Fortinet black logo

Known issues

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

566145

Usage Profile 'TIME USAGE=Time used' is not triggering COA or disconnect request to FortiGate.

638374

SCEP - Encryption/hash compatibility with clients.

655350

The lockout policy does not appear to apply to username/token submissions to the /auth API endpoint.

676532

When FortiAuthenticator has a RADIUS client set as subnet, RADIUS Accounting Disconnect messages are not sent.

676985

Unable to import all FTK hardware tokens from the same purchase order; need to add them all manually.

680776

AP HA secondary cannot change mgmt interface access configuration, and the option does not sync from the primary either.

743775

SCEP Get CA requests intermittently fails under High Scep Load.

750134

FortiAuthenticator as an LDAP server cannot export admin users from the local user base.

751108

FortiAuthenticator does not support admin OIDs from FORTINET-CORE-MIB properly.

757460

Enable Django auto-translation for any end-user page.

767745

SNMP facSysCpuUsage returns wrong type.

767935

A-P cluster, it forms when configured from the GUI, it does not when configured from the CLI without a restart.

773020

Revoking of certificate is not being seen with OCSP until FortiAuthenticator reboots.

787013

Changing the username attribute will cause the remote sync rule to remove existing remote users and eventually reimport them.

787156

FortiAuthenticator 6.4.1 GA OIDC HTTP Error 500.

791127

Sometimes(randomly) FortiAuthenticator fails to send email notification.

791347

Internal server error 500 happens when viewing RADIUS account sessions, probably caused by the Called-Station-Id attribute.

795271

E-mail address does not appear in the logs after social login authentication.

796493

LDAPS connectivity issue between FortiGate/FortiManager and FortiAuthenticator.

796834

Captive portal loops between /portal/server?, 200 OK to /portal/login/server? 302 OK back to /portal/server? on Chrome browsers.

799768

Automatic CRL download error with 2 Identical DN.

800674

Remote sync rule does not automatically apply FortiToken logo to remote SAML users.

801009

Remote SAML user sync rule creates one log entry for every SAML user assgined FortiToken Mobile every time the SAML sync occurs.

801933

FortiAuthenticator as an LDAP server, logs shows LDAP_FAC in the 'Source IP' field.

804238

FortiAuthenticator 6.4.1 GA SAML Logout fails.

805969

FortiAuthenticator supports Zero Trust tunnels to multiple remote LDAP servers through one FortiGate only.

808748

Self-service portal password change fails for remote LDAP users if the UPN format is used.

809353

Country code selection for guest portal user registration on iOS selects incorrect country prefix.

815000

TACACS consuming CPU resources 100% with zero connections.

815280

TACACS debug logs stop to works.

815896

FortiAuthenticator does not log an error when it cannot communicate to an external SMS provider due to invalid or expired certificate.

815897

Unable to import LDAP user from GUI by using IBM Lotus Domino LDAP.

816070

DB issue if power down during a short window when booting from factory reset.

820035

After changing the FortiAuthenticator IP address, unplugging the monitor interface did not trigger the HA failover.

825665

Wrong client IPv4 attribute for Fortinet SSO Methods > SSO > RADIUS Accounting Sources.

826424

Registering an already existing username on Legacy Self-serve Portal triggers 500 error.

828570

FSSO session for TS agent not logged when user and machine are in different domains.

829318

'Users and Devices' permission set does not allow to import remote LDAP users.

830386

'Users Audit Report' does not update timestamps in the Last Used column for EAP-TLS authentication used for Wireless.

830884

Username is not populated in Logs, when changes are done via API in FortiAuthenticator.

837679

Upgrade to FortiAuthenticator 6.4.5 causes SSOMA connection failure.

838043

After an upgrade to FortiAuthenticator 6.4.5, Encryption enabled option in Fortinet SSO Methods > SSO > General is enabled by default. If you have an existing setup with FSSO enabled, this encrypts all the SSO requests from FortiAuthenticator, leading to FSSO setup failure.

Workaround: After upgrading to FortiAuthenticator 6.4.5, disable the Encryption enabled option in Fortinet SSO Methods > SSO > General.

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

566145

Usage Profile 'TIME USAGE=Time used' is not triggering COA or disconnect request to FortiGate.

638374

SCEP - Encryption/hash compatibility with clients.

655350

The lockout policy does not appear to apply to username/token submissions to the /auth API endpoint.

676532

When FortiAuthenticator has a RADIUS client set as subnet, RADIUS Accounting Disconnect messages are not sent.

676985

Unable to import all FTK hardware tokens from the same purchase order; need to add them all manually.

680776

AP HA secondary cannot change mgmt interface access configuration, and the option does not sync from the primary either.

743775

SCEP Get CA requests intermittently fails under High Scep Load.

750134

FortiAuthenticator as an LDAP server cannot export admin users from the local user base.

751108

FortiAuthenticator does not support admin OIDs from FORTINET-CORE-MIB properly.

757460

Enable Django auto-translation for any end-user page.

767745

SNMP facSysCpuUsage returns wrong type.

767935

A-P cluster, it forms when configured from the GUI, it does not when configured from the CLI without a restart.

773020

Revoking of certificate is not being seen with OCSP until FortiAuthenticator reboots.

787013

Changing the username attribute will cause the remote sync rule to remove existing remote users and eventually reimport them.

787156

FortiAuthenticator 6.4.1 GA OIDC HTTP Error 500.

791127

Sometimes(randomly) FortiAuthenticator fails to send email notification.

791347

Internal server error 500 happens when viewing RADIUS account sessions, probably caused by the Called-Station-Id attribute.

795271

E-mail address does not appear in the logs after social login authentication.

796493

LDAPS connectivity issue between FortiGate/FortiManager and FortiAuthenticator.

796834

Captive portal loops between /portal/server?, 200 OK to /portal/login/server? 302 OK back to /portal/server? on Chrome browsers.

799768

Automatic CRL download error with 2 Identical DN.

800674

Remote sync rule does not automatically apply FortiToken logo to remote SAML users.

801009

Remote SAML user sync rule creates one log entry for every SAML user assgined FortiToken Mobile every time the SAML sync occurs.

801933

FortiAuthenticator as an LDAP server, logs shows LDAP_FAC in the 'Source IP' field.

804238

FortiAuthenticator 6.4.1 GA SAML Logout fails.

805969

FortiAuthenticator supports Zero Trust tunnels to multiple remote LDAP servers through one FortiGate only.

808748

Self-service portal password change fails for remote LDAP users if the UPN format is used.

809353

Country code selection for guest portal user registration on iOS selects incorrect country prefix.

815000

TACACS consuming CPU resources 100% with zero connections.

815280

TACACS debug logs stop to works.

815896

FortiAuthenticator does not log an error when it cannot communicate to an external SMS provider due to invalid or expired certificate.

815897

Unable to import LDAP user from GUI by using IBM Lotus Domino LDAP.

816070

DB issue if power down during a short window when booting from factory reset.

820035

After changing the FortiAuthenticator IP address, unplugging the monitor interface did not trigger the HA failover.

825665

Wrong client IPv4 attribute for Fortinet SSO Methods > SSO > RADIUS Accounting Sources.

826424

Registering an already existing username on Legacy Self-serve Portal triggers 500 error.

828570

FSSO session for TS agent not logged when user and machine are in different domains.

829318

'Users and Devices' permission set does not allow to import remote LDAP users.

830386

'Users Audit Report' does not update timestamps in the Last Used column for EAP-TLS authentication used for Wireless.

830884

Username is not populated in Logs, when changes are done via API in FortiAuthenticator.

837679

Upgrade to FortiAuthenticator 6.4.5 causes SSOMA connection failure.

838043

After an upgrade to FortiAuthenticator 6.4.5, Encryption enabled option in Fortinet SSO Methods > SSO > General is enabled by default. If you have an existing setup with FSSO enabled, this encrypts all the SSO requests from FortiAuthenticator, leading to FSSO setup failure.

Workaround: After upgrading to FortiAuthenticator 6.4.5, disable the Encryption enabled option in Fortinet SSO Methods > SSO > General.