Fortinet black logo

Release Notes

Home FortiManager 6.4.11 Release Notes
6.4.11
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3

Resolved Issues

Resolved Issues

The following issues have been fixed in 6.4.11. To inquire about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

822525

FortiManager does not take the per device mapping authentication config for SSID under the WiFi Profiles.

Device Manager

Bug ID Description
751961 SD_WAN monitor does not show the selected time period properly and instead displays the results in "hours".
789249 FortiManager does not have Logging Options after enabling One-Arm Sniffer under Interface.
794764 FortiGate Modem Interface is not visible under Device Manager.
800191 During the ZTP deployment, set hostname command does not push to FortiGate.
810936 After Upgrade, managed FortiAnalyzer on FortiManager does not display the Traffic logs under the Log View for HA devices.
812213 Default factory setting on FortiGate does not match with its default factory setting on FortiManager's DB. This causes status conflict if FortiGate is added to the FortiManager using the Add Model Device method.
820990 IPSec VPN deployment via ZTP creates some issues on the FortiGate routing.
828897 SD-WAN Monitor map doesn't load all devices.
830105 FortiManager attempts to install 1.0.0.0 as the remote-gw for all the phase1-interfaces when 2 or more IPsec phase1-interfaces have same remote-gw IP.
832599 When installing the config system snmp community settings to FortiGates, some of the entries are deleted.
842923 Auto-update fails to sync FortiManager's device DB when interfaces are modified directly in the root VDOM of the FortiGates.
853810 Failed to edit the managed devices to modify the location.
855425 System Template and CLI Template config did not install to all model device FortiGates.

859638

860071

 FortiManager's SD-WAN Monitor does not display the Health Check status correctly.
866243 The SD-WAN Monitor info for specific devices are not consistent with the map view SD-WAN interface status (based on performance SLA).
866247 Unable to change the static route "Description" section in the Device Manager without editing the static route.

870848

SD-WAN Monitor under Device Manager's Monitors tab does not display any FortiGate devices which are running in 6.2 version.
874831 FortiManager attempts to install unknown and undesired static route when modifying or adding some new static routes.

FortiSwitch Manager

Bug ID Description
784525 IPv4 options cannot be defined in a per-device VLAN.

Global ADOM

Bug ID Description

789164

Unable to delete the web rating override entries from ADOM Global Database.

826522

Unable to remove global object from Global Database in workspace mode.

Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs.

Others

Bug ID Description
707911 FortiManager should be able to assign VLAN interface to FortiExtender.
815875 After FortiManager's upgrade, device level status has been modified and Install preview shows that pdf-report and FortiView features will be enabled on the FortiGates, even if these have already been enabled on the FortiGates before.
827120 FortiManager HA failed to be established in FIPS mode.
870893 Unable to install pp to FortiGates, after FortiManager's DB got restored.
876425 FortiManager does not display the output of the execute dmserver showconfig command.

Policy and Objects

Bug ID

Description
716892 Exporting to "Excel/CSV" does not include the value for fields "Log & Last Modified By".
731961

When FortiManager is working in the workspace mode, the installation for those FortiManager with larger DB may take longer time to be completed.
738988 FortiManager does not detect the settings related to Web Cache Communication Protocol (WCCP) in SSLVPN Policies on the FortiGate.
742293 FortiManager, via ADOM 6.0, is not able to install set logtraffic all to proxy-policy with action deny.
795449 Unable to "Download Conflict File" to review the conflicts of firewall objects during import process.
814478 Once the normalized interface has been defined, FortiManager does not allow setting it to "None".
834401 Upgrading ADOMs do not complete if there are some empty values for "profile-type" and "utm-status".
835087 Policies cannot be edited as FortiManager displays a warning message, "Please select a SSL/SSH Inspection profile" in ADOM 6.2.
836783 FortiManager changes the use-metadata-iam value for the SDN connectors.

838648

"Rename objects to import" inconsistency with "datasrc duplicate" error.
841492 FortiManager unsets the system HA settings after pushing an unsuccessful installation Policy Package to FortiGates.
846222 Unable to perform the policy diff when both device and policy package are locked.
847932 Hit count for a policy package does not always match the total count of all installation targets.
863882 Last Modified Time field is empty when exporting Policy Packages to Excel.
870878 FortiManager's GUI does not display the color code or name for the selected color for objects once it is created.
882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".

Script

Bug ID

Description
795639 Any commands after the set secret command in the switch-controller custom-command configuration is displayed in a form of encrypted strings.

Services

Bug ID

Description
837942 In cascade mode, FortiManager as local FortiGaurd Server does not download IPS signature for extended database.

System Settings

Bug ID

Description
841782 In Workflow mode, admins are not able to click on the "Approve this request" received from the emails as it displays "Unable to complete action" or "Invalid adom name" error messages.
853353 SDWAN Monitor Map does not show up when admin profile has been set to "None" for System Settings.
864931 Unable to login into FortiManager using TACACS and Radius credentials.

868706

SSO admin users do not have the same permissions as local users with the same assigned profiles.

VPN Manager

Bug ID

Description
798995 It's not possible to delete an SSL VPN portal profile from the FortiManager GUI if the profile has already been installed.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references
872711

FortiManager 6.4.11 is no longer vulnerable to the following CVE-Reference:

  • CVE-2023-22642
Previous
Next

Resolved Issues

The following issues have been fixed in 6.4.11. To inquire about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

822525

FortiManager does not take the per device mapping authentication config for SSID under the WiFi Profiles.

Device Manager

Bug ID Description
751961 SD_WAN monitor does not show the selected time period properly and instead displays the results in "hours".
789249 FortiManager does not have Logging Options after enabling One-Arm Sniffer under Interface.
794764 FortiGate Modem Interface is not visible under Device Manager.
800191 During the ZTP deployment, set hostname command does not push to FortiGate.
810936 After Upgrade, managed FortiAnalyzer on FortiManager does not display the Traffic logs under the Log View for HA devices.
812213 Default factory setting on FortiGate does not match with its default factory setting on FortiManager's DB. This causes status conflict if FortiGate is added to the FortiManager using the Add Model Device method.
820990 IPSec VPN deployment via ZTP creates some issues on the FortiGate routing.
828897 SD-WAN Monitor map doesn't load all devices.
830105 FortiManager attempts to install 1.0.0.0 as the remote-gw for all the phase1-interfaces when 2 or more IPsec phase1-interfaces have same remote-gw IP.
832599 When installing the config system snmp community settings to FortiGates, some of the entries are deleted.
842923 Auto-update fails to sync FortiManager's device DB when interfaces are modified directly in the root VDOM of the FortiGates.
853810 Failed to edit the managed devices to modify the location.
855425 System Template and CLI Template config did not install to all model device FortiGates.

859638

860071

 FortiManager's SD-WAN Monitor does not display the Health Check status correctly.
866243 The SD-WAN Monitor info for specific devices are not consistent with the map view SD-WAN interface status (based on performance SLA).
866247 Unable to change the static route "Description" section in the Device Manager without editing the static route.

870848

SD-WAN Monitor under Device Manager's Monitors tab does not display any FortiGate devices which are running in 6.2 version.
874831 FortiManager attempts to install unknown and undesired static route when modifying or adding some new static routes.

FortiSwitch Manager

Bug ID Description
784525 IPv4 options cannot be defined in a per-device VLAN.

Global ADOM

Bug ID Description

789164

Unable to delete the web rating override entries from ADOM Global Database.

826522

Unable to remove global object from Global Database in workspace mode.

Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs.

Others

Bug ID Description
707911 FortiManager should be able to assign VLAN interface to FortiExtender.
815875 After FortiManager's upgrade, device level status has been modified and Install preview shows that pdf-report and FortiView features will be enabled on the FortiGates, even if these have already been enabled on the FortiGates before.
827120 FortiManager HA failed to be established in FIPS mode.
870893 Unable to install pp to FortiGates, after FortiManager's DB got restored.
876425 FortiManager does not display the output of the execute dmserver showconfig command.

Policy and Objects

Bug ID

Description
716892 Exporting to "Excel/CSV" does not include the value for fields "Log & Last Modified By".
731961

When FortiManager is working in the workspace mode, the installation for those FortiManager with larger DB may take longer time to be completed.
738988 FortiManager does not detect the settings related to Web Cache Communication Protocol (WCCP) in SSLVPN Policies on the FortiGate.
742293 FortiManager, via ADOM 6.0, is not able to install set logtraffic all to proxy-policy with action deny.
795449 Unable to "Download Conflict File" to review the conflicts of firewall objects during import process.
814478 Once the normalized interface has been defined, FortiManager does not allow setting it to "None".
834401 Upgrading ADOMs do not complete if there are some empty values for "profile-type" and "utm-status".
835087 Policies cannot be edited as FortiManager displays a warning message, "Please select a SSL/SSH Inspection profile" in ADOM 6.2.
836783 FortiManager changes the use-metadata-iam value for the SDN connectors.

838648

"Rename objects to import" inconsistency with "datasrc duplicate" error.
841492 FortiManager unsets the system HA settings after pushing an unsuccessful installation Policy Package to FortiGates.
846222 Unable to perform the policy diff when both device and policy package are locked.
847932 Hit count for a policy package does not always match the total count of all installation targets.
863882 Last Modified Time field is empty when exporting Policy Packages to Excel.
870878 FortiManager's GUI does not display the color code or name for the selected color for objects once it is created.
882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".

Script

Bug ID

Description
795639 Any commands after the set secret command in the switch-controller custom-command configuration is displayed in a form of encrypted strings.

Services

Bug ID

Description
837942 In cascade mode, FortiManager as local FortiGaurd Server does not download IPS signature for extended database.

System Settings

Bug ID

Description
841782 In Workflow mode, admins are not able to click on the "Approve this request" received from the emails as it displays "Unable to complete action" or "Invalid adom name" error messages.
853353 SDWAN Monitor Map does not show up when admin profile has been set to "None" for System Settings.
864931 Unable to login into FortiManager using TACACS and Radius credentials.

868706

SSO admin users do not have the same permissions as local users with the same assigned profiles.

VPN Manager

Bug ID

Description
798995 It's not possible to delete an SSL VPN portal profile from the FortiManager GUI if the profile has already been installed.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references
872711

FortiManager 6.4.11 is no longer vulnerable to the following CVE-Reference:

  • CVE-2023-22642
Previous
Next