Resolved Issues
The following issues have been fixed in 6.2.0. For inquires about a particular bug, please contact Customer Service & Support.
|
Bug ID |
Description |
|---|---|
| 356454 | The Central SSL-VPN or SSL-VPN query unexpectedly shows users from all VDOMs that are managed in another ADOM. |
| 411314 | The diagnose cdb check
adom-integrity command cannot recover ADOM with address name that has a
leading or trailing space. |
| 417358 | Search result is lost after editing an object. |
| 434611 | Policy check should detect policies with "none" objects and report them as a specific category under Policy Consistency Check. |
|
436774 |
FortiManager is missing permission settings when managing FortiAnalyzer. |
|
443240 |
HA-status changes to standalone from ELBC cluster when making changes to FortiGuard server setting directly on FortiGate. |
| 474245 | The "set disk-usage log" command should not be installed for devices with log disk. |
| 478257 | VPN Manager should filter out invalid interfaces for the default VPN interface. |
| 486445 | Scheduled TCL scripts fail when executed against a single device, multiple devices, or a Device Group. |
| 489373 | Passwords should allow special characters on certificate templates in FortiManager. |
|
489817 |
|
|
492088 |
FortiManager attempts to change Chassis ID on FortiGate 7000 series when installing configuration. |
| 496827 | Unable to delete the LDAP server, if the user group is deleted before removing the LDAP members. |
| 497179 | The Monitor in the VPN Manager does not respect the units when sorting by incoming or outgoing data. |
|
498107 |
When an address is a member of a dynamic address group, its Where Used results does not say which dynamic group it belongs to. |
| 500069 | DOS Policy Anomaly configuration settings are missing the Quarantine, Quarantine-Expiry, and Quarantine-Log options. |
| 500410 | FortiManager GUI should allow configuring Phase 2 Selector Local and Destination addresses with an IPv6 type with subnet, range, IP, or name. |
|
500697 |
Application signature list is either empty or displayed as undefined. |
| 500991 | There should be a clear error message on why the policy package install failed after reclaimed tunnel. |
| 501202 | AP Manager Wi-Fi profiles missing LAN ports configuration settings on FortiManager GUI. |
|
503722 |
FortiSwitch Manager and AP Manager reports switches and APs connected to FortiGates as online when the devices are no longer powered on. |
| 503915 | Users may not be able to change device password via JSON APIs. |
| 504302 | The IPv4 Split include option for IPSec should be available under the Range assignment mode. |
|
504962 |
When creating new vdom-link from the global interface menu, all the VDOMs should be visible in the management VDOM. |
| 506163 | Device Manager GUI no longer displays interface zone members following upgrade. |
| 506697 | Under HA's port monitor, we should be able to see all port-monitored interfaces, such as aggregated, loop-back, or VLAN interface. |
| 507044 | FortiManager always overrides the device-level configured parameters to DPD default values making impossible to tune DPD settings when using VPN Manager. |
| 507107 | FortiManager should not unset the switch-controller-igmp-snooping and switch-controller-dhcp-snooping settings. |
|
508340 |
With the ADOM option Perform Policy Check Before Every Install enabled and no changes to install, an install will fail with the Validation Failed message. |
| 510665 | After an interface is created, the configuration status is not updated. |
| 511256 | Policy Package status should show as modified after making changes in web filter profile. |
| 511580 | After upgrade, install may fail on web filtering profile. |
| 511826 | FortiManager should remove the mandatory requirement of having a hub-to-hub interface when two hubs are defined in a VPN community using VPN Manager. |
| 512046 | When workspace is enabled, IPv6 session based counters are synchronized with FortiGate. |
| 513675 | Policy push should not be allowed if another user has the device locked. |
| 513763 | User should be allowed to change country code in existing or cloned AP profile settings. |
| 513799 | FortiManager should only display detected rogue APs that are online. |
| 515541 | FortiManager is not updating the password of FortiGates under managed FortiAnalyzer. |
| 516158 | FortiManager should not add domain-filter syntax during ADOM upgrade. |
| 516621 | When a new profile with password/secret field, such as TACACS, Radius, etc., is created, FortiManager populates secret values with a dummy value that is longer than the allowed maximum length. |
| 517060 | User should able to change the action for multiple signatures at once. |
| 517061 | ADOM upgrade may fail when the IPs in FortiSwitch VLAN DHCP server are configured with zero. |
| 517232 | Invalid Source/Destination "Negate Cell" option for certain policy types and missing "Negate Cell" for IPv4 policy source address. |
| 517618 | Users should be able to use "Header" type Explicit Policy address as Source Address in Explicit Proxy policies. |
| 517768 | FortiManager should allow users to create routes with interface that is dedicated to management. |
| 517874 | FortiManager should be able to use 'US only' FortiGaurd servers with any license configuration. |
| 518148 | The System replacement messages for Manage Images should not be grayed out. |
| 518680 | IP Pool not imported due to an error while creating mapping failed due to "arp-intf" which is a member of a zone setting in IP pool. |
| 518708 | When viewing the devices in Device Manager, the list automatically scrolls back to the top for every heartbeat interval. |
| 518756 | When vdom-netflow is disabled, FortiManager should not push any collector-ip and source-ip settings to FortiGate. |
| 518949 | When exporting a Policy Package using CSV, it does not include Footer policies. |
| 518984 | Cluster members should show consistent results in dashboard and device settings. |
| 519108 | Scheduled Remote CLI Scripts are struck at 1%. |
| 519229 | When using workspace mode, modification to device group is not recognized as a change. |
| 519252 | After FortiManager was upgraded, cloning a policy package changes the package inspection mode. |
| 519297 | When FortiManager manages FortiGate v5.6 or earlier devices, FortiManager should not support fsso-type group for switch-controller security-policy. |
| 519487 | FortiGate fails to receive FortiGuard updates from FortiManager when ssl-static-key-ciphers is disabled. |
| 519495 | Running a script always returns the error, the script is not eligible, even though the actual error may be different. |
| 520092 | FortiManager should not update any dynamic attributes for SCEP generated objects. |
| 520548 | It should be possible to close the pop up window and see current number of successful tasks for the policy assignment of a global package. |
| 520651 | When querying a policy package, FortiManager API's response may be missing the VDOM information. |
|
520691 |
FortiManager should Warn user in install wizard if there is an IP address being installed that is 0.0.0.0/0. |
| 520976 | Revision diff always shows changes with policy package settings. |
| 521117 | FortiManager should not check for empty service when internet-service is disabled, which may cause copy to fail. |
| 521379 | FortiManager may disable the reliable option for FortiAnalyzer log settings. |
|
521649 |
Policy counters may not be accurately synchronized with the FortiGate devices. |
| 521673 | FortiManager does not trigger policy package status to shown as modified when LDAP configuration is changed. |
| 521900 | SD-WAN rule protocol options 'ANY' is not saved on GUI. |
| 522025 | Under Policy & Objects, the frame column width is reset to default when user refreshes or re-enters the same object list. |
| 522206 | GTP global tunnel limit is not configurable on FortiManager. |
| 522310 | Unable to edit Global ADOM DB to
change global version from GUI (which will reset Global config). As a
workaround, use CLI exec reset adom-settings global or upgrade
global version. |
| 522440 | FortiManager should support the
IPS signature syntax,--icmp.type !=. |
| 522713 | ADOM upgrade stuck at 5%. |
| 522779 | Secured backups fail due to issue with the SSH certificate. |
| 522828 | FortiManager unsets dhcp-snooping when installing from a 5.4 ADOM. |
| 523480 | IPS Filter does not include ALL if filtered based on OS. |
| 523639 | VPN Manager Monitor page stuck loading when an external gateway is defined. |
|
523705 |
In webfilter profile, FortiManager should only allow configuring quota for categories set to monitor, warning, or authenticate. |
| 523878 | FortiManager should not install
the CLIs, system csf {upstream-ip upstream-port group-name
group-password}, which are read-only attributes on FGT-6000F. |
| 524202 | Upgrading Global Database removes all ADOMs from policy package Assignment section. |
| 524607 | FortiManager should not allow illegal change with ssl-ssh-profile causing installation to fail. |
| 524752 | IPS custom signature using protocol type ICMP is valid in FortiOS syntax and therefore should be able to import into FortiManager. |
| 525926 | The Local Users column is always empty even if a token is assigned. |
| 526002 | When having multiple hosts within an SNMP community, it's not possible to edit a host and change the status of HA-direct. |
| 526287 | Policy install may be stuck at 67%. |
| 526642 | Some SMTP/splice options under firewall profile-protocol options cannot be disabled. |
| 526934 | Web UI should not enable HTTP access under Interface Settings when a user views interface settings. |
| 526938 | Searching an IP address in interface list should show the interface and the zone in which the interface is a member of. |
| 527140 | FortiManager is unable to add multiple DHCP Relay Servers from the Device Manager System Interface Menu. |
| 527407 | Users may not be able to change the FortiGate HA management interface IP. |
| 528633 | IS-IS interfaces cannot be deleted from GUI. |
| 528916 | Users may not be able to upgrade ADOM after ADOM name has been changed. |
| 528931 | FOS-VM may be getting invalid license from FMGR-VM-Meter. |
| 528938 | FortiManager does not allow users to manually set SD-WAN member sequence ID. |
| 528977 | FortiGuard 7000 Service Status shows slave chassis with serial number instead of host name. |
| 529036 | VPN Manager should not show the options for main and aggressive mode when IKEv2 is selected. |
|
529475 |
Webfilter and Application profiles are not available in the FortiClient profile GUI. |
| 529480 | Policy look-up can only list policy package installation target device but not device group member. |
| 530207 | Installing configuration after fail-over in cluster causes installation fail because of difference in management-ip. |
| 530249 | Policies that are Last Modified matched by actual traffic always shows recently modified by 'admin' even if the default admin user is not present in the FortiManager configuration. |
| 530376 | Users are unable to select Schedule Object for SSID in AP Manager. |
| 530735 | FortiManager may not be able to configure a full-mesh VPN among FortiGates with multi-VDOMs. |
| 530749 | FortiManager is unable to import policy configuration from devices with a long VDOM name. |
| 530792 | When configuring Per-Device Mappings for Real Servers, mode is missing and users cannot create multiple real servers. |
| 530837 | Users should not be allowed to delete default meta fields. |
| 531508 | When trying to add a new gateway from VPN Manager, FortiManager returns an error peer invalid value. |
| 531573 | FortiManager is not able to set Type of Service field for SD-WAN service. |
|
531610 |
FortiManager is showing Create New option under script even though ADOM is not locked. |
| 531645 | FortiManager should be able to configure dynamic mappings for SD-WAN via a script. |
| 531813 | With Safari, there are two issues when user editing device group: there are two scroll bars in the Edit Device Group window and Edit Device Group window size that cannot be changed. |
| 531963 | SSL/SSH Profile should not allow the user to enable "Allow Invalid SSL Certificates" when Inspection mode is "SSL Certificate Inspection". |
| 532075 | When editing comment/description, FortiManager may display the slash character, /, as #x2F. |
| 532275 | Within the System Admin Profile, users may not be able to change access control due to JavaScript errors. |
| 532488 | Bytes/Hit/packet count should not be a parameter to consider in the diff as these are not part of the configuration. |
|
532721 |
Once a Local ID value is configured for a VPN Node within VPN Manager, it can no longer be removed. |
|
532943 |
FortiGate's system time is now shown on FortiManager when timezone index is set at 79, 80, or 83. |
| 533141 | Retrieving configuration under Workspace mode does not allow further changes under AP manager. |
| 533857 | FortiManager is unable to automatically register devices via Pre-Shared Key method if a revision is imported prior to registering the devices. |
| 534559 | Editing WiFi interface which is a zone member should not enable block intra-zone traffic. |
|
534784 |
FSSO Agent with option "Select FSSO groups via FortiGate" does not work if the policy has no pending changes. |
|
534784 |
Adding section for traffic shaping policies causes runtime error. |
| 534927 | When there is a dynamic interface and a multicast interface that has the same name within a policy package, the install wizard was not be able to create dynamic mappings. |
|
535170 |
FortiManager does not accept FQDN address configuration containing the _ character. |
|
535525 |
Dynamic/Dial-up Type IPSec Tunnel Interface cannot be added as an SD-WAN member. |
|
535621 |
Retrieving or importing configuration revision fails if configuration contains a large number of CRLs. |
|
535743 |
Downstream FortiManager does not update signature until changing the schedule setting in the second tier FortiManager's FDN. |
|
536043 |
When ADOM is locked, FortiManager may display incorrect values or configurations from some objects or policies. |
|
536805 |
Install fails for DoS policy quarantine-expiry. |
|
537135 |
There is no GUI validation when an invalid subnet mask is used as destination for a Static Route. |
| 537236 | LDAP query failure over slow satellite connection. |
|
537752 |
FortiManager tries to add full scan options while using quick scan in default AV profile. |
|
537775 |
Proxy policy should not allow empty source address. |
|
538029 |
Occasionally, duplicate sequence number may appear in some policy packages. |
|
539184 |
FortiManager should not install forward-error-correction on VLANs. |
|
539998 |
Install fails when deny rule contains DNS filter profile. |
|
540065 |
FortiManager should be able to display CA certificate under 6.0 ADOM. |
|
540095 |
Scheduled TCL Script intermittently fails to run on the scheduled time after upgrade. |
|
540936 |
Remote wildcard users break user profile access to workflow sessions. |
|
542823 |
Script fails to set accprofile on device database. |
|
543567 |
FortiManager does not install new certificate obtained from FortiAuthenticator. |
|
545457 |
AP Manager may not be able to show map. |
|
545480 |
When attempting to remove a VDOM from a FortiGate by running a script, the script fails unexpectedly and the VDOM is not deleted. |
|
547740 |
When FortiManger is running in workspace mode, FortiManager may unexpectedly delete firewall policy. |