Resolved Issues
The following issues have been fixed in version 5.6.6. For inquires about a particular bug, please contact Customer Service & Support.
Authentication
| Bug ID | Description |
| 433700 | Support non-blocking LDAP authentication. |
| 461580 | Getting authentication portal by FQDN:1000/login? and /logout? does not work if using authredirect fqdn in policy. |
| 474615 | Not possible to allow expired certificates while blocking is revoked. |
| 477437 | authd crashes. |
| 477856 | FortiGate does not send RADIUS accounting interim updates to the configured accounting server. |
| Bug ID | Description |
| 479672 | FortiTelemetry not blocking VIP. |
AV
| Bug ID | Description |
| 459986 | Repeated scanunit signal 11 crash scan_for_base64_objects. |
| 488492 | Mobile Malware Subscription missing expire date. |
Connectivity
| Bug ID | Description |
| 463982 | FortiManager IP is unset in FortiGate CM. |
| 479607 | Scheduled auto-update happens twice in 10 seconds but a log entry for the first try is not logged. |
DLP
| Bug ID | Description |
| 496255 | Some XML-based MS Office files are recognized as ZIP file. |
Endpoint Control
FIPS-CC
| Bug ID | Description |
| 481535 | Device suddenly goes down with FIPS error . |
Firewall
| Bug ID | Description |
| 478360 | IPv6 VIP does not translate IP address. |
| 497954 | Netflow gives wrong reports for long lived sessions. |
| 498188 | Dirty_session_check in FortiGate drops all established VIP64 sessions. |
FortiSwitch-Controller
| Bug ID | Description |
| 497980 | All managed FortiSwitches capwap tunnel down due to application cu_acd crashed. |
| 498211 | Connectivity fault during upgrade of FortiLink connected FSW. |
FortiView
| Bug ID | Description |
| 437272 | FortiView bytes Sent/Received not matching the total data of the source when drilled down to details. |
| 477994 | Realtime FortiVIew > All Sessions, filtering entries by Application is not working. |
GUI
| Bug ID | Description | |
| 438183 | The exemption list of a cloned AV profile with Sandbox-inspection enabled affects the list of original AV profile. | |
| 449598 | Remote LDAP User Definition wizard does not pull users. | |
| 450919 | IPS sensor with >= 8192 signature entries should not be created from GUI. | |
| 457378 | Show Matching Logs of IPv4 Policy does not work when Implicit Firewall Policies of Feature
Visibility is disabled. |
|
| 462757 | VPN map fails to load when using a custom management VDOM. | |
| 463539 | Addresses page keep loading if nested addrgrp6 exists. | |
| Bug ID | Description | |
| 467175 | Interface Bandwidth widget in NOC type dashboard disappears due to javascript after being added and then refreshed. | |
| 471578 | Should not display cached/failed log status when FortiAnalyzer is store-and-upload and test connectivity succeed. | |
| 474645 | After modifying system settings in GUI, gets wrong message and FGFM status is changed. | |
| 482628 | CPU.Speculative.Execution.Timing.Information.Disclosure signature can’t be filtered if Application is selected. | |
| 485386 | Adding a signature to existing IPS sensor profile gives internal server error -500 error message on web GUI. | |
| 488563 | Purging expired account or deleting account through guest admin for user group name with spaces lead to blank page. | |
| 490409 | FSSO configuration not displaying if the name contains spaces. | |
| 493140 | Need to see application signature names instead of LDS under Logs & Report > System event logs. | |
| 493230 | SNMP GUI page Apply button doesn’t work after the first time. | |
HA
| Bug ID | Description |
| 408886 | Uninterrupted upgrade from B718 to tag 9702 failed with 1.5M BGP routes and 6M sessions load. |
| 459252 | Hasync, Hatalk, and a few other processes go to D state when creating firewall policy or editing interface. |
| 465849 | Wrong diagnose sys ha dump-by vcluster display when cluster is on the same LAN. |
| 471816 | Policy route setting is synced in standalone-config-sync mode. |
| 473806 | Management interface IP address replicating to slave when using standalone management VDOMs. |
| 480195 | cmdbsvr process crashes with signal 6 and signal 11 while adding devices to a large device group. |
| 482548 | Conserve mode caused by hasync consuming most of memory. |
| 488729 | Box doesn not boot up when standalone-mgmt-vdom option is enabled in HA setting and rebooted. |
| 491311 | Management port has sync’ed when creating a new NAT VDOM. |
| 493759 | When vcluster2 is removed from HA config, all active sessions are killed once session-ttl is reached. |
| 503118 | Slave unit sends several false alert emails everyday after upgrade to 5.6. |
IPS
| Bug ID | Description |
| 423140 | All IPS sessions lost when new custom signature added. |
| 492193 | DoS policies consume 20% more CPU than in FortiOS 5.2. |
| 503895 | Traffic drops for 15 seconds when UTM is enabled. |
| 506234 | Cannot configure IPS sensor severity or threat-weight category. |
IPsec VPN
| Bug ID | Description |
| 476461 | IKE does not release the mode-cfg framed-IP assigned from RADIUS. |
| 486756 | Traffic is not fragmented for IPsec VPN when Proxy-based UTM is enabled. |
| 487946 | MSS value increases when AV or WEB filter in use resulting in Packet too big message. |
| 490066 | FortiClient with IPsec with Proxy / Webfilter – Fragmentation is needed. |
| 492046 | FortiGate does not respond to INFORMATIONAL exchange message as requested by RFC. |
| 492366 | 100% system CPU usage when re-keying idle IPsec tunnels. |
Log & Report
| Bug ID | Description |
| 459163 | QUAD File Dropped Reason = Unknown. |
| 462471 | Found miglogd crash on FG-240D. |
| 496058 | FortiAnalyzer is not able to show logs from some VDOMs. |
| 497357 | FortiGate logs show the action as block when we use DNS filter and if a DNS query timeout happens. |
Proxy and WebProxy
| Bug ID | Description | |
| 487096 | SSL handshake fails when activate ESET application. | |
| 491417 | FortiGate is dropping server hello packets when URLFILTER is enabled. | |
| 500182 | UDP over SOCKS proxy. | |
| 500965 | In FG-200E kernel conserve mode, WAD process consuming high memory. | |
| Bug ID | Description | |
| 503633 | Some traffic forwarded to different gateway when proxy based UTM profiles are used. | |
| 507155 | System went into conserve mode due to WAD after upgrade to 5.6.5. | |
Router
| Bug ID | Description |
| 443948 | High memory usage for zebos_launcher and isisd. |
| 460959 | WAN link monitor (HTTP) log issue. |
| 465957 | Backup VPN static route remains after failback when explicit proxy and NAT are configured. |
| 490312 | When we set keepalive-interval > 0 in GRE tunnel, static route to remote site becomes inactive. |
| 491423 | BGP shutdown neighbor capability-default-originate parameter always in use. |
| 491679 | FortiGate chooses higher metric OSPF E2 route for traffic under some circumstance. |
| 505189 | Kernel is missing routes. |
| 506219 | Worker blade doesn’t update the FT routing cache when phase1 is bound to a loopback interface. |
SSL VPN
| Bug ID | Description |
| 382223 | SMB/CIFS bookmark in SSL VPN portal doesn’t work with DFS Microsoft file server error “Invalid HTTP request”. |
| 456027 | SMB bookmark in SSL VPN portal doesn’t work with dynamic user-mapping and gets Invalid HTTP request error. |
| 466438 | High CPU usage by sslvpnd. |
| 483253 | FQDN doesn’t work well through SSL VPN web mode. |
| 486918 | SSL VPN web mode unable to load the page correctly. |
| 491733 | SSL VPN process taking 99% of CPU utilization {tunnel mode only). |
| 491895 | Web mode SSL VPN HTTP bookmark not working. |
| 492066 | High memory usage in SSL VPN even when there is only one connection. |
| 492654 | SSLVPND process crashes and users are disconnected from SSL VPN. |
| 494960 | SSL VPN web mode has trouble loading internal web application. |
| 496584 | SSL VPN bad password attempt causes excessive bindRequests against LDAP and lockout of accounts. |
| 507251 | SSLVPND is continuously crashing. |
Switch
| Bug ID | Description |
| 487444 | FortiGate stops accepting traffic from any interface in a hardware switch after HA failover in 80/81E. |
| 493685 | Hardware switch flooding traffic. |
System
| Bug ID | Description |
| 414081 | SMB1 support has been by default disabled under part models. |
| 435388 | The parent physical interface cannot be in zone list when VLAN interface is added to zone. |
| 436399 | snmpd crashes with signal 11 in get_fgHaStatsEntry. |
| 463409 | FG-3700D/DX issue with FQDN. |
| 467060 | Virtual Wire Pair wrongly tag the VLAN when passing from Native VLAN to Tagged VLAN. |
| 475745 | Backup password for administrator account is not working when interface is down. |
| 478264 | VPN traffic across VLAN NPU VDOM link fails after being offloaded. |
| 484281 | Asymmetric traffic issue. |
| 491441 | FWF-60D-POE: Null pointer KP happened a few times. |
| 493052 | Sometimes 5001D slave blade loses kernel static route after down/up traffic interface in 5001D/5913C SLBC system. |
| 493747 | High CPU was observed when changing the policy when large number of policies were configured. |
| 494040 | Creating or modifying security profiles generate multiple logs with misleading action. |
| 494707 | FortiGate trusthost settings not respected. |
| 495994 | Observes lots of IPS syntax errors on the console screen. |
| 496590 | FQDN address object does not accept numbers at the end. |
| 498032 | Sometimes 5001E blade crashes during traffic testing with UTM enabled in firewall policy. |
| 499332 | No error message when configuring address .067 and address converted with .55. |
| 501098 | A specific SFP shared port’s LED (port15 to 18 on FG-800C) is not lit properly. |
| 503638 | config system ipip-tunnel is lost after reboot when using pppoe interface. |
| 505930 | FG-3700D freezes when deleting VDOM. |
| 507060 | Packet loss on startup when interfaces are in bypass mode. |
| 507061 | Longer time to put interfaces in bypass mode during shutdown. |
VM
| Bug ID | Description |
| 464979 | Encounter cannot set MAC address(6) after enabling HA on FGT_VM64_XEN. |
| 476617 | FortiGate VM on AWS using C5 instance can’t upgrade or downgrade image. |
| 496951 | Cannot create 802.3ad Aggregate with more than one member in KVM FGT-VM. |
| 498653 | FortiOS VM stops passing traffic after failover. |
| 501886 | Azure SDN connector does not work for some regions. |
| 506221 | azd keep crashing with signal 11. |
VoIP
| Bug ID | Description |
| 478634 | Debug commands for SIP filter are not applied. |
| 508277 | Non-SIP packet send to SIP ALG gets dropped with no log. |
Web Filter
| Bug ID | Description |
| 470650 | DNS filter getting purged by FortiManager when not used in a policy because FortiGate DNS filter does not contain static entry. |
| 476806 | FortiOS incorrectly sends ICMP “Destination Unreachable” with WF/certificate inspection. |
| 485685 | Proceeding from a web filter warning page intermittently results in the BLOCK page shown instead of the expected web site. |
| 486466 | HTTPS web page is blocked after clicking Proceed button. |
| 489286 | Renaming web filter profile does not take effect. |
| 504238 | Incorrect log action blocked even user is “passthrough” in web filter log with warning-prompt per domain. |
WiFi
| Bug ID | Description |
| 471638 | FortiGate disconnects all clients when they roam from AP to AP. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | Description |
| 450553 | FortiOS5.6.6 is no longer vulnerable to the following CVE Reference:
l CVE-2017-12150 l CVE-2017-12151 l CVE-2017-12163 |
| 476125 | FortiOS5.6.6 is no longer vulnerable to the following CVE Reference:
l CVE-2018-9185 |
| 478185 | FortiOS5.6.6 is no longer vulnerable to the following CVE Reference:
l CVE-2017-11227 l CVE-2014-9295 l CVE-2017-9793 |
| 487421 | FortiOS5.6.6 is no longer vulnerable to the following CVE Reference:
l CVE-2018-13365 |
Hi, can i download forti OS for free?