Browsers change default SameSite cookie settings to Lax, and Kerberos authentication does not work in transparent proxy.

sflowd is crashing due to invalid custom application category.

When web filter and application control are configured, blocked sessions to play.google.com remain in the session table for 3600 seconds.

Source NAT port reuses ports too quickly, and GCP/API fails to establish due to endpoint independence conflict.

HTTP host virtual server does not work well when real server has the same IP but a different port.

Get internet service name configuration error on version 7.01011 when FortiGate reboots or upgrades.

Reputation settings in policies is not working when reputation-minimum is set, and no source or destination address is set.

Account profile permission override and RADIUS VDOM override features do not work with two-factor authentication for remote admin login via GUI. The feature still works when the admin login is via SSH.

Managed FortiSwitch and FortiSwitch Ports pages cannot load when there is a large number of managed FortiSwitches.

When the client browser is in a different time zone from the FortiGate, the Guest Management page displays an incorrect expiry time for guest users. The CLI returns the correct expiry.

GUI cannot change action for the web-based email category in DNS filter profile.

Editing the LDAP server in the GUI removes the line set server-identity-check disable from the configuration.

Connectivity test for RADIUS server using CHAP authentication always returns failure.

Log Details does not resize the log columns and covers existing log columns.

The Confirm version downgrade warning message is not displayed when a user downgrades firmware between minor patch release versions using the manual upload option. Firmware downgrades from FortiGuard do not have this issue.

Disclaimer users are not shown in the user monitor; they must be displayed in the CLI with diagnose firewall auth list.

GUI does not redirect to the system reboot progress page after successfully restoring a configuration.

The Applications and Destinations tabs on the Diagnostic and Tools pane show the same data for different clients on the WiFi Clients monitor page.

LAG does not come up after link failed signal is triggered.

HA GARP sending was delayed due to lots of transceiver reading

Inband management IP connection breaks when failover occurs (only in virtual cluster setup).

IKED process signal 11 crash in an ADVPN and BGP scenario.

Packets for the existing session are still forwarded via the old tunnel after the routing changed on the ADVPN hub.

BGP over dynamic IPsec VPN tunnel with net-device enable not passing through traffic after rebooting.

In ADVPN with SLA mode, traffic does not switch back to the lowest cost link after its recovery.

Logs for local-out DNS query timeout should not be in the DNS filter UTM log category.

Firewall policy with UTM in proxy mode breaks SSL connections in active-active cluster.

BFD/BGP dropping when outbandwidth is set on interface.

DHCP relay does not match the SD-WAN policy route.

PMTU calculation for VPN interfaces is not working. FortiGate ignores ICMP type 3 code 4 messages and does not update the routing cache.

SD-WAN IPv6 route tag command is not available in the SD-WAN services.

FortiGate blocks IPv6 but allows IPv4 for traffic that looks asymmetric with asymroute is disabled.

SD-WAN route changes and packet drops during HTTP communication, even though preserve-session-route is enabled.

SD-WAN members and OIFs keep reordering despite the health check status being stable in an HA setup.

Possible memory leak when BGP table version increases.

Router daemons get stuck after rebooting when executing get router info routing-table all.

FortiGate as first hop router sometimes does not send register messages to the RP.

Only the interface IP in the management VDOM can be specified as the health check source IP.

Weight-based load-balance algorithm causes local-in reply traffic egress from wrong interface.

FortiAnalyzer Cloud should be taken into consideration when doing CLI check for CSF setting.

Automation stitch CLI scripts fail with greater than 255 characters; up to 1023 characters should be supported.

The policy script-src 'self' will block the SSL VPN proxy URL.

WebSocket using Socket.IO could not be established through SSL VPN web mode.

SSL-SSH inspection profile changes to no-inspection after device reboots.

SSL VPN web mode not working for Ec***re website.

https://mo***.be site is non-accessible in SSL VPN web mode.

SSL VPN web mode has problem accessing some pages on FortiAnalyzer 6.2.

SSL VPN host check validation not working for SAML user.

SDT application can no longer load secondary menu elements in SSL VPN web mode.

Occasionally, 2FA SSL VPN users are unable to log in when two remote authentication servers with the same IP are used.

FortiOS supports verifying client certificates with RSA-PSS series of signature algorithms, which causes problems with certain clients.

Policy check cache should include user or group information.

SSL VPN web mode authentication problem when accessing li***.com.

Unable to load a video in SSL VPN web mode

HTTPS access to ERP Sage X3 through web mode fails.

Cannot view TIFF files in SSL VPN web mode.

Split tunneling is not adding FQDN addresses to the routes.

The jstor.org webpage is not loading via SSL VPN bookmark.

Internal website, http://si***.ar, does not load a report over SSL VPN web portal.

Internal website, http://gd***.local/share/page?pt=login, log in page does not load in SSL VPN web mode.

When matching multiple SSL VPN firewall policies, SSL VPN checks the group list from bottom to top, and the user is mapped to the incorrect portal.

SSL VPN web mode is unable to open some webpages on the internal site, https://vi***.se, portal.

Read-only administrators should be able to run diagnose sniffer packet command.

HQIP loopback test failed with configured software switch.

TCP traffic disruption when traffic shaper takes effect with NP offloading enabled.

Support FortiManager when private-data-encryption is enabled in FortiOS.

STP does not work in transparent mode.

A large number of detected devices causes httpsd to consume resources, and causes low-end devices to enter conserve mode.

Fixed interface-based traffic shaping performance degradation issue by enabling NP offloading.

ARM-based platforms do not have sensor readings included in SNMP MIBs.

The sflowd process has high CPU usage when application control is enabled.

Policy package push from FortiManager fails the first time, and succeeds the second time if it is blank or has no changes.

Asynchronous SDK call may take a long time and cause HA A-P to have Kernel panic - not syncing error.

Offloaded traffic from IPsec crossing the NPU VDOM link is dropped.

No filename setting on BOOTP response when option 67 is set on the DHCP server.

Kernel crash caused race condition on vlif accessing.

Empty firewall objects after pushing several policy deletes.

High CPU on L2TP process caused by loop.

FortiGate local-out system DNS traffic for host names lookup continuously generates timeout DNS log if the primary server cannot resolve them.

Space character in table name caused FortiManager retrieve to fail.

NP6lite SoC3 adapter drops packets after handed from kernel.

It takes a long time to set the member of a firewall address group when the member size is large. In the GUI, cmdbsvr memory usage goes to 100%. In the CLI, newcli memory usage goes to 100%.

LTE DHCP IP addressing not installed in the routing table.

High memory issue is caused by heavy traffic on the VDOM link.

Read-only administrator with packet capture read-write permission cannot run diagnose sniffer command.

radius-vdom-override and accprofile-override do not work when administrator has 2FA enabled.

FortiGate sent CSR certificate instead of signed certificate to FortiManager when retrieve is performed.

The authd process truncates user names to a length of 35 characters (this breaks RADIUS accounting and logging for very long user names).

The authd process gets stuck with high CPU due to slow route lookup when the routing table is big. FSSO stops processing new authentication events.

SSL VPN performance problem on OCI due to driver.

FG-VMX service manager enters conserve mode; cmdbsvr has high memory utilization.

Slow route change for HA failover in GCP cloud.

Hot adding multiple CPUs at once to Xen-flavored VMs can result in a kernel panic crash.

FG-VM64-AZURE-PAYG license/serial number get lost after downgrading to 6.2.6 from 6.4.3.

Client traffic was dropped by CAPWAP offloading when it connected from a mesh leaf Forti-AP managed by a FWF-61F local radio.

CAPWAP tunnel traffic is dropped when offloading is enabled (with FAP managed by a VLAN interface).

CAPWAP traffic drops on FG-300E when FortiAP is managed by VLAN interface.

The cw_acd crashes after upgrading to 6.4.3 at cwAcLocal.