FortiGate does not generate traffic logs for established or denied TCP sessions that lack application data.

On FortiGate, not all registered endpoint EMS tags are displayed in the GUI.

When searching for an IP address on the Firewall Policy page, the search/filter functionality does not return the expected results.

SSL VPN user status does not display on the FortiManager GUI.

When there is a heavy traffic load, there are no results displayed on any FortiView pages in the GUI.

Feature Visibility options are visible in the GUI on a mgmt-vdom.

On FortiOS, the Security Fabric widget does not display information on blade status.

When doing a GUI-packet capture on FortiGate, the through-traffic packets are not captured.

SLBC does not function as expected with IPsec over TCP enabled.

In an HA configuration, FortiGate does not respond to SNMP queries causing the device to display as being DOWN.

When applying a script to a configuration, the updated configuration is applied to the FIM but is not fully synchronized on the FPCs.

On the Dashboard > FortiView Sessions page, closing a large number of FortiView sessions (+100) can take longer than expected and result in a CPU usage issue.

On FortiOS, the time displayed in the CLI and in the GUI do not match.

When creating a firewall policy, applications groups with custom application signatures cannot be saved using the GUI.

After a firmware upgrade, a VLAN interface used in IPsec, SSL VPN, or SD-WAN is not displayed on the interface list or the SD-WAN page and cannot be configured in the GUI.

When running the diag sys ha checksum cluster command, a previous line result is added further down in the output instead of new line result when a FortiGate is configured with several VDOMs .

In an HA configuration, FortiGate may experience intermittent heartbeat loss causing unexpected failover to the secondary unit.

Using the Test User Credentials button from the Radius Server in the GUI does not honor the custom nas-id-type.

With a FGSP and FGCP setup, sessions do not show on the HA secondary when the FGSP peer is in HA.

On FortiGate, an login error message displays in the event log after completing an automation.

On FortiGate, the CGN Resource Quota field allows an invalid value to be set.

On FortiGate, the IKE anti-replay does not log duplicate ESP packets when SA is offloaded in the event log.

After a firmware upgrade, some VPN tunnels experience intermittent signal disruptions causing traffic to be re-routed.

The IPsec Aggregate interface displays as DOWN on the Network > Interfaces and the Policy & Objects > Firewall Policy pages when the member including the Dialup VPN is actually UP. This is purely a GUI display issue and does affect system operation. The correct status is shown on the VPN > IPsec Tunnels page.

The firewall hit and bytes counts display values of 0 in a policy-based VPN.

RADIUS authentication with EAP-TLS does not work as expected through IPsec tunnels.

On FortiOS, the Log & Report > Forward Traffic page does not completely load the entire log when the log exceeds 200MB.

On the Log & Report > Forward Traffic page, application icons may not display in the Application Name column.

When filtering forward traffic logs using FortiAnalyzer as a source, data takes longer than expected to load and generates a memory error message.

After an upgrade on a 2GB FortiGate device, the firewall policy does not switch from Proxy-based to Flow-based in the Inspection mode field.

On FortiGate, an interruption occurs in the WAD process when in proxy-mode causing the unit to go into memory conserve mode.

Unsuccessful API user login attempts do not get reset within the time specified in admin-lockout-threshold.

The router API does not include all ECMP routes for SD-WAN included in the get router info routing-table command.

Creating a BGP IPv4 network prefix or neighbor in the GUI unintentionally creates an empty IPv6 network prefix.

In a hub and spoke HA configuration, SD-WAN pages take longer than expected to load in the GUI when there are a large number of spokes (~350) configured.

When creating a new IPv6 address, SDN connectors cannot be added for dynamic addresses.

FortiGate experiences a CPU usage issue in the Node.js daemon when there multiple administrator sessions running simultaneously.

When optimizing a security rating, resolving an alert for one rating causes another alert to appear for another rating and the alerts cycle between both ratings continuously.

In an HA configuration, when the primary FortiGate unit fails over to a downstream unit, the previous primary unit displays as being permanently disconnected.

The Security Rating topology and results does not display non-FortiGate devices.

Cannot test an automation stitch that uses the Schedule trigger from the GUI.

The Security Rating report does not show test results for downstream FortiGates when the All FortiGates view is selected.

Workaround: Individual results can still be viewed for each downstream FortiGate by changing the FortiGate selection to the individual FortiGate.

On the WiFi & Switch Controller > SSID page, NAC policies using a Wildcard MAC Address cannot be saved using the GUI.

Workaround: use the CLI to perform the operation.

On NP7 platforms, DSW packets are missing resulting in VOIP experiencing performance issues during peak times.

FortiGate experiences packet loss when using an internal hardware switch.

FortiGateRugged 60 models may experience packet loss when directly connected to Cisco switch.

After deleting a redundant port on FortiGate, the port does not register as being available and generates an error.

FortiGate enters a loop cycle and generates a large number of LCAP packets when FortiGate does not receive LCAP packets from a peer device.

After a restarting FortiGate from the GUI, the auto-nego SFP port settings are not reflected in FortiGate.

After configuring a virtual wire pair (VWP) setting, it is not present in FortiGate after a reboot.

FortiGate experiences a CPU usage issue when dedicated-management-cpu is enabled.

The SNMP trap is not sent out when a virus is detected on the antivirus scanner.

Traffic flow speed is reduced or interrupted when the traffic shaper is enabled.

The FortiOS GUI is unresponsive due to a CPU usage issue with the csfd and node processes.

FortiGate encounters an interruption in the kernel due to a NULL pointer issue.

On FortiGate, IP addresses cannot be assigned within a configured IP range due to a DHCP server issue.

The traffic shaper does not take effect on the firewall policy when traffic is offloaded to NP7 due to a traffic management issue.

The DNS server does not operate as expected with forward-only mode enabled.

Upgrading the firmware for a large number (100+) of FortiSwitch or FortiAP devices at the same time may cause performance issues with the GUI and some devices may not upgrade.

Workaround: pace out the upgrade schedule and upgrade devices in smaller batches.

User groups from FortiManager are not synchronized across all units except the MBD.

FortiGate encounters a CPU usage issue in the authd process after a firmware upgrade.

On the System > Certificates page, the Create Certificate pane does not function as expected after creating a new certificate.

When FortiGate returns an ICMP TTL-EXCEEDED message, the geneve option field header is missing.

Options set in ftgd-wf cannot be undone for a web filter configuration.

On the Policy & Objects > Traffic Shaping page, when deleting or creating a shaper, the counters for the other shapers are cleared.

When the FortiGate has thousands of addresses and hundreds address groups, the GUI can take a few minutes to search for a specific address inside the address group dialog.

Workaround: User can create the address group in the CLI instead by using the exact address name. User can also perform a search in the CLI using a partial match. For example:

config firewall addrgrp
    edit address_group
        set member <pattern>?
    next
end

After a failover, ARP entries are removed from all slots when an ARP query of single slot does not respond.

On FortiGate 7000F using FGSP and FGCP, when TCP traffic takes an asymmetric path, the TCP ACK and data packets might be dropped in NP7.

On FortiGate 6000 FPCs and FortiGate 7000 FPMs the node process may consume large amounts of CPU resources, possibly affecting FPC or FPM performance. (You can run the diagnose sys top command from an FPC or FPM CLI to view CPU usage.) This problem may be caused by security rating result submission.

Workaround: Use the following commands to disable automatic security rating results submission and to disable running scheduled security ratings checks:

config system global
    set security-rating-result-submission disable
    set security-rating-run-on-schedule disable
end

Once you have entered these commands, use the following command to restart the node process:

diagnose nodejs process restart

After an HA failover, there is no IPsec route in the kernel.

On the Dashboard > FortiView Sessions page, closing a large number of FortiView sessions (+100) can take longer than expected and result in a CPU usage issue.

When viewing entries in slide-out window of the Policy & Objects > Internet Service Database page, users cannot scroll down to the end if there are over 100,000 entries.

On the NP7 platform, setting the interface configuration using set inbandwidth <x> or set outbandwidth <x> commands stops traffic flow.

Workaround: unset the inbandwidth and outbandwidth in the CLI:

config system interface
    edit <port>
        unset inbandwidth
        unset outbandwidth
    next
end

When configuring an SNMP trusted host that matches the management Admin trusted host subnet, the GUI may give an incorrect warning that the current SNMP trusted host does not match. This is purely a GUI display issue and does not impact the actual SNMP traffic.

Workaround: If the trusted host is enabled on all administrative access, make sure the SNMP host IP is included in at least one of these trusted IP/subnets.

After shutting down FortiGate, the system automatically boots up again.

On FortiGate, interfaces with DAC cables remain down after upgrading to version 7.4.4.

The OCI SDN connector cannot call the API to the Oracle service when an IAM role is enabled.