Fortinet black logo

Release Notes

Home FortiNAC 9.2.4 Release Notes

Known issues Version 9.2.4

9.2.4
9.4.6
9.4.5
9.4.4
9.4.3
9.4.2
9.4.1
9.4.0
9.2.8
9.2.7
9.2.6
9.2.5
9.2.4
9.2.3
9.2.2
9.2.1
9.2.0
9.1.10
9.1.9
9.1.8
9.1.7
9.1.6
9.1.5
9.1.4
9.1.3
9.1.2
9.1.0
8.8.11
8.8.10
8.8.9
8.8.8
8.8.7
8.8.6
8.8.5
8.8.4
8.8.3
8.8.2
8.8.1
8.8.0
8.7.6
8.7.5
8.7.4
8.7.2
8.7.1
8.7.0
8.6.5
8.6.4
8.6.3
8.6.2
8.6.1
8.6.0
8.5.4
8.5.3
8.5.2
8.5.1
8.3.7
8.3.6
Copy Link
Copy Doc ID bbe3c5eb-bcd2-11ec-9fd1-fa163e15d75b:838194
Download PDF

Known issues Version 9.2.4

Ticket #

Description (9.2.4.0438)

874037

GUI > Users & Hosts > Host View > Quick Search - Unable to locate host by hyphen or no delimiter.

882265

FortiNAC is not sending the correct serial number field to FAZ.

754346

Default filter used when selecting Port Changes for a specific device port does not work.

874812

Private VLAN switching is not working > Cisco switches.
780312 FortiNAC does not integrate with Azure Active Directory due to SAML connection requirements.

878059

Using Location that specifies a device will not work if that device is a FortiLinked FortiSwitch
641036 Multi-factor authentication (MFA) for the Administration GUI login is currently not supported.
686910 714219 Control Manager (NCM) communication issues when the NAC systems are connected through the WAN.For details see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-NCM-communication-issues-with-systems-across-WAN/ta-p/192434.
792968 Legacy View for Users & Hosts > Hosts does not display items in tables. Workaround: Enter “*” (asterisk) in search field.
752538 When in the Users & Hosts > Application sview, selecting an application and clicking the Show Hosts option displays a page that does not provide accurately filtered results. Workaround: Navigate Users & Hosts > Hosts and create a custom filter to list hosts associated to an application.
766850 Landing page defined by an Admin profile is not honored. User with that Admin Profile is presented with the FortiNAC Dashboard instead. Workaround: Manually browse to intended landing page.
770091 Port changes/VLAN assignments made using Local RADIUS are not being logged as port changes.
733943 Using "Set Model Config" for multiple Meraki wired devices can change Serial number to all be the same. It is recommended that edits to the device model are done on an individual basis as opposed to in bulk. There is no current workaround.
760926 Removal/Addition of LDAP model can cause user attribute synchronization issues. For details and workaround see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Removal-Addition-of-LDAP-model-can-cause-user/ta-p/209296.
754346 Selecting Port Changes under the Ports tab of a specific device in Network > Inventory does not display expected results. For details and workaround, see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Default-filter-for-Port-Changes-does-not-populate/ta-p/209297.
791442 Able to delete a Portal Configuration which is in use by a Portal Policy. Removal is done without warning the user.
726333 Entitlements (such as concurrent licenses) for Subscription Licenses are not accurately reflected in the Administration UI License Management view and only show Base licenses. Workaround: Use the License Information panel in the Dashboard instead.
718864 FortiNAC does not send all required attributes in CoA packets sent to Ubiquiti when an online host record is deleted from the database.
710416 There can be a delay in updating IP addresses for isolated hosts in host and adapter view.
708936 FortiNAC will logoff SSO for sessions that remain connected to a managed FortiGate IPSec VPN tunnel after 12 hours.
708720 Policy evaluation may not be triggered after a host status update in Microsoft InTune. This can prevent the host from being moved to the proper network. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Policy-evaluation-not-triggered-after-Microsoft/ta-p/203843.
694407 Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being detected by the agent. This causes hosts running CrowdStrike Falcon to incorrectly fail scans. For details and workaround, see related KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Linux-hosts-running-CrowdStrike-Falcon/ta-p/202694.
682438 Page Unresponsive' error when exporting hosts.For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Page-Unresponsive-error-when-exporting-hosts/ta-p/193878.
677628 Cisco WLC Port Channel not classified as Learned Uplink.For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Cisco-WLC-Port-Channel-not-classified-as-Learned/ta-p/196208.
675180 False positive Scan Results when there are no sub-settings selected in Operating System check.
674438 "Processes" Scan Type option is not available when creating custom scans for macOS systems.
646580 Restarting FortiNAC services can generate a large number of SSH sessions with ASA. For details, refer to related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Restarting-services-can-generate-large-number-of/ta-p/195876.
631115 Only 50000 records display in Adapter and Host Views. Example: Adapters - Displayed: 50000Total: 57500
610581 L3 eth1 sub-interfaces are not removed after re-configuring an appliance configured for L3 Network Type to L2.
609976 Cisco WLC 9800 Model Configuration tab does not include the drop down VLAN lists under Access Value.For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Cisco-WLC-9800-Model-Configuration-tab-does-not/ta-p/198790.
609046 A port where the master Aruba Instant AP (IAP) with VIP is connected becomes a “learned uplink”. This type of uplink is not dynamically undone / removed when the IAP (with the VIP) is disconnected from that port.
522468 Although there are fields to set the role or access value in the Authentication portal, these functions are currently not supported.
747921 Portal renaming does not rename the associated CSS files.

770974

Event Lifetime alarm trigger rule is not being honored when configured.

762704

After clicking the 'restart services' button when applying SSL certificates to the Admin UI Certificate Target, the prompt does not clear and there is no confirmation dialogue (even though it was successful). Clicking the 'restart services' button again generates an error.
Not all models of all network devices can be configured to perform Physical MAC Address Filtering even though the Admin UI indicates that the configuration can be set.Resolution: Hosts can be disabled by implementing a Dead-end VLAN.
For Portal v2 configurations, web pages that are stored in the site directory to be used for Scan Configurations will not be included when you do an Export of the Portal v2 configuration.Resolution: The files in the site directory are backed up with the Remote Backup feature, but otherwise keep a copy of these files in a safe place.
Removing a device from the L2 Wired Devices or L2 Wireless Devices Group does not disable L2 (Hosts) Polling under the Polling tab in Topology.
The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all hosts marked At-Risk to Safe. However, the status of the individual scans for each host remain unchanged.
In a Layer 3 High Availability (HA) environment, configWizard must have a DHCP scope defined. Running configWizard without a DHCP scope can cause a failover.
On FortiNAC appliances with CentOS 7, duplicate log messages may appear in dhcpd.log for each sub interface (eth1, eth1:1, eth1:2, etc).
System > Settings > Updates > Operating Systemwill only record and display dates of OS updates that are completed through the Administrative UI. If Operating System updates are run via command line using the "yum" tool, the update is not recorded.Resolution: Execute Operating System Updates through the Administrative UI in order to maintain update history.
Only English versions of AV/AS and their corresponding definitions are supported.
Anti-Virus product Iolo technologies System Mechanic Professional is currently not supported.
FortiEDR is currently not supported.If required, contact sales or open a support ticket to submit a New Feature Request (NFR).
Sophos UTM is currently not supported.
Previous
Next

Known issues Version 9.2.4

Ticket #

Description (9.2.4.0438)

874037

GUI > Users & Hosts > Host View > Quick Search - Unable to locate host by hyphen or no delimiter.

882265

FortiNAC is not sending the correct serial number field to FAZ.

754346

Default filter used when selecting Port Changes for a specific device port does not work.

874812

Private VLAN switching is not working > Cisco switches.
780312 FortiNAC does not integrate with Azure Active Directory due to SAML connection requirements.

878059

Using Location that specifies a device will not work if that device is a FortiLinked FortiSwitch
641036 Multi-factor authentication (MFA) for the Administration GUI login is currently not supported.
686910 714219 Control Manager (NCM) communication issues when the NAC systems are connected through the WAN.For details see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-NCM-communication-issues-with-systems-across-WAN/ta-p/192434.
792968 Legacy View for Users & Hosts > Hosts does not display items in tables. Workaround: Enter “*” (asterisk) in search field.
752538 When in the Users & Hosts > Application sview, selecting an application and clicking the Show Hosts option displays a page that does not provide accurately filtered results. Workaround: Navigate Users & Hosts > Hosts and create a custom filter to list hosts associated to an application.
766850 Landing page defined by an Admin profile is not honored. User with that Admin Profile is presented with the FortiNAC Dashboard instead. Workaround: Manually browse to intended landing page.
770091 Port changes/VLAN assignments made using Local RADIUS are not being logged as port changes.
733943 Using "Set Model Config" for multiple Meraki wired devices can change Serial number to all be the same. It is recommended that edits to the device model are done on an individual basis as opposed to in bulk. There is no current workaround.
760926 Removal/Addition of LDAP model can cause user attribute synchronization issues. For details and workaround see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Removal-Addition-of-LDAP-model-can-cause-user/ta-p/209296.
754346 Selecting Port Changes under the Ports tab of a specific device in Network > Inventory does not display expected results. For details and workaround, see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Default-filter-for-Port-Changes-does-not-populate/ta-p/209297.
791442 Able to delete a Portal Configuration which is in use by a Portal Policy. Removal is done without warning the user.
726333 Entitlements (such as concurrent licenses) for Subscription Licenses are not accurately reflected in the Administration UI License Management view and only show Base licenses. Workaround: Use the License Information panel in the Dashboard instead.
718864 FortiNAC does not send all required attributes in CoA packets sent to Ubiquiti when an online host record is deleted from the database.
710416 There can be a delay in updating IP addresses for isolated hosts in host and adapter view.
708936 FortiNAC will logoff SSO for sessions that remain connected to a managed FortiGate IPSec VPN tunnel after 12 hours.
708720 Policy evaluation may not be triggered after a host status update in Microsoft InTune. This can prevent the host from being moved to the proper network. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Policy-evaluation-not-triggered-after-Microsoft/ta-p/203843.
694407 Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being detected by the agent. This causes hosts running CrowdStrike Falcon to incorrectly fail scans. For details and workaround, see related KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Linux-hosts-running-CrowdStrike-Falcon/ta-p/202694.
682438 Page Unresponsive' error when exporting hosts.For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Page-Unresponsive-error-when-exporting-hosts/ta-p/193878.
677628 Cisco WLC Port Channel not classified as Learned Uplink.For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Cisco-WLC-Port-Channel-not-classified-as-Learned/ta-p/196208.
675180 False positive Scan Results when there are no sub-settings selected in Operating System check.
674438 "Processes" Scan Type option is not available when creating custom scans for macOS systems.
646580 Restarting FortiNAC services can generate a large number of SSH sessions with ASA. For details, refer to related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Restarting-services-can-generate-large-number-of/ta-p/195876.
631115 Only 50000 records display in Adapter and Host Views. Example: Adapters - Displayed: 50000Total: 57500
610581 L3 eth1 sub-interfaces are not removed after re-configuring an appliance configured for L3 Network Type to L2.
609976 Cisco WLC 9800 Model Configuration tab does not include the drop down VLAN lists under Access Value.For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Cisco-WLC-9800-Model-Configuration-tab-does-not/ta-p/198790.
609046 A port where the master Aruba Instant AP (IAP) with VIP is connected becomes a “learned uplink”. This type of uplink is not dynamically undone / removed when the IAP (with the VIP) is disconnected from that port.
522468 Although there are fields to set the role or access value in the Authentication portal, these functions are currently not supported.
747921 Portal renaming does not rename the associated CSS files.

770974

Event Lifetime alarm trigger rule is not being honored when configured.

762704

After clicking the 'restart services' button when applying SSL certificates to the Admin UI Certificate Target, the prompt does not clear and there is no confirmation dialogue (even though it was successful). Clicking the 'restart services' button again generates an error.
Not all models of all network devices can be configured to perform Physical MAC Address Filtering even though the Admin UI indicates that the configuration can be set.Resolution: Hosts can be disabled by implementing a Dead-end VLAN.
For Portal v2 configurations, web pages that are stored in the site directory to be used for Scan Configurations will not be included when you do an Export of the Portal v2 configuration.Resolution: The files in the site directory are backed up with the Remote Backup feature, but otherwise keep a copy of these files in a safe place.
Removing a device from the L2 Wired Devices or L2 Wireless Devices Group does not disable L2 (Hosts) Polling under the Polling tab in Topology.
The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all hosts marked At-Risk to Safe. However, the status of the individual scans for each host remain unchanged.
In a Layer 3 High Availability (HA) environment, configWizard must have a DHCP scope defined. Running configWizard without a DHCP scope can cause a failover.
On FortiNAC appliances with CentOS 7, duplicate log messages may appear in dhcpd.log for each sub interface (eth1, eth1:1, eth1:2, etc).
System > Settings > Updates > Operating Systemwill only record and display dates of OS updates that are completed through the Administrative UI. If Operating System updates are run via command line using the "yum" tool, the update is not recorded.Resolution: Execute Operating System Updates through the Administrative UI in order to maintain update history.
Only English versions of AV/AS and their corresponding definitions are supported.
Anti-Virus product Iolo technologies System Mechanic Professional is currently not supported.
FortiEDR is currently not supported.If required, contact sales or open a support ticket to submit a New Feature Request (NFR).
Sophos UTM is currently not supported.
Previous
Next