Fortinet udostępnił najnowszą wersję oprogramowania FortiOS 6..2.6! W tej aktualizacji producent naprawił dotychczasowe błędy, między innymi HA powinno już działać stabilnie i nie generować błędów, test łączności dla serwera RADIUS używającego uwierzytelniania CHAP nie zwraca już błędów. Naprawiono problem FortiGate który nie wysyłał adresu IP użytkownika do serwera TACACS podczas uwierzytelniania oraz problem FortiClient, który losowo nie mógł połączyć się przez tunel SSL VPN i przy użyciu tokena uwierzytelniania zawieszał się na 98%. Po więcej informacji zapraszamy do dalszej części artykułu.
Aktualnie wspierane modele:
| FortiGate | FG-30E, FG-30E_3G4G_INTL, FG-30E_3G4G_NAM, FG-30E-MG, FG-40F, FG-40F-3G4G, FG-50E, FG‑51E, FG-52E, FG-60E, FG-60E-DSL, FG-60E-DSLJ, FG-60E-POE, FG-60F, FG-61E, FG-61F, FG-80E, FG-80E-POE, FG-81E, FG-81E-POE, FG-90E, FG-92D, FG-100D, FG-100E, FG-100EF, FG-101E, FG-140D, FG-140D-POE, FG-140E, FG-140E-POE, FG-200E, FG-201E, FG‑300D, FG-300E, FG-301E, FG‑400D, FG‑400E, FG‑401E, FG‑500D, FG‑500E, FG-501E, FG-600D, FG-600E, FG-601E, FG-800D, FG‑900D, FG-1000D, FG-1100E, FG-1101E, FG‑1200D, FG-1500D, FG-1500DT, FG-2000E, FG-2200E, FG-2201E, FG-2500E, FG-3000D, FG-3100D, FG‑3200D, FG-3300E, FG-3301E, FG-3400E, FG-3401E, FG-3600E, FG-3601E, FG-3700D, FG-3800D, FG‑3810D, FG-3815D, FG-5001D, FG-3960E, FG‑3980E, FG-5001E, FG‑5001E1 |
| FortiWiFi | FWF-30E, FWF-30E_3G4G_INTL, FWF-30E_3G4G_NAM, FWF-40F, FWF-40F-3G4G, FWF-50E, FWF-50E-2R, FWF‑51E, FWF-60E, FWF-60E-DSL, FWF-60E-DSLJ, FWF-60F, FWF-61E, FWF-61F |
| FortiGate Rugged | FGR-30D, FGR-35D, FGR-90D |
| FortiGate VM | FG-SVM, FG-VM64, FG-VM64-ALI, FG-VM64-ALIONDEMAND, FG-VM64-AWS, FG‑VM64‑AWSONDEMAND, FG-VM64-AZURE, FG-VM64-AZUREONDEMAND, FG‑VM64‑GCP, FG‑VM64-GCPONDEMAND, FG-VM64-HV, FG‑VM64-KVM, FG‑VM64‑OPC, FG‑VM64-RAXONDEMAND, FG-VMX, FG-VM64-XEN |
| Pay-as-you-go images | FOS-VM64, FOS-VM64-KVM, FOS-VM64-XEN |
Rozwiązane problemy:
Anti Virus
| Bug ID | Description |
|---|---|
| 560044 | Secondary device blades occasionally report critical log event Scanunit initiated a virus engine/definitions update. Affected models: FG-5K, 6K, and 7K series. |
Data Leak Prevention
| Bug ID | Description |
|---|---|
| 616918 | DLP cannot detect attached ZIP and PDF files when receiving emails via MAPI over HTTPS. |
DNS Filter
| Bug ID | Description |
|---|---|
| 649985 | FortiGuard SDNS server rating timeout. |
Endpoint Control
| Bug ID | Description |
|---|---|
| 637454 | Cloud-based EMS FSSO connector in FortiGate failed to connected with FortiClient EMS proxy in public cloud. |
Explicit Proxy
| Bug ID | Description |
|---|---|
| 599637 | Web proxy does not work properly to redirect Chrome browser to websites when disclaimer is enabled in proxy policy. |
| 617934 | FortiGate web proxy should support forward server on TLS 1.3 certificate inspection connection. |
| 630434 | WAD crashed at wad_ssl_port_p2s_supported_versions with signal 11. |
| 634515 | HTTP 1.1 host header is lost in FortiGuard web proxy requests. |
| 644121 | Explicit proxy error 504, DNS fails for a specific domain. |
Firewall
| Bug ID | Description |
|---|---|
| 586764 | Abnormal prolonged CPU spike with cmdbsvr and WAD processes when making change to large policy list (10 000+ policies). |
| 586995 | Cluster VDOM policy statistics data is not correct when VFID is different for same VDOM on primary/secondary. |
| 595949 | Any changes to the security policy table causes the hit count to reset. |
| 628841 | Internet service entry not detected due to some IP ranges being duplicated. |
| 633856 | Sessions are marked dirty when IPsec dialup client connects/disconnects and policy routes are used. |
| 644225 | Challenge ACK is being dropped. |
| 644638 | Policy with Tor-Exit.Node as source is not blocking traffic coming from Tor. |
| 644865 | Query string parameters omitted (HTTP redirect, SSL offloading). |
| 647410 | append command allows mixing VIP and firewall address as destination objects in a firewall policy. |
| 648951 | External threat feed entry 0.0.0.0/0 shows as invalid but it blocks traffic. |
| 653828 | When web filter and application control are configured, blocked sessions to play.google.com remain in the session table for 3600 seconds. |
| 660461 | Configuration changes take a long time, and ipsmonitor and cmdbsrv processes go up to 100% of CPU. |
FortiView
| Bug ID | Description |
|---|---|
| 643198 | Threats drilldown for Sources, Destinations, and Country/Region (1 hour, 24 hours, 7 days) gives the error, Failed to retrieve FortiView data. |
| 660753 | In FortiView Sources dashboard, after filtering by subnet, drilling down will always shows the first entry. |
GUI
| Bug ID | Description |
|---|---|
| 598222 | User must clear browser cache after upgrading to 6.4.x from 6.2.5 and earlier for best user experience with new firmware. |
| 612236 | RADIUS test in GUI does not use configured authentication method and test fails. |
| 638752 | FortiGates in an HA A-P configuration may lose GUI access to the HA secondary device after a period of 8 days of inactivity, when at least one static IPv6 address is configured on an interface. |
| 650307 | GUI does not show the configured external FortiGuard category in the SSL-SSH profile’s exempt list. |
| 651711 | Unable to select an address group when configuring Source IP Pools for an SSL VPN portal. |
| 653726 | The contents are empty in downloaded log files after searching for log results with a regular expression. |
| 660165 | SD-WAN rule creation in the GUI with the manual strategy does not set the member (interface). |
| 663351 | Connectivity test for RADIUS server using CHAP authentication always returns failure. |
| 666545 | After upgrading to 6.2.5, logs from FortiAnalyzer are not displayed in the GUI. |
HA
| Bug ID | Description |
|---|---|
| 615001 | LAG does not come up after link failed signal is triggered. |
| 626715 | Out-of-sync issue caused by firewall address group member is either duplicated or out of order. |
| 630070 | HA is failing over with crashes. |
| 634604 | SCTP sessions are not fully synchronized between primary and secondary devices in version 5.6.11 on FG-3240C. |
| 637711 | CSR on cluster primary is generating out-of-sync alerts on secondary and tertiary units. |
| 639307 | Both primary and secondary consoles keep printing get_ha_sync_obj_sig_4dir: stat /etc/cert/ca/5c44d531.0 error 2. |
| 640428 | SSL VPN related auth login user event logs do not require HA to be in sync. |
| 643958 | Inconsistent data from FFDB caused several confsyncd crashes. |
| 647679 | Inconsistent values for HA cluster inside the SNMP. |
| 648073 | HA cluster uses physical port MAC address at the time of HA failover. |
| 651674 | Long sessions lost on new primary after HA failover. |
| 654341 | The new join-in secondary chassis failed to sync, while primary chassis has 6K policies in one VDOM. |
Intrusion Prevention
| Bug ID | Description |
|---|---|
| 655371 | Logging is intermittent for FortiGate IDS passive in one-armed sniffer mode. |
IPsec VPN
| Bug ID | Description |
|---|---|
| 592361 | Cannot pass traffic over ADVPN if: tunnel-search is set to nexthop, net-device disable, mode-cfg enable, and add-route disable. |
| 611451 | ADVPN spoke one behind NAT shortcut cannot connect to another spoke that is not behind NAT. |
| 639806 | User name log empty when IPsec dialup IKEv2 has client RSA certificate with empty subject. |
| 646012 | IPsec over DHCP randomly does not work (net-device disable). |
| 647285 | After HA failover, not all tunnels come up; unknown SPI. |
| 655739 | local-gw is replaced with primary IP on a secondary device when the secondary IP is used as a local-gw. |
| 659535 | IPsec in SD-WAN and zone causes IKE crash. |
Log & Report
| Bug ID | Description |
|---|---|
| 555161 | Application miglogd crash due to all inodes being used up. |
| 583499 | Improve local log search logic from aggressive to passive mode to save resources and CPU. |
| 634947 | rlogd signal 11 crashes. |
| 641450 | The miglogd processes is bound to busy CPUs, even though there are other completely idle CPUs available. |
| 647741 | On FG-60F, logging and FortiCloud reporting incorrect IPv6 bandwidth usage for sessions with NPU offload. |
| 650325 | The miglogd process crashes with signal 11 (segmentation fault). |
Proxy
| Bug ID | Description |
|---|---|
| 550350 | Should not be able to set inspection-mode proxy with IPS-enabled only policy. |
| 578850 | Application WAD crash several times due to signal alarm. |
| 582475 | WAD is crashing with signal 6 in wad_fmem_free when processing SMB2/CIFS. |
| 608387 | WAD virtual server with HTTP multiplexing enabled causes crash after server is detached because the HTTP server object is detached from the HTTP session. |
| 617322 | DLP FTP proxy with splice option sends delete command to server before data transfer completes. |
| 619707 | WAD memory leak with explicit proxy and more than 30 users. |
| 621787 | Application WAD crash several times. |
| 629504 | SSH status in SSL profile changes to deep-inspection from disable after upgrading. |
| 638039 | Delete validation is not working for Protecting SSL Server profile. |
| 647923 | WAD has multiple signal 11 crashes at wad_ssl_cert_get_auth_status. |
| 648831 | WAD memory leak on FortiOS 6.2.4. |
| 653099 | URL filter wildcard in proxy mode. |
| 656830 | FortiGate should be in SSL bypass mode for TLS 1.2 certificate inspection with client certificate request. |
| 658654 | Cannot access the specific website using proxy-based UTM with certification inspection. |
| 666522 | Proxy mode is blocking web browsing for some websites. |
| 666686 | Websites loading slowly with web filter applied in proxy mode. |
Routing
| Bug ID | Description |
|---|---|
| 624621 | Log traffic to remote servers does not follow SD-WAN rules. |
| 627901 | set dscp-forward option is missing when using maximize bandwidth strategy in SD-WAN rule. |
| 632285 | Health check SLA status log shows configured bandwidth value instead of used bandwidth value. |
| 641022 | Multiple duplicate routes in kernel causing conserve mode. |
| 641050 | Need support for SSL VPN web mode traffic to follow SD-WAN rules/policy route. |
| 646418 | SD-WAN information available in session list is confusing. |
| 654482 | SD-WAN route tag is removed with multiple BGP paths in place. |
| 662845 | HA secondary also sends SD-WAN sla-fail-log-period to FortiAnalyzer. |
| 666829 | The bfdd process crashes. |
Security Fabric
| Bug ID | Description |
|---|---|
| 619696 | Automation stitch traffic is sent via mgmt with ha-direct to AWS Lambda after upgrading from 6.0.9 to 6.2.3. |
| 629723 | SDN dynamic address import is too slow, and HA sync may miss endpoints in high scale and stress conditions. |
SSL VPN
| Bug ID | Description |
|---|---|
| 548599 | SSL VPN crash on some special URLs. |
| 573853 | TX packet drops on SSL root interface. |
| 611498 | SMB/CIFS traffic via SSL VPN web mode not using correct SNAT IP (IP pool). |
| 620793 | A page inside a bookmark not opening in SSL VPN web mode. |
| 624288 | After SSL VPN proxy, one JS file of http://www.cm***-rm***.ca runs with an error. |
| 627456 | Traffic cannot pass when SAML user logs in to SSL VPN portal with group match. |
| 630432 | Slides on https://re***.nz website are displayed in SSL VPN web mode. |
| 631082 | FortiManager tabs/page do not load when accessed via SSL VPN web mode. |
| 634210 | SSL VPN daemon crash due to limit-user-login. |
| 635814 | FortiGate GUI cannot be rendered and displayed via SSL VPN portal. |
| 636332 | With SSL VPN proxy JIRA web application, get one wrong URL without proxy path. |
| 639431 | Three of the internal applications/portal bookmarks do not load/partially work with SSL VPN web mode. |
| 641379 | Internal SharePoint 2019 website cannot be accessed in SSL VPN web portal. |
| 643749 | SSL VPN crashes when accessing a realm with an incorrect user, or when the correct user enters the wrong password. |
| 644506 | Cannot authenticate to SSL VPN using 2FA if remote LDAP user and user within RADIUS group has same user name and password. |
| 645368 | FortiClient randomly fails to connect to SSL VPN tunnel mode stuck at 98% with two-factor authentication token. |
| 648192 | DTLS tunnel performance improvements by allowing multiple packets to be read from the kernel driver, and redistributing the UDP packets to several worker processes in the kernel. |
| 648433 | Internal website loading issue in SSL VPN web portal. |
| 649130 | SSL VPN log entries display users from other VDOMs. |
| 652880 | SSL VPN crashes around the same time that LDAP connection errors are logged. |
| 657689 | The system allows enabling split tunnel when the SSL VPN policy is configured with destination all. It is not consistent with 5.6.x and 6.0.x. |
| 662042 | The https://outlook.office365.com and https://login.microsoft.com websites cannot be accessed in the SSL VPN web portal. |
| 665879 | When SSL VPN processes the HTTP/HTTPS response with content disposition, it will change the response body since the content type is HTML. |
Switch Controller
| Bug ID | Description |
|---|---|
| 649913 | HA cluster not synchronizing when configuring an active LACP with MCLAG via FortiManager. |
| 652745 | Compatibility issues with FortiGate in 6.0 branch and FortiSwitch 424E-Fiber. |
System
| Bug ID | Description |
|---|---|
| 574716 | The ospfNbrState OID takes too long to update. |
| 582536 | Link monitor behavior is different between FGCP and SLBC clusters. |
| 583472 | When system is in an extremely high memory usage state (~90%), a power supply status Power supply 1 AC is lost might be mistakenly logged. |
| 585882 | Error in log, msg="Interface 12345678001-ext:64 not found in the list!", while creating a long name VDOM in FG-SVM. |
| 594264 | NP-offloaded active TCP/UDP sessions established over IPsec VPN tunnels will timeout at session TTL expiry. |
| 594931 | FG-60F/61F memory usage causes conserve mode by enabling/disabling UTM. |
| 597893 | FortiExtender interface admin status changes cannot be detected by FortiManager because the FortiGate checksum does not change. |
| 598464 | Rebooting FG-1500D in 5.6.x during upgrade causes an L2 loop on the heartbeat interface and VLAN is disabled on the switch side. |
| 598928 | FortiGate restarts FGFM tunnel every two minutes when FortiManager is defined as FQDN. |
| 602643 | Interface gets removed from SD-WAN after rebooting when the interface is defined in both SD-WAN and zone. |
| 605723 | FG-600E stops sending out packets on its SPF and copper port on NP6. |
| 606360 | HQIP loopback test failed with configured software switch. |
| 607754 | FortiGuard push update is not working properly from override (FortiManager) |
| 609112 | IPv6 push update fails. |
| 609783 | SNMP failed to retrieve HA cluster secondary information from secondary serial number in TP mode. |
| 619023 | Proxy ARP configuration not loaded after interface shut/not shut. |
| 627269 | Wildcard FQDN not resolved on the secondary unit. |
| 628642 | Issue when packets from same session are forwarded to each LACP member when NPx offload is enabled. |
| 630146 | FG-100F memory configuration check. |
| 630861 | Support FortiManager when private-data-encryption is enabled in FortiOS. |
| 631296 | Forward or local bi-directional traffic from NPU inter-VDOM links through separate VDOMs is subject to high latency. |
| 631689 | FG-100F cannot forward fragmented packets between hardware switch ports. |
| 633298 | 10G ports x1/x2 cannot be set as interfaces in firewall acl/acl6 policies. |
| 633827 | Errors during fuzzy tests on FG-1500D. |
| 634929 | NP6 SSE drops after a couple of hours in a stability test. |
| 636999 | LTE does not connect after upgrading from 6.2.3. |
| 637983 | FG-100F memory configuration check fails because of wrong threshold. |
| 641419 | FG-40F LAN interfaces are down after upgrading to 6.2.4 (build 5632). |
| 642327 | FortiGate unable to boot with kernel panic by cmdbsvr when VLAN is configured on redundant interface with non-NPU port. |
| 643188 | Interface forward-error-correction setting not honored after reboot. |
| 644380 | FG-40F/60F kernel panic: failure at mm/vmalloc.c:1341/__get_vm_area_node()!. |
| 644427 | Interface forward-error-correction setting not honored after reboot. Affected platforms: FG-1100E, FG-1101E, FG-2200E, FG-2201E, FG-3300E, FG-3301E, FG-3400E, and FG-3600E. |
| 645363 | SNMP monitoring does not provide the SD-WAN member interface name. |
| 645848 | FortiOS is providing self-signed CA certificate intermittently with flow-based SSL certificate inspection. |
| 647151 | Unable to configure aggregate interface type on FG-30E-3G4G. |
| 647593 | After reboot, forward-error-correction value is not maintained as it should be. |
| 647777 | FortiGate not responding to DHCP relay requests from clients behind a DHCP relay. |
| 654159 | NP6Xlite traffic not sent over the tunnel when NPU is enabled. |
| 658933 | Under some circumstances, it was possible for Update D to create zombie processes. |
| 661503 | Existing ffdb_map_res package was not automatically removed after upgrading on small storage FortiGates, even though their creation was removed in 6.2.4. |
| 662681 | Policy package push from FortiManager fails the first time, and succeeds the second time if it is blank or has no changes. |
| 662989 | FG-40F/41F aggregate interface gets removed after upgrading to 6.2.5 from 6.2.4 firmware version. |
| 665000 | HA LED off issue on FG-1100E/1101E models in 6.0.x. |
| 666030 | Empty firewall objects after pushing several policy deletes. |
| 670838 | It takes a long time to set the member of a firewall address group when the member size is large. In the GUI, cmdbsvr memory usage goes to 100%. In the CLI, newcli memory usage goes to 100%. |
Upgrade
| Bug ID | Description |
|---|---|
| 656869 | FG-100F/101F may continuously boot upon upgrading from FortiOS 6.4.0.
Workaround: back up the 6.4.0 configuration, perform a clean install via TFTP of FortiOS 6.4.2, and restore the 6.4.0 configuration. |
| 662452 | SSH status in ssl-ssh-profile changes to deep-inspection from disable after upgrade. |
User & Device
| Bug ID | Description |
|---|---|
| 546794 | De-authentication of RSSO user does not clear the login from the motherboard. |
| 580155 | fnbamd crash. |
| 591461 | FortiGate does not send user IP to TACACS server during authentication. |
| 620097 | Persistent sessions for de-authenticated users. |
| 659456 | REST API authentication fails for API user with PKI group enabled due to fnbamd crash. |
| 663399 | interface-select-method not working for RADIUS configuration. |
VM
| Bug ID | Description |
|---|---|
| 587180 | FG-VM64-KVM is unable to boot up properly when doing a hard reboot with the host. |
| 603100 | Autoscale not syncing certificate among the cluster members. |
| 606527 | GUI and CLI interface dropdown lists are inconsistent. |
| 634245 | Dynamic address objects are not resolved to all addresses using Azure SDN connector. |
| 652416 | AWS Fabric connector always uses root VDOM even though it is not a management VDOM. |
| 659333 | Slow route change for HA failover in GCP cloud. |
| 663276 | After cloning the OCI instance, the OCID does not refresh to the new OCID. |
| 668131 | EIP is not updating properly on FG-VM Azure. |
| 670166 | FG-VM64-KVM configuration revisions lost after upgrading from 6.2.5 to 6.4.2. |
Web Filter
| Bug ID | Description |
|---|---|
| 587018 | Add URL flow filter counters to SNMP. |
| 610553 | User browser gets URL block page instead of warning page when using HTTPS IP URL. |
| 620803 | Group name missing on web filter warning page in proxy-based inspection. |
| 629005 | foauthd has signal 11 crashes when FortiGate authenticates a web filter category. |
| 659372 | Inconsistent behavior between external list and FortiGuard categories/local override. |
WiFi Controller
| Bug ID | Description |
|---|---|
| 618456 | High cw_acd usage upon polling a large number of wireless clients with REST API. |
Znane problemy:
DNS Filter
| Bug ID | Description |
|---|---|
| 582374 | License shows expiry date of 0000-00-00. |
Explicit Proxy
| Bug ID | Description |
|---|---|
| 540091 | Cannot access explicit FTP proxy via VIP. |
FortiView
| Bug ID | Description |
|---|---|
| 635309 | FortiGate returns error 500 when trying to view Compromised Hosts, but FortiAnalyzer has a valid IoC license. |
GUI
| Bug ID | Description |
|---|---|
| 354464 | AntiVirus profile in GUI should not override quarantine archive value. |
| 514632 | Inconsistent Refcnt value in GUI when using ports in HA session-sync-dev. |
| 529094 | Anti-Spam Black White List Entry in GUI permits action Mark as Reject in GUI when it should not. |
| 535099 | GUI should add support for new MAC address filter in SSID dialog page. |
| 541042 | Log viewer forward traffic cannot support double negate filter (client side issue). |
| 567996 | Slow load times for the Managed FortiSwitch and FortiSwitch Ports pages when there is a large number of FortiSwitches. |
| 584915 | OK button missing on all pages (policy, interface, system settings) on Android mobile. |
| 584939 | VPN event logs shows incorrectly when adding two action filters and if the filter action filter contains „-„. |
| 623773 | Security Fabric page loads slowly after adding more devices to FortiTelemetry. |
| 635538 | In FortiGate SAML authentication with Azure AD, SP configuration is grayed-out in the GUI. |
| 650708 | When the client browser is in a different time zone from the FortiGate, the Guest Management page displays an incorrect expiry time for guest users. The CLI returns the correct expiry. |
| 656429 | Intermittent GUI process crash if a managed FortiSwitch returns a reset status. |
HA
| Bug ID | Description |
|---|---|
| 596551 | Syncing problem after restoring one VDOM configuration. |
| 609631 | Simultaneous reboot of both nodes in HA when gtp-enhance-mode is enabled or disabled. |
| 657376 | VLAN interfaces are created on a different virtual cluster primary instead of the root primary do not sync. |
Intrusion Prevention
| Bug ID | Description |
|---|---|
| 565747 | IPS engine 5.00027 has signal 11 crash. |
| 586544 | IPS intelligent mode not working when reflect sessions are created on different physical interfaces. |
| 587668 | IPS engine 5.00035 has signal 11 crash. |
| 590087 | When IPS pcap is enabled, traffic is intermittently disrupted after disk I/O reaches IOPS limit. |
IPsec VPN
| Bug ID | Description |
|---|---|
| 610203 | Packet loss on IPsec tunnel. |
| 620654 | Spoke dialup IPsec VPN does not initiate connection to hub after FG-VM HA failover. |
| 631804 | OCVPN errors showing in logs when OCVPN is disabled. |
| 644780 | Rectify the consequences if password renewal on FortiClient is canceled. |
| 645196 | IPsec routes are restored automatically to the routing table for tunnels that are not connected. |
| 655895 | Unable to route traffic to a spoke VPN site from the hub FortiGate when the dialup IPsec VPN interface is dual stacked (IPv4/IPv6). |
Log & Report
| Bug ID | Description |
|---|---|
| 606533 | User observes FGT internal error while trying to log in from the web UI. |
| 651581 | FortiGate tried to connect to FortiGate Cloud with the primary IP after reboot, although the secondary IP is the source in the FortiGuard log. |
Proxy
| Bug ID | Description |
|---|---|
| 663088 | Application control in Azure fails to detect and block SSH traffic with proxy inspection. |
REST API
| Bug ID | Description |
|---|---|
| 584631 | REST API admin with token unable to configure HA setting (via login session works). |
Routing
| Bug ID | Description |
|---|---|
| 537354 | BFD/BGP dropping when outbandwidth is set on interface. |
| 641928 | Wrong behavior with SD-WAN routing on FG-60F. |
| 654032 | SD-WAN IPv6 route tag command is not available in the SD-WAN services. |
| 661769 | SD-WAN rule disappears when an SD-WAN member experiences a problem. |
Security Fabric
| Bug ID | Description |
|---|---|
| 585354 | After enabling FortiTelemetry, Security Fabric and Dashboard GUI pages cannot be displayed. |
SSL VPN
| Bug ID | Description |
|---|---|
| 505986 | On IE 11, SSL VPN web portal displays blank page title {{::data.portal.heading}} after authentication. |
| 594416 | Accessing FortiGate GUI through SSL VPN web mode causes Network > Interfaces page to return an error. |
| 666194 | WALLIX Manager GUI interface is not loading through SSL VPN web mode. |
Switch Controller
| Bug ID | Description |
|---|---|
| 588584 | GUI should add support to allow using switch VLAN interface under a tenant VDOM on a managed switch VDOM. |
| 605864 | If the firewall is downgraded from 6.2.3 to 6.2.2, the FortiLink interface looses its CAPWAP setting. |
System
| Bug ID | Description |
|---|---|
| 464340 | EHP drops for units with no NP service module. |
| 578031 | FortiManager Cloud cannot be removed once the FortiGate has trouble on contract. |
| 600032 | SNMP does not provide routing table for non-management VDOM. |
| 607565 | Interface emac-vlan feature does not work on SoC4 platform. |
| 637014 | Uncertified status of firmware after GUI upgrade, checksums are null. |
| 657629 | FG-101F cannot retrieve power fan status and BGP status via SNMP. |
| 663083 | Offloaded traffic from IPsec crossing the NPU VDOM link is dropped. |
Upgrade
| Bug ID | Description |
|---|---|
| 658664 | FortiExtender status becomes discovered after upgrading from 6.0.10 (build 0365).
Workaround: change the config extender-controller extender
edit <id>
set admin enable
next
end
|
VM
| Bug ID | Description |
|---|---|
| 587757 | FG-VM image unable to be deployed on AWS with additional HDD (st1) disk type. |
| 596742 | Azure SDN connector replicates configuration from primary device to secondary device during configuration restore. |
| 605511 | FG-VM-GCP reboots a couple of times due to kernel panic. |
| 608881 | IPsec VPN tunnel not staying up after failing over with AWS A-P cross-AZ setup. |
| 640436 | FortiGate AWS bootstrapped from configuration does not read SAML settings. |
WiFi Controller
| Bug ID | Description |
|---|---|
| 638318 | FG-51E cannot authorize the FAP-C24JE. |
Notatki producenta FortiOS 6.2.6-KLIK
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
