Usage Profile TIME USAGE=Time used is not triggering COA or disconnect request to FortiGate.

Changing from maint-mode-no-sync to maint-mode-sync does not appear to restore syncing.

AP HA secondary cannot change the mgmt interface access configuration, and the option does not sync from primary either.

FortiAuthenticator Agent with group exclusion is throwing a COMException error when accessing AD to check group membership.

REST API /api/v1/tacpluspolicyclient/ endpoint does not recognize policy_name or client_name parameters.

SCEP Get CA requests intermittently fail under high SCEP load.

FortiAuthenticator does not support admin OIDs from FORTINET-CORE-MIB properly.

Power supplies show voltage input fault on both CLI and GUI.

Occasionally, multiple SMS are received after LDAP user import instead of just one.

Creating CA certificate debug logs sometime shows error.

Token bypass not working for FIDO enabled self-service portal.

TACACS+ attribute value pair for authorization services shows undefined entries.

FortiAuthenticator as LDAP server; logs shows LDAP_FAC in the Source IP field.

FortiAuthenticator supports Zero Trust tunnels to multiple remote LDAP servers through one FortiGate only.

Self-service portal password change fails for remote LDAP users if UPN format is used.

Custom RADIUS attributes disappear on HA secondary after failover and we get 500 crash when clicking on a RADIUS policy.

DB issue if power down during a short window when booting from factory reset.

Local services cannot use cert with >97 character subject length.

TACACS+ authentication fails when the authentication process takes long.

Windows log events in FSSO are dropping after some time.

Upgrading FortiAuthenticator in HA-LB removes the MAC-address records form the LB node.

KVM model does not obey hypervisor soft restart/shutdown commands.

HA Cluster not forming due to differing smartconnect primary key name (upgrade path mismatch, but should work).

It takes a long time for FortiAuthenticator to reflect active certificates in the GUI after successful SCEP enrollment request.

FortiAuthenticator fails to send COA disconnect to FortiGate.

RADIUS attribute name should be only unique within the dictionary, not across all dictionaries.

NTLM authentication does not work with child domain.

FortiAuthenticator remote user sync rules - Set Group Filter not working if OU has special characters in name, e.g., ( , ) , +.

Smart Connect for Android running on version 12 and 13 never installed the configuration profile.

FIDO users status bug on SAML.

FortiNAC can overwhelm FortiAuthenticator with 'many' TACACS+ logins on the same service account.

FortiAuthenticator GUI/captive portal access freezes/become unresponsive during peak hours.

Admin password recheck issues.

FortiAuthenticator HA device with low priority stays primary.

IP lockout not being logged in on FortiAuthenticator logs.

TACACS+ failed authentications not counting towards IP lockouts.

FortiAuthenticator SSO database is not updating in a timely manner, when domain users switch from wireless to wired or vice versa.

Recovery password and recovery token fails to send alternative email address.

LDAP disconnects every few seconds.

Incorrect FIDO token does not count towards user lockout.

Portal policy realms table values are in the wrong column.

403 Forbidden error while doing SAML authentication after OAuth succeeds.

Single group is passed by FortiAuthenticator as an IdP when FIDO- only authentication is used in the SP setting.

Unable to use FortiAuthenticator images in System replacement messages.

User account extension gives CSRF token missing or incorrect.

FortiAuthenticator ignores the groups filtering rules and sends all SSO groups to FortiGate if the FortiGate is configured with FQDN.

Unable to view supported methods and available fields using /schema at the end of the endpoint.

FortiAuthenticator memory usage showing in the widget is not matching with memory usage from SNMP (facSysMemUsage).

Selecting Cloud option for group membership on SAML SP displays 500 error if we do not select an oauth server.

500 error when launching a Smart Connect profile that contains a CSR for Android.

Certificate GUI filter by status times out when there are thousands of revoked certificates.

Select All checkbox for remote user sync rule does not select all rules in Firefox without private window.

SNMP v3 with non-ENG letter pass gives Auth failed.

FortiAuthenticator HA is out of sync and the web server crashes when clicking on Packet Capture with 500 Internal server error.

Unable to provision FortiToken Mobiles on FortiAuthenticator 200E/400E/3000E in 6.5.0/6.5.1.