Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

485396 Sponsor/Admin can place created Guest users into any group.
526202 FortiAuthenticator does not check if signature of CSR is valid.
543729 RADIUS client service not working after upgrade.
544691 Remote LDAP admins have no certificate bindings.
566145 Usage Profile "TIME USAGE=Time used" is not triggering COA or disconnect request to FortiGate.
577877 Allow bulk unlock for FTM tokens.
588310 FortiAuthenticator dropping FSSO login events from DC Agent on failed DNS resolution.
588346 An expired certificate is delivered toward WiFi authenticated users.
589219 Multiple DC's kerberos traffic after FortiAuthenticator joining the domain with local DC.
592837 Sponsor accounts can add guest user accounts to non-guest groups.
595012 Should be able to resize the users page column width manually by using mouse.
601520 Recurrent log message: Portal was not found in the session, redirecting back to entry point.
601603 CLI only supports configuring interfaces port1 to port4.
602707 Unable to add multiple alternate DNS names into certificate for user certificates.
604156 Packet captures on OCI seem to be corrupt.
604924 SAML SSO/Proxy metadata download fails with "invalid_xml".
606562 FortiAuthenticator rejects certificate signing requests from FortiGate client with invalid password error.
615442 No Kerberos ticket requests (negotiate) on encrypted HTTPS traffic from FortiAuthenticator.
628815 Remote SAML user import from Azure AD fails Authorization issue.
630041 FortiAuthenticator FSSO - TS Agent sessions stuck at zero after server reboot until FSSOTA service is restarted.
631600 SCEP request by certmonger can't be recognized by automatic enrollment request.
632629 Smart Connect WPA2-Personal profile fails when WPA2-Enterprise settings are left in place.
632637 Smart Connect missing the ability to forget an SSID.
634084 Cannot export third party signed certificate with private key when CSR is generated locally on FortiAuthenticator.
635893 Change password not working with Checkpoint VPN when 2FA is enabled.
637028 SSL connection failed in case of certificate expired error message is not explicit.
637199 Add default usage profiles.
637290 No FTM push notification with Windows agent 3.0.
638374 SCEP - Encryption/hash compatibility with clients.
645043 GUI does not show certificate UPN.
646299 Nutanix AHV KVM based Hypervisor FortiAuthenticator upgrades from 6.0.4 to 6.1.x fails, and hangs on "Waiting for Database".
650215 FortiAuthenticator Windows Agent 3.0 - New RDP connection by the same user is unable to finish due to blank login screen.
652072 When LDAP user password expired, user is not prompted for RSA token code (chained token authentication).
655350 The lockout policy does not apply to username/token submissions to the /auth API endpoint.
657522 SAML authentication fails when AD display name contains a coma (,) and user has admin role.
660357 FSSO FortiGate IP filter ignored when global group prefilter is enabled.
666571 ";Portal was not found in the session" when registering a guest with non-ASCII characters "Umlauts".
666636 Wrong group attributes indicator in RADIUS policy response table for EAP-TLS.
666782 If local CA is selected for EAP and no EAP server certificate is present on FortiAuthenticator, radiusd keeps crashing after upgrading to 6.2.0.
666880 GUI - Hide SNMP trap option for PSU monitoring for unsupported devices.
668337 Allowed hosts configuration through CLI is not reflected in GUI before reboot.
668916 Subdomain users can authenticate over FortiAuthenticator Agent installed on workstation in main domain without the token code.
669054 Can't install FAC-VM-HV 6.2.0 on server 2012 R2.
669079 HTTPS certificate chain is inconsistent/incorrect.
670811 Issues with remote SAML user import from Azure AD.
670827 FortiGate filtering stops any users sent to FortiGate even though users are member of group/container.
671345 FortiAuthenticator Windows Agent prompts for token despite incorrect password, and then does not prompt for user credentials again.
672750 When trying to access to self service portal, error "Please enter correct credentials. Note password is case-sensitive" is randomly displayed.
672987 After upgrading FortiAuthenticator from 5.4 to 6.x, Apple devices cannot load the FortiAuthenticator captive portal via the system pop-up only.
673151 Domain controller query status shows failed with successful queries.
673303 Fine-grained menu content has misaligned pointer in SSO/General.
673319 Admin cannot log in to approve the self-registration when group filters are set without admin user in Guest Portal policy.

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

485396 Sponsor/Admin can place created Guest users into any group.
526202 FortiAuthenticator does not check if signature of CSR is valid.
543729 RADIUS client service not working after upgrade.
544691 Remote LDAP admins have no certificate bindings.
566145 Usage Profile "TIME USAGE=Time used" is not triggering COA or disconnect request to FortiGate.
577877 Allow bulk unlock for FTM tokens.
588310 FortiAuthenticator dropping FSSO login events from DC Agent on failed DNS resolution.
588346 An expired certificate is delivered toward WiFi authenticated users.
589219 Multiple DC's kerberos traffic after FortiAuthenticator joining the domain with local DC.
592837 Sponsor accounts can add guest user accounts to non-guest groups.
595012 Should be able to resize the users page column width manually by using mouse.
601520 Recurrent log message: Portal was not found in the session, redirecting back to entry point.
601603 CLI only supports configuring interfaces port1 to port4.
602707 Unable to add multiple alternate DNS names into certificate for user certificates.
604156 Packet captures on OCI seem to be corrupt.
604924 SAML SSO/Proxy metadata download fails with "invalid_xml".
606562 FortiAuthenticator rejects certificate signing requests from FortiGate client with invalid password error.
615442 No Kerberos ticket requests (negotiate) on encrypted HTTPS traffic from FortiAuthenticator.
628815 Remote SAML user import from Azure AD fails Authorization issue.
630041 FortiAuthenticator FSSO - TS Agent sessions stuck at zero after server reboot until FSSOTA service is restarted.
631600 SCEP request by certmonger can't be recognized by automatic enrollment request.
632629 Smart Connect WPA2-Personal profile fails when WPA2-Enterprise settings are left in place.
632637 Smart Connect missing the ability to forget an SSID.
634084 Cannot export third party signed certificate with private key when CSR is generated locally on FortiAuthenticator.
635893 Change password not working with Checkpoint VPN when 2FA is enabled.
637028 SSL connection failed in case of certificate expired error message is not explicit.
637199 Add default usage profiles.
637290 No FTM push notification with Windows agent 3.0.
638374 SCEP - Encryption/hash compatibility with clients.
645043 GUI does not show certificate UPN.
646299 Nutanix AHV KVM based Hypervisor FortiAuthenticator upgrades from 6.0.4 to 6.1.x fails, and hangs on "Waiting for Database".
650215 FortiAuthenticator Windows Agent 3.0 - New RDP connection by the same user is unable to finish due to blank login screen.
652072 When LDAP user password expired, user is not prompted for RSA token code (chained token authentication).
655350 The lockout policy does not apply to username/token submissions to the /auth API endpoint.
657522 SAML authentication fails when AD display name contains a coma (,) and user has admin role.
660357 FSSO FortiGate IP filter ignored when global group prefilter is enabled.
666571 ";Portal was not found in the session" when registering a guest with non-ASCII characters "Umlauts".
666636 Wrong group attributes indicator in RADIUS policy response table for EAP-TLS.
666782 If local CA is selected for EAP and no EAP server certificate is present on FortiAuthenticator, radiusd keeps crashing after upgrading to 6.2.0.
666880 GUI - Hide SNMP trap option for PSU monitoring for unsupported devices.
668337 Allowed hosts configuration through CLI is not reflected in GUI before reboot.
668916 Subdomain users can authenticate over FortiAuthenticator Agent installed on workstation in main domain without the token code.
669054 Can't install FAC-VM-HV 6.2.0 on server 2012 R2.
669079 HTTPS certificate chain is inconsistent/incorrect.
670811 Issues with remote SAML user import from Azure AD.
670827 FortiGate filtering stops any users sent to FortiGate even though users are member of group/container.
671345 FortiAuthenticator Windows Agent prompts for token despite incorrect password, and then does not prompt for user credentials again.
672750 When trying to access to self service portal, error "Please enter correct credentials. Note password is case-sensitive" is randomly displayed.
672987 After upgrading FortiAuthenticator from 5.4 to 6.x, Apple devices cannot load the FortiAuthenticator captive portal via the system pop-up only.
673151 Domain controller query status shows failed with successful queries.
673303 Fine-grained menu content has misaligned pointer in SSO/General.
673319 Admin cannot log in to approve the self-registration when group filters are set without admin user in Guest Portal policy.