Resolved Issues
The following issues have been fixed in 6.0.7. For inquires about a particular bug, please contact Customer Service & Support.
AP Manager
|
Bug ID |
Description |
|---|---|
| 547361 | AP Profile in AP Manager offers redundant options for specific AP models, which can lead to failed installation. |
| 548329 | WiFi profiles SSID DHCP Server toolbar is hidden if System Settings is set to None in an Admin Profile. |
| 564936 | AP Manager does not allow Security Exempt List when Portal Type does not contain Authentication. |
| 570936 |
AP Manager is pushing incorrect syntax for FAPU24JEV wtp-profile, causing
installation failure. |
| 570937 | AP Manager should allow individual configure LAN ports. |
| 571722 | AP Manager should hide WIDE profiles if they cannot be used in certain modes. |
| 572544 | When creating a managed AP, FortiManager should properly save the Name and AP Profile fields, and it should not accept FAP's serial number with lowercase letters. |
Device Manager
|
Bug ID |
Description |
|---|---|
|
483821 |
Two default values are incorrect in FMG database ("wad-worker-count" and "socket-size"). |
| 508020 | Web & IPS conflict information is not visible while importing policy package. |
| 514299 | If the address objects have the same configuration, FortiManager should not add dynamic mapping for the same identical objects during the import. |
| 528965 | FortiManager needs to support four modes for SD-WAN service's output interface: Auto, Manual, Priority, and SLA Assign. |
| 536078 | Device Manager may not be able to display more than 50 VDOMs. |
| 539928 | Objects used in SD-WAN rules show as not in use in address list. |
| 542961 | FortiManager is unable to change FGT's administrator password from CLI Configurations. |
| 544597 | VLAN interface is not available for EMAC VLAN on Device Manager > System > Interfaces. |
| 544880 | FortiManager should not allow adding loopback interface to a zone. |
| 547528 | FortiManager may be slow to view large device revisions on Firefox. |
| 549638 | MAC address Access Control List entries under DHCP server get duplicated when editing an entry. |
| 549674 | Users should be able to create a new SD-WAN template even if System Settings is set to None in the Admin Profile. |
| 550237 | Read-only admin should not be allowed to add detected devices. |
| 550239 | System SNMP user is missing the value aes256cisco for the field
priv-proto. |
| 550513 | Users should be able to change IPSec Phase1 within IPSec Phase2 settings. |
| 551077 | FortiManager may not be able to import policies from FortiGate SLBC. |
| 551701 | FortiManager is unable to set OSPF Interface Network Type as P2MP. |
| 553491 | Enabling or disabling multiple interfaces should be allowed in Device Manager. |
| 554154 | FortiManager should be able to select multiple FortiExtender units for upgrade from the Extender tab. |
| 555394 | Policy route's columns for Source and Destination show port information instead of subnet addresses. |
| 555635 | Certificate is not visible on GUI after restoring the configuration, which was exported from FortiManager. |
| 564182 | FortiManager should always respond with invalid VDOM name when accessing FortiManager with incorrect hyperlinks. |
| 564625 | Re-importing a policy package may result in changing policy package status to modified. |
| 568626 | FortiManager can only modify the order of DNS forwarder only if the IP addresses are in quotes ("") and when the IP addresses are not separated by a comma. |
| 569468 | Firmware version value is incorrect in device list after upgrade. |
| 569900 | FortiManager may hang when adding devices from root ADOM within the unregistered device list. |
| 570109 | FortiManager cannot configure fail-detect-option in interface's advanced
options. |
| 571581 | FortiManager may not show zone changes in policy package diff. |
| 574988 | CLI only object cannot create router BGP AS-path list and community list,
and prompts the error "entry does not exist". |
| 575823 | FortiManager should not allow user to delete extra proposals when
SUITE-BPRF is enabled. |
| 576320 | Policy status of all devices used in VPN Manager is changing to modified after deleting some unrelated devices. |
| 576565 | Creating VXLAN may gradually take more time. |
| 577937 | Editing Restrict Access in VLAN interface settings removes interface from zone. |
|
579648 |
FortiManager |
| 581812 | Sorting Extenders by Device Name does not work. |
| 583467 | FortiManager cannot edit the MTU parameter on an interface in Device Manager. |
| 586550 | Device Manager does not detect newly joined Telemetry group on FortiGate. |
FortiClient Manager
|
Bug ID |
Description |
|---|---|
| 548572 | FortiManager shows unclear message in FortiClient Profile with Response with errors instead of Device groups cannot be empty. |
FortiSwitch Manager
|
Bug ID |
Description |
|---|---|
| 586557 | User group for FortiSwitch Security Policy should not be removed once Workflow session is created and submitted. |
Global ADOM
|
Bug ID |
Description |
|---|---|
| 509665 | Global v5.2 assigned to ADOM v5.4 and
webfilterftgd-local-rating might set to wrong category. |
| 551072 | Assignment of object-tag from 5.6 Global ADOM to 6.0 ADOM should not
fail. |
| 580600 | FortiManager may not respond when assigning Global Objects. |
| 587511 |
gSSO_Guest_User should work the same as predefined SSO_Guest_User. |
Others
|
Bug ID |
Description |
|---|---|
| 529770 | Policy package integrity check provides no clarification on intended database changes. |
| 538915 | Firmware version is not displayed on NOC - SOC page. |
| 540034 | There may be repetitive fmgd crashes in FortiManager's crashlog. |
| 541880 | The dmserver daemon may crash when installing to multiple devices and CPU
usage reaches 100%. |
| 551937 | FortiManager should only allow the browser to save and paste credentials at the logon prompt only. |
| 552222 | When running cdbcheckpolicy-packages, FortiManager prompts
central fap object not found errors. |
| 561008 | Second IP in central management removed by master FortiManager on re-connection. |
| 561279 | The newcli process may crash when running the diagnose cdb upgrade
check +all command. |
| 561946 | Upgrading FortiManager may fail due to incorrect limit for user adgrp. |
| 574826 | FortiManager port negotiation switches to 100 half-duplex mode after a reboot. |
| 576558 | Delete invalid orphan entries" errors found by diag cdb
upgrade check +all are not fixed. |
| 580832 | FortiManager may show disk unused under LVM. |
| 586241 | When locking an ADOM and deleting it with workflow enabled, the workflow
stays with status changes to (null). |
| 586991 |
Logver field is missing when FortiAnalyzer is enabled,
affecting report related features. |
|
589805 |
Installing policy package via JSON API with missing interface in zone definition deletes zone and corresponding firewall policies on FortiGate. |
Policy and Objects
|
Bug ID |
Description |
|---|---|
|
571235 |
Enabling policy hit count locks ADOM and provokes GUI slowness. |
| 494367 | Users cannot search address in policy where the address is a part of a nested group. |
| 521904 | Policy and Object's folders do not reflect policy package status. |
| 528881 | Users are not able to remove all FSSO objects from selected list that has a large number of entries. |
| 530717 | Under Policy & Objects > Policy Package > right click > add address in policy, the page is stuck on loading with Microsoft Edge. |
| 531585 | A proxy policy's source address field should display all address objects in the search list despite the interface binding defined for the addresses. |
| 534220 | Users cannot add entries for per-device mapping with existing VIP group when a VIP binds to a port that is part of SD-WAN. |
| 540045 | Search is not persistent after creating or cloning a new object. |
| 544404 | A remote user approves a session, session list shows zero session. |
| 545484 | ADOM unable to create per-device mappings for local certificate. |
| 546334 | Dynamic interface is not visible in policies until web page refreshes. |
| 547052 | FortiManager GUI should not allow creating security profiles without any SSL/SSH inspection profile defined. |
| 547055 | FortiManager GUI should prevent CA certificate to be changed on built-in SSL/SSH inspection profiles. |
| 549504 | Wildcard remote admin cannot run schedule install. |
| 553704 | FortiManager may be stuck at loading when using the Find Duplicate Objects function. |
| 554092 | FortiManager is unable to use interface member of a zone as Source Interface filter for VIP object. |
| 554901 | EU country ID is available in FortiManager, but the ID is not part of the latest geographical database. |
| 558408 | When user installs a policy package to more than 20 devices, some of the
task for this installation may hang and dmserver crashes. |
| 559009 | FortiManager should allow users to select SD-WAN interface on IPv6 policy. |
| 559104 | Incorrect ADOM name may be displayed in Where Used. |
| 559112 | FortiManager may not be able to edit a proxy policy that was inserted above or below. |
| 559751 | Duplicated ##seq appears in policy packages, and they cannot be fixed with
diagnose command. |
| 560694 | If hitcount is updated while ADOM is locked, policies matched by traffic are highlighted as modified. |
| 562160 | FortiManager should be able to create dynamic mapping for object-tagging
category. |
| 563169 | When user changes webfilter settings, username in last modified column should always be updated. |
| 563629 | Clicking on "+" function should allow users to add Wildcard FQDN objects. |
| 564203 | Policy package cannot export to Microsoft Excel when policy is more than 20,000 policies. |
| 564405 | FortiManager may not be able to modify Tag-Format field under Anti-spam
profile. |
| 566599 | IPS Rate Based Signatures may be applied in the wrong order. |
| 567514 | Multiple policies may be deleted by accident, if they are selected on the background from the previous filtered result. |
| 569551 | FortiManager should be able to save quotas within webfilter profile. |
| 576267 | SSL/SSH inspection profile change does not change all related policy package statuses to modified. |
| 579844 | When user logs in with remote Radius authentication with assigned VDOM and access profile, FortiManager may not show the installation target devices. |
| 580676 | FortiManager may not delete and change a policy, and it affects another policy packages. |
| 581481 | FortiManager should allow adding a custom Application Control signature with the same attack ID as an existing one. |
| 582685 | Web Filter Profiles with URL filter lists may take a long time to load. |
| 588548 | Under workspace, addresses may be removed from a firewall policy when merging duplicated addresses. |
| 588869 | Re-installing policy package on FortiGate with multiple VDOMs may wipe out configuration on a VDOM that belongs to a different policy package. |
| 590179 | Drop-down cannot populate OCI Certificate for OCI Fabric Connector. |
|
581495 |
Interface Validation should prompt only once per unmapped interface. |
Revision History
|
Bug ID |
Description |
|---|---|
| 524611 | FortiManager tries to set profile-type group
even if there is no profile-group specified causing installation to fail. |
| 539994 | Installing to FortiGate fails when wildcard-fqdn address is used in SSL
profile. |
| 548027 | After FortiGate upgrades, verification may fail on set nat
enabled if set central-nat enable is configured. |
| 549001 | Installation may fail after changed inspection mode from Proxy to Flow. |
| 555796 | Installing policy on 6K series FortiGate may remove the interface setting
set forward-error-correction rs-fec. |
| 556985 | FortiManager prompts unclear message when device configuration file is not found. |
| 560689 | Auto-Update revision is missing set stp-bpdu-guard enabled. |
| 565436 | After FortiManager processed many auto-update requests, FortiManager may not be able to create a new revision. |
| 565636 | FortiManager may prompt verification error on Global ADOM's gall address. |
| 565970 | One specific unused adgrp is getting pushed to FortiGate that does not
use by FSSO anywhere. |
| 566138 | FortiManager may not correctly install Application Control configurations. |
| 566390 | Policy installation may fail due to FortiGuard certifications. |
| 567770 | Install custom internet service to FortiGate fails when None is selected for Master Service ID. |
| 577964 | FortiManager should install imported CA certificates to managed FortiGate device. |
| 586992 | FortiManager does not install broadcast-forward enabled on Virtual Switch to managed FortiGate. |
| 589858 | The BGP scan-time value of 0 can be set on FortiGate, but
FortiManager resets it to default by unset scan-time on the next
policy push. |
Script
|
Bug ID |
Description |
|---|---|
| 519495 | Running a script always returns the error, the script is not eligible, even though the actual error may be different. |
| 530838 | When viewing script results, there are several new lines in unexpected places. |
| 550502 | Installing DDoS policies via a CLI script may fail. |
| 555175 | User may mistakenly configures FortiManager to run script against a group of targets when targeting a single device. |
| 559844 | FortiManager may not be able to set client-idle-timeout to 0 in device
database. |
| 564937 | FortiManager allows users not to set device type when creating a user device resulting in install failure. |
| 565053 | FortiManager cannot unset Security Exempt List. |
| 577463 | Script scheduling should not be affected by the order of configuration. |
| 586817 | Script may not be getting applied completely on policy package. |
| 587015 | When user tries to set signature with non escaped quotes from script, the signature becomes separate strings, and the installed string may not be what it is expected. |
Services
|
Bug ID |
Description |
|---|---|
| 539196 | FortiManager should not show FortiGuard subscription status Expired, if a trial license is expired. |
| 543404 | FortiManager should display log on FortiGuard Distribution Server Download Log. |
| 551096 | FortiMeter Program License is expired and it is displayed as FREZ even though FortiGate Traffic is still passing. |
| 557355 | FortiManager may not connect to FortiGuard when fds-ssl-protocol is set
to either tlsv1.1 or tlsv1.2. |
| 562021 | FortiManager should support HTTPS proxy. |
System Settings
|
Bug ID |
Description |
|---|---|
| 498133 | 0150: Syslog is not sent using IPv6. |
| 529051 | Map to Policy Interface & Scan out going connection to Botnet Sites disappears in v6.0.3 when running FortiManager in workflow mode. |
| 537312 | Event logs should not have the user from field when an internal process riggers the log. |
| 537338 | FortiManager should not reset objects' Created Time and Last Modified timestamps after upgrading ADOMs. |
| 539137 | User may not be able to access to FortiManager using IPv6 address, even if user sets IPv6 allow access on HTTPS and HTTP. |
| 548034 | System Settings' LDAP may not work with nested directory groups. |
| 562239 | Dynamic mappings may be deleted after ADOM upgrade. |
| 563918 | FortiManager should prompt more clear error when ADOM upgrade fails. |
| 564400 | ADOM upgrade may show the error firewall ssl-ssh-profile ssl-exempt wildcard-fqdn. detail: table limit. |
| 576098 | Event log may not show the correct username when changing a non policy related object. |
| 579075 | LDAP admin user may not be able to access FortiManager when there are many LDAP groups. |
| 580486 | Adding ADOM fails with errorCode 102: 'Fail to lock adom Global workspace' when workspace-mode is set to normal. |
| 584749 | System Settings may not show the ADOM-VDOM association. |
| 587242 | [b349] HA Cluster fails after upgrading to 6.0.6 with peer IP using IPv6. |
| 588884 | Event log for merging duplicated objects is missing object name. |
VPN Manager
|
Bug ID |
Description |
|---|---|
| 546790 | Table row's height too short to display the monitors for multiple phase 2 entries. |
| 553860 | Hub-to-Hub IPsec Phase1 interface install uses remote-gw as interface IP
even though public IP is defined under the Advance section. |
| 554857 | Policy package does not go out-of-sync after VPN Manager is enabled. |
| 556340 | VPN manager > create a new VPN communities displays IKE Version default value as 2 instead of 1. |
| 563961 | Selection menus for authusrgrp and ipv4-split-include are not working in the gateway configuration for Dial-Up. |
| 571164 | VPN Manager has problem adding secondary WAN interface from a hub in star community. |
| 574727 | VPN Manager may not display SSL-VPN settings for some devices. |
| 576308 | Policy package exported as CSV contains hit count data only for IPv4, but not for IPv6. |
| 577939 | VPN Manager may install different PSKs to gateways. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
|
Bug ID |
Description |
|---|---|
| 542636 | FortiManager is no longer vulnerable to the
following CVE-Reference:
|
| 565905 | FortiManager is no longer vulnerable to the following CVE Reference:
|
| 565947 | FortiManager is no longer vulnerable to the following CVE Reference:
|
| 565967 | FortiManager is no longer vulnerable to the following CVE Reference:
|