Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Release Notes

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

764250

Bug in self-registration of tokens and SMS registration cannot be disabled, although the option is available.

764256

FSSO - LDAP user/group lookup is broken by addition of remote LDAP for computer-based authentication.

763568

The timestamp of the account status for lockout is Greenwich Mean Time 00:00 regardless of system time.

752627

Token transfer fails if includes deprovisioned token(registration id = null) and FortiAuthenticator throws an unknown error.

759691

FSSO self-service portal does not create FSSO session upon end user login.

706701

FortiAuthenticator cluster is inconsistently accessible via HA interfaces from outside the HA subnet.

746567

Importing Local Users from CSV - FortiAuthenticator LB shows 'In Sync with Anomalies'.

745497

Kerberos not working for AES.

676985

Cannot import all FTK hardware tokens from the same purchase order; need to add them all manually.

665384

HA failover does not work reliably after maintenance mode is disabled on the high priority node.

754943

FortiAuthenticator users certs marked as revoked even after expiry date. Deleting is prohibited for some and it produces browser's console errors.

756782

FortiAuthenticator GUI cannot show how many users on every group.

758516

FortiAuthenticator HA: cluster out of sync if custom RADIUS dictionary is uploaded; auth breaks.

757968

/api/v1/pushauth/: the processing of the response is delayed.

764147

Cloud-init: DHCP client stays resident rather than exiting after boot as intended.

764092

Oauth setting permissions are missing.

763026

No popup error if HA table mismatched.

746405

LB HA primary locked SQL database around the same time the disk load-balancer became full.

761702

Unable to properly config postgres for memory/cache if config backup is used.

764179

Unable to change password of remote user unless imported in FortiAuthenticator.

762262

Password reset does not work for remote LDAP user if the password contains 6 characters or less.

763341

Dump when adding LDAP uid to a uid.

690126

HA cluster with load balancer initial setup causes secondary cluster member to crash.

506112

This post REST API call fails to activate the FortiGuard messaging license.

613164

Google Workspace open LDAP crashes when we try to change password.

761880

Trying to get OAuth authorization code for a user with a cloud FortiToken causes django to crash.

761482

FIDO2 authentication not compatible with Apple's WiFi popup.

755752

Power supplies show voltage input fault on both CLI and GUI.

763997

Token challenge not sent to remote RADIUS server when TACACS+ is used with LDAP realm+ chained token.

751108

FortiAuthenticator does not support admin OIDs from FORTINET-CORE-MIB properly.

762203

FSSO Server restart takes too long when global pre-filter gets modified.

761292

Azure remote IdP authentication fails if FortiAuthenticator FQDN contains upper case.

676532

When FortiAuthenticator has a RADIUS client set as subnet; RADIUS accounting disconnect messages are not sent.

758008

FortiAuthenticator joining domain and using the incorrect domain name (DNS) if the name is the same in several LDAP servers.

749422

REST API script is unable to modify user's info when yubikey is assigned.

757460

Enable Django auto-translation for any end-user pages.

756777

Incorrect order of the fields displayed on change_password_remote page for remote users.

566145

Usage Profile "TIME USAGE=Time used" is not triggering COA or a disconnect request to FortiGate.

750134

FortiAuthenticator as LDAP server cannot export admin users from local user base.

748862

Read-only admin profile cannot view local/remote users; error 500.

655350

The lockout policy does not appear to apply to username/token submissions to the /auth API endpoint.

646299

Nutanix AHV KVM based Hypervisor- upgrading FortiAuthenticator from 6.0.4 to 6.1.x fails and hangs on "Waiting for Database".

643810

CLI restore-admin command needs improvement.

638374

SCEP - Encryption/hash compatibility with clients.

637028

SSL connection failed when the certificate expired issue is not explicit enough.

745433

CLI 'execute backup config ftp' upload problem when a path is provided.

677932

SCEP returns 200 on bad requests.

745419

CLI 'execute backup config tftp' (also ftp) with encryption password does not result in encrypted backup.

620127

Changing from maint-mode-no-sync to maint-mode-sync does not appear to restore syncing.

757516

Local user CSV export does not handle commas.

646764

CLI "get disk *" command fails on KVM.

506543

500k+ users- Secondary's SNMP SQL query to obtain user count is obnoxiously slow (postgres needs vacuum full).

742722

Remove SSO on legacy self-service portal.

752408

Seek confirmation from FortiAuthenticator admin when restoring configuration via GUI.

752409

Redirect FortiAuthenticator to a new IP when admin changes the IP through which s/he is accessing it in a browser.

516357

LB - Toggling LB off and back on in an existing cluster can impact availability for hours/days.

586813

Send SNMP trap when active HA master detects that passive unit stopped syncing.

725800

IAM username validation not consistent in REST API.

733323

PCI DSS 2FA shows different page for user that does not exist.

733028

404 Not Found when we Resend email or SMS Message.

723677

Failed auth after changing port on secure LDAP server locks radiusd and prevents it from being killed.

561506

RADIUS auths fail if no port on FortiAuthenticator is assigned an IPv4 address.

674164

Logging into the CLI with incorrect password on the HA secondary gives bunch of SQL errors.

689458

HA cluster changing secret on primary to match secondary causes the webserver to crash on the secondary.

550802

Data persistence for authentication activity widget.

763973

Sponsor admin profile should be read-only.

746611

RADIUS authentication delay causes 2FA failure.

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

764250

Bug in self-registration of tokens and SMS registration cannot be disabled, although the option is available.

764256

FSSO - LDAP user/group lookup is broken by addition of remote LDAP for computer-based authentication.

763568

The timestamp of the account status for lockout is Greenwich Mean Time 00:00 regardless of system time.

752627

Token transfer fails if includes deprovisioned token(registration id = null) and FortiAuthenticator throws an unknown error.

759691

FSSO self-service portal does not create FSSO session upon end user login.

706701

FortiAuthenticator cluster is inconsistently accessible via HA interfaces from outside the HA subnet.

746567

Importing Local Users from CSV - FortiAuthenticator LB shows 'In Sync with Anomalies'.

745497

Kerberos not working for AES.

676985

Cannot import all FTK hardware tokens from the same purchase order; need to add them all manually.

665384

HA failover does not work reliably after maintenance mode is disabled on the high priority node.

754943

FortiAuthenticator users certs marked as revoked even after expiry date. Deleting is prohibited for some and it produces browser's console errors.

756782

FortiAuthenticator GUI cannot show how many users on every group.

758516

FortiAuthenticator HA: cluster out of sync if custom RADIUS dictionary is uploaded; auth breaks.

757968

/api/v1/pushauth/: the processing of the response is delayed.

764147

Cloud-init: DHCP client stays resident rather than exiting after boot as intended.

764092

Oauth setting permissions are missing.

763026

No popup error if HA table mismatched.

746405

LB HA primary locked SQL database around the same time the disk load-balancer became full.

761702

Unable to properly config postgres for memory/cache if config backup is used.

764179

Unable to change password of remote user unless imported in FortiAuthenticator.

762262

Password reset does not work for remote LDAP user if the password contains 6 characters or less.

763341

Dump when adding LDAP uid to a uid.

690126

HA cluster with load balancer initial setup causes secondary cluster member to crash.

506112

This post REST API call fails to activate the FortiGuard messaging license.

613164

Google Workspace open LDAP crashes when we try to change password.

761880

Trying to get OAuth authorization code for a user with a cloud FortiToken causes django to crash.

761482

FIDO2 authentication not compatible with Apple's WiFi popup.

755752

Power supplies show voltage input fault on both CLI and GUI.

763997

Token challenge not sent to remote RADIUS server when TACACS+ is used with LDAP realm+ chained token.

751108

FortiAuthenticator does not support admin OIDs from FORTINET-CORE-MIB properly.

762203

FSSO Server restart takes too long when global pre-filter gets modified.

761292

Azure remote IdP authentication fails if FortiAuthenticator FQDN contains upper case.

676532

When FortiAuthenticator has a RADIUS client set as subnet; RADIUS accounting disconnect messages are not sent.

758008

FortiAuthenticator joining domain and using the incorrect domain name (DNS) if the name is the same in several LDAP servers.

749422

REST API script is unable to modify user's info when yubikey is assigned.

757460

Enable Django auto-translation for any end-user pages.

756777

Incorrect order of the fields displayed on change_password_remote page for remote users.

566145

Usage Profile "TIME USAGE=Time used" is not triggering COA or a disconnect request to FortiGate.

750134

FortiAuthenticator as LDAP server cannot export admin users from local user base.

748862

Read-only admin profile cannot view local/remote users; error 500.

655350

The lockout policy does not appear to apply to username/token submissions to the /auth API endpoint.

646299

Nutanix AHV KVM based Hypervisor- upgrading FortiAuthenticator from 6.0.4 to 6.1.x fails and hangs on "Waiting for Database".

643810

CLI restore-admin command needs improvement.

638374

SCEP - Encryption/hash compatibility with clients.

637028

SSL connection failed when the certificate expired issue is not explicit enough.

745433

CLI 'execute backup config ftp' upload problem when a path is provided.

677932

SCEP returns 200 on bad requests.

745419

CLI 'execute backup config tftp' (also ftp) with encryption password does not result in encrypted backup.

620127

Changing from maint-mode-no-sync to maint-mode-sync does not appear to restore syncing.

757516

Local user CSV export does not handle commas.

646764

CLI "get disk *" command fails on KVM.

506543

500k+ users- Secondary's SNMP SQL query to obtain user count is obnoxiously slow (postgres needs vacuum full).

742722

Remove SSO on legacy self-service portal.

752408

Seek confirmation from FortiAuthenticator admin when restoring configuration via GUI.

752409

Redirect FortiAuthenticator to a new IP when admin changes the IP through which s/he is accessing it in a browser.

516357

LB - Toggling LB off and back on in an existing cluster can impact availability for hours/days.

586813

Send SNMP trap when active HA master detects that passive unit stopped syncing.

725800

IAM username validation not consistent in REST API.

733323

PCI DSS 2FA shows different page for user that does not exist.

733028

404 Not Found when we Resend email or SMS Message.

723677

Failed auth after changing port on secure LDAP server locks radiusd and prevents it from being killed.

561506

RADIUS auths fail if no port on FortiAuthenticator is assigned an IPv4 address.

674164

Logging into the CLI with incorrect password on the HA secondary gives bunch of SQL errors.

689458

HA cluster changing secret on primary to match secondary causes the webserver to crash on the secondary.

550802

Data persistence for authentication activity widget.

763973

Sponsor admin profile should be read-only.

746611

RADIUS authentication delay causes 2FA failure.