Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Release Notes

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Mantis ID

Description

526202 FortiAuthenticator does not check if signature of CSR is valid.
543729 RADIUS client service not working after upgrade.
586570 FortiToken self-reprovision fails when token does not belong to product, allows user/admin to login without 2FA.
588346 An expired certificate is delivered toward Wifi authenticated users.
589219 Multiple DC's Kerberos traffic after FortiAuthenticator joining the domain with local DC.
600509 FTM Push "Accept" shouldn't fail because it's already been accepted.
601883 Test SMS doesn't work in adding a gateway.
602707 Can not add multiple alternate DNS names into certificate for user certificates.
604156 Packet captures on OCI often seem to be corrupt.
604924 SAML SSO/Proxy metadata download fails with "invalid_xml".
606562 FortiAuthenticator rejects certificate signing request from FortiGate client with invalid password error.
616181 SAML IdP - Post-login debug page does not show relevant SAML attributes.
620127 Changing from maint-mode-no-sync to maint-mode-sync doesn't appear to restore syncing.
628815 Remote SAML user import from Azure AD fails Authorization issue.
630041 FAC FSSO - TS Agent sessions stuck at zero after server reboot until FSSOTA service is restarted.
631600 SCEP request by certmonger can't be recognized by automatic enrollment request.
632411 Crash when setting non-blank password that doesn't comply to password policy rule.
632629 Smart Connect WPA2-Personal profile fails when WPA2-Enterprise settings are left in place.
634084 Cannot export third party signed certificate with private key when CSR is generated locally on FortiAuthenticator
635893 Change password not working with Checkpoint VPN when 2FA is enabled.
637040 HA Status showing "out of sync" when load balancer has synced user changed to role Admin.
640048

FortiAuthenticator failed to load the license.

643334 If MAC filter is enabled, but the configured RADIUS attribute is missing from the packet, we deny the authentication.
646299 Nutanix AHV KVM based Hypervisor FortiAuthenticator upgrades from 6.0.4 to 6.1.x and hangs on "Waiting for Database".
646764 CLI "get disk * " commands fail on KVM.
652072 LDAP user password expired, user not prompted for RSA Token code (chained Token Authentication).
655350 The lockout policy does not appear to apply to username/token submissions to the /auth API endpoint.
657522 0396: SAML Authentication Fails When AD Display Name Contains a Coma (,) and User has Admin Role
660357 FSSO FGT IP Filter ignored when Global Group Prefilter is enabled
660851 Force password change on next logon produces 403 forbidden with local user after login to selfservice or captive portal

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Mantis ID

Description

526202 FortiAuthenticator does not check if signature of CSR is valid.
543729 RADIUS client service not working after upgrade.
586570 FortiToken self-reprovision fails when token does not belong to product, allows user/admin to login without 2FA.
588346 An expired certificate is delivered toward Wifi authenticated users.
589219 Multiple DC's Kerberos traffic after FortiAuthenticator joining the domain with local DC.
600509 FTM Push "Accept" shouldn't fail because it's already been accepted.
601883 Test SMS doesn't work in adding a gateway.
602707 Can not add multiple alternate DNS names into certificate for user certificates.
604156 Packet captures on OCI often seem to be corrupt.
604924 SAML SSO/Proxy metadata download fails with "invalid_xml".
606562 FortiAuthenticator rejects certificate signing request from FortiGate client with invalid password error.
616181 SAML IdP - Post-login debug page does not show relevant SAML attributes.
620127 Changing from maint-mode-no-sync to maint-mode-sync doesn't appear to restore syncing.
628815 Remote SAML user import from Azure AD fails Authorization issue.
630041 FAC FSSO - TS Agent sessions stuck at zero after server reboot until FSSOTA service is restarted.
631600 SCEP request by certmonger can't be recognized by automatic enrollment request.
632411 Crash when setting non-blank password that doesn't comply to password policy rule.
632629 Smart Connect WPA2-Personal profile fails when WPA2-Enterprise settings are left in place.
634084 Cannot export third party signed certificate with private key when CSR is generated locally on FortiAuthenticator
635893 Change password not working with Checkpoint VPN when 2FA is enabled.
637040 HA Status showing "out of sync" when load balancer has synced user changed to role Admin.
640048

FortiAuthenticator failed to load the license.

643334 If MAC filter is enabled, but the configured RADIUS attribute is missing from the packet, we deny the authentication.
646299 Nutanix AHV KVM based Hypervisor FortiAuthenticator upgrades from 6.0.4 to 6.1.x and hangs on "Waiting for Database".
646764 CLI "get disk * " commands fail on KVM.
652072 LDAP user password expired, user not prompted for RSA Token code (chained Token Authentication).
655350 The lockout policy does not appear to apply to username/token submissions to the /auth API endpoint.
657522 0396: SAML Authentication Fails When AD Display Name Contains a Coma (,) and User has Admin Role
660357 FSSO FGT IP Filter ignored when Global Group Prefilter is enabled
660851 Force password change on next logon produces 403 forbidden with local user after login to selfservice or captive portal