug ID |
Description |
---|---|
657905 |
Firewall policy with UTM in proxy mode breaks SSL connections in active-active cluster. |
684168 |
WAD process consumes memory and crashes because of a memory leak that happened due to a coding error when calling the FortiAP API. The API misbehaves when there are no FortiAP appliances in the cluster. |
Routing
Bug ID |
Description |
---|---|
654032 |
SD-WAN IPv6 route tag command is not available in the SD-WAN services. |
669380 |
Router daemons get stuck after rebooting when executing |
Security Fabric
Bug ID |
Description |
---|---|
614691 |
Slow GUI performance in large Fabric topology with over 50 downstream devices. |
666242 |
Automation stitch CLI scripts fail with greater than 255 characters; up to 1023 characters should be supported. |
SSL VPN
Bug ID |
Description |
---|---|
670803 |
Internal website, http://gd***.local/share/page?pt=login, log in page does not load in SSL VPN web mode. |
675878 |
When matching multiple SSL VPN firewall policies, SSL VPN checks the group list from bottom to top, and the user is mapped to the incorrect portal. |
684012 |
SSL VPN crashed with signal 11 (segmentation fault) |
Switch Controller
Bug ID |
Description |
---|---|
671135 |
flcfg crashes while configuring FortiSwitches through FortiLink. |
System
Bug ID |
Description |
---|---|
607565 |
Interface |
630861 |
Support FortiManager when |
644782 |
A large number of detected devices causes httpsd to consume resources, and causes low-end devices to enter conserve mode. |
651103 |
FG-101F crashed and rebooted when adding |
657629 |
ARM-based platforms do not have sensor readings included in SNMP MIBs. |
662681 |
Policy package push from FortiManager fails the first time, and succeeds the second time if it is blank or has no changes. |
663083 |
Offloaded traffic from IPsec crossing the NPU VDOM link is dropped. |
666030 |
Empty firewall objects after pushing several policy deletes. |
666205 |
High CPU on L2TP process caused by loop. |
User & Authentication
Bug ID |
Description |
---|---|
643583 |
|
682394 |
FortiGate is unable to verify the CA chain of the FSSO server if the chain is not directly rooted to FSSO endpoint. |
VM
Bug ID |
Description |
---|---|
596742 |
Azure SDN connector replicates configuration from primary device to secondary device during configuration restore. |
617046 |
FG-VMX manager not showing all the nodes deployed. |
639258 |
Autoscale GCP health check is not successful (port 8443 HTTPS). |
668625 |
During every FortiGuard UTM update, there is high CPU usage because only one vCPU is available. |
669822 |
Hot adding multiple CPUs at once to Xen-flavored VMs can result in a kernel panic crash. Workaround: add one CPU at a time. Alternatively, shut down the VM, add the CPUs, and restart the VM. |
671279 |
FG-VM64-AZURE-PAYG license/serial number get lost after downgrading to 6.2.6 from 6.4.3. |
672312 |
Azure SDN connector does not offer all service tags. |
WiFi Controller
Bug ID |
Description |
---|---|
643854 |
Client traffic was dropped by CAPWAP offloading when it connected from a mesh leaf Forti-AP managed by a FWF-61F local radio. |
672920 |
CAPWAP tunnel traffic is dropped when offloading is enabled (with FAP managed by a VLAN interface). There are three workarounds:
|
673211 |
CAPWAP traffic drops on FG-300E when FortiAP is managed by VLAN interface. |
674342 |
The cw_acd crashes after upgrading to 6.4.3 at cwAcLocal. |