Known Issues Version 9.2.6
Ticket # |
Description (9.2.6.0451) |
---|---|
856217 |
Hosts discovered by MDM are getting incorrectly marked as having a Persistent Agent. |
809769 |
HTML is not supported when using "Guest Account Details" message type template. |
874037 |
GUI > Users & Hosts > Host View > Quick Search - Unable to locate host by hyphen or no delimiter. |
882265 |
FortiNAC is not sending the correct serial number field to FAZ. |
780312 | FortiNAC does not integrate with Azure Active Directory due to SAML connection requirements. |
878836 |
Intune MDM Integration 'Invalid Audience' when using an App registration in the Azure Government cloud. |
878836 |
Intune MDM Integration 'Invalid Audience' when using an App registration in the Azure Government cloud. |
866378 |
Custom Login using a Guest Self Registration account fails with error Registered Client Not Found. |
875720 |
REST API v2 query for Scan Results returns no results. |
869097 |
Prioritize the IP -> MAC value provided by RadiusServer for managed wireless clients. |
867183 |
Unable to perform seamless failover of Aruba Controller with FortiNAC. |
754346 |
Default filter used when selecting Port Changes for a specific device port does not work. |
874812 |
Private VLAN switching is not working > Cisco switches. |
878059 |
Using Location that specifies a device will not work if that device is a FortiLinked FortiSwitch |
877942 |
Performance issues related to Firewall Session table growing to large. |
834094 834089 845493 845505 | When a sync is performed on the Network Control Manager, if an IO error occurs, global device profiling rules, global port groups and port group membership may be removed from the managed pod due to returning an empty list. |
811404 807309 | Admin UI showing error "You do not have permission to access this page". Workaround: Restart tomcat-admin service. |
686910 714219 | Control Manager (NCM) communication issues when the NAC systems are connected through the WAN. For details see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-NCM-communication-issues-with-systems-across-WAN/ta-p/192434. |
849497 | The FreeRADIUS service is restarted whenever a new network device is modeled even if local RADIUS is not enabled. |
849140 | In a High Availability environment, the Network Control Manager's API query to a managed pod's Secondary Server will return the serial number of the server in control. If the server in control is the primary, the query to the secondary will fail. |
845930 | When a managed pod is removed from the Network Control Manager, not all references to the previously managed pod are removed from the database. The result is a “Sync failed to replace xyz” error message when a sync is attempted. |
845412 | When a sync is performed on the Network Control Manager, modified group names are not synchronized to the managed pod. |
845003 | Unable to register hosts to usernames in format of an email address. An “Error – Failed to Save Host – null” message appears. |
845000 | Unable to add a new LDAP or local user account when the username is in the format of an email address. A “Failed to modify User” message appears. |
842370 | Radius will ignore incoming requests from a device if the Model Configuration or VDOM configuration does not specify a secret and local radius mode (and for a VDOM, additionally a Source IP address). |
842280 | Guest Self-Registration, when configured to e-mail users their credentials, now requires 2 separate e-mails (1 containing username and another containing password). |
842122 | An incorrect license utilization percentage is displayed in the Network Control Manager Dashboard license widget. |
841907 | The Network Control Manager can experience lengthy response times when querying hosts from the managed pods. |
841825 | Guest Self-Registration fails if using SMS. |
840796 | InTune records without unique serial numbers can cause issues with FortiNAC's device lookups.Records are currently looked up via serial number first and MAC address second. Lookup order should be reversed. |
838525 | Configuring Remote Backup results in a "HTTP Status 500 – Internal Server" error. |
836606 | When polling GSuite, if communication times out part way through, the poll is still reported as successful even though not all records were obtained. |
836435 | Unable to read VLANs on Huawei 6508 WLC. |
836146 | radius.log file can grow too large if debug is left enabled. |
836137 | Existing results disappear on RADIUS -> Winbind view if the results are sorted by Joined column. |
835782 | Applying a license key in the Configuration Wizard can result in a "HTTP Status 500 – Unable to compile class for JSP" error message. |
835405 | Admin UI is inaccessible after running the Configuration Wizard during a new deployment. Logs indicate the keystore is unrecognized. |
835149 | When an endpoint is registered as a device in Host AND Inventory/Topology, it is not possible to edit the host role. The option is available, but changes do not apply. |
835143 | When querying Microsoft Intunes network details, FortiNAC does not validate whether the response is successful. As a result, additional queries fail until the token is refreshed. |
834461 | All required radius CoA attributes are not sent to Ruckus controllers in a disconnect request. |
833735 | Host icons in the Inventory view are not updated until a Layer 2 poll occurs. |
833327 | Routes specifying an interface are no longer present after reboot or restart of processes. |
833305 | Guest account password is unmasked when printing badge even though admin user does not have password viewing permissions. |
832313 | Device integration does not handle CLI connections to infrastructure configured with keyboard-interactive password challenge. |
830932 | Entitlement Polling Success event is not listed as an option for triggering or clearing an Alarm Mapping. |
830581 | IP Phones will not match policy if host group membership is configured as a User/Host Profile requirement despite the phone being a member of the host group. |
829702 | FortiGate wireless clients cannot connect after a FortiNAC software upgrade if the FortiGate device model's RADIUS secret is not populated.This is true even though the VDOM radius secret is populated. |
829019 | Manager's (NCM) Resume Control button on the Dashboard in a High Availability environment does not restore control to the primary Manager. |
828128 | Unable to add Allowed Domains containing underscore symbols. |
827870 | When a FortiGate device model's IP address is changed in the Inventory view, add/delete/move syslog messages from the new IP address is discarded until FortiNAC services are restarted. |
827283 | Roaming Guest Logical Network missing from FortiGate Model Configuration. |
826913 | Creating a Network Device Role using Direct Configurations reverts to Logical Networks. |
824088 | Unable to update existing Registered Host records using Legacy View > Hosts > Import. |
820160 | Roles view is not available with a Base License. |
818504 | Linux Persistent Agent fails to install using the .deb package. |
817040 | FortiNAC Manager fails to connect to pods configured for L2 High Availabilty with a virtual IP.Manager is querying eth0 IP instead of Virtual IP. |
814183 | Unable to view all Certificate Details in the Certificate Management view. |
813652 | Security Alarms are not generating from Security Events. |
811783 | Links in the Persistent Agent Summary panel produce redundant results. |
810574 | Unable to scan message when using Dissolvable agent if scan configuration label contains non US-ASCII characters. |
808088 | Alarms stop generating notifications.Affects environments with notifications configured for high frequency alarms. |
800255 | Device Profiling IP Range Method does not include .255 when using wildcards. |
793634 | MDM Server Last Polled and Last Successful Poll information removed in 9.x. |
792968 | Legacy View for Users & Hosts > Hosts does not display items in tables. Workaround: Enter “*” (asterisk) in search field. |
791751 | Host Import - importing same file twice results in "null" error and exception in logs. |
791442 | Able to delete a Portal Configuration which is in use by a Portal Policy. Removal is done without warning the user. |
783304 | DHCP responds with unexpected addresses in the DHCP-Server-Identifier attribute.This causes release/renew to fail.Affects appliances configured for seperate isolation networks (Registration, Remediation, DeadEnd, etc). |
776077 | Local Radius to Winbind connection cannot be secured at this time. |
774048 | L2 HA + VIP Pairing Process Failing.Configuration completes but leaves both appliances in a "processes down" state.Workaround: Reboot appliances. |
770091 | Port changes/VLAN assignments made using Local RADIUS are not being logged as port changes. |
767548 | Register Game system with Host Inventory success page is not working. |
766850 | Landing page defined by an Admin profile is not honored. User with that Admin Profile is presented with the FortiNAC Dashboard instead. Workaround: Manually browse to intended landing page. |
765172 | Configuration Wizard does not check whether user input subnet masks are valid. |
762704 | After clicking the 'restart services' button when applying SSL certificates to the Admin UI Certificate Target, the prompt does not clear and there is no confirmation dialogue (even though it was successful). Clicking the 'restart services' button again generates an error. |
761745 | Mist AP - Port Connection State NOT WAP Uplink. |
760926 | Removal/Addition of LDAP model can cause user attribute synchronization issues. For details and workaround see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Removal-Addition-of-LDAP-model-can-cause-user/ta-p/209296. |
754346 | Selecting Port Changes under the Ports tab of a specific device in Network > Inventory does not display expected results. For details and workaround, see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Default-filter-for-Port-Changes-does-not-populate/ta-p/209297. |
752538 | When in the Users & Hosts > Applications view, selecting an application and clicking the Show Hosts option displays a page that does not provide accurately filtered results. Workaround: Navigate Users & Hosts > Hosts and create a custom filter to list hosts associated to an application. |
710583 | L2 Polling Mist APs can result in more API requests than Mist allows per hour. |
708936 | FortiNAC will logoff SSO for sessions that remain connected to a managed FortiGate IPSec VPN tunnel after 12 hours. |
708720 | Policy evaluation may not be triggered after a host status update in Microsoft InTune. This can prevent the host from being moved to the proper network. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Policy-evaluation-not-triggered-after-Microsoft/ta-p/203843. |
699106 | After a reboot, FortiNAC may change the Native VLAN on a wired switch port following a layer 2 poll. This may cause issues for ip phones should they connect to a port where the native/default VLAN isn't the correct VLAN. |
695435 | FortiEDR is currently not supported.If required, contact sales or open a support ticket to submit a New Feature Request (NFR). |
694407 | Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being detected by the agent. This causes hosts running CrowdStrike Falcon to incorrectly fail scans. For details and workaround, see related KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Linux-hosts-running-CrowdStrike-Falcon/ta-p/202694. |
682438 | Page Unresponsive' error when exporting hosts.For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Page-Unresponsive-error-when-exporting-hosts/ta-p/193878. |
674438 | Processes Scan Type option is not available when creating custom scans for macOS systems. |
641036 | Multi-factor authentication (MFA) for the Administration GUI login is currently not supported. |
631115 | Only 50000 records display in Adapter and Host Views.Example:Adapters - Displayed: 50000 Total: 57500 |
795411 |
Not able to click the "In Use" number of Concurrent Licenses Widget. |
870875 |
Address Group Object "In Use" button does not display accurate results. |
Not all models of all network devices can be configured to perform Physical MAC Address Filtering even though the Admin UI indicates that the configuration can be set. Resolution: Hosts can be disabled by implementing a Dead-end VLAN. | |
For Portal v2 configurations, web pages that are stored in the site directory to be used for Scan Configurations will not be included when you do an Export of the Portal v2 configuration. Resolution: The files in the site directory are backed up with the Remote Backup feature, but otherwise keep a copy of these files in a safe place. | |
Removing a device from the L2 Wired Devices or L2 Wireless Devices Group does not disable L2 (Hosts) Polling under the Polling tab in Topology. | |
The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all hosts marked At-Risk to Safe. However, the status of the individual scans for each host remain unchanged. | |
In a Layer 3 High Availability (HA) environment, configWizard must have a DHCP scope defined. Running configWizard without a DHCP scope can cause a failover. | |
On FortiNAC appliances with CentOS 7, duplicate log messages may appear in dhcpd.log for each sub interface (eth1, eth1:1, eth1:2, etc). | |
System > Settings > Updates > Operating System will only record and display dates of OS updates that are completed through the Administrative UI. If Operating System updates are run via command line using the "yum" tool, the update is not recorded. Resolution: Execute Operating System Updates through the Administrative UI in order to maintain update history. | |
Only English versions of AV/AS and their corresponding definitions are supported. | |
Anti-Virus product Iolo technologies System Mechanic Professional is currently not supported. | |
Sophos UTM is currently not supported. | |
846822 | FortiNAC failed the NMAP scan due to old IP reported from the arptool |
860206 | Polling threads get locked when communications are terminated unexpectedly from the NCM |
861201 | Windows 11 Domain Check |
854239 | Radius CoA is not working as expected - ClassNotFoundException for CambiumAP in 9.2 release |
812908 | /var/log/messages is not rotating generating large files and high disk usage issues |
855897 | CLI config for Huawei Switch S5731-H48P4XC |
856362 | Upgrade from 8.x to 9.2.6 GA changes Conference account password |
856192 | FNAC FSSO does not send required groups to FGT. |
852946 | FortiNAC 9.2.6 System Management menus gives HTTP 500 - Internal server error |
853007 | Fortinac is sending big amount of API requests to Meraki API |
853870 | Kaspersky Endpoint Protection 11.10 is not supported by Fortinac |
860996 | Unable to read VLANs or L2 data for Huawei S6720-30C-EI-24S-AC |
855891 | FSSO failing to send to FGT for hosts with PA |
842134 | Blank section to Captive Portal page for mobile devices added after upgrade. |
850085 | Juniper MIST integration needs to handle other domains than api.mist.com |
859702 | Enhance Palo Alto SSO REST API to allow for bulk messaging |
833324 | FortiNAC unexpectedly disabling Juniper EX interfaces when host is deleted in "Host View" |
840218 | Cisco ASA firewall ports not showing on GUI |
841781 | FNAC as Local Radius does not send Radius CoA after NAC policy is matched |
852670 | AP showing up as learned uplink not WAP Uplink |
858138 | FSSO Tags are not sent to Wired and Wireless FortiGates after reconnecting the LAN port on FGT1101E |
770974 | Event to Alarm mappings failing for Clear on Event criteria |
809769 | HTML is not supported when using "Guest Account Details" message type template |
814476 | HP J9776A 2530-24G Switch - Aggregation Port Issue |
849140 | NCM REST API ping of secondary in HA pod returns the wrong serial number causing ping to fail |
847630 | Newly deployed NAC via OVA was incomplete requiring various manual workarounds to get completed |
846782 | FortiNAC is unable to read roles and potentially other data from Aruba IAPs due to a # symbol automatically added to the wireless network name. |