Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

415685

Token-only user can log in to SP configured for "Enforce TFA" option if this user already has active session.

473605

Provide convenient method for admin to purge all offline token data for user.

481250

FortiAuthenticator- Private keys in file system. Not been protected by HSM.

482900

User registration via Guest Portal requires the approver to enable RADIUS authentication first.

495618

Windows Agent does not try to use secondary FortiAuthenticator upon DNS lookup failure for primary.

495872

EAP Server Certificate must be FQDN-specific, no wildcard permitted (for Windows 10 clients).

505497

FG-IR-18-182 PostgreSQL multiple releases.

510931

Clarification for Monitor, Authentication, and Windows AD statuses.

512913

One of the cluster units does not send traps while set as the active member.

519319

FortiAuthenticator is crashing every time when the LDAP Remote user sync rules are supposed to run.

519539

Cannot export local user if number of user is large.

526202

FortiAuthenticator does not check if signature of CSR is valid.

530922

Google+ is being shutdown.

532652

Users Audit Report not working on load-balancer.

536211

Should limit FSSO password to 15 characters since that is the limit on the Fortigate.

537531

Support dual 2FA for remote users sync rules.

538059

Importing an ECDSA-signed certificate/key causes an error dump.

538244

Add option for FortiAuthenticator SAML IdP to send Subject NameID in example.com\username format.

540587

GUI exception/crash occurs when clicking on a guest user in a load-balancer FortiAuthenticator.

540932

FSSOMA nested group search failing if nested via primary group.

542755

Password field in API call for remote users.

544023

Picking MD5-hashed certificate for system access causes Apache to crash repeatedly. FortiAuthenticator GUI becomes inaccessible.

544652

Django upgrading to v1.11.20 (python 2.7) or v2.2 (python 3).

544851

HA re-enable and interface in use.

546764

Non-ASCII characters in replacement messages cause line-break in the middle of a URL in emails

548556

Enabling secure passwords options prevents LDAP clients from accessing FortiAuthenticator LDAP sever.

551478

FortiAuthenticator VM upgrade from 4.0 b6237 to 6.0 b010 not successful.

554282

Should have similar log messages for remote sync rules when either an admin or non-admin role is assigned to imported user.

555180

Push notification certificates not restored to disk following model conversion.

557070

One new jQuery CVE disclosed on 2019-04-19.

557773

Provide skeleton language pack for self-service portal.

558681

Load-balancer doesn't response to the accounting-request after the failover.

561190

Improve IdP metadata.

561563

Guest portal authentication fails with HTTP 500 if user name contains non-ASCII characters.

561588

Adding SMS license shows "connection timeout"in the GUI.

561794

Cannot edit guest user whose sponsor's account has been deleted.

563330

Error While accessing Authentication > Remote users.

566145

Usage Profile "TIME USAGE=Time used" is not triggering COA or disconnect request to FortiGate.

566767

FAC Agent - Include timestamps from FortiAuthenticator in the agent log when importing offline tokens.

567157

Trusted CA import shows pending when certificate is using SHA512 as hash.

567493

EAP-TLS authentication does not check AuthorityKeyIdentifier when matching allowed/trusted CAs.

568479

EAP-TLS - deletion of local CA#1 breaks authentication for local CA#2 with identical subjects.

569420

Certificate upload to FortiAuthenticator in PKCS#12 format fails.

570138

Local users screen crashes intermittently.

571226

FortiAuthenticator API - Call to api/v1/usercerts.

571537

Smart Connect profile is not working on MAC computer.

572513

FortiMobile push stopped working after upgrade from 5.5.0 to 6.0.2 while trying to log in to FortiAuthenticator admin access with remote users.

574824

No more than 20 Realms can be present in RADIUS client settings.

575996

FortiAuthenticator as RSSO > FSSO processing fails if fails RADIUS Accounting Sources is configured with FQDN instead of IP.

577590

FortiGuard server failed sending SMS because message is too long.

581951

Fortitoken Cloud status service error when no entitlement purchased.

581967

FTM trial license activation: Disable "Cannot find req_trial_ftm task. It might have been removed".

582845

Revoked local service certificates not in CRL.

582850

RADIUS attributes are not added in Access-Accept packet.

583729

Unable to import users into LDAP directory tree.

585864

Random issue while accessing FortiAuthenticator Dashboard.

586033

FortiAuthenticator sends faulty class attribute in Access-Accept.

586645

'ftm_id' error returns to FTM Android when approve login request from push notification.

587355

The FortiAuthenticator not processing DC agent information.

591250

KVM Uptime is wrong after VM reboot.

591280

"Cluster not formed" message on HA Status page, but HA seems to work OK.

591814

Admin login from Guest Portal registration link that was emailed by FortiAuthenticator keeps failing.

592077

FCT: Reached maximum client number, cannot accept new connection

592533

FortiAuthenticator Agent should programmatically disable all installed credential providers instead of just the Windows defaults.

592858

Routing table breaks when updating IP.

593571

Disk monitor widget error on dashboard.

594410

Not able to select FortiToken Hardware under self-service portal.

595030

Performance improvement for Windows Authenticator for users with offline tokens.

595762

FortiAuthenticator-VM Azure maintainer account doesn't work.

596071

FortiAuthenticator AWS having issue connection to AWS NTP server address 169.254.169.123.

596290

Accent character handling for remote LDAP user.

596406

Inconsistency on fiber ports, HA implementation.

596611

DCAgents marked as offline randomly in SSO Monitor, fail to process user events in that state.

596723

Delay in loading Guest Portal.

596740

SNMP trap for user lockout still getting sent even when it has been disabled.

596840

LDAP realm with token-only authentication works only with PAP

596905

Standalone primary unit in a load-balancing configuration restarts itself when a new connection replaces an existing one.

597116

FortiAuthenticator not accessible via port2 despite setting allowaccess https. 403 Forbidden error is presented.

598447

2FA field is named identically to password field.

598781

Add HA "debug mode" outputs additional data to the HA debug log.

600065

FortiAuthenticator cannot use NTLMv2 in WINBIND process to join AD Domain.

600068

Mobile number verification for Guest portal Self-registration (pre-login service) does not use the configured SMS gateway.

600073

Cannot finish Guest Portal self-registration if Device Tracking post-login feature is enabled.

600357

SCEP Response with certificate, has three extra bytes.

600701

Social logins are denied when normal user license is exhausted.

600848

SNMP sysUpTime value reset to zero every four hours.

601812

Link in password reset email is split in two lines.

602138

Slony HA still needs an indicator for "in_sync" in the HA Status GUI.

602352

GUI error for SSO Group Fine-grained Controls

602443

Use mobile number as username pass in incorrect value causes GUI webpage crash.

602675

Update default FortiToken Mobile provisioning message.

602927

Merge OCI support into trunk.

602962

RADIUS MSCHAPv2 authentication fails even FortiAuthenticator is joined to the domain.

604394

winbind child process spikes CPU to 75%+.

604431

Vulnerability of HTTP host header value reflection.

605689

Custom dictionaries are not syncing with HA load balancing device.

606263 SSO users flushed after making LDAP server changes on FortiAuthenticator - 10 minute restart delay.

606707

It is possible to view/edit user data field from guest portal, even if profile view/edit options are not enabled.

606722

User information is missing the FortiAuthenticator logs.

607308

SAML user attribute "Remote LDAP Groups" - Limit of 200 insufficient.

607529

Change token default GUI display to six stars.

608937

Forbid firmware upgrades from 6.0.3 or earlier to 6.1.0 or later

610998

Unable to revoke user certificate - duplicate key value.

612114

Upgrade from 5.4.1 to 6.0.3 HTTPS swaps with RADIUS Account Monitor.

612233

jQuery not referenced causing FTM push failing on FortiClient SAML for SSLVPN.

612695

FortiAuthenticator sends DNS requests for the Client subnets configured in RADIUS accounting clients.

614490

Lengthy recovery time when connection to DC is interrupted.

Resolved issues

The resolved issues listed below may not list every bug that has been corrected with this release. For inquiries about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

415685

Token-only user can log in to SP configured for "Enforce TFA" option if this user already has active session.

473605

Provide convenient method for admin to purge all offline token data for user.

481250

FortiAuthenticator- Private keys in file system. Not been protected by HSM.

482900

User registration via Guest Portal requires the approver to enable RADIUS authentication first.

495618

Windows Agent does not try to use secondary FortiAuthenticator upon DNS lookup failure for primary.

495872

EAP Server Certificate must be FQDN-specific, no wildcard permitted (for Windows 10 clients).

505497

FG-IR-18-182 PostgreSQL multiple releases.

510931

Clarification for Monitor, Authentication, and Windows AD statuses.

512913

One of the cluster units does not send traps while set as the active member.

519319

FortiAuthenticator is crashing every time when the LDAP Remote user sync rules are supposed to run.

519539

Cannot export local user if number of user is large.

526202

FortiAuthenticator does not check if signature of CSR is valid.

530922

Google+ is being shutdown.

532652

Users Audit Report not working on load-balancer.

536211

Should limit FSSO password to 15 characters since that is the limit on the Fortigate.

537531

Support dual 2FA for remote users sync rules.

538059

Importing an ECDSA-signed certificate/key causes an error dump.

538244

Add option for FortiAuthenticator SAML IdP to send Subject NameID in example.com\username format.

540587

GUI exception/crash occurs when clicking on a guest user in a load-balancer FortiAuthenticator.

540932

FSSOMA nested group search failing if nested via primary group.

542755

Password field in API call for remote users.

544023

Picking MD5-hashed certificate for system access causes Apache to crash repeatedly. FortiAuthenticator GUI becomes inaccessible.

544652

Django upgrading to v1.11.20 (python 2.7) or v2.2 (python 3).

544851

HA re-enable and interface in use.

546764

Non-ASCII characters in replacement messages cause line-break in the middle of a URL in emails

548556

Enabling secure passwords options prevents LDAP clients from accessing FortiAuthenticator LDAP sever.

551478

FortiAuthenticator VM upgrade from 4.0 b6237 to 6.0 b010 not successful.

554282

Should have similar log messages for remote sync rules when either an admin or non-admin role is assigned to imported user.

555180

Push notification certificates not restored to disk following model conversion.

557070

One new jQuery CVE disclosed on 2019-04-19.

557773

Provide skeleton language pack for self-service portal.

558681

Load-balancer doesn't response to the accounting-request after the failover.

561190

Improve IdP metadata.

561563

Guest portal authentication fails with HTTP 500 if user name contains non-ASCII characters.

561588

Adding SMS license shows "connection timeout"in the GUI.

561794

Cannot edit guest user whose sponsor's account has been deleted.

563330

Error While accessing Authentication > Remote users.

566145

Usage Profile "TIME USAGE=Time used" is not triggering COA or disconnect request to FortiGate.

566767

FAC Agent - Include timestamps from FortiAuthenticator in the agent log when importing offline tokens.

567157

Trusted CA import shows pending when certificate is using SHA512 as hash.

567493

EAP-TLS authentication does not check AuthorityKeyIdentifier when matching allowed/trusted CAs.

568479

EAP-TLS - deletion of local CA#1 breaks authentication for local CA#2 with identical subjects.

569420

Certificate upload to FortiAuthenticator in PKCS#12 format fails.

570138

Local users screen crashes intermittently.

571226

FortiAuthenticator API - Call to api/v1/usercerts.

571537

Smart Connect profile is not working on MAC computer.

572513

FortiMobile push stopped working after upgrade from 5.5.0 to 6.0.2 while trying to log in to FortiAuthenticator admin access with remote users.

574824

No more than 20 Realms can be present in RADIUS client settings.

575996

FortiAuthenticator as RSSO > FSSO processing fails if fails RADIUS Accounting Sources is configured with FQDN instead of IP.

577590

FortiGuard server failed sending SMS because message is too long.

581951

Fortitoken Cloud status service error when no entitlement purchased.

581967

FTM trial license activation: Disable "Cannot find req_trial_ftm task. It might have been removed".

582845

Revoked local service certificates not in CRL.

582850

RADIUS attributes are not added in Access-Accept packet.

583729

Unable to import users into LDAP directory tree.

585864

Random issue while accessing FortiAuthenticator Dashboard.

586033

FortiAuthenticator sends faulty class attribute in Access-Accept.

586645

'ftm_id' error returns to FTM Android when approve login request from push notification.

587355

The FortiAuthenticator not processing DC agent information.

591250

KVM Uptime is wrong after VM reboot.

591280

"Cluster not formed" message on HA Status page, but HA seems to work OK.

591814

Admin login from Guest Portal registration link that was emailed by FortiAuthenticator keeps failing.

592077

FCT: Reached maximum client number, cannot accept new connection

592533

FortiAuthenticator Agent should programmatically disable all installed credential providers instead of just the Windows defaults.

592858

Routing table breaks when updating IP.

593571

Disk monitor widget error on dashboard.

594410

Not able to select FortiToken Hardware under self-service portal.

595030

Performance improvement for Windows Authenticator for users with offline tokens.

595762

FortiAuthenticator-VM Azure maintainer account doesn't work.

596071

FortiAuthenticator AWS having issue connection to AWS NTP server address 169.254.169.123.

596290

Accent character handling for remote LDAP user.

596406

Inconsistency on fiber ports, HA implementation.

596611

DCAgents marked as offline randomly in SSO Monitor, fail to process user events in that state.

596723

Delay in loading Guest Portal.

596740

SNMP trap for user lockout still getting sent even when it has been disabled.

596840

LDAP realm with token-only authentication works only with PAP

596905

Standalone primary unit in a load-balancing configuration restarts itself when a new connection replaces an existing one.

597116

FortiAuthenticator not accessible via port2 despite setting allowaccess https. 403 Forbidden error is presented.

598447

2FA field is named identically to password field.

598781

Add HA "debug mode" outputs additional data to the HA debug log.

600065

FortiAuthenticator cannot use NTLMv2 in WINBIND process to join AD Domain.

600068

Mobile number verification for Guest portal Self-registration (pre-login service) does not use the configured SMS gateway.

600073

Cannot finish Guest Portal self-registration if Device Tracking post-login feature is enabled.

600357

SCEP Response with certificate, has three extra bytes.

600701

Social logins are denied when normal user license is exhausted.

600848

SNMP sysUpTime value reset to zero every four hours.

601812

Link in password reset email is split in two lines.

602138

Slony HA still needs an indicator for "in_sync" in the HA Status GUI.

602352

GUI error for SSO Group Fine-grained Controls

602443

Use mobile number as username pass in incorrect value causes GUI webpage crash.

602675

Update default FortiToken Mobile provisioning message.

602927

Merge OCI support into trunk.

602962

RADIUS MSCHAPv2 authentication fails even FortiAuthenticator is joined to the domain.

604394

winbind child process spikes CPU to 75%+.

604431

Vulnerability of HTTP host header value reflection.

605689

Custom dictionaries are not syncing with HA load balancing device.

606263 SSO users flushed after making LDAP server changes on FortiAuthenticator - 10 minute restart delay.

606707

It is possible to view/edit user data field from guest portal, even if profile view/edit options are not enabled.

606722

User information is missing the FortiAuthenticator logs.

607308

SAML user attribute "Remote LDAP Groups" - Limit of 200 insufficient.

607529

Change token default GUI display to six stars.

608937

Forbid firmware upgrades from 6.0.3 or earlier to 6.1.0 or later

610998

Unable to revoke user certificate - duplicate key value.

612114

Upgrade from 5.4.1 to 6.0.3 HTTPS swaps with RADIUS Account Monitor.

612233

jQuery not referenced causing FTM push failing on FortiClient SAML for SSLVPN.

612695

FortiAuthenticator sends DNS requests for the Client subnets configured in RADIUS accounting clients.

614490

Lengthy recovery time when connection to DC is interrupted.