Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Release Notes

Resolved Issues

The following issues have been fixed in 6.2.8. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

591994 AP region settings may be unset in central management mode.
648812 DHCP server is incorrectly created for Bridge SSID.
674636 SSID may be empty on AP Manager > WiFi Profiles > SSID column.
692911 FortiManager may not be able to display correct information for wireless radio in wireless profile for FortiWiFi-80F-2R.

Device Manager

Bug ID

Description

485037 Monitor > Map View may fail if proxy is enabled.
575215 When creating a new interface for a VDOM, FortiManager may list interfaces that may belong to another ADOM.
594211 FortiManager should be able to create new VLAN interface on the fabric interface and install to FortiGate.
603820 FortiManager fails to import a policy when reputation-minimum and reputation-direction are set.
610585 Device Manager cannot save DHCP for Unknown MAC address with action sets to block.
624325 Creating or editing a transparent VDOM to disable may stall at 20%.
631842 FortiGuard Scheduled Updates Hours field may not be saved after clicking Apply.
636012 Importing policy may report conflict for the default SSH CA certificates.
642362 Under Workflow mode, config status may change to Modified when the session has not changed.
646537 Under System > Explicit Proxy, the multiple selections for listen on interfaces may not be saved.
654190 FortiManager should not modify IPv4 addressing mode when IPv6 addressing mode is changed.
654611 Under Advanced mode and within a VDOM, clicking Device Manager on the top menu returns the No Permission error.
656433 FortiManager device delete process may stall.
658832 FortiManager is unable to retrieve priority-members if the outgoing interface is using the Manual strategy in SD-WAN rule.
662656 When importing polices contain policy block or global policy, import wizard should give a warning that those polices will not be imported.
665344 User with full Read/Write DVM privileges should be allowed to see and modify the System Provisioning Templates.
666634 FortiManager may fail to import GCP SDN connector object.
667142 FortiManager is unable to edit or hover mouse over OSPF route after the seventh line.
667738 GUI should generate an error message when using invalid IP address or special characters in interface name.
667826 Device Manager may show No entry found with rtmmond and security console crashes.
668958 After enabling DHCP rely on one interface, DHCP server is disabled on another interface during install.
670535 Install fails when creating a new DHCP reservation due to missing MAC address.
670839 FortiManager should be able to configure IPSec Phase2 selector using the same IP range.
673008 SD-WAN Rules order changes to the default when creating a rule and moving it to the top.
677241 Interface speed is set i correctly on port group due to missing aggregate membership verification.
678066 Install may fail when changing FortiGate admin password from FortiManager.
678495 FortiManager VPN L2TP may prompt invalid ip range message.
680516 Host Name is truncated when name has more than 31 characters.
683411 FortiManager may not display a FortiGate under the Device Manager > Managed Devices.
684372 When using VDOMs, Policy Package status remains in modified status after using Push to device.
684462 FortiManager truncates the device configuration when downloading from View configuration option.

686144

SD-WAN monitor table view may not match the FortiGate performance SLA monitor.

688470 When importing policy, the interface zone, intra-zone, may not import to ADOM database.
688972 SD-WAN rules may lose all interface members after upgrade.
689014 FortiManager may return an error when changing FortiGate device log configuration from FortiManager with management VDOM moved to another VDOM.
690012 Changing the value of a meta-data field for a device should trigger the change with configuration status.
690566 Changes to the Disclaimer Page may not be saved with error.
696848 Users may not be able to retrieve configuration or import policy from managed devices with dvmcore constantly crashing.
697924 When there are many devices, all managed FortiGates may show connection down state.

FortiSwitch Manager

Bug ID

Description

676739 FortiManager may not be able to delete VLAN interfaces created by FortiSwitch Manager.
708901 The assigned FortiSwitch template name that has more than sixteen characters may fail the ADOM integrity check.

Global ADOM

Bug ID

Description

632400 When installing global policy, FortiManager may delete policy routes and settings on an ADOM.
667423 Assigned header policy from the global ADOM shows up on excluded policy package.
670280 Promoting the Profile Group object should not promote the default Protocol option.

Others

Bug ID

Description

615315 FortiManager may fail to pull docker from registry server with inode exhausted.
656956 There may be crashes with rtmmond when FortiWLM is enabled.
667421 FortiManager may report repeated miglogd crashes which causes log loss.
670479 FortiManager configuration file size may be large due to a bulk of resync files.
671444 FortiManager may fail to check-in configuration revision with the HA secondary unit.
681625 The svc cdb reader process may crash during upgrade of ADOM.
682404 The rtmmond process memory usage may increase constantly.
683841 FortiManager databases may randomly lose integrity.
688188 HA re-transmission may not work and crash.
691568 FortiManager GUI may randomly becomes non responsive.
695549 The _created timestamp is missing in REST API return data for policy.
697132 In some occasions, FortiManager is not accessible until the device is rebooted every couple of days.

706516

Security console may crash when there are quotation marks around the group name.

Policy and Objects

Bug ID Description
523350 FortiManager does not show the default certificate under SSL/SSH Inspection within the policy.
587634 FortiManager may not be able to create new wildcard FQDN type address to FortiGate 6.2.
612317 FortiManager shows the incorrect country code for Cyprus under User definition.
630431 Some application and filter overrides are not displayed on GUI.
631372 Setting server-cert-mode to replace may cause install failure if inspect-all is certificate-inspection.
633727 FortiManager is unable to display summary of policy package diff for VDOM with a long name.
651991 After adding and removing Security Profile, policy Security Profile changes from no-inspection to empty.
660483 IPS signatures may not match between FortiGate and FortiManager.
675199 Local web category override is not installed if the web filter is part of policy block package.
677385 IPS profile may not load.

686913

Default entry "1" under the Intrusion Prevention > IPS Signatures and Filters may not be visible in the GUI.

687460 The same filter may behave differently between source address and destination address.
688336 Find and replace may not work for security profiles.

Revision History

Bug ID Description
657344 Installing from 6.0 ADOM may try to unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2.
660525 Installing from FortiManager may unset comment, organization, and subnet-name during install.
662438 FortiManager may try to purge all web rating override entries.
667148 When a policy install is performed, Install preview shows lot of firewall policies with metafield changes without any actual change been done.
675867 The ssl-anomaly-log configuration may be incorrectly pushed by FortiManager when installing 5.6 ADOM policy to 6.0 FortiGate.
677659 FortiManager may fail to retrieve device configuration on web category with log threat-weight.
679139 When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios.
686036 FortiManager may remove allow access configurations for secondary IP when a policy package is installed.
691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.
693225 FortiManager may install unset inspection-mode to FortiGate 6.2 device in 6.0 ADOM.
694380 Installation may fail when set whitelist enable in ssl-ssh-profile is pushed to FortiGate 6.2 from a in 6.0 ADOM.
709456 FortiManager may be missing configuration revisions after performed HA failover.

Script

Bug ID Description
669198 Running a script in Policy & Objects does not update Save status.

Services

Bug ID Description
587730 FortiGate-VM64-AZURE may not be listed in firmware image page.
680857 FortiExtender, FortiAP, or FortiSwitch upgrades can fail due to custom image being deleted during or after a failed upgrade.
694903 Some firmware upgrade paths may have issues.

695685

FortiGate HA firmware upgrade may fail when both HA units need disk check.

699768 FortiManager should add 06002000NIDS02504 extend IPS database to default download list.
714596 For web filter query, FortiManager should support category 9 mapping data.

714787

FortiManager should have a diagnose command to force web filtering database merge.

System Settings

Bug ID Description
631733 Changing trusted IP can be saved and installed.
637377 If Manage Device Configurations is none in admin profile, user may not be able to see interface in policy.
642205 While FortiAnalyzer model is disabled, FortiManager may fail to create an ADOM due to oversize with disk quota.
660226 HA may crash when upgrading.
662970 Firewall addresses may not be not visible on GUI after upgrading FortiManager.
677461 FortiManager is not able to identify ADOMs that are locked by none super user administrators.
687223 Users may not be able to upgrade ADOM because of profile-protocol-options.
690921 ADOM upgrade from 6.0 to 6.2 should not add custom ssl-ssh-profile to policies which were not configured for SSL inspection.

VPN Manager

Bug ID Description
596953 Going to VPN manager > Monitor, and selecting a specific community from the tree menu to show only that community's tunnels, the monitor page displays a white screen.
608221 There is no XAUTH USER column in VPN Manager Monitor.
620801 SSLVPN > Edit SSLVPN Settings > IP Range only shows configuration from ADOM database objects.
681110 VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate.
685704 After upgrading FortiManager, install to any device participating in the full mesh VPN may fail with copy error fetch device/vdom list failed.
704614 FortiManager may not be able to push policy package due to VPN related error.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID Description
716350

FortiManager 6.2.8 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-32589

   
   
   

Resolved Issues

The following issues have been fixed in 6.2.8. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

591994 AP region settings may be unset in central management mode.
648812 DHCP server is incorrectly created for Bridge SSID.
674636 SSID may be empty on AP Manager > WiFi Profiles > SSID column.
692911 FortiManager may not be able to display correct information for wireless radio in wireless profile for FortiWiFi-80F-2R.

Device Manager

Bug ID

Description

485037 Monitor > Map View may fail if proxy is enabled.
575215 When creating a new interface for a VDOM, FortiManager may list interfaces that may belong to another ADOM.
594211 FortiManager should be able to create new VLAN interface on the fabric interface and install to FortiGate.
603820 FortiManager fails to import a policy when reputation-minimum and reputation-direction are set.
610585 Device Manager cannot save DHCP for Unknown MAC address with action sets to block.
624325 Creating or editing a transparent VDOM to disable may stall at 20%.
631842 FortiGuard Scheduled Updates Hours field may not be saved after clicking Apply.
636012 Importing policy may report conflict for the default SSH CA certificates.
642362 Under Workflow mode, config status may change to Modified when the session has not changed.
646537 Under System > Explicit Proxy, the multiple selections for listen on interfaces may not be saved.
654190 FortiManager should not modify IPv4 addressing mode when IPv6 addressing mode is changed.
654611 Under Advanced mode and within a VDOM, clicking Device Manager on the top menu returns the No Permission error.
656433 FortiManager device delete process may stall.
658832 FortiManager is unable to retrieve priority-members if the outgoing interface is using the Manual strategy in SD-WAN rule.
662656 When importing polices contain policy block or global policy, import wizard should give a warning that those polices will not be imported.
665344 User with full Read/Write DVM privileges should be allowed to see and modify the System Provisioning Templates.
666634 FortiManager may fail to import GCP SDN connector object.
667142 FortiManager is unable to edit or hover mouse over OSPF route after the seventh line.
667738 GUI should generate an error message when using invalid IP address or special characters in interface name.
667826 Device Manager may show No entry found with rtmmond and security console crashes.
668958 After enabling DHCP rely on one interface, DHCP server is disabled on another interface during install.
670535 Install fails when creating a new DHCP reservation due to missing MAC address.
670839 FortiManager should be able to configure IPSec Phase2 selector using the same IP range.
673008 SD-WAN Rules order changes to the default when creating a rule and moving it to the top.
677241 Interface speed is set i correctly on port group due to missing aggregate membership verification.
678066 Install may fail when changing FortiGate admin password from FortiManager.
678495 FortiManager VPN L2TP may prompt invalid ip range message.
680516 Host Name is truncated when name has more than 31 characters.
683411 FortiManager may not display a FortiGate under the Device Manager > Managed Devices.
684372 When using VDOMs, Policy Package status remains in modified status after using Push to device.
684462 FortiManager truncates the device configuration when downloading from View configuration option.

686144

SD-WAN monitor table view may not match the FortiGate performance SLA monitor.

688470 When importing policy, the interface zone, intra-zone, may not import to ADOM database.
688972 SD-WAN rules may lose all interface members after upgrade.
689014 FortiManager may return an error when changing FortiGate device log configuration from FortiManager with management VDOM moved to another VDOM.
690012 Changing the value of a meta-data field for a device should trigger the change with configuration status.
690566 Changes to the Disclaimer Page may not be saved with error.
696848 Users may not be able to retrieve configuration or import policy from managed devices with dvmcore constantly crashing.
697924 When there are many devices, all managed FortiGates may show connection down state.

FortiSwitch Manager

Bug ID

Description

676739 FortiManager may not be able to delete VLAN interfaces created by FortiSwitch Manager.
708901 The assigned FortiSwitch template name that has more than sixteen characters may fail the ADOM integrity check.

Global ADOM

Bug ID

Description

632400 When installing global policy, FortiManager may delete policy routes and settings on an ADOM.
667423 Assigned header policy from the global ADOM shows up on excluded policy package.
670280 Promoting the Profile Group object should not promote the default Protocol option.

Others

Bug ID

Description

615315 FortiManager may fail to pull docker from registry server with inode exhausted.
656956 There may be crashes with rtmmond when FortiWLM is enabled.
667421 FortiManager may report repeated miglogd crashes which causes log loss.
670479 FortiManager configuration file size may be large due to a bulk of resync files.
671444 FortiManager may fail to check-in configuration revision with the HA secondary unit.
681625 The svc cdb reader process may crash during upgrade of ADOM.
682404 The rtmmond process memory usage may increase constantly.
683841 FortiManager databases may randomly lose integrity.
688188 HA re-transmission may not work and crash.
691568 FortiManager GUI may randomly becomes non responsive.
695549 The _created timestamp is missing in REST API return data for policy.
697132 In some occasions, FortiManager is not accessible until the device is rebooted every couple of days.

706516

Security console may crash when there are quotation marks around the group name.

Policy and Objects

Bug ID Description
523350 FortiManager does not show the default certificate under SSL/SSH Inspection within the policy.
587634 FortiManager may not be able to create new wildcard FQDN type address to FortiGate 6.2.
612317 FortiManager shows the incorrect country code for Cyprus under User definition.
630431 Some application and filter overrides are not displayed on GUI.
631372 Setting server-cert-mode to replace may cause install failure if inspect-all is certificate-inspection.
633727 FortiManager is unable to display summary of policy package diff for VDOM with a long name.
651991 After adding and removing Security Profile, policy Security Profile changes from no-inspection to empty.
660483 IPS signatures may not match between FortiGate and FortiManager.
675199 Local web category override is not installed if the web filter is part of policy block package.
677385 IPS profile may not load.

686913

Default entry "1" under the Intrusion Prevention > IPS Signatures and Filters may not be visible in the GUI.

687460 The same filter may behave differently between source address and destination address.
688336 Find and replace may not work for security profiles.

Revision History

Bug ID Description
657344 Installing from 6.0 ADOM may try to unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2.
660525 Installing from FortiManager may unset comment, organization, and subnet-name during install.
662438 FortiManager may try to purge all web rating override entries.
667148 When a policy install is performed, Install preview shows lot of firewall policies with metafield changes without any actual change been done.
675867 The ssl-anomaly-log configuration may be incorrectly pushed by FortiManager when installing 5.6 ADOM policy to 6.0 FortiGate.
677659 FortiManager may fail to retrieve device configuration on web category with log threat-weight.
679139 When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios.
686036 FortiManager may remove allow access configurations for secondary IP when a policy package is installed.
691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.
693225 FortiManager may install unset inspection-mode to FortiGate 6.2 device in 6.0 ADOM.
694380 Installation may fail when set whitelist enable in ssl-ssh-profile is pushed to FortiGate 6.2 from a in 6.0 ADOM.
709456 FortiManager may be missing configuration revisions after performed HA failover.

Script

Bug ID Description
669198 Running a script in Policy & Objects does not update Save status.

Services

Bug ID Description
587730 FortiGate-VM64-AZURE may not be listed in firmware image page.
680857 FortiExtender, FortiAP, or FortiSwitch upgrades can fail due to custom image being deleted during or after a failed upgrade.
694903 Some firmware upgrade paths may have issues.

695685

FortiGate HA firmware upgrade may fail when both HA units need disk check.

699768 FortiManager should add 06002000NIDS02504 extend IPS database to default download list.
714596 For web filter query, FortiManager should support category 9 mapping data.

714787

FortiManager should have a diagnose command to force web filtering database merge.

System Settings

Bug ID Description
631733 Changing trusted IP can be saved and installed.
637377 If Manage Device Configurations is none in admin profile, user may not be able to see interface in policy.
642205 While FortiAnalyzer model is disabled, FortiManager may fail to create an ADOM due to oversize with disk quota.
660226 HA may crash when upgrading.
662970 Firewall addresses may not be not visible on GUI after upgrading FortiManager.
677461 FortiManager is not able to identify ADOMs that are locked by none super user administrators.
687223 Users may not be able to upgrade ADOM because of profile-protocol-options.
690921 ADOM upgrade from 6.0 to 6.2 should not add custom ssl-ssh-profile to policies which were not configured for SSL inspection.

VPN Manager

Bug ID Description
596953 Going to VPN manager > Monitor, and selecting a specific community from the tree menu to show only that community's tunnels, the monitor page displays a white screen.
608221 There is no XAUTH USER column in VPN Manager Monitor.
620801 SSLVPN > Edit SSLVPN Settings > IP Range only shows configuration from ADOM database objects.
681110 VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate.
685704 After upgrading FortiManager, install to any device participating in the full mesh VPN may fail with copy error fetch device/vdom list failed.
704614 FortiManager may not be able to push policy package due to VPN related error.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID Description
716350

FortiManager 6.2.8 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-32589