An issue in the WAD prevents access to SMB when an AV proxy based profile is included in a policy.

FortiGate cannot connect to FortiSandboxCloud when inline content block scan mode is set to default in an antivirus profile.

When FortiGate is in HA AA mode, the secondary unit does not connect to all FSA types for inline scanning.

A memory usage issue in the WAD process prevents the AV Engine from loading properly.

When srcure-web-proxy is enabled, if the client disconnects without sending any data as soon as the TCP connection with FortiGate is established, a WAD process signal 11 error occurs.

On FortiGate, the diagnose netlink interface list command shows no traffic running through the policy, even with NP offload enabled or disabled.

On the NP7 platform, traffic is blocked when egress-shaping-profile and outbandwidth are enabled on a vlan parent interface.

Traffic is allowed to pass through ports that are configured with a block policy.

On an FG-3001F NP7 device, packet loss occurs even on local-in traffic.

The source interface displays the name of the VDOM and local out traffic displays as forward traffic.

On the Policy & Objects > Firewall Policy page, the Firewall/Network options are missing in the GUI when enabling a security profile group in a policy.

When a schedule is added to a firewall policy, the schedule is not activated at the time configured in the policy.

On the Policy & Objects > Firewall Policy page, when searching for an address object with a comment keyword, no results are displayed.

On FortiOS, the Dashboard > FortiView Destination Interfaces, Dashboard > FortiView Source Interfaces pages, and Policy & Objects > Firewall Policy > Edit Policy page display incorrect bandwidth units.

When editing object address in the Policy & Objects > Addresses page on the GUI, the GUI does not function as expected if the address being edited contains a slash character.

FortiGate creates dummy destination IP logs when pinging a FortiGate VIP.

On the Policy & Objects > Firewall Policy page, searching for service port numbers in the Firewall Policy list does not return any results.

After editing a policy on the Interface Pair View window on the Policy & Objects > Firewall Policy page, the display order changes.

SMTP traffic does not egress from the same interface when a UTM profile is used in a proxy-based policy.

When a loopback interface has an IP that matches a VIP's extip with an extintf "any", FortiGate will match the VIP but the oif loopback causes an unintended policy 0 match and drops.

The FortiGate virtual server does not setup an http2 connection with a WebSocket server due to a WAD process issue.

When snat-hairpin-traffic is enabled, SNAT is not automatically applied to hairpin traffic, causing a SNAT mismatch in strict-dirty-session-check.

On FortiGate 7000 models, the Power Supply status displays as Normal in the GUI when there is a logged power failure.

IPv6 ECMP is not supported for the FortiGate 6000F and 7000E platforms. IPv6 ECMP is supported for the FortiGate 7000F platform.

On FortiOS, the Security Fabric widget does not display information on blade status.

On FortiGate 6000 FPCs and FortiGate 7000 FPMs the node process may consume large amounts of CPU resources, possibly affecting FPC or FPM performance. (You can run the diagnose sys top command from an FPC or FPM CLI to view CPU usage.) This problem may be caused by security rating result submission.

An SNMP query for policy statistics returns 0 on MBD.

HA remote access does not work as expected when ha-port-dtag-mode is double-tagging.

On the System > Interfaces page, the set monitor-bandwidth setting is not automatically disabled set when the interface bandwidth monitor for a port is deleted.

When the number of users in the Firewall User monitor exceeds 2000, the search bar, column filters, and graphs are no longer displayed due to results being lazily loaded.

In the Assets widget preview window of the Asset & Identities widget, clicking the Refresh button does not update the data.

When changing administrator account settings, the trusthost10 setting is duplicated.

On FortiOS, the time displayed in the CLI and in the GUI do not match.

The Node.JS restarts and causes an Error: The socket was closed while data was being compressed error.

When creating a firewall policy, applications groups with custom application signatures cannot be saved using the GUI.

On the Dashboard > User & Devices page on a VDOM, the Address column shows multiple devices with the FortiGate VLAN gateway instead of the Client IP.

When updating an administrator password in the GUI, the password expiration date does not update when the new password is created.

When workspace configuration save mode is set to manual in the System > Settings, configuration changes made on the primary unit and then saved do not synchronize with the secondary unit when one of the cluster units are rebooted or shutdown after the change.

When the HA management interface is set a LAG, it is not synchronized to newly joining secondary HA devices.

The VMware SDN connector does not respect the ha-direct setting and uses the management interface, causing traffic to be dropped.

Using RADIUS login on the secondary unit does not work as expected when trying to login to the primary and secondary units at the same time.

When upgrading a FortiGate VM Analyzer, a CPU usage issue causes the auto scale cluster to go out of synchronization.

A WAD processing issue causes the SNMP to not respond in an HA cluster.

In a FortiGate HA configuration, the tunnel connection to FortiManager is disrupted due to a mismatched serial number and local certificate issue.

In an FGSP cluster configuration running in TP mode, reply traffic in asymmetric flow is not offloaded to NP.

When creating a new VDOM in an HA configuration, FortiGate may not operate as expected due to an hasync issue.

In an HA cluster on the SOC4 platform, the secondary unit enters a continuous rebooting cycle due to an interruption in the kernel after a firmware upgrade.

On the System > HA page, all HA vcluster device roles display as Primary in the Role column.

In a HA cluster using FGSP mode, the primary and secondary units cannot synchronize the lease agreements due to a synchronization issue with the DHCP server.

The HA Secondary unit cannot communicate with FortiGate Cloud when it uses standalone-mgmt-vdom using the HA Primary unit.

In an FGSP setup running emix traffic, nTurbo values run in the negative.

On the Security Profiles > Intrusion Prevention page, when a new IPS filter is created with no filter selected, the Details column of the IPS Signatures and Filters table is blank instead of All Attributes.

Throughput capacity drops during failover to the secondary unit in an A/P cluster.

Traffic does not pass through an vpn-id-ipip IPsec tunnel when wanopt is enabled on a firewall policy.

VPN traffic does not pass between VDOMs through intervdom links.

IKE daemon randomly does not operate as expected during phase1 rekeying depending on soft rekey margin, timing, and packet ordering.

On NP7 platforms that are used a hub in a hub and spoke configuration, traffic packets are dropped on IPsec tunnel spokes due to an anti-replay error.

On the VPN > IPsec Tunnels page, when language setting on FortiOS is set to anything other than English, the Status column displays active (green up arrow) when the tunnel is inactive.

A second IPsec tunnel cannot be added on different IP versions that use the same peerid.

IPSec IKEv2 with SAML cannot match the Entra ID group during EAP due to a buffer size issue.

IPsec interfaces created on 802.1ad + 802.3ad interfaces with NP offloading enable do not work as expected after a firmware upgrade.

After a peer-side interface shutdown and reboot, the dpd status does not return to OK, even when the peer-interface is up and SA renegotiated.

On the SOC4 platform, L2TP & ETHERIP traffic does not traverse through an IPSec tunnel with NP offload enabled.

IPsec VPN traffic does not pass over the tunnel when the HA heartbeat cable is reconnected.

The firewall hit and bytes counts display values of 0 in a policy-based VPN.

IPSec VPN tunnel does not go down when the VPN peer route is removed from the routing table.

FortiGate does not unregister the net_device causing the unit to encounter a performance issue.

When performing a SAML authentication, authd gets stuck in a loop due to a CPU usage issue.

The Phase1 monitor BGP remains active when the tunnel is DOWN.

FortiGate does not always send the full Server Certificate Chain causing disconnections with IKEv2 VPN using the native Windows client.

An interruption may occur in the daemon locallogd when the system is in memory conserve mode.

When uploading the log file to the FTP server, some parts of the log files are not included in the upload.

On the Log & Report > System Events page, the log displays an FortiGate has experienced an unexpected power off error message when an interruption occurs in the kernel.

The miglogd does not forward log packages to FortiAnalyzer due to a memory usage issue.

User equipment IP addresses are not visible in traffic logs.

A memory usage issue in the fgtlogd daemon causes FortiGate to enter into conserve mode.

The IPS engine sends a high frequency of IoT device queries even when the device identification is set to disabled.

The SSH deep-inspection with unsupported-version bypass > log information is not showing.

The appcat field location is inconsistently placed in the system log.

A system log message is not generated when syslogd setting is enabled or disabled in the GUI or CLI.

On FortiGate, a CPU usage issue occurs in the locallogd.

On the Security Traffic Log > Security tab, the Details page displays data with a 1/500 log fetched prompt.

On the Log & Report > Forward Traffic page, application icons may not display in the Application Name column.

The first character User-Agent information is not included in the web filter log.

When filtering forward traffic logs using FortiAnalyzer as a source, data takes longer than expected to load and generates a memory error message.

The unset pac-file-data from pac-policy does not generate a system event log and the pac-file-data is deleted.

A replacement message is not provided to the client when traffic is blocked by a DPI-enabled proxy mode firewall policy with application control enabled.

When the kernel API tries to access the command buffer, the device enters D state due to a kernel interruption.

When a forward server with proxy authorization is configured with certain traffic, a memory usage issue in the WAD process interrupts the operation of FortiGate.

On FortiGate, a memory usage issue in the WAD process may cause the unit to enter into conserve mode.

On FortiGate 6000 models, when an explicit proxy is configured, the TCP 3-way handshake does complete as expected.

After upgrading from version 6.4.13 to version 7.0.12 or 7.0.13, FortiGate experiences a memory usage issue.

On FortiGate, the WAD daemon does not work as expected due to a NULL pointer issue.

TCP connections are not distributed properly when src-affinity-exempt is enabled.

When downgrading to a previous firmware version, the restoration of IoT device information results in an out of bound access interruption due to newly added iot attributes.

Starting from version 7.4.4, FortiOS no longer supports proxy-related features for FortiGate models with 2 GB RAM or less. When upgrading from FortiOS 7.4.3 or earlier to later versions, the UTM profile feature set was not properly changed from proxy to flow.

When some regex objects do not match the policy, it can result in all other objects in the same policy to not match.

An IMAP connection to an external application email server is not established in a proxy mode policy with DPI enabled.

A memory usage issue occurs in the WAD daemon process for wad-config-notify.

On FortiGate, an interruption occurs in the WAD process when in proxy-mode causing the unit to go into memory conserve mode.

An error condition occurs in the WAD process due to a rare error case during the SSL handshake.

The WAD process does not work as expected when FortiGate is configured as a HTTP load balancer with an HTTP session and changes are made to the virtual server live.

In an HA setup with vCluster, a CMDB API request to the primary cluster does not synchronize the configuration to the secondary cluster.

The count and start API request attributes that required for some API endpoints are skipped, causing the REST API to not function as expected.

When importing a certificate using API, it is not visible on FortiOS despite displaying that the import was successful.

In SD-WAN with interface-select-method enabled, if link performance is affected, local out traffic continues on the same link.

On the Network > Static Routes page, VRF information does not display in the VRF column.

On FortiGate 1800F models, the VXLAN tunnel on a Loopback interface does not match SD-WAN rules.

A BGP neighbor over GRE tunnel does not get established after upgrading due to anti-spoofing not functioning as expected.

BGP Stale routes do not function as expected in an HA configuration.

When creating a rule on the Network > Routing Objects page, the Prefix-list is set to 0.0.0.0 0.0.0.0 when an incorrect format is entered in the Prefix field.

FortiGate routes traffic to an interface with a physical status of DOWN.

When renewing the LTE WWAN IP, some packets are sent using the old IP address causing traffic to drop.

The default configuration of the Fabric Overlay Orchestrator causes concurrent disconnects with the BGP.

FortiGate does not advertise default route to its EBGP neighbor when capability-default-originate is enabled.

FortiGate does not automatically add the set LTE dynamic route to the routing table.

In a hub and spoke configuration, the IPsec SA MTU calculation does not match with the vpn-id-ipip encapsulation resulting in a fragmentation issue.

When adding a route using SD-WAN zone, there is no overlap check on existing gateway IP addresses which prevents routes from being added.

When the SNAT does not match the outgoing interface during failover from the secondary to the primary, SD-WAN traffic does not failover back to the primary WAN.

SD-WAN SLA shows intermittent disruptions of packet loss on all links simultaneously, even though there is no actual packet loss.

FortiGate encounters a duplication issue in a hub and spoke configuration with set packet-duplication force enabled on a spoke and set packet-de-duplication enabled on the hub.

Creating a BGP IPv4 network prefix or neighbor in the GUI unintentionally creates an empty IPv6 network prefix.

On the Network > Routing Objects page, the Set AS path on the Edit Rule pane does not allow the use of the full range AS numbers.

BGP multipath routing does not work as expected in a BGP confederation setup.

On FortiGate, outgoing traffic goes through the wrong interface for local-in traffic coming on an SDWAN interface.

When BGP enables local-as-replace-as and there is a network loop condition, the NLRI's as-path is increased indefinitely.

IKE-SAML reply traffic does not egress from the same interface as ingress traffic when the route is present in the routing table.

The gateway/offload value of offloaded one-way UDP sessions is reset when unrelated routing changes are made.

On the Security Fabric > External Connectors page, the comments are not working as expected in the threat feed list for the domain threat feed.

Threat Feed connectors in different VDOMs cannot use the source IP when using internal interfaces.

During a full fabric upgrade where a PoE powered device (PD) connected to a Power Sourcing Equipment (PSE) are upgraded, the upgrade of the PD may be interrupted if the PSE finishes upgrading first, causing a boot loop on the PD. This behavior is now avoided by performing upgrades on PDs first before upgrading PSEs and the FortiGate itself.

When creating a new IPv6 address, SDN connectors cannot be added for dynamic addresses.

STIX threat feeds cannot download properly due to a JSON parsing issue.

The SDN Connector for nutanix does not return all the entries.

The System > Fabric Management page may not load properly after an unsuccessful federated upgrade.

When optimizing a security rating, resolving an alert for one rating causes another alert to appear for another rating and the alerts cycle between both ratings continuously.

When the Security Fabric is enabled and the FortiGate is set as root, the System > Firmware & Registration page does not load.

Cannot test an automation stitch that uses the Schedule trigger from the GUI.

With a FortiGate configured with a root-vdom and a mgmt-vdom, when an automation stitch is configured for a compromised host with IP-Ban action, the IP is banned from the mgmt-vdom.

FortiGate models with 2GB of memory that manage many extension devices (FortiSwitches and FortiAPs) may enter conserve mode due to the GUI process experiencing a memory usage issue over time.

On the VPN > SSL-VPN Settings page, when renaming a selected Restrict Access Host object, the object is deselected.

The two-factor-fac-expiry command is not working as expected for remote RADIUS users with a remote token set in FortiAuthenicator.

When changing SSLVPN access in the Restrict Access field to Allow access from any host and enabling the Negate Source option on the VPN > SSLVPN page, the changes made in the GUI are not reflected in the CLI.

When RDP is accessed through SSL VPN web mode, keyboard strokes on-screen lag behind what is being typed by users.

FortiGate does not respond to ARP packets related to SSL VPN client IP addresses.

A CPU usage issue occurs in the tvc daemon when the vpn server cannot be reached.

The SSL VPN IP pool may get exhausted when tunnel-connect-without-reauth is enabled.

OneLogin SAML does not work as expected with SSL VPN after upgrading to 7.0.15 or 7.4.3.

NAS-IP per SSL-VPN realm does not work as expected under the config vpn ssl web realm after upgrading firmware.

SSL VPN does not work as expected if an LDAP user UPN exceeds 35 characters.

Duplicate log entries are created for SSL VPN when the tunnel is up or down.

The SSL VPN web mode flag is determined incorrectly causing the authenticated POST request to be dropped.

A non-default LLDP profile with a configured med-network-policy cannot be applied on a switch port.

On the WiFi & Switch Controller > Managed FortiSwitches page, ISL links do not display as solid connections.

On the WiFi & Switch Controller > FortiSwitch Ports page, changes made to the Allowed VLANs and Native VLAN columns are not saved when edited on the GUI.

FortiGate in an HA configuration goes out of synchronization due to a split-port interface on FortiSwitch.

FortiGate does not work as expected due an issue with a null variable in the cu_acd.

When the name of the FortiSwitch does not match its serial number, it shows up as not registered on the System > Firmware & Registration and Security Fabric > Fabric Connectors pages.

On FortiGate 1000D models, the SFP 1G port randomly experiences flapping during operation.

GRE traffic is still allowed to flow through when the GRE interface is disabled.

On FortiGate, fragmented packets with specific flow types are not forwarded to the correct ports on a LAG interface.

The passthrough GRE keepalive packets are not offloaded on NP7 platforms.

On NP7 platforms, the FortiGate maybe reboot twice when upgrading to 7.4.2 or restoring a configuration after a factory reset or burn image. This issue does not impact FortiOS functionality.

On NP7 platforms, egress shaping on a physical interface is not enforced on traffic according to the shaping profile definition.

On FortiGate 401F and 601F models, the CR mediatype option on x5-x8 ports is not available.

DAC cable between FortiGate and FortiSwitch stops working after upgrading from 7.2.6 to 7.2.7.

On FortiGate 80F models, the 100FULL speed option is not available for the SPF port.

VLAN traffic is stopped when created on LACP with split-port-mode configured.

After upgrading FortiGate and not changing any configuration details, the output of s_duplex in get hardware nic port command displays Half instead of Full. This is purely a display issue and does not affect system operation.

FortiGate experiences packet drop when egress-shaping-profile is applied to a LAG interface.

The ipmcsensord does not work as expected when executing sensor-related commands before the high-end device sensor finishes booting up.

On the FortiGate 90xG models, the ULL interfaces for x5 - x8 are down after being set to 25G speed.

FortiGate does not show additional speed options outside of auto on a WAN interface.

The locallogd process may cause a CPU usage issue on FortiGate.

FortiGate may generate a Power Redundancy Alarm error when there is no power loss. The error also does not show up in the system log.

When the FortiGate 100F and 101F model firmware is upgraded, the interface speed on ports 17-20 changes from auto to 1000 full.

SNMP ifSpeed OID show values as zero on VLAN interfaces in hardware switches.

FortiGate 100 models may become unresponsive and prevent access to the GUI, requiring a reboot to regain access due to an issue with the SOC3.

FortiGate does not show QoS statistics in the diagnose netlink interface list command when offloading is disabled in a firewall policy and IPsec phase 1 tunnel on NP7 platforms.

After an upgrade, FortiGate receives a PSU RPS LOST traps error despite not having any RPS connected.

VLAN/EMAC VLAN traffic is unexpectedly blocked under certain conditions.

Support Kazakhstan time zone change to a single time zone, UTC+5.

After restoring a configuration on FortiGate with the interface changed from aggregate to physical, the interface switches back to aggregate and cannot be changed back to physical.

On SoC3/SoC4 platforms, a kernel interruption may occur when running WAD monitoring scripts.

VLAN traffic is stopped when created on LACP with split-port-mode configured.

FortiGate incorrectly sends set csr instead of set certificate to FortiManager after auto enrolling a certificate using SCEP.

Administrator accounts using an admin profile with only FortiGuard Updates read-write permissions cannot open the FortiGuard page.

FortiGate enters a loop cycle and generates a large number of LCAP packets when FortiGate does not receive LCAP packets from a peer device.

After a restarting FortiGate from the GUI, the auto-nego SFP port settings are not reflected in FortiGate.

Traffic does not hit a new policy created in the GUI or CLI due to an auto-script command issue.

When a SIM card is ejected from a FortiGate using dual SIM cards, the log message does not indicate the slot number FortiOS is switching to.

Jumbo frame packets do not pass through all split ports and may cause packets to drop.

On FortiWiFi 60/61F models, the STATUS LED light does not turn on after rebooting the device.

Some TTL exceeded packets are not forwarded on their destination and an error message is not always generated.

On FortiGate, VXLAN traffic is not offloaded properly resulting in some packets being dropped.

When FortiGate experiences a memory usage issue and enters into conserve mode, the system file integrity check may not work as expected and cause the device to shutdown.

On a VDOM, running sudo global show does not return any system interfaces information.

After configuring a virtual wire pair (VWP) setting, it is not present in FortiGate after a reboot.

When configuring an SNMP trusted host that matches the management Admin trusted host subnet, the GUI may give an incorrect warning that the current SNMP trusted host does not match. This is purely a GUI display issue and does not impact the actual SNMP traffic.

FortiGate encounters a CPU usage issue when there are a high volume of traffic and scripts running on the device which could lead to an issue with performance.

FortiGate reboots twice after a factory reset when gtp-enchanced-mode is enabled.

FortiGate may experience intermittent traffic loss on an LACP interface in a virtual wire pair with l2forward enabled.

FortiGate experiences a CPU usage issue when dedicated-management-cpu is enabled.

On FortiGate, when set ull-port-mode is set to 25G, ports x5-x8 show a status of DOWN.

On the Network > Diagnostics page, FortiGate shows that the packet capture capacity has been reached when there is no captured packet on the device.

Passthrough GRE traffic using Transparent Ethernet Bridging packets as the protocol type are not offloaded on NP7 platforms.

On FortiGate Rugged FGR70F-3G4G models, wan1 and wan2 port mode changes to static after a factory reset.

The OPC VM does not boot up when in native mode.

The SNMP trap is not sent out when a virus is detected on the antivirus scanner.

The SFP+ port LED does not illuminate and displays a speed 10Mbps even though the link status up and speed is set to 1000Mbps.

FortiGate does not auto negotiate to Full duplex when connecting to FortiSwitch due to a duplication error.

FortiGates using a SOC4 platform with a virtual switch configured may continuously reboot when upgrading due to an interruption in the kernel.

On FortiGate, an interruption occurs in the kernel when running WAD process monitoring scripts.

FortiGate reboots due to the maximum buffer length difference between nTurbo and NPU HW. NPU will fragment packets which are more than 10000, but carries wrong extend info to nTurbo in the 2nd fragment.

The MAC Authentication Bypass (MAB) does not initiate on a virtual switch due a kernel configuration issue.

The kernel 4.19 cannot concurrently reassemble IPv4 fragments for a source IP with more than 64 destination IP addresses

FortiGate does not upgrade if private-data-encryption is enabled and the device is not rebooted.

An interruption occurs in the kernel resulting in intermittent power disruptions and rebooting of FortiGate.

When upgrading FortiGate from version 7.4.3 to 7.4.4, if a set vlan 3 setting is present, the device repeatedly reboots and does not boot up.

User names for some cloud-based services cannot be configured under config system email-server that exceed 64 characters.

FortiGate encounters an interruption in the kernel due to a NULL pointer issue.

In some scenarios, when FortiGate as a DHCP client sends out DHCP-REQUEST packets, the SRC IP address is set in the IP header.

On FortiGate, IP addresses cannot be assigned within a configured IP range due to a DHCP server issue.

FortiGate encounters a memory usage issue when there is no traffic running and the configuration is not fully loaded.

On FortiGate, the console displays error messages when adding Pre and Post-login banners due to a rare error condition.

FortiGate reboots after a connected HA heartbeat cable is connected, or running the diag hardware deviceinfo nic ha command.

FortiGate does not work as expected due to an interruption in the kernel.

On FortiGate 900 models, when the baudrate is configured, the changes are not applied and is set to 9600.

FortiGate returns a string with a % sign for the OID 1.3.6.1.4.1.12356.101.4.8.2.1.8 (fgLinkMonitorPacketLoss).

EXPIRE dates are not displayed properly when executing the get sys fortiguard-service status command due to a formatting issue.

FortiGate does not boot after restoring a configuration file containing an invalid string format.

Upgrading directly from 7.2.4 or earlier versions to 7.2.9, or directly from 7.0.11 or earlier to 7.2.9 is not supported. Users must upgrade following the recommended upgrade path to avoid system hanging.

When auto-upgrade is disabled, scheduled upgrades on FortiGate are not automatically canceled.

On FortiGate, an interrupted occurs in the kernel in both HA FortiGates when an HA cluster's firmware is upgraded.

After a firmware upgrade, the config system npu-post command does not work as expected.

When restoring an FortiGate, the 7.4.1 config file with deprecated Inline CASB entries displays errors messages and causes the confsyncd to not function as expected.

During a graceful upgrade, the confsync daemon and updated daemon encounter a memory usage issue, causing a race condition.

When using the local-in firewall authentication with SAML method, SAML users cannot get access using the authentication portal.

On the System > Certificates page, error Unable to create certificate displays when uploading certificates using the PKCS12 (.pfx) format. The certificates are still uploaded.

Users are unable to use passwords that contain the ñ character for authentication.

The Strict-SNI SSL Profile might block connections even if SNI and Certificate CN match.

After upgrading firmware on FortiGate, an interruption occurs in the fnbamd resulting in auto-connect not working as expected.

FortiGate encounters a CPU usage issue in the authd process after a firmware upgrade.

SSL VPN access is prevented when the LDAP server includes a two-factor authentication filter.

When SCEP is used with SSL connections, some TLS connections are missing the SNI extension on FortiGate.

Users are unable to use passwords that contain Polish characters ńżźćłśąó for RADIUS authentication.

Multiple errors observed in the IOTD debug log caused by connection timeouts.

After a firmware upgrade, FortiToken does not work as expected when using the GUI.

The reply-to option under config system alertmail is removed even for custom mail-servers with 2-factor authentication after an upgrade.

The username-case-sensitive disable setting is not respected for RSSO when a username has a capital letter.

FortiGate does not use a policy with deep inspection enabled on SSL profiles for SWG user access.

The TACACS+ connection times out, irrespective of the remoteauthtimeout setting, due to an issue with the ldapconntimeout setting, after upgrading to version 7.4.4.

FortiOS may reply to an FTM push message using a different egress interface instead of the original interface.

The Active Firewall-Authentication for 2FA FAC RADIUS users using PAP method does not work as expected after upgrading to version 7.4.4.

On FortiGate, RADSEC sent incorrect accounting packets due to a hashing issue.

OpenStack Queens FortiGate VM HA heartbeat on broadcast is not working as expected.

The Client Hello packet is delayed connecting to FortiGate proxy-based mode and certificate inspection in an AWS GWLB environment using a GENEVE interface.

An interrupt distribution issue may cause the CPU load to not be balanced on the FG-VM cores.

After upgrading FortiGate, the VM license status is removed even though the VM license is still valid.

AWS SDN Connector stops processing caused by the IAM external account role missing the sts:AssumeRolevalue.

The FortiGate-VM system stops after sending an image to the HA secondary during an firmware upgrade due to different Flex-VM CPU license.

On FortiGate AWS, the IPsec configuration goes missing after an upgrade due to an inconsistent table-size.

VPN tunnels go down due to IKE authentication loss after a firmware upgrade on the VM.

When FortiGate returns an ICMP TTL-EXCEEDED message, the geneve option field header is missing.

After rebooting, DPDK mode is disabled on a VLAN interface and traffic stops.

On FortiGate, an HA failover does not work as expected when using an OCI environment.

When a intended policy is configured for interesting traffic subnets, traffic flow hits the implicit deny rule instead of the configured policy.

In an HA configuration, the secondary unit heartbeat port is accessible even though access to the interface is not allowed on that unit.

A FortiGate VM HA in Azure Cloud may intermittently go out of synchronization due to an issue in the daemon process.

FortiToken does not work as expected after moving a FortiGate-VM license to a new VM with the same serial number.

FortiGate VM Azure does not work as expected and enters into conserve mode in vWAN setup.

The Web Application Firewall marks http/s traffic as a malformed constraint.

FortiGate prevents adding a regex string to a static URL filter table.

The webfilter and traffic logs show the incorrect realserver IP address due to a WAD process issue.

On FortiGate, an interruption occurs with the cw_acd during failover to the secondary FortiGate.

Intermittent traffic disruption observed in cw_acd caused by a rare error condition.

A kernel interruption occurs on FortiWiFi 40F/60F models when WiFi stations connect to SSID on the local radio.

FortiWiFi reboots or becomes unresponsive when connecting to SSID after upgrading to 7.0.14.

Guest WiFi clients cannot be removed using RADIUS CoA after FortiGate reboots.

On the WiFi & Switch Controller > SSIDs page, when creating new SSIDs, settings cannot be saved with captive portal enabled and a Portal Type of Disclaimer Only or Email Collect.

FortiWiFi cannot access internal FAP consoles due to a login prompt issue in diagnose sys modem com.

Wi-Fi devices would encounter service delay when roaming over captive-portal SSID with MAC-address authentication.

FortiGate does not use data from FortiClient to send the VPN snapshot to EMS.

When first connecting to the ZTNA server, the EMS websocket can become stuck and an error displays ZTNA Access Denied - Policy restriction!.

When visiting SaaS application web pages using ZTNA, web pages can stall or return an ERR_CERT_COMMON_NAME_INVALID error.

ZTNA intermittently does not match the firewall policy due to missing information in the policy.

ZTNA does not allow tcp-forwarding SSH traffic to pass through.