Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 6.2.1. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

460615 FortiManager should adjust Radius configuration on SSID when renaming a Radius server.
482441 VPN Phase 2 Address Selector is not updated when Named Address is updated in Policy and Objects.
500037 FortiToken provision does not work.
500922 When renaming a local certificate in Device Manager, the related dynamic mapping is not updated.
508020 Web & IPS conflict information is not visible while importing Policy Package.
513317 FortiManager may fail to install policy after FortiGate failover on Azure.
523208 FortiManager may try to unset category for user device when installing policy package.
523228 Search in zone does not work after upgrade.
524684 API request returns all the devices even when the user does not have access to other ADOMs.
529771 Upgrading ADOM may be very timing consuming.
531162 FortiManager may try to push unexpected changes after ADOM upgrade.
533603 Policy hit count needs to support proxy policy.
533835 After upgrade, the URL, pm/pkg/adom/<adom_name>/<name>/scope member, returns the error: The data is invalid for selected url.
534220 Users cannot add entries for per device mapping with existing VIP group when a VIP binds to a port that is part of SD-WAN.
534468 Vulnerability scan should not disrupt HA or trigger re-synchronization.
534847 CLI Script fails to change config system auto-update schedule settings with invalid value error.
535521 Encrypt Log Transmission for FortiAnalyzer is not properly configured within Device Manager.
536113 AP Manager is still trying to 'unset wtp-mode remote' when the option is configured on FortiGate.
538915 Firmware version is not displayed on NOC - SOC page.
538934 When configuration file is large, installing to device may delete configuration on FortiGate.
540657 There is an ordering issue on admin users where multiple wildcard users are configured on the same server.
540684 Verification fails after moving VDOM across vclusters from FortiGate GUI followed by an auto-update.
541157 GUI should support proxy address.
541880 The dmserver daemon may crash when installing to multiple devices and CPU usage reaches 100%.
542024 'Where Used' may not point to the entity using the object.
543133 Global user groups are not listed when creating an SSID in Per-Device AP management mode.
543734 Key Type specified as elliptic curve is not functional when generating a CSR.
544121 Installation log is missing due to dpm-logsize limited to 10 MB.
544142 Installation fails due to DNS server "SameasInterfaceIP" option inside device interface configuration.
544580 Two SSL-SSH profiles added by FortiManager may cause installation issues.
544880 FortiManager should not allow adding loopback interface to a zone.
544886 When importing device list of multiple model devices with PSKs, FortiManager prompts the error,"Serial number already in use".
545143 Adding wildcard FQDN for SSL inspection exemption list from FortiManager fails.
546340 If a script is used to update SNMP passwords with "?" character, the installation fails during validation.
547361 AP Profile in AP Manager offers redundant options for specific AP models which can lead to failed installation.
548320 User should be able to create a FortiGate admin account with Restricted Administrator to Guest Account Provisioning Only option selected with VDOM(s) guest group(s).
548416 Changes on Existing Static Route is not displayed on Installation Preview.
549159 FortiManager may have a memory leak when running copy & install with a sub-admin.
549638 MAC address Access Control List entries under DHCP server get duplicated when editing an entry.
549647 It is possible to cause a DoS for remote user authentication by trying to login with a password of specific length.
550237 Read-only admin should not be allowed to add detected devices.
550239 System SNMP user is missing the value 'aes256cisco' for the field 'priv-proto'.
550240 FortiGuard service event logs should always be generated with an internal FortiManager user.
550502 Installing DDoS policies via a CLI script may fail.
551057 FortiManager does not give an option to choose RSA4096 and Elliptic Curve algorithms in certificates.
551072 Assignment of 'object-tag' from 5.6 Global ADOM to 6.0 ADOM should not fail.
551077 FortiManager may not be able to import policies from FortiGate SLBC.
551096 FortiMeter Program License is expired and it is displayed as FREZ even though FortiGate Traffic is still passing. 
551392 A failed retrieve operation may result in empty device configuration.
551701 FortiManager is unable to set OSPF Interface Network Type as P2MP.
552069 FortiManager may fail to install local certificate on FortiGate and private key is missing after saving the configuration.
552192 The fmgd daemon may crash after upgrading FortiManager.
552991 FortiManager prompts Runtime Error when trying to import an AP profile that has a SSID with space character.
553491 Enabling or disabling multiple interfaces should be allowed in Device Manager.
553704 FortiManager may be stuck at loading when using the "Find Duplicate Objects" function.
554092 FortiManager is unable to use interface member of a zone as Source Interface filter for VIP object.
554094 FortiManager may not be able to upgrade ADOM from 5.4 to 5.6 with the error, "Fail(errno=0):invalid value".
554154 FortiManager should be able to select multiple FortiExtenders for upgrade from the Extender Tab.
554608 FortiManager should be able to save longer description for SD-WAN template.
554857 Policy package does not go out-of-sync after VPN manager is enabled.
555635 Certificate is not visible on GUI after restoring the configuration which was exported from FortiManager.
555796 Installing policy on 6K series FortiGate may remove the interface setting "set forward-error-correction rs-fec".
556609 When user wants to move a policy package to a different folder, the pop-up window does not list folders in alphabetical order.
557355 FortiManager may not connect to Fortiguard when fds-ssl-protocol is set to either tlsv1.1 or tlsv1.2.
558781 GUI response is slow with a large numbers of address objects.
559104 Incorrect ADOM name may be displayed in where Used.
559112 FortiManager may not be able to edit a proxy policy that was inserted above or below.
559751 Duplicated ##seq appears in policy packages and they cannot be fixed with diagnose command.
559844 FortiManager may not be able to set client-idle-timeout to 0 in device database.
560410 FortiManager may not accept the Log FortiAnalyzer setting without FortiAnalyzer serial number.
560694 If hitcount is updated while ADOM is locked, policies matched by traffic are highlighted as modified.
561033 SD-WAN Bandwidth Overview widget may not display the correct data.
561279 The newcli process may crash when running the "diagnose cdb upgrade check +all" command.
562160 FortiManager should be able to create dynamic mapping for object-tagging category.
563169 When user changes webfilter settings, username in last modified column should always be updated.
565016 The exchange-interface-ip should be available in VPN Manager. 
565436 After FortiManager processed many auto-update requests, FortiManager may not be able to create a new revision.
565970 One specific unused adgrp is getting pushed to FortiGate that does not use FSSO anywhere.
566912 FortiManager should support firmware upgrade for FortiExtender 200 series.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Vulnerability

FortiManager 6.2.1 is no longer vulnerable to the issue described in the following link - https://fortiguard.com/psirt/FG-IR-19-144.

Bug ID Description
542636 FortiManager 6.2.1 is no longer vulnerable to the following CVE Reference:
  • CVE-2019-6695

Resolved Issues

The following issues have been fixed in 6.2.1. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

460615 FortiManager should adjust Radius configuration on SSID when renaming a Radius server.
482441 VPN Phase 2 Address Selector is not updated when Named Address is updated in Policy and Objects.
500037 FortiToken provision does not work.
500922 When renaming a local certificate in Device Manager, the related dynamic mapping is not updated.
508020 Web & IPS conflict information is not visible while importing Policy Package.
513317 FortiManager may fail to install policy after FortiGate failover on Azure.
523208 FortiManager may try to unset category for user device when installing policy package.
523228 Search in zone does not work after upgrade.
524684 API request returns all the devices even when the user does not have access to other ADOMs.
529771 Upgrading ADOM may be very timing consuming.
531162 FortiManager may try to push unexpected changes after ADOM upgrade.
533603 Policy hit count needs to support proxy policy.
533835 After upgrade, the URL, pm/pkg/adom/<adom_name>/<name>/scope member, returns the error: The data is invalid for selected url.
534220 Users cannot add entries for per device mapping with existing VIP group when a VIP binds to a port that is part of SD-WAN.
534468 Vulnerability scan should not disrupt HA or trigger re-synchronization.
534847 CLI Script fails to change config system auto-update schedule settings with invalid value error.
535521 Encrypt Log Transmission for FortiAnalyzer is not properly configured within Device Manager.
536113 AP Manager is still trying to 'unset wtp-mode remote' when the option is configured on FortiGate.
538915 Firmware version is not displayed on NOC - SOC page.
538934 When configuration file is large, installing to device may delete configuration on FortiGate.
540657 There is an ordering issue on admin users where multiple wildcard users are configured on the same server.
540684 Verification fails after moving VDOM across vclusters from FortiGate GUI followed by an auto-update.
541157 GUI should support proxy address.
541880 The dmserver daemon may crash when installing to multiple devices and CPU usage reaches 100%.
542024 'Where Used' may not point to the entity using the object.
543133 Global user groups are not listed when creating an SSID in Per-Device AP management mode.
543734 Key Type specified as elliptic curve is not functional when generating a CSR.
544121 Installation log is missing due to dpm-logsize limited to 10 MB.
544142 Installation fails due to DNS server "SameasInterfaceIP" option inside device interface configuration.
544580 Two SSL-SSH profiles added by FortiManager may cause installation issues.
544880 FortiManager should not allow adding loopback interface to a zone.
544886 When importing device list of multiple model devices with PSKs, FortiManager prompts the error,"Serial number already in use".
545143 Adding wildcard FQDN for SSL inspection exemption list from FortiManager fails.
546340 If a script is used to update SNMP passwords with "?" character, the installation fails during validation.
547361 AP Profile in AP Manager offers redundant options for specific AP models which can lead to failed installation.
548320 User should be able to create a FortiGate admin account with Restricted Administrator to Guest Account Provisioning Only option selected with VDOM(s) guest group(s).
548416 Changes on Existing Static Route is not displayed on Installation Preview.
549159 FortiManager may have a memory leak when running copy & install with a sub-admin.
549638 MAC address Access Control List entries under DHCP server get duplicated when editing an entry.
549647 It is possible to cause a DoS for remote user authentication by trying to login with a password of specific length.
550237 Read-only admin should not be allowed to add detected devices.
550239 System SNMP user is missing the value 'aes256cisco' for the field 'priv-proto'.
550240 FortiGuard service event logs should always be generated with an internal FortiManager user.
550502 Installing DDoS policies via a CLI script may fail.
551057 FortiManager does not give an option to choose RSA4096 and Elliptic Curve algorithms in certificates.
551072 Assignment of 'object-tag' from 5.6 Global ADOM to 6.0 ADOM should not fail.
551077 FortiManager may not be able to import policies from FortiGate SLBC.
551096 FortiMeter Program License is expired and it is displayed as FREZ even though FortiGate Traffic is still passing. 
551392 A failed retrieve operation may result in empty device configuration.
551701 FortiManager is unable to set OSPF Interface Network Type as P2MP.
552069 FortiManager may fail to install local certificate on FortiGate and private key is missing after saving the configuration.
552192 The fmgd daemon may crash after upgrading FortiManager.
552991 FortiManager prompts Runtime Error when trying to import an AP profile that has a SSID with space character.
553491 Enabling or disabling multiple interfaces should be allowed in Device Manager.
553704 FortiManager may be stuck at loading when using the "Find Duplicate Objects" function.
554092 FortiManager is unable to use interface member of a zone as Source Interface filter for VIP object.
554094 FortiManager may not be able to upgrade ADOM from 5.4 to 5.6 with the error, "Fail(errno=0):invalid value".
554154 FortiManager should be able to select multiple FortiExtenders for upgrade from the Extender Tab.
554608 FortiManager should be able to save longer description for SD-WAN template.
554857 Policy package does not go out-of-sync after VPN manager is enabled.
555635 Certificate is not visible on GUI after restoring the configuration which was exported from FortiManager.
555796 Installing policy on 6K series FortiGate may remove the interface setting "set forward-error-correction rs-fec".
556609 When user wants to move a policy package to a different folder, the pop-up window does not list folders in alphabetical order.
557355 FortiManager may not connect to Fortiguard when fds-ssl-protocol is set to either tlsv1.1 or tlsv1.2.
558781 GUI response is slow with a large numbers of address objects.
559104 Incorrect ADOM name may be displayed in where Used.
559112 FortiManager may not be able to edit a proxy policy that was inserted above or below.
559751 Duplicated ##seq appears in policy packages and they cannot be fixed with diagnose command.
559844 FortiManager may not be able to set client-idle-timeout to 0 in device database.
560410 FortiManager may not accept the Log FortiAnalyzer setting without FortiAnalyzer serial number.
560694 If hitcount is updated while ADOM is locked, policies matched by traffic are highlighted as modified.
561033 SD-WAN Bandwidth Overview widget may not display the correct data.
561279 The newcli process may crash when running the "diagnose cdb upgrade check +all" command.
562160 FortiManager should be able to create dynamic mapping for object-tagging category.
563169 When user changes webfilter settings, username in last modified column should always be updated.
565016 The exchange-interface-ip should be available in VPN Manager. 
565436 After FortiManager processed many auto-update requests, FortiManager may not be able to create a new revision.
565970 One specific unused adgrp is getting pushed to FortiGate that does not use FSSO anywhere.
566912 FortiManager should support firmware upgrade for FortiExtender 200 series.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Vulnerability

FortiManager 6.2.1 is no longer vulnerable to the issue described in the following link - https://fortiguard.com/psirt/FG-IR-19-144.

Bug ID Description
542636 FortiManager 6.2.1 is no longer vulnerable to the following CVE Reference:
  • CVE-2019-6695