Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Release Notes

Resolved Issues

The following issues have been fixed in 6.2.7. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
663983 FortiAP upgrade may not proceed past 20%.
665945 Brazil country (BR) code does not offer any radio choices.
669906 FortiManager may not be able to install mpsk-key from AP Manager.

676267

AP Manager may not be able to show Rogue AP list.

Device Manager

Bug ID Description
601692 FortiManager is unable to overwrite IPv6 default route.
609744 In Device Manager > System > Interface may not be able to delete SSID interface.
613029 SD-WAN Monitor is showing effect of exceeded SLA even if this is disabled.
616537 FortiGate and FortiManager GUI should use similar terminology for configuring weight and volume-ratio in SD-WAN.
627664 FortiManager cannot coop with socket-size 0 and changes it to 1 automatically.
627749 Admin user with device-config set as read in admin profile cannot download configuration revision.
635316 Return button is not working when viewing HA mode.
645086 Policy Lookup shows an error even though device is in sync.
646421 FortiManager may not be able to configure VDOM property resources setting.
649769 FortiManager cannot view full list of Extenders.
649785 SD-WAN > Monitor may hang for an ADOM with 1500 devices.
649821 Installation may fail for FortiGate-600D.
652481 Allow access is missing under interface on AWS FortiGate and may cause installation to fail.
653701 When FortiManager is configured in advanced ADOM mode, FortiManager still allows device assignment of CLI Templates/Groups in an ADOM where the management VDOM of that device does not reside in that particular ADOM.
657933 Importing policy should be successful even with the / character in the zone name.
659838 Interfaces any & virtual-wan-link should not be visible as OSPF passive interface option.
659862 FortiManager sends unset serial for FortiAnalzyer settings when System Template is being used.
661116 Device configuration may not be updated after running CLI script on remote FortiGate.
662073 FortiManager should create a new OSPF interface when clicking on OK button.
662095 FortiManager may take a long time to send SLA updates to over thousands of FortiGate devices.
664253 The auto-join-forticloud configuration may cause out-of-sync status.
664689 FortiManager should list VAPs in CLI only object.
665955 FortiManager is not reflecting proper admin timeout value in CLI only object.
666240 CLI Configurations is missing options for antivirus heuristic and ips global.
666833 GUI returns no warning when 4-byte AS or invalid community being configured on Standard community.
668664 Policy package diff is much slower after upgrade.
669129 FortiManager does not create dynamic mapping for address group causing import failure.
669618 CLI Configuration may not show the corresponding ports or interfaces.
669704 FortiManager does not allow user to configure FortiGate admin password longer than 32 characters.
670072 FortiManager can export license file but it does not include HA information.
670274 CLI Configuration is missing system global for VDOM enabled device.
672338 FortiManager may unset interface weight in SD-WAN when installing within 6.0 ADOM.

FortiClient Manager

Bug ID

Description

662432 List of managed switches in FortiSwitch Manager is often incomplete with per-device management.

FortiSwitch Manager

Bug ID

Description

650453 FortiSwitch template and VLAN should appear for firewall policy creation.

Global ADOM

Bug ID Description
666842 Cloning a global policy package may fail with runtime error -1: invalid value.

Others

Bug ID

Description

596067 In workflow mode, FortiManager cannot add device to policy package installation target via JSON API.
659916 FortiManager may consume high memory usage by the svc sys daemon.
661069 ADOM restricted access user is able to pull Device Manager information from ADOMs via JSON API.
665617 FortiManager may consume high CPU resource when locking ADOM or loading policy.

Policy and Objects

Bug ID Description
531112 Consolidated policy is missing implicit deny policy.
565301 Exporting policy package to Excel may not work.
587994 Some dynamic type FSSO sub-type addresses on FortiGate cannot be resolved when the configurations are from FortiManager.
608268 Users may not be able to edit firewall policy due to session-ttl:out of range in v5.6 or v6.0 ADOM.
617031 Right-clicking on IPv4/Proxy Policy or Installation Targets should not reload the page if the related information is already displayed.
622040 Security Policy is missing Implicit Deny policy.
635966 Azure SDN connector only fetches the first page of results.
639437 FortiManager intermittently not displaying custom objects inside of address group.
647189 FortiManager dynamic object filter generator is adding a "s" at the end of tag resulting in non working object.
651785 Address section under Policy & Objects > Security Profiles > SSL/SSH Inspection may load indefinitely.
657026 GUI gets stuck in loading when trying to apply changes made to Anti Virus profile.
657826 FortiManager should not allow unsupported options in Certificate Inspection SSL/SSH inspection profiles to be visible.
657896 FortiManager should provide more descriptive error message when copy fails.
658528 The URL remote category, FortiGuard Threat Feed, is not available in the dropdown menu for Proxy Address.
663219 FortiManager may not be able to add more than 10240 service objects.
664307 Cloning DNS filter profile that assigned from Global ADOM results in Response with errors.
666913 Web URL Filter is deleted when URL Filter option is unchecked under the Web Filter Profile.
667414 FortiManager may freeze when editing comment field on a policy package with many policies.
671072 FortiGate should be able to synchronize and resolve dynamic address group to the IP address from FortiManager with NSX-T integration.
671265 Global object assignment may not work.
671988 FortiManager is not able to push dynamic objects to FortiGate after receiving the configurations from NSXT connector.
673305 Policy package install may stall and fail due to high memory usage.
675541 Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile.
675541 Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile.

Revision History

Bug ID Description
565138 Installation to FortiGate fails for passphrase and password when private-data-encryption is enabled.
579286 Installation may fail for FortiGate 6.2 within ADOM 6.0 due to configuration changes with virtual-wan-link member weight and volume-ratio, and internet-service-ctrl.
612263 FortiManager may not install ADSL vci and VPI to FWF-60E-DSL.
622540 FortiManager prompts error, no hub configured, for a site even the site is not part of VPN Manager.
654496 Installing configuration to device after Auto link, FortiManager may send incorrect system ntp commands causing install to fail.
657424 FortiManager may disable the l2forward and stpforward settings on virtual switch interface when installing policy package.
657526 FortiManager should not try to unset ssl-ssh-profile configuration if it is already configured.
662438 FortiManager may try to purge all web rating override entries.

662661

Default value of global: system npu ip-reassembly:max-timeout NPU setting in ADOM 6.0 for FortiGate-1800F should be changed to 10000 to avoid Conflict status.

667148 When a policy install is performed, Install preview shows a lot of firewall policies with metafield changes without any actual changes being performed.
673327 When Traffic Shaper bandwidth is set to Mbps or Gbps, FortiManager should convert it to Kbps if installation target is non 64 bits FortiGate model.

Script

Bug ID Description
632014 When editing CLI script group, user cannot see full CLI script name.

663820

The LDAP port value remains 636 on device database and FortiManager is not accepting custom port number via CLI script.

Services

Bug ID

Description

603414 FortiManager may show incorrect firmware upgrade path.
654129 FortiManager may not have the correct upgrade path for FortiGate KVM.
666716 FortiGuard license status page should have an option to show all FortiGate HA cluster contracts.

671387

FortiManager installs the latest IPS and application control signatures on managed device despite the To Be Deployed Version is configured.

System Settings

Bug ID Description
589203 ADOM upgrade from 5.6 to 6.0 may fail due to invalid per-device mapping.
597917 Mail Server setting within Event Handler Notifications is not synchronized from FortiManager to managed FortiAnalyzer.
611215 SNMP Hosts in SNMP Community are not displayed in the GUI if ADOM is unlocked.
619750 When upgrading ADOM from 5.4 to 5.6, FortiManager does not add tcp-session-without-syn in all firewall policies.
624354 There may be an empty space in ADOM management page.
639099 There are many cdb event log for object changed in event logs after upgrade.
654637 After upgrade, non super user password change may not taking effect.
658689 Log service may shutdown and restarted routinely.

660226

HA may crash when upgrading.

660361 ADOM upgrade may fail when FortiManager has workspace-mode set to workflow.
665033 Global web rating overrides may not be assigned after upgrade.
667445 FortiManager may show errors on dynamic_mapping.local-int during upgrade.

VPN Manager

Bug ID

Description

647413 User should be able to select the OS to allow or deny an SSL-VPN tunnel connection.
658221 The dns-suffix on SSL VPN portal is not installed if web-mode is disabled.

Resolved Issues

The following issues have been fixed in 6.2.7. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
663983 FortiAP upgrade may not proceed past 20%.
665945 Brazil country (BR) code does not offer any radio choices.
669906 FortiManager may not be able to install mpsk-key from AP Manager.

676267

AP Manager may not be able to show Rogue AP list.

Device Manager

Bug ID Description
601692 FortiManager is unable to overwrite IPv6 default route.
609744 In Device Manager > System > Interface may not be able to delete SSID interface.
613029 SD-WAN Monitor is showing effect of exceeded SLA even if this is disabled.
616537 FortiGate and FortiManager GUI should use similar terminology for configuring weight and volume-ratio in SD-WAN.
627664 FortiManager cannot coop with socket-size 0 and changes it to 1 automatically.
627749 Admin user with device-config set as read in admin profile cannot download configuration revision.
635316 Return button is not working when viewing HA mode.
645086 Policy Lookup shows an error even though device is in sync.
646421 FortiManager may not be able to configure VDOM property resources setting.
649769 FortiManager cannot view full list of Extenders.
649785 SD-WAN > Monitor may hang for an ADOM with 1500 devices.
649821 Installation may fail for FortiGate-600D.
652481 Allow access is missing under interface on AWS FortiGate and may cause installation to fail.
653701 When FortiManager is configured in advanced ADOM mode, FortiManager still allows device assignment of CLI Templates/Groups in an ADOM where the management VDOM of that device does not reside in that particular ADOM.
657933 Importing policy should be successful even with the / character in the zone name.
659838 Interfaces any & virtual-wan-link should not be visible as OSPF passive interface option.
659862 FortiManager sends unset serial for FortiAnalzyer settings when System Template is being used.
661116 Device configuration may not be updated after running CLI script on remote FortiGate.
662073 FortiManager should create a new OSPF interface when clicking on OK button.
662095 FortiManager may take a long time to send SLA updates to over thousands of FortiGate devices.
664253 The auto-join-forticloud configuration may cause out-of-sync status.
664689 FortiManager should list VAPs in CLI only object.
665955 FortiManager is not reflecting proper admin timeout value in CLI only object.
666240 CLI Configurations is missing options for antivirus heuristic and ips global.
666833 GUI returns no warning when 4-byte AS or invalid community being configured on Standard community.
668664 Policy package diff is much slower after upgrade.
669129 FortiManager does not create dynamic mapping for address group causing import failure.
669618 CLI Configuration may not show the corresponding ports or interfaces.
669704 FortiManager does not allow user to configure FortiGate admin password longer than 32 characters.
670072 FortiManager can export license file but it does not include HA information.
670274 CLI Configuration is missing system global for VDOM enabled device.
672338 FortiManager may unset interface weight in SD-WAN when installing within 6.0 ADOM.

FortiClient Manager

Bug ID

Description

662432 List of managed switches in FortiSwitch Manager is often incomplete with per-device management.

FortiSwitch Manager

Bug ID

Description

650453 FortiSwitch template and VLAN should appear for firewall policy creation.

Global ADOM

Bug ID Description
666842 Cloning a global policy package may fail with runtime error -1: invalid value.

Others

Bug ID

Description

596067 In workflow mode, FortiManager cannot add device to policy package installation target via JSON API.
659916 FortiManager may consume high memory usage by the svc sys daemon.
661069 ADOM restricted access user is able to pull Device Manager information from ADOMs via JSON API.
665617 FortiManager may consume high CPU resource when locking ADOM or loading policy.

Policy and Objects

Bug ID Description
531112 Consolidated policy is missing implicit deny policy.
565301 Exporting policy package to Excel may not work.
587994 Some dynamic type FSSO sub-type addresses on FortiGate cannot be resolved when the configurations are from FortiManager.
608268 Users may not be able to edit firewall policy due to session-ttl:out of range in v5.6 or v6.0 ADOM.
617031 Right-clicking on IPv4/Proxy Policy or Installation Targets should not reload the page if the related information is already displayed.
622040 Security Policy is missing Implicit Deny policy.
635966 Azure SDN connector only fetches the first page of results.
639437 FortiManager intermittently not displaying custom objects inside of address group.
647189 FortiManager dynamic object filter generator is adding a "s" at the end of tag resulting in non working object.
651785 Address section under Policy & Objects > Security Profiles > SSL/SSH Inspection may load indefinitely.
657026 GUI gets stuck in loading when trying to apply changes made to Anti Virus profile.
657826 FortiManager should not allow unsupported options in Certificate Inspection SSL/SSH inspection profiles to be visible.
657896 FortiManager should provide more descriptive error message when copy fails.
658528 The URL remote category, FortiGuard Threat Feed, is not available in the dropdown menu for Proxy Address.
663219 FortiManager may not be able to add more than 10240 service objects.
664307 Cloning DNS filter profile that assigned from Global ADOM results in Response with errors.
666913 Web URL Filter is deleted when URL Filter option is unchecked under the Web Filter Profile.
667414 FortiManager may freeze when editing comment field on a policy package with many policies.
671072 FortiGate should be able to synchronize and resolve dynamic address group to the IP address from FortiManager with NSX-T integration.
671265 Global object assignment may not work.
671988 FortiManager is not able to push dynamic objects to FortiGate after receiving the configurations from NSXT connector.
673305 Policy package install may stall and fail due to high memory usage.
675541 Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile.
675541 Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile.

Revision History

Bug ID Description
565138 Installation to FortiGate fails for passphrase and password when private-data-encryption is enabled.
579286 Installation may fail for FortiGate 6.2 within ADOM 6.0 due to configuration changes with virtual-wan-link member weight and volume-ratio, and internet-service-ctrl.
612263 FortiManager may not install ADSL vci and VPI to FWF-60E-DSL.
622540 FortiManager prompts error, no hub configured, for a site even the site is not part of VPN Manager.
654496 Installing configuration to device after Auto link, FortiManager may send incorrect system ntp commands causing install to fail.
657424 FortiManager may disable the l2forward and stpforward settings on virtual switch interface when installing policy package.
657526 FortiManager should not try to unset ssl-ssh-profile configuration if it is already configured.
662438 FortiManager may try to purge all web rating override entries.

662661

Default value of global: system npu ip-reassembly:max-timeout NPU setting in ADOM 6.0 for FortiGate-1800F should be changed to 10000 to avoid Conflict status.

667148 When a policy install is performed, Install preview shows a lot of firewall policies with metafield changes without any actual changes being performed.
673327 When Traffic Shaper bandwidth is set to Mbps or Gbps, FortiManager should convert it to Kbps if installation target is non 64 bits FortiGate model.

Script

Bug ID Description
632014 When editing CLI script group, user cannot see full CLI script name.

663820

The LDAP port value remains 636 on device database and FortiManager is not accepting custom port number via CLI script.

Services

Bug ID

Description

603414 FortiManager may show incorrect firmware upgrade path.
654129 FortiManager may not have the correct upgrade path for FortiGate KVM.
666716 FortiGuard license status page should have an option to show all FortiGate HA cluster contracts.

671387

FortiManager installs the latest IPS and application control signatures on managed device despite the To Be Deployed Version is configured.

System Settings

Bug ID Description
589203 ADOM upgrade from 5.6 to 6.0 may fail due to invalid per-device mapping.
597917 Mail Server setting within Event Handler Notifications is not synchronized from FortiManager to managed FortiAnalyzer.
611215 SNMP Hosts in SNMP Community are not displayed in the GUI if ADOM is unlocked.
619750 When upgrading ADOM from 5.4 to 5.6, FortiManager does not add tcp-session-without-syn in all firewall policies.
624354 There may be an empty space in ADOM management page.
639099 There are many cdb event log for object changed in event logs after upgrade.
654637 After upgrade, non super user password change may not taking effect.
658689 Log service may shutdown and restarted routinely.

660226

HA may crash when upgrading.

660361 ADOM upgrade may fail when FortiManager has workspace-mode set to workflow.
665033 Global web rating overrides may not be assigned after upgrade.
667445 FortiManager may show errors on dynamic_mapping.local-int during upgrade.

VPN Manager

Bug ID

Description

647413 User should be able to select the OS to allow or deny an SSL-VPN tunnel connection.
658221 The dns-suffix on SSL VPN portal is not installed if web-mode is disabled.