Resolved Issues
The following issues have been fixed in 6.4.6. For inquires about a particular bug, please contact Customer Service & Support.
AP Manager
Bug ID | Description |
---|---|
590098 | When adding a new WTP profile,
FortiManager tries to set a default handoff-sta-thresh and unset radio bands,
which do not match the defaults for many of the E-series APs. |
591994 | AP region settings may be unset in Central Management mode. |
635643 | 5G channels may be mismatch between FortiManager and FortiGate for radio-1 and radio-2 with FAP-231E. |
648812 | DHCP server is incorrectly created for Bridge SSID. |
674636 | SSID may be empty in AP Manager > WiFi Profiles > SSID column. |
692911 | FortiManager may not be able to display correct information for wireless radio in wireless profile for FortiWiFi-80F-2R. |
706233 | FortiManager may not detect changes in AP Manager > SSID > Pre-shared Key Password and display the message No record found. |
712669 | FortiManager may set darrp as
enable on radio in monitor mode resulting in installation failure. |
Device Manager
Bug ID | Description |
---|---|
485037 | Monitor > Map View may fail if proxy is enabled. |
521976 | Users may not be able to enable CSV format within system template. |
544982 | Policy Package Status may become out-of-sync for all devices when adding one device to Install On. |
560444 | FortiManager may not set pmf to enable causing install to always fails with WPA3-SAE, WPA3-Enterprise, or
WPA3-SAE-Transition within 6.4 ADOM. |
594211 | FortiManager should be able to create new VLAN interface on fabric interface and install to FortiGate. |
603820 | FortiManager fails to import policy when reputation-minimum and reputation-direction are set. |
610585 | Device Manager cannot save DHCP for Unknown MAC address with action sets to block. |
624325 | Creating or editing transparent VDOM to disable may stuck at 20%. |
636357 | Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error. |
649260 | Device Manager may return an error when deleting VPN phase1. |
654611 | Under Advanced mode and within a VDOM, clicking Device Manager on the top menu returns the no permission error. |
658832 | FortiManager is unable to retrieve priority-members if outgoing interface is using the Manual strategy in SD-WAN rule. |
659387 | FortiManager should be able to provision CLI-template, SD-WAN-template, and Policy Package together to the model device. |
664120 | When FortiGate HA secondary unit is down, action is displayed as promote in Device Manager. |
665955 | FortiManager is not reflecting
proper admintimeout value in CLI only object. |
667738 | 667738 |
670535 | Install fails when creating a new DHCP reservation due to missing MAC address. |
672344 | If managed FortiAnalyzer is in HA, setting Send Logs to Managed FortiAnalyzer in the system template may cause install error. |
676002 | FortiManager is not allowing to re-install policy when user selects all devices with VDOMs from Device Manager. |
678495 | FortiManager VPN L2TP may prompt invalid ip range. |
680516 | Host Name is truncated when name has more than 31 characters. |
681627 | FortiManager is accepting DNS source IP even though it is not part of the available interfaces. |
683411 | FortiManager may not display a FortiGate under the Device Manager > Managed Devices. |
684372 | When using VDOMs, Policy Package status remains in modified status after using Push to device. |
684462 | FortiManager truncates the device configuration when downloading from View configuration option. |
684961 | Registration with NSX-T may fail with error: Register service failed. |
688541 | FortiManager should not unset
dynamic-vlan of wireless-controller VAP and gateway of router
settings after import. |
689014 | FortiManager may return an error when changing FortiGate device log configuration from FortiManager with management VDOM moved to another VDOM. |
690012 | Changing the value of a
meta-data field for a device should trigger the change with configuration
status. |
690566 | Changed to the Disclaimer Page may not be saved with error. |
692200 | FortiManager may return
conflict after a zero-touch-provisioning cluster deployment. |
692669 | Browser may display a message, A webpage is slowing down your browser, while checking revision difference. |
693622 | There may be inconsistent behavior between FortiGate and FortiManager when changing port speeds for FortiGate-3600E or FortiGate-3601E. |
696136 | Auto-link may fail caused by input device in SD-WAN. |
696496 | When Workspace is enabled, auto-link may fail. |
696576 | Explicit FTP proxy available certificates are not consistent with the ones available in the FortiGate. |
696848 | Users may not be able to
retrieve configuration or import policy from managed devices with dvmcore constantly crashing. |
697098 | Retrieving HA configuration may fail when adding FortiGate. |
697535 | Device Manager should not allow user to add ssl.root to a zone. |
697746 | FortiManager needs to support adding FortiAnalyzer with serial number that has prefix, FAVMXX, to FortiManager. |
697924 | When there are many devices, all managed FortiGates may show connection down state. |
698625 | FortiManager may not be able to view, add, or edit software switch members. |
698709 | When importing policies, firewall policies may not be loaded. |
699031 | FortiManager may display duplicated devices when Display Device/Group tree view is enabled in Workflow mode. |
699182 | FortiManager may fail to add FortiGate-101F as model device. |
699450 | SDWAN monitor is showing historical Traffic for interface which is down in defined Time period. |
701446 | SD-WAN monitor take several minutes to display map if device tunnel is flapping. |
702555 | FortiManager may lose device admin user and geo-location information during on board process with model device. |
702590 | The system template may stop being displayed on the Devices & Groups page. |
704197 | FortiManager may fail to create a FortiSwitch in a 6.0 ADOM. |
704789 | SD-WAN monitor is missing Health Check Status information and probes. |
705547 | Route monitor may shows incorrect interface information. |
706194 | When editing a model device and assignigning a Policy Package, clicking the OK button may not take effect. |
708937 | FortiManager may randomly updating the geographical coordinates of a FortiGate device. |
709302 | SD-WAN monitor search function on the table view does not actually search but highlight. |
710616 |
FortiManager may not be able to set HTTPS or SHH Port to a value higher than 63335 under Provisioning Templates. |
711034 | There may be issues to display meta data fields when creating or editing a device group. |
713267 | Searching for FortiGate name when editing a device group should display FortiGate device name with all the VDOMs. |
Bug ID |
Description |
---|---|
554251 |
A user may not be able to see the fabric topology of devices in the user's assigned ADOM. |
FortiSwitch Manager
Bug ID |
Description |
---|---|
667703 | After added FortiSwitch, running a script to provision may fail. |
676739 | FortiManager may not be possible to delete VLAN interfaces created by FortiSwitch Manager. |
690995 | FortiSwitch Manager should not install the auto-detected setting to FortiGate. |
700023 | Install may fail with
switch-controller managed-switch:poe-pre-standard-detection after upgrade. |
700136 | In FortiSwitch Manager, the Map to Normalized interface menu always displays none when editing a VLAN. |
706953 | Maximum one device entry can be found in device information column under FortiSwitch port. |
707909 | Template may be removed and Fortilink interface and comments fields may be empty. |
708901 | The assigned FortiSwitch template name that has more than sixteen characters may fail ADOM integrity check. |
713492 | In the per-device mapping of the VLANs in FortiSwitch Manager, the "Specify" for the gateway is not saved in the database. |
713553 | FortiSwitch Template flow counter interval value variance between 6.0 and 6.2 ADOMs. |
Global ADOM
Bug ID | Description |
---|---|
662216 | Where Used in Global ADOM may not show object usage in ADOM. |
689965 |
Replacement message type UTM is not being pushed from global ADOM to local ADOM. |
695782 | Connection to FortiGate may
fail with multiple fgfmsd crashes. |
Others
Bug ID |
Description |
---|---|
600490 | SD-WAN controller cannot load page when changing HTTPS to non default 443. |
667442 | FortiManager may not be able to connect to FortiGate CLI via SSH widget or execute TCL scripts. |
669191 | The fdssvd daemon may randomly
crash. |
673383 |
Should not allow installation of v6.0 policy package to v6.4 device. |
681625 | The svc cdb reader process may
crash during upgrade of ADOM. |
681707 | The diagnose cdb upgrade
check +all command may unset defmap-intf. |
682404 | The rtmmond process memory
usage may constantly increasing. |
683841 | FortiManager databases may randomly lose integrity. |
686460 | ADOM integrity check may run slowly and it takes several minutes to response for each ADOM. |
687155 | FortiManager should improve the error message for running CLI Template. |
688188 | HA re-transmission may not work and crash. |
690969 | The dmworker process may
consume high memory and CPU resources with failures due to busy handler. |
691568 | FortiManager GUI may randomly become non responsive. |
695549 |
_created timestamp is missing
in REST API return data for policy. |
697132 | In some occasions, FortiManager is not accessible until device is rebooted every couple of days. |
697361 | FortiExtender status may not be correctly displayed. |
704545 | When there are a lot of workflow sessions and users try to disable the workflow mode via GUI, FortiManager may stop responding. |
706516 | Securityconsole may crash when there are quotes around group name. |
715601 | Under some conditions, disk usage may reach 100% after a few days. |
Policy and Objects
Bug ID | Description |
---|---|
487186 | FortiManager may install a different local category ID to FortiGate causing conflict with custom URL rating list. |
587634 | FortiManager may not be able to create new wildcard FQDN type address to FortiGate 6.2. |
593072 | After a non-Super User deletes a device, super_user admin cannot edit zone or interface with the deleted device's dynamic mappings. |
617894 | FortiManager is missing IPV6 none values after modifying policy. |
630431 | Some application and filter overrides are not displayed on GUI. |
654172 | There may be webfilter local category ID mismatch between FortiManager and FortiGate causing incorrect action when using Custom URL List. |
659543 | FortiManager is not allowing reorder between Policy Blocks. |
672035 | There may be an error when importing AWS credential from FortiGate to FortiManager. |
673554 | FortiManager should not allow policy to set destination address with a Virtual Server when inspection-mode is set as flow. |
675501 | Policy check may show negative values. |
675509 | FortiManager may randomly set IPv4 IP Pool object to overload. |
683167 | Policy Package single entry change may impact all Policy Package Installation Targets status. |
684081 | Policy Check and Find Unused Policies may not work for FortiGate in Policy-Based mode. |
684728 | FortiManager and FortiGate should have equivalent filter list entries. |
686902 | FortiManager may not be able
to configure ipv4-split-exclude attribute via CLI Object. |
686962 | FortiManager is not allowed to rename application control profile. |
687460 | The same filter may behave differently between source address and destination address. |
687784 | FortiManager may not be able to add rule with ISDB object when a rule is created with add above or below option. |
688589 | Setting the Local Webfilter Category Action to Allow should not disable the action when installed on FortiGate. |
690269 | Newly imported Cisco ACI connector object does not appear for selection until browser is refreshed. |
690509 | FortiManager may fail to
install ACI-Direct connector to FortiGate due to server-list
command. |
692114 | Where Used returns no record found when IPS Custom Signature is being used. |
693763 | Saving address object may return error: firewall/address/organization : The data is invalid for selected url. |
694605 | FortiManager may not be able to push the entire Azure SDN Connector configuration. |
696072 | FortiManager GUI should allow users to configure HTTPS health check monitor including fields such as http-match and http-get in the monitor. |
700743 | Viewing Policy & Objects may be slower after upgrade. |
701290 | FortiManager should not allow users to create a wildcard FQDN address object with non-wildcard FQDN. |
702138 | NGFW security policy Application category Unknown applications is missing on FortiManager while it is present on FortiGate. |
702621 | When adding a remote usergroup with LDAP service unreachable, the Manually specify option is only available after a timeout. |
703639 | Installing a policy package for a device using CLI template may stall. |
704637 | Firewall policy and VIPs may get deleted on policy package installation. |
705025 | Find Unused Policies may report incorrect session data for security policy. |
706126 | The Find Unused Policies option may be missing in dual pane mode. |
707953 | IPS sensor may incorrectly set action to pass instead block when quarantine is set. |
708877 | FortiManager 6.0 ADOM should not allow users to set ISDB objects that are not supported on FortiOS 6.0. |
709435 | FortiManager may not be able to import existing Azure SDN Connector from FortiGate. |
711121 | Enabling FortiGuard Outbreak Prevention database does not match FortiGate's behavior. |
712150 | Search in Address may not work after upgrading to FortiManager to 6.4.5. |
712900 | When new folders are created and the default policy package is deleted, then the new policy package cannot be created. |
713216 | When policy package is large, there is slowness loading policy package, installing policy package, or viewing sessions revision diff in workflow mode. |
719104 |
FortiManager may not be able to select Internet Service group members when creating Internet Service group. |
Revision History
Bug ID | Description |
---|---|
638060 | Installing an existing revision or renaming a revision should be allowed in backup ADOM. |
657344 | Installing from 6.0 ADOM may try to unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2. |
664284 | FortiManager may not be able to configure SSH certificate. |
667148 | When a policy install is performed, Install preview shows a lot of firewall policies with metafield changes without any actual change been done. |
673101 | When set cfg-save manual is configured, FortiManager may try to delete objects that do not exist in the FortiGate configuration. |
675867 | The ssl-anomaly-log
configuration may be incorrectly pushed by FortiManager when installing 5.6 ADOM
policy to 6.0 FortiGate. |
677659 | FortiManager may fail to retrieve device configuration on web category with log threat-weight. |
679139 | When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios. |
683728 | Installation fail due to VIP mapped IP range error when installing v6.2 policy package to v6.4 device. |
685509 | FortiManager may unset
authmethod-remote causing install failure. |
686036 | FortiManager may remove allow access configurations for secondary IP when a policy package is installed. |
687769 | FortiManager may not be able
to set auto-asic-offload to disable. |
688474 | FortiManager may fail to
retrieve FortiGate configuration when adding device due to invalid data
source with wtp-profile . |
689270 | The following attributes under configs vpn ssl setting may have invalid range: login-attempt-limit, login-block-time, http-request-header-timeout, http-request-body-timeout and router bgp keep-alive-timer. |
691240 | FortiManager should not unset the value forward-error-correction with certain FortiGate platforms. |
691835 | FortiManager should be able to move one VLAN to a different zone without deleting many rules or zones. |
693225 | FortiManager may install unset inspection-mode to Footage 6.2 device in 6.0 ADOM. |
693231 | FortiManager tries to purge
webfilter ftgd-local-rating when directly referenced in URL Category of a
policy. |
694380 | Installation may fail when
set whitelist enable in ssl-ssh-profile is pushed to FortiGate
6.2 from a in 6.0 ADOM. |
697642 | Connecting unauthorized
FortiSwitch to a managed FortiGate may cause issues on FortiManager when
auto-update is disabled. |
698350 | Install may fail with error: [VPN manager ] failed to update vpn node with device info. |
700495 | FortiManager 6.2 ADOM may be sending set synproxy to FortiGate-1801F. |
701870 | Process may stall at 85% when pushing multiple policy packages from Global ADOM. |
709456 | FortiManager may be missing configuration revisions after performed HA failover. |
714173 | Policy package installation
from 6.2 ADOM changes cert-validation-timeout default value to block . |
715313 | FortiManager may not enable the option FortiGuard Category Based Filter after FortiManager is synchronized with FortiGate. |
Script
Bug ID |
Description |
---|---|
668947 | Changes using CLI Script may not be applied to devices in the container or folder. |
671998 | TCL scripts may not work when
ssh-kex-sha1 and ssh-mac-weak are not enabled on FortiGate. |
683208 | Importing CLI script should be highlighted by default. |
702576 | Objects may not present on the corresponding device configuration after running a script to rename objects. |
715305 | When changing system setting
opmode from nat to transparent via a script, FortiManager may return failure
to commit to database stating that there is no interface. |
715623 | Running a script on device database may not update Save status. |
Services
Bug ID |
Description |
---|---|
680857 | FortiExtender, FortiAP, or FortiSwitch upgrades can fail due to custom image being deleted during or after a failed upgrade. |
691738 | FortiManager may not be able to connect to FDS server via IPv6 proxy. |
694903 | Some firmware upgrade paths may have issues. |
695685 | FortiGate HA firmware upgrade may fail when both HA units need disk check. |
699768 | FortiManager should add 06002000NIDS02504 extend IPS database to default download list. |
701341 | FortiGuard Firmware Images may not show up-to-date FortiOS versions. |
704584 | FAP firmware may not be listed and cannot be imported. |
714596 | For web filter query, FortiManager should support category 9 mapping data. |
714787 |
FortiManager should have a |
System Settings
Bug ID |
Description |
---|---|
517964 | FortiManager may create incorrect certificate and it cannot be deleted. |
598194 | FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication. |
625683 | Changes made by ADOM upgrade may not update Last Modified date/time and user admin. |
635181 | FortiManager is unable to delete mail server with error message used displayed. |
637377 | If Manage Device Configurations is none in admin profile, user may not be able to see the interface in the policy. |
652417 | FortiManager HA may go out of synchronization periodically based on the logs. |
667284 | FortiManager should have better log message when aborting device upgrade. |
677528 | Address object search may not display the address group which contains the searched object within the group. |
684907 | Changing of FortiGuard Server Location in License Information Dashboard may not take any effect. |
686569 | Creating and deleting the static route may remove specific connected route. |
687223 | Users may not be able to
upgrade ADOM because of profile-protocol-options . |
688517 | Upgrading ADOM may fail due to FortiExtender Object. |
689917 | If a policy is configured with
a Proxy Options profile with HTTP Policy Redirect enabled, the ADOM upgrade
should enable the related option set http-policy-redirect enable
to preserve the HTTP redirect feature. |
690921 | ADOM upgrade from 6.0 to 6.2 should not add custom ssl-ssh-profile to policies which were not configured for SSL inspection. |
695058 | Radius response packets should not timeout with less of the remoteauthtimeout setting. |
695360 | ADOM upgrade may be slow and it may take several minutes to start. |
697082 | Schedule SCP backup may fail due to incorrect default port number. |
699185 | If Management Extension Applications (MEA) are enabled, all system settings may be lost after upgraded FortiManager. |
699253 | Admin profile should not need system level access to view list of time zones in Device Manager. |
700142 | FortiManager should allow user to configure more than eight hosts per SNMP community. |
704504 | License Information may keep loading for admin user with FortiGuard and System Settings with read-write permissions. |
705185 | ADOM upgrade may cause per device mapping of VLANs in FortiSwitch Manager change to 0. |
705762 | Session can be approved twice by different users of the same approval group. |
708939 | Dashboard is showing incorrect GB per day and device quota information when FortiManager is enabled. |
711446 |
Copy may fail due to invalid protocol options when both FortiGate and ADOM are upgraded to v6.2. |
713233 | FortiManager may fail to upgrade firmware resulting in cdbupgrade task error on console and process crashes. |
714210 | LDAP admin group search should be done with the service or administrator bind account. |
714635 | FortiManager backup file size may increasing gradually when IPS package get updated. |
VPN Manager
Bug ID | Description |
---|---|
681110 | VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate. |
695879 | Edit community may not be able to set VPN zone to off via GUI. |
697308 | VPN Manager is setting
dst-name to all when using dst-name object group address in protected subnet. |
701772 | AP may not show up in AP manager after running CLI templates. |
704614 | FortiManager may not be able to push policy package due to VPN related error. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
Bug ID | CVE references |
---|---|
672953 |
FortiManager 6.4.6 is no longer vulnerable to the following CVE-Reference:
|
716350 |
FortiManager 6.4.6 is no longer vulnerable to the following CVE-Reference:
|