Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 6.0.4. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

356454 The Central SSL-VPN or SSL-VPN query unexpectedly shows users from all VDOMs that are managed in another ADOM.
411314 The "diagnose cdb check adom-integrity" command cannot recover ADOM with address name that has a leading or trailing space.
417358 Search result is lost after editing an object.
434611 Policy check should detect policies with "none" objects and report them as a specific category under Policy Consistency Check.
478257 VPN Manager should filter out invalid interfaces for the default VPN interface.

485541

Cannot save changes made in interface type Hardware Switch or Software Switch settings.

486445 Scheduled TCL scripts fail when executed against a single device, multiple devices, or a Device Group.
496827 Unable to delete the LDAP server, if the user group is deleted before removing the LDAP members.
497179 The Monitor in the VPN Manager does not respect the units when sorting by incoming or outgoing data.
500069 DOS Policy Anomaly configuration settings are missing the Quarantine, Quarantine-Expiry, and Quarantine-Log options.
500410 FortiManager GUI should allow configuring Phase 2 Selector Local and Destination addresses with an IPv6 type with subnet, range, IP, or name.
500991 There should be a clear error message on why the policy package install failed after reclaimed tunnel.
501202 AP Manager Wi-Fi profiles missing LAN ports configuration settings on FortiManager GUI.
503915 Users may not be able to change device password via JSON APIs.
504302 The "IPv4 Split include" option for IPSec should be available under the Range assignment mode.
506163 Device Manager GUI no longer displays interface zone members following upgrade.
506697 Under HA's Port monitor, we should be able to see all port-monitored interfaces, such as aggregated, loop-back, or VLAN interface.
507107 FortiManager should not unset the "switch-controller-igmp-snooping" and "switch-controller-dhcp-snooping" settings.
510665 After an interface is created, the config status is not updated.
511256 Policy Package status should show as modified after making changes in web filter profile.
511580 After upgrade, install may fail on web filtering profile.
513675 Policy push should not be allowed if another user has the device locked.
513763 User should be allowed to change country code in existing or cloned AP profile settings.
513799 FortiManager should only display detected rogue APs that are online.
515541 FortiManager is not updating the password of FortiGates under managed FortiAnalyzer.
516158 FortiManager should not add domain-filter syntax during ADOM upgrade.
516621 When a new profile with password/secret field, such as TACACS, Radius, etc., is created, FortiManager populates secret values with a dummy value that is longer than the allowed maximum length.
517060 User should able to change the action for multiple signatures at once.
517232 Invalid Source/Destination "Negate Cell" option for certain policy types and missing "Negate Cell" for IPv4 policy source address.
517618 Users should be able to use "Header" type Explicit Policy address as Source Address in Explicit Proxy policies.
517768 FortiManager should allow users to create routes with interface that is dedicated to management.
517874 FortiManager should be able to use 'US only' FortiGaurd servers with any license configuration.
518148 The System replacement messages for "Manage Images" should not be grayed out.
518680 IP Pool not imported due to an error while creating mapping failed due to "arp-intf" which is a member of a zone setting in IP pool.
518708 When viewing the devices in Device Manager, the list automatically scrolls back to the top for every heartbeat interval.
518756 When "vdom-netflow" is disabled, FortiManager should not push any collector-ip and source-ip settings to FortiGate.
518949 When exporting a Policy Package using CSV, it does not include Footer policies.
518984 Cluster members should show consistent results in dashboard and device settings.
519108 Scheduled Remote CLI Scripts are struck at 1%.
519229 When using workspace mode, modification to device group is not recognized as a change.
519252 After FortiManager was upgraded, cloning a policy package changes the package inspection mode.
519297 When FortiManager manages FortiGate v5.6 or earlier devices, FortiManager should not support fsso-type group for switch-controller security-policy.
519487 FortiGate fails to receive FortiGuard updates from FortiManager when ssl-static-key-ciphers is disabled.
520092 FortiManager should not update any dynamic attributes for SCEP generated objects.

520108

Policy Package Import stuck at 5% and security console demon crashes.

520123

0255: After installing to 500 devices, multiple devices are out of sync when auto-update disabled.

520548 It should be possible to close the pop up window and see current number of successful tasks for the policy assignment of a global package.

520899

When opening an edit dialog in firewall address group per-device mapping, members multiple-select is not pre-populated with entries.

520976 Revision diff always shows changes with policy package settings.
521117 FortiManager should not check for empty service when internet-service is disabled, which may cause copy to fail.
521379 FortiManager may disable the reliable option for FortiAnalyzer log settings.
521673 FortiManager does not trigger policy package status to shown as modified when LDAP configuration is changed.
522025 Under Policy & Objects, the frame column width is reset to default when user refreshes or re-enters the same object list.
522310 Unable to edit Global ADOM DB to change global version from GUI (which will reset Global config). As a workaround, use CLI "exec reset adom-settings Global" or upgrade global version.
522440 FortiManager should support the IPS signature syntax,"--icmp.type !=".
522713 ADOM upgrade stuck at 5%.

522720

After upgrade from 6.0.2 to 6.0.3, unexpected changes in guest group users appear.

522779 Secured backups fail due to issue with the SSH certificate.
523639 VPN Manager Monitor page stuck loading when an external gateway is defined.
523878 FortiManager should not install the CLIs, "system csf {upstream-ip upstream-port group-name group-password}", which are read-only attributes on FGT-6000F.
524202 Upgrading Global Database removes all ADOMs from policy package Assignment section.

524572

0270: Unable to edit hardware switch interface on FortiManager 6.0.3.

524752 IPS custom signature using protocol type icmp is valid in FortiOS syntax and therefore should be able to import into FortiManager.

526932

B255/B8054 : Can't save changes made in interface type hardware switch settings.

526934 Web UI should not enable HTTP access under Interface Settings when a user views interface settings.
526938 Searching an IP address in interface list should show the interface and the zone in which the interface is a member of.

Resolved Issues

The following issues have been fixed in 6.0.4. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

356454 The Central SSL-VPN or SSL-VPN query unexpectedly shows users from all VDOMs that are managed in another ADOM.
411314 The "diagnose cdb check adom-integrity" command cannot recover ADOM with address name that has a leading or trailing space.
417358 Search result is lost after editing an object.
434611 Policy check should detect policies with "none" objects and report them as a specific category under Policy Consistency Check.
478257 VPN Manager should filter out invalid interfaces for the default VPN interface.

485541

Cannot save changes made in interface type Hardware Switch or Software Switch settings.

486445 Scheduled TCL scripts fail when executed against a single device, multiple devices, or a Device Group.
496827 Unable to delete the LDAP server, if the user group is deleted before removing the LDAP members.
497179 The Monitor in the VPN Manager does not respect the units when sorting by incoming or outgoing data.
500069 DOS Policy Anomaly configuration settings are missing the Quarantine, Quarantine-Expiry, and Quarantine-Log options.
500410 FortiManager GUI should allow configuring Phase 2 Selector Local and Destination addresses with an IPv6 type with subnet, range, IP, or name.
500991 There should be a clear error message on why the policy package install failed after reclaimed tunnel.
501202 AP Manager Wi-Fi profiles missing LAN ports configuration settings on FortiManager GUI.
503915 Users may not be able to change device password via JSON APIs.
504302 The "IPv4 Split include" option for IPSec should be available under the Range assignment mode.
506163 Device Manager GUI no longer displays interface zone members following upgrade.
506697 Under HA's Port monitor, we should be able to see all port-monitored interfaces, such as aggregated, loop-back, or VLAN interface.
507107 FortiManager should not unset the "switch-controller-igmp-snooping" and "switch-controller-dhcp-snooping" settings.
510665 After an interface is created, the config status is not updated.
511256 Policy Package status should show as modified after making changes in web filter profile.
511580 After upgrade, install may fail on web filtering profile.
513675 Policy push should not be allowed if another user has the device locked.
513763 User should be allowed to change country code in existing or cloned AP profile settings.
513799 FortiManager should only display detected rogue APs that are online.
515541 FortiManager is not updating the password of FortiGates under managed FortiAnalyzer.
516158 FortiManager should not add domain-filter syntax during ADOM upgrade.
516621 When a new profile with password/secret field, such as TACACS, Radius, etc., is created, FortiManager populates secret values with a dummy value that is longer than the allowed maximum length.
517060 User should able to change the action for multiple signatures at once.
517232 Invalid Source/Destination "Negate Cell" option for certain policy types and missing "Negate Cell" for IPv4 policy source address.
517618 Users should be able to use "Header" type Explicit Policy address as Source Address in Explicit Proxy policies.
517768 FortiManager should allow users to create routes with interface that is dedicated to management.
517874 FortiManager should be able to use 'US only' FortiGaurd servers with any license configuration.
518148 The System replacement messages for "Manage Images" should not be grayed out.
518680 IP Pool not imported due to an error while creating mapping failed due to "arp-intf" which is a member of a zone setting in IP pool.
518708 When viewing the devices in Device Manager, the list automatically scrolls back to the top for every heartbeat interval.
518756 When "vdom-netflow" is disabled, FortiManager should not push any collector-ip and source-ip settings to FortiGate.
518949 When exporting a Policy Package using CSV, it does not include Footer policies.
518984 Cluster members should show consistent results in dashboard and device settings.
519108 Scheduled Remote CLI Scripts are struck at 1%.
519229 When using workspace mode, modification to device group is not recognized as a change.
519252 After FortiManager was upgraded, cloning a policy package changes the package inspection mode.
519297 When FortiManager manages FortiGate v5.6 or earlier devices, FortiManager should not support fsso-type group for switch-controller security-policy.
519487 FortiGate fails to receive FortiGuard updates from FortiManager when ssl-static-key-ciphers is disabled.
520092 FortiManager should not update any dynamic attributes for SCEP generated objects.

520108

Policy Package Import stuck at 5% and security console demon crashes.

520123

0255: After installing to 500 devices, multiple devices are out of sync when auto-update disabled.

520548 It should be possible to close the pop up window and see current number of successful tasks for the policy assignment of a global package.

520899

When opening an edit dialog in firewall address group per-device mapping, members multiple-select is not pre-populated with entries.

520976 Revision diff always shows changes with policy package settings.
521117 FortiManager should not check for empty service when internet-service is disabled, which may cause copy to fail.
521379 FortiManager may disable the reliable option for FortiAnalyzer log settings.
521673 FortiManager does not trigger policy package status to shown as modified when LDAP configuration is changed.
522025 Under Policy & Objects, the frame column width is reset to default when user refreshes or re-enters the same object list.
522310 Unable to edit Global ADOM DB to change global version from GUI (which will reset Global config). As a workaround, use CLI "exec reset adom-settings Global" or upgrade global version.
522440 FortiManager should support the IPS signature syntax,"--icmp.type !=".
522713 ADOM upgrade stuck at 5%.

522720

After upgrade from 6.0.2 to 6.0.3, unexpected changes in guest group users appear.

522779 Secured backups fail due to issue with the SSH certificate.
523639 VPN Manager Monitor page stuck loading when an external gateway is defined.
523878 FortiManager should not install the CLIs, "system csf {upstream-ip upstream-port group-name group-password}", which are read-only attributes on FGT-6000F.
524202 Upgrading Global Database removes all ADOMs from policy package Assignment section.

524572

0270: Unable to edit hardware switch interface on FortiManager 6.0.3.

524752 IPS custom signature using protocol type icmp is valid in FortiOS syntax and therefore should be able to import into FortiManager.

526932

B255/B8054 : Can't save changes made in interface type hardware switch settings.

526934 Web UI should not enable HTTP access under Interface Settings when a user views interface settings.
526938 Searching an IP address in interface list should show the interface and the zone in which the interface is a member of.