Known Issues Version 9.2.7
|
Ticket # |
Description (9.2.7.0463) |
|---|---|
|
890988 |
We are not allowing a user to view the device data with "Network Devices >Access " only permissions for admin profile. |
|
868999 |
Host status "pending at risk" is not honored if host status "safe" is ranked higher in policy where profile is applicable. |
|
800326 |
Cisco chassis switch with a Cisco WLC connected via port channel shows as a rogue. |
|
904535 |
3Com 4800G unable to read MAC Addresses from MAC Address Table. |
|
827283 |
Roaming Guest Logical Network missing from Model Configuration of FortiGate and possibly other vendors. |
|
894661 |
When Admin UI is left unattended, and admin session times out, previous active page is still visible in the background. |
|
877245 |
Adding LDAP Admin user is found in the directory but user dialog defaults to local. |
|
755317 |
Manager reports server synchronization completed but not all configuration is on CAVM. |
|
895085 |
RADIUS Performance problems on rogue host record creation. |
|
903393 |
Unable to Remove High Availability Configuration with Control and Application server pair. |
|
883146 |
campusMgr restarting over and over. |
|
897151 |
Device mapping for Cisco C9800-AP's adds AP's as a Cisco 9800 Wireless controller. Cisco C9800-AP Software is not currently supported. |
|
891890 |
Windows 11 hosts detected as Windows 10 hosts when using Dissolvable agent. |
|
802335 |
Getting a JSON string error when setting registered or logged user role on host view page. |
|
888616 |
"Load CLI Configuration error" when navigating to System > Scheduler. |
|
894165 |
Test Device Profiling Rule results in "Rule Does Not Match" if rule name contains a double space between words. Workaround: Remove the extra space. |
|
892486 |
Secondary server in a High Availability configuration does not reflect the correct concurrent count in License Management. |
|
891530 |
Unable to set Admin Profile using "Set Admin Profile". |
|
890893 |
Global objects synchronization not completing between manager and appliances |
|
887478 |
Links in the Persistent Agent Summary panel produce redundant results. |
|
872245 |
The migration procedure to move existing FortiNAC servers from CentOS to FortiNAC-OS is currently not supported. |
|
809769 |
HTML is not supported when using "Guest Account Details" message type template. |
|
887470 |
Domain with single character between dots in multiple dot domains results in error when adding to allowed domains. |
|
883129 |
Mist L2 polling may not function properly due to how Mist devices are modeled in FortiNAC. |
|
883080 |
Local Radius attempts to look up mac addresses in the directory for mac-auth auth requests. |
|
884077 |
Guests & Contractors | Modifying a Guest account with "Can view passwords:" permission disabled generates error. |
|
874037 |
GUI > Users & Hosts > Host View > Quick Search - Unable to locate host by hyphen or no delimiter. |
|
883680 |
404 response to HTTPS GET when polling Firewall Sessions on FortiGate running FOS 7.2+. |
|
881837 |
Despite being modeled correctly, Meraki MX doesn't pass credential validation. |
|
884414 |
Unable to switch VLANs manually in Port Properties for Aruba CX switch. |
|
881837 |
Hosts with spaces in the hostname throws an exception when trying to make an edit to the host where hostname contains whitespace. |
|
882265 |
FortiNAC is not sending the correct serial number field to FAZ. |
|
877934 |
LDAP communication failure if Primary AD is reachable but Secondary is not. |
|
878836 |
Intune MDM Integration 'Invalid Audience' when using an App registration in the Azure Government cloud. |
| 832313 | SSH keyboard-interactive is disabled by default starting with versions 9.2.7, 9.4.2 and F7.2. This may affect FortiNAC's CLI access to a limited number of devices (like Arista switches). For details and workaround, see KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-SSH-login-fails-due-to-SSH-keyboard/ta-p/244979 |
|
878836 |
Intune MDM Integration 'Invalid Audience' when using an App registration in the Azure Government cloud. |
|
754346 |
Default filter used when selecting Port Changes for a specific device port does not work. |
| 866378 |
Custom Login using a Guest Self Registration account fails with error Registered Client Not Found. |
| 875720 |
REST API v2 query for Scan Results returns no results. |
| 869097 |
Prioritize the IP -> MAC value provided by RadiusServer for managed wireless clients. |
| 867183 |
Unable to perform seamless failover of Aruba Controller with FortiNAC. |
|
874812 |
Private VLAN switching is not working > Cisco switches. |
| 780312 | FortiNAC does not integrate with Azure Active Directory due to SAML connection requirements. |
|
878059 |
Using Location that specifies a device will not work if that device is a FortiLinked FortiSwitch |
|
877942 |
Performance issues related to Firewall Session table growing to large. |
|
878080 |
Aruba CX Switch Incorrect VLAN Management Syntax. |
| 631115 | Only 50000 records display in Adapter and Host Views. Example: Adapters - Displayed: 50000 Total: 57500 |
| 641036 | Multi-factor authentication (MFA) for the Administration GUI login is currently not supported. |
| 674438 | Processes Scan Type option is not available when creating custom scans for macOS systems. |
| 682438 | Page Unresponsive' error when exporting hosts. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Page-Unresponsive-error-when-exporting-hosts/ta-p/193878. |
| 694407 | Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being detected by the agent. This causes hosts running CrowdStrike Falcon to incorrectly fail scans. For details and workaround, see related KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Linux-hosts-running-CrowdStrike-Falcon/ta-p/202694. |
| 695435 | FortiEDR is currently not supported. If required, contact sales or open a support ticket to submit a New Feature Request (NFR). |
| 699106 | After a reboot, FortiNAC may change the Native VLAN on a wired switch port following a layer 2 poll. This may cause issues for ip phones should they connect to a port where the native/default VLAN isn't the correct VLAN. |
| 708720 | Policy evaluation may not be triggered after a host status update in Microsoft InTune. This can prevent the host from being moved to the proper network. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Policy-evaluation-not-triggered-after-Microsoft/ta-p/203843. |
| 708936 | FortiNAC will logoff SSO for sessions that remain connected to a managed FortiGate IPSec VPN tunnel after 12 hours. |
| 710583 | L2 Polling Mist APs can result in more API requests than Mist allows per hour. |
| 752538 | When in the Users & Hosts > Applications view, selecting an application and clicking the Show Hosts option displays a page that does not provide accurately filtered results. Workaround: Navigate Users & Hosts > Hosts and create a custom filter to list hosts associated to an application. |
| 754346 | Selecting Port Changes under the Ports tab of a specific device in Network > Inventory does not display expected results. For details and workaround, see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Default-filter-for-Port-Changes-does-not-populate/ta-p/209297. |
| 760926 | Removal/Addition of LDAP model can cause user attribute synchronization issues. For details and workaround see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Removal-Addition-of-LDAP-model-can-cause-user/ta-p/209296. |
| 761745 | Mist AP - Port Connection State NOT WAP Uplink. |
| 762704 | After clicking the 'restart services' button when applying SSL certificates to the Admin UI Certificate Target, the prompt does not clear and there is no confirmation dialogue (even though it was successful). Clicking the 'restart services' button again generates an error. |
| 765172 | Configuration Wizard does not check whether user input subnet masks are valid. |
| 766850 | Landing page defined by an Admin profile is not honored. User with that Admin Profile is presented with the FortiNAC Dashboard instead. Workaround: Manually browse to intended landing page. |
| 767548 | Register Game system with Host Inventory success page is not working. |
| 770091 | Port changes/VLAN assignments made using Local RADIUS are not being logged as port changes. |
| 770974 | Event to Alarm mappings failing for Clear on Event criteria |
| 774048 | L2 HA + VIP Pairing Process Failing.Configuration completes but leaves both appliances in a "processes down" state. Workaround: Reboot appliances. |
| 776077 | Local Radius to Winbind connection cannot be secured at this time. |
| 783304 | DHCP responds with unexpected addresses in the DHCP-Server-Identifier attribute. This causes release/renew to fail. Affects appliances configured for seperate isolation networks (Registration, Remediation, DeadEnd, etc). |
| 791442 | Able to delete a Portal Configuration which is in use by a Portal Policy. Removal is done without warning the user. |
| 791751 | Host Import - importing same file twice results in "null" error and exception in logs. |
| 792968 | Legacy View for Users & Hosts > Hosts does not display items in tables. Workaround: Enter “*” (asterisk) in search field. |
| 793634 | MDM Server Last Polled and Last Successful Poll information removed in 9.x. |
| 809769 | HTML is not supported when using "Guest Account Details" message type template |
| 810574 | Unable to scan message when using Dissolvable agent if scan configuration label contains non US-ASCII characters. |
| 811783 | Links in the Persistent Agent Summary panel produce redundant results. |
| 812908 | /var/log/messages is not rotating generating large files and high disk usage issues. |
| 813652 | Security Alarms are not generating from Security Events. |
| 814183 | Unable to view all Certificate Details in the Certificate Management view. |
| 817040 | FortiNAC Manager fails to connect to pods configured for L2 High Availabilty with a virtual IP. Manager is querying eth0 IP instead of Virtual IP. |
| 818504 | Linux Persistent Agent fails to install using the .deb package. |
| 824088 | Unable to update existing Registered Host records using Legacy View > Hosts > Import. |
| 826913 | Creating a Network Device Role using Direct Configurations reverts to Logical Networks. |
| 827283 | Roaming Guest Logical Network missing from FortiGate Model Configuration. |
| 829702 | FortiGate wireless clients cannot connect after a FortiNAC software upgrade if the FortiGate device model's RADIUS secret is not populated. This is true even though the VDOM radius secret is populated. |
| 833305 | Guest account password is unmasked when printing badge even though admin user does not have password viewing permissions. |
| 833324 | FortiNAC unexpectedly disabling Juniper EX interfaces when host is deleted in "Host View". |
| 833327 | Routes specifying an interface are no longer present after reboot or restart of processes. |
| 833735 | Host icons in the Inventory view are not updated until a Layer 2 poll occurs. |
| 835149 | When an endpoint is registered as a device in Host AND Inventory/Topology, it is not possible to edit the host role. The option is available, but changes do not apply. |
| 836435 | Unable to read VLANs on Huawei 6508 WLC. |
| 838525 | Configuring Remote Backup results in a "HTTP Status 500 – Internal Server" error. |
| 842134 | Blank section to Captive Portal page for mobile devices added after upgrade. |
| 842280 | Guest Self-Registration, when configured to e-mail users their credentials, now requires 2 separate e-mails (1 containing username and another containing password). |
| 845412 | When a sync is performed on the Network Control Manager, modified group names are not synchronized to the managed pod. |
| 845493 | Manager (NCM) not properly synchronizing nested Global Groups |
| 845505 | Manager (NCM) not properly synchronizing nested Global Groups |
| 846822 | FortiNAC failed the NMAP scan due to old IP reported from the arptool |
| 847630 | Newly deployed NAC via OVA was incomplete requiring various manual workarounds to get completed |
| 852670 | AP showing up as learned uplink not WAP Uplink |
| 852946 | FortiNAC 9.2.6 System Management menus gives HTTP 500 - Internal server error |
| 853007 | Fortinac is sending big amount of API requests to Meraki API |
| 853870 | Kaspersky Endpoint Protection 11.10 is not supported by Fortinac |
| 856192 | FortiNAC FSSO does not send required groups to FortiGate. |
| 858138 | FSSO Tags are not sent to Wired and Wireless FortiGates after reconnecting the LAN port on FGT1101E. |
| 859702 | Enhance Palo Alto SSO REST API to allow for bulk messaging. |
| 860996 | Unable to read VLANs or L2 data for Huawei S6720-30C-EI-24S-AC. |
| 861201 | Windows 11 Domain Check. |
| 686910 714219 | Control Manager (NCM) communication issues when the NAC systems are connected through the WAN. For details see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-NCM-communication-issues-with-systems-across-WAN/ta-p/192434. |
| 811404 807309 | Admin UI showing error "You do not have permission to access this page". Workaround: Restart tomcat-admin service. |
| 874154 | When changing day value and refreshing in the Scans Dashboard widget, an error is generated and page fails load. |
| Not all models of all network devices can be configured to perform Physical MAC Address Filtering even though the Admin UI indicates that the configuration can be set. Resolution: Hosts can be disabled by implementing a Dead-end VLAN. | |
| For Portal v2 configurations, web pages that are stored in the site directory to be used for Scan Configurations will not be included when you do an Export of the Portal v2 configuration.Resolution: The files in the site directory are backed up with the Remote Backup feature, but otherwise keep a copy of these files in a safe place. | |
| Removing a device from the L2 Wired Devices or L2 Wireless Devices Group does not disable L2 (Hosts) Polling under the Polling tab in Topology. | |
| The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all hosts marked At-Risk to Safe.However, the status of the individual scans for each host remain unchanged. | |
| In a Layer 3 High Availability (HA) environment, configWizard must have a DHCP scope defined. Running configWizard without a DHCP scope can cause a failover. | |
| On FortiNAC appliances with CentOS 7, duplicate log messages may appear in dhcpd.log for each sub interface (eth1, eth1:1, eth1:2, etc). | |
| System > Settings > Updates > Operating System will only record and display dates of OS updates that are completed through the Administrative UI. If Operating System updates are run via command line using the "yum" tool, the update is not recorded. Resolution: Execute Operating System Updates through the Administrative UI in order to maintain update history. | |
| Only English versions of AV/AS and their corresponding definitions are supported. | |
| Anti-Virus product Iolo technologies System Mechanic Professional is currently not supported. | |
| Sophos UTM is currently not supported. |