B&B Bezpieczeństwo w biznesie
  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

Producent oprogramowania Fortinet udostępnił najnowszą aktualizację produktu FortiOS do wersji 7.6.0. W tej wersji poprawiono wiele kluczowych problemów, które mogły wpływać na funkcjonalność i stabilność systemu. W szczególności rozwiązano problem z rejestracją FortiSwitch w GUI po aktualizacji (Bug ID: 991855), naprawiono błąd związany z blokowaniem ruchu VLAN/EMAC VLAN w specyficznych warunkach (Bug ID: 1001722) oraz usunięto problem z przerwą w działaniu jądra systemu podczas przywracania konfiguracji, co mogło skutkować przejściem urządzenia w tryb konserwacji (Bug ID: 986713). Poniżej znajdują się szczegółowe informacje na ten temat.

Wspierane urządzenia:

FortiGate FG-40F, FG-40F-3G4G, FG-60F, FG-61F, FG-70F, FG-71F, FG-80F, FG-80F-BP, FG-80F-DSL, FG-80F-POE, FG-81F, FG-81F-POE, FG-100F, FG-101F, FG-200E, FG-200F, FG-201E, FG-201F, FG-300E, FG-301E, FG‑400E, FG-400E-BP, FG‑401E, FG-400F, FG-401F, FG‑500E, FG-501E, FG-600E, FG-601E, FG-600F, FG-601F, FG-800D, FG‑900D, FG-900G, FG-901G, FG-1000D, FG-1100E, FG-1101E, FG-1800F, FG-1801F, FG-2000E, FG-2200E, FG-2201E, FG-2500E, FG-2600F, FG-2601F, FG-3000D, FG-3000F, FG-3001F, FG-3100D, FG‑3200D, FG-3200F, FG-3201F, FG-3300E, FG-3301E, FG-3400E, FG-3401E, FG-3500F, FG-3501F, FG-3600E, FG-3601E, FG-3700D, FG-3700F, FG-3701F, FG-3960E, FG‑3980E, FG-4200F, FG-4201F, FG-4400F, FG-4401F, FG-4800F, FG-4801F, FG-5001E, FG‑5001E1, FG-6000F, FG-7000E, FG-7000F
FortiWiFi FWF-40F, FWF-40F-3G4G, FWF-60F, FWF-61F, FWF-80F-2R, FWF-80F-2R-3G4G-DSL, FWF-81F-2R, FWF-81F-2R-3G4G-DSL, FWF-81F-2R-POE, FWF-81F-2R-3G4G-POE
FortiGate Rugged FGR-60F, FGR-60F-3G4G, FGR-70F, FGR-70F-3G4G
FortiFirewall FFW-1801F, FFW-2600F, FFW-3001F, FFW-3501F, FFW-3980E, FFW-4200F, FFW-4400F, FFW-4401F, FFW-4801F, FFW-VM64, FFW-VM64-KVM
FortiGate VM FG-ARM64-AWS, FG-ARM64-AZURE, FG-ARM64-GCP, FG-ARM64-KVM, FG-ARM64-OCI, FG-VM64, FG-VM64-ALI, FG-VM64-AWS, FG-VM64-AZURE, FG‑VM64‑GCP, FG-VM64-HV, FG-VM64-IBM, FG-VM64-KVM, FG‑VM64‑OPC, FG‑VM64-RAXONDEMAND, FG-VM64-XEN

Rozwiązane problemy:

Anti Virus

Bug ID Description
948197 Large file downloads may intermittently stall when flow-based UTM and SSL deep inspection are enabled.
977634 FortiOS High Security Alert block page reference URL is incorrect.
981757 An error is displayed when downloading a file from a browser with FortiSandbox scan-mode default enabled using an antivirus profile.
993785 When logged in as an administrator with Security Fabric access permissions set to none, trying to create a new antivirus profile on the Security Profiles > Antivirus page shows an error.
1028114 FortiGate cannot connect to FortiSandboxCloud when inline content block scan mode is set to default in an antivirus profile.
1031084 When FortiGate is in HA AA mode, the secondary unit does not connect to all FSA types for inline scanning.

Application Control

Bug ID Description
982147 Users cannot create application control profiles using the GUI or CLI.

Data Loss Prevention

Bug ID Description
1007202 An upgrade issue may prevent the upload or download of large files using HTTP2.
1012922 When a DLP policy is set to block the upload or download of test PDF documents, the policy does not function as expected.

DNS Filter

Bug ID Description
804790 DNS server latency increases by 15 seconds when a request times out. This increase may give a perception that this server is unreachable or has a latency value that doesn’t reflect real-world conditions.
1010464 When the DNS filter is enabled with external-ip-blocklist, the IPS Engine remains in D status for an extended period of time and the DNS session ends.

Endpoint Control

Bug ID Description
987456 FortiOS experiences a CPU usage issue in the daemon when connecting to an EMS that has a large amount of EMS tags.
1007809 On FortiGate, anonpages and active(anon) pages frequently use a high amount of memory, causing FortiGate to enter into conserve mode.

Explicit Proxy

Bug ID Description
775882 The WAD does not function as expected due to a memory allocation issue.
830418 Website content does not load properly when using an explicit proxy.
890776 The GUI-explicit-proxy setting on the System > Feature Visibility page is not retained after a FortiGate reboot or upgrade.
893935 HTTP requests are forwarded to the server through a web proxy even when forward-server group-down is set to block.
894557 In some cases, the explicit proxy policy list can take a long time to load due to a delay in retrieving the proxy statistics. This issue does not impact explicit proxy functionality.
983897 Traffic that should not be matching a policy is incorrectly matching an allow policy or a deny policy.
990643 FortiGate blocks pages when browsing websites though a transparent proxy-redirect policy on SD-WAN.
991106 Traffic logs and security events cannot be viewed in the SASE portal caused by the WAD not functioning as expected.
1001700 If explicit webproxy uses SAML authentication and the PAC file is enabled at the same time, the browser will report a too many redirects error when trying to visit any websites.
1006362 Debug daemon may be blocked while handling client connection and increases the GUI load time.
1011209 The proxy policy does not work as expected when the session-ttl value is greater than the global session-ttl value.
1014477 Files do not get uploaded on webmail applications with antivirus, app control, or IPS enabled on an explicit proxy policy.
1021643 The WAD may not forward HTTP requests through an explicit web proxy.
1021710 The server-down-option-block command does not work as expected when creating a connection to a forward proxy server.
1026362 Web pages do not load when persistent-cookie is disabled for session-cookie-based authentication with captive-portal.

File Filter

Bug ID Description
1004198 .exe files in ZIP archives are not blocked by file-filter profiles during CIFS file transfers.

Firewall

Bug ID Description
807191 On FortiGate, the diagnose netlink interface list command shows no traffic running through the policy, even with NP offload enabled or disabled.
815333 Local-in policy does not deny IKE UDP 500/4500.
837866 On the NP7 platform, traffic is blocked when egress-shaping-profile and outbandwidth are enabled on a VLAN parent interface.
951422 Unable to download files larger than 30 MB using FortiGate AWS with AV and IPS enabled in proxy mode.
966466 On an FG-3001F NP7 device, packet loss occurs even on local-in traffic.
985419 On the Policy & Objects > Firewall Policy page, the Log violation traffic checkbox displays as being unchecked when the policy is configured and reopened for editing. This purely a GUI display issue and does impact system operation.
991961 On the Policy & Objects > Addresses page, address objects are not sorted in alphabetical order for address group or firewall policies.
992610 The source interface displays the name of the VDOM and local out traffic displays as forward traffic.
996876 Adding IPv6 address group memberships to a policy using FortiGate REST API does not work as expected.
998699 On the Policy & Objects > Firewall Policy page, the Firewall/Network options are missing in the GUI when enabling a security profile group in a policy.
1002269 When a schedule is added to a firewall policy, the schedule is not activated at the time configured in the policy.
1004267 On the Policy & Objects > Firewall Policy page, when searching for an address object with a comment keyword, no results are displayed.
1008680 On FortiOS, the Dashboard > FortiView Destination Interfaces, Dashboard > FortiView Source Interfaces pages, and Policy & Objects > Firewall Policy > Edit Policy page display incorrect bandwidth units.
1008863 SNAT type port-block-allocation does not work as expected in NAT64.
1010037 When editing object address on the Policy & Objects > Addresses page, the GUI does not function as expected if the address being edited contains a slash character.
1010824 FortiGate creates dummy destination IP logs when pinging a FortiGate VIP.
1011438 On the Policy & Objects > Firewall Policy List page, the Interface Pair View does not display policies alphanumerically and by interface alias.
1012239 When creating a new policy using the GUI in TP mode, NAT is automatically enabled.
1013488 On the Policy & Objects > Firewall Policy page, searching for service port numbers in the Firewall Policy list does not return any results.
1014584 On the Policy & Objects > Firewall Policy page, firewall policies with FQDN show as unresolved in the table.
1016893 On the Policy & Objects > Firewall Policy page, when hovering over addresses in the Source or Destination columns, the tooltip window does not scroll when there are a large number of addresses.

FortiGate 6000 and 7000 platforms

Bug ID Description
638799 The DHCPv6 client does not work with vcluster2.
885205 IPv6 ECMP is not supported for the FortiGate 6000F and 7000E platforms. IPv6 ECMP is supported for the FortiGate 7000F platform.
940541 A permanent MAC address is used instead of an HA virtual MAC address during automation.
946399 On the Policy & Objects > Firewall Policy page, address entries cannot be edited using the Edit button from the tooltip pop-up window.
983236 Under normal conditions, a FortiGate 6000 or 7000 may generate event log messages due to a known issue with a feature added to FortiOS 7.2 and 7.4. The feature is designed to create event log messages for certain DP channel traffic issues but also generates event log messages when the DP processor detects traffic anomalies that are part of normal traffic processing. This causes the event log messages to detect false positives that don’t affect normal operation.

For example, DP channel 15 RX drop detected! messages can be created when a routine problem is detected with a packet that would normally cause the DP processor to drop the packet.

Similar discard message may also appear if the DP buffer is full.
1003879 Incorrect SLBC traffic-related statistics may be displayed on the FortiGate 6000 or FortiGate 7000 GUI (for example, in a dashboard widgets). This can occur if an FPC or FPM is not correctly registered for statistic collection during startup. This is purely a GUI display issue and does not impact system operation.
1013046 On FortiGate 6000 and 7000 models, interested traffic cannot trigger the IPsec tunnel.
1018594 On FortiGate 7000, if gtp-mode is enabled and then disabled, after disabling gtp-enhanced mode and rebooting the device, traffic is disrupted on the FIM and cannot be recovered.
1022499 IPv6 routes are not fully synchronized between HA primary and secondary units.
1025926 After a firmware upgrade, the configuration does not synchronize because the SDN connector password is unmatched.

FortiView

Bug ID Description
941521 On the Dashboard > FortiView Websites page, the Category filter does not work in the Japanese GUI.
945448 On the Asset Vulnerability Monitor page, filtering by FortiClient user does not show any results.

GUI

Bug ID Description
896008 On wide resolution screens, the GUI-based CLI console widget has text overlap display issues on very wide screens.
946521 On the System > Interfaces page, the set monitor-bandwidth setting is not automatically disabled set when the interface bandwidth monitor for a port is deleted.
957441 On the Firmware & Registration page, the GUI displays a Cannot determine mkey for cmdb source entry. error message. This is purely a GUI display issue and does not impact system function.
964386 GUI dashboards show all the IPv6 sessions on every VDOM.
970528 The hsts-max-age is not enforced as set under config system global.
974988 FortiGate GUI should not show a license expired notification due to an expired device-level FortiManager Cloud license if it still has a valid account-level FortiManager Cloud license (function is not affected).
978716 On the Security Profiles > Inline-CASB page, when a SaaS application is added to a CASB profile, the option is not grayed out and the SaaS application can be added again.
981244 On the FortiGate GUI, IPsec or GRE configurations are missing when using set type tunnel.
983422 A GTP profile cannot be applied to policy using the GUI.
993890 The Node.JS restarts and causes a kill ESRCH error on FortiGate after an upgrade.
994915 The CLI GUI console is disconnected after creating a new VDOM.
996845 When saving a packet capture, the file name saves as a generic file name with no identifiable information.
998155 The Node.JS restarts and causes a Cannot read properties of undefined (reading 'on') error on FortiGate after an upgrade.
1006079 When changing administrator account settings, the trusthost10 setting is duplicated.
1006868 On the FortiGuard page, when setting a schedule using the Scheduled updates option on the GUI, the CLI displays the wrong value.
1013455 On the FortiGate GUI, inter-VDOM links are not available for packet capture.
1013866 On FortiOS, the category action change is not saved if the category number is the same as the existing entry ID.

HA

Bug ID Description
825380 When workspace configuration save mode is set to manual in the System > Settings, configuration changes made on the primary unit and then saved do not synchronize with the secondary unit when one of the cluster units are rebooted or shutdown after the change.
962525 In HA mode, FortiGate uses ha-mgmt-interface as the portal for the DNS resolver, even if this port may not be able to reach the DNS server.
985601 When configuring VDOMs in an HA cluster, the VDOM assigned to the VDOM link in vcluster2 active on the secondary unit is incorrect.
992758 When uploading certificates, HA can go out of synchronization.
993849 After restoring a VDOM configuration, the HA is not synchronized.
995340 An issue with hasync in the secondary unit may cause FortiGate to enter into conserve mode.
998004 When the HA management interface is set a LAG, it is not synchronized to newly joining secondary HA devices.
1000001 A secondary HA unit may go into conserve mode when joining an HA cluster if the FortiGate’s configuration is large.
1002682 The VMware SDN connector does not respect the ha-direct setting and uses the management interface, causing traffic to be dropped.
1004215 Local out traffic from the primary HA unit uses the wrong interface when SNMP points to the secondary HA unit.
1005596 Using RADIUS login on the secondary unit does not work as expected when trying to login to the primary and secondary units at the same time.
1007395 When downgrading to a 7.2.x firmware version, an error message displays on the primary HA device and does not get removed when the device is rebooted.
1013152 After a factory reset, the FortiGate HA cluster may remain out of synchronization between the primary and secondary units.
1015950 When upgrading a FortiGate VM Analyzer, a CPU usage issue causes the auto scale cluster to go out of synchronization.
1017177 A WAD processing issue causes the SNMP to not respond in an HA cluster.
1024535 In an FGSP cluster configuration running in TP mode, reply traffic in asymmetric flow is not offloaded to NP.

Hyperscale

Bug ID Description
817562 NPD/LPMD cannot differentiate the different VRFs, and considers all VRFs as 0.
994019 Harpin traffic may not work due to a rare situation caused by a race condition.
961684 When DoS policies are used and the system is under stress conditions, BGP might go down.
967017 TCP or UDP timer profiles configured using config-system npu may not work as intended.
975220 The Gentree Compiler is enabled by default on all NP7 platforms for threat feed support.
976972 New primary can get stuck on failover with HTTP CC sessions.
1016478 When modifying existing policies with a BOA loaded configuration, NPD is not working as expected.
1024274 When Hyperscale logging is enabled with multicast log, the log is not sent to servers that are configured to receive multicast logs.
1024313 The template for the netflow v9 log packets is not included in the configuration.
1024902 After FTP traffic passes, the npu-session stat does not display the accurate amount of actual sessions on FortiGate.
1032471 When rebooting the secondary unit in an FGSP setup, the session information is not visible in the secondary unit.

ICAP

Bug ID Description
1022247 In an ICAP profile, the set request-failure bypass option does not work as expected resulting in traffic being blocked.

Intrusion Prevention

Bug ID Description
810783 The number of IPS sessions is higher than kernel sessions, which causes the FortiGate to enter conserve mode.
910267 In an FGSP setup running emix traffic, nTurbo values run in the negative.
916175 In rare cases, the IPS engine may not handle buffer overflow.
968464 nTurbo passes the wrong ID to the IPS engine when the set vrf value is above 32.
979586 When applying an IPS profile with offloading enabled, WLAN authentication does not function as expected caused by EAP transaction timeouts.
1000223 HTTPS connections to a Virtual IP (VIP) on TCP port 8015 are incorrectly blocked by the firewall, displaying an IPS block page even when no packet from the outside to TCP port 8015 should reach the internal VIP address.
1008064 The IPS DB is not preserved when upgrading to 7.2.5 or later.
1008107 Throughput capacity drops during failover to the secondary unit in an A/P cluster.
1011702 FortiGate experiences a CPU usage issue which may lead to an interruption in the kernel when dos-policy is enabled.
1013666 The IPS engine uses FortiManager for vulnerability lookup instead of the override server.

IPsec VPN

Bug ID Description
564920 IPsec VPN fails to connect if ftm-push is configured.
787673 IPsec VPN types are not saved to the configuration when edited using the GUI.
942618 Traffic does not pass through an vpn-id-ipip IPsec tunnel when wanopt is enabled on a firewall policy.
950445 After a third-party router failover, traffic traversing the IPsec tunnel is lost.
966085 IKEv2 authorization with an invalid certificate can cause tunnel status mismatch.
968055 After an upgrade, L2TP/IPsec connections using the RIP protocol do not function as expected.
968376 Changes to the IPsec tunnel type from a static to dialup user on the GUI does not change the actual configuration.
974648 Editing existing IPsec aggregate members does not update in the bundle list.
978243 Unable to send all prefixes through FortiClient using dial-up IPsec VPN split tunnel to macOS devices.
986756 VPN traffic does not pass between VDOMs through intervdom links.
989570 On FortiGate, firewall address groups created using the VPN wizard cannot be edited.
994115 When ASIC offload is enabled and packet size is larger than 1422, FortiGate does not generate an ICMP Type 3, Code 4 error message.
996625 Unable to create a FortiClient dial-up VPN with certificate authentication because a peer CA certificate cannot be selected.
998229 Traffic loss is experienced on inter-region ADVPN tunnels after phase 2 rekey.
999619 The IPsec peer name check process is not working as expected when configuring static and dynamic tunnels in a certain order.
1001602 Using IPSec over back to back EMAC VLAN interfaces does not work as expected with NPU offload enabled.
1001996 The iked does not function as expected due to a misplaced object being created in the secondary HA during failover.
1003830 IPsec VPN tunnel phase 2 instability after upgrading to 7.4.2 on the NP6xlite platform.
1007043 Iked may experience an interruption in operation resulting in all VPN tunnels going down.
1009732 If there are more than 2000 dialup IPsec tunnel interfaces used in multiple FGT firewall polices, and IKE policy update may not able to complete before IKE watchdog timeout.
1014026 On the VPN > IPsec Tunnels page, after creating an IPsec tunnel in phase 2, the Named Address field does not show any results.
1019269 On the VPN > IPsec Tunnels page, when language setting on FortiOS is set to anything other than English, the Status column displays active (green up arrow) when the tunnel is inactive.
1020250 A second IPsec tunnel cannot be added on different IP versions that use the same peerid.
1025202 After a peer-side interface shutdown and reboot, the dpd status does not return to OK, even when the peer-interface is up and SA renegotiated.

Log & Report

Bug ID Description
872493 Disk logging files are cached in the kernel, causing high memory usage.
957130 On the Log & Report > Forward Traffic page, when running version 7.2.3 of FortiGate, log retrieval speed from FortiAnalyzer is slow.
960661 FortiAnalyzer report is not available to view for the secondary unit in the HA cluster on the Log & Report > Reports page.
973673 The monitor-failure-retry-period is not working as expected when the log daemon restarts the next oftp connection after a connection timeout.
993476 FortiGate encounters a CPU usage issue after rebooting with multiple VDOMs configured.
998215 Frequent API queries to add and remove objects can result in a memory usage issue on FortiGate.
1000600 When a log output is generated, the position of the rawdata field is not consistent, causing some information to be missing.
1005171 After upgrading to version 7.0.14, the system event log generates false positives for individual ports that are not used in any configuration.
1006611 FortiOS may not function as expected when the miglogd application attempts to process logs.
1008626 ReportD does not function as expected when event logs have message fields over 2000 bytes.
1010074 The miglogd does not function as expected due to a CPU usage issue.
1010244 When uploading the log file to the FTP server, some parts of the log files are not included in the upload.
1010428 On the Log & Report > System Events page, the log displays an FortiGate has experienced an unexpected power off error message when an interruption occurs in the kernel.
1011172 The miglogd does not forward log packages to FortiAnalyzer due to a memory usage issue.
1012862 User equipment IP addresses are not visible in traffic logs.
1018392 A memory usage issue in the fgtlogd daemon causes FortiGate to enter into conserve mode.
1021195 The IPS engine sends a high frequency of IoT device queries even when the device identification is set to disabled.

Proxy

Bug ID Description
871273 When the kernel API tries to access the command buffer, the device enters D state due to a kernel interruption.
900546 DNS proxy may resolve with an IPv4 address, even when pref-dns-result is set to IPv6, if the IPv4 response comes first and there is no DNS cache.
918652 FortiGate experiences a CPU usage issue and halts traffic when there are a large amount of addresses and external resource is updated frequently.
922093 CPU usage issue in WAD caused by source port exhaustion when using WAN optimization.
949464 On FortiGate, a memory usage issue in the WAD may cause the unit to enter into conserve mode.
956481 On FortiGate 6000 models, when an explicit proxy is configured, the TCP 3-way handshake does complete as expected.
979361 After an upgrade, FortiOS encounters an error condition in the application daemon wad caused by an SSL cache error.
982553 After upgrading from version 6.4.13 to version 7.0.12 or 7.0.13, FortiGate experiences a memory usage issue.
987483 On FortiGate, the WAD daemon does not work as expected due to a NULL pointer issue.
988473 On FortiGate 61E and 81E models, a daemon WAD issue causes high memory usage.
994101 SSL Logs show certificate-probe-failed error when web profile is enabled.
999118 TCP connections are not distributed properly when src-affinity-exempt is enabled.
1000653 The proxy policy does not validate IP addresses in the XFF when an HTTP address is sent by AGW.
1001598 When proxy-based policies are enabled, HTTP2 resources cannot be accessed.
1003481 FortiGate may not work as expected due to an error condition in the daemon WAD.
1010718 The proxy inspection mode policy is deleted from the configuration without notification after an upgrade.
1012965 Deep inspection and web filter for an explicit proxy policy do not work if profile-protocol-options has additional ports for HTTP.
1016970 High memory usage in WAD causes FortiGate to enter into conserve mode.
1019230 On FortiGate, a memory usage issue in the WAD causes the unit to enter into conserve mode.
1020828 An HTTP2 stream issue causes an error condition in the WAD.
1021699 When some regex objects do not match the policy, it can result in all other objects in the same policy to not match.

REST API

Bug ID Description
859680 In an HA setup with vCluster, a CMDB API request to the primary cluster does not synchronize the configuration to the secondary cluster.
984499 REST API query /api/v2/monitor/system/ha-peer does not return the primary attribute of an HA cluster member.

Routing

Bug ID Description
779825 In SD-WAN with interface-select-method enabled, if link performance is affected, local out traffic continues on the same link.
792512 The dashboard Session widget cannot display the correct IPv6 session count per VDOM.
923994 On the Network > Static Routes page, VRF information does not display in the VRF column.
924693 On the Network > SD-WAN > SD-WAN Rules page, member interfaces that are down are incorrectly shown as up. The tooltip on the interface shows the correct status.
966681 FortiGate cannot ping an IPv6 loopback address.
978683 The link-down-failover command does not bring the BGP peering down when the IPsec tunnel is brought down on the peer FortiGate.
987360 SD-WAN health checks are not deleted after all related references are removed when applied over ADVPN.
989012 The ICMP_TIME_EXCEEDED packet does not follow the original ICMP path displays the incorrect traceroute from the user.
990211 On the Network > BGP > Neighbor Groups page, an error message is shown under IPv4 Filtering for routes that are already have in and out routes configured in the GUI.
993843 On FortiGate 1800F models, the VXLAN tunnel on a Loopback interface does not match SD-WAN rules.
995972 When accessing the ZebOS in chroot, the ospfd does not work as expected.
1000433 The IPv6 route with dynamic gateway enabled cannot be configured after an upgrade and reboot.
1001556 VXLAN does not match SD-WAN rule when a service is specified.
1002132 A BGP neighbor over GRE tunnel does not get established after upgrading due to anti-spoofing not functioning as expected.
1002721 Existing dcerpc sessions do not follow SD-WAN rules for routing tables.
1002851 BGP Stale routes do not function as expected in an HA configuration.
1004249 FortiGate routes traffic to an interface with a physical status of DOWN.
1006703 OSPF logs for neighbor status are not generated when using multiple VRFs.
1007163 In a hub and spoke configuration, the spoke cannot resolve BGP routes to HUB when a shortcut is established.
1008818 The default configuration of the Fabric Overlay Orchestrator causes concurrent disconnects with the BGP.
1009907 The OSPF daemon does not function as expected causing routing to stop working after an HA cluster failover.
1011263 FortiGate does not advertise default route to its EBGP neighbor when capability-default-originate is enabled.
1012321 When modifying an address in VDOM DAF, the session is routed to the default static route instead of the policy routing.
1012895 The set-regexp command does not function as expected in the extcommunity-list.
1013773 FortiGate does not automatically add the set LTE dynamic route to the routing table.
1013940 After an HA failover and the SD-WAN neighbor role is selected as the primary, the SD-WAN service with role set as primary is disabled.
1017950 The OSPF process encounters a CPU usage issue when there are a high number of prefixes and redistribute bgp is enabled.
1019166 On the Network > Routing Objects page, route map objects cannot be edited and saved.
1020474 In a hub and spoke configuration, the IPsec SA MTU calculation does not match with the vpn-id-ipip encapsulation resulting in a fragmentation issue.
1021666 When adding a route using SD-WAN zone, there is no overlap check on existing gateway IP addresses which prevents routes from being added.
1022665 When the SNAT does not match the outgoing interface during failover from the secondary to the primary, SD-WAN traffic does not failover back to the primary WAN.
1023878 SD-WAN SLA shows intermittent disruptions of packet loss on all links simultaneously, even though there is no actual packet loss.
1025201 FortiGate encounters a duplication issue in a hub and spoke configuration with set packet-duplication force enabled on a spoke and set packet-de-duplication enabled on the hub.

Security Fabric

Bug ID Description
899585 When running a security rating check, the security rating endpoints do not use the latest endpoint data.
907452 On FortiOS, GUI access can be prevented when requesting a security rating over CSF from FortiAnalyzer.
958429 On the Security Fabric > Automation page, the webhook request header does not contain Content-type: application/json when using the JSON format. This causes Microsoft Teams to reject the request.
968621 Erroneous memory allocation resulting in unexpected behavior in csfd after upgrading.
972921 On the Security Fabric > External Connectors page, the comments are not working as expected in the threat feed list for the domain threat feed.
984127 FortiGate shows the wrong notification to setup an upstream device that is not a FortiGate to the Security Fabric.
987531 Threat Feed connectors in different VDOMs cannot use the source IP when using internal interfaces.
989184 The Security Fabric root device takes longer than expected to synchronize with downstream secondary HA devices in an HA configuration.
990703 In certain scenarios, dynamic addresses managed by the Azure SDN connector may be removed leading to potential network interruptions.
991462 Scheduled automation stitches for the SFTP backup is continuously triggered when execute-security-fabric is enabled and set to once or weekly.
993279 Scheduled automation stitches for the SFTP backup does not generate unique backup files when execute-security-fabric is enabled.
994167 An issue with the csfd results in FortiGate being disconnected from the Security Fabric.
1000880 When renaming an existing address name on a downstream FortiGate from the root FortiGate, a new address is created on the downstream FortiGate with the updated name.
1003503 Optimizing federated auto-firmware upgrade with FortiGate, FortiSwitch, and FortiAP.
1008901 STIX threat feeds cannot download properly due to a JSON parsing issue.
1014961 The SDN Connector for nutanix does not return all the entries.
1023998 On the System > Firmware & Registration page, the firmware information for the secondary device is not shown when the Security Fabric is enabled in the GUI.

SSL VPN

Bug ID Description
905050 Intermittent behavior in samld due to an absent crucial parameter in the SP login response may lead to SSL VPN users experiencing disconnections.
982705 When editing a security policy, the custom signature is removed from the policy.
983513 The two-factor-fac-expiry command is not working as expected for remote RADIUS users with a remote token set in FortiAuthenticator.
999378 When the GUI tries to write a QR code for the SSL VPN configuration to the file system to send in an email, it tries to write it in a read-only folder.
999661 When changing SSL VPN access in the Restrict Access field to Allow access from any host and enabling the Negate Source option on the VPN > SSL VPN page, the changes made in the GUI are not reflected in the CLI.
1001272 The SAML DB Insert does not function as expected and causes a CPU usage issue.
1003672 When RDP is accessed through SSL VPN web mode, keyboard strokes on-screen lag behind what is being typed by users.
1004633 FortiGate does not respond to ARP packets related to SSL VPN client IP addresses.
1022439 SAMLD encounters a memory usage issue, preventing successful login attempts on SSL VPN.
1024837 OneLogin SAML does not work with SSL VPN after upgrading to 7.0.15 or 7.4.3.

Switch Controller

Bug ID Description
688724 A non-default LLDP profile with a configured med-network-policy cannot be applied on a switch port.
899414 On the WiFi & Switch Controller > WiFi maps page Diagnostics and Tools panel, and on the WiFi & Switch Controller > FortiSwitch Clients page, the status of the LACP interface is incorrectly shown as down when it is up.

This is a GUI issue that does not affect the operations of the LACP interface. To view the correct status of the LACP interface, go to the WiFi & Switch Controller > FortiSwitch Ports page, or use the CLI.
944975 After configuring the switch-controller lldp-profile, the changes are not reflected in the CLI when the show switch-controller lldp-profile command is run.
960240 On the WiFi & Switch Controller > Managed FortiSwitches page, ISL links do not display as solid connections.
984404 On the System > Firmware & Registration page, after upgrading the version 7.4.2, the FortiSwitch shows as not registered in the GUI.
991855 The access-mode and storm control policy commands are not visible in FortiGate clusters causing them to go out of synchronization and does not send updated configurations to the FortiSwitch.
995518 On the WiFi & Switch Controller > Managed FortiSwitches > Upgrade page, the FortiGuard option is not available to upgrade when new firmware is available.
1000663 The switch-controller managed-switch ports’ configurations are getting removed after each reboot.
1023888 On the WiFi & Switch Controller > FortiSwitch Ports page, changes made to the Allowed VLANs and Native VLAN columns are not saved when edited on the GUI.

System

Bug ID Description
860534 VDOM settings are removed after rebooting FortiGate in TP mode with multiple VDOMs enabled.
880611 FortiGate enters into conserve mode due to a memory usage issue.
901721 In a certain edge case, traffic directed towards a VLAN interface could cause an kernel interruption.
910364 CPU usage issue in miglogd caused by constant updates to the ZTNA tags.
916172 GRE traffic is still allowed to flow through when the GRE interface is disabled.
917886 On FortiGate, fragmented packets with specific flow types are not forwarded to the correct ports on a LAG interface.
925554 On the Network > Interfaces page, hardware and software switches show VLAN interfaces as down instead of up. The actual status of the VLAN interface can be verified using the command line.
932002 Possible infinite loop can cause FortiOS to become unresponsive until the FortiGate goes through a power cycle.
938475 A memory usage issue occurs when multiple threads try to access VLAN group.
946393 On FortiGate, the software switch does not send an ARP reply from OIF.
947398 When an EMAC VLAN interface is set up on top of a redundant interface, the kernel may encounter an error when rebooting.
948875 The passthrough GRE keepalive packets are not offloaded on NP7 platforms.
952284 A FortiGate with 2 GB of memory enters conserve mode when a node uses 20% of the memory.
953547 SCTP traffic does not get forwarded by a connected hardware switch on FortiGate.
956697 On NP7 platforms, the FortiGate maybe reboot twice when upgrading to 7.4.2 or restoring a configuration after a factory reset or burn image. This issue does not impact FortiOS functionality.
959660 The private-data-encryption configuration does not use the configured private key.
964465 Administrators with read-write permission for WiFi and read permission for network configuration cannot create SSIDs on the System > Administrator Profiles page.
964820 Traffic forwarding on Dialup VPN IPSec does not work as expected when npu-offload is enabled.
966384 On FortiGate 401F and 601F models, the CR mediatype option on x5-x8 ports is not available.
967436 DAC cable between FortiGate and FortiSwitch stops working after upgrading from 7.2.6 to 7.2.7.
968134 FortiGate 200F experiences a performance issue due to Marvell switch HOL mode.
970053,

1006324

 When a different transceiver type is added to FortiGate, the new transceiver information does not update in the GUI or CLI.
974740 FortiGate 2600F does not set 10G ports to 100G.
975496 FortiGate 200F experiences slow download and upload speeds when traversing from a 1G to a 10G interface.
975778,

1004883

 VLAN traffic is stopped when created on LACP with split-port-mode configured.
976314 After upgrading FortiGate and not changing any configuration details, the output of s_duplex in get hardware nic port command displays Half instead of Full. This is purely a display issue and does not affect system operation.
978122 FortiGate experiences packet drop when egress-shaping-profile is applied to a LAG interface.
986713 When restoring a FortiGate from a backup configuration, the device enters into system maintenance mode and is not accessible.
988528 With NGFW mixed traffic, FortiGate experiences a CPU usage issue.
989473 On FortiGate, the device may not work as expected due to a memory usage issue with the cmdbsvr.
989629 FortiGate does not show additional speed options outside of auto on a WAN interface.
990409 After an upgrade on FortiOS, the kernel operation is interrupted and reboots due to a switch command issue.
991264 The locallogd process may cause a CPU usage issue on FortiGate.
995269 On FortiGate, the multicast session walker is rescheduled on the same CPU instead of the next CPU.
995442 FortiGate may generate a Power Redundancy Alarm error when there is no power loss. The error also does not show up in the system log.
995967 When FortiGate firmware is upgraded, the interface speed changes from auto to 1000 full.
996893 On FortiWiFi 81F-2R-3G4G-POE models, GPS service cannot be activated.
997563 SNMP ifSpeed OID show values as zero on VLAN interfaces in hardware switches.
1000194 FortiGate does not show QoS statistics in the diagnose netlink interface list command when offloading is disabled in a firewall policy and IPsec phase 1 tunnel on NP7 platforms.
1001498 On FortiGate, TCP and UDP traffic cannot pass through with dos-offload enabled.
1001601 A kernel interruption on FortiGate prevents it from rebooting after an upgrade with a specific configuration.
1001722 VLAN/EMAC VLAN traffic is unexpectedly blocked under certain conditions.
1001938 Support Kazakhstan time zone change to a single time zone, UTC+5.
1002323 After restoring a configuration on FortiGate with the interface changed from aggregate to physical, the interface switches back to aggregate and cannot be changed back to physical.
1002766 FortiGate prevents select interface a as an option for traceroute, ssl, and telnet services.
1003349 CPU usage issue in WAD after upgrading from 7.4.1 to 7.4.3 when using address group member.
1004804 FortiGate running firmware 7.2.7, the device encounters an error condition in the application daemon.
1006024 On FortiOS, administrator accounts using upd-read-write cannot open the FortiGuard page.
1006979 FortiGate may encounter a memory usage issue on the flpold process, causing the primary and secondary units to go out of synchronization.
1007934 FortiGate may experience a memory usage issue with the node daemon once a connection is closed.
1008049 The I2C bus becomes stuck during an upgrade due to an error in the switch-config-init command.
1009278 Traffic does not hit a new policy created in the GUI or CLI due to an auto-script command issue.
1009853 Outgoing traffic from EMAC-VLAN uses default cos tag when traffic is not offloaded.
1011229 On FortiGate, a slab memory usage issue causes the device to enter into conserve mode.
1011968 Jumbo frame packets do not pass through all split ports and may cause packets to drop.
1012518 Some FortiGate models on NP6/NP6Lite/NP6xLite platforms experience unexpected behavior due to certain traffic conditions after upgrading to 7.2.8. Traffic may be interrupted momentarily.
1013010 On some FortiGates, 25 GB transceivers are displayed as 10 GB transceivers in the get system interface transceiver command.
1015169 On FortiGate, SNMP v3 cannot use -u <username-pri/sec-SN> for both IPv4 or IPv6 address queries and SNMP v2 cannot use -c <comm-SN> for IPv6 address queries.
1015736 On FortiWiFi 60/61F models, the STATUS LED light does not turn on after rebooting the device.
1017446 Some TTL exceeded packets are not forwarded on their destination and an error message is not always generated.
1018022 On FortiGate, VXLAN traffic is not offloaded properly resulting in some packets being dropped.
1019749 On a VDOM, running sudo global show does not return any system interfaces information.
1021355 FortiGate encounters a CPU usage issue when there are a high volume of traffic and scripts running on the device which could lead to an issue with performance.
1021542 FortiGate reboots twice after a factory reset when gtp-enchanced-mode is enabled.
1021632 FortiGate may experience intermittent traffic loss on an LACP interface in a virtual wire pair with l2forward enabled.
1024737 On FortiGate, when set ull-port-mode is set to 25G, ports x5-x8 show a status of DOWN.
1025503 On the Network > Diagnostics page, FortiGate shows that the packet capture capacity has been reached when there is no captured packet on the device.
1025576 Passthrough GRE traffic using Transparent Ethernet Bridging packets as the protocol type are not offloaded on NP7 platforms.
1029351 The OPC VM does not boot up when in native mode.
1034322 FortiGates using a SOC4 platform with a virtual switch configured may continuously reboot when upgrading due to an interruption in the kernel.
1041457 On FortiGate, kernel 4.19 does not work as expected when concurrently reassembling fragmented packets that have more than 64 destination IPv4 addresses.
1041669 FortiGate does not upgrade if private-data-encryption is enabled and the device is not rebooted.

Upgrade

Bug ID Description
925567 When upgrading multiple firmware versions in the GUI, the Follow upgrade path option does not respect the recommended upgrade path.
952828 The automatic patch upgrade feature overlooks patch release with the Feature label. Consequently, a FortiGate running 7.4.2 GA does not automatically upgrade to 7.4.3 GA.
955810 Upgrading FortiOS is unsuccessful due to unmount shared data partition failed error.
955835 When auto-upgrade is disabled, scheduled upgrades on FortiGate are not automatically canceled. To cancel any scheduled upgrades, exec federated-upgrade cancel must be done manually.
977281 After the FortiGate in an HA environment is upgraded using the Fabric upgrade feature, the GUI might incorrectly show the status Downgrade to 7.2.X shortly, even though the upgrade has completed.

This is only a display issue; the Fabric upgrade will not recur unless it is manually scheduled.
999324 FortiGate Pay-As-You-Go or On-demand VM versions cannot upload firmware using the System > Firmware & Registration > File Upload page.
1013821 On FortiGate, an interruption occurs in the kernel in both HA FortiGates when an HA cluster’s firmware is upgraded.
1017519 Auto firmware-upgrade may run when a FortiGate is added to a FortiManager that is added behind a NAT.
1027462 When restoring an FortiGate, the 7.4.1 config file with deprecated Inline CASB entries displays errors messages and causes the confsyncd to not function as expected.
1031574 During a graceful upgrade, the confsync daemon and updated daemon encounter a memory usage issue, causing a race condition.
1053795 On FortiOS, passwords cannot be changed using the GUI with password-policy enabled.

User & Authentication

Bug ID Description
946191 CPU usage issue in WAD caused by a high number of devices being detected by the device detection feature.
974298 When using the local-in firewall authentication with SAML method, SAML users cannot get access using the authentication portal.
976790 WiFi clients are not authenticated when using the Use my windows user account option for LDAP authentication.
988958 When rsso user groups are updated, the session table is not cleared of old sessions and traffic still hits the old policy.
989760 On the System > Certificates page, error Unable to create certificate displays when uploading certificates using the PKCS12 (.pfx) format. The certificates are still uploaded.
1001026 Users are unable to use passwords that contain the ñ character for authentication.
1009213 After upgrading firmware on FortiGate, an interruption occurs in the fnbamd resulting in auto-connect not working as expected.
1016112 SSL VPN access is prevented when the LDAP server includes a two-factor authentication filter.
1018846 When SCEP is used with SSL connections, some TLS connections are missing the SNI extension on FortiGate.
1021157 Users are unable to use passwords that contain Polish characters for RADIUS authentication.
1023605 Multiple errors observed in the IOTD debug log caused by connection timeouts.

VM

Bug ID Description
996389 AWS SDN Connector stops processing caused by the IAM external account role missing the sts:AssumeRolevalue.
998208 The FortiGate-VM system stops after sending an image to the HA secondary during an firmware upgrade due to different Flex-VM CPU license.
999599 On FortiGate AWS, the IPsec configuration goes missing after an upgrade due to an inconsistent table-size.
1006570 VPN tunnels go down due to IKE authentication loss after a firmware upgrade on the VM.
1016327 After rebooting, DPDK mode is disabled on a VLAN interface and traffic stops.
1024011 The SDN connector does not update the correct IP addresses for either the upscale or downscale VMSS.

VoIP

Bug ID Description
1004894 VOIPD experiences high memory usage and enters into conserve mode.

WAN Optimization

Bug ID Description
899377 On FortiGate, an interruption occurs in the WAD causing traffic to stop and large files cannot be downloaded.

Web Filter

Bug ID Description
634781 Unable to customize replacement message for FortiGuard category in web filter profile.
925801 Custom Images are not seen on Web Filter block replacement page for HTTP traffic in flow mode.
975115 FortiGate prevents adding a regex string to a static URL filter table.
1002266 Web filtering does not update rating servers if there is a FortiGuard DNS change.
1004985 The webfilter cookie override trigger process had no issue observed and an override entry was created in the FortiGate, but client access was kept blocked by the old profile and the client received a replacement message with an override link just like the initial access to trigger the override.

WiFi Controller

Bug ID Description
908282 On FortiGate, an interruption occurs with the cw_acd during failover to the secondary FortiGate.
915715 On a secondary FortiGate in an HA cluster, user and vlan-id values do not show up when using the diagnose wireless-controller wlac -d sta online command in the CLI.
949682 Intermittent traffic disruption observed in cw_acd caused by a rare error condition.
950379 The diagnostics of online FortiAPs shows Link Down in the trunk port Connected Via field when the FortiAP has an LACP connection to a FortiSwitch.
989929 A kernel interruption occurs on FWF-40F/60F models when WiFi stations connect to SSID on the local radio.
994752 A memory issue on the secondary firewall causes FortiGate to enter into conserve mode.
1001104 Some FortiAP 231F units show join/leave behavior after the FortiGate is upgraded to 7.2.7.
1001672 FortiWiFi reboots or becomes unresponsive when connecting to SSID after upgrading to 7.0.14.
1003070 On FortiGate, the sta count is not accurate when some wireless clients connect to APs managed by FortiGate.
1012433 Guest WiFi clients cannot be removed using RADIUS CoA after FortiGate reboots.
1018107 Unable to manage FortiAP from FortiGate.

ZTNA

Bug ID Description
944772 FortiGate does not use data from FortiClient to send the VPN snapshot to EMS.
998172 When first connecting to the ZTNA server, the EMS websocket can become stuck and an error displays ZTNA Access Denied – Policy restriction!.
1008632 When visiting SaaS application web pages using ZTNA, web pages can stall or return an ERR_CERT_COMMON_NAME_INVALID error.
1012317 ZTNA intermittently does not match the firewall policy due to missing information in the policy.
1016265 An interruption occurs in the WAD when trying to access the ZTNA server due to map matchers not being present.
1018303 ZTNA does not allow tcp-forwarding SSH traffic to pass through.
1020084 ZTNA does not failover to the standby realserver if the existing realserver cannot be reached.

Notatki producenta: FortiOS 7.6.0 Release Notes

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Post Views: 565

Fortinet FortiOS FortiOS 7.6.0

Poprzedni artykułESET Endpoint Antivirus and ESET Antivirus Security for Windows version 11.1.2039.2Następny artykuł FortiManager 7.6.0

Najnowsze

FortiAnalyzer 7.6.38 maja 2025
FortiManager 7.6.330 kwietnia 2025
FortiMail 7.6.322 kwietnia 2025

Kategorie

  • Acronis
  • Aktualności
  • Bez kategorii
  • ESET
  • F-Secure
  • FortiAnalyzer
  • FortiAP
  • FortiAuthenticator
  • FortiClient
  • FortiDeceptor
  • FORTIGATE
  • FORTIMAIL
  • FortiManager
  • FortiNAC
  • FortiSIEM
  • FORTISWITCH
  • FortiWeb
  • NAKIVO
  • Proget
  • Qnap
  • Stormshield
  • Szkolenia
  • Veeam
  • VMware
  • WithSecure

Tagi

6.0.6 6.2.2 6.2.7 6.4.0 6.4.4 6.4.5 6.4.8 7.0.0 7.0.2 7.0.5 7.2.0 7.2.2 ems Eset eset endpoint antivirus eset endpoint security ESET Inspect ESET Protect ESET Protect Cloud F-Secure FMG FortiAnalyzer forti analyzer FortiAP fortiap-w2 FortiAuthenticator FortiClient FortiClientEMS forticlient ems FortiGate FortiMail FortiManager FortiNAC Fortinet FortiOS FortiSIEM FortiSwitch FortiWeb vCenter vCenter Server VMware VMware ESXi vmware esxi 8.0 vmware vcenter VMware vCenter Server

MENU

  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

BLOG TECHNICZNY

FortiAnalyzer 7.6.38 maja 2025
FortiManager 7.6.330 kwietnia 2025
FortiMail 7.6.322 kwietnia 2025

KONTAKT

biuro@b-and-b.plhttps://www.b-and-b.pl
8:00-16:00
RODO | POLITYKA PRYWATNOŚCI
OGÓLNE WARUNKI REKLAMACJI

BEZPIECZEŃSTWO W BIZNESIE 2025 - wszystkie prawa zastrzeżone

MENU

  • Start
  • O nas
  • Produkty
  • Usługi
    • Szkolenia
    • Cyberbezpieczny Samorząd
    • Audyt bezpieczeństwa informacji
      • Testy penetracyjne
      • Testy ataków socjotechnicznych
    • Audyt konfiguracji Fortigate
    • Prezentacje
    • Wdrożenia
  • Blog techniczny
  • Pomoc
  • Kariera
  • Kontakt

BLOG TECHNICZNY

FortiAnalyzer 7.6.38 maja 2025
FortiManager 7.6.330 kwietnia 2025
FortiMail 7.6.322 kwietnia 2025

Kontakt

+48 500-413-313
biuro@b-and-b.pl
8:00-16:00
Add new entry logo

Korzystamy z plików cookies lub podobnych technologii, by lepiej dopasować treści na stronie do Twoich potrzeb. W każdej chwili możesz zmienić ustawienia cookies. Polityka prywatności

Akceptuję Odmów
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
  • Always Active
    Necessary
    Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  • Marketing
    Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
  • Analytics
    Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
  • Preferences
    Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
  • Unclassified
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.