Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in 6.0.0. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

450434

FortiManager may unset wtp-mode after users change AP config from AP Manager.

462857

Following changes in an AP profile, FortiManager may install unrelated local user group and radius server to VDOM root.

464811

Updated AP name may get reverted back to its default name if users do not install the change in a while.

481651

fapc-compatibility may be unset.

Device Manager

Bug ID

Description

408183

Changing monitored interface status up/down may cause installation to fail.

411968

Users may not be able to configure Replacement Messages and Images for VDOMs.

445537

ADOM version inconsistency warning may be displayed when users add a FortiAnalyzer.

459858

All cluster members are shown as Slave in Logging FortiGates.

460403

FortiManager may not be able to automatically generate an interface of type vxlan.

462851

ha-direct is not available for SNMP v3 in provisioning templates.

463169

set apn is not available in device db under system lte-modem for FortiWifi-30E-3G4G-INTL.

467773

All zones are displayed in every FortiGate.

468776

FortiManager may not be able to add FortiGate 6.0 devices with VDOM enabled.

Workaround: In each of the configured VDOM, please unset the following configurations for each of the wireless controller's UTM profiles, e.g.,

config wireless-controller utm-profile

edit "g-wifi-default"

unset ips-sensor "g-wifi-default"

unset application-list "g-wifi-default"

unset antivirus-profile "g-wifi-default"

unset webfilter-profile "g-wifi-default"

unset firewall-profile-protocol-options "g-wifi-default"

unset firewall-ssl-ssh-profile "g-wifi-default"

next

end

473491

Certificate Enrollment may fail using SCEP on Microsoft NDES server.

474621

After users upgrade a v5.2 FortiGate to v5.4 in a v5.2 ADOM, the next installation may fail.

474893

Users may be unable to setup multiple passive-interface in OSPF on GUI.

475483

Users may fail to use named address in static route configuration.

477009

VM Meter may not show both Master and Slave licensing information on GUI.

477142

Cloning a DHCP server may fail at the first attempt.

479258

After adding and importing a new device, other device may have Modified policy package status.

480290

Users may not be able to move aggregated interfaces between VDOMs.

484229

When enabling or disabling FortiGate’s VDOM mode via FortiManager, it may return failure when installing the change.

Workaround: Enable or disable VDOM mode on FortiGate directly.

485756

FortiManager cannot manage EMAC-VLAN related configurations.

FortiClient Manager

Bug ID

Description

377095

Users may be unable to move FortiClient profile from GUI.

480813

FortiManager may be unable to update definitions for FortiClient when FortiClient is sending vulnerability statistics.

FortiSwitch Manager

Bug ID

Description

480294

Installation of FortiSwtich template changes may fail.

483414

Users may be unable to upgrade FortiSwitch from FortiManager.

Global ADOM

Bug ID

Description

470486

Automatic-Install may fail to detect changes to push to ADOMs.

482925

Internet Service destination is not displayed in IPv4 Header/Footer Policy in Global ADOM.

HA

Bug ID

Description

463853

FMG-VM slave may be failed to keep sync when FortiGate configuration is modified on FMG-VM master.

480462

FMG Slave may be failed to sync when users add a bunch of admin users on the Master.

483229

Locking an ADOM on Slave FortiManager may lock the ADOM on the Master FortiManager.

Policy & Objects

Bug ID

Description

444671

GUI may hide logtraffic-start settings when users check the No Log option.

450922

IPS sensor with more than 8192 signature entries may be created.

453702

Users may be unable to filter policies with Hit Count, Bytes, Packets, First Used or Last Used.

456710

Searching an IP address in policy list may not yield the result of all the address groups with reference to it.

459314

Users are able to delete used firewall objects.

459655

per-device mapping firewall address value changes may not change policy package status to Modified.

460615

Renaming RADIUS server used by Authentication in Device Manager – Device Name – Interface type WiFi SSID may not work.

462712

Page jumps might occur when using the middle mouse to scroll through large tables of data in the GUI with Firefox browser.

463662

Users may be unable to move columns.

463920

The address searched is not highlighted in address groups.

465620

log-attack-context is not visible in Intrusion Prevention.

469657

Policies can be dragged and dropped to outside of visible area.

470539

Users may be unable to delete some invalid Web URL filters.

471030

FortiManager allows users to use wildcard entries under Web Rating Overrides.

472825

Web Filter profile may not be changed in Explicit Proxy Policy when profile name contains +.

473104

Some ports in custom service may not get installed to FortiGate.

473973

Drag and drop allows co-existing profiles and profile groups in one single policy.

474270

monitor-mode option is not available in gtp profile.

474629

Security Profile Groups created on FortiManager may be pushed to all FortiGates upon next policy installation.

474849

The page may return to policy 1 after users insert a policy.

475241

Users may be unable to clone a global assigned object in local ADOMs.

475496

Source addresses, destination addresses and services may not be listed in alphabetical order in policy list.

475594

Users may be not able to create new firewall service custom objects because of the tablesize limit.

475935

FortiManager may falsely report conflicts of icmptype and icmpcode during policy import.

477298

Radius changes may not be pushed to FortiGate if radius user group is IPSec Phase1 VPN.

480389

Import wizard may hang at interface mapping page.

481034

Policy Package installation may fail when a Firewall Policy contains a VIP Group mapped to a zone interface.

481560

There is no validation check for FQDN addresses.

481991

The NAT checkbox may be always unchecked in Central SNAT policy.

482361

After users rename a section, there may be one policy left under the old section name.

484792

After editing an object, an error Not Found may occur.

Revision History

Bug ID

Description

472443

FortiManager may not be able to retrieve some profiles when VDOM is enabled on a FortiGate 6.0 device.

477677

There may be copy fails when there is a global range CA certificate.

478606

The preview of a VDOM with no commands to be installed may show commands to be installed from other VDOMs in a policy re-install.

480723

There may be copy fails when a webfilter and a URL filter share the same name.

Script

Bug ID

Description

471661

Advanced Device Filters may be displayed when users are editing CLI script.

480982

Progress bar for installing script may not work if the admin user has None access to import-policy-packages.

482929

Users may be unable to add/edit script details using IE 11.

482939

When users run scripts to edit an aggregated interface, extra unset member may be added during installation.

Services

Bug ID

Description

475033

Signature packages may be updated every hour when it is set to update daily.

478050

FortiGuard > Package Management > Service page may show duplicate entries after FortiGate HA cluster failover.

483670

FortiManager may not download the image from FortiGuard to upgrade the FortiGate's firmware.

Workaround: Run the diagnose fwmanager service-restart CLI command and perform the upgrade again.

System Settings

Bug ID

Description

471742

SNMP Request Uptime may not be accurate.

476905

Too many event logs may be generated when the policy hit count feature is enabled.

481018

DST change may be incorrect for Israel.

Workspace and Workflow

Bug ID

Description

478444

Policy package status may not change to “Modified” in workflow mode.

VPN Manager

Bug ID

Description

470511

Search results may be lost after users cancel from editing an entry in the results.

472726

Users may not be able to add/edit bookmarks in VPN manager when workflow mode is enabled.

478536

FortiManager may fail to install a recreated VPN with a different name.

Others

Bug ID

Description

469405

The process uma_upd may crash often.

471095

ADOM upgrade may fail because of webfilter url filter.

480080

Unsetting adom-mode in config system global does not make adom-mode normal.

480551

SNMPwalk may fail with error Error: OID not increasing: IP-MIB::ipAdEntAddr.

480577

GUI may get stuck at Temporarily Unavailable upon upgrading.

481763

diagnose cdb upgrade check may not fix all errors for objcfg-integrity.

483204

FortiManager-3900E may fail to manually negotiate port speed/duplex.

Known Issues

The following issues have been identified in 6.0.0. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

450434

FortiManager may unset wtp-mode after users change AP config from AP Manager.

462857

Following changes in an AP profile, FortiManager may install unrelated local user group and radius server to VDOM root.

464811

Updated AP name may get reverted back to its default name if users do not install the change in a while.

481651

fapc-compatibility may be unset.

Device Manager

Bug ID

Description

408183

Changing monitored interface status up/down may cause installation to fail.

411968

Users may not be able to configure Replacement Messages and Images for VDOMs.

445537

ADOM version inconsistency warning may be displayed when users add a FortiAnalyzer.

459858

All cluster members are shown as Slave in Logging FortiGates.

460403

FortiManager may not be able to automatically generate an interface of type vxlan.

462851

ha-direct is not available for SNMP v3 in provisioning templates.

463169

set apn is not available in device db under system lte-modem for FortiWifi-30E-3G4G-INTL.

467773

All zones are displayed in every FortiGate.

468776

FortiManager may not be able to add FortiGate 6.0 devices with VDOM enabled.

Workaround: In each of the configured VDOM, please unset the following configurations for each of the wireless controller's UTM profiles, e.g.,

config wireless-controller utm-profile

edit "g-wifi-default"

unset ips-sensor "g-wifi-default"

unset application-list "g-wifi-default"

unset antivirus-profile "g-wifi-default"

unset webfilter-profile "g-wifi-default"

unset firewall-profile-protocol-options "g-wifi-default"

unset firewall-ssl-ssh-profile "g-wifi-default"

next

end

473491

Certificate Enrollment may fail using SCEP on Microsoft NDES server.

474621

After users upgrade a v5.2 FortiGate to v5.4 in a v5.2 ADOM, the next installation may fail.

474893

Users may be unable to setup multiple passive-interface in OSPF on GUI.

475483

Users may fail to use named address in static route configuration.

477009

VM Meter may not show both Master and Slave licensing information on GUI.

477142

Cloning a DHCP server may fail at the first attempt.

479258

After adding and importing a new device, other device may have Modified policy package status.

480290

Users may not be able to move aggregated interfaces between VDOMs.

484229

When enabling or disabling FortiGate’s VDOM mode via FortiManager, it may return failure when installing the change.

Workaround: Enable or disable VDOM mode on FortiGate directly.

485756

FortiManager cannot manage EMAC-VLAN related configurations.

FortiClient Manager

Bug ID

Description

377095

Users may be unable to move FortiClient profile from GUI.

480813

FortiManager may be unable to update definitions for FortiClient when FortiClient is sending vulnerability statistics.

FortiSwitch Manager

Bug ID

Description

480294

Installation of FortiSwtich template changes may fail.

483414

Users may be unable to upgrade FortiSwitch from FortiManager.

Global ADOM

Bug ID

Description

470486

Automatic-Install may fail to detect changes to push to ADOMs.

482925

Internet Service destination is not displayed in IPv4 Header/Footer Policy in Global ADOM.

HA

Bug ID

Description

463853

FMG-VM slave may be failed to keep sync when FortiGate configuration is modified on FMG-VM master.

480462

FMG Slave may be failed to sync when users add a bunch of admin users on the Master.

483229

Locking an ADOM on Slave FortiManager may lock the ADOM on the Master FortiManager.

Policy & Objects

Bug ID

Description

444671

GUI may hide logtraffic-start settings when users check the No Log option.

450922

IPS sensor with more than 8192 signature entries may be created.

453702

Users may be unable to filter policies with Hit Count, Bytes, Packets, First Used or Last Used.

456710

Searching an IP address in policy list may not yield the result of all the address groups with reference to it.

459314

Users are able to delete used firewall objects.

459655

per-device mapping firewall address value changes may not change policy package status to Modified.

460615

Renaming RADIUS server used by Authentication in Device Manager – Device Name – Interface type WiFi SSID may not work.

462712

Page jumps might occur when using the middle mouse to scroll through large tables of data in the GUI with Firefox browser.

463662

Users may be unable to move columns.

463920

The address searched is not highlighted in address groups.

465620

log-attack-context is not visible in Intrusion Prevention.

469657

Policies can be dragged and dropped to outside of visible area.

470539

Users may be unable to delete some invalid Web URL filters.

471030

FortiManager allows users to use wildcard entries under Web Rating Overrides.

472825

Web Filter profile may not be changed in Explicit Proxy Policy when profile name contains +.

473104

Some ports in custom service may not get installed to FortiGate.

473973

Drag and drop allows co-existing profiles and profile groups in one single policy.

474270

monitor-mode option is not available in gtp profile.

474629

Security Profile Groups created on FortiManager may be pushed to all FortiGates upon next policy installation.

474849

The page may return to policy 1 after users insert a policy.

475241

Users may be unable to clone a global assigned object in local ADOMs.

475496

Source addresses, destination addresses and services may not be listed in alphabetical order in policy list.

475594

Users may be not able to create new firewall service custom objects because of the tablesize limit.

475935

FortiManager may falsely report conflicts of icmptype and icmpcode during policy import.

477298

Radius changes may not be pushed to FortiGate if radius user group is IPSec Phase1 VPN.

480389

Import wizard may hang at interface mapping page.

481034

Policy Package installation may fail when a Firewall Policy contains a VIP Group mapped to a zone interface.

481560

There is no validation check for FQDN addresses.

481991

The NAT checkbox may be always unchecked in Central SNAT policy.

482361

After users rename a section, there may be one policy left under the old section name.

484792

After editing an object, an error Not Found may occur.

Revision History

Bug ID

Description

472443

FortiManager may not be able to retrieve some profiles when VDOM is enabled on a FortiGate 6.0 device.

477677

There may be copy fails when there is a global range CA certificate.

478606

The preview of a VDOM with no commands to be installed may show commands to be installed from other VDOMs in a policy re-install.

480723

There may be copy fails when a webfilter and a URL filter share the same name.

Script

Bug ID

Description

471661

Advanced Device Filters may be displayed when users are editing CLI script.

480982

Progress bar for installing script may not work if the admin user has None access to import-policy-packages.

482929

Users may be unable to add/edit script details using IE 11.

482939

When users run scripts to edit an aggregated interface, extra unset member may be added during installation.

Services

Bug ID

Description

475033

Signature packages may be updated every hour when it is set to update daily.

478050

FortiGuard > Package Management > Service page may show duplicate entries after FortiGate HA cluster failover.

483670

FortiManager may not download the image from FortiGuard to upgrade the FortiGate's firmware.

Workaround: Run the diagnose fwmanager service-restart CLI command and perform the upgrade again.

System Settings

Bug ID

Description

471742

SNMP Request Uptime may not be accurate.

476905

Too many event logs may be generated when the policy hit count feature is enabled.

481018

DST change may be incorrect for Israel.

Workspace and Workflow

Bug ID

Description

478444

Policy package status may not change to “Modified” in workflow mode.

VPN Manager

Bug ID

Description

470511

Search results may be lost after users cancel from editing an entry in the results.

472726

Users may not be able to add/edit bookmarks in VPN manager when workflow mode is enabled.

478536

FortiManager may fail to install a recreated VPN with a different name.

Others

Bug ID

Description

469405

The process uma_upd may crash often.

471095

ADOM upgrade may fail because of webfilter url filter.

480080

Unsetting adom-mode in config system global does not make adom-mode normal.

480551

SNMPwalk may fail with error Error: OID not increasing: IP-MIB::ipAdEntAddr.

480577

GUI may get stuck at Temporarily Unavailable upon upgrading.

481763

diagnose cdb upgrade check may not fix all errors for objcfg-integrity.

483204

FortiManager-3900E may fail to manually negotiate port speed/duplex.