Fortinet publikuje aktualizację systemu operacyjnego dedykowanego dla FortiGate oznaczoną numerem wersji 6.2.5. Producent między innymi wyeliminował problem który skutkował przechodzeniem urządzenia w conserve mode(zdarzało się to przy dużych plikach podczas skanowania AV). Od tej wersji oprogramowania strona „FortiSwitch Port” powinna ładować się szybciej, nawet przy dużych topologiach! Rozwiązano również problem dotyczący synchronizacji urządzeń(FG-100D) w klastrze HA A-P. Istotne jest również wyeliminowanie błędów które powodowały wycieki pamięci oraz niespodziewane zatrzymanie procesów systemowych. FortiOS 6.2.5 to również wsparcie dla FAP-231F.
Gorąco zachęcamy do aktualizacji jeśli korzystasz z poprzednich wersji rodziny 6.2! Więcej informacji w artykule!
Nowości w 6.2.5:
| Bug ID | Description |
|---|---|
| 480717 | Add config system dedicated-mgmt to all FortiGate models with mgmt, mgmt1, and mgmt2 ports. |
| 640320 | Add FortiAP platform support for FAP-231F. |
| 641990 | Make the diagnose wad session list command available to models without WAN optimization support. |
Rozwiązane problemy:
Anti Spam
| Bug ID | Description |
|---|---|
| 497024 | Flow mode banned word spam filter log is missing the banned word. |
Anti Virus
| Bug ID | Description |
|---|---|
| 582368 | URL threat detection version shows a large negative number after FortiGate reboots. |
| 615805 | Device goes into conserve mode due to large files. |
Application Control
| Bug ID | Description |
|---|---|
| 630075 | After upgrading, FortiGate faced an internet access issue when IPS and AC profiles are enabled and the outgoing interface is an npu_vlink. |
Data Leak Prevention
| Bug ID | Description |
|---|---|
| 582480 | scanunit crashes with signal 11 in dlpscan_mailheader when AV scans files via IMAP. |
Endpoint Control
| Bug ID | Description |
|---|---|
| 608301 | EMS serial number format should be flexible. |
Explicit Proxy
| Bug ID | Description |
|---|---|
| 591012 | WAD crashed at wad_disclaimer_get with signal 11 when disclaimer is enabled in proxy policy and the browser is Chrome. |
| 610298 | Compare and sync the VSD change in V5.6 to WAD VS. |
| 650540 | FortiGate sends traffic to an incorrect port using a wrong source NAT IP address. |
Firewall
| Bug ID | Description |
|---|---|
| 596633 | In NGFW mode, IPS engine drops RPC data channel when IPS profile is applied to a security policy. |
| 603263 | Increase the maximum limit for the optional parameters in SCTP INIT packet. After the fix, the maximum limit is 10 instead of 4 parameters. |
| 606962 | Timeout value is not reflected correctly to a new session when changing timeout value for system session-ttl on FortiGate-HV. |
| 610557 | FortiGate VIP object offers weak elliptic curves since VS implementation in WAD for FortiOS 6.0 and above. |
| 615073 | FTP session helper does not work when there is reflected (auxiliary) session. |
| 622045 | Traffic not matched by security policy when using service groups in NGFW policy mode. |
FortiView
| Bug ID | Description |
|---|---|
| 573138 | When the data source is FortiGate Cloud, there is no paging to load sessions; only entries 1-499 are rendered. |
GUI
| Bug ID | Description |
|---|---|
| 401862 | Monitor page display incorrect virtual server entries for IPv6, VIP46, and VIP64; right-clicking gives an error. |
| 493819 | Reorder function on Authentication Rules page does not work. |
| 513694 | User cannot log in to GUI when password change is required and has pre-login or post-login banner enabled or FIPS mode. |
| 564849 | HA warning message remains after primary device takes back control. |
| 592854 | When editing a firewall address or address group created in the VPN wizard, invalid characters in the comments block submitting the change. |
| 594534 | GUI shows Invalid LDAP server error while LDAP query successfully finished. |
| 594702 | When sorting the interface list by the Name column, the ports are not always in the correct order (port10 appears before port2). |
| 601568 | Interface status is not displayed on faceplate when viewing from the System > HA page. |
| 602397 | FortiSwitch port page is noticeably slow for large topology. |
| 604682 | GUI takes two minutes to load VPN > IPsec Tunnels for 1483 tunnels. |
| 605496 | Configured overlapped subnet on GUI still shows error message after enabling subnet overlap. |
| 614056 | Disabling the Idle Logout toggle on the SSL-VPN Settings page does not change the idle timeout setting, so the change does not persist after clicking Apply. |
| 615267 | In Firefox, SAML SSO admin cannot create additional SSO admins or normal admins via the GUI. |
| 616878 | DHCP relay IP address not showing on Network > Interfaces page for VLAN interface. |
| 620854 | GUI should not add speed to virtual switch member port (FG-101F). |
| 623109 | IPS Filter Details column is empty when All is used. |
| 624551 | On POE devices, several sections of the GUI take over 15 seconds to fully load. |
| 628373 | Software switch members and their VLANs are not visible in the GUI interfaces list. |
| 633937 | GUI is not displaying DHCP configuration if the interface name includes the \ character. |
| 638277 | Firewall address group object (including interface subnet) is invisible in Accessible Networks. |
| 639756 | Monitor > SD-WAN Monitor keeps loading after disabling VPN member. |
| 642402 | LCP-1250RJ3SR-K transceiver shows a warning in the GUI even though it is certified. |
| 644999 | Fortinet-sold active direct attached cable (SP-CABLE-ADASFP+) is showing as not certified by Fortinet. |
| 646327 | GUI does not show URL filter when there is a large number of URL filters. |
| 650800 | Error when deleting multiple phase 2 selectors for VPN from the GUI. |
HA
| Bug ID | Description |
|---|---|
| 621583 | HA cannot display status in GUI when heartbeat cables reconnect. |
| 623642 | It takes up to 10 seconds to get NPU VDOM link up when rebooting primary unit. |
| 627610 | When HA primary device is down, a time synchronization with NTP servers will be disabled after failback. |
| 631342 | FG-100D HA A-P mode not syncing. |
| 637843 | HA secondary device is reporting multiple events (DDNS update failed). |
| 638287 | private-data-encryption causes cluster to be periodically out of sync due to customer certificates. |
| 645293 | traceroute not working in asymmetric FGSP environment. |
| 656099 | mgmt interfaces are excluded for heartbeat interfaces (even if dedicate-mgmt is not enabled). |
Intrusion Prevention
| Bug ID | Description |
|---|---|
| 587363 | IPS engine and IPS helper crash with signal 6 (aborted). |
| 595062 | SSL offloading randomly does not work when UTM (AV/IPS) is enabled on firewall policy. |
| 631381 | RDP NLA authentication blocked by FortiGate when enabling IPS profile in the security group (central NAT). |
IPsec VPN
| Bug ID | Description |
|---|---|
| 584982 | The customer is unable to log in to VPN with RADIUS intermittently. |
| 606129 | iked crash when proposal is AES-GCM. |
| 607134 | Upon reboot, failover or re-negotiation occurs with an active FEC enabled and tunnel traffic can no longer pass. |
| 610390 | IKEv2 EAP certificate authentication failings after upgrading from to 6.2.1 to 6.2.3. |
| 610558 | ADVPN cannot establish after primary ISP has recovered from failure and traffic between spokes is dropped. |
| 631968 | IKE daemon signal 6 crash when phase1 add-gw-route is enabled. |
| 634883 | IKE crashes at ike_hasync__xauth. |
| 635325 | Static route for site-to site VPN remains active even when the tunnel is down. |
Log & Report
| Bug ID | Description |
|---|---|
| 605405 | IPS logs are recorded twice with TCP offloading on virtual server. |
| 608565 | FortiGate sends incorrect long session logs to FortiGate Cloud. |
| 612779 | Reliable syslogd session goes into bad state due to traffic shaper. |
| 616835 | Logs from HA secondary unit cannot be uploaded to FortiCloud. |
| 628358 | Logs are not generated in GUI and CLI after checking the file system (after power cable disconnected). |
| 635013 | FortiOS gives wrong time stamp when querying FortiGate Cloud log view. |
| 643840 | vwlservice should log the SD-WAN rule and not an internet service; impacts FortiAnalyzer SD-WAN monitor widgets and reports. |
Proxy
| Bug ID | Description |
|---|---|
| 568905 | WAD crashes due to RCX value being null. |
| 586909 | When CIFS profile is loaded, using MacOS to access Windows Share causes WAD to crash. |
| 612333 | In FortiGate with squid configuration (proxy chain), get ERR_SSL_PROTOCOL_ERROR when using Google Chrome with certificate/deep inspection. |
| 615791 | Abbreviated handshake randomly receives fatal illegal_parameter against zendesk.com services/sites. |
| 617099 | WAD crashes every few minutes. |
| 623108 | FTP-TP reaches high memory usage and triggers conserve mode. |
| 631723 | AV in proxy inspection mode blocks Cisco Webex traffic. |
| 632085 | When CIFS profile is loaded, using MacOS (Mojave 10.14) to access Windows 2016 SMB Share causes WAD to crash. |
| 637389 | The WAD process is crashing multiple times. |
| 640427 | Web proxy WAD crash under WAN Opt auto-active mode. |
Routing
| Bug ID | Description |
|---|---|
| 602679 | Prevent BGP daemon crashing when peer breaks TCP connection. |
| 602826 | BGP route is not added into kernel during ADVPN test. |
| 608106 | BGP daemon crashes when TCP connection is broken by peer. |
| 611539 | Editing/adding any address object that is referenced in policy is generating false positive SD-WAN alert messages. |
| 613716 | SSL VPN sends packet using wrong interface causing disconnections. |
| 619343 | Cannot ping old VRIPs when adding new VRIPs. |
| 625345 | The single BGP update message contains the same prefix in withdrawn routes and NLRI (advertised route). |
| 627951 | NTP and FSSO not following SD-WAN rules |
| 628896 | DHCP relay to follow SD-WAN rules. |
| 629521 | SD-WAN IPv6 default route cannot be redistributed into BGP using set default-originateroutemap6. |
| 635716 | FortiGuard web filter traffic also needs to follow SD-WAN service. |
Security Fabric
| Bug ID | Description |
|---|---|
| 597139 | Crash happens due to segfault in CSF. |
| 609182 | Security Fabric Settings page sometimes cannot load FortiSandbox URL threat detection version despite FortiSandbox being connected. |
| 614691 | csfd uses too much CPU in a large topology. |
SSL VPN
| Bug ID | Description |
|---|---|
| 595505 | FortiGate does not send client IP address as a framed IP address to RADIUS server in RADIUS accounting request message. |
| 600029 | Sending RADIUS accounting interim update messages with SSL VPN client framed IP are delayed. |
| 604772 | SSL VPN tunnel is unexpectedly down sometimes when certificate bundle is updated. |
| 606271 | Double redirection through SSL web mode not working. |
| 607687 | RDP connection via SSL VPN web portal does not work with UserPrincipalName (UPN) and NLA security. |
| 608464 | Get 305 error when browsing website through SSL VPN web mode bookmark and sslvpnd crashes. |
| 610579 | Videos from live cameras via SSL VPN web mode not working. |
| 617170 | https://outlook.office365.com cannot be accessed in SSL VPN web portal. |
| 620508 | CLI command get vpn ssl monitor displays users from other VDOM. |
| 622068 | Adding FQDN routing address in split tunnel configuration injects single route in client for multiple A records. |
| 622110 | SSL VPN disconnected when importing or renaming CA certificates. |
| 622871 | SSL VPN web mode not displaying full customer webpage after logging in. |
| 623076 | Add memory protection for web mode SSL VPN child process (guacd). |
| 623231 | Pages could not be shown after logging in to back-end application server. |
| 623379 | Memory corrupt in some DNS callback cases causes SSL VPN crash. |
| 624145 | An internal website via SSL VPN web portal failed to load an external resource. |
| 624899 | Log entry for tunnel stats shows wrong tunnel ID when using RDP bookmark. |
| 625301 | Riverbed SteelCentral AppResponse login form is not displaying in SSL VPN web mode. |
| 628821 | Internal aixws7test2 portal is not loading in SSL VPN web mode. |
| 629190 | After SSL VPN proxy, some JS files of hapi website could not work. |
| 629373 | SAML login button is lost on SSL VPN portal. |
| 631130 | Internal site http://va***.com not completely loading through SSL VPN web mode bookmark. |
| 633812 | For guacd daemon generated for RDP session, it would sometimes be in an unknown state with 100% CPU and could not be released. |
| 634991 | Internal server error 500 while accessing contolavdip portal in SSL VPN web mode. |
| 635307 | Map could not be displayed correctly in SSL VPN web mode. |
| 636984 | Website (pr***.com) not loading properly in SSL VPN web mode. |
| 637018 | After the upgrade to 6.2.4/6.4.0 SSL VPN portal mapping/remote authentication is matching user into the incorrect group. |
| 638733 | Internal website hosted in bookmark https://in***.cat is not loading completely in SSL VPN web mode. |
| 648369 | Some JS files of jira.***.vwg could not run in SSL VPN web mode. |
| 649130 | SSL VPN log entries display users from other VDOMs. |
| 654534 | SAML authentications occurring through SSL VPN web mode are not completing. |
System
| Bug ID | Description |
|---|---|
| 503125 | FG-100D traffic traversing port1-port16 only saturates CPU0. |
| 567019 | CP9 VPN queue tasklet unable to handle kernel NULL pointer dereference at 0000000000000120 and device reboots. |
| 576323 | SFP+ 1G speed should be supported on FG-1100E, FG-1800F, FG-2200E, and FG-3300E series. |
| 581496 | FG-201E stops sending out packets and NP6lite is stuck. |
| 594871 | Potential memory leak triggered by FTP command in WAD. |
| 604613 | sentbyte of NTP on local traffic log shows as 0 bytes, even though NTP client receives the packet. |
| 607357 | High CPU usage issue caused by high depth expectation sessions in the same hash table slot. |
| 607836 | Failed to set ping-option source to Auto. |
| 608442 | After a reboot of the PPPoE server, the FortiGate (PPPoE clients, 35 clients) keeps flapping (connection down and up) for a long time before connecting successfully. |
| 609660 | NPU offloading enabled dropping traffic from IPsec VPN tunnel remote gateway. |
| 611512 | When a LAG is created between 10 GE SFP+ slots and 25 GE SFP28/10 GE SFP+ slots, only about 50% of the sessions can be created. Affected models: FG-110xE, FG-220xE, and FG-330xE. |
| 612302 | FortiOS is not sending out IPv6 router advertisements from the link-local addresses added on the fly. |
| 612351 | Many no session matched logs while managing FortiGate. |
| 613017 | ip6-extra-addr does not perform router advertisement after reboot in HA. |
| 613136 | Uninitialized variable that may potentially cause httpsd signal 6 and 11 crash issue. |
| 615435 | Crashes might happen due to CMDB query allocation fail that causes a segfault. |
| 616022 | Long delay and cmdbsvr at 100% CPU consumption when modifying address objects and address groups via GUI or REST API. |
| 617134 | Traffic not showing statistics for VLAN interfaces base on hardware switch. |
| 617154 | Fortinet_CA is missing in FG-3400E. |
| 617409 | The FG-800D HA LED is off when HA status is normal. |
| 618762 | Fail to detect transceiver on all SFP28/QSFP ports. Affected platforms: FG-3300E and FG-3301E. |
| 620827 | Over a period of time, FG-60E goes into memory conserve mode caused by resource leak of sepmd daemon. |
| 623501 | FG-80D may fail to boot due to a limitation in the size of the bootloader and kernel. |
| 626371 | Request to blocked signature with SSL mirrored traffic capture causes FG-500E to reboot. |
| 632353 | Virtual WAN link stops responding after 45 members. |
| 632635 | Frame size option in sniffer does not work. |
| 632788 | DSL module of FortiWiFi 60E-DSL shows as not ready after upgrade. |
| 633102 | DHCPv6 client’s DUID generated on two different FortiGates match. |
| 636069 | Unable to handle kernel NULL pointer dereference at 000000000000008f. |
| 637420 | execute shutdown reboots instead of shutting down on SoC4 platforms. |
| 638041 | SFP28 port group (ha1, ha2, port1 and port2) missing 1000full speed option. Affected platforms: FG-220xE, FG-330xE, FG-340xE, and FG-360xE. |
| 641419 | FG-40F LAN interfaces are down after upgrading to 6.2.4 (build 5632). |
| 643188 | Interface forward-error-correction setting not honored after reboot. |
| 647593 | After reboot, forward-error-correction value is not maintained as it should be. |
| 647718 | VDOM with long name cannot be deleted. |
Upgrade
| Bug ID | Description |
|---|---|
| 615972 | After upgrading from 6.2.2 to 6.2.3, the description field in the table has disappeared under DHCP reservation. |
| 635589 | Upon upgrading to FortiOS 6.2.4, DoS policies configured on interfaces may drop traffic that is passing through the DoS policy configuration. Note that this can occur if the DoS policy is configured in drop or monitor mode.
Workaround: disable the DoS policy. |
User & Device
| Bug ID | Description |
|---|---|
| 591170 | Sessions are removed from the session table when FSSO group order is changed. |
| 604844 | auth-concurrent setting in user group is not working as expected. |
| 605838 | Device identification scanner crashes on receipt of SSDP search. |
| 620941 | Two-factor authentication using FortiClient SSL VPN and FortiToken Cloud is not working due to push notification delay. |
| 626532 | fnbamd is not sending Calling-Station-Id in Access-Request for L2TP/IPsec since 5.4.0. |
| 627144 | Remote admin LDAP user login has authentication failure when the same LDAP user has local two-factor authentication. |
| 629487 | Older FortiGate models do not have CA2 and will cause EMS server authentication to fail. |
| 637577 | Inconsistent fnbamd LDAP group match result. |
| 638593 | Certificate verification fails if any CA in a peer-provided certificate chain expires, but its cross-signed certificate is still valid in the system trust store. |
VM
| Bug ID | Description |
|---|---|
| 613730 | Unable to update routing table for a resource group in a different subscription with FortiGate Azure SDN. |
| 614038 | vMotion causing sessions to be disconnected as it consider sessions stateless. |
| 623376 | Cross-zone HA breaks after upgrading to 6.4.0 because upgrade process does not add relevant items under vdom-exception. |
| 624657 | Azure changes FPGA for Accelerated Networking live and VM loses SR-IOV interfaces. |
| 626705 | By assigning port1 as the HA management port, the HA secondary unit node is now able to send system information to the Azure portal through waagent so that up-to-date information is displayed on the Azure dashboard.
If port1 is not used as the HA management port, the Azure display and Azure Security Center alerts will not reflect the correct state of the node, which may result in unnecessary alarms. |
| 634499 | AWS FortiGate NIC gets swapped between port2 and port3 after FortiGate reboots. |
| 641038 | SSL VPN performance problem on OCI. |
VoIP
| Bug ID | Description |
|---|---|
| 620742 | RAS helper does not NAT the port 1720 in the callSignalAddress field of the RegistrationRequest packet sent from the endpoint. |
| 630024 | voipd crashes repeatedly. |
Web Filter
| Bug ID | Description |
|---|---|
| 618153 | FSSO users cannot proceed on web filter warning page in flow-based inspection. |
| 636754 | If the last line in a threat feed does not end with „\n”, it is not parsed and is not displayed in the GUI. |
| 657466 | local urlfilter configuration in a flow mode web filter does not work when the matched FortiGuard category is also enabled in the web filter profile. |
WiFi Controller
| Bug ID | Description |
|---|---|
| 625326 | FortiAP not coming online on FG-PPPoE interface. |
| 641811 | In FG-100F/101F with PPPoE interface, the FortiGate could not manage FortiAP. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
| 606237 | FortiOS 6.2.5 is no longer vulnerable to the following CVE Reference:
|
Znane problemy do rozwiązania:
DNS Filter
| Bug ID | Description |
|---|---|
| 582374 | License shows expiry date of 0000-00-00. |
Endpoint Control
| Bug ID | Description |
|---|---|
| 637454 | Cloud-based EMS FSSO connector in FortiGate failed to connected with FortiClient EMS proxy in public cloud. |
Explicit Proxy
| Bug ID | Description |
|---|---|
| 540091 | Cannot access explicit FTP proxy via VIP. |
File Filter
| Bug ID | Description |
|---|---|
| 627795 | In flow mode, file filter log can show the file type, but when in proxy inspection mode, it only shows unknown file type. |
FortiView
| Bug ID | Description |
|---|---|
| 645839 | FortiView GUI not loading the Sources and Destinations pages (with IPs and now filters). |
GUI
| Bug ID | Description |
|---|---|
| 354464 | AntiVirus profile in GUI should not override quarantine archive value. |
| 514632 | Inconsistent Refcnt value in GUI when using ports in HA session-sync-dev. |
| 517744 | Widget for CPU memory and sessions does not show real time diagram in 12-hours and 24-hours mode. |
| 529094 | Anti-Spam Black White List Entry in GUI permits action Mark as Reject in GUI when it should not. |
| 535099 | GUI should add support for new MAC address filter in SSID dialog page. |
| 541042 | Log viewer forward traffic cannot support double negate filter (client side issue). |
| 567996 | GUI issues with physical topology on Managed FortiSwitch and FortiSwitch Ports pages. |
| 584915 | OK button missing on all pages (policy, interface, system settings) on Android mobile. |
| 584939 | VPN event logs shows incorrectly when adding two action filters and if the filter action filter contains „-„. |
| 623773 | Security Fabric page loads slowly after adding more devices to FortiTelemetry. |
| 635538 | In FortiGate SAML authentication with Azure AD, SP configuration is grayed-out in the GUI. |
HA
| Bug ID | Description |
|---|---|
| 596551 | Syncing problem after restoring one VDOM configuration. |
| 609631 | Simultaneous reboot of both nodes in HA when gtp-enhance-mode enabled or disabled. |
| 634604 | SCTP sessions are not fully synchronized between primary and secondary devices in version 5.6.11 on FG-3240C. |
| 640428 | SSL VPN related auth login user event logs do not require HA to be in sync. |
| 643958 | Inconsistent data from FFDB caused several confsyncd crashes. |
| 648073 | HA cluster uses physical port MAC address at the time of HA failover. |
Intrusion Prevention
| Bug ID | Description |
|---|---|
| 565747 | IPS engine 5.00027 has signal 11 crash. |
| 586544 | IPS intelligent mode not working when reflect sessions are created on different physical interfaces. |
| 587668 | IPS engine 5.00035 has signal 11 crash. |
| 590087 | When IPS pcap is enabled, traffic is intermittently disrupted after disk I/O reaches IOPS limit. |
IPsec VPN
| Bug ID | Description |
|---|---|
| 592361 | Cannot pass traffic over ADVPN if: tunnel-search is set to nexthop, net-device disable, mode-cfg enable, and add-route disable. |
| 631804 | OCVPN errors showing in logs when OCVPN is disabled. |
| 644780 | Rectify the consequences if password renewal on FortiClient is canceled. |
Log & Report
| Bug ID | Description |
|---|---|
| 606533 | User observes FGT internal error while trying to log in from the web UI. |
| 634947 | rlogd signal 11 crashes. |
Proxy
| Bug ID | Description |
|---|---|
| 582475 | WAD is crashing with signal 6 in wad_fmem_free when processing SMB2/CIFS. |
| 588661 | Customer had issue accessing the HTTPS website after enabling the proxy web filter. |
| 648831 | WAD memory leak on FortiOS 6.2.4. |
REST API
| Bug ID | Description |
|---|---|
| 584631 | REST API admin with token unable to configure HA setting (via login session works). |
Routing
| Bug ID | Description |
|---|---|
| 537354 | BFD/BGP dropping when outbandwidth is set on interface. |
| 624621 | Log traffic to remote servers does not follow SD-WAN rules. |
| 627901 | set dscp-forward option is missing when using maximize bandwidth strategy in SD-WAN rule. |
| 641050 | Need support for SSL VPN web mode traffic to follow SD-WAN rules/policy route. |
| 641928 | Wrong behavior with SD-WAN routing on FG-60F. |
Security Fabric
| Bug ID | Description |
|---|---|
| 585354 | After enabling FortiTelemetry, Security Fabric and Dashboard GUI pages cannot be displayed. |
SSL VPN
| Bug ID | Description |
|---|---|
| 505986 | On IE 11, SSL VPN web portal displays blank page title {{::data.portal.heading}} after authentication. |
| 594416 | Accessing FortiGate GUI through SSL VPN web mode causes Network > Interfaces page to return an error. |
| 627456 | Traffic cannot pass when SAML user logs in to SSL VPN portal with group match. |
| 631082 | FortiManager tabs/page do not load when accessed via SSL VPN web mode. |
| 635814 | FortiGate GUI cannot be rendered and displayed via SSL VPN portal. |
| 636332 | With SSL VPN proxy JIRA web application, get one wrong URL without proxy path. |
Switch Controller
| Bug ID | Description |
|---|---|
| 588584 | GUI should add support to allow using switch VLAN interface under a tenant VDOM on a managed switch VDOM. |
| 605864 | If the firewall is downgraded from 6.2.3 to 6.2.2, the FortiLink interface looses its CAPWAP setting. |
System
| Bug ID | Description |
|---|---|
| 464340 | EHP drops for units with no NP service module. |
| 578031 | FortiManager Cloud cannot be removed once the FortiGate has trouble on contract. |
| 594264 | NP-offloaded active TCP/UDP sessions established over IPsec VPN tunnels will timeout at session TTL expiry. |
| 598464 | Rebooting FG-1500D in 5.6.x during upgrade causes an L2 loop on the heartbeat interface and VLAN is disabled on the switch side. |
| 600032 | SNMP does not provide routing table for non-management VDOM. |
| 605723 | FG-600E stops sending out packets on its SPF and copper port on NP6. |
| 607565 | Interface emac-vlan feature does not work on SoC4 platform. |
| 627269 | Wildcard FQDN not resolved on the secondary unit. |
| 634600 | FWF-60E-DSL ADSL2+ connection provided by BT in the UK does not work after upgrading from 6.0.9 to 6.2.4. |
| 642327 | FortiGate unable to boot with kernel panic by cmdbsvr when VLAN is configured on redundant interface with non-NPU port. |
| 644380 | FG-40F/60F kernel panic: failure at mm/vmalloc.c:1341/__get_vm_area_node()!. |
| 645363 | SNMP monitoring does not provide the SD-WAN member interface name. |
Upgrade
| Bug ID | Description |
|---|---|
| 658664 | FortiExtender status becomes discovered after upgrading from 6.0.10 (build 0365).
Workaround: change the config extender-controller extender
edit <id>
set admin enable
next
end
|
User & Device
| Bug ID | Description |
|---|---|
| 546794 | De-authentication of RSSO user does not clear the login from the motherboard. |
| 580391 | Unable to create MAC address-based policies in NGFW mode. |
| 591461 | FortiGate does not send user IP to TACACS server during authentication. |
| 621161 | src-vis crashes on receipt of certain ONVIF packets. |
| 634580 | Peer users are matching every group instead of only groups based on the LDAP group membership. |
VM
| Bug ID | Description |
|---|---|
| 585882 | Error in log, msg="Interface 12345678001-ext:64 not found in the list!", while creating a long name VDOM in FG-SVM. |
| 587180 | FG-VM64-KVM is unable to boot up properly when doing a hard reboot with the host. |
| 587757 | FG-VM image unable to be deployed on AWS with additional HDD (st1) disk type. |
| 596742 | Azure SDN connector replicates configuration from primary device to secondary device during configuration restore. |
| 603100 | Autoscale not syncing certificate among the cluster members. |
| 605511 | FG-VM-GCP reboots a couple of times due to kernel panic. |
| 606527 | GUI and CLI interface dropdown lists are inconsistent. |
| 608881 | IPsec VPN tunnel not staying up after failing over with AWS A-P cross-AZ setup. |
| 634245 | Dynamic address objects are not resolved to all addresses using Azure SDN connector. |
| 640436 | FortiGate AWS bootstrapped from configuration does not read SAML settings. |
| 652416 | AWS Fabric connector always uses root VDOM even though it is not a management VDOM. |
Web Filter
| Bug ID | Description |
|---|---|
| 629005 | foauthd has signal 11 crashes when FortiGate authenticates a web filter category. |
WiFi Controller
| Bug ID | Description |
|---|---|
| 638318 | FG-51E cannot authorize the FAP-C24JE. |
FortiOS 6.2.5 – Notatki do wydania
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
