Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

566145

Usage Profile 'TIME USAGE=Time used' is not triggering COA or disconnect request to FortiGate.

655350

The lockout policy does not appear to apply to username/token submissions to the /auth API endpoint.

796493

LDAPS connectivity issue between FortiGate/FortiManager and FortiAuthenticator.

808748

Self-service portal password change fails for remote LDAP users if the UPN format is used.

809353

Country code selection for guest portal user registration on iOS selects incorrect country prefix.

830386

'Users Audit Report' does not update timestamps in the Last Used column for EAP-TLS authentication used for Wireless.

638374

SCEP - Encryption/hash compatibility with clients.

676532

When FortiAuthenticator has a RADIUS client set as subnet, RADIUS Accounting Disconnect messages are not sent.

680776

AP HA secondary cannot change mgmt interface access configuration, and the option does not sync from the primary either.

751108

FortiAuthenticator does not support admin OIDs from FORTINET-CORE-MIB properly.

767745

SNMP facSysCpuUsage returns wrong type.

767935

A-P cluster, it forms when configured from the GUI, it does not when configured from the CLI without a restart.

801009

Remote SAML user sync rule creates one log entry for every SAML user assgined FortiToken Mobile every time the SAML sync occurs.

801933

FortiAuthenticator as an LDAP server, logs shows LDAP_FAC in the 'Source IP' field.

820035

After changing the FortiAuthenticator IP address, unplugging the monitor interface did not trigger the HA failover.

828570

FSSO session for TS agent not logged when user and machine are in different domains.

830884

Username is not populated in Logs, when changes are done via API in FortiAuthenticator.

743775

SCEP Get CA requests intermittently fails under High Scep Load.

800674

Remote sync rule does not automatically apply FortiToken logo to remote SAML users.

676985

Unable to import all FTK hardware tokens from the same purchase order; need to add them all manually.

791347

Internal server error 500 happens when viewing RADIUS account sessions, probably caused by the Called-Station-Id attribute.

815000

TACACS consuming CPU resources 100% with zero connections.

795271

E-mail address does not appear in the logs after social login authentication.

804238

FortiAuthenticator 6.4.1 GA SAML Logout fails.

750134

FortiAuthenticator as an LDAP server cannot export admin users from the local user base.

757460

Enable Django auto-translation for any end-user page.

787013

Changing the username attribute will cause the remote sync rule to remove existing remote users and eventually reimport them.

787156

FortiAuthenticator 6.4.1 GA OIDC HTTP Error 500.

791127

Sometimes(randomly) FortiAuthenticator fails to send email notification.

815897

Unable to import LDAP user from GUI by using IBM Lotus Domino LDAP.

796834

Captive portal loops between /portal/server?, 200 OK to /portal/login/server? 302 OK back to /portal/server? on Chrome browsers.

799768

Automatic CRL download error with 2 Identical DN.

815280

TACACS debug logs stop to works.

826424

Registering an already existing username on Legacy Self-serve Portal triggers 500 error.

829318

'Users and Devices' permission set does not allow to import remote LDAP users.

816070

DB issue if power down during a short window when booting from factory reset.

773020

Revoking of certificate is not being seen with OCSP until FortiAuthenticator reboots.

815896

FortiAuthenticator does not log an error when it cannot communicate to an external SMS provider due to invalid or expired certificate.

825665

Wrong client IPv4 attribute for Fortinet SSO Methods > SSO > RADIUS Accounting Sources.

838043

After an upgrade to FortiAuthenticator 6.4.5, Encryption enabled option in Fortinet SSO Methods > SSO > General is enabled by default. If you have an existing setup with FSSO enabled, this encrypts all the SSO requests from FortiAuthenticator, leading to FSSO setup failure.

Workaround: After upgrading to FortiAuthenticator 6.4.5, disable the Encryption enabled option in Fortinet SSO Methods > SSO > General.

837679

Upgrade to FortiAuthenticator 6.4.5 causes SSOMA connection failure.

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID

Description

566145

Usage Profile 'TIME USAGE=Time used' is not triggering COA or disconnect request to FortiGate.

655350

The lockout policy does not appear to apply to username/token submissions to the /auth API endpoint.

796493

LDAPS connectivity issue between FortiGate/FortiManager and FortiAuthenticator.

808748

Self-service portal password change fails for remote LDAP users if the UPN format is used.

809353

Country code selection for guest portal user registration on iOS selects incorrect country prefix.

830386

'Users Audit Report' does not update timestamps in the Last Used column for EAP-TLS authentication used for Wireless.

638374

SCEP - Encryption/hash compatibility with clients.

676532

When FortiAuthenticator has a RADIUS client set as subnet, RADIUS Accounting Disconnect messages are not sent.

680776

AP HA secondary cannot change mgmt interface access configuration, and the option does not sync from the primary either.

751108

FortiAuthenticator does not support admin OIDs from FORTINET-CORE-MIB properly.

767745

SNMP facSysCpuUsage returns wrong type.

767935

A-P cluster, it forms when configured from the GUI, it does not when configured from the CLI without a restart.

801009

Remote SAML user sync rule creates one log entry for every SAML user assgined FortiToken Mobile every time the SAML sync occurs.

801933

FortiAuthenticator as an LDAP server, logs shows LDAP_FAC in the 'Source IP' field.

820035

After changing the FortiAuthenticator IP address, unplugging the monitor interface did not trigger the HA failover.

828570

FSSO session for TS agent not logged when user and machine are in different domains.

830884

Username is not populated in Logs, when changes are done via API in FortiAuthenticator.

743775

SCEP Get CA requests intermittently fails under High Scep Load.

800674

Remote sync rule does not automatically apply FortiToken logo to remote SAML users.

676985

Unable to import all FTK hardware tokens from the same purchase order; need to add them all manually.

791347

Internal server error 500 happens when viewing RADIUS account sessions, probably caused by the Called-Station-Id attribute.

815000

TACACS consuming CPU resources 100% with zero connections.

795271

E-mail address does not appear in the logs after social login authentication.

804238

FortiAuthenticator 6.4.1 GA SAML Logout fails.

750134

FortiAuthenticator as an LDAP server cannot export admin users from the local user base.

757460

Enable Django auto-translation for any end-user page.

787013

Changing the username attribute will cause the remote sync rule to remove existing remote users and eventually reimport them.

787156

FortiAuthenticator 6.4.1 GA OIDC HTTP Error 500.

791127

Sometimes(randomly) FortiAuthenticator fails to send email notification.

815897

Unable to import LDAP user from GUI by using IBM Lotus Domino LDAP.

796834

Captive portal loops between /portal/server?, 200 OK to /portal/login/server? 302 OK back to /portal/server? on Chrome browsers.

799768

Automatic CRL download error with 2 Identical DN.

815280

TACACS debug logs stop to works.

826424

Registering an already existing username on Legacy Self-serve Portal triggers 500 error.

829318

'Users and Devices' permission set does not allow to import remote LDAP users.

816070

DB issue if power down during a short window when booting from factory reset.

773020

Revoking of certificate is not being seen with OCSP until FortiAuthenticator reboots.

815896

FortiAuthenticator does not log an error when it cannot communicate to an external SMS provider due to invalid or expired certificate.

825665

Wrong client IPv4 attribute for Fortinet SSO Methods > SSO > RADIUS Accounting Sources.

838043

After an upgrade to FortiAuthenticator 6.4.5, Encryption enabled option in Fortinet SSO Methods > SSO > General is enabled by default. If you have an existing setup with FSSO enabled, this encrypts all the SSO requests from FortiAuthenticator, leading to FSSO setup failure.

Workaround: After upgrading to FortiAuthenticator 6.4.5, disable the Encryption enabled option in Fortinet SSO Methods > SSO > General.

837679

Upgrade to FortiAuthenticator 6.4.5 causes SSOMA connection failure.