Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiManager 6.2.3 Release Notes
    6.2.3
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3

    Resolved Issues

    Resolved Issues

    The following issues have been fixed in 6.2.3. For inquires about a particular bug, please contact Customer Service & Support.

    AP Manager

    Bug ID Description

    521404

    Refresh or close button does not work in the AP Health Monitor widget.

    561911

    FortiManager may take over two minutes to display map in AP Manager.

    578123

    Multiple dhcp-relay-ip cannot be defined.
    570937 AP Manager is missing the option to configure individual LAN Ports.
    593366 AP Manager may not be able to search for a SSID.

    Device Manager

    Bug ID

    Description

    500037

    FortiManager FortiToken provision may not work.

    523463

    Firmware version not displayed in backup ADOM.

    533941

    CLI-Only configuration with Optional options cannot be deselected on GUI.

    540502

    Installation may fail due to interface's address mode changes to PPPoE.

    541911

    When workspace is enabled, FortiManager cannot run CLI template after it is assigned to a device.

    544562

    The "Force this Admin to Change Password Next Time He/She Logs on" option on administrator is not installed to FortiGate.

    580485

    After defined per-device mapping to model device, all policy packages status are changed to Modified.

    584046

    Device Manager's License information for FortiAnalyzer is not correct.

    584463

    CLI Template's comment field cannot be saved.

    595589

    When running a script on a device with large configuration, dmworker may crash with high CPU spike.

    598230

    Removing per-device mapping causes all referenced Policy Packages status to become modified.
    547528 FortiManager may be slow viewing large device revisions on Firefox.
    568626 FortiManager can only modify the order of DNS forwarder only if the IP addresses are in quotes ("") and when the IP addresses are not separated by comma.
    571581 FortiManager may not show Zone changes in Policy Package Diff.
    574988 CLI only Object cannot create router BGP AS-path list and community list, and prompt the error entry does not exist.
    580533 Saving configuration with incorrect IP/mask format does not display an error for inner configurations.
    581812 Sorting Extenders by Device Name does not work.
    585480 FortiManager should be able to display Performance SLA statistics.
    586550 Device manager does not detect newly joined Telemetry group on FortiGate.
    587513 FortiManager should not unset the IPv6 configuration on FortiGate when registering with the "Add Model Device" method.
    587693 Users should able to delete interfaces from aggregate interface.
    589826 Device Manager cannot create EMAC VLAN interfaces over VLAN interface created in root VDOM.
    590064 Device view > VDOM GUI should show which VDOM is the management VDOM.
    590321 Sorting filtered static routes list does not work.
    590385 FortiManager should not have a limit of 1024 characters for VPN local certificates.
    590602 Zero in seconds is lost in Web Filter Override expire time.
    591894 User should be able to specify PAC or HTTPS port on GUI after upgrade.
    592279 AP Manager does not accept certain wtp-profile settings when switching country.
    593244 User may not be able to change the option, "Send logs to FortiAnalyzer/Manager" under Provisioning Template.
    594211 FortiManager should be able to create new VLAN interface on fabric interface and install to FortiGate.
    594853 FortiManager may create duplicate VDOMs when retrieving configuration for multiple devices.

    FortiClient Manager

    Bug ID

    Description
    548572 FortiManager shows unclear message in FortiClient Profile with "Response with errors" instead of "Device groups cannot be empty".

    FortiSwitch Manager

    Bug ID

    Description
    586557 User group for FortiSwitch Security Policy should not be removed once work flow session is created and submitted.
    573043 Saving FSW VLANs configuration may trigger an error and lead to data loss in Per Device Mapping.

    Global ADOM

    Bug ID

    Description

    578089

    Address objects cannot be deleted from the FortiManager's Global ADOM if they are not being used anywhere.

    582171

    FortiManager may not be able to assign all objects from 5.6 global ADOM to a 6.0 ADOM.
    580600 FortiManager may not respond when assigning Global Objects.
    587511 SSO_Guest_User should work the same as predefined SSO_Guest_User.

    Others

    Bug ID

    Description

    550140

    The system-support-fgt configuration is lost if a version lower than 5.4 is selected prior to upgrade.

    579648

    FortiManager may generate "fgfmsd" crashes when FortiGate sends registration request to FortiManager.

    592315

    Installation of Policy Package against a device group may generate copy fail error for one FortiGate device.

    594556

    Admin user may not able to authorize FortiGate.
    551937 FortiManager should only allow the browser to save and paste credentials at the log on prompt only.
    552085 FortiManager live migration fails with Microsoft Hyper-V and it is not accessible via GUI and SSH.
    565515 User may not be able to create a new SNMP host under System Templates. Workaround: Please add a new SNMP host for System Templates under CLI Configurations within Device Manager.
    571235 Enabling policy hit count may lock ADOM and provoke GUI slowness.
    580832 FortiManager may show disk unused under LVM.
    586991 "Logver" field is missing when FortiAnalzyer is enabled affecting report related features.
    589805 Installing policy package via JSON API with missing interface in zone definition deletes zone and corresponding firewall policies on FortiGate.
    590649 On FortiClient or FortiDDoS ADOM, the SOC page may refresh constantly.
    593245 FortiManager may show incorrect warning when changing admin profile via CLI.

    Policy and Objects

    Bug ID

    Description

    582042

    FortiManager should support wildcard SDN connectors in filter configurations.

    566446

    With a 5.6 ADOM and install to 6.0 FortiGate needs to keep the configured multicast policies and zone on FortiGate.

    578086

    "Where Used" may not show the correct ADOM name on all objects.

    595646

    After selecting a proxy policy and using the "Insert Above/Below" button, the new policy should be created with the same proxy type of the selected policy.

    488897

    SSL VPN policy can be created with a FSSO user group assigned to the policy.

    538293

    Installing policy package may take a long time when there are multiple VDOMs on FortiGate.

    573250

    Find Duplicate Objects may show inaccurate results due to obj-id.

    581607

    FortiManager 6.2.2 may not be able to install class-id to a FortiOS 6.2.1 device.

    584662

    [Performance] Optus: VPN-IPsec1 in DVM takes over 20 seconds to load up the competed form.

    593819

    FortiManager may generate several fmgd crash logs.

    593853

    Certificate generation fails if the CA certificate does not match ADOM name.

    597284

    When creating a new switch through a script, all configuration is visible in Device Manager but no port configuration is installed.

    598230

    Removing per-device mapping causes all referenced Policy Packages status to become modified.

    598493

    FortiManager should get all data-center information from exsi vm info.
    491813 FortiManager should group IPS Sensor entries with same filters as one rule.
    528881 Users are not able to remove all FSSO objects from selected list that has a large number of entries.
    544404 A remote user approves a session, session list shows zero session.
    548573 FortiManager changes UUIDs of existing objects after policy install.
    563629 Clicking on "+" function should allow users to add Wildcard FQDN objects.
    569576 1121: Web rating override category change is not reflected in GUI.
    580484 Signature, "Apache.Optionsbleed.Scanner", cannot be selected as IPS Signature but only as "Rate based Signature".
    581481 FortiManager should allow adding a custom Application Control signature with the same attack ID as an existing one.
    581495 Interface Validation should prompt only once per unmapped interface.
    583387 Creating an already existing interface loses interface or zone mapping in ADOM.
    585021 Adding or modifying rate based signature on IPS profile resets all rate based signature to default settings.
    587624 Application Control profile page is blank for User with read-write permissions on Policy & Objects.
    588548 Under workspace, addresses may be removed from a firewall policy when merging duplicated addresses.
    588869 Re-installing policy package on FortiGate with multiple VDOMs may wipe out configuration on a VDOM that belongs to a different policy package.
    589645 GUI disables FSSO status after removing one of the FSSO user groups with a policy.
    589771 Policy Package installation fails when a Firewall Policy contains a VIP Group mapped to a zone interface.
    589775 Entry without content should not be created when creating an Application Control Profile.
    589795 User should be allowed to create a new tag in a firewall policy or select an existing tag.
    589808 After editing a policy in policy package, the screen view should remain on the edited policy.
    590322 When an Internet Service Database object is used in the destination field on proxy rule, the field is displayed as an empty field.
    590896 FortiManager has no source interface column in the general view of Proxy Policy.
    594811 Using copy and paste on multiple proxy policies may insert rules in reversed order.
    594866 Internet Services may not match between FortiManager and FortiGate.

    Revision History

    Bug ID

    Description

    513317

    FortiManager may fail to install policy after FortiGate failover on Azure.

    556967

    Re-Install policy hangs when Security Fabric line is selected.

    560638

    When checking the Revision Diff between two revisions multiple times, the result may not consistent.

    590889

    Using the search bar to assign devices under provisioning templates clears the previous selected device list.
    539994 Installing to FortiGate fails when wildcard-fqdn address is used in SSL profile.
    549001 Installation may fail after changed inspection mode from Proxy to Flow.
    560689 Auto-Update revision is missing "set stp-bpdu-guard enabled".
    578231 FortiManager tries to push "casi-profile" on a Deny Policy.
    582882 Switch interface should not have duplicate members during device install.
    583833 Auto Link Install skips installation for VLAN interface.
    586979 FortiManager may report duplicate tags and fail to install policy package.
    586992 FortiManager does not install broadcast-forward enabled on "Virtual Switch" to managed FortiGate.
    587005 FortiManager should support the radius-server-vdom setting and be able to install it.
    588937 Installation may get stuck when there is no FortiSwitch's IPv6 VLAN template.
    589858 The BGP "scan-time" value of 0 can be set on FortiGate, but FortiManager resets it to default by "unset scan-time" on the next policy push.

    Script

    Bug ID Description

    572524

    Users may not be able to create admin user via a Script due to long password.

    588684

    Central SNAT option is missing under Policy Package menu when mode is NGFW policy-based.
    587015 When user tries to set signature with non escaped quotes from script, the signature becomes separate strings, and the installed string may not be what it is expected.
    594238 FortiManager should be able to create overlapping secondary IPs via a script if interfaces are assigned to different VDOMs.

    Services

    Bug ID

    Description
    520875 FortiManager should keep the same FortiGate On-Demand contract as FortiGuard.
    588276 User should be able to filter devices in Firmware Manager based on connectivity status.
    589269 When upgrading FortiGate, FortiManager may upgrade the device to version 6.0.3 prior to upgrading to version 6.2.2.

    System Settings

    Bug ID

    Description

    535607

    Upgrading ADOM may take a long time due to hit count statistics.

    570266

    When saving the values of the administrative access, the values do not save when deselecting HTTPS first before any other value.

    594549

    Editing Per-Device mapping for zone containing slash in the name generates "Method failure" error message.

    597668

    FortiManager should be able to install the scheduled policy package even though it is scheduled by wildcard user.
    576098 Event log may not show the correct username when changing a non-policy related object.
    597765 ADOM upgrade may get stuck when "svc cdb reader" crashes.
    584392 Admin user with read-only profile should not be allowed to "Revoke Release" in DHCP query and "Bring Tunnel Down/Up" in Query IPsec.
    584749 System Settings may not show the ADOM-VDOM association.
    587242 [b349] HA Cluster fails after upgrading to 6.0.6 with peer IP using IPv6.
    587295 Admin users with prof_admin_regional profile should be allowed to see all application signatures.
    588884 Event log for merging duplicated objects is missing object name.
    595660 FortiManager should generate event logs for imported images.
    596562 Administrators allowed to access to only specific ADOMs cannot see "Managed Devices" in those ADOMs.

    VPN Manager

    Bug ID

    Description

    586613

    VPN Manager randomly installs incorrect phase1 proposal settings.

    575265

    VPN Manager's Monitor for phase1 status and multiple phase2 may not display correctly.

    562729

    VPN Manager SSL VPN monitor's Active Connections column may be blank.
    574727 VPN Manager may not display SSL-VPN settings for some devices.
    589101 VPN Manager prompts the copy error "no hub configured for vpn" if the hub is external gateway with no device assigned.
    589240 FortiManager should be able to select a VDOM while adding a managed gateway into a community.
    589669 FortiManager shows installation error when there are two Hubs in VPN community where Hub-to-Hub Interface is set to 'None'.
    590765 The tunnel-search and net-device attributes are not being installed if device role is set as spoke.

    Common Vulnerabilities and Exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID CVE references
    568791

    FortiManager 6.2.3 is no longer vulnerable to the following CVE-Reference(s):

    • CVE-2019-17657

    569307

    FortiManager 6.2.3 is no longer vulnerable to the following CVE-Reference(s):

    • CVE-2019-17654
    Previous
    Next

    Resolved Issues

    Resolved Issues

    The following issues have been fixed in 6.2.3. For inquires about a particular bug, please contact Customer Service & Support.

    AP Manager

    Bug ID Description

    521404

    Refresh or close button does not work in the AP Health Monitor widget.

    561911

    FortiManager may take over two minutes to display map in AP Manager.

    578123

    Multiple dhcp-relay-ip cannot be defined.
    570937 AP Manager is missing the option to configure individual LAN Ports.
    593366 AP Manager may not be able to search for a SSID.

    Device Manager

    Bug ID

    Description

    500037

    FortiManager FortiToken provision may not work.

    523463

    Firmware version not displayed in backup ADOM.

    533941

    CLI-Only configuration with Optional options cannot be deselected on GUI.

    540502

    Installation may fail due to interface's address mode changes to PPPoE.

    541911

    When workspace is enabled, FortiManager cannot run CLI template after it is assigned to a device.

    544562

    The "Force this Admin to Change Password Next Time He/She Logs on" option on administrator is not installed to FortiGate.

    580485

    After defined per-device mapping to model device, all policy packages status are changed to Modified.

    584046

    Device Manager's License information for FortiAnalyzer is not correct.

    584463

    CLI Template's comment field cannot be saved.

    595589

    When running a script on a device with large configuration, dmworker may crash with high CPU spike.

    598230

    Removing per-device mapping causes all referenced Policy Packages status to become modified.
    547528 FortiManager may be slow viewing large device revisions on Firefox.
    568626 FortiManager can only modify the order of DNS forwarder only if the IP addresses are in quotes ("") and when the IP addresses are not separated by comma.
    571581 FortiManager may not show Zone changes in Policy Package Diff.
    574988 CLI only Object cannot create router BGP AS-path list and community list, and prompt the error entry does not exist.
    580533 Saving configuration with incorrect IP/mask format does not display an error for inner configurations.
    581812 Sorting Extenders by Device Name does not work.
    585480 FortiManager should be able to display Performance SLA statistics.
    586550 Device manager does not detect newly joined Telemetry group on FortiGate.
    587513 FortiManager should not unset the IPv6 configuration on FortiGate when registering with the "Add Model Device" method.
    587693 Users should able to delete interfaces from aggregate interface.
    589826 Device Manager cannot create EMAC VLAN interfaces over VLAN interface created in root VDOM.
    590064 Device view > VDOM GUI should show which VDOM is the management VDOM.
    590321 Sorting filtered static routes list does not work.
    590385 FortiManager should not have a limit of 1024 characters for VPN local certificates.
    590602 Zero in seconds is lost in Web Filter Override expire time.
    591894 User should be able to specify PAC or HTTPS port on GUI after upgrade.
    592279 AP Manager does not accept certain wtp-profile settings when switching country.
    593244 User may not be able to change the option, "Send logs to FortiAnalyzer/Manager" under Provisioning Template.
    594211 FortiManager should be able to create new VLAN interface on fabric interface and install to FortiGate.
    594853 FortiManager may create duplicate VDOMs when retrieving configuration for multiple devices.

    FortiClient Manager

    Bug ID

    Description
    548572 FortiManager shows unclear message in FortiClient Profile with "Response with errors" instead of "Device groups cannot be empty".

    FortiSwitch Manager

    Bug ID

    Description
    586557 User group for FortiSwitch Security Policy should not be removed once work flow session is created and submitted.
    573043 Saving FSW VLANs configuration may trigger an error and lead to data loss in Per Device Mapping.

    Global ADOM

    Bug ID

    Description

    578089

    Address objects cannot be deleted from the FortiManager's Global ADOM if they are not being used anywhere.

    582171

    FortiManager may not be able to assign all objects from 5.6 global ADOM to a 6.0 ADOM.
    580600 FortiManager may not respond when assigning Global Objects.
    587511 SSO_Guest_User should work the same as predefined SSO_Guest_User.

    Others

    Bug ID

    Description

    550140

    The system-support-fgt configuration is lost if a version lower than 5.4 is selected prior to upgrade.

    579648

    FortiManager may generate "fgfmsd" crashes when FortiGate sends registration request to FortiManager.

    592315

    Installation of Policy Package against a device group may generate copy fail error for one FortiGate device.

    594556

    Admin user may not able to authorize FortiGate.
    551937 FortiManager should only allow the browser to save and paste credentials at the log on prompt only.
    552085 FortiManager live migration fails with Microsoft Hyper-V and it is not accessible via GUI and SSH.
    565515 User may not be able to create a new SNMP host under System Templates. Workaround: Please add a new SNMP host for System Templates under CLI Configurations within Device Manager.
    571235 Enabling policy hit count may lock ADOM and provoke GUI slowness.
    580832 FortiManager may show disk unused under LVM.
    586991 "Logver" field is missing when FortiAnalzyer is enabled affecting report related features.
    589805 Installing policy package via JSON API with missing interface in zone definition deletes zone and corresponding firewall policies on FortiGate.
    590649 On FortiClient or FortiDDoS ADOM, the SOC page may refresh constantly.
    593245 FortiManager may show incorrect warning when changing admin profile via CLI.

    Policy and Objects

    Bug ID

    Description

    582042

    FortiManager should support wildcard SDN connectors in filter configurations.

    566446

    With a 5.6 ADOM and install to 6.0 FortiGate needs to keep the configured multicast policies and zone on FortiGate.

    578086

    "Where Used" may not show the correct ADOM name on all objects.

    595646

    After selecting a proxy policy and using the "Insert Above/Below" button, the new policy should be created with the same proxy type of the selected policy.

    488897

    SSL VPN policy can be created with a FSSO user group assigned to the policy.

    538293

    Installing policy package may take a long time when there are multiple VDOMs on FortiGate.

    573250

    Find Duplicate Objects may show inaccurate results due to obj-id.

    581607

    FortiManager 6.2.2 may not be able to install class-id to a FortiOS 6.2.1 device.

    584662

    [Performance] Optus: VPN-IPsec1 in DVM takes over 20 seconds to load up the competed form.

    593819

    FortiManager may generate several fmgd crash logs.

    593853

    Certificate generation fails if the CA certificate does not match ADOM name.

    597284

    When creating a new switch through a script, all configuration is visible in Device Manager but no port configuration is installed.

    598230

    Removing per-device mapping causes all referenced Policy Packages status to become modified.

    598493

    FortiManager should get all data-center information from exsi vm info.
    491813 FortiManager should group IPS Sensor entries with same filters as one rule.
    528881 Users are not able to remove all FSSO objects from selected list that has a large number of entries.
    544404 A remote user approves a session, session list shows zero session.
    548573 FortiManager changes UUIDs of existing objects after policy install.
    563629 Clicking on "+" function should allow users to add Wildcard FQDN objects.
    569576 1121: Web rating override category change is not reflected in GUI.
    580484 Signature, "Apache.Optionsbleed.Scanner", cannot be selected as IPS Signature but only as "Rate based Signature".
    581481 FortiManager should allow adding a custom Application Control signature with the same attack ID as an existing one.
    581495 Interface Validation should prompt only once per unmapped interface.
    583387 Creating an already existing interface loses interface or zone mapping in ADOM.
    585021 Adding or modifying rate based signature on IPS profile resets all rate based signature to default settings.
    587624 Application Control profile page is blank for User with read-write permissions on Policy & Objects.
    588548 Under workspace, addresses may be removed from a firewall policy when merging duplicated addresses.
    588869 Re-installing policy package on FortiGate with multiple VDOMs may wipe out configuration on a VDOM that belongs to a different policy package.
    589645 GUI disables FSSO status after removing one of the FSSO user groups with a policy.
    589771 Policy Package installation fails when a Firewall Policy contains a VIP Group mapped to a zone interface.
    589775 Entry without content should not be created when creating an Application Control Profile.
    589795 User should be allowed to create a new tag in a firewall policy or select an existing tag.
    589808 After editing a policy in policy package, the screen view should remain on the edited policy.
    590322 When an Internet Service Database object is used in the destination field on proxy rule, the field is displayed as an empty field.
    590896 FortiManager has no source interface column in the general view of Proxy Policy.
    594811 Using copy and paste on multiple proxy policies may insert rules in reversed order.
    594866 Internet Services may not match between FortiManager and FortiGate.

    Revision History

    Bug ID

    Description

    513317

    FortiManager may fail to install policy after FortiGate failover on Azure.

    556967

    Re-Install policy hangs when Security Fabric line is selected.

    560638

    When checking the Revision Diff between two revisions multiple times, the result may not consistent.

    590889

    Using the search bar to assign devices under provisioning templates clears the previous selected device list.
    539994 Installing to FortiGate fails when wildcard-fqdn address is used in SSL profile.
    549001 Installation may fail after changed inspection mode from Proxy to Flow.
    560689 Auto-Update revision is missing "set stp-bpdu-guard enabled".
    578231 FortiManager tries to push "casi-profile" on a Deny Policy.
    582882 Switch interface should not have duplicate members during device install.
    583833 Auto Link Install skips installation for VLAN interface.
    586979 FortiManager may report duplicate tags and fail to install policy package.
    586992 FortiManager does not install broadcast-forward enabled on "Virtual Switch" to managed FortiGate.
    587005 FortiManager should support the radius-server-vdom setting and be able to install it.
    588937 Installation may get stuck when there is no FortiSwitch's IPv6 VLAN template.
    589858 The BGP "scan-time" value of 0 can be set on FortiGate, but FortiManager resets it to default by "unset scan-time" on the next policy push.

    Script

    Bug ID Description

    572524

    Users may not be able to create admin user via a Script due to long password.

    588684

    Central SNAT option is missing under Policy Package menu when mode is NGFW policy-based.
    587015 When user tries to set signature with non escaped quotes from script, the signature becomes separate strings, and the installed string may not be what it is expected.
    594238 FortiManager should be able to create overlapping secondary IPs via a script if interfaces are assigned to different VDOMs.

    Services

    Bug ID

    Description
    520875 FortiManager should keep the same FortiGate On-Demand contract as FortiGuard.
    588276 User should be able to filter devices in Firmware Manager based on connectivity status.
    589269 When upgrading FortiGate, FortiManager may upgrade the device to version 6.0.3 prior to upgrading to version 6.2.2.

    System Settings

    Bug ID

    Description

    535607

    Upgrading ADOM may take a long time due to hit count statistics.

    570266

    When saving the values of the administrative access, the values do not save when deselecting HTTPS first before any other value.

    594549

    Editing Per-Device mapping for zone containing slash in the name generates "Method failure" error message.

    597668

    FortiManager should be able to install the scheduled policy package even though it is scheduled by wildcard user.
    576098 Event log may not show the correct username when changing a non-policy related object.
    597765 ADOM upgrade may get stuck when "svc cdb reader" crashes.
    584392 Admin user with read-only profile should not be allowed to "Revoke Release" in DHCP query and "Bring Tunnel Down/Up" in Query IPsec.
    584749 System Settings may not show the ADOM-VDOM association.
    587242 [b349] HA Cluster fails after upgrading to 6.0.6 with peer IP using IPv6.
    587295 Admin users with prof_admin_regional profile should be allowed to see all application signatures.
    588884 Event log for merging duplicated objects is missing object name.
    595660 FortiManager should generate event logs for imported images.
    596562 Administrators allowed to access to only specific ADOMs cannot see "Managed Devices" in those ADOMs.

    VPN Manager

    Bug ID

    Description

    586613

    VPN Manager randomly installs incorrect phase1 proposal settings.

    575265

    VPN Manager's Monitor for phase1 status and multiple phase2 may not display correctly.

    562729

    VPN Manager SSL VPN monitor's Active Connections column may be blank.
    574727 VPN Manager may not display SSL-VPN settings for some devices.
    589101 VPN Manager prompts the copy error "no hub configured for vpn" if the hub is external gateway with no device assigned.
    589240 FortiManager should be able to select a VDOM while adding a managed gateway into a community.
    589669 FortiManager shows installation error when there are two Hubs in VPN community where Hub-to-Hub Interface is set to 'None'.
    590765 The tunnel-search and net-device attributes are not being installed if device role is set as spoke.

    Common Vulnerabilities and Exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID CVE references
    568791

    FortiManager 6.2.3 is no longer vulnerable to the following CVE-Reference(s):

    • CVE-2019-17657

    569307

    FortiManager 6.2.3 is no longer vulnerable to the following CVE-Reference(s):

    • CVE-2019-17654
    Previous
    Next