Fortinet black logo

Release Notes

6.6.1
6.6.1
6.6.0
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.2
6.2.1
6.2.0
6.1.3
6.1.2
6.1.1
6.1.0
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.5.0
5.4.1
5.4.0
5.3.1
5.3.0
5.2.2
5.2.1
5.2.0
5.1.2
5.1.1
5.1.0
5.0.0
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.1
4.2.0

Known issues

Known issues

This section lists the known issues of this release, but is not a complete list. For inquiries about a particular bug, please contact Technical Support within the FortiCare portal.

Bug ID

Description
988439 FortiAuthenticator cannot join a domain with special UFT-8 extended ASCII characters.
950855 Unintelligible characters are sometimes displayed after saving certificate in the admin UI.
997200 SAML IdP Proxy not able to retrieve group memberships from remote OpenLDAP server.
971708 Restoring configuration on AWS resets password of 'admin' account to instance-id.
972164 LDAP sync rule fails if trying to sync user account already imported by a different sync rule if certificate bindings are included.
973232 Missing user groups for FSSO if LDAP lookup does not use sAMAccountName.
975319 Issues detected with selected template when deploying OVA file to VMware Sphere.
983076 Smart Connect profile for Windows installs the client certificate under the incorrect user profile.
1005640 Certificates generated on FortiAuthenticator with its own CA appear as 'untrusted' for FortiToken Mobile in push return service.
1007051 REST API realmauth: FTM Push not working properly for if user account with same type and username in separate realms.
1010853 Invalid URL link in password reset email when username contains special UTF8 characters.
1016955 Certificate generation does not work against some ACME servers due to account email update attempt by FortiAuthenticator.
961550 FortiAuthenticator incorrectly logs "invalid token" when end-user declines FTM push.
983781 LDAP sync rule test filter only includes groups if tree view is expanded.
988320 SFP Port 5/6 on FortiAuthenticator 800F occasionally going down unexpectedly and require reboot come back up.
990360 RADIUS Disconnect-request fails due to missing accounting session id attribute.
1004271 Certificate binding in user account showing expired status even if there is another valid certificate.
1005153 Unable to create remote LDAP server with Kerberos realm name containing an underscore.
1014087 FortiAuthenticator stops responding to SAML/RADIUS requests after AD servers maintenance window.
1014845 execute expand-partition command is not working.
1017747 FortiAuthenticator does not respond to SCEP request from Apple MDM.
1017916 Remote User Sync Rules does not work with OpenLDAP group attribute.
1004216 SAML IDP: switching 'Mandatory password...' to 'All configured...' gives Please correct the error below.
1007898 SAML Proxy - Delay before redirection to SP after successful authentication with remote SAML IdP related because of blocking DNS lookup.
997240 LDAP Service does not return list of users when querying group for memberof attribute.
801933 LDAP service logs "LDAP_FAC" as source IP instead of the LDAP client IP address.
805969 Zero trust tunnels to multiple FortiGates does not work.
986259 Admin UI: Primary cluster info formatting is distorted on HA Status page of the load balancer node.
1022146 Changing the server certificate in CMP settings is not taking effect until after a reboot.
1022734 403 error when downloading FortiAuthenticator SP's metadata if 'SAML SP SSO' is not enabled on the interface.
1023816 SSO sessions are created for local users that are excluded from SSO in Fine-grained Controls.
863635 SAML IdP-initiated portal displaying wrong auth method for FIDO users.
1000927 Promoting user account to sponsor/admin role should not be allowed when username contains non-ASCII characters.
1002523 SCEP server checks renewal criteria of the wildcard enrollment request instead of the one specific to renewed cert.
1009748 SMS user registration receipt includes FortiAuthenticator URL with a colon at the end.
1012102 Force Password Change page on SAML IdP Portal does not allow semi-colon or quotations in the password.
1021681 Authentication factors in User Lookup table incorrectly states no token was used for SAML IdP login session.
1012741 After successfully assigning an offline token to a remote user the local user page loads up.
1019660 FTM re-provisioning should not be allowed for Offline tokens in the legacy portal settings.
963398 Login widget demo on Firefox broken for SSO Portal Services settings
1012225 Rate Limit for Rest API does not function.
933018 HA (A-P) takes a long time to stabilize at boot.
874293 FortiAuthenticator picks the incorrect IP from proxied requests from the header when multiple headers are used in a request.

1027581

The SCIM server does not support assigning FortiToken Mobile tokens to imported user accounts.
Previous
Next

Known issues

This section lists the known issues of this release, but is not a complete list. For inquiries about a particular bug, please contact Technical Support within the FortiCare portal.

Bug ID

Description
988439 FortiAuthenticator cannot join a domain with special UFT-8 extended ASCII characters.
950855 Unintelligible characters are sometimes displayed after saving certificate in the admin UI.
997200 SAML IdP Proxy not able to retrieve group memberships from remote OpenLDAP server.
971708 Restoring configuration on AWS resets password of 'admin' account to instance-id.
972164 LDAP sync rule fails if trying to sync user account already imported by a different sync rule if certificate bindings are included.
973232 Missing user groups for FSSO if LDAP lookup does not use sAMAccountName.
975319 Issues detected with selected template when deploying OVA file to VMware Sphere.
983076 Smart Connect profile for Windows installs the client certificate under the incorrect user profile.
1005640 Certificates generated on FortiAuthenticator with its own CA appear as 'untrusted' for FortiToken Mobile in push return service.
1007051 REST API realmauth: FTM Push not working properly for if user account with same type and username in separate realms.
1010853 Invalid URL link in password reset email when username contains special UTF8 characters.
1016955 Certificate generation does not work against some ACME servers due to account email update attempt by FortiAuthenticator.
961550 FortiAuthenticator incorrectly logs "invalid token" when end-user declines FTM push.
983781 LDAP sync rule test filter only includes groups if tree view is expanded.
988320 SFP Port 5/6 on FortiAuthenticator 800F occasionally going down unexpectedly and require reboot come back up.
990360 RADIUS Disconnect-request fails due to missing accounting session id attribute.
1004271 Certificate binding in user account showing expired status even if there is another valid certificate.
1005153 Unable to create remote LDAP server with Kerberos realm name containing an underscore.
1014087 FortiAuthenticator stops responding to SAML/RADIUS requests after AD servers maintenance window.
1014845 execute expand-partition command is not working.
1017747 FortiAuthenticator does not respond to SCEP request from Apple MDM.
1017916 Remote User Sync Rules does not work with OpenLDAP group attribute.
1004216 SAML IDP: switching 'Mandatory password...' to 'All configured...' gives Please correct the error below.
1007898 SAML Proxy - Delay before redirection to SP after successful authentication with remote SAML IdP related because of blocking DNS lookup.
997240 LDAP Service does not return list of users when querying group for memberof attribute.
801933 LDAP service logs "LDAP_FAC" as source IP instead of the LDAP client IP address.
805969 Zero trust tunnels to multiple FortiGates does not work.
986259 Admin UI: Primary cluster info formatting is distorted on HA Status page of the load balancer node.
1022146 Changing the server certificate in CMP settings is not taking effect until after a reboot.
1022734 403 error when downloading FortiAuthenticator SP's metadata if 'SAML SP SSO' is not enabled on the interface.
1023816 SSO sessions are created for local users that are excluded from SSO in Fine-grained Controls.
863635 SAML IdP-initiated portal displaying wrong auth method for FIDO users.
1000927 Promoting user account to sponsor/admin role should not be allowed when username contains non-ASCII characters.
1002523 SCEP server checks renewal criteria of the wildcard enrollment request instead of the one specific to renewed cert.
1009748 SMS user registration receipt includes FortiAuthenticator URL with a colon at the end.
1012102 Force Password Change page on SAML IdP Portal does not allow semi-colon or quotations in the password.
1021681 Authentication factors in User Lookup table incorrectly states no token was used for SAML IdP login session.
1012741 After successfully assigning an offline token to a remote user the local user page loads up.
1019660 FTM re-provisioning should not be allowed for Offline tokens in the legacy portal settings.
963398 Login widget demo on Firefox broken for SSO Portal Services settings
1012225 Rate Limit for Rest API does not function.
933018 HA (A-P) takes a long time to stabilize at boot.
874293 FortiAuthenticator picks the incorrect IP from proxied requests from the header when multiple headers are used in a request.

1027581

The SCIM server does not support assigning FortiToken Mobile tokens to imported user accounts.
Previous
Next