Fortinet black logo

Known Issues version 9.1.8

Known Issues version 9.1.8

Ticket #

Description (9.1.8.0172)

883146

campusMgr restarting over and over

809769

HTML is not supported when using "Guest Account Details" message type template.

884077

Guests & Contractors | Modifying a Guest account with "Can view passwords:" permission disabled generates error.

874037

GUI > Users & Hosts > Host View > Quick Search - Unable to locate host by hyphen or no delimiter.

884414

Unable to switch VLANs manually in Port Properties for Aruba CX switch.

882265

FortiNAC is not sending the correct serial number field to FAZ.

811404 807309 Admin UI showing error "You do not have permission to access this page". Workaround: Restart tomcat-admin service.
866378

Custom Login using a Guest Self Registration account fails with error Registered Client Not Found.

875720

REST API v2 query for Scan Results returns no results.

869097

Prioritize the IP -> MAC value provided by RadiusServer for managed wireless clients.

867183

Unable to perform seamless failover of Aruba Controller with FortiNAC.

754346

Default filter used when selecting Port Changes for a specific device port does not work.

874812

Private VLAN switching is not working > Cisco switches.

686910 714219 Control Manager (NCM) communication issues when the NAC systems are connected through the WAN.For details see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-NCM-communication-issues-with-systems-across-WAN/ta-p/192434.

878059

Using Location that specifies a device will not work if that device is a FortiLinked FortiSwitch

834094 834089 845493 845505 When a sync is performed on the Network Control Manager, if an IO error occurs, global device profiling rules, global port groups and port group membership may be removed from the managed pod due to returning an empty list.
5889702 Analytics Agent continues to run after configuration is removed from the UI.For details and workaround, see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Manually-Remove-Analytics-Server/ta-p/208596.
849497 The FreeRADIUS service is restarted whenever a new network device is modeled even if local RADIUS is not enabled.
845930 When a managed pod is removed from the Network Control Manager, not all references to the previously managed pod are removed from the database. The result is a “Sync failed to replace xyz” error message when a sync is attempted.
845412 When a sync is performed on the Network Control Manager, modified group names are not synchronized to the managed pod.
845003 Unable to register hosts to usernames in format of an email address. An “Error – Failed to Save Host – null” message appears.
845000 Unable to add a new LDAP or local user account when the username is in the format of an email address. A “Failed to modify User” message appears.
842370 Radius will ignore incoming requests from a device if the Model Configuration or VDOM configuration does not specify a secret and local radius mode (and for a VDOM, additionally a Source IP address).
840796 InTune records without unique serial numbers can cause issues with FortiNAC's device lookups. Records are currently looked up via serial number first and MAC address second. Lookup order should be reversed.
838525 Configuring Remote Backup results in a "HTTP Status 500 – Internal Server" error.
836606 When polling GSuite, if communication times out part way through, the poll is still reported as successful even though not all records were obtained.
836435 Unable to read VLANs on Huawei 6508 WLC.
836146 radius.log file can grow too large if debug is left enabled.
835782 Applying a license key in the Configuration Wizard can result in a "HTTP Status 500 – Unable to compile class for JSP" error message.
835149 When an endpoint is registered as a device in Host AND Inventory/Topology, it is not possible to edit the host role. The option is available, but changes do not apply.
835143 When querying Microsoft Intunes network details, FortiNAC does not validate whether the response is successful. As a result, additional queries fail until the token is refreshed.
834461 All required radius CoA attributes are not sent to Ruckus controllers in a disconnect request.
833735 Host icons in the Inventory view are not updated until a Layer 2 poll occurs.
833327 Routes specifying an interface are no longer present after reboot or restart of processes.
833305 Guest account password is unmasked when printing badge even though admin user does not have password viewing permissions.
832313 Device integration does not handle CLI connections to infrastructure configured with keyboard-interactive password challenge.
830932 Entitlement Polling Success event is not listed as an option for triggering or clearing an Alarm Mapping.
830581 IP Phones will not match policy if host group membership is configured as a User/Host Profile requirement despite the phone being a member of the host group.
828912 MaaS360 MDM poll fails.
828242 Layer 3 polling Ruckus ICX7450 switches running 8.0.95g and later may result in fewer arp entries than expected.
828128 Unable to add Allowed Domains containing underscore symbols.
827870 When a FortiGate device model's IP address is changed in the Inventory view, add/delete/move syslog messages from the new IP address is discarded until FortiNAC services are restarted.
827283 Roaming Guest Logical Network missing from FortiGate Model Configuration.
826913 Creating a Network Device Role using Direct Configurations reverts to Logical Networks.
825436 IP addresses appended to network device names during discovery are truncated resulting in duplicate device and port names.
824088 Unable to update existing Registered Host records using Legacy View > Hosts > Import.
820160 Roles view is not available with a Base License.
818504 Linux Persistent Agent fails to install using the .deb package.
817040 FortiNAC Manager fails to connect to pods configured for L2 High Availabilty with a virtual IP.Manager is querying eth0 IP instead of Virtual IP.
816877 Profiled device icon does not match the icon assigned by Device Profiling Rule.
816451 When importing DHCP Scopes with spaces in the names, the Configuration Wizard Summary displays blank scope data.
815352 Logical network configuration mappings can return the wrong value when host is connected via more than one interface.
814631 %port% variable is reading port id rather than port number. Affects FlexCLI configurations.
814183 Unable to view all Certificate Details in the Certificate Management view.
813652 Security Alarms are not generating from Security Events.
811783 Links in the Persistent Agent Summary panel produce redundant results.
810574 Unable to scan message when using Dissolvable agent if scan configuration label contains non US-ASCII characters.
810209 Not all SSIDs are read from Aruba controllers.
808088 Alarms stop generating notifications. Affects environments with notifications configured for high frequency alarms.
806936 Importing Mist devices using the CLI deviceimport tool does not add the AP's to the proper groups.
806106 Juniper Change of Authorization (CoA) fails.
800255 Device Profiling IP Range Method does not include .255 when using wildcards.
793634 MDM Server Last Polled and Last Successful Poll information removed in 9.x.
792968 Legacy View for Users & Hosts > Hosts does not display items in tables. Workaround: Enter “*” (asterisk) in search field.
791751 Host Import - importing same file twice results in "null" error and exception in logs.
791442 Able to delete a Portal Configuration which is in use by a Portal Policy. Removal is done without warning the user.
784543 403 error is displayed when sending an email from Guests and Contractors view.Affects FortiNAC admins with limited permissions. Workaround: Enable portal policy permissions in the admin profile.
783304 DHCP responds with unexpected addresses in the DHCP-Server-Identifier attribute.This causes release/renew to fail.Affects appliances configured for seperate isolation networks (Registration, Remediation, DeadEnd, etc).
780312 FortiNAC does not integrate with Azure Active Directory due to SAML connection requirements.
776077 Local Radius to Winbind connection cannot be secured at this time.
774048 L2 HA + VIP Pairing Process Failing.Configuration completes but leaves both appliances in a "processes down" state. Workaround: Reboot appliances.
773088 No VLAN Information for Adtran NetVanta 1638.
770091 Port changes/VLAN assignments made using local RADIUS are not being logged as port changes.
769014 Generate Password Error is displayed when adding new Guest/Contractor account. For details and workaround see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Generate-Password-Error-when-adding-new-Guest/ta-p/209272.
767548 Register Game system with Host Inventory success page is not working.
766850 Landing page defined by an Admin profile is not honored. User with that Admin Profile is presented with the FortiNAC Dashboard instead. Workaround: Manually browse to intended landing page.
765172 Configuration Wizard does not check whether user input subnet masks are valid.
762704 After clicking the 'restart services' button when applying SSL certificates to the Admin UI Certificate Target, the prompt does not clear and there is no confirmation dialogue (even though it was successful). Clicking the 'restart services' button again generates an error.
761745 Mist AP - Port Connection State NOT WAP Uplink.
760926 Removal/Addition of LDAP model can cause user attribute synchronization issues. For details and workaround see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Removal-Addition-of-LDAP-model-can-cause-user/ta-p/209296.
754346 Selecting Port Changes under the Ports tab of a specific device in Network > Inventory does not display expected results. For details and workaround, see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Default-filter-for-Port-Changes-does-not-populate/ta-p/209297.
752538 When in the Users & Hosts > Applications view, selecting an application and clicking the Show Hosts option displays a page that does not provide accurately filtered results. Workaround: Navigate Users & Hosts > Hosts and create a custom filter to list hosts associated to an application.
747921 Portal renaming does not rename the associated CSS files.
733943 Using "Set Model Config" for multiple Meraki wired devices can change Serial number to all be the same. It is recommended that edits to the device model are done on an individual basis as opposed to in bulk. There is no current workaround.
730181 Custom reporting and Archive options are not available.
726333 Entitlements (such as concurrent licenses) for Subscription Licenses are not accurately reflected in the Administration UI License Management view and only show Base licenses. Workaround: Use the License Information panel in the Dashboard instead.
710583 L2 Polling Mist APs can result in more API requests than Mist allows per hour.
708936 FortiNAC will logoff SSO for sessions that remain connected to a managed FortiGate IPSec VPN tunnel after 12 hours.
708720 Policy evaluation may not be triggered after a host status update in Microsoft InTune. This can prevent the host from being moved to the proper network. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Policy-evaluation-not-triggered-after-Microsoft/ta-p/203843.
699106 After a reboot, FortiNAC may change the Native VLAN on a wired switch port following a layer 2 poll. This may cause issues for ip phones should they connect to a port where the native/default VLAN isn't the correct VLAN.
695435 FortiEDR is currently not supported. If required, contact sales or open a support ticket to submit a New Feature Request (NFR).
694407 Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being detected by the agent. This causes hosts running CrowdStrike Falcon to incorrectly fail scans. For details and workaround, see related KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Linux-hosts-running-CrowdStrike-Falcon/ta-p/202694.
682438 Page Unresponsive' error when exporting hosts. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Page-Unresponsive-error-when-exporting-hosts/ta-p/193878.
674438 Processes Scan Type option is not available when creating custom scans for macOS systems.
641036 Multi-factor authentication (MFA) for the Administration GUI login is currently not supported.
631115 Only 50000 records display in Adapter and Host Views.Example:Adapters - Displayed: 50000Total: 57500
Not all models of all network devices can be configured to perform Physical MAC Address Filtering even though the Admin UI indicates that the configuration can be set. Resolution: Hosts can be disabled by implementing a Dead-end VLAN.
For Portal v2 configurations, web pages that are stored in the site directory to be used for Scan Configurations will not be included when you do an Export of the Portal v2 configuration. Resolution: The files in the site directory are backed up with the Remote Backup feature, but otherwise keep a copy of these files in a safe place.
In a Layer 3 High Availability (HA) environment, configWizard must have a DHCP scope defined. Running configWizard without a DHCP scope can cause a failover.
On FortiNAC appliances with CentOS 7, duplicate log messages may appear in dhcpd.log for each sub interface (eth1, eth1:1, eth1:2, etc).
Only English versions of AV/AS and their corresponding definitions are supported.
Anti-Virus product Iolo technologies System Mechanic Professional is currently not supported.
Sophos UTM is currently not supported.
860206 Polling threads get locked when communications are terminated unexpectedly from the NCM
861201 Windows 11 Domain Check
856192 FNAC FSSO does not send required groups to FGT.
855891 FSSO failing to send to FGT for hosts with PA
852670 AP showing up as learned uplink not WAP Uplink
770974 Event to Alarm mappings failing for Clear on Event criteria
809769 HTML is not supported when using "Guest Account Details" message type template
845505 Manager (NCM) not properly synchronizing nested Global Groups
845493 Manager (NCM) not properly synchronizing nested Global Groups

Known Issues version 9.1.8

Ticket #

Description (9.1.8.0172)

883146

campusMgr restarting over and over

809769

HTML is not supported when using "Guest Account Details" message type template.

884077

Guests & Contractors | Modifying a Guest account with "Can view passwords:" permission disabled generates error.

874037

GUI > Users & Hosts > Host View > Quick Search - Unable to locate host by hyphen or no delimiter.

884414

Unable to switch VLANs manually in Port Properties for Aruba CX switch.

882265

FortiNAC is not sending the correct serial number field to FAZ.

811404 807309 Admin UI showing error "You do not have permission to access this page". Workaround: Restart tomcat-admin service.
866378

Custom Login using a Guest Self Registration account fails with error Registered Client Not Found.

875720

REST API v2 query for Scan Results returns no results.

869097

Prioritize the IP -> MAC value provided by RadiusServer for managed wireless clients.

867183

Unable to perform seamless failover of Aruba Controller with FortiNAC.

754346

Default filter used when selecting Port Changes for a specific device port does not work.

874812

Private VLAN switching is not working > Cisco switches.

686910 714219 Control Manager (NCM) communication issues when the NAC systems are connected through the WAN.For details see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-NCM-communication-issues-with-systems-across-WAN/ta-p/192434.

878059

Using Location that specifies a device will not work if that device is a FortiLinked FortiSwitch

834094 834089 845493 845505 When a sync is performed on the Network Control Manager, if an IO error occurs, global device profiling rules, global port groups and port group membership may be removed from the managed pod due to returning an empty list.
5889702 Analytics Agent continues to run after configuration is removed from the UI.For details and workaround, see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Manually-Remove-Analytics-Server/ta-p/208596.
849497 The FreeRADIUS service is restarted whenever a new network device is modeled even if local RADIUS is not enabled.
845930 When a managed pod is removed from the Network Control Manager, not all references to the previously managed pod are removed from the database. The result is a “Sync failed to replace xyz” error message when a sync is attempted.
845412 When a sync is performed on the Network Control Manager, modified group names are not synchronized to the managed pod.
845003 Unable to register hosts to usernames in format of an email address. An “Error – Failed to Save Host – null” message appears.
845000 Unable to add a new LDAP or local user account when the username is in the format of an email address. A “Failed to modify User” message appears.
842370 Radius will ignore incoming requests from a device if the Model Configuration or VDOM configuration does not specify a secret and local radius mode (and for a VDOM, additionally a Source IP address).
840796 InTune records without unique serial numbers can cause issues with FortiNAC's device lookups. Records are currently looked up via serial number first and MAC address second. Lookup order should be reversed.
838525 Configuring Remote Backup results in a "HTTP Status 500 – Internal Server" error.
836606 When polling GSuite, if communication times out part way through, the poll is still reported as successful even though not all records were obtained.
836435 Unable to read VLANs on Huawei 6508 WLC.
836146 radius.log file can grow too large if debug is left enabled.
835782 Applying a license key in the Configuration Wizard can result in a "HTTP Status 500 – Unable to compile class for JSP" error message.
835149 When an endpoint is registered as a device in Host AND Inventory/Topology, it is not possible to edit the host role. The option is available, but changes do not apply.
835143 When querying Microsoft Intunes network details, FortiNAC does not validate whether the response is successful. As a result, additional queries fail until the token is refreshed.
834461 All required radius CoA attributes are not sent to Ruckus controllers in a disconnect request.
833735 Host icons in the Inventory view are not updated until a Layer 2 poll occurs.
833327 Routes specifying an interface are no longer present after reboot or restart of processes.
833305 Guest account password is unmasked when printing badge even though admin user does not have password viewing permissions.
832313 Device integration does not handle CLI connections to infrastructure configured with keyboard-interactive password challenge.
830932 Entitlement Polling Success event is not listed as an option for triggering or clearing an Alarm Mapping.
830581 IP Phones will not match policy if host group membership is configured as a User/Host Profile requirement despite the phone being a member of the host group.
828912 MaaS360 MDM poll fails.
828242 Layer 3 polling Ruckus ICX7450 switches running 8.0.95g and later may result in fewer arp entries than expected.
828128 Unable to add Allowed Domains containing underscore symbols.
827870 When a FortiGate device model's IP address is changed in the Inventory view, add/delete/move syslog messages from the new IP address is discarded until FortiNAC services are restarted.
827283 Roaming Guest Logical Network missing from FortiGate Model Configuration.
826913 Creating a Network Device Role using Direct Configurations reverts to Logical Networks.
825436 IP addresses appended to network device names during discovery are truncated resulting in duplicate device and port names.
824088 Unable to update existing Registered Host records using Legacy View > Hosts > Import.
820160 Roles view is not available with a Base License.
818504 Linux Persistent Agent fails to install using the .deb package.
817040 FortiNAC Manager fails to connect to pods configured for L2 High Availabilty with a virtual IP.Manager is querying eth0 IP instead of Virtual IP.
816877 Profiled device icon does not match the icon assigned by Device Profiling Rule.
816451 When importing DHCP Scopes with spaces in the names, the Configuration Wizard Summary displays blank scope data.
815352 Logical network configuration mappings can return the wrong value when host is connected via more than one interface.
814631 %port% variable is reading port id rather than port number. Affects FlexCLI configurations.
814183 Unable to view all Certificate Details in the Certificate Management view.
813652 Security Alarms are not generating from Security Events.
811783 Links in the Persistent Agent Summary panel produce redundant results.
810574 Unable to scan message when using Dissolvable agent if scan configuration label contains non US-ASCII characters.
810209 Not all SSIDs are read from Aruba controllers.
808088 Alarms stop generating notifications. Affects environments with notifications configured for high frequency alarms.
806936 Importing Mist devices using the CLI deviceimport tool does not add the AP's to the proper groups.
806106 Juniper Change of Authorization (CoA) fails.
800255 Device Profiling IP Range Method does not include .255 when using wildcards.
793634 MDM Server Last Polled and Last Successful Poll information removed in 9.x.
792968 Legacy View for Users & Hosts > Hosts does not display items in tables. Workaround: Enter “*” (asterisk) in search field.
791751 Host Import - importing same file twice results in "null" error and exception in logs.
791442 Able to delete a Portal Configuration which is in use by a Portal Policy. Removal is done without warning the user.
784543 403 error is displayed when sending an email from Guests and Contractors view.Affects FortiNAC admins with limited permissions. Workaround: Enable portal policy permissions in the admin profile.
783304 DHCP responds with unexpected addresses in the DHCP-Server-Identifier attribute.This causes release/renew to fail.Affects appliances configured for seperate isolation networks (Registration, Remediation, DeadEnd, etc).
780312 FortiNAC does not integrate with Azure Active Directory due to SAML connection requirements.
776077 Local Radius to Winbind connection cannot be secured at this time.
774048 L2 HA + VIP Pairing Process Failing.Configuration completes but leaves both appliances in a "processes down" state. Workaround: Reboot appliances.
773088 No VLAN Information for Adtran NetVanta 1638.
770091 Port changes/VLAN assignments made using local RADIUS are not being logged as port changes.
769014 Generate Password Error is displayed when adding new Guest/Contractor account. For details and workaround see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Generate-Password-Error-when-adding-new-Guest/ta-p/209272.
767548 Register Game system with Host Inventory success page is not working.
766850 Landing page defined by an Admin profile is not honored. User with that Admin Profile is presented with the FortiNAC Dashboard instead. Workaround: Manually browse to intended landing page.
765172 Configuration Wizard does not check whether user input subnet masks are valid.
762704 After clicking the 'restart services' button when applying SSL certificates to the Admin UI Certificate Target, the prompt does not clear and there is no confirmation dialogue (even though it was successful). Clicking the 'restart services' button again generates an error.
761745 Mist AP - Port Connection State NOT WAP Uplink.
760926 Removal/Addition of LDAP model can cause user attribute synchronization issues. For details and workaround see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Removal-Addition-of-LDAP-model-can-cause-user/ta-p/209296.
754346 Selecting Port Changes under the Ports tab of a specific device in Network > Inventory does not display expected results. For details and workaround, see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Default-filter-for-Port-Changes-does-not-populate/ta-p/209297.
752538 When in the Users & Hosts > Applications view, selecting an application and clicking the Show Hosts option displays a page that does not provide accurately filtered results. Workaround: Navigate Users & Hosts > Hosts and create a custom filter to list hosts associated to an application.
747921 Portal renaming does not rename the associated CSS files.
733943 Using "Set Model Config" for multiple Meraki wired devices can change Serial number to all be the same. It is recommended that edits to the device model are done on an individual basis as opposed to in bulk. There is no current workaround.
730181 Custom reporting and Archive options are not available.
726333 Entitlements (such as concurrent licenses) for Subscription Licenses are not accurately reflected in the Administration UI License Management view and only show Base licenses. Workaround: Use the License Information panel in the Dashboard instead.
710583 L2 Polling Mist APs can result in more API requests than Mist allows per hour.
708936 FortiNAC will logoff SSO for sessions that remain connected to a managed FortiGate IPSec VPN tunnel after 12 hours.
708720 Policy evaluation may not be triggered after a host status update in Microsoft InTune. This can prevent the host from being moved to the proper network. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Policy-evaluation-not-triggered-after-Microsoft/ta-p/203843.
699106 After a reboot, FortiNAC may change the Native VLAN on a wired switch port following a layer 2 poll. This may cause issues for ip phones should they connect to a port where the native/default VLAN isn't the correct VLAN.
695435 FortiEDR is currently not supported. If required, contact sales or open a support ticket to submit a New Feature Request (NFR).
694407 Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being detected by the agent. This causes hosts running CrowdStrike Falcon to incorrectly fail scans. For details and workaround, see related KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Linux-hosts-running-CrowdStrike-Falcon/ta-p/202694.
682438 Page Unresponsive' error when exporting hosts. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Page-Unresponsive-error-when-exporting-hosts/ta-p/193878.
674438 Processes Scan Type option is not available when creating custom scans for macOS systems.
641036 Multi-factor authentication (MFA) for the Administration GUI login is currently not supported.
631115 Only 50000 records display in Adapter and Host Views.Example:Adapters - Displayed: 50000Total: 57500
Not all models of all network devices can be configured to perform Physical MAC Address Filtering even though the Admin UI indicates that the configuration can be set. Resolution: Hosts can be disabled by implementing a Dead-end VLAN.
For Portal v2 configurations, web pages that are stored in the site directory to be used for Scan Configurations will not be included when you do an Export of the Portal v2 configuration. Resolution: The files in the site directory are backed up with the Remote Backup feature, but otherwise keep a copy of these files in a safe place.
In a Layer 3 High Availability (HA) environment, configWizard must have a DHCP scope defined. Running configWizard without a DHCP scope can cause a failover.
On FortiNAC appliances with CentOS 7, duplicate log messages may appear in dhcpd.log for each sub interface (eth1, eth1:1, eth1:2, etc).
Only English versions of AV/AS and their corresponding definitions are supported.
Anti-Virus product Iolo technologies System Mechanic Professional is currently not supported.
Sophos UTM is currently not supported.
860206 Polling threads get locked when communications are terminated unexpectedly from the NCM
861201 Windows 11 Domain Check
856192 FNAC FSSO does not send required groups to FGT.
855891 FSSO failing to send to FGT for hosts with PA
852670 AP showing up as learned uplink not WAP Uplink
770974 Event to Alarm mappings failing for Clear on Event criteria
809769 HTML is not supported when using "Guest Account Details" message type template
845505 Manager (NCM) not properly synchronizing nested Global Groups
845493 Manager (NCM) not properly synchronizing nested Global Groups