Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Version 8.8.0

Ticket #

Description (8.8.0)

631164

Fortiguard IoT service

581244

Support for Jamf MDM for Apple devices including application information polling.

585369 Added RADIUS authentication support for HP J9729A and HP J8697A
599182 Added column for matching device profiling rule to the Adapter View
636385 Fixed Supplicant EasyConnect for Windows, macOS. It could not successfully create profiles or connect to the desired SSID.
625690 Fixed “Login” box being grey’d out on the Guest Self Registration page. This prevented user from being able to register after sponsor approval.

629260

Fixed communication issues between the NCM and pods

635285

Fixed issued where JAVA used 100% CPU and high memory

628958

Device Profile rule for Fortigate returned false positive matches

633909

Updated "bscftp" alias to connect to the correct location.

611585

Fixed issue with USB external adapter/dongle sharing between hosts. Agent technology can now be configured to remove adapters from the host record when the agent no longer detects the adapter connected.

Note: This function is disabled by default and cannot be enabled through the Administration UI. Contact Support for assistance.

633541

Fixed Adapter Panel > Show Fortigate Sessions not filtering to the selected adapter

631627

Fixed adding or modifying the Firewall Tag using the direct configuration. Previously, this would result in "HTTP 404 Not Found" error.

631249

Fixed incorrect modification of property file by .masterPropertyFile.

612340

Added new Device Profiling method called "FortiGuard" which pulls IoT device information from FortiGuard based on the MAC address. Also added new Device Profiler settings to configure FortiGuard IoT service if desired.

633364

Fixed Device Profiler DHCP method where attempting to match hostnames with 'D*' was matching with letter contained in any position.

629949

Fixed potential database corruption when using Device Profiling Rules after upgrade from 8.6 to 8.7

632387

Fixed NMAP Scan Results Shows Wrong IP Address

632457

Fixed Run Nmap scan dialog title does not update with the current IP

631629

Fixed Hosts > Scan Results view not displaying any information regardless of the filter used.

631135

Maximum Concurrent License Count incorrectly displayed a number greater than the licensed count (typically 4 more). This has been fixed.

554910

Added the ability to read VLAN-Pool from Meru WLC

625316

Added Access Point Management service to REST API. The service covers the System > Settings > Control > AccessPointManagement view.

620438

Added Quarantine service to REST API. The service covers the System > Settings > Control > Quarantine view.

630825

Fixed Adapter View not showing IP address of the host. This was affecting the ability to Device Profile rogue hosts.

601846 Disappearing SSID Tab
629263 Fixed potential NullPointerException error when "FortiGate" Method was used in Device Profiling Rule.This issue could cause the rule match to fail.
624144 FSSO Tag is added/removed constantly which toggles the applied firewall policy
624227 Added ability to make certain POST API calls to the NCM
627666 Included FortiNAC Agent 5.2.3 in FortiNAC installer
617431 Enhancements made to Nozomi integration
611216 Changed how vlans are read/write on Juniper Ex 3400 switches
611593 FortiGate modeling error with eight linked FortiSwitches
612336 Fixed issue where Host IP address information was not updated correctly after completing registration.This affects wireless hosts connecting to the FortiWiFi and FortiAP.
619347 Added the ability for FortiNAC to be configured to respond to traffic using the same interface it was received (policy based routing).Required for VPN integrations and static IP environments.This function is disabled by default and requires configuration via CLI.Refer to the applicable VPN integration guide or contact Support for assistance.
621277 "User does not have permission for this operation" error when attempting to Set Expiration on multiple users.
627343 Added Criticality column in SharedFilterReport
614344 Syslog parse error and null pointer exception with FGT Syslog connection updates
608823 Added the ability to profile devices with a custom commmand line script.
612467 Added "Criticality" Column to the host, user and network device view. Used to set criticality level information to send to FortiAnalyzer for reporting purposes.
618248 Added RADIUS Authentication supportfor Aruba JL256A and HP J9727A
614069 Unable to read VLANs on Cisco 9000 IOS-XE
614172 Support for Arista "switchport access" and "switchport trunk" modes
614171 Arista.mib login sequence
598661 SNMP bsnMobileStationDeleteAction Client Disconnect Not Supported on WLC C9800
612433 FortiGate Add/Move/Delete Syslog messages are not processed
608224 grab-log-snapshot sometimes doesn't gather the correct master_loader logs
609372 High cpu/load averages on control server
603302 Added SNMP option for reading VLANs for Extreme devices.Enabling this option can improve VLAN read times on switches that support dot1qPvid.
626009 Set Model Configuration view non-functional
592597 FortiNAC cannot L3 poll Fortigate FortiGate-201E v6.0.5,build0268,190507 (GA)
609641 Added "Rogue Evaluation Queue Size: NNN", "Details" button and "Flush" button to the Device Profiling Rules view to provide better visibility and control over the rogue evaluation queue.
614351 Fixed potential database corruption issue when using Device Profiling Rules with custom DHCP fingerprints.
611982 Meraki SSIDs are removed when they are set to disabled on the AP
615921 Security Fabric > REST API request to /api/v2/host/disable-by-mac returns HTTP status 403 (Forbidden)
609346 Bulk Device support via email mappings
617120 FortiNAC periodically does not gzip backup files on the Secondary HA Server.
618977 OutOfMemoryError caused by unpacking a fragmented NSTD_MSG_SYNC_GLOBAL_VIEW_REP packet
624908 Config Wizard not displaying UUID and eth0 MAC address
620852 DHCP Fingerprint additions and updates
614497 PODs are not synchronizing in NCM GUI
520795 Location Based Policy Not Matching Due to SSID Name Containing ":"
607069 Fixed NCM Endpoint Compliance Policy Syncing issues
608451 Fixed alarms failing to trigger over time when any alarm was configured with an event frequency of "0" events occurring within X hours.
623776 Under System Updates, if the SFTP protocol is selected, an error dialog will display when attempting to save or test with any names where SFTP access is no longer supported to download code.Other names or IP addresses can still be configured to use SFTP.
605485 Additional clean ups and expansions to the REST API
612106 DHCP fingerprinting on ETH1 interface is not working
606514 608202 Fixed connection issue between Control Manager and managed FortiNAC servers.Previously, this condition could cause the following behavior: - Management processes on the Control Manager to report "down" - Managed FortiNAC servers to stop processing RADIUS authentication packets
625759 Device Profiler errors on Active scan
586523 Fixed DNS behavior when system fails over in L3 High Availability configurations.Previously, the Secondary Server (in control) was replying to DNS inquiries with the Primary Server ETH1 IP address.This caused DNS resolution to fail for isolated hosts.
609013 FortiNAC is sending an incorrect serial number to FortiGate via CSF
618003 FortiNAC is replying with the wrong path to FortiGate via CSF
611540 Fixed Apply to Group drop down menu under SSO Agent options in the FortiGate model Elements tab.Previously, this menu was grayed out when the "Apply to Group" check box was selected.
617063 Uncompressed database backup replication to secondary causing 100% Disk usage
607953 Fixed DeviceImport tool throwing "Unable to parse line" exception when a blank line is encountered in the CSV.
608211 Admin Profile Manage Hosts and Ports setting not being saved
615996 Attempting to disable a host by IP Address using the REST API fails if the host is offline.
619028 API calls that result in a 4XX error returning a status message of "Success"
622104 Added Mac Address Exclusion Service to REST API
622034 Fixed files in /var/named/chroot/etc not replicating to the secondary properly
606802 PA Communication State flag reliability improvements
612701 Unable to access REST API URL /api/server with an Administrator user (ie root).
606532 Cannot export XML for Device Profiling rules
573085 Update REST API to run globally from the NCM vs. each pod
608203 Added Lockout Threshold and Duration for Admin user login for failed login attempts to the Administration UI.
608199 Device Profile Rules of type ONVIF throw status of 500 (Internal Server Error) on export to XML
612743 Changed default inactivity time in the Administration UI to 5 minutes
608520 Renamed "FortiGate Telemetry" to "Security Fabric Connection" in Settings view
609297 FortiNAC takes a long time to recognize when a FortiGate connection has closed
608551 Fixed Log Receiver Syslog Facility not displaying in the Settings view.
607526 AutoCompleteManager exceptions in catalina.out
608824 Added new methods to retrieve a HostRecord from an IP or MAC Address.
608458 Add Logical Network dialog - enter key closes view but does not create entry
604996 Fixed a bug which prevented setting the port in the WinRM method configuration of Device Profiling Rules.
603333 FixedHPE OfficeConnect 1950-48G VLAN change method.
5933780 FortiNAC now deletes the groups when the conference is either deleted automatically or when an admin deletes it.
601597 Fixed NullPointerException in tomcat-admin catalina.out when accessing Logs > Connections
605778 Fixed issue where Settings > Credential Configuration > Persistent Agent > RADIUS/LDAP used Local instead of LDAP. Previously, the Persistent Agent did not register hosts when this option was selected.
605036 Added Security Actions to System > Groups > In Use
601560 Changed the field Serial Number if FortiAnalyzer is selected as a type in Log Receivers.
605952 Fixed remove group methods in Role,RoleMapping and Profile
589236 Fixed sync issues with pods due to duplicate groups
606993 Fixed distribute of updates from NCM to pods. Previously, attempting to use the Distribute button in the NCM Administration UI would fail with a 500 error code.
607248 Fixed issue with VLAN reads and VLAN switching for Aruba SSeries DLink and HP WX Wireless
582519 Cisco C2600 routers with 16 port Ethernet card not reading VLANs or Updating MAC address information
579289 Cisco 2901 routers with 8 ethernet port cards do not update connection information after L2 poll
638344 Fixed firewall session polling.Previously, it was generating a null pointer exception in the master logs.
637327 Removed check for FortiAnalyzer serial number
637280 Added code to fix Device Profiling Rule rankings if corrupted
631121 Add Wired RADIUS integration with Aruba/HP 2900 series
612477 Changed the default value for "Collect Application Inventory" to false for new Endpoint Compliance Configurations.
635431 NCM Host view doesn't load properly for a pod in High Availability that has failed over.
606177 635285 JAVA use 100% CPU and high memory
633491 Fix Error when saving a TLS Service Configuration with "Automatically Update Ciphers And Protocols on Upgrade" set. The modify dialog would not open until after FortiNAC was restarted.
622827 Cisco devices with no defined VLANs fail to read L2 data with SNMP

Version 8.8.0

Ticket #

Description (8.8.0)

631164

Fortiguard IoT service

581244

Support for Jamf MDM for Apple devices including application information polling.

585369 Added RADIUS authentication support for HP J9729A and HP J8697A
599182 Added column for matching device profiling rule to the Adapter View
636385 Fixed Supplicant EasyConnect for Windows, macOS. It could not successfully create profiles or connect to the desired SSID.
625690 Fixed “Login” box being grey’d out on the Guest Self Registration page. This prevented user from being able to register after sponsor approval.

629260

Fixed communication issues between the NCM and pods

635285

Fixed issued where JAVA used 100% CPU and high memory

628958

Device Profile rule for Fortigate returned false positive matches

633909

Updated "bscftp" alias to connect to the correct location.

611585

Fixed issue with USB external adapter/dongle sharing between hosts. Agent technology can now be configured to remove adapters from the host record when the agent no longer detects the adapter connected.

Note: This function is disabled by default and cannot be enabled through the Administration UI. Contact Support for assistance.

633541

Fixed Adapter Panel > Show Fortigate Sessions not filtering to the selected adapter

631627

Fixed adding or modifying the Firewall Tag using the direct configuration. Previously, this would result in "HTTP 404 Not Found" error.

631249

Fixed incorrect modification of property file by .masterPropertyFile.

612340

Added new Device Profiling method called "FortiGuard" which pulls IoT device information from FortiGuard based on the MAC address. Also added new Device Profiler settings to configure FortiGuard IoT service if desired.

633364

Fixed Device Profiler DHCP method where attempting to match hostnames with 'D*' was matching with letter contained in any position.

629949

Fixed potential database corruption when using Device Profiling Rules after upgrade from 8.6 to 8.7

632387

Fixed NMAP Scan Results Shows Wrong IP Address

632457

Fixed Run Nmap scan dialog title does not update with the current IP

631629

Fixed Hosts > Scan Results view not displaying any information regardless of the filter used.

631135

Maximum Concurrent License Count incorrectly displayed a number greater than the licensed count (typically 4 more). This has been fixed.

554910

Added the ability to read VLAN-Pool from Meru WLC

625316

Added Access Point Management service to REST API. The service covers the System > Settings > Control > AccessPointManagement view.

620438

Added Quarantine service to REST API. The service covers the System > Settings > Control > Quarantine view.

630825

Fixed Adapter View not showing IP address of the host. This was affecting the ability to Device Profile rogue hosts.

601846 Disappearing SSID Tab
629263 Fixed potential NullPointerException error when "FortiGate" Method was used in Device Profiling Rule.This issue could cause the rule match to fail.
624144 FSSO Tag is added/removed constantly which toggles the applied firewall policy
624227 Added ability to make certain POST API calls to the NCM
627666 Included FortiNAC Agent 5.2.3 in FortiNAC installer
617431 Enhancements made to Nozomi integration
611216 Changed how vlans are read/write on Juniper Ex 3400 switches
611593 FortiGate modeling error with eight linked FortiSwitches
612336 Fixed issue where Host IP address information was not updated correctly after completing registration.This affects wireless hosts connecting to the FortiWiFi and FortiAP.
619347 Added the ability for FortiNAC to be configured to respond to traffic using the same interface it was received (policy based routing).Required for VPN integrations and static IP environments.This function is disabled by default and requires configuration via CLI.Refer to the applicable VPN integration guide or contact Support for assistance.
621277 "User does not have permission for this operation" error when attempting to Set Expiration on multiple users.
627343 Added Criticality column in SharedFilterReport
614344 Syslog parse error and null pointer exception with FGT Syslog connection updates
608823 Added the ability to profile devices with a custom commmand line script.
612467 Added "Criticality" Column to the host, user and network device view. Used to set criticality level information to send to FortiAnalyzer for reporting purposes.
618248 Added RADIUS Authentication supportfor Aruba JL256A and HP J9727A
614069 Unable to read VLANs on Cisco 9000 IOS-XE
614172 Support for Arista "switchport access" and "switchport trunk" modes
614171 Arista.mib login sequence
598661 SNMP bsnMobileStationDeleteAction Client Disconnect Not Supported on WLC C9800
612433 FortiGate Add/Move/Delete Syslog messages are not processed
608224 grab-log-snapshot sometimes doesn't gather the correct master_loader logs
609372 High cpu/load averages on control server
603302 Added SNMP option for reading VLANs for Extreme devices.Enabling this option can improve VLAN read times on switches that support dot1qPvid.
626009 Set Model Configuration view non-functional
592597 FortiNAC cannot L3 poll Fortigate FortiGate-201E v6.0.5,build0268,190507 (GA)
609641 Added "Rogue Evaluation Queue Size: NNN", "Details" button and "Flush" button to the Device Profiling Rules view to provide better visibility and control over the rogue evaluation queue.
614351 Fixed potential database corruption issue when using Device Profiling Rules with custom DHCP fingerprints.
611982 Meraki SSIDs are removed when they are set to disabled on the AP
615921 Security Fabric > REST API request to /api/v2/host/disable-by-mac returns HTTP status 403 (Forbidden)
609346 Bulk Device support via email mappings
617120 FortiNAC periodically does not gzip backup files on the Secondary HA Server.
618977 OutOfMemoryError caused by unpacking a fragmented NSTD_MSG_SYNC_GLOBAL_VIEW_REP packet
624908 Config Wizard not displaying UUID and eth0 MAC address
620852 DHCP Fingerprint additions and updates
614497 PODs are not synchronizing in NCM GUI
520795 Location Based Policy Not Matching Due to SSID Name Containing ":"
607069 Fixed NCM Endpoint Compliance Policy Syncing issues
608451 Fixed alarms failing to trigger over time when any alarm was configured with an event frequency of "0" events occurring within X hours.
623776 Under System Updates, if the SFTP protocol is selected, an error dialog will display when attempting to save or test with any names where SFTP access is no longer supported to download code.Other names or IP addresses can still be configured to use SFTP.
605485 Additional clean ups and expansions to the REST API
612106 DHCP fingerprinting on ETH1 interface is not working
606514 608202 Fixed connection issue between Control Manager and managed FortiNAC servers.Previously, this condition could cause the following behavior: - Management processes on the Control Manager to report "down" - Managed FortiNAC servers to stop processing RADIUS authentication packets
625759 Device Profiler errors on Active scan
586523 Fixed DNS behavior when system fails over in L3 High Availability configurations.Previously, the Secondary Server (in control) was replying to DNS inquiries with the Primary Server ETH1 IP address.This caused DNS resolution to fail for isolated hosts.
609013 FortiNAC is sending an incorrect serial number to FortiGate via CSF
618003 FortiNAC is replying with the wrong path to FortiGate via CSF
611540 Fixed Apply to Group drop down menu under SSO Agent options in the FortiGate model Elements tab.Previously, this menu was grayed out when the "Apply to Group" check box was selected.
617063 Uncompressed database backup replication to secondary causing 100% Disk usage
607953 Fixed DeviceImport tool throwing "Unable to parse line" exception when a blank line is encountered in the CSV.
608211 Admin Profile Manage Hosts and Ports setting not being saved
615996 Attempting to disable a host by IP Address using the REST API fails if the host is offline.
619028 API calls that result in a 4XX error returning a status message of "Success"
622104 Added Mac Address Exclusion Service to REST API
622034 Fixed files in /var/named/chroot/etc not replicating to the secondary properly
606802 PA Communication State flag reliability improvements
612701 Unable to access REST API URL /api/server with an Administrator user (ie root).
606532 Cannot export XML for Device Profiling rules
573085 Update REST API to run globally from the NCM vs. each pod
608203 Added Lockout Threshold and Duration for Admin user login for failed login attempts to the Administration UI.
608199 Device Profile Rules of type ONVIF throw status of 500 (Internal Server Error) on export to XML
612743 Changed default inactivity time in the Administration UI to 5 minutes
608520 Renamed "FortiGate Telemetry" to "Security Fabric Connection" in Settings view
609297 FortiNAC takes a long time to recognize when a FortiGate connection has closed
608551 Fixed Log Receiver Syslog Facility not displaying in the Settings view.
607526 AutoCompleteManager exceptions in catalina.out
608824 Added new methods to retrieve a HostRecord from an IP or MAC Address.
608458 Add Logical Network dialog - enter key closes view but does not create entry
604996 Fixed a bug which prevented setting the port in the WinRM method configuration of Device Profiling Rules.
603333 FixedHPE OfficeConnect 1950-48G VLAN change method.
5933780 FortiNAC now deletes the groups when the conference is either deleted automatically or when an admin deletes it.
601597 Fixed NullPointerException in tomcat-admin catalina.out when accessing Logs > Connections
605778 Fixed issue where Settings > Credential Configuration > Persistent Agent > RADIUS/LDAP used Local instead of LDAP. Previously, the Persistent Agent did not register hosts when this option was selected.
605036 Added Security Actions to System > Groups > In Use
601560 Changed the field Serial Number if FortiAnalyzer is selected as a type in Log Receivers.
605952 Fixed remove group methods in Role,RoleMapping and Profile
589236 Fixed sync issues with pods due to duplicate groups
606993 Fixed distribute of updates from NCM to pods. Previously, attempting to use the Distribute button in the NCM Administration UI would fail with a 500 error code.
607248 Fixed issue with VLAN reads and VLAN switching for Aruba SSeries DLink and HP WX Wireless
582519 Cisco C2600 routers with 16 port Ethernet card not reading VLANs or Updating MAC address information
579289 Cisco 2901 routers with 8 ethernet port cards do not update connection information after L2 poll
638344 Fixed firewall session polling.Previously, it was generating a null pointer exception in the master logs.
637327 Removed check for FortiAnalyzer serial number
637280 Added code to fix Device Profiling Rule rankings if corrupted
631121 Add Wired RADIUS integration with Aruba/HP 2900 series
612477 Changed the default value for "Collect Application Inventory" to false for new Endpoint Compliance Configurations.
635431 NCM Host view doesn't load properly for a pod in High Availability that has failed over.
606177 635285 JAVA use 100% CPU and high memory
633491 Fix Error when saving a TLS Service Configuration with "Automatically Update Ciphers And Protocols on Upgrade" set. The modify dialog would not open until after FortiNAC was restarted.
622827 Cisco devices with no defined VLANs fail to read L2 data with SNMP