Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Version 8.8.1

Ticket #

Description (8.8.1)

557253

520262

ARP entry for Virtual IP (VIP) is not updated after L2 High Availability failover.
588289 A single SSH/Telnet session is now used to read all VRFs on Passport VSP routers
588568 Container field only updates on a reconnect to the network
588911 Support for port-channel interfaces for Cisco switches.
594874 When modeling Cisco devices, if the firmware version is higher than what FNAC currently supports for mapping, the closest match will be used.
600359 Hosts registering using Anonymous Authentication do not change networks until the next L2 Poll occurs
614353 Debug value of "null" causes switch to not load rest of model configuration and affects radius
638109 Vulnerability Scanner integration with Tenable/Nessus not functioning due to new API with authentication changes
657943 Upgrade to JSch 1.55 broke Cisco Sx300 SSH
638810 Incomplete ARP(IP -> MAC) information when L3 polling FortiGates with multiple VDOMs.
640663 Add SSH/Telnet Port field in CLI Credentials
640852 Inaccurate L2 information when authentication is enabled on Alaxala switches
642039 FortiNAC sends RADIUS rejects when client connects to FortiSwitch managed by FortiGate.Connections to FortiAP managed by the same FortiGate are unaffected.
642810 Operating System Updates Fail On Application Server version 8.8+
644391 When attempting to disable a host record that does not exist in the FNAC database via API, FortiNAC will create the host record then disable it.Previously, the API attempt would fail.
644627 Clients connecting over VPN do not always get presented with the VPN context in Captive Portal
645990 Discovery Code should strip off domain names of .local when it creates a device
647181 Windows device profile not parsing correctly, causing a failed match
647193 Logging on a User does not trigger a VLAN Switch until a L2 Poll
647211 FNAC not sending user information to Palo Alto firewalls.This prevents User-ID information from appearing in the Palo Alto logs when integrated with FNAC.
647674 Voice VLAN tag being removed from Huawei hybrid switch port when changing data VLANs.
649946 Added 2 new REST Services:AgingService and LogReceiverService
649974 FGT returning the wrong ARP value when multiple found.
650225 Aruba IAP SSIDs are not preserved when failed to read SSIDs
650976 Added properties API calls to Network Device Service: api/v2/device - get currently set network device configurations api/v2/device - set device properties
651347 Local RADIUS MAC Authentication with no EAP accepts without further processing
651375

Cisco WS-C3850 not correctly mapping as hybrid wired/wireless device.

Note: This device model now appears in Topology as a wireless model since it can act as both a switch and wireless device.

651391 If FortiNAC is pending authorization in the Security Fabric, the FortiNAC icon now displays on FortiOS .Previously, it was a generic icon.
651461 Default RadiusAttributeGroups were being created without values if freeradius failed to install during upgrade to 8.8.
651470 Improved handling of Local RADIUS Settings and certificates if freeradius installation fails during upgrade to 8.8.
651846 Clients not properly disconnectingand switching VLANs on Aruba Wired Switches using RADIUS Authentication.This is due to FNAC not including the User-Name in the disconnect request.
652022 FNAC keeps disconnecting wired client using local RADIUS, and fails to convert wireless access value for CiscoWLC using redirect properties.
652156 FNAC not sending tag/group info via FSSO to FGT for non-root VDOMs.
652770 FNAC doesnt read sessions properly on some legacy Aruba WLC devices.
653342 Local Radius mode ignored on FortiGate
654510 The Remove Host and Adapters button doesnt work in the Locate View
655310 Administration UI produces 500 errors within advanced scan controls when attempting to manipulate security actions
655485 When Self Registration without a sponsor is configured to notify via SMS, the message includes"Sponsor: null"
655543 Fixed PEAP/EAP-TLS in Local RADIUS Server.
655609 Fixed Qualys vulnerability scanner integration
655801 Added Device Profiler Service to REST API (GET and POST for URL api/v2/settings/device/device-profiler).
655820 Includes agent 5.2.4
656100 Internal Server Error 500 pop-up when saving modified LDAP settings
656180 Device Profiling fails to match DHCP vendor class
656205 Increased max RADIUS attribute response value length from 64 to 253 characters.
656492 FortiGate 100F on FortiNAC 8.7.4 discovered as a FortiGate 100E
656763 FSSO tags were being sent to the wrong FGTs, mostly at startup, but also when no FGT could be found for an IP.
656769 Added new Fortinet Vendor Specific Attribute (VSA) Fortinet-Host-Port-AVPair 42 string
656978 Added API calls to limit registered hosts per user (GET and POST for URL api/v2/user/allowed-hosts).
656980 FortiNAC is not sending FSSO tags to the FortiGate
656981 Read Only admin can enable/disable an adapter
657392 Added radius.log to the files collected via grab-log-snapshot script.
657487 Add ElementInfoFactory logging to RadiusAccess
657735 Radius Accounting-Stop handling does not work.
657839 Error generated when synchronizing Control Manager (NCM) with PODs if a device profiler rule is configured for "Register as a Device in Host View and Topology"
657943 Upgrade to JSch 1.55 broke Cisco Sx300 SSH
657948 Local RADIUS fails with Null Pointer Exception when there's no Called-Station-Id Attribute sent.
658210 Access-Reject is sent when using the Local RADIUS Server with an Access-only supported device and no applicable access policy.
658219 RADIUS Mac Authentication (MAB - NO EAP) is not working
658531 If freeradius install is required on startup, it now occurs before RADIUS attribute groups would be created.
658621 Radius Acct Stop handling thread (RadiusDisconnectThread) exits unexpectedly
658882 Local RADIUS EAP Server Certificate isn't deployed when uploading with "Use private key of last CSR" option.
659364 FortiLink Local RADIUS not being processed, always Rejects
659410 Local RADIUS Auto-Registration not limited to 802.1x (which it should be)
659570 FortiGuard IoT Device Profiling method not working on hardware appliances.
661157 "attributeType is out of bounds" exceptions in output.master
661759 When using the Dissolvable Agent, errors in handling are reported as "Success" to the user.

0654133

0655540

Local RADIUS Test credentials not handled properly (PAP)

623528

623534

Brocade type 7(MOVE) trap is processed incorrectly & showArp table parsing issue

Version 8.8.1

Ticket #

Description (8.8.1)

557253

520262

ARP entry for Virtual IP (VIP) is not updated after L2 High Availability failover.
588289 A single SSH/Telnet session is now used to read all VRFs on Passport VSP routers
588568 Container field only updates on a reconnect to the network
588911 Support for port-channel interfaces for Cisco switches.
594874 When modeling Cisco devices, if the firmware version is higher than what FNAC currently supports for mapping, the closest match will be used.
600359 Hosts registering using Anonymous Authentication do not change networks until the next L2 Poll occurs
614353 Debug value of "null" causes switch to not load rest of model configuration and affects radius
638109 Vulnerability Scanner integration with Tenable/Nessus not functioning due to new API with authentication changes
657943 Upgrade to JSch 1.55 broke Cisco Sx300 SSH
638810 Incomplete ARP(IP -> MAC) information when L3 polling FortiGates with multiple VDOMs.
640663 Add SSH/Telnet Port field in CLI Credentials
640852 Inaccurate L2 information when authentication is enabled on Alaxala switches
642039 FortiNAC sends RADIUS rejects when client connects to FortiSwitch managed by FortiGate.Connections to FortiAP managed by the same FortiGate are unaffected.
642810 Operating System Updates Fail On Application Server version 8.8+
644391 When attempting to disable a host record that does not exist in the FNAC database via API, FortiNAC will create the host record then disable it.Previously, the API attempt would fail.
644627 Clients connecting over VPN do not always get presented with the VPN context in Captive Portal
645990 Discovery Code should strip off domain names of .local when it creates a device
647181 Windows device profile not parsing correctly, causing a failed match
647193 Logging on a User does not trigger a VLAN Switch until a L2 Poll
647211 FNAC not sending user information to Palo Alto firewalls.This prevents User-ID information from appearing in the Palo Alto logs when integrated with FNAC.
647674 Voice VLAN tag being removed from Huawei hybrid switch port when changing data VLANs.
649946 Added 2 new REST Services:AgingService and LogReceiverService
649974 FGT returning the wrong ARP value when multiple found.
650225 Aruba IAP SSIDs are not preserved when failed to read SSIDs
650976 Added properties API calls to Network Device Service: api/v2/device - get currently set network device configurations api/v2/device - set device properties
651347 Local RADIUS MAC Authentication with no EAP accepts without further processing
651375

Cisco WS-C3850 not correctly mapping as hybrid wired/wireless device.

Note: This device model now appears in Topology as a wireless model since it can act as both a switch and wireless device.

651391 If FortiNAC is pending authorization in the Security Fabric, the FortiNAC icon now displays on FortiOS .Previously, it was a generic icon.
651461 Default RadiusAttributeGroups were being created without values if freeradius failed to install during upgrade to 8.8.
651470 Improved handling of Local RADIUS Settings and certificates if freeradius installation fails during upgrade to 8.8.
651846 Clients not properly disconnectingand switching VLANs on Aruba Wired Switches using RADIUS Authentication.This is due to FNAC not including the User-Name in the disconnect request.
652022 FNAC keeps disconnecting wired client using local RADIUS, and fails to convert wireless access value for CiscoWLC using redirect properties.
652156 FNAC not sending tag/group info via FSSO to FGT for non-root VDOMs.
652770 FNAC doesnt read sessions properly on some legacy Aruba WLC devices.
653342 Local Radius mode ignored on FortiGate
654510 The Remove Host and Adapters button doesnt work in the Locate View
655310 Administration UI produces 500 errors within advanced scan controls when attempting to manipulate security actions
655485 When Self Registration without a sponsor is configured to notify via SMS, the message includes"Sponsor: null"
655543 Fixed PEAP/EAP-TLS in Local RADIUS Server.
655609 Fixed Qualys vulnerability scanner integration
655801 Added Device Profiler Service to REST API (GET and POST for URL api/v2/settings/device/device-profiler).
655820 Includes agent 5.2.4
656100 Internal Server Error 500 pop-up when saving modified LDAP settings
656180 Device Profiling fails to match DHCP vendor class
656205 Increased max RADIUS attribute response value length from 64 to 253 characters.
656492 FortiGate 100F on FortiNAC 8.7.4 discovered as a FortiGate 100E
656763 FSSO tags were being sent to the wrong FGTs, mostly at startup, but also when no FGT could be found for an IP.
656769 Added new Fortinet Vendor Specific Attribute (VSA) Fortinet-Host-Port-AVPair 42 string
656978 Added API calls to limit registered hosts per user (GET and POST for URL api/v2/user/allowed-hosts).
656980 FortiNAC is not sending FSSO tags to the FortiGate
656981 Read Only admin can enable/disable an adapter
657392 Added radius.log to the files collected via grab-log-snapshot script.
657487 Add ElementInfoFactory logging to RadiusAccess
657735 Radius Accounting-Stop handling does not work.
657839 Error generated when synchronizing Control Manager (NCM) with PODs if a device profiler rule is configured for "Register as a Device in Host View and Topology"
657943 Upgrade to JSch 1.55 broke Cisco Sx300 SSH
657948 Local RADIUS fails with Null Pointer Exception when there's no Called-Station-Id Attribute sent.
658210 Access-Reject is sent when using the Local RADIUS Server with an Access-only supported device and no applicable access policy.
658219 RADIUS Mac Authentication (MAB - NO EAP) is not working
658531 If freeradius install is required on startup, it now occurs before RADIUS attribute groups would be created.
658621 Radius Acct Stop handling thread (RadiusDisconnectThread) exits unexpectedly
658882 Local RADIUS EAP Server Certificate isn't deployed when uploading with "Use private key of last CSR" option.
659364 FortiLink Local RADIUS not being processed, always Rejects
659410 Local RADIUS Auto-Registration not limited to 802.1x (which it should be)
659570 FortiGuard IoT Device Profiling method not working on hardware appliances.
661157 "attributeType is out of bounds" exceptions in output.master
661759 When using the Dissolvable Agent, errors in handling are reported as "Success" to the user.

0654133

0655540

Local RADIUS Test credentials not handled properly (PAP)

623528

623534

Brocade type 7(MOVE) trap is processed incorrectly & showArp table parsing issue