Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Version 9.1.2

Ticket #

Description (9.1.2.0128)

725629 Unable to properly manage Aruba 9012 WLC due to incorrect mapping
677981 VPN Host FSSO tags not re-evaluated when host is disabled
704761 If the "Delete Hosts No Longer Managed By MDM" option is enabled, hosts that are managed by Jamf may be deleted incorrectly
518423 802.1x support for Aerohive SR2208P
522462 Trigger "System Created Uplink" Events for Learned and User created Uplinks
543215 The Native VLAN on Juniper EX switches is no longer used.Juniper does not use or recommend using native VLANS
594554 VLAN Switch Success Event and Alarm now contain the "from" and "to" VLAN information
607004 MAC spoofing events do not generate when two endpoints with the same MAC address reside on two different switches at the same time. For configuration instructions, refer to the Administration Guide.
611202 Added support to report the status of the connection to the FortiGate
624926 Select Form Fields layout are not consistant with other fields in the Captive Portal
640641 The Persistent Agent Summary dashboard panel does not display the correct number of agents in the MAC-OS-X column
642707 Model Configuration View not accepting VLAN names in the Quarantine field (only VLAN IDs)
659675 "Rogue Connected" and "Device Created" events now include location (switch/AP and port), IP address, and "Connected Container" information
665191 Unable to get list of Devices in a container when querying FortiNAC using REST API
671704 FortiGate VPN - Host is registered as a device with no "Registered To" information and with "NAC-Default" Role
671997 Juniper Flex-CLI needs to account for configure mode prompt
672391 Generate MAC Spoofing events when spoofing and spoofed machines are on the same switch. For configuration instructions, refer to the Administration Guide.
676196 Sorting by columns does not work in the Legal Documents view
677981 Improved multiple VDOM support for FortiGate VPN integrations.Previously, FortiNAC was unable to determine correct tags to apply to sessions
682525 Added support to register MicroSoft Intune clients with wired-only interfaces.Requires the FortiNAC agent. For details, refer to the MDM Integration reference manual
682625 ISO install now uses serial console for logging of VM builds.
684437 When validating credentials, SNMP V3 succeeds even if the encryption protocol is incorrect
685185 Support for duplicate userids in multiple AD servers
687183 NCM does not support RADIUS for admin user authentication
687874 Add build type field to version file, displayed version in GUI
689049 Unable to properly manage Dell Switch S4128T due to incorrect mapping
691918 Improved diagnostic tools in Administration UI for local radius/winbind services
693627 Generated REST API token is shown in logs
693628 Uploading a trusted certificate to the same target multiple times thorws an exception
695021 Added the ability to send FSSO information to the FortiGate even when the endpoint is not directly connected. Requires the Persistent Agent. For details, see section "Unknown Location Endpoint Management" of the FortiNAC Security Fabric Integration Guide in the Document Library.
696231 UI:Upgraded to Neutrino 1.0 library
696833 FortiNAC integration with FortiEMS:wrong API version used
697296 The Custom Ignored Adapters List (/bsc/campusMgr/master_loader/vendorCodes/ignoredAdapters.txt) is now added to System Backup
697937 Monitors are removed when any adapter is not found in the database, which can happen with virtual adapters
697994 VLAN Interface type Ports are Disabled on non-FortiGate devices
698090 Fortigate L3 polls do not support reading IPv6 arp data
698298 AP discovery not working for Extreme/Motrola Wing controllers on 7.X firmware
698728 Telnet/SSH to a FortiGate fail when post-login-banner is enabled
699077 Device Profiler - OUI method should take precedence over all other methods in a DPC Rule
699140 Radius port lookup fails on Nokia switch (Group ID 637)
699153 DeviceImport tool does not set the CLI credentials correctly on the created model
699606 A warning message now appears when attempting to install a legacy (NetworkSentry) license key using either the Administration UI or Configuration Wizard
700035 Minor formatting issue in dumpports password masking
700128 FortiGate model creation takes a long time.
700312 Vendor OUI update are in agent/templates repo
700577 DHCP rule re-validation not working
700580 When polling the Fortigate, if there are multiple ARP entries for the same MAC address, the newest entry may not be used
700580 Fortigate L3 Poller throws exceptions for static arp entries
700610 Kiosk Page is not loading
700973 FortiNAC changing native VLAN instead of access VLAN and disabling PoE on VLAN switch
700992 Only ASCII characters are supported in FSSO Groups and tags
701358 Attempting to disable a host in Host View without proper permissions locks table, stays grayed out
701378 All API requests to a FortiGate fail when the post-login-banner is enabled
701766 Nessus loader shutdown and was not restarted
701796 Extreme switches detected wrongly as stacked in certian circumstances
702091 PersistentAgent server is failing to add monitor failure results when the last interface in list from agent doesnt have an adapter in FortiNAC
702259 Hostname information collected from FortiGate firewall sessions is no longer used for updating rogue host records.The information was sometimes inaccurate
702584 Delay in Local RADIUS authentication of EAP-TLS hosts
702585 Local RADIUS TLS Config omits v1.1 and writes tls_min_version=1.2 in error
702597 Missing event def RADIUS_SERVICE_RESTARTED
702978 Security Fabric Service Connector loads wrong record on edit
702989 Mist Wireless AP Discovery does not remove rogue
703008 FortiNAC now skips processing EMS device records that are no longer managed by EMS ("is_managed" value set to false)
703033 Added ability to skip registering EMS devices to a user.For configuration instructions, refer to the EMS Integration reference manual
703342 Added Address and Address Group Objects for use in VDOMs
703771 High Availability view in Administration UI now populates with default values read from /bsc/campusMgr/bin/.networkConfig
704582 NCM Dashboard Server List link to pod is broken
704591 Legacy Hosts view - Auth Type and EAP Type columns not human readable
704601 Potential server startup deadlock
704603 Miscosoft InTune Azure authentication not working
704713 Proxy RADIUS not ignoring empty string for VDOM shared secret causing RADIUS authentication to fail
705017 Settings > System Communication >Incorrect help text for Message Templates
706684 Device Profiler unable to set IP range 10.0.*.1 - 10.0.*.254
706706 Inconsistent scanning with "Scan on Connect" when connecting via VPN
706757 When creating a Device Profiling Rule under the Adapter View, the "Add Device Profiling Rule" option does not default to the NAC-Default role
707107 Unable to save Device Profiling Rule with Network Traffic method
707166 When doing a quick search from Host View, if a host has multiple adapters that all match the search query, each Dynamic Client is displayed independently
707270 Cameras are not matching the device profiling rule for DHCP Fingerprint Type Camera
707291 Fixed CLI Credential timing issue during device modeling
707581 Configuring Monitors on a Scan may fail
707655 Under certain conditions, guest sponsors get multiple approval emails
707722 Added CLI Tool to read arp cache entries collected by FortiNAC.
708193 NumberFormatException and IndexOutOfBoundsException when deleting a Fortigate (especially with no dependent devices)
708194 Ruckus device integration throws exceptions when CLI credentials are missing
708197 NASClientManager.multiObjectRemoved throws ClassCastException
708247 UI:Fixed navigation list component with new themes in Neutrino 1.0
708342 Meraki MX "Validate Credentials" and "Test Device Mapping" not working
708670 Install.bin cleanup: Remove code that is no longer needed
708671 Resync interfaces scheduled task for modeled FortiGate causes FortiGate SSL VPN FSSO client logoff. Hibernate Exception when removing extended client attributes
709269 FortiGuard Device Profiling method is not available on the NCM
709278 Secondary Server in High Availability responds to RADIUS after Primary Server resumes control
709294 When using macOS browser to add FortiAnalyzer as a log receiver in the Administration UI: - Default port is now set to 514 - Ability to populate the Security string has been removed as it is no longer used
709318 SSH Known host keys can now be removed on-demand from the Credentials tab or automatically whenever a device is removed
709319 VPN integration code sends a VLAN-Switch to the Persistent Agent to inform it that its at risk.This leads to problems with Scan On Connect and unnecessary agent reconnection
709320 Device SSH keys didnt match /bsc/.ssh/known_hosts
709363 OS updates may fail due to i686 dependencies
709544 Eclipse environment error with non-jar ivy artifacts
709561 Passive Agent Policy group pull down does not show any AD groups if one of the AD servers is not reachable
709828 FortiNAC is using a default SSL certificate when connecting to FortiAnalyzer
709842 Improved reporting of the FortiAnalyzer connection state in output.master
709861 Added support for new API introduced in FortiGate/FOS version 7.x
709866 Fingerprint information not removed from database when host record is deleted
709868 Not Updating Rogue Host Name from DHCP Fingerprint
710058 ISO install is failing
710576 Additional data needed for FortiNAC CTAP reports
710646 Device Profiler Windows Profile method not working in HTTPS mode due to Command Line Too Long error
710971 Update MacAddressTable command to get RADIUS working for Huawei switch
711025 Removing an MDM service connector while there is poll in progress does not remove it
711510 PortLinkType not updated after resync interfaces
711696 Failure to switch VLANs on Cisco SG200-50 switches
712375 User/host profile does not match policy if Adapter information is used
712591 Changed wording for password configuration pop-up box in High Availability configuration for clarification.
712658 Network Inventory takes a long time to load
712887 Fixed issue that might cause Device Profiler custom rules to not match correctly
712889 Only primary interface is imported to FortiNAC when host has multiple adapters
712980 Fail to display interfaces on certain Extreme switch models due to unexpected port format
713591 NEC QX Switches are discovered as generic SNMP devices.
713629 System/Settings/System Communication/Email Settings > Test Email settings works but SendEmail tool doesnt
713870 Failing to read arp cache on H3C
713962 Added L3 Polling support for Versa router
714399 Unable to add Cisco switch to Topology due to a Null Pointer Exception during modeling
714692 Removed iOS and Android from the "Add Device Profiling Rule" view.
714702 Not reading L3 from all VDOMs on a FortiGate
714764 Added license key upload button in Configuration Wizard.
714768 Unable to properly manage Alcatel-Lucent Enterprise OS6860E-P24 due to incorrect mapping.
714808 Ruckus L2 poll does not work with Ruckus version 6.x due to API changes.
715251 When RadiusManager debug is enabled and an unknown RADIUS attribute is received, NullPointerException is printed and FortiNAC stops processing the request.
715418 Trap handler debug states incorrect method says it's calling linkDown when it's calling linkUp
716371 "IllegalArgumentException:Invalid IPv4 address" log messages.
716411 FSSO tags are not sent when host role changes.
716599 RADIUS packets are dropped at times of peak usage.
716897 System>Settings>Trap Mib Files throws exception and does not function
717813 FortiNAC sometimes uses shutdown / No shutdown port to disconnect wired RADIUS client instead of RADIUS CoA
718168 Added API call /api/v2/user/set-password with userID and password parameters to modify a local user's password
718402 UI:SvgIconInterface isn't being loaded properly during build
718783 FortiGate VPN failed to register for syslog and failed to login correct user if connection was lost without notification.
718802 Unable to collect host/user information from 6.4.3 EMS server.
718831 InTune group add causes database issues
719360 Unable to upgrade appliance if a legacy license Key is installed without Hot-Standby-Capable (High Availability).
719780 Catch All rule name inDevice Profiler is no longer modifiable.
720071 9.1 Online Help Generates 404 Error
720129 Upgrade to 9.x fails with "Unsupported group policy type java.util.ArrayList"
720360 Added FirmwareVersion attribute on the Aerohive SR22XX/Unifi switch models for 802.1x RADIUS CoA functionality
720439 RadiusManager property included in "radiusManager.properties" file
720467 FortiClient EMS integration:Added support for the mac_list property in the API
720471 Added cyber-blue MAC address 00:1A:7D:DA:71:15 to IgnoredAdapters.txt (Custom Ignored Adapters List)
721009 L3 polling of Viptela devices not working properly due to a missing property.
721566 Custom Scans Registry-Keys view produces an error
723851 DHCP Fingerprint for Mac OSX Bug Sur missing
725009 Imported LDAP group does not map to Administrators

716411

715316

Hosts at risk do not trigger network change with FortiGate VPN and FSSO device synchronization doesnt work properly with VDOMs.

717912

715316

Group Membership performance is too slow to handle load from policy engine

721743

715316

Solo Randomized WiFi adapters ignored by PA server, Agent-Local IPs being set on adapters.
  Potential NullPointerException when generating agent fingerprint event.

Version 9.1.2

Ticket #

Description (9.1.2.0128)

725629 Unable to properly manage Aruba 9012 WLC due to incorrect mapping
677981 VPN Host FSSO tags not re-evaluated when host is disabled
704761 If the "Delete Hosts No Longer Managed By MDM" option is enabled, hosts that are managed by Jamf may be deleted incorrectly
518423 802.1x support for Aerohive SR2208P
522462 Trigger "System Created Uplink" Events for Learned and User created Uplinks
543215 The Native VLAN on Juniper EX switches is no longer used.Juniper does not use or recommend using native VLANS
594554 VLAN Switch Success Event and Alarm now contain the "from" and "to" VLAN information
607004 MAC spoofing events do not generate when two endpoints with the same MAC address reside on two different switches at the same time. For configuration instructions, refer to the Administration Guide.
611202 Added support to report the status of the connection to the FortiGate
624926 Select Form Fields layout are not consistant with other fields in the Captive Portal
640641 The Persistent Agent Summary dashboard panel does not display the correct number of agents in the MAC-OS-X column
642707 Model Configuration View not accepting VLAN names in the Quarantine field (only VLAN IDs)
659675 "Rogue Connected" and "Device Created" events now include location (switch/AP and port), IP address, and "Connected Container" information
665191 Unable to get list of Devices in a container when querying FortiNAC using REST API
671704 FortiGate VPN - Host is registered as a device with no "Registered To" information and with "NAC-Default" Role
671997 Juniper Flex-CLI needs to account for configure mode prompt
672391 Generate MAC Spoofing events when spoofing and spoofed machines are on the same switch. For configuration instructions, refer to the Administration Guide.
676196 Sorting by columns does not work in the Legal Documents view
677981 Improved multiple VDOM support for FortiGate VPN integrations.Previously, FortiNAC was unable to determine correct tags to apply to sessions
682525 Added support to register MicroSoft Intune clients with wired-only interfaces.Requires the FortiNAC agent. For details, refer to the MDM Integration reference manual
682625 ISO install now uses serial console for logging of VM builds.
684437 When validating credentials, SNMP V3 succeeds even if the encryption protocol is incorrect
685185 Support for duplicate userids in multiple AD servers
687183 NCM does not support RADIUS for admin user authentication
687874 Add build type field to version file, displayed version in GUI
689049 Unable to properly manage Dell Switch S4128T due to incorrect mapping
691918 Improved diagnostic tools in Administration UI for local radius/winbind services
693627 Generated REST API token is shown in logs
693628 Uploading a trusted certificate to the same target multiple times thorws an exception
695021 Added the ability to send FSSO information to the FortiGate even when the endpoint is not directly connected. Requires the Persistent Agent. For details, see section "Unknown Location Endpoint Management" of the FortiNAC Security Fabric Integration Guide in the Document Library.
696231 UI:Upgraded to Neutrino 1.0 library
696833 FortiNAC integration with FortiEMS:wrong API version used
697296 The Custom Ignored Adapters List (/bsc/campusMgr/master_loader/vendorCodes/ignoredAdapters.txt) is now added to System Backup
697937 Monitors are removed when any adapter is not found in the database, which can happen with virtual adapters
697994 VLAN Interface type Ports are Disabled on non-FortiGate devices
698090 Fortigate L3 polls do not support reading IPv6 arp data
698298 AP discovery not working for Extreme/Motrola Wing controllers on 7.X firmware
698728 Telnet/SSH to a FortiGate fail when post-login-banner is enabled
699077 Device Profiler - OUI method should take precedence over all other methods in a DPC Rule
699140 Radius port lookup fails on Nokia switch (Group ID 637)
699153 DeviceImport tool does not set the CLI credentials correctly on the created model
699606 A warning message now appears when attempting to install a legacy (NetworkSentry) license key using either the Administration UI or Configuration Wizard
700035 Minor formatting issue in dumpports password masking
700128 FortiGate model creation takes a long time.
700312 Vendor OUI update are in agent/templates repo
700577 DHCP rule re-validation not working
700580 When polling the Fortigate, if there are multiple ARP entries for the same MAC address, the newest entry may not be used
700580 Fortigate L3 Poller throws exceptions for static arp entries
700610 Kiosk Page is not loading
700973 FortiNAC changing native VLAN instead of access VLAN and disabling PoE on VLAN switch
700992 Only ASCII characters are supported in FSSO Groups and tags
701358 Attempting to disable a host in Host View without proper permissions locks table, stays grayed out
701378 All API requests to a FortiGate fail when the post-login-banner is enabled
701766 Nessus loader shutdown and was not restarted
701796 Extreme switches detected wrongly as stacked in certian circumstances
702091 PersistentAgent server is failing to add monitor failure results when the last interface in list from agent doesnt have an adapter in FortiNAC
702259 Hostname information collected from FortiGate firewall sessions is no longer used for updating rogue host records.The information was sometimes inaccurate
702584 Delay in Local RADIUS authentication of EAP-TLS hosts
702585 Local RADIUS TLS Config omits v1.1 and writes tls_min_version=1.2 in error
702597 Missing event def RADIUS_SERVICE_RESTARTED
702978 Security Fabric Service Connector loads wrong record on edit
702989 Mist Wireless AP Discovery does not remove rogue
703008 FortiNAC now skips processing EMS device records that are no longer managed by EMS ("is_managed" value set to false)
703033 Added ability to skip registering EMS devices to a user.For configuration instructions, refer to the EMS Integration reference manual
703342 Added Address and Address Group Objects for use in VDOMs
703771 High Availability view in Administration UI now populates with default values read from /bsc/campusMgr/bin/.networkConfig
704582 NCM Dashboard Server List link to pod is broken
704591 Legacy Hosts view - Auth Type and EAP Type columns not human readable
704601 Potential server startup deadlock
704603 Miscosoft InTune Azure authentication not working
704713 Proxy RADIUS not ignoring empty string for VDOM shared secret causing RADIUS authentication to fail
705017 Settings > System Communication >Incorrect help text for Message Templates
706684 Device Profiler unable to set IP range 10.0.*.1 - 10.0.*.254
706706 Inconsistent scanning with "Scan on Connect" when connecting via VPN
706757 When creating a Device Profiling Rule under the Adapter View, the "Add Device Profiling Rule" option does not default to the NAC-Default role
707107 Unable to save Device Profiling Rule with Network Traffic method
707166 When doing a quick search from Host View, if a host has multiple adapters that all match the search query, each Dynamic Client is displayed independently
707270 Cameras are not matching the device profiling rule for DHCP Fingerprint Type Camera
707291 Fixed CLI Credential timing issue during device modeling
707581 Configuring Monitors on a Scan may fail
707655 Under certain conditions, guest sponsors get multiple approval emails
707722 Added CLI Tool to read arp cache entries collected by FortiNAC.
708193 NumberFormatException and IndexOutOfBoundsException when deleting a Fortigate (especially with no dependent devices)
708194 Ruckus device integration throws exceptions when CLI credentials are missing
708197 NASClientManager.multiObjectRemoved throws ClassCastException
708247 UI:Fixed navigation list component with new themes in Neutrino 1.0
708342 Meraki MX "Validate Credentials" and "Test Device Mapping" not working
708670 Install.bin cleanup: Remove code that is no longer needed
708671 Resync interfaces scheduled task for modeled FortiGate causes FortiGate SSL VPN FSSO client logoff. Hibernate Exception when removing extended client attributes
709269 FortiGuard Device Profiling method is not available on the NCM
709278 Secondary Server in High Availability responds to RADIUS after Primary Server resumes control
709294 When using macOS browser to add FortiAnalyzer as a log receiver in the Administration UI: - Default port is now set to 514 - Ability to populate the Security string has been removed as it is no longer used
709318 SSH Known host keys can now be removed on-demand from the Credentials tab or automatically whenever a device is removed
709319 VPN integration code sends a VLAN-Switch to the Persistent Agent to inform it that its at risk.This leads to problems with Scan On Connect and unnecessary agent reconnection
709320 Device SSH keys didnt match /bsc/.ssh/known_hosts
709363 OS updates may fail due to i686 dependencies
709544 Eclipse environment error with non-jar ivy artifacts
709561 Passive Agent Policy group pull down does not show any AD groups if one of the AD servers is not reachable
709828 FortiNAC is using a default SSL certificate when connecting to FortiAnalyzer
709842 Improved reporting of the FortiAnalyzer connection state in output.master
709861 Added support for new API introduced in FortiGate/FOS version 7.x
709866 Fingerprint information not removed from database when host record is deleted
709868 Not Updating Rogue Host Name from DHCP Fingerprint
710058 ISO install is failing
710576 Additional data needed for FortiNAC CTAP reports
710646 Device Profiler Windows Profile method not working in HTTPS mode due to Command Line Too Long error
710971 Update MacAddressTable command to get RADIUS working for Huawei switch
711025 Removing an MDM service connector while there is poll in progress does not remove it
711510 PortLinkType not updated after resync interfaces
711696 Failure to switch VLANs on Cisco SG200-50 switches
712375 User/host profile does not match policy if Adapter information is used
712591 Changed wording for password configuration pop-up box in High Availability configuration for clarification.
712658 Network Inventory takes a long time to load
712887 Fixed issue that might cause Device Profiler custom rules to not match correctly
712889 Only primary interface is imported to FortiNAC when host has multiple adapters
712980 Fail to display interfaces on certain Extreme switch models due to unexpected port format
713591 NEC QX Switches are discovered as generic SNMP devices.
713629 System/Settings/System Communication/Email Settings > Test Email settings works but SendEmail tool doesnt
713870 Failing to read arp cache on H3C
713962 Added L3 Polling support for Versa router
714399 Unable to add Cisco switch to Topology due to a Null Pointer Exception during modeling
714692 Removed iOS and Android from the "Add Device Profiling Rule" view.
714702 Not reading L3 from all VDOMs on a FortiGate
714764 Added license key upload button in Configuration Wizard.
714768 Unable to properly manage Alcatel-Lucent Enterprise OS6860E-P24 due to incorrect mapping.
714808 Ruckus L2 poll does not work with Ruckus version 6.x due to API changes.
715251 When RadiusManager debug is enabled and an unknown RADIUS attribute is received, NullPointerException is printed and FortiNAC stops processing the request.
715418 Trap handler debug states incorrect method says it's calling linkDown when it's calling linkUp
716371 "IllegalArgumentException:Invalid IPv4 address" log messages.
716411 FSSO tags are not sent when host role changes.
716599 RADIUS packets are dropped at times of peak usage.
716897 System>Settings>Trap Mib Files throws exception and does not function
717813 FortiNAC sometimes uses shutdown / No shutdown port to disconnect wired RADIUS client instead of RADIUS CoA
718168 Added API call /api/v2/user/set-password with userID and password parameters to modify a local user's password
718402 UI:SvgIconInterface isn't being loaded properly during build
718783 FortiGate VPN failed to register for syslog and failed to login correct user if connection was lost without notification.
718802 Unable to collect host/user information from 6.4.3 EMS server.
718831 InTune group add causes database issues
719360 Unable to upgrade appliance if a legacy license Key is installed without Hot-Standby-Capable (High Availability).
719780 Catch All rule name inDevice Profiler is no longer modifiable.
720071 9.1 Online Help Generates 404 Error
720129 Upgrade to 9.x fails with "Unsupported group policy type java.util.ArrayList"
720360 Added FirmwareVersion attribute on the Aerohive SR22XX/Unifi switch models for 802.1x RADIUS CoA functionality
720439 RadiusManager property included in "radiusManager.properties" file
720467 FortiClient EMS integration:Added support for the mac_list property in the API
720471 Added cyber-blue MAC address 00:1A:7D:DA:71:15 to IgnoredAdapters.txt (Custom Ignored Adapters List)
721009 L3 polling of Viptela devices not working properly due to a missing property.
721566 Custom Scans Registry-Keys view produces an error
723851 DHCP Fingerprint for Mac OSX Bug Sur missing
725009 Imported LDAP group does not map to Administrators

716411

715316

Hosts at risk do not trigger network change with FortiGate VPN and FSSO device synchronization doesnt work properly with VDOMs.

717912

715316

Group Membership performance is too slow to handle load from policy engine

721743

715316

Solo Randomized WiFi adapters ignored by PA server, Agent-Local IPs being set on adapters.
  Potential NullPointerException when generating agent fingerprint event.