Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiManager 6.4.11 Release Notes
    6.4.11
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3

    Resolved Issues

    Resolved Issues

    The following issues have been fixed in 6.4.11. To inquire about a particular bug, please contact Customer Service & Support.

    AP Manager

    Bug ID

    Description

    822525

    FortiManager does not take the per device mapping authentication config for SSID under the WiFi Profiles.

    Device Manager

    Bug ID Description
    751961 SD_WAN monitor does not show the selected time period properly and instead displays the results in "hours".
    789249 FortiManager does not have Logging Options after enabling One-Arm Sniffer under Interface.
    794764 FortiGate Modem Interface is not visible under Device Manager.
    800191 During the ZTP deployment, set hostname command does not push to FortiGate.
    810936 After Upgrade, managed FortiAnalyzer on FortiManager does not display the Traffic logs under the Log View for HA devices.
    812213 Default factory setting on FortiGate does not match with its default factory setting on FortiManager's DB. This causes status conflict if FortiGate is added to the FortiManager using the Add Model Device method.
    820990 IPSec VPN deployment via ZTP creates some issues on the FortiGate routing.
    828897 SD-WAN Monitor map doesn't load all devices.
    830105 FortiManager attempts to install 1.0.0.0 as the remote-gw for all the phase1-interfaces when 2 or more IPsec phase1-interfaces have same remote-gw IP.
    832599 When installing the config system snmp community settings to FortiGates, some of the entries are deleted.
    842923 Auto-update fails to sync FortiManager's device DB when interfaces are modified directly in the root VDOM of the FortiGates.
    853810 Failed to edit the managed devices to modify the location.
    855425 System Template and CLI Template config did not install to all model device FortiGates.

    859638

    860071

    		 FortiManager's SD-WAN Monitor does not display the Health Check status correctly.
    866243 The SD-WAN Monitor info for specific devices are not consistent with the map view SD-WAN interface status (based on performance SLA).
    866247 Unable to change the static route "Description" section in the Device Manager without editing the static route.

    870848

    SD-WAN Monitor under Device Manager's Monitors tab does not display any FortiGate devices which are running in 6.2 version.
    874831 FortiManager attempts to install unknown and undesired static route when modifying or adding some new static routes.

    FortiSwitch Manager

    Bug ID Description
    784525 IPv4 options cannot be defined in a per-device VLAN.

    Global ADOM

    Bug ID Description

    789164

    Unable to delete the web rating override entries from ADOM Global Database.

    826522

    Unable to remove global object from Global Database in workspace mode.

    Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs.

    Others

    Bug ID Description
    707911 FortiManager should be able to assign VLAN interface to FortiExtender.
    815875 After FortiManager's upgrade, device level status has been modified and Install preview shows that pdf-report and FortiView features will be enabled on the FortiGates, even if these have already been enabled on the FortiGates before.
    827120 FortiManager HA failed to be established in FIPS mode.
    870893 Unable to install pp to FortiGates, after FortiManager's DB got restored.
    876425 FortiManager does not display the output of the execute dmserver showconfig command.

    Policy and Objects

    Bug ID

    Description
    716892 Exporting to "Excel/CSV" does not include the value for fields "Log & Last Modified By".
    731961

    When FortiManager is working in the workspace mode, the installation for those FortiManager with larger DB may take longer time to be completed.
    738988 FortiManager does not detect the settings related to Web Cache Communication Protocol (WCCP) in SSLVPN Policies on the FortiGate.
    742293 FortiManager, via ADOM 6.0, is not able to install set logtraffic all to proxy-policy with action deny.
    795449 Unable to "Download Conflict File" to review the conflicts of firewall objects during import process.
    814478 Once the normalized interface has been defined, FortiManager does not allow setting it to "None".
    834401 Upgrading ADOMs do not complete if there are some empty values for "profile-type" and "utm-status".
    835087 Policies cannot be edited as FortiManager displays a warning message, "Please select a SSL/SSH Inspection profile" in ADOM 6.2.
    836783 FortiManager changes the use-metadata-iam value for the SDN connectors.

    838648

    "Rename objects to import" inconsistency with "datasrc duplicate" error.
    841492 FortiManager unsets the system HA settings after pushing an unsuccessful installation Policy Package to FortiGates.
    846222 Unable to perform the policy diff when both device and policy package are locked.
    847932 Hit count for a policy package does not always match the total count of all installation targets.
    863882 Last Modified Time field is empty when exporting Policy Packages to Excel.
    870878 FortiManager's GUI does not display the color code or name for the selected color for objects once it is created.
    882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".

    Script

    Bug ID

    Description
    795639 Any commands after the set secret command in the switch-controller custom-command configuration is displayed in a form of encrypted strings.

    Services

    Bug ID

    Description
    837942 In cascade mode, FortiManager as local FortiGaurd Server does not download IPS signature for extended database.

    System Settings

    Bug ID

    Description
    841782 In Workflow mode, admins are not able to click on the "Approve this request" received from the emails as it displays "Unable to complete action" or "Invalid adom name" error messages.
    853353 SDWAN Monitor Map does not show up when admin profile has been set to "None" for System Settings.
    864931 Unable to login into FortiManager using TACACS and Radius credentials.

    868706

    SSO admin users do not have the same permissions as local users with the same assigned profiles.

    VPN Manager

    Bug ID

    Description
    798995 It's not possible to delete an SSL VPN portal profile from the FortiManager GUI if the profile has already been installed.

    Common Vulnerabilities and Exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID CVE references
    872711

    FortiManager 6.4.11 is no longer vulnerable to the following CVE-Reference:

    • CVE-2023-22642
    Previous
    Next

    Resolved Issues

    Resolved Issues

    The following issues have been fixed in 6.4.11. To inquire about a particular bug, please contact Customer Service & Support.

    AP Manager

    Bug ID

    Description

    822525

    FortiManager does not take the per device mapping authentication config for SSID under the WiFi Profiles.

    Device Manager

    Bug ID Description
    751961 SD_WAN monitor does not show the selected time period properly and instead displays the results in "hours".
    789249 FortiManager does not have Logging Options after enabling One-Arm Sniffer under Interface.
    794764 FortiGate Modem Interface is not visible under Device Manager.
    800191 During the ZTP deployment, set hostname command does not push to FortiGate.
    810936 After Upgrade, managed FortiAnalyzer on FortiManager does not display the Traffic logs under the Log View for HA devices.
    812213 Default factory setting on FortiGate does not match with its default factory setting on FortiManager's DB. This causes status conflict if FortiGate is added to the FortiManager using the Add Model Device method.
    820990 IPSec VPN deployment via ZTP creates some issues on the FortiGate routing.
    828897 SD-WAN Monitor map doesn't load all devices.
    830105 FortiManager attempts to install 1.0.0.0 as the remote-gw for all the phase1-interfaces when 2 or more IPsec phase1-interfaces have same remote-gw IP.
    832599 When installing the config system snmp community settings to FortiGates, some of the entries are deleted.
    842923 Auto-update fails to sync FortiManager's device DB when interfaces are modified directly in the root VDOM of the FortiGates.
    853810 Failed to edit the managed devices to modify the location.
    855425 System Template and CLI Template config did not install to all model device FortiGates.

    859638

    860071

    		 FortiManager's SD-WAN Monitor does not display the Health Check status correctly.
    866243 The SD-WAN Monitor info for specific devices are not consistent with the map view SD-WAN interface status (based on performance SLA).
    866247 Unable to change the static route "Description" section in the Device Manager without editing the static route.

    870848

    SD-WAN Monitor under Device Manager's Monitors tab does not display any FortiGate devices which are running in 6.2 version.
    874831 FortiManager attempts to install unknown and undesired static route when modifying or adding some new static routes.

    FortiSwitch Manager

    Bug ID Description
    784525 IPv4 options cannot be defined in a per-device VLAN.

    Global ADOM

    Bug ID Description

    789164

    Unable to delete the web rating override entries from ADOM Global Database.

    826522

    Unable to remove global object from Global Database in workspace mode.

    Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs.

    Others

    Bug ID Description
    707911 FortiManager should be able to assign VLAN interface to FortiExtender.
    815875 After FortiManager's upgrade, device level status has been modified and Install preview shows that pdf-report and FortiView features will be enabled on the FortiGates, even if these have already been enabled on the FortiGates before.
    827120 FortiManager HA failed to be established in FIPS mode.
    870893 Unable to install pp to FortiGates, after FortiManager's DB got restored.
    876425 FortiManager does not display the output of the execute dmserver showconfig command.

    Policy and Objects

    Bug ID

    Description
    716892 Exporting to "Excel/CSV" does not include the value for fields "Log & Last Modified By".
    731961

    When FortiManager is working in the workspace mode, the installation for those FortiManager with larger DB may take longer time to be completed.
    738988 FortiManager does not detect the settings related to Web Cache Communication Protocol (WCCP) in SSLVPN Policies on the FortiGate.
    742293 FortiManager, via ADOM 6.0, is not able to install set logtraffic all to proxy-policy with action deny.
    795449 Unable to "Download Conflict File" to review the conflicts of firewall objects during import process.
    814478 Once the normalized interface has been defined, FortiManager does not allow setting it to "None".
    834401 Upgrading ADOMs do not complete if there are some empty values for "profile-type" and "utm-status".
    835087 Policies cannot be edited as FortiManager displays a warning message, "Please select a SSL/SSH Inspection profile" in ADOM 6.2.
    836783 FortiManager changes the use-metadata-iam value for the SDN connectors.

    838648

    "Rename objects to import" inconsistency with "datasrc duplicate" error.
    841492 FortiManager unsets the system HA settings after pushing an unsuccessful installation Policy Package to FortiGates.
    846222 Unable to perform the policy diff when both device and policy package are locked.
    847932 Hit count for a policy package does not always match the total count of all installation targets.
    863882 Last Modified Time field is empty when exporting Policy Packages to Excel.
    870878 FortiManager's GUI does not display the color code or name for the selected color for objects once it is created.
    882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".

    Script

    Bug ID

    Description
    795639 Any commands after the set secret command in the switch-controller custom-command configuration is displayed in a form of encrypted strings.

    Services

    Bug ID

    Description
    837942 In cascade mode, FortiManager as local FortiGaurd Server does not download IPS signature for extended database.

    System Settings

    Bug ID

    Description
    841782 In Workflow mode, admins are not able to click on the "Approve this request" received from the emails as it displays "Unable to complete action" or "Invalid adom name" error messages.
    853353 SDWAN Monitor Map does not show up when admin profile has been set to "None" for System Settings.
    864931 Unable to login into FortiManager using TACACS and Radius credentials.

    868706

    SSO admin users do not have the same permissions as local users with the same assigned profiles.

    VPN Manager

    Bug ID

    Description
    798995 It's not possible to delete an SSL VPN portal profile from the FortiManager GUI if the profile has already been installed.

    Common Vulnerabilities and Exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID CVE references
    872711

    FortiManager 6.4.11 is no longer vulnerable to the following CVE-Reference:

    • CVE-2023-22642
    Previous
    Next