Known issues
The following issues have been identified in version 7.0.4. To inquire about a particular bug or report a bug, please contact Customer Service & Support.
Anti Virus
|
Bug ID |
Description |
|---|---|
| 778298 |
Traffic is blocked when an AV profiled is enabled in proxy inspection mode in an IPsec scenario with NPU offloading enabled. Workaround: disable NPU offloading in the affected firewall policy. |
Endpoint Control
|
Bug ID |
Description |
|---|---|
|
730767 |
The new HA primary FortiGate cannot get EMS Cloud information when HA switches over. Workaround: delete the EMS Cloud entry then add it back. |
GUI
|
Bug ID |
Description |
|---|---|
|
440197 |
On the System > FortiGuard page, the override FortiGuard server for AntiVirus & IPS Updates shows an Unknown status, even if the server is working correctly. This is a display issue only; the override feature is working properly. |
|
677806 |
On the Network > Interfaces page when VDOM mode is enabled, the Global view incorrectly shows the status of IPsec tunnel interfaces from non-management VDOMs as up. The VDOM view shows the correct status. |
|
685431 |
On the Policy & Objects > Firewall Policy page, the policy list can take around 30 seconds or more to load when there is a large number (over 20 thousand) of policies. Workaround: use the CLI to configure policies. |
|
707589 |
System > Certificates list sometimes shows an incorrect reference count for a certificate, and incorrectly allows a user to delete a referenced certificate. The deletion will fail even though a success message is shown. Users should be able to delete the certificate after all references are removed. |
|
708005 |
When using the SSL VPN web portal in the Firefox, users cannot paste text into the SSH terminal emulator. Workaround: use Chrome, Edge, or Safari as the browser. |
|
713529 |
When a FortiGate is managed by FortiManager with FortiWLM configured, the HTTPS daemon may crash while processing some FortiWLM API requests. There is no apparent impact on the GUI operation. |
|
755177 |
When upgrade firmware from 7.0.1 to 7.0.2, the GUI incorrectly displays a warning saying this is not a valid upgrade path. |
|
777145 |
Managed FortiSwitches page incorrectly shows a warning about an unregistered FortiSwitch even though it is registered. This only impacts transferred or RMAed FortiSwitches. This is only a display issue with no impact on the FortiSwitch's operation. Workaround: confirm the FortiSwitch registration status in the FortiCare portal. |
HA
|
Bug ID |
Description |
|---|---|
|
830463 |
After shutting down the HA primary unit and then restarting it, the uptime for both nodes is zero, and it fails back to the former primary unit. |
Intrusion Prevention
|
Bug ID |
Description |
|---|---|
|
780194 |
IPS engine 7.00105 has |
IPsec VPN
|
Bug ID |
Description |
|---|---|
|
761754 |
IPsec aggregate static route is not marked inactive if the IPsec aggregate is down. |
|
778243 |
When |
Log & Report
|
Bug ID |
Description |
|---|---|
|
776929 |
When submitting files for sandbox logging in flow mode, |
Proxy
|
Bug ID |
Description |
|---|---|
|
727629 |
An error case occurs in WAD while handling the HTTP requests for an explicit proxy policy. |
|
766158 |
Video filter FortiGuard category takes precedence over allowed channel ID exception in the same category. |
|
772041 |
WAD crash at signal 11. |
|
778659 |
Proxy inspection fails due to |
Routing
|
Bug ID |
Description |
|---|---|
|
745856 |
The default SD-WAN route for the LTE wwan interface is not created. Workaround: add a random gateway to the wwan member. config system sdwan
config members
edit 2
set interface "wwan"
set gateway 10.198.58.58
set priority 100
next
end
end
|
Security Fabric
|
Bug ID |
Description |
|---|---|
|
614691 |
Slow GUI performance in large Fabric topology with over 50 downstream devices. |
|
779181 |
Security rating report for System Uptime incorrectly fails the check for FortiAP, even though the FortiAP is up for more than 24 hours. |
SSL VPN
|
Bug ID |
Description |
|---|---|
|
757450 |
SNAT is not working in SSL VPN web mode when accessing an SFTP server. |
|
852566 |
User peer feature for one group to match to multiple user peers in the authentication rules is broken. |
System
|
Bug ID |
Description |
|---|---|
|
644782 |
A large number of detected devices causes httpsd to consume resources, and causes entry-level devices to enter conserve mode. |
|
681322 |
TCP 8008 permitted by authd, even though the service in the policy does not include that port. |
|
708228 |
A DNS proxy crash occurs during |
|
751715 |
Random LTE modem disconnections due to certain carriers getting unstable due to WWAN modem USB speed under super-speed. |
|
758490 |
The value of the |
|
763185 |
High CPU usage on platforms with low free memory upon IPS engine initialization. |
|
764252 |
On FG-100F, no event is raised for PSU failure and the diagnostic command is not available. |
|
768979 |
On a FortiGate with many FortiSwitches and FortiAPs, the Device Inventory widget and |
|
778474 |
dhcpd is not processing discover messages if they contain a 0 length option, such as 80 (rapid commit). The warning, |
|
847077 |
|
|
1041457 |
On FortiGate, kernel 4.19 does not work as expected when concurrently reassembling fragmented packets that have more than 64 destination IPv4 addresses. |
User & Authentication
|
Bug ID |
Description |
|---|---|
|
754725 |
After updating the FSSO DC agent to version 5.0.0301, the DC agent keeps crashing on Windows 2012 R2 and 2016, which causes lsass.exe to reboot. |
|
778521 |
SCEP fails to renew if the local certificate name length is between 31 and 35 characters. |
VM
|
Bug ID |
Description |
|---|---|
|
756510 |
FG-ARM64-AWS kernel panic occurs ( |
Web Filter
|
Bug ID |
Description |
|---|---|
|
766126 |
Block replacement page is not pushed automatically to replace the video content when using a video filter. |