Fortinet black logo

Version 9.1.3

Version 9.1.3

Ticket #

Description (9.1.3.0134)

650216 Unable to set firewall tags for PaloAlto model
666660 If a shared filter contains an exclamation point (!), a delete or edit silently fails
676232 Host with a disabled logged on user is not moved to dead end
684657

Improved the communication method between Control Manager (NCM) and pods by using REST API and certificate client authentication over HTTP

Requirements:

  • Manager must be installed with License key containing certificates (not required for pods). For more information see related KB article FD52784

  • Firewalls allow TCP port 8443 between Manager and pods

If the above requirements are not met, the Manager will use original communication methods

693625 REST API > Groups > Groups service does not check for usage across different configurations
700276 Added Contact Status Polling to Element tab for Link Mode FortiSwitches
705845 Searching groups by name in Roles and Network Device Roles views doesn't work
709965 Server List panel in Control Manager Dashboard takes several minutes to build
712678 Clicking on a user count in the User Summary Dashboard panel does not create a Filter when it opens Host View
712695 Could not log in with a password containing a plus (+) symbol
713181 Added Import button for uploading hosts from an external file
713259 Meraki Ports/Interface creation issue when the Group Policy name is assigned to Production Logical Networks
713505 Nokia switch port names do not contain switch name
723563 Event Alarm Mapping not adding host or event information to Email Action
724173 CoA not working on Fortigates with FortiLink switch, where secret is defined on the switch
724383 Intermittent failure polling clients connected to FortiSwitch in Link mode
724769 When choosing groups for a Role, the slide-in panel lists all groups instead of limiting to User and Host groups
725360 Fix potential ClassCastException in MibObject
725604 Hosts are automatically approved by the system when "Registrations Require Approval" is configured under "Standard User Registration Approval" in the Captive Portal
725746 Communication issues between Control Manager (NCM) and POD can cause Endpoint Compliance scan failures
725751 "Sync initiated" event added. Generated when a synchronization of servers by Control Manager has been triggered. Provides server IP, the user who triggered the sync and status.
725757 Scheduler Modify dialog, Next Scheduled Time validator doesn't accept new time format
725969 "System Error" balloon pop-up when creating roles
725972 Removed unnecessary startup RelationInterface message from output.master
726099 FSSO processing performance enhancements
726410 When a FortiLink Switch is renamed, the device and port model names in FNAC are not updated
726458 DPC rule does not revalidate upon connect for RADIUS clients ("Confirm Device Rule on Connect")
726678 Added custom Network Devices Admin Profile permission set to view/hide the device model Credentials tab
727066 Error dialog when setting device mapping to Generic SNMP using set device mapping option
727336 When collecting ARP information from ArubaOS WLC, the user table that contains the correct ARP entries is not being queried
727710 On upgrade from 8.8 to 9.1 or higher, the error "com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown table 'bsc.DatabaseAuditView'" may appear in the logs
728409 Hosts and Adapters views only show 999 Entries. The REST API is returning just the count of records in the current page.
728677 Local RADIUS Server fails to disconnect clients from Ruckus Virtual SmartZone (SZ) controller due to missing RADIUS attributes
728719 Add Device Profile Rule > Vendor OUI > Clicking Vendor OUI link results in HTTP 500 Error
729007 NullPointerException during V3 device creation via API when no v1 community strings provided
729585 Cisco ASA VPN clients not moved to the unrestricted group due to multiple values returned when reading object-group
730236 Failure to read SSID on Ubiquiti causes all SSID models to be removed
730601 Changing Endpoint Complaince scan causes agents to be rescanned even when monitors were not changed
730789 When wired clients are authenticated by the Local RADIUS Server, the default VLAN is returned. Network Access Policy look-up is skipped
730823 Multiple calls to edit a User Host Profile via the API results in failure after the first attempt
730892 VPN solution L2 polling process excessively long.
730908 Errors with secrets with special characters like %
730990 UI rendering for Authentication Policies/Configs tied to wrong permissions
731215 Added support to read L3 tables on Dell OS10 switches with VRFs configured
731633 SQL Exception is thrown during FortiNAC server startup
732229 Missing event and alarm definitions for ADMIN_PROFILE_MODIFICATION
732265 Aruba Controller model configuration view is not showing supported RADIUS controls
732340 dumpports does not show port IP address (requestString)
732580 Added "sar" output in grab-log-snapshot
732965 Local RADIUS Server functionality not working properly upon failover or recovery in High Availability configuration
733232 Unable to save private filters
733903 Setting Host Expiration field to "Never" resulted in inaccurate expiration dates (example 12/31/1969)
733969 Unable to poll Airwatch MDM hosts.Although MDM poll appears to complete, new registered hosts are not created
734792 API communication issues with FortiGate
734895 Unable to parse L2 table on Dell OS10 Switches
735444 All RuggedCom switch models are shown as RSG2300 in the Model Configuration views
735880 Versa switch property files not loaded correctly
736110 Excessive exceptions for DatabaseObjectAlreadyExistsException seen in logs
736465 MAC address label is hidden if the IP address field is disabled in the Game Register portal configuration
736501 Cisco ASA VPN users are not always unrestricted after connecting.
736553 Log format has changed to include the thread ID and to remove redundant timestamp in heartbeat messages
738093 ISO build missing bc package
738257 Improved user look-up method to handle the different userID formats when matching Network Access Policies based on user record criteria. Previously, this was seen to cause delays in responding to RADIUS Accepts in some environments.
738375 RADIUS processing performance issues when RadiusManager debug is enabled
738805 Unable to set SSH port on Device Credentials page. Effects customers upgraded to 9.1.2
739465 Removed Local RADIUS requirement that request must contain Service-Type=10(Call-check)
739674 Local RADIUS MAB & CHAP fixes
740034 Exception in RadiusManager with logging enabled.
740677 Backport of Model generation depends on updated Object Model

733892

733914

LicenseTool APPLIANCE shows EFFECTIVE count/level/certs if both are requested.
707284 VLAN ID and VLAN Name drop-down menu contents are now sorted in the Model Configuration View
714641 fortiGuardCB error in Device Profiling Rules view
732965 Local RADIUS not working properly upon failover and resume in a High Availability configuration
735553 CLI and Vlan switching not functioning for Allied and Rugged devices
739131 Replaced mysql-connector
739380 AirWatch does not retrieve all MAC addresses for enrolled devices
739674 Local RADIUS not working properly for MAC-address-based authentication (MAB) with generic/unknown devices (Moxa)
740723 Devices with VDOMs that specify Local RADIUS server/secret and use the Management IP - on restart the NAS DB tbl entry is removed
740749 Local RADIUS can only handle secrets of 60 characters or less
740962 Events on the Control Manager (NCM) to indicate synchronization of servers started and completed successfully or if there is a failure
741811 Update of Adapter IPs causes empty replaces of DYNAMIC table
741994 SSIDs added to groups with wrong type when added via SSID -> Group Membership preventing policy engine match on the group
742260 NullPointerException in DeviceServer.getVoiceVlans()
742261 NullPointerException in ProbeTelnet.getProbeObjectsByInetAddress()

Version 9.1.3

Ticket #

Description (9.1.3.0134)

650216 Unable to set firewall tags for PaloAlto model
666660 If a shared filter contains an exclamation point (!), a delete or edit silently fails
676232 Host with a disabled logged on user is not moved to dead end
684657

Improved the communication method between Control Manager (NCM) and pods by using REST API and certificate client authentication over HTTP

Requirements:

  • Manager must be installed with License key containing certificates (not required for pods). For more information see related KB article FD52784

  • Firewalls allow TCP port 8443 between Manager and pods

If the above requirements are not met, the Manager will use original communication methods

693625 REST API > Groups > Groups service does not check for usage across different configurations
700276 Added Contact Status Polling to Element tab for Link Mode FortiSwitches
705845 Searching groups by name in Roles and Network Device Roles views doesn't work
709965 Server List panel in Control Manager Dashboard takes several minutes to build
712678 Clicking on a user count in the User Summary Dashboard panel does not create a Filter when it opens Host View
712695 Could not log in with a password containing a plus (+) symbol
713181 Added Import button for uploading hosts from an external file
713259 Meraki Ports/Interface creation issue when the Group Policy name is assigned to Production Logical Networks
713505 Nokia switch port names do not contain switch name
723563 Event Alarm Mapping not adding host or event information to Email Action
724173 CoA not working on Fortigates with FortiLink switch, where secret is defined on the switch
724383 Intermittent failure polling clients connected to FortiSwitch in Link mode
724769 When choosing groups for a Role, the slide-in panel lists all groups instead of limiting to User and Host groups
725360 Fix potential ClassCastException in MibObject
725604 Hosts are automatically approved by the system when "Registrations Require Approval" is configured under "Standard User Registration Approval" in the Captive Portal
725746 Communication issues between Control Manager (NCM) and POD can cause Endpoint Compliance scan failures
725751 "Sync initiated" event added. Generated when a synchronization of servers by Control Manager has been triggered. Provides server IP, the user who triggered the sync and status.
725757 Scheduler Modify dialog, Next Scheduled Time validator doesn't accept new time format
725969 "System Error" balloon pop-up when creating roles
725972 Removed unnecessary startup RelationInterface message from output.master
726099 FSSO processing performance enhancements
726410 When a FortiLink Switch is renamed, the device and port model names in FNAC are not updated
726458 DPC rule does not revalidate upon connect for RADIUS clients ("Confirm Device Rule on Connect")
726678 Added custom Network Devices Admin Profile permission set to view/hide the device model Credentials tab
727066 Error dialog when setting device mapping to Generic SNMP using set device mapping option
727336 When collecting ARP information from ArubaOS WLC, the user table that contains the correct ARP entries is not being queried
727710 On upgrade from 8.8 to 9.1 or higher, the error "com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown table 'bsc.DatabaseAuditView'" may appear in the logs
728409 Hosts and Adapters views only show 999 Entries. The REST API is returning just the count of records in the current page.
728677 Local RADIUS Server fails to disconnect clients from Ruckus Virtual SmartZone (SZ) controller due to missing RADIUS attributes
728719 Add Device Profile Rule > Vendor OUI > Clicking Vendor OUI link results in HTTP 500 Error
729007 NullPointerException during V3 device creation via API when no v1 community strings provided
729585 Cisco ASA VPN clients not moved to the unrestricted group due to multiple values returned when reading object-group
730236 Failure to read SSID on Ubiquiti causes all SSID models to be removed
730601 Changing Endpoint Complaince scan causes agents to be rescanned even when monitors were not changed
730789 When wired clients are authenticated by the Local RADIUS Server, the default VLAN is returned. Network Access Policy look-up is skipped
730823 Multiple calls to edit a User Host Profile via the API results in failure after the first attempt
730892 VPN solution L2 polling process excessively long.
730908 Errors with secrets with special characters like %
730990 UI rendering for Authentication Policies/Configs tied to wrong permissions
731215 Added support to read L3 tables on Dell OS10 switches with VRFs configured
731633 SQL Exception is thrown during FortiNAC server startup
732229 Missing event and alarm definitions for ADMIN_PROFILE_MODIFICATION
732265 Aruba Controller model configuration view is not showing supported RADIUS controls
732340 dumpports does not show port IP address (requestString)
732580 Added "sar" output in grab-log-snapshot
732965 Local RADIUS Server functionality not working properly upon failover or recovery in High Availability configuration
733232 Unable to save private filters
733903 Setting Host Expiration field to "Never" resulted in inaccurate expiration dates (example 12/31/1969)
733969 Unable to poll Airwatch MDM hosts.Although MDM poll appears to complete, new registered hosts are not created
734792 API communication issues with FortiGate
734895 Unable to parse L2 table on Dell OS10 Switches
735444 All RuggedCom switch models are shown as RSG2300 in the Model Configuration views
735880 Versa switch property files not loaded correctly
736110 Excessive exceptions for DatabaseObjectAlreadyExistsException seen in logs
736465 MAC address label is hidden if the IP address field is disabled in the Game Register portal configuration
736501 Cisco ASA VPN users are not always unrestricted after connecting.
736553 Log format has changed to include the thread ID and to remove redundant timestamp in heartbeat messages
738093 ISO build missing bc package
738257 Improved user look-up method to handle the different userID formats when matching Network Access Policies based on user record criteria. Previously, this was seen to cause delays in responding to RADIUS Accepts in some environments.
738375 RADIUS processing performance issues when RadiusManager debug is enabled
738805 Unable to set SSH port on Device Credentials page. Effects customers upgraded to 9.1.2
739465 Removed Local RADIUS requirement that request must contain Service-Type=10(Call-check)
739674 Local RADIUS MAB & CHAP fixes
740034 Exception in RadiusManager with logging enabled.
740677 Backport of Model generation depends on updated Object Model

733892

733914

LicenseTool APPLIANCE shows EFFECTIVE count/level/certs if both are requested.
707284 VLAN ID and VLAN Name drop-down menu contents are now sorted in the Model Configuration View
714641 fortiGuardCB error in Device Profiling Rules view
732965 Local RADIUS not working properly upon failover and resume in a High Availability configuration
735553 CLI and Vlan switching not functioning for Allied and Rugged devices
739131 Replaced mysql-connector
739380 AirWatch does not retrieve all MAC addresses for enrolled devices
739674 Local RADIUS not working properly for MAC-address-based authentication (MAB) with generic/unknown devices (Moxa)
740723 Devices with VDOMs that specify Local RADIUS server/secret and use the Management IP - on restart the NAS DB tbl entry is removed
740749 Local RADIUS can only handle secrets of 60 characters or less
740962 Events on the Control Manager (NCM) to indicate synchronization of servers started and completed successfully or if there is a failure
741811 Update of Adapter IPs causes empty replaces of DYNAMIC table
741994 SSIDs added to groups with wrong type when added via SSID -> Group Membership preventing policy engine match on the group
742260 NullPointerException in DeviceServer.getVoiceVlans()
742261 NullPointerException in ProbeTelnet.getProbeObjectsByInetAddress()