Other operating systems may function correctly, but are not supported by Fortinet.
SSL VPN web mode
The following table lists the operating systems and web browsers supported by SSL VPN web mode.
| Product | Antivirus | Firewall |
| CA Internet Security Suite Plus Software | ✔ | ✔ |
| AVG Internet Security 2011 |
Supported operating systems and web browsers
| Operating System | Web Browser |
| Microsoft Windows 7 SP1 (32-bit/64-bit) | Microsoft Internet Explorer version 11 Mozilla Firefox version 46 |
| Microsoft Windows 8/8.1 (32-bit/64-bit) | Microsoft Internet Explorer version 11 Mozilla Firefox version 46 |
| Mac OS 10.9 | Safari 7 |
| Linux CentOS version 6.5 | Mozilla Firefox version 46 |
Other operating systems and web browsers may function correctly, but are not supported by Fortinet.
SSL VPN host compatibility list
The following table lists the antivirus and firewall client software packages that are supported.
Supported Microsoft Windows XP antivirus and firewall software
| Product | Antivirus | Firewall |
| Symantec Endpoint Protection 11 | ✔ | ✔ |
| Kaspersky Antivirus 2009 | ✔ | |
| McAfee Security Center 8.1 | ✔ | ✔ |
| Trend Micro Internet Security Pro | ✔ | ✔ |
| F-Secure Internet Security 2009 | ✔ | ✔ |
Supported Microsoft Windows 7 32-bit antivirus and firewall software
SSL VPN
| Product | Antivirus | Firewall |
| F-Secure Internet Security 2011 | ✔ | ✔ |
| Kaspersky Internet Security 2011 | ✔ | ✔ |
| McAfee Internet Security 2011 | ✔ | ✔ |
| Norton 360™ Version 4.0 | ✔ | ✔ |
| Norton™ Internet Security 2011 | ✔ | ✔ |
| Panda Internet Security 2011 | ✔ | ✔ |
| Sophos Security Suite | ✔ | ✔ |
| Trend Micro Titanium Internet Security | ✔ | ✔ |
| ZoneAlarm Security Suite | ✔ | ✔ |
| Symantec Endpoint Protection Small Business Edition 12.0 | ✔ | ✔ |
Resolved Issues
The following issues have been fixed in version 5.4.4. For inquires about a particular bug, please contact CustomerService & Support.
AV
| Bug ID | Description |
| 370074 | HTTP evader tool – AV evasion through manipulating HTTP content-encoding. |
DLP
| Bug ID | Description |
| 379911 | DLP filter order is not applied to encrypted files. |
| 367514 | Executable files may not be blocked by DLP built-in .exe file-type filter. |
FortiView
| Bug ID | Description |
| 289376 | Applying the filter All by using the right-click method may not work in the All Sessions page. |
GUI
| Bug ID | Description |
| 374221 | SSL VPN setting portal mapping realm field misses the / option. |
| 374162 | GUI may show the modem status as Active in the Monitor page after setting the modem to disable. |
| 393267 | Cannot edit existing Web Filter profile. |
| 378421 | Committing any change on SSL VPN Settings over web page returns error:500. |
| 356998 | urlfilter list re-order on GUI does not work. |
| 396783 | Disable GUI support for Domain/IP reputation feature. |
HA
| Bug ID | Description |
| 401745 | Master can’t sync with slave after updating OS from b1099. |
Log & Report
| Bug ID | Description |
| 397132 | Log rate is only 30k without any log lost on 3700D. |
| 369778 | The FWF_90D daemon report takes 99% of CPU time. |
| 387014 | EXT2 and EXT3 Errors from Console. |
| 400871 | Changes to support Log Message Reference. |
Switch-Controller
| Bug ID | Description |
| 395711 | pyfcgid takes 100% of CPU when managed switch page displayed. |
| 400700 | FortiLink is unstable – 1 min. disconnect/reconnect. |
SSL VPN
| Bug ID | Description |
| 366291 | High CPU usage by SSL VPN. |
| 397654 | Intranet website opens in separate tabs in web-mode SSLVPN. |
Firewall
| Bug ID | Description |
| 396527 | Policy does not work as intended when there are two IPv6 VIPs which has the same mappedip and different extip. |
IPS
| Bug ID | Description |
| 396658 | IPS signature count decreases from ~10k to ~5k after FGT reboot. |
IPsecVPN
| Bug ID | Description |
| 384334 | unregister_netdevice: showing up on console after ha failover if flushing ipv6 advpn spoke. |
| 385658 | DPD interoperability issue with Huawei eNodeB. |
| 396041 | Tunnel interface loses its config after reboot on 50E. |
Users
| Bug ID | Description |
| 397642 | FGT5HD a-p cluster, LDAP authentication fails for users members of huge amount of LDAP groups. |
| 400065 | The FSSO users were not able to pickup by firewall policy. |
System
| Bug ID | Description |
| 401241 | SSL handshake fails when WAD needs to update the session ticket. |
| 401886 | Update geoip database to version 1.060(20170106). |
| 398511 | Sometimes the FG-5001D model selects a link-down port as an active slave of the redundant interface which causes system instability. |
| 391516 | Add Franklin USB700 Modem support. |
| 289738 | FortiGate now supports Verizon 4G LTE USB Modem U620L. |
| 386859 | Netgear/Sierra AC340U wireless modem cards do not attach to USB serial properly on FG30E/50E. |
| 384831 | CDC Ethernet USB modem not working on Kernel 3.2 devices. |
| 396472 | Checksum control is not working when upgrading firmware. |
| 370586 | Add CLI commands to configure limited IPsec engine on NP6. |
Router
| Bug ID | Description |
| 397628 | Internet-service based routing not working. |
| 402019 | Policy Route member based is not updated untill config change or lnkmtd is restarted. |
WebProxy
| Bug ID | Description |
| 398297 | WAD does not forward http POST with data but reset the connection when action is allow. |
| 398267 | WAD crashes with singal 11 when App ctrl is used in webproxy policy. |
| 400556 | WAD dispatcher incorrectly count active file-descriptors. |
Known Issues
The following issues have been identified in version 5.4.4. For inquires about a particular bug or to report a bug, please contact CustomerService & Support.
AntiVirus
| Bug ID | Description |
| 374969 | FortiSandbox FortiView may not correctly parse the FSA v2.21 tracer file(.json). |
| 392200 | Encrypted archive log is generated even though the function archive-log in antivirus profile is unset. |
| Bug ID | Description |
| 375246 | invalid hbdev dmz may be received if the default hbdev is used. |
Endpoint Control
| Bug ID | Description |
| 375149 | FGT does not auto update AV signature version while Endpoint Control is enabled. |
| 374855 | Third party compliance may not be reported if FortiClient has no AV feature. |
Firewall
| Bug ID | Description |
| 364589 | LB VIP slow access when cookie persistence is enabled. |
FortiGate-3815D
| Bug ID | Description |
| 385860 | FortiGate-3815D does not support 1GE SFP transceivers. |
| FortiGate-92D | |
| Bug ID | Description |
| 267347 | FortiGate-92D does not support Hardware switch. |
FortiRugged-60D
FortiSwitch-Controller/FortiLink
| Bug ID | Description |
| 357360 | DHCP snooping may not work on IPv6. |
| 374346 | Adding or reducing stacking connections may block traffic for 20 seconds. |
| 369099 | FortiSwitch authorizes successfully, but fails to pass traffic until you reboot FortiSwitch. |
| 304199 | Using HA with FortiLink can encounter traffic loss during failover. |
FortiView
| Bug ID | Description |
| 303940 | Web Site > Security Action filter may not work. |
| 373142 | Threat: Filter result may not be correct when adding a filter on a threat and threat type on the first level. |
| 366627 | FortiView Cloud Application may display the incorrect drilldown File and Session list in the Applications View. |
| 374947 | FortiView may show empty country in the IPv6 traffic because country info is missing in log. |
| 372350 | Threat view: Threat Type and Event information is missing in the last level of the threat view. |
| 375187 | Using realtime auto update may increase chrome browser memory usage. |
| 368644 | Physical Topology: Physical Connection of stacked FortiSwitch may be incorrect. |
| 375172 | FortiGate under a FortiSwitch may be shown directly connected to an upstream FortiGate. |
| 372897 | Invalid -4 and invalid 254 is shown as the submitted file status. |
GUI
| Bug ID | Description |
| 289297 | Threat map may not be fully displayed when screen resolution is not big enough. |
| 374166 | Using Edge cannot select the firewall address when configuring a static route. |
| 374081 | wan-load-balance interface may be shown in the address associated interface list. |
| 374521 | Unable to Revert revisions on GUI. |
| Bug ID | Description |
| 375369 | May not be able to change IPsec manualkey config in GUI. |
| 374363 | Selecting Connect to CLI from managed FAP context menu may not connect to FortiAP. |
| 303928 | After upgrading from 5.2 to 5.4, the default flow based AV profile may not be visible or selectable in the Firewall policy page in the GUI. |
| 365223 | CSF: downstream FGT may be shown twice when it uses hardware switch to connect upstream. |
| 373546 | Only 50 security logs may be displayed in the Log Details pane when more than 50 are triggered. |
| 375383 | Policy list page may receive a js error when clicking the search box if the policy includes wan-load-balance interface. |
| 355388 | The Select window for remote server in remote user group may not work as expected. |
| 373363 | Multicast policy interface may list the wan-load-balance interface. |
| 372943 | Explicit proxy policy may show a blank for default authentication method. |
| 375346 | You may not be able to download the application control packet capture from the forward traffic log. |
| 374224 | The Ominiselect widget and Tooltip keep loading when clicking a newly created object in the Firewall Policy page. |
| 374322 | Interfaces page may display the wrong MAC Address for the hardware switch. |
| 374247 | GUI list may list another VDOM interface when editing a redundant interface. |
| 374320 | Editing a user from the Policy list page may redirect to an empty user edit page. |
| 375036 | The Archived Data in the SnifferTraffic log may not display detailed content and download. |
| 374397 | Should only list any as destination interface when creating an explicit proxy in the TP VDOM. |
| 372908 | The interface tooltip keeps loading the VLAN interface when its physical interface is in another VDOM. |
| 375227 | You may be able to open the dropdown box and add new profiles even though errors occur when editing a Firewall Policy page. |
| 375259 | Addrgrp editing page receives a js error if addrgrp contains another group object. |
| Bug ID | Description |
| 374525 | When activating the FortiCloud/Register-FortiGate, clicking OK may not work the first time. |
| 374343 | After enable inspect-all in ssl-ssh-profile, user may not be able to modify allow-invalid-server-cert from GUI. |
| 372825 | If the selected SSID has reached the maximum entry, the GUI will reset the previously selected SSID. |
| 374191 | The Interface may be hidden from the Physical list if its VLAN interface is a ZONE member in the GUI. |
| 374350 | Field pre-shared key may be unavailable when editing the IPsec dialup tunnel created through the VPN wizard. |
| 374371 | The IPS Predefined Signature information popup window may not be displayed because it is hidden behind the Add Signature window. |
| 374183 | The Security page does not have details for the Forward Traffic log for an IPS attack when displaying a FortiAnalyzer log. |
| 374538 | Unable to enable Upload logs to FortiAnalyzer after disabling it. |
| 374373 | Policy View: Filter bar may display the IPv4 policy name for the IPv6 policy. |
| 365378 | You may not be able to assign ha-mgmt-interface IP address in the same subnet as another port from the GUI. |
| 374237 | You may not be able to set a custom NTP server in the GUI if you did not config it in the CLI first. |
| 393927 | Policy List > FQDN Object tooltip should show resolved IP addresses. |
| 297832 | Administrator with read-write permission for Firewall Configuration is not able to read or write firewall policies. |
| 283682 | Cannot delete FSSO-polling AD group from LDAP list tree window in FSSO-user GUI. |
| 365317 | Unable to add new AD group in second FSSO local polling agent. |
| 369155 | There is no Archived Data tab for email attachment in the DLP log detail page. |
| 356998 | urlfilter list re-order on GUI does not work. |
| 387640 | Duplicate entry found when auto generate guest user. |
| 379050 | User Definition intermittently not showing assigned token. |
| Bug ID | Description |
| 368069 | Cannot select wan-load-balance or members for incoming interface of IPSec tunnel. |
| 378802 | Clicking Archived File button in Archive Data tab brings a webpage with “null”. |
HA
| Bug ID | Description |
| 369437 | HA Sync status icon is missing for Slave’s GUI. |
| 397171 | FIB of VDOMs in vcluster2 is not synced to the slave. |
| 399115 | ID for the new policy (when using edit 0) is different on master and on slave unit. |
| 396938 | Reboot of FGT HA cluster member with redundant HA management interface deletes HA configuration. |
| Bug ID | Description |
| 300637 | MUDB logs may display Unknown in the Attack Name field under UTM logs. |
| 374103 | Botnet detection events are not listed in the Learning Report. |
| 367247 | FortiSwitch log may not show the details in the GUI, while in CLI the details are displayed. |
IPSec
| Bug ID | Description |
| 393958 | Shellshock attack succeeds when FGT is configured with server-cert-mode replace and an attacker uses rsa_3des_sha. |
| 375020 | IPsec tunnel Fortinet bar may not display properly. |
| 374326 | Accept type: Any peerID may be unavailable when creating a IPsec dialup tunnel with a pre-shared key and ikev1 in main mode. |
| 386802 | Unable to establish phase 2 when using address group/group object as quick mode selectors. |
| 397386 | Slave worker blades attempt to establish site to site IPsec VPN tunnel. |
| 356330 | Cross NP6-Chip IPSec traffic does not work in SLBC environment. |
Logging & Report
| Bug ID | Description |
| 374411 | Local and Learning report web usage may only report data for outgoing traffic. |
| 377733 | Results/Deny All filter does not return all required/expected data. |
| 377255 | Can’t read UTM details on log panel when set location to FortiAnalyzer. |
| 386742 | Missing deny traffic log when user traffic is blocked by NAC quarantine. |
Router
| Bug ID | Description |
| 393623 | Policy routing change not is not reflected. |
| 385264 | AS-override has not been applied in multihop AS path condition. |
| 374306 | Number of concurrent sessions affect the convergence time after HA failover. |
| 299490 | During and after failover, some MC Groups take up to 480 seconds to recover. |
| 373892 | ECMP(BGP) routing failover time. |
| 397087 | VRIP cannot be reached on 51E when it is acting as VRRP master. |
SSL VPN
| Bug ID | Description |
| 304528 | SSL VPN Web Mode PKI user might immediately log back in even after logging out. |
| 303661 | The Start Tunnel feature may have been removed. |
| 375137 | SSL VPN bookmarks may be accessible after accessing more than ten bookmarks in web mode. |
| 374644 | SSL VPN tunnel mode Fortinet bar may not be displayed. |
| 395497 | https-redirect for SSL VPN does not support realms. |
| 382223 | SMB/CIFS bookmark in SSL VPN portal doesn’t work with DFS Microsoft file server error “Invalid HTTP request”. |
| 394272 | SSL VPN proxy mode can’t proxy some web server url normally |
System
| Bug ID | Description |
| 304199 | FortiLink traffic is lost in HA mode. |
| 295292 | If private-data-encryption is enabled, when restoring config to a FortiGate, the FortiGate may not prompt the user to enter the key. |
| 290708 | nturbo may not support CAPWAP traffic. |
| 372717 | Unable to access FortiGate GUI via https using low ciphers. |
| 364280 | User cannot use ssh-dss algorithm to log in to FortiGate via SSH. |
| 371320 | show system interface may not show the Port list in sequential order. |
| 372717 | admin-https-banned-cipher in sys global may not work as expected. |
| 371986 | NP6 may have issue handling fragment packets. |
| 287612 | Span function of software switch may not work on FortiGate-51E/FortiGate-30E. |
| 355256 | After reassigning a hardware switch to a TP-mode VDOM, bridge table does not learn MAC addresses until after a reboot. |
| 393395 | The role of new VAP interface should be set as LAN. |
| 393343 | Remove botnet filter option if interface role is set to LAN. |
| 392960 | FOS support for V4 BIOS. |
| 377192 | DHCP request after lease expires is sent with former unicast IP instead of 0.0.0.0 as source. |
| 381363 | Empty username with Radius 802.1x WSSO auth. |
| 354490 | False positive sensor alarms in Event log. |
| 383126 | 50E/51E TP mode – STP BPDU forwarding destined to 01:80:c2:00:00:00 has stopped after warm/cold reboot. |
| 310665 | SNMP Interfaces dropdown is obsolete on some platforms. |
| 382657 | ICMP Packets bigger 1418 bytes size are dropped when offloading for IPSec tunnel is enabled. |
| 394067 | Improve displaying the warning: File System Check Recommended. |
Upgrade
| Bug ID | Description |
| 269799 | Sniffer config may be lost after upgrade. |
| 289491 | When upgrading from 5.2.x to 5.4.0, port-pair configuration may be lost if the port-pair name exceeds 12 characters. |
Visibility
| Bug ID | Description |
| 374138 | FortiGate device with VIP configured may be put under Router/NAT devices because of an address change. |
VM
| Bug ID | Description |
| 364280 | ssh-dss may not work on FGT-VM-LENC. |
Limitations
Citrix XenServer limitations
The following limitations apply to Citrix XenServer installations:
- XenTools installation is not supported.
- FortiGate-VM can be imported or deployed in only the following three formats:
- XVA (recommended) l VHD l OVF
- The XVA format comes pre-configured with default configurations for VM name, virtual CPU, memory, and virtual NIC. Other formats will require manual configuration before the first power on process.
Open Source XenServer limitations
When using Linux Ubuntu version 11.10, XenServer version 4.1.0, and libvir version 0.9.2, importing issues may arise when using the QCOW2 format and existing HDA issues.