Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Version 8.8.6

Ticket #

Description (8.8.6.1732)

546489 Configuration Wizard breaks DNS when no allowed zones are configured
554929 Mist AP MAC not formatted properly
583547 Chromebooks managed by GSuite MDM unable to get MDM registration portal page
586313 Topology view may generate error"Cannot read property 'length' of undefined".
592398 TLS 1.0 and TLS 1.1 for httpd and tomcat-admin are now disabled by default
598842 Log file exceptions generated when importing EMS clients with unexpected values returned.Client records with unexpected values will not be added to FortiNAC database.However, the exceptions will no longer be generated.
600145 CLI Configuration sending %macXX:XX:XX:XX:XX:XX% instead of real MAC address.
607004 MAC Spoofing events not generating as expected when two devices with the same MAC address connect to the network on different switches (same or different networks).
626004 Palo Alto Security Event Parser severity field value does not match Palo Alto event field value
642707 Model Configuration View not accepting names of VLANs in the Quarantine field
643102 Sponsor input type using LDAP Group shows members of group twice
649882 Host Based CLI Configuration timed out on AlaxalA switches
663707 Help Desk Users not able to add new user accounts
664989 Admin user unable to enable host with access/modify/delete permissions
665191 Unable to get list of Devices in a container using REST API
670821 L2 Polling now disabled by default for Meraki devices (they do not support L2 polling)
671841 Updated sourced based routing automated README verbiage
672703 Add support for Arista MAC Notification Traps
678261 FortiGate in Topology shows FortiSwitch as a rogue host connected to FortiLink port
680495 With None or Email selected for approval, no sponsor was associated with the Account Request
680529 Agent Download page values don't exist in VPN context.Page displays text such as "??agentDownload.downloadAgent??"
680769 FNAC doesnt initiate a CoA for Alcatel Omni6800 in Proxy Radius Mode.
681885 VLAN switching not working when different network policy is applied
682452 CLI credentials get removed in Ubiquiti WiFi model
684437 SNMP V3 success even if the encryption protocol is incorrect
684437 SNMPV3 Credentials NoSuchDatabaseObjectException
684738 Update server protocol now defaults to HTTPS instead of FTP
684738 VM Build / Install fails
685185 Support for duplicate userids in multiple AD servers
685725 Agent Scan configuration fails silently
689049 Dell Switch S4128T is not mapped correctly
692007 Local RADIUS uses wrong port/interface on FortiGate model with multiple FortiSwitches in Fortilink mode
692886 Persistent Agent Host connected over VPN gets generic Isolation error message
692886 When Persistent agent connects, it's allowed but a portal page is displayed saying user is not authorized.
692916 Install.bin may hang installing winbind during OS updates
693198 Scripts do not get uploaded for Custom scans for linux
693247 Local RADIUS loses NAS shared secrets on startup
693303 Host does not move to new SSID provisioned by Supplicant EasyConnect Policy
693520 FortiGate VPN ports were not shown in inventory and VPN session initiation is slow.
693662 Android mobile agent fails when trying to get configuration
693669 Improved Local RADIUS logging
693919 L3 Poll throws Null Pointer Exception when no community names are defined
693992 Model configuration view missing for Rugged Com devices
694398 Vendor OUI database not updating when Auto-Definition Scheduler task is run
694446 FSSO is not including directory groups for the logged on user
694461 Criticality doesnt show in filter summary for User-Host Profiles
694690 IP range discovery silently fails if max IP range is exceeded
694739 Improved logger level functionality so it can be set proactively
694846 Host record Owner value (Registered to) not updating properly in Google Gsuite integration
695021 FortiNAC can now send FSSO information to FortiGate when endpoints are not directly connected to it.
695052 In Self Registration Login Portal Configuration, setting the Sponsor Input Type as "Select" without a Default Sponsor defined gives a confusing error.
695413 FNAC doesnt process Mac Add/Delete Syslog events from FGT due to device name mismatch
695433 Unable to add a domain to Allowed Domains with a leading underscore.
695440 Changed Name of SNMP V3 AES from "TripleDES Key Extention" to "Cisco"
696278 tomcat-portal shows Error reports, including exposing line numbers / potentially source code.
696668 Admin UI should direct users to the config wizard when the appliance is unlicensed
696939 Changed mapping to support HPE1950 hybrid ports
697305 Proxy Radius throws exception when trying to log empty vendor-specific-attribute (VSA).
697636 logrotate permissions errors when run from cron for winbind and hotstandby logs
697994 The port status of non-ethernet ports is set incorrectly.Marked Admin Down.
697994 VLAN Interface type Ports are Disabled on non-FGT devices.
698066 Does not retry properly when the auth token expires for InTune API
698344 Corrected format for the default sponsor email in the tool tip.
698728 SSH Login Fails to FortiGate and Standalone Mode FortiSwitches with post-login-banner configured.
699077 Device Profiler - OUI method should take precedence over all other methods in a DPC Rule
699140 Nokia devices unable to authenticate to Local RADIUS server.
699153 DeviceImport tool does not set the CLI credentials correctly on the created model
699906 RADIUS requests resolve to wrong SSID in FortiGate duplicate-ssid mode
699919 High Availability:database stops replicating and no error is reported
700128 FGT model creation takes a long time.
700267 Cisco device implementation throws Null Pointer Exception.
700577 DHCP rule re-validation not working
700992 Added support for non-ASCII characters in FSSO groups and tags.
701045 Model configuration view missing components for several Cisco WLC devicess
701399 FortiNAC not reading all records when polling Fortinet EMS Server.
701766 Nessus loader shutdown and was not restarted
701796 Extreme switches detected wrongly as stacked in certian circumstances.
702091 Inaccurate scan results when using monitors for hosts with multiple adapters.
702584 Delay when authenticating EAP-TLS host(Local RADIUS Server mode)
702597 Missing event definition RADIUS_SERVICE_RESTARTED
702982 Added ability to access archived images and create new device types based on those images.
703008 FortiNAC no longer processes Fortinet EMS records for unmanaged endpoints.
703033 Added ability to skip registering to a user via properties for EMS integrations
703092 Potential Null Pointer Exception when generating agent fingerprint event.
703342 Added Address and Address Group Objects for use in VDOMs
703771 Enhancements to Settings > High Availability view
704713 FortiNAC not defaulting to device model shared secret when VDOM level shared secret is empty.
704761 Devices being incorrectly deleted in Jamf integrations
706684 Unable to set IP range 10.0.*.1 - 10.0.*.254in Device Profiler
706706 Scan on Connect when connecting via VPN will rarely scans .
706757 "Add Device Profiling Rule" does not default to role "NAC-Default"
707107 Unable to save rule with Network Traffic method in Device Profiler
707291 CLI Credential timing issue during device modeling caused switch model to be stuck in a locked state.
707581 Configuring Monitors on a Scan may fail
707655 Under certain conditions, guest sponsors get multiple approval emails
707722 Added CLI Tool to read arp cache entries collected by FNAC.
707944 The FNAC arp cache sometimes fails to update properly when IPs change for an adapter.
708197 NASClientManager.multiObjectRemoved throws ClassCastException
708670 Removed some statements that refer to CentOS 5 and code no longer needed in software installation package.
708671 Unexpected removal of FSSO tag (logoff) with Hibernate Exception in logs.Affects FortiGate SSL VPN clients.

0608757

0696649

0678261

Various problems exist in multi-VDOM FortiGate environments.

0675266

0675267

Self Registration guest portal view using LDAP Group option only filters on 1st word

0695323

0608757

FortiNAC rejects RADIUS requests in Local RADIUS Server mode from FortiGates using multiple VDOMs.

0702091

0697937

Monitors are removed when any adapter is not found in the database, which can happen with virtual adapters.

Version 8.8.6

Ticket #

Description (8.8.6.1732)

546489 Configuration Wizard breaks DNS when no allowed zones are configured
554929 Mist AP MAC not formatted properly
583547 Chromebooks managed by GSuite MDM unable to get MDM registration portal page
586313 Topology view may generate error"Cannot read property 'length' of undefined".
592398 TLS 1.0 and TLS 1.1 for httpd and tomcat-admin are now disabled by default
598842 Log file exceptions generated when importing EMS clients with unexpected values returned.Client records with unexpected values will not be added to FortiNAC database.However, the exceptions will no longer be generated.
600145 CLI Configuration sending %macXX:XX:XX:XX:XX:XX% instead of real MAC address.
607004 MAC Spoofing events not generating as expected when two devices with the same MAC address connect to the network on different switches (same or different networks).
626004 Palo Alto Security Event Parser severity field value does not match Palo Alto event field value
642707 Model Configuration View not accepting names of VLANs in the Quarantine field
643102 Sponsor input type using LDAP Group shows members of group twice
649882 Host Based CLI Configuration timed out on AlaxalA switches
663707 Help Desk Users not able to add new user accounts
664989 Admin user unable to enable host with access/modify/delete permissions
665191 Unable to get list of Devices in a container using REST API
670821 L2 Polling now disabled by default for Meraki devices (they do not support L2 polling)
671841 Updated sourced based routing automated README verbiage
672703 Add support for Arista MAC Notification Traps
678261 FortiGate in Topology shows FortiSwitch as a rogue host connected to FortiLink port
680495 With None or Email selected for approval, no sponsor was associated with the Account Request
680529 Agent Download page values don't exist in VPN context.Page displays text such as "??agentDownload.downloadAgent??"
680769 FNAC doesnt initiate a CoA for Alcatel Omni6800 in Proxy Radius Mode.
681885 VLAN switching not working when different network policy is applied
682452 CLI credentials get removed in Ubiquiti WiFi model
684437 SNMP V3 success even if the encryption protocol is incorrect
684437 SNMPV3 Credentials NoSuchDatabaseObjectException
684738 Update server protocol now defaults to HTTPS instead of FTP
684738 VM Build / Install fails
685185 Support for duplicate userids in multiple AD servers
685725 Agent Scan configuration fails silently
689049 Dell Switch S4128T is not mapped correctly
692007 Local RADIUS uses wrong port/interface on FortiGate model with multiple FortiSwitches in Fortilink mode
692886 Persistent Agent Host connected over VPN gets generic Isolation error message
692886 When Persistent agent connects, it's allowed but a portal page is displayed saying user is not authorized.
692916 Install.bin may hang installing winbind during OS updates
693198 Scripts do not get uploaded for Custom scans for linux
693247 Local RADIUS loses NAS shared secrets on startup
693303 Host does not move to new SSID provisioned by Supplicant EasyConnect Policy
693520 FortiGate VPN ports were not shown in inventory and VPN session initiation is slow.
693662 Android mobile agent fails when trying to get configuration
693669 Improved Local RADIUS logging
693919 L3 Poll throws Null Pointer Exception when no community names are defined
693992 Model configuration view missing for Rugged Com devices
694398 Vendor OUI database not updating when Auto-Definition Scheduler task is run
694446 FSSO is not including directory groups for the logged on user
694461 Criticality doesnt show in filter summary for User-Host Profiles
694690 IP range discovery silently fails if max IP range is exceeded
694739 Improved logger level functionality so it can be set proactively
694846 Host record Owner value (Registered to) not updating properly in Google Gsuite integration
695021 FortiNAC can now send FSSO information to FortiGate when endpoints are not directly connected to it.
695052 In Self Registration Login Portal Configuration, setting the Sponsor Input Type as "Select" without a Default Sponsor defined gives a confusing error.
695413 FNAC doesnt process Mac Add/Delete Syslog events from FGT due to device name mismatch
695433 Unable to add a domain to Allowed Domains with a leading underscore.
695440 Changed Name of SNMP V3 AES from "TripleDES Key Extention" to "Cisco"
696278 tomcat-portal shows Error reports, including exposing line numbers / potentially source code.
696668 Admin UI should direct users to the config wizard when the appliance is unlicensed
696939 Changed mapping to support HPE1950 hybrid ports
697305 Proxy Radius throws exception when trying to log empty vendor-specific-attribute (VSA).
697636 logrotate permissions errors when run from cron for winbind and hotstandby logs
697994 The port status of non-ethernet ports is set incorrectly.Marked Admin Down.
697994 VLAN Interface type Ports are Disabled on non-FGT devices.
698066 Does not retry properly when the auth token expires for InTune API
698344 Corrected format for the default sponsor email in the tool tip.
698728 SSH Login Fails to FortiGate and Standalone Mode FortiSwitches with post-login-banner configured.
699077 Device Profiler - OUI method should take precedence over all other methods in a DPC Rule
699140 Nokia devices unable to authenticate to Local RADIUS server.
699153 DeviceImport tool does not set the CLI credentials correctly on the created model
699906 RADIUS requests resolve to wrong SSID in FortiGate duplicate-ssid mode
699919 High Availability:database stops replicating and no error is reported
700128 FGT model creation takes a long time.
700267 Cisco device implementation throws Null Pointer Exception.
700577 DHCP rule re-validation not working
700992 Added support for non-ASCII characters in FSSO groups and tags.
701045 Model configuration view missing components for several Cisco WLC devicess
701399 FortiNAC not reading all records when polling Fortinet EMS Server.
701766 Nessus loader shutdown and was not restarted
701796 Extreme switches detected wrongly as stacked in certian circumstances.
702091 Inaccurate scan results when using monitors for hosts with multiple adapters.
702584 Delay when authenticating EAP-TLS host(Local RADIUS Server mode)
702597 Missing event definition RADIUS_SERVICE_RESTARTED
702982 Added ability to access archived images and create new device types based on those images.
703008 FortiNAC no longer processes Fortinet EMS records for unmanaged endpoints.
703033 Added ability to skip registering to a user via properties for EMS integrations
703092 Potential Null Pointer Exception when generating agent fingerprint event.
703342 Added Address and Address Group Objects for use in VDOMs
703771 Enhancements to Settings > High Availability view
704713 FortiNAC not defaulting to device model shared secret when VDOM level shared secret is empty.
704761 Devices being incorrectly deleted in Jamf integrations
706684 Unable to set IP range 10.0.*.1 - 10.0.*.254in Device Profiler
706706 Scan on Connect when connecting via VPN will rarely scans .
706757 "Add Device Profiling Rule" does not default to role "NAC-Default"
707107 Unable to save rule with Network Traffic method in Device Profiler
707291 CLI Credential timing issue during device modeling caused switch model to be stuck in a locked state.
707581 Configuring Monitors on a Scan may fail
707655 Under certain conditions, guest sponsors get multiple approval emails
707722 Added CLI Tool to read arp cache entries collected by FNAC.
707944 The FNAC arp cache sometimes fails to update properly when IPs change for an adapter.
708197 NASClientManager.multiObjectRemoved throws ClassCastException
708670 Removed some statements that refer to CentOS 5 and code no longer needed in software installation package.
708671 Unexpected removal of FSSO tag (logoff) with Hibernate Exception in logs.Affects FortiGate SSL VPN clients.

0608757

0696649

0678261

Various problems exist in multi-VDOM FortiGate environments.

0675266

0675267

Self Registration guest portal view using LDAP Group option only filters on 1st word

0695323

0608757

FortiNAC rejects RADIUS requests in Local RADIUS Server mode from FortiGates using multiple VDOMs.

0702091

0697937

Monitors are removed when any adapter is not found in the database, which can happen with virtual adapters.