Another issue with 6.0.9 (and perhaps earlier versions) is where a client browsing securely to a FGT virtual server will get disconnected as soon as they send a ClientHello. This isn't reproducible on all our standard virtual servers -- only on one that I'm experimenting on with some advanced features enabled.
Further analysis shows that the wad process is crashing. The TAC engineer matched this to a known bug (590039) and advised me that it has been fixed in 6.2.3. When I asked if it would be backported to 6.0, I was told no, it won't, and to upgrade to 6.2.3. I've asked for an explanation on why it won't be backported and haven't heard yet. That was over three weeks ago.
According to Fortinet's product life cycle, FOS 6.0's engineering support doesn't end until 29 March 2021. If a daemon is crashing, I don't understand why they don't fix it. I'm certainly not keen to upgrade to a new version like 6.2 just yet.
We upgraded today. We are having timeout issues with fortiguard when set to https and had to switch it to udp. Have a ticket open with TAC. So far, https on port 53 or 8888 we get random timeouts when doing a fortiguard url lookup. Switching it to UDP on 8888 appears to fix it, but im guessing this leaves us vulnerable....