Resolved Issues
The following issues have been fixed in version 5.6.6. For inquires about a particular bug, please contact Customer Service & Support.
Authentication
| Bug ID | Description |
| 433700 | Support non-blocking LDAP authentication. |
| 461580 | Getting authentication portal by FQDN:1000/login? and /logout? does not work if using authredirect fqdn in policy. |
| 474615 | Not possible to allow expired certificates while blocking is revoked. |
| 477437 | authd crashes. |
| 477856 | FortiGate does not send RADIUS accounting interim updates to the configured accounting server. |
| Bug ID | Description |
| 479672 | FortiTelemetry not blocking VIP. |
AV
| Bug ID | Description |
| 459986 | Repeated scanunit signal 11 crash scan_for_base64_objects. |
| 488492 | Mobile Malware Subscription missing expire date. |
Connectivity
| Bug ID | Description |
| 463982 | FortiManager IP is unset in FortiGate CM. |
| 479607 | Scheduled auto-update happens twice in 10 seconds but a log entry for the first try is not logged. |
DLP
| Bug ID | Description |
| 496255 | Some XML-based MS Office files are recognized as ZIP file. |
Endpoint Control
FIPS-CC
| Bug ID | Description |
| 481535 | Device suddenly goes down with FIPS error . |
Firewall
| Bug ID | Description |
| 478360 | IPv6 VIP does not translate IP address. |
| 497954 | Netflow gives wrong reports for long lived sessions. |
| 498188 | Dirty_session_check in FortiGate drops all established VIP64 sessions. |
FortiSwitch-Controller
| Bug ID | Description |
| 497980 | All managed FortiSwitches capwap tunnel down due to application cu_acd crashed. |
| 498211 | Connectivity fault during upgrade of FortiLink connected FSW. |
FortiView
| Bug ID | Description |
| 437272 | FortiView bytes Sent/Received not matching the total data of the source when drilled down to details. |
| 477994 | Realtime FortiVIew > All Sessions, filtering entries by Application is not working. |
GUI
| Bug ID | Description | |
| 438183 | The exemption list of a cloned AV profile with Sandbox-inspection enabled affects the list of original AV profile. | |
| 449598 | Remote LDAP User Definition wizard does not pull users. | |
| 450919 | IPS sensor with >= 8192 signature entries should not be created from GUI. | |
| 457378 | Show Matching Logs of IPv4 Policy does not work when Implicit Firewall Policies of Feature
Visibility is disabled. |
|
| 462757 | VPN map fails to load when using a custom management VDOM. | |
| 463539 | Addresses page keep loading if nested addrgrp6 exists. | |
| Bug ID | Description | |
| 467175 | Interface Bandwidth widget in NOC type dashboard disappears due to javascript after being added and then refreshed. | |
| 471578 | Should not display cached/failed log status when FortiAnalyzer is store-and-upload and test connectivity succeed. | |
| 474645 | After modifying system settings in GUI, gets wrong message and FGFM status is changed. | |
| 482628 | CPU.Speculative.Execution.Timing.Information.Disclosure signature can’t be filtered if Application is selected. | |
| 485386 | Adding a signature to existing IPS sensor profile gives internal server error -500 error message on web GUI. | |
| 488563 | Purging expired account or deleting account through guest admin for user group name with spaces lead to blank page. | |
| 490409 | FSSO configuration not displaying if the name contains spaces. | |
| 493140 | Need to see application signature names instead of LDS under Logs & Report > System event logs. | |
| 493230 | SNMP GUI page Apply button doesn’t work after the first time. | |
HA
| Bug ID | Description |
| 408886 | Uninterrupted upgrade from B718 to tag 9702 failed with 1.5M BGP routes and 6M sessions load. |
| 459252 | Hasync, Hatalk, and a few other processes go to D state when creating firewall policy or editing interface. |
| 465849 | Wrong diagnose sys ha dump-by vcluster display when cluster is on the same LAN. |
| 471816 | Policy route setting is synced in standalone-config-sync mode. |
| 473806 | Management interface IP address replicating to slave when using standalone management VDOMs. |
| 480195 | cmdbsvr process crashes with signal 6 and signal 11 while adding devices to a large device group. |
| 482548 | Conserve mode caused by hasync consuming most of memory. |
| 488729 | Box doesn not boot up when standalone-mgmt-vdom option is enabled in HA setting and rebooted. |
| 491311 | Management port has sync’ed when creating a new NAT VDOM. |
| 493759 | When vcluster2 is removed from HA config, all active sessions are killed once session-ttl is reached. |
| 503118 | Slave unit sends several false alert emails everyday after upgrade to 5.6. |
IPS
| Bug ID | Description |
| 423140 | All IPS sessions lost when new custom signature added. |
| 492193 | DoS policies consume 20% more CPU than in FortiOS 5.2. |
| 503895 | Traffic drops for 15 seconds when UTM is enabled. |
| 506234 | Cannot configure IPS sensor severity or threat-weight category. |
IPsec VPN
| Bug ID | Description |
| 476461 | IKE does not release the mode-cfg framed-IP assigned from RADIUS. |
| 486756 | Traffic is not fragmented for IPsec VPN when Proxy-based UTM is enabled. |
| 487946 | MSS value increases when AV or WEB filter in use resulting in Packet too big message. |
| 490066 | FortiClient with IPsec with Proxy / Webfilter – Fragmentation is needed. |
| 492046 | FortiGate does not respond to INFORMATIONAL exchange message as requested by RFC. |
| 492366 | 100% system CPU usage when re-keying idle IPsec tunnels. |
Log & Report
| Bug ID | Description |
| 459163 | QUAD File Dropped Reason = Unknown. |
| 462471 | Found miglogd crash on FG-240D. |
| 496058 | FortiAnalyzer is not able to show logs from some VDOMs. |
| 497357 | FortiGate logs show the action as block when we use DNS filter and if a DNS query timeout happens. |
Proxy and WebProxy
| Bug ID | Description | |
| 487096 | SSL handshake fails when activate ESET application. | |
| 491417 | FortiGate is dropping server hello packets when URLFILTER is enabled. | |
| 500182 | UDP over SOCKS proxy. | |
| 500965 | In FG-200E kernel conserve mode, WAD process consuming high memory. | |
| Bug ID | Description | |
| 503633 | Some traffic forwarded to different gateway when proxy based UTM profiles are used. | |
| 507155 | System went into conserve mode due to WAD after upgrade to 5.6.5. | |
Router
| Bug ID | Description |
| 443948 | High memory usage for zebos_launcher and isisd. |
| 460959 | WAN link monitor (HTTP) log issue. |
| 465957 | Backup VPN static route remains after failback when explicit proxy and NAT are configured. |
| 490312 | When we set keepalive-interval > 0 in GRE tunnel, static route to remote site becomes inactive. |
| 491423 | BGP shutdown neighbor capability-default-originate parameter always in use. |
| 491679 | FortiGate chooses higher metric OSPF E2 route for traffic under some circumstance. |
| 505189 | Kernel is missing routes. |
| 506219 | Worker blade doesn’t update the FT routing cache when phase1 is bound to a loopback interface. |
SSL VPN
| Bug ID | Description |
| 382223 | SMB/CIFS bookmark in SSL VPN portal doesn’t work with DFS Microsoft file server error “Invalid HTTP request”. |
| 456027 | SMB bookmark in SSL VPN portal doesn’t work with dynamic user-mapping and gets Invalid HTTP request error. |
| 466438 | High CPU usage by sslvpnd. |
| 483253 | FQDN doesn’t work well through SSL VPN web mode. |
| 486918 | SSL VPN web mode unable to load the page correctly. |
| 491733 | SSL VPN process taking 99% of CPU utilization {tunnel mode only). |
| 491895 | Web mode SSL VPN HTTP bookmark not working. |
| 492066 | High memory usage in SSL VPN even when there is only one connection. |
| 492654 | SSLVPND process crashes and users are disconnected from SSL VPN. |
| 494960 | SSL VPN web mode has trouble loading internal web application. |
| 496584 | SSL VPN bad password attempt causes excessive bindRequests against LDAP and lockout of accounts. |
| 507251 | SSLVPND is continuously crashing. |
Switch
| Bug ID | Description |
| 487444 | FortiGate stops accepting traffic from any interface in a hardware switch after HA failover in 80/81E. |
| 493685 | Hardware switch flooding traffic. |
System
| Bug ID | Description |
| 414081 | SMB1 support has been by default disabled under part models. |
| 435388 | The parent physical interface cannot be in zone list when VLAN interface is added to zone. |
| 436399 | snmpd crashes with signal 11 in get_fgHaStatsEntry. |
| 463409 | FG-3700D/DX issue with FQDN. |
| 467060 | Virtual Wire Pair wrongly tag the VLAN when passing from Native VLAN to Tagged VLAN. |
| 475745 | Backup password for administrator account is not working when interface is down. |
| 478264 | VPN traffic across VLAN NPU VDOM link fails after being offloaded. |
| 484281 | Asymmetric traffic issue. |
| 491441 | FWF-60D-POE: Null pointer KP happened a few times. |
| 493052 | Sometimes 5001D slave blade loses kernel static route after down/up traffic interface in 5001D/5913C SLBC system. |
| 493747 | High CPU was observed when changing the policy when large number of policies were configured. |
| 494040 | Creating or modifying security profiles generate multiple logs with misleading action. |
| 494707 | FortiGate trusthost settings not respected. |
| 495994 | Observes lots of IPS syntax errors on the console screen. |
| 496590 | FQDN address object does not accept numbers at the end. |
| 498032 | Sometimes 5001E blade crashes during traffic testing with UTM enabled in firewall policy. |
| 499332 | No error message when configuring address .067 and address converted with .55. |
| 501098 | A specific SFP shared port’s LED (port15 to 18 on FG-800C) is not lit properly. |
| 503638 | config system ipip-tunnel is lost after reboot when using pppoe interface. |
| 505930 | FG-3700D freezes when deleting VDOM. |
| 507060 | Packet loss on startup when interfaces are in bypass mode. |
| 507061 | Longer time to put interfaces in bypass mode during shutdown. |
VM
| Bug ID | Description |
| 464979 | Encounter cannot set MAC address(6) after enabling HA on FGT_VM64_XEN. |
| 476617 | FortiGate VM on AWS using C5 instance can’t upgrade or downgrade image. |
| 496951 | Cannot create 802.3ad Aggregate with more than one member in KVM FGT-VM. |
| 498653 | FortiOS VM stops passing traffic after failover. |
| 501886 | Azure SDN connector does not work for some regions. |
| 506221 | azd keep crashing with signal 11. |
VoIP
| Bug ID | Description |
| 478634 | Debug commands for SIP filter are not applied. |
| 508277 | Non-SIP packet send to SIP ALG gets dropped with no log. |
Web Filter
| Bug ID | Description |
| 470650 | DNS filter getting purged by FortiManager when not used in a policy because FortiGate DNS filter does not contain static entry. |
| 476806 | FortiOS incorrectly sends ICMP “Destination Unreachable” with WF/certificate inspection. |
| 485685 | Proceeding from a web filter warning page intermittently results in the BLOCK page shown instead of the expected web site. |
| 486466 | HTTPS web page is blocked after clicking Proceed button. |
| 489286 | Renaming web filter profile does not take effect. |
| 504238 | Incorrect log action blocked even user is “passthrough” in web filter log with warning-prompt per domain. |
WiFi
| Bug ID | Description |
| 471638 | FortiGate disconnects all clients when they roam from AP to AP. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | Description |
| 450553 | FortiOS5.6.6 is no longer vulnerable to the following CVE Reference:
l CVE-2017-12150 l CVE-2017-12151 l CVE-2017-12163 |
| 476125 | FortiOS5.6.6 is no longer vulnerable to the following CVE Reference:
l CVE-2018-9185 |
| 478185 | FortiOS5.6.6 is no longer vulnerable to the following CVE Reference:
l CVE-2017-11227 l CVE-2014-9295 l CVE-2017-9793 |
| 487421 | FortiOS5.6.6 is no longer vulnerable to the following CVE Reference:
l CVE-2018-13365 |
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Hi, can i download forti OS for free?