Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

566145

Usage Profile "TIME USAGE=Time used" is not triggering COA or disconnect request to FortiGate.

637028

SSL connection fails in case when the expired certificate issue is not explicit enough.

638374

SCEP - Encryption/hash compatibility with clients.

643810

CLI restore-admin command needs improvement.

646299

Nutanix AHV KVM based Hypervisor- upgrading FortiAuthenticator from 6.0.4 to 6.1.x fails and hangs on "Waiting for Database".

655350

The lockout policy does not appear to apply to username/token submissions to the /auth API endpoint.

676532

When FortiAuthenticator has RADIUS client set as subnet, RADIUS accounting disconnect messages are not sent.

749422

Rest API script is unable to modify the user info when yubikey is assigned.

750134

FortiAuthenticator as an LDAP server cannot export admin users from local user base.

751108

FortiAuthenticator does not support admin OIDs from FORTINET-CORE-MIB properly.

755752

Power supplies show voltage input fault on both CLI and GUI.

757460

Enable Django auto-translation for any end-user pages.

758516

FortiAuthenticator HA: cluster out of sync if the custom RADIUS dictionary is uploaded, auth breaks.

767745

SNMP facSysCpuUsage returns wrong type.

767935

A-P cluster forms when configured from the GUI, it does not when from CLI without a restart.

769183

FortiAuthenticator VMs need greater resiliency / improved recovery when connectivity lost to the remote data drives.

770593

Minimize the use of CBC ciphersuites.

773009

FortiAuthenticator does not expand disk properly - system status shows old size, expand-partition shows new size.

773083

Enable/disable FortiToken Cloud push notification button shuts down all the authentication methods.

773131

FortiAuthenticator-3000F: HW Monitor PSU widget supports PSU placed in top/bottom orientation.

775006

Occasionally, multiple SMS are received after an LDAP user import instead of just one.

775083

FortiAuthenticator FSSO detects FortiAuthenticator domain-join as a login event, resolves workstation name to 127.0.0.1 and forwards that login.

775542

Admin logon with 2FA gets "Access denied" before typing the token, auth OK.

777392

FortiAuthenticator displays the entire LDAP tree when testing filter in remote user sync rule. This can freeze the GUI.

779771

500 internal error when editing an LDAP entry.

779796

SAML IDP proxy for Azure is not working with the current Azure Portal.

780611

Oauth Token API returns error when calling API /oauth/token/ with FortiToken Cloud user, but FortiToken Cloud had sent the push to FortiToken Mobile.

781506

High memory consumption on unused FortiAuthenticator-VM.

782799

FortiToken Cloud manual sync timeouts when user > 1000, but users are already synced.

783685

"Obtained access token from Azure" takes too much time to process.

783765

SAML requests in form of POST with bindings will result in 403 error.

785164

Remote admin unable to create self-service portal security question.

785585

HA load balancing anomaly for the registered captive portal user.

785634

Remote user without any FIDO keys for a FIDO enabled portal is unable to change password.

787013

Changing the username attribute will cause the remote sync rule to remove existing remote users and eventually re-import them.

787678

FortiAuthenticator TACACS+ behavior with ASCII and PAP.

788819

FortiAuthenticator 6.4.1 LDAP filters not being applied when importing groups from SSO > SSO groups.

790570

Admin password change on the RADIUS client logon does not work with MFA.

791127

Sometimes(randomly) FortiAuthenticator fails to send the email notification.

791347

Internal server error 500 happens when viewing RADIUS account sessions, probably caused by the Called-Station-Id attribute.

792031

SAML IdP with LDAP for Google SP randomly fails with Internal Server Error (Error 500).

792230

Encoding migration error after upgrade to 6.4.0-6.4.2 - no space left on the device.

792723

FortiAuthenticator -Internal Server Error - Table fac_auth_facgroup is replicated and cannot be modified on a subscriber node.

793191

Override session.

793478

SAML SSLVPN Auth fails because FortiAuthenticator cuts parts of the DN when using group LDAP filter.

793868

Onboarding message feature sends SMS via unexpected SMS gateway.

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

566145

Usage Profile "TIME USAGE=Time used" is not triggering COA or disconnect request to FortiGate.

637028

SSL connection fails in case when the expired certificate issue is not explicit enough.

638374

SCEP - Encryption/hash compatibility with clients.

643810

CLI restore-admin command needs improvement.

646299

Nutanix AHV KVM based Hypervisor- upgrading FortiAuthenticator from 6.0.4 to 6.1.x fails and hangs on "Waiting for Database".

655350

The lockout policy does not appear to apply to username/token submissions to the /auth API endpoint.

676532

When FortiAuthenticator has RADIUS client set as subnet, RADIUS accounting disconnect messages are not sent.

749422

Rest API script is unable to modify the user info when yubikey is assigned.

750134

FortiAuthenticator as an LDAP server cannot export admin users from local user base.

751108

FortiAuthenticator does not support admin OIDs from FORTINET-CORE-MIB properly.

755752

Power supplies show voltage input fault on both CLI and GUI.

757460

Enable Django auto-translation for any end-user pages.

758516

FortiAuthenticator HA: cluster out of sync if the custom RADIUS dictionary is uploaded, auth breaks.

767745

SNMP facSysCpuUsage returns wrong type.

767935

A-P cluster forms when configured from the GUI, it does not when from CLI without a restart.

769183

FortiAuthenticator VMs need greater resiliency / improved recovery when connectivity lost to the remote data drives.

770593

Minimize the use of CBC ciphersuites.

773009

FortiAuthenticator does not expand disk properly - system status shows old size, expand-partition shows new size.

773083

Enable/disable FortiToken Cloud push notification button shuts down all the authentication methods.

773131

FortiAuthenticator-3000F: HW Monitor PSU widget supports PSU placed in top/bottom orientation.

775006

Occasionally, multiple SMS are received after an LDAP user import instead of just one.

775083

FortiAuthenticator FSSO detects FortiAuthenticator domain-join as a login event, resolves workstation name to 127.0.0.1 and forwards that login.

775542

Admin logon with 2FA gets "Access denied" before typing the token, auth OK.

777392

FortiAuthenticator displays the entire LDAP tree when testing filter in remote user sync rule. This can freeze the GUI.

779771

500 internal error when editing an LDAP entry.

779796

SAML IDP proxy for Azure is not working with the current Azure Portal.

780611

Oauth Token API returns error when calling API /oauth/token/ with FortiToken Cloud user, but FortiToken Cloud had sent the push to FortiToken Mobile.

781506

High memory consumption on unused FortiAuthenticator-VM.

782799

FortiToken Cloud manual sync timeouts when user > 1000, but users are already synced.

783685

"Obtained access token from Azure" takes too much time to process.

783765

SAML requests in form of POST with bindings will result in 403 error.

785164

Remote admin unable to create self-service portal security question.

785585

HA load balancing anomaly for the registered captive portal user.

785634

Remote user without any FIDO keys for a FIDO enabled portal is unable to change password.

787013

Changing the username attribute will cause the remote sync rule to remove existing remote users and eventually re-import them.

787678

FortiAuthenticator TACACS+ behavior with ASCII and PAP.

788819

FortiAuthenticator 6.4.1 LDAP filters not being applied when importing groups from SSO > SSO groups.

790570

Admin password change on the RADIUS client logon does not work with MFA.

791127

Sometimes(randomly) FortiAuthenticator fails to send the email notification.

791347

Internal server error 500 happens when viewing RADIUS account sessions, probably caused by the Called-Station-Id attribute.

792031

SAML IdP with LDAP for Google SP randomly fails with Internal Server Error (Error 500).

792230

Encoding migration error after upgrade to 6.4.0-6.4.2 - no space left on the device.

792723

FortiAuthenticator -Internal Server Error - Table fac_auth_facgroup is replicated and cannot be modified on a subscriber node.

793191

Override session.

793478

SAML SSLVPN Auth fails because FortiAuthenticator cuts parts of the DN when using group LDAP filter.

793868

Onboarding message feature sends SMS via unexpected SMS gateway.