Proxy-based policy with AV and web filter profile will cause VIP hairpin to work abnormally.

On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly.

Managed FortiSwitch and FortiSwitch Ports pages are slow to load when there are many managed FortiSwitches. This performance issue needs a fix on both FortiOS and FortiSwitch. A fix was provided in FortiOS 7.0.1 GA and FortiSwitch 7.0.1 GA.

The web page cannot be found is displayed when a dashboard ID no longer exists.

Workaround: load another page in the navigation pane. Once loaded, load the original dashboard page (that displayed the error) again.

GUI interface bandwidth widget does not show correct data for tunnel interface when ASIC offload is enabled on the firewall policy.

When there are a lot of historical logs from FortiAnalyzer, the FortiGate GUI Forward Traffic log page can take time to load if there is no specific filter for the time range.

Workaround: provide a specific time range filter, or use the FortiAnalyzer GUI to view the logs.

If FortiGate Cloud is not activated, users cannot edit the Log Settings page from the GUI. Affected models: FG-200F and FG-201F.

When an administrator ends a session by closing the browser, the administrator timeout event is not logged until the next time the administrator logs in.

When login banner is enabled, and a user is forced to re-login to the GUI (due to password enforcement or VDOM enablement), users may see a Bad gateway error and HTTPSD crash.

Workaround: refresh the browser.

When a FortiGate is managed by FortiManager with FortiWLM configured, the HTTPS daemon may crash while processing some FortiWLM API requests. There is no apparent impact on the GUI operation.

When LDAP server settings involve FQDN, LDAPS, and an enabled server identity check, the following LDAP related GUI items do not work: LDAP setting dialog, LDAP credentials test, and LDAP browser.

On a mobile phone, the WiFi captive portal may take longer to load when the default firewall authentication login template is used and the user authentication type is set to HTTP.

Workaround: edit the login template to disable HTTP authentication or remove the href link to googleapis.

On the Log & Report > Forward Traffic page, filtering by the Source or Destination column with negation on the IP range does not work.

When creating a new (public or private) SDN connector, users are unable to specify an Update interval that contains 60, as it will automatically switch to Use Default.

An IPsec phase 1 interface with a name that contains a / cannot be deleted from the GUI. The CLI must be used.

hbdev goes up and down quickly, then the cluster keeps changing rapidly. hasync objects might access invalid cluster information that causes it to crash.

SFP on HA1 and HA2 interfaces on an FG-1800F and FG-1801F cannot come up in 1000full speed.

Need to add the MIGSOCK send handler to flush the queue when the first item is added to the syslog queue to avoid logs getting stuck.

FortiGate does not send WELF (WebTrends Enhanced Log Format) logs.

WAD process with SoC SSL acceleration enabled consumes more memory usage over time, which may lead to conserve mode.

Workaround: disable SoC SSL acceleration under the firewall SSL settings.

WAD memory leak causes device to go into conserve mode.

Certificate inspection is not working as expected when an external proxy is used.

Proxy-based inspection causes browser to show ERR_CONNECTION_CLOSED message.

When NTurbo is enabled, it is unexpectedly provided with the wrong traffic direction information (from server or from client) to decide the destination for the data. This causes the traffic to be sent back to the port where it came from.

Interface emac-vlan feature does not work on SoC4 platform.

Link status on peer device is not down when the admin port is down on the FG-500E.

Interface belonging to other VDOMs should be removed from interface list when configuring a GENEVE interface.

FortiGate did not restart after restoring the backup configuration via FortiManager after the following process: disable NPU offloading, change NGFW mode from profile-based to policy-based, retrieve configuration from FortiGate via FortiManager, and install the policy package via FortiManager.

Multiple SFPs and FTLX8574D3BCL in multiple FG-1100E units have been flapping intermittently with various devices.

FWF-40F has random kernel panic with 6.4.4 firmware.

Local certificates could not be saved properly, which caused issues such as not being able to properly restore them with configuration files and causing certificates and keys to be mismatched.

DNS proxy is case sensitive when resolving FQDN, which may cause DNS failure in cases where local DNS forwarder is configured.

Traffic passing through an EMAC VLAN interface when the parent interface is in another VDOM is blocked if NP7 offloading is enabled.

Workaround: set the auto-asic-offload option to disable in the firewall policy.

DHCP discovery dropped on virtual wire pair when UTM is enabled.

The forticron process has a memory leak if there are duplicated entries in the external IP range file.

Default FortiLink configuration on FG-81F running versions 6.4.6 to 6.4.8 does not work as expected.

FortiGate is unable to verify the CA chain of the FSSO server if the chain is not directly rooted to FSSO endpoint.

Azure SDN connector replicates configuration from primary device to secondary device during configuration restore.

FG-VMX manager not showing all the nodes deployed.

Autoscale GCP health check is not successful (port 8443 HTTPS).

During every FortiGuard UTM update, there is high CPU usage because only one vCPU is available.