Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 6.4.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiManager 6.4.1 Release Notes
    6.4.1
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3

    Resolved Issues

    Resolved Issues

    The following issues have been fixed in 6.4.1. For inquires about a particular bug, please contact Customer Service & Support.

    AP Manager

    Bug ID Description
    555159 After deleting an SSID from Device Manager, AP Manager still shows the SSID.
    620117 AP Manager needs to support of FortiAP-U431F and FortiAP-U433F.

    629182

    Verification may fail with wtp-profile for FAPU431F-default or FAPU433F-default with radio 3 mode set as ap.

    Device Manager

    Bug ID Description
    525051 Automation stitch cannot add FortiGates to automation.
    543824 User with restricted permissions may be able to access global settings.
    544982 Policy Package Status may become out-of-sync for all devices when adding one device to Install On.
    589453 Application group of type category should not be used for SD-WAN rules.
    601692 FortiManager is unable to overwrite IPv6 default route.
    603286 Device Manager's dashboard System Time and HA Mode buttons do not work.
    610071 When creating a new interface based VPN phase1, FortiManager should not allow duplicated names.
    610585 Device Manager cannot save DHCP for Unknown MAC address with action set to block.
    610937 In non-root management VDOM, FortiManager prompts no permission error when accessing device interface.
    611315 SD-WAN should be allowed to configure port for HTTP health-check server.
    613426 VDOMs may show up twice in Device Manager.
    613762 Connecting to CLI via SSH may not work when FortiGate is behind NAT.
    615092 FortiManager should allow using FQDN for FortiAnalyzer logging.
    616264 IPv6 extra-address may not convert properly.
    616537 FortiGate and FortiManager GUI should use similar terminology for configuring weight and volume-ratio in SD-WAN.
    620029 Deleting a VDOM may prompt "Internal Error".
    622353 Cloning VPN Phase1-Interface does not clone Phase1 proposals.
    625691 FortiManager does not allow DHCP lease time to be disabled.
    626152 Adding FortiGate-100E may fail at "user group.guest".
    627351 System Templates are unable to apply or import certificate in syslog settings for v6.0 ADOMs.

    624596

    Device Manager's Connect to CLI function with SSH may prompt an error message.

    625831

    Deleting a device from Device Manager may take a long time and FortiManager becomes very slow.

    631576

    Device list may be empty under device group when trying to edit it.

    638351

    FortiManager is unable to set FAZ IP override setting as global setting.

    FortiSwitch Manager

    Bug ID Description
    624143 FortiSwitch Manager may not install VLAN to FortiGate.

    Others

    Bug ID Description
    622411 Valid zone and interface mappings are deleted after running the diag cdb check policy-packages command.

    623147

    FortiManager may never form a HA due to variance in certificates.

    629332

    Securityconsole may crash when copying policy package.

    635616

    The ADOM integrity check may fail with SD-WAN dynamic interface members.

    Policy and Objects

    Bug ID Description
    553462 FortiManager may prompt error, when Zone member VLAN is used by another zone, when installing policy package.
    577201 Next button should be inactive until zone validation is fixed in the case of Re-Install Policy.
    577816 Policy-based rule shows NAT status as disabled or empty.
    577818 When a policy package in an ADOM v6.0 is enabled with policy-based mode, the rules do not show the application column.
    580166 Bulk installation gets stuck with fake policy package.
    581588 Central SNAT policy does not support showing IPv6 address on table.
    582255 FortiManager is unable to lock ADOM if another admin is installing a policy to same FortiGate in a different ADOM.
    596533 Renaming policy package changes the implicit policy's "Log Violation Traffic" setting to "No Log".
    599780 If one or more devices has a policy validation error, FortiManager does not show other devices that are "ready to install".
    601320 FortiManager should be able to display IPv4 policies in Interface Pair View mode.
    607281 pxgrid connector on FortiManager may not work with Cisco ISE version 2.7.
    609300 FortiManager may not be able to import all Cisco ACI Fabric Connector address.
    612445 Policy package for v5.6 cannot be installed on v6.0 devices if default deep SSL inspection is used.
    613840 Process bar does not show correct status when an address fails to import for fabric connector.
    614710 Result of search in device interface should display zone that the interface is a member of.
    618711 Install to FortiGate may fails for dhcp-relay-agent-option.
    622129 FortiManager may return validation error when creating a policy within a profile based policy package.
    623104 FortiManager may not be able to promote the Web Filter object from any ADOM to Global ADOM.
    624561 Changing an Accept policy with proxy-based inspection mode to Deny may lead to installation failure.
    624586 FortiManager may try to unset "server-identity-check " while pushing a new LDAP server.
    628830 FortiManager should be able to select a device to install after adding a group object member to a nested group.
    629412 ADOM v6.0 ssl-ssh-profile with deep inspection disabled is changed with deep inspection when installing to a FortiGate v6.2 device.

    620890

    Unlock and discard changes on policy package may create duplicate section titles.

    625665

    Policy package installation may fail due to certificates errors after creating a new VDOM.

    627796

    FortiManager may prompt copy failure on webfilter ftgd-local-rating.

    628326

    FortiManager may delete reserved address on FortiGate AWS causing installation failure.

    629961

    When installing to a FortiGate 6.0 device, ssl-ssh-profile status is changed to deep inspection after policy package install.

    631138

    Copy may fail due to missing SDN connector configuration.

    631405

    FortiManager should check for 'mgmt' interface configuration for 'dedicated to mgmt' setting before allow using the interface on a policy.

    632545

    Installing policy package may result in an error: "Could not read zone validation results".

    633248

    Web proxy profile is not being installed on FortiGate when the proxy type is "Transparent-web".

    633870

    Installing geneve configuration may fail at verification stage.

    634597

    FortiManager may unset speed on ports which are configured with 10000full.

    636732

    Copying policy causes interface binding contradiction for object member.

    Revision History

    Bug ID

    Description
    604680 FortiManager sets FSSO to disable even though FSSO group is in use.
    604738 Verification fails for replacemsg "auth-authorization-fail" after upgraded FortiManager and installed to FortiGate with system template assigned.
    608051 Policy package install time increases when using policy package diff option.
    624583 When pushing a new configuration, FortiManager may try to change the Kerberos keytab on the FortiGate causing install failure.

    Services

    Bug ID

    Description
    591519 FortiManager adds upgrade support for FortiAP-231E.

    633485

    FortiManager as a FortiGuard server for FortiClient web filtering queries may not be available.

    633534

    Validation license process is not working for model device preventing firmware upgrade upon discovery.

    System Settings

    Bug ID Description
    557949 Changing password should be enabled by default for all admin users.
    579563 Workflow Session List menu seems to always match the first wildcard TACACS admin.
    623149 The list to select device is not consistent with All except ADOMs list restriction.

    626773

    FortiManager cannot perform system backup when SD-WAN Orchestrator is enabled.

    VPN Manager

    Bug ID

    Description
    621209 VPN monitor should show the corresponding VPN community tunnels only under each community.
    Previous
    Next

    Resolved Issues

    Resolved Issues

    The following issues have been fixed in 6.4.1. For inquires about a particular bug, please contact Customer Service & Support.

    AP Manager

    Bug ID Description
    555159 After deleting an SSID from Device Manager, AP Manager still shows the SSID.
    620117 AP Manager needs to support of FortiAP-U431F and FortiAP-U433F.

    629182

    Verification may fail with wtp-profile for FAPU431F-default or FAPU433F-default with radio 3 mode set as ap.

    Device Manager

    Bug ID Description
    525051 Automation stitch cannot add FortiGates to automation.
    543824 User with restricted permissions may be able to access global settings.
    544982 Policy Package Status may become out-of-sync for all devices when adding one device to Install On.
    589453 Application group of type category should not be used for SD-WAN rules.
    601692 FortiManager is unable to overwrite IPv6 default route.
    603286 Device Manager's dashboard System Time and HA Mode buttons do not work.
    610071 When creating a new interface based VPN phase1, FortiManager should not allow duplicated names.
    610585 Device Manager cannot save DHCP for Unknown MAC address with action set to block.
    610937 In non-root management VDOM, FortiManager prompts no permission error when accessing device interface.
    611315 SD-WAN should be allowed to configure port for HTTP health-check server.
    613426 VDOMs may show up twice in Device Manager.
    613762 Connecting to CLI via SSH may not work when FortiGate is behind NAT.
    615092 FortiManager should allow using FQDN for FortiAnalyzer logging.
    616264 IPv6 extra-address may not convert properly.
    616537 FortiGate and FortiManager GUI should use similar terminology for configuring weight and volume-ratio in SD-WAN.
    620029 Deleting a VDOM may prompt "Internal Error".
    622353 Cloning VPN Phase1-Interface does not clone Phase1 proposals.
    625691 FortiManager does not allow DHCP lease time to be disabled.
    626152 Adding FortiGate-100E may fail at "user group.guest".
    627351 System Templates are unable to apply or import certificate in syslog settings for v6.0 ADOMs.

    624596

    Device Manager's Connect to CLI function with SSH may prompt an error message.

    625831

    Deleting a device from Device Manager may take a long time and FortiManager becomes very slow.

    631576

    Device list may be empty under device group when trying to edit it.

    638351

    FortiManager is unable to set FAZ IP override setting as global setting.

    FortiSwitch Manager

    Bug ID Description
    624143 FortiSwitch Manager may not install VLAN to FortiGate.

    Others

    Bug ID Description
    622411 Valid zone and interface mappings are deleted after running the diag cdb check policy-packages command.

    623147

    FortiManager may never form a HA due to variance in certificates.

    629332

    Securityconsole may crash when copying policy package.

    635616

    The ADOM integrity check may fail with SD-WAN dynamic interface members.

    Policy and Objects

    Bug ID Description
    553462 FortiManager may prompt error, when Zone member VLAN is used by another zone, when installing policy package.
    577201 Next button should be inactive until zone validation is fixed in the case of Re-Install Policy.
    577816 Policy-based rule shows NAT status as disabled or empty.
    577818 When a policy package in an ADOM v6.0 is enabled with policy-based mode, the rules do not show the application column.
    580166 Bulk installation gets stuck with fake policy package.
    581588 Central SNAT policy does not support showing IPv6 address on table.
    582255 FortiManager is unable to lock ADOM if another admin is installing a policy to same FortiGate in a different ADOM.
    596533 Renaming policy package changes the implicit policy's "Log Violation Traffic" setting to "No Log".
    599780 If one or more devices has a policy validation error, FortiManager does not show other devices that are "ready to install".
    601320 FortiManager should be able to display IPv4 policies in Interface Pair View mode.
    607281 pxgrid connector on FortiManager may not work with Cisco ISE version 2.7.
    609300 FortiManager may not be able to import all Cisco ACI Fabric Connector address.
    612445 Policy package for v5.6 cannot be installed on v6.0 devices if default deep SSL inspection is used.
    613840 Process bar does not show correct status when an address fails to import for fabric connector.
    614710 Result of search in device interface should display zone that the interface is a member of.
    618711 Install to FortiGate may fails for dhcp-relay-agent-option.
    622129 FortiManager may return validation error when creating a policy within a profile based policy package.
    623104 FortiManager may not be able to promote the Web Filter object from any ADOM to Global ADOM.
    624561 Changing an Accept policy with proxy-based inspection mode to Deny may lead to installation failure.
    624586 FortiManager may try to unset "server-identity-check " while pushing a new LDAP server.
    628830 FortiManager should be able to select a device to install after adding a group object member to a nested group.
    629412 ADOM v6.0 ssl-ssh-profile with deep inspection disabled is changed with deep inspection when installing to a FortiGate v6.2 device.

    620890

    Unlock and discard changes on policy package may create duplicate section titles.

    625665

    Policy package installation may fail due to certificates errors after creating a new VDOM.

    627796

    FortiManager may prompt copy failure on webfilter ftgd-local-rating.

    628326

    FortiManager may delete reserved address on FortiGate AWS causing installation failure.

    629961

    When installing to a FortiGate 6.0 device, ssl-ssh-profile status is changed to deep inspection after policy package install.

    631138

    Copy may fail due to missing SDN connector configuration.

    631405

    FortiManager should check for 'mgmt' interface configuration for 'dedicated to mgmt' setting before allow using the interface on a policy.

    632545

    Installing policy package may result in an error: "Could not read zone validation results".

    633248

    Web proxy profile is not being installed on FortiGate when the proxy type is "Transparent-web".

    633870

    Installing geneve configuration may fail at verification stage.

    634597

    FortiManager may unset speed on ports which are configured with 10000full.

    636732

    Copying policy causes interface binding contradiction for object member.

    Revision History

    Bug ID

    Description
    604680 FortiManager sets FSSO to disable even though FSSO group is in use.
    604738 Verification fails for replacemsg "auth-authorization-fail" after upgraded FortiManager and installed to FortiGate with system template assigned.
    608051 Policy package install time increases when using policy package diff option.
    624583 When pushing a new configuration, FortiManager may try to change the Kerberos keytab on the FortiGate causing install failure.

    Services

    Bug ID

    Description
    591519 FortiManager adds upgrade support for FortiAP-231E.

    633485

    FortiManager as a FortiGuard server for FortiClient web filtering queries may not be available.

    633534

    Validation license process is not working for model device preventing firmware upgrade upon discovery.

    System Settings

    Bug ID Description
    557949 Changing password should be enabled by default for all admin users.
    579563 Workflow Session List menu seems to always match the first wildcard TACACS admin.
    623149 The list to select device is not consistent with All except ADOMs list restriction.

    626773

    FortiManager cannot perform system backup when SD-WAN Orchestrator is enabled.

    VPN Manager

    Bug ID

    Description
    621209 VPN monitor should show the corresponding VPN community tunnels only under each community.
    Previous
    Next