Fortinet black logo

Known Issues Version 9.4.1

Ticket #

Description

937206

Devices modeled with SnmpV1 when SnmpV2 is specified via the SNMP REST API Endpoint.

856217

Hosts discovered by MDM are getting incorrectly marked as having a Persistent Agent.

809769

HTML is not supported when using "Guest Account Details" message type template.

874037

GUI > Users & Hosts > Host View > Quick Search - Unable to locate host by hyphen or no delimiter.

883680

404 response to HTTPS GET when polling Firewall Sessions on FortiGate running FOS 7.2+.

882265

FortiNAC is not sending the correct serial number field to FAZ.

811404 807309 Admin UI showing error "You do not have permission to access this page". Workaround: Restart tomcat-admin service.

878899

Disassociate syslog messages sent by Meraki to FortiNAC are ignored if the AP is part of the L2 wired group.

878836

Intune MDM Integration 'Invalid Audience' when using an App registration in the Azure Government cloud.

878836

Intune MDM Integration 'Invalid Audience' when using an App registration in the Azure Government cloud.

878059

Using Location that specifies a device will not work if that device is a FortiLinked FortiSwitch

866378

Custom Login using a Guest Self Registration account fails with error Registered Client Not Found.

875720

REST API v2 query for Scan Results returns no results.

869097

Prioritize the IP -> MAC value provided by RadiusServer for managed wireless clients.

867183

Unable to perform seamless failover of Aruba Controller with FortiNAC.

754346

Default filter used when selecting Port Changes for a specific device port does not work.

874812

Private VLAN switching is not working > Cisco switches.

686910 714219 Control Manager (NCM) communication issues when the NAC systems are connected through the WAN.For details see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-NCM-communication-issues-with-systems-across-WAN/ta-p/192434.
849497 The FreeRADIUS service is restarted whenever a new network device is modeled even if local RADIUS is not enabled.
849140 In a High Availability environment, the Network Control Manager's API query to a managed pod's Secondary Server will return the serial number of the server in control. If the server in control is the primary, the query to the secondary will fail.
848274 The Service Connectors view does not display the option to create a new connector.
845935 From the Hosts view, when attempting to scan a host with a certificate check, the UI turns gray and does not allow input until either the browser is refreshed or closed/re-opened. This affects hosts running the 9.4 agent only.
845930 When a managed pod is removed from the Network Control Manager, not all references to the previously managed pod are removed from the database. The result is a “Sync failed to replace xyz” error message when a sync is attempted.
845412 When a sync is performed on the Network Control Manager, modified group names are not synchronized to the managed pod.
845163 In a High Availability environment, if no isolation networks are configured, the dhcpd service will fail to start resulting in a failover.
845003 Unable to register hosts to usernames in format of an email address. An “Error – Failed to Save Host – null” message appears.
845000 Unable to add a new LDAP or local user account when the username is in the format of an email address. A “Failed to modify User” message appears.
842370 Radius will ignore incoming requests from a device if the Model Configuration or VDOM configuration does not specify a secret and local radius mode (and for a VDOM, additionally a Source IP address).
842280 Guest Self-Registration, when configured to e-mail users their credentials, now requires 2 separate e-mails (1 containing username and another containing password).
842122 An incorrect license utilization percentage is displayed in the Network Control Manager Dashboard license widget.
841907 The Network Control Manager can experience lengthy response times when querying hosts from the managed pods.
840796 InTune records without unique serial numbers can cause issues with FortiNAC's device lookups.Records are currently looked up via serial number first and MAC address second. Lookup order should be reversed.
838525 Configuring Remote Backup results in a "HTTP Status 500 – Internal Server" error.
837938 With Legacy Mode disabled, when attempting to edit user settings the "OK" button is disabled not allowing settings to be saved.
836606 When polling GSuite, if communication times out part way through, the poll is still reported as successful even though not all records were obtained.
836435 Unable to read VLANs on Huawei 6508 WLC.
836146 radius.log file can grow too large if debug is left enabled.
836137 Existing results disappear on RADIUS -> Winbind view if the results are sorted by Joined column.
835782 Applying a license key in the Configuration Wizard can result in a "HTTP Status 500 – Unable to compile class for JSP" error message.
835405 Admin UI is inaccessible after running the Configuration Wizard during a new deployment. Logs indicate the keystore is unrecognized.
835149 When an endpoint is registered as a device in Host AND Inventory/Topology, it is not possible to edit the host role. The option is available, but changes do not apply.
835143 When querying Microsoft Intunes network details, FortiNAC does not validate whether the response is successful. As a result, additional queries fail until the token is refreshed.
834461 All required radius CoA attributes are not sent to Ruckus controllers in a disconnect request.
833735 Host icons in the Inventory view are not updated until a Layer 2 poll occurs.
833327 Routes specifying an interface are no longer present after reboot or restart of processes.
833305 Guest account password is unmasked when printing badge even though admin user does not have password viewing permissions.
833302 When adding an admin user on the local pod whose userID matches that of a user on the NCM, the user created is "root".
832313 Device integration does not handle CLI connections to infrastructure configured with keyboard-interactive password challenge.
830932 Entitlement Polling Success event is not listed as an option for triggering or clearing an Alarm Mapping.
830581 IP Phones will not match policy if host group membership is configured as a User/Host Profile requirement despite the phone being a member of the host group.
830159 Unable to add new Roles from the Policy & Objects > Roles view without additionally defining a group.
829702 FortiGate wireless clients cannot connect after a FortiNAC software upgrade if the FortiGate device model's RADIUS secret is not populated. This is true even though the VDOM radius secret is populated.
829019 Manager's (NCM) Resume Control button on the Dashboard in a High Availability environment does not restore control to the primary Manager.

863826

License Management view in the UI always displays "Base" for the License Name when using subscription licenses. Workaround: Use the License Information Dashboard Widget. Solution: Addressed in version F7.2.1 and greater.

827870 When a FortiGate device model's IP address is changed in the Inventory view, add/delete/move syslog messages from the new IP address is discarded until FortiNAC services are restarted.
827283 Roaming Guest Logical Network missing from FortiGate Model Configuration.
826913 Creating a Network Device Role using Direct Configurations reverts to Logical Networks.
826653 FortiNAC supplied Dynamic Addresses on the FortiGate can become orphaned in FortiNAC High Availability environments.This can cause unintended network access.
824088 Unable to update existing Registered Host records using Legacy View > Hosts > Import.
820160 Roles view is not available with a Base License.
818504 Linux Persistent Agent fails to install using the .deb package.
817040 FortiNAC Manager fails to connect to pods configured for L2 High Availabilty with a virtual IP.Manager is querying eth0 IP instead of Virtual IP.
814183 Unable to view all Certificate Details in the Certificate Management view.
813652 Security Alarms are not generating from Security Events.
811783 Links in the Persistent Agent Summary panel produce redundant results.
810574 Unable to scan message when using Dissolvable agent if scan configuration label contains non US-ASCII characters.
808523 Delete User: Admin User without Admin User Permissions is able to delete another Admin User
808088 Alarms stop generating notifications. Affects environments with notifications configured for high frequency alarms.
804519 Network Events and other Views - Filtering based on content entered in the filter field does not produce results. Workaround: Leave filter field blank and select an object in the drop-down instead.
800255 Device Profiling IP Range Method does not include .255 when using wildcards.
793634 MDM Server Last Polled and Last Successful Poll information removed in 9.x.
792968 Legacy View for Users & Hosts > Hosts does not display items in tables. Workaround: Enter “*” (asterisk) in search field.
791442 Able to delete a Portal Configuration which is in use by a Portal Policy. Removal is done without warning the user.
784642 Norton Antivirus Plus (Norton 360) installed from app store not detected in endpoint compliance scan.
783304 DHCP responds with unexpected addresses in the DHCP-Server-Identifier attribute.This causes release/renew to fail.Affects appliances configured for seperate isolation networks (Registration, Remediation, DeadEnd, etc).
776077 Local Radius to Winbind connection cannot be secured at this time.
774048 L2 HA + VIP Pairing Process Failing.Configuration completes but leaves both appliances in a "processes down" state.Workaround: Reboot appliances.
770091 Port changes/VLAN assignments made using Local RADIUS are not being logged as port changes.
768717 FortiNAC not consistently sending SSO logon messages to FortiGate.
767548 Register Game system with Host Inventory success page is not working.
765172 Configuration Wizard does not check whether user input subnet masks are valid.
762704 After clicking the 'restart services' button when applying SSL certificates to the Admin UI Certificate Target, the prompt does not clear and there is no confirmation dialogue (even though it was successful). Clicking the 'restart services' button again generates an error.
761745 Mist AP - Port Connection State NOT WAP Uplink.
754346 Selecting Port Changes under the Ports tab of a specific device in Network > Inventory does not display expected results. For details and workaround, see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Default-filter-for-Port-Changes-does-not-populate/ta-p/209297.
752538 When in the Users & Hosts > Applications view, selecting an application and clicking the Show Hosts option displays a page that does not provide accurately filtered results. Workaround: Navigate Users & Hosts > Hosts and create a custom filter to list hosts associated to an application.
710583 L2 Polling Mist APs can result in more API requests than Mist allows per hour.
708936 FortiNAC will logoff SSO for sessions that remain connected to a managed FortiGate IPSec VPN tunnel after 12 hours.
708720 Policy evaluation may not be triggered after a host status update in Microsoft InTune. This can prevent the host from being moved to the proper network. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Policy-evaluation-not-triggered-after-Microsoft/ta-p/203843.
699106 After a reboot, FortiNAC may change the Native VLAN on a wired switch port following a layer 2 poll. This may cause issues for ip phones should they connect to a port where the native/default VLAN isn't the correct VLAN.
695435 FortiEDR is currently not supported. If required, contact sales or open a support ticket to submit a New Feature Request (NFR).
694407 Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being detected by the agent. This causes hosts running CrowdStrike Falcon to incorrectly fail scans. For details and workaround, see related KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Linux-hosts-running-CrowdStrike-Falcon/ta-p/202694.
682438 Page Unresponsive' error when exporting hosts.For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Page-Unresponsive-error-when-exporting-hosts/ta-p/193878.
674438 Processes Scan Type option is not available when creating custom scans for macOS systems.
631115 Only 50000 records display in Adapter and Host Views. Example: Adapters - Displayed: 50000Total: 57500
Not all models of all network devices can be configured to perform Physical MAC Address Filtering even though the Admin UI indicates that the configuration can be set. Resolution: Hosts can be disabled by implementing a Dead-end VLAN.
For Portal v2 configurations, web pages that are stored in the site directory to be used for Scan Configurations will not be included when you do an Export of the Portal v2 configuration. Resolution: The files in the site directory are backed up with the Remote Backup feature, but otherwise keep a copy of these files in a safe place.
Removing a device from the L2 Wired Devices or L2 Wireless Devices Group does not disable L2 (Hosts) Polling under the Polling tab in Topology.
The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all hosts marked At-Risk to Safe. However, the status of the individual scans for each host remain unchanged.
In a Layer 3 High Availability (HA) environment, configWizard must have a DHCP scope defined. Running configWizard without a DHCP scope can cause a failover.
On FortiNAC appliances with CentOS 7, duplicate log messages may appear in dhcpd.log for each sub interface (eth1, eth1:1, eth1:2, etc).
System > Settings > Updates > Operating System will only record and display dates of OS updates that are completed through the Administrative UI. If Operating System updates are run via command line using the "yum" tool, the update is not recorded. Resolution: Execute Operating System Updates through the Administrative UI in order to maintain update history.
Only English versions of AV/AS and their corresponding definitions are supported.
Anti-Virus product Iolo technologies System Mechanic Professional is currently not supported.
Sophos UTM is currently not supported.
846822 FortiNAC failed the NMAP scan due to old IP reported from the arptool.
860206 Polling threads get locked when communications are terminated unexpectedly from the NCM.
861201 Windows 11 Domain Check.
859149 FortiNAC needs to read the VLANs assigned to access points running in Bridge mode managed by Extreme WLC.
857035 Problem integrating added wifi controller VX9000 (Extreme / Motorola).
854239 Radius CoA is not working as expected - ClassNotFoundException for CambiumAP in 9.2 release.
812908 /var/log/messages is not rotating generating large files and high disk usage issues.
856350 Unable to Admin Up a port via port properties in Adapter view. Incorrect port is shown.
857083 After Self Registration, FortiNAC doesn't sent Disconnect-Request to Huawei Controller.
816828 Wrong License Displayed (Base instead of Plus). Polling of entitlements is failing.
855897 CLI config for Huawei Switch S5731-H48P4XC.
856362 Upgrade from 8.x to 9.2.6 GA changes Conference account password.
836136 Guest Portal Registration no longer working. Guest passwords not read correctly out of the database.
836470 New NCM deploy on NacOS receives "HTTP Status 500 - Internal Server Error".
856192 FortiNAC FSSO does not send required groups to FortiGate.
852946 FortiNAC 9.2.6 System Management menus gives HTTP 500 - Internal server error.
858184 Custom Subject line for Self Registration Request sent to sponsor does not reflect custom text.
853007 FortiNAC sends large amount of API requests to Meraki API.
852560 Custom Guest Account Password e-mail template is not used for Self Registration Self Registered Guest.
853870 Kaspersky Endpoint Protection 11.10 is not supported by FortiNAC.
826924 Issue with automatic VLAN assignment to ports on switch.
860996 Unable to read VLANs or L2 data for Huawei S6720-30C-EI-24S-AC.
855891 FSSO failing to send to FortiGate for hosts with PA.
842134 Blank section to Captive Portal page for mobile devices added after upgrade.
838561 Roles: Entering angle brackets for Name and Notes converts to &lt and &gt.
850085 Juniper MIST integration needs to handle other domains than api.mist.com.
859702 Enhance Palo Alto SSO REST API to allow for bulk messaging.
833324 FortiNAC unexpectedly disabling Juniper EX interfaces when host is deleted in "Host View".
840218 Cisco ASA firewall ports not showing on GUI.
841781 FNAC as Local Radius does not send Radius CoA after NAC policy is matched.
841710 No CoA seen when disconnecting Wireless Hosts/FortiAP integration.
852670 AP showing up as learned uplink not WAP Uplink.
814926 Unable to add Role.
858138 FSSO Tags are not sent to Wired and Wireless FortiGates after reconnecting the LAN port on FGT1101E.
770974 Event to Alarm mappings failing for Clear on Event criteria.
809769 HTML is not supported when using "Guest Account Details" message type template.
814476 HP J9776A 2530-24G Switch - Aggregation Port Issue.
847630 Newly deployed NAC via OVA was incomplete requiring various manual workarounds to get completed.
845505 Manager (NCM) not properly synchronizing nested Global Groups.
845493 Manager (NCM) not properly synchronizing Global Groups.
860546 L3 polling for Extreme Campus Controllers ( XCC ) is currently unsupported.
849497 The FreeRADIUS service is restarted whenever a new network device is modeled even if local RADIUS is not enabled.
849140 In a High Availability environment, the Network Control Managers API query to a managed pods secondary server will return the serial number of the in control server. If the in control server is the primary, the query to the secondary will fail.
848274 The Service Connectors view does not display the option to create a new connector.
846782 FortiNAC is unable to read roles and potentially other data from Aruba IAPs due to a # symbol automatically added to the wireless network name.
845935 From the Hosts view, when attempting to scan a host with a certificate check, the UI turns gray and does not allow input until either the browser is refreshed or closed/re-opened. This affects hosts running the 9.4 agent only.
845930 When a managed pod is removed from the Network Control Manager, not all references to the previously managed pod are removed from the database. The result is a “Sync failed to replace xyz” error message when a sync is attempted.
845505 When a sync is performed on the Network Control Manager, if an IO error occurs, nested global groups may be removed from the managed pod due to returning an empty list.
845412 When a sync is performed on the Network Control Manager, modified group names are not synchronized to the managed pod.
845493 When a sync is performed on the Network Control Manager, if an IO error occurs, global port groups may be removed from the managed pod due to returning an empty list.
845163 In a High Availability environment, if no isolation networks are configured, the dhcpd service will fail to start resulting in a failover.
845035 Palo Alto VPN integration does not support syslog notifications from Palo Alto devices running v9+.
845008 Grab-log-snapshot should collect more master log files than the two collected.
845003 Unable to register hosts to usernames in format of an email address. An “Error – Failed to Save Host – null” message appears.
845000 Unable to add a new LDAP or local user account when the username is in the format of an email address. A “Failed to modify User” message appears.
843401 Wrong portal selected despite matching specific portal policy.
843509 FortiNAC is unable to communicate with Dell x1026 switches.
842181 FortiNAC does not support the custom radius attribute Fortinet-Host-Port-AVPair action=bounce-port for Change of Authorization (CoA) with FortiSwitches.
842370 Radius will ignore incoming requests from a device if the Model Configuration or VDOM configuration does not specify a secret and local radius mode (and for a VDOM, additionally a Source IP address).
842280 Guest Self-Registration, when configured to e-mail users their credentials, now requires 2 separate e-mails (1 containing username and another containing password).
842122 An incorrect license utilization percentage is displayed in the Network Control Manager Dashboard license widget.
841907 The Network Control Manager can experience lengthy response times when querying hosts from the managed pods.
841825 Guest Self-Registration fails if using SMS.
840796 InTune records without unique serial numbers can cause issues with FortiNACs device lookups. Records are currently looked up via serial number first and mac address second. Lookup order should be reversed.
838525 Configuring Remote Backup results in a HTTP Status 500 – Internal Server error.
0837938 With Legacy Mode disabled, when attempting to edit user settings the "OK" button is disabled not allowing settings to be saved.
836831 Layer 2 polling HPE Walljacks fails if special characters are found in the devices mac-address table.
836606 When polling GSuite, if communication times out part way through, the poll is still reported as successful even though not all records were obtained.
836435 Unable to read VLANs on Huawei 6508 WLC.
836146 radius.log file can grow too large if debug is left enabled.
836137 Existing results disappear on RADIUS -> Winbind view if the results are sorted by Joined column.
835782 Applying a license key in the Configuration Wizard can result in a HTTP Status 500 – Unable to compile class for JSP error message.
835405 Admin UI is inaccessible after running the Configuration Wizard during a new deployment. Logs indicate the keystore is unrecognized.
835149 When an endpoint is registered as a device in Host AND Inventory/Topology, it is not possible to edit the host role. The option is available, but changes do not apply.
835143 When querying Microsoft Intunes network details, FortiNAC does not validate whether the response is successful. As a result, additional queries fail until the token is refreshed.
834461 All required radius CoA attributes are not sent to Ruckus controllers in a disconnect request.
834094 When a sync is performed on the Network Control Manager, if an IO error occurs, global device profiling rules may be removed from the managed pod due to returning an empty list.
834089 When a sync is performed on the Network Control Manager, if an IO error occurs, global port group membership may be removed from the managed pod due to returning an empty list.
833735 Host icons in the Inventory view are not updated until a Layer 2 poll occurs.
833327 Routes specifying an interface are no longer present after reboot or restart of processes.
833305 Guest account password is unmasked when printing badge even though admin user does not have password viewing permissions.
833302 When adding an admin user on the local pod whose userID matches that of a user on the NCM, the user created is "root".
833088 Deleting a switch removes all port nesting's removing all ports from FortiNAC System Port Group.
832313 Device integration does not handle CLI connections to infrastructure configured with keyboard-interactive password challenge.
830932 Entitlement Polling Success event is not listed as an option for triggering or clearing an Alarm Mapping.
830581 IP Phones will not match policy if host group membership is configured as a User/Host Profile requirement despite the phone being a member of the host group.
830159 Unable to add new Roles from the Policy & Objects > Roles view without additionally defining a group.
829702 FortiGate wireless clients cannot connect after a FortiNAC software upgrade if the FortiGate device model's RADIUS secret is not populated. This is true even though the VDOM radius secret is populated.
829009 The Allowed VLAN list is not properly managed on Aruba CX switches. When FortiNAC performs a VLAN change, only the new VLAN is set. The previously configured Allowed VLAN is not removed. This causes the Allowed VLANs list to grow over time.
829019 Manager's (NCM) Resume Control button on the Dashboard in a High Availability environment does not restore control to the primary Manager.
828499 HTTPD failed state after 9.2.5 upgrade requiring cleaning up semaphores.
828128 Unable to add Allowed Domains containing underscore symbols.
827870 When a FortiGate device model's IP address is changed in the Inventory view, add/delete/move syslog messages from the new IP address is discarded until FortiNAC services are restarted.
827283 Roaming Guest Logical Network missing from FortiGate Model Configuration and possibly other vendors.
826913 Creating a Network Device Role using Direct Configurations reverts to Logical Networks.
826653 FortiNAC supplied Dynamic Addresses on the FortiGate can become orphaned in FortiNAC High Availability environments.This can cause unintended network access.
824088 Unable to update existing Registered Host records using Legacy View > Hosts > Import.
820160 Roles view is not available with a Base License but necessary for Network Access Policies.
818504 Linux Persistent Agent fails to install using the .deb package because setup.py doesn't exist.
817040 FortiNAC Manager fails to connect to pods configured for L2 High Availability with a virtual IP. Manager is querying eth0 IP instead of Virtual IP.
814183 Unable to view all Certificate Details in the Certificate Management view.
813652 Security Alarms not generating from Security Event.
811783 Links in the Persistent Agent Summary panel produce redundant results.
810574 "Unable to scan" message when using Dissolvable agent if scan configuration label contains non US-ASCII characters.
808088 Alarms stop generating notifications. Affects environments with notifications configured for high frequency alarms.
0807309 0811404 Admin UI showing error "You do not have permission to access this page". Workaround: Restart tomcat-admin service.
800870 Packet from from a secondary that is not the secondary in the configuration will prevent the primary from starting.
800325 Cisco Port Channel Link Resolution.
800255 Device Profiling IP Range Method does not include .255 when using wildcards.
793634 MDM Server Last Polled and Last Successful Poll information removed in 9.x.
791739 Google Authentication:Google Identity Services Library is currently not supported.
783304 DHCP responds with unexpected addresses in the DHCP-Server-Identifier attribute. This causes release/renew to fail. Affects appliances configured for separate isolation networks (Registration, Remediation, DeadEnd, etc).
776077 Local Radius to Winbind connection cannot be secured at this time.
774048 L2 HA + VIP Pairing Process Failing.Configuration completes but leaves both appliances in a "processes down" state.
773733 Enhance DeviceInterface debug dumpSSOTargets output.
770091 VLAN assignments made using RADIUS are not logged as port changes.
767548 Register Game system with Host Inventory success page is not working.
765172 Configuration Wizard does not check whether user input subnet masks are valid.
762704 After clicking the 'restart services' button when applying SSL certificates to the Admin UI Certificate Target, the prompt does not clear and there is no confirmation dialogue (even though it was successful). Clicking the 'restart services' button again generates an error.
761745 Mist AP - Port Connection State NOT WAP Uplink.
754346 Selecting Port Changes under the Ports tab of a specific device in Network > Inventory does not display expected results.
752538 When in the Users & Hosts > Applications view, selecting an application and clicking the Show Hosts option displays a page that does not provide accurately filtered results.
739990 Android Mobile Agent prompts for server name.
710583 L2 Polling Mist APs can result in more API requests than Mist allows per hour.
708936 FortiNAC will logoff SSO for sessions that remain connected to a managed FortiGate IPSec VPN tunnel after 12 hours.
708720 Policy evaluation may not be triggered after a host status update in an MDM solution. This can prevent the host from being moved to the proper network until the next Layer 2 Poll.
699106 After a reboot, FortiNAC may change the Native VLAN on a wired switch port following a layer 2 poll. This may cause issues for ip phones should they connect to a port where the native/default VLAN isn't the correct VLAN.
694407 Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being detected by the agent. This causes hosts running CrowdStrike Falcon to incorrectly fail scans.
686910 Control Manager (NCM) communication issues when the NAC systems are connected through the WAN.

795411

Not able to click the "In Use" number of Concurrent Licenses Widget.

870875

Address Group Object "In Use" button does not display accurate results.

Ticket #

Description

937206

Devices modeled with SnmpV1 when SnmpV2 is specified via the SNMP REST API Endpoint.

856217

Hosts discovered by MDM are getting incorrectly marked as having a Persistent Agent.

809769

HTML is not supported when using "Guest Account Details" message type template.

874037

GUI > Users & Hosts > Host View > Quick Search - Unable to locate host by hyphen or no delimiter.

883680

404 response to HTTPS GET when polling Firewall Sessions on FortiGate running FOS 7.2+.

882265

FortiNAC is not sending the correct serial number field to FAZ.

811404 807309 Admin UI showing error "You do not have permission to access this page". Workaround: Restart tomcat-admin service.

878899

Disassociate syslog messages sent by Meraki to FortiNAC are ignored if the AP is part of the L2 wired group.

878836

Intune MDM Integration 'Invalid Audience' when using an App registration in the Azure Government cloud.

878836

Intune MDM Integration 'Invalid Audience' when using an App registration in the Azure Government cloud.

878059

Using Location that specifies a device will not work if that device is a FortiLinked FortiSwitch

866378

Custom Login using a Guest Self Registration account fails with error Registered Client Not Found.

875720

REST API v2 query for Scan Results returns no results.

869097

Prioritize the IP -> MAC value provided by RadiusServer for managed wireless clients.

867183

Unable to perform seamless failover of Aruba Controller with FortiNAC.

754346

Default filter used when selecting Port Changes for a specific device port does not work.

874812

Private VLAN switching is not working > Cisco switches.

686910 714219 Control Manager (NCM) communication issues when the NAC systems are connected through the WAN.For details see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-NCM-communication-issues-with-systems-across-WAN/ta-p/192434.
849497 The FreeRADIUS service is restarted whenever a new network device is modeled even if local RADIUS is not enabled.
849140 In a High Availability environment, the Network Control Manager's API query to a managed pod's Secondary Server will return the serial number of the server in control. If the server in control is the primary, the query to the secondary will fail.
848274 The Service Connectors view does not display the option to create a new connector.
845935 From the Hosts view, when attempting to scan a host with a certificate check, the UI turns gray and does not allow input until either the browser is refreshed or closed/re-opened. This affects hosts running the 9.4 agent only.
845930 When a managed pod is removed from the Network Control Manager, not all references to the previously managed pod are removed from the database. The result is a “Sync failed to replace xyz” error message when a sync is attempted.
845412 When a sync is performed on the Network Control Manager, modified group names are not synchronized to the managed pod.
845163 In a High Availability environment, if no isolation networks are configured, the dhcpd service will fail to start resulting in a failover.
845003 Unable to register hosts to usernames in format of an email address. An “Error – Failed to Save Host – null” message appears.
845000 Unable to add a new LDAP or local user account when the username is in the format of an email address. A “Failed to modify User” message appears.
842370 Radius will ignore incoming requests from a device if the Model Configuration or VDOM configuration does not specify a secret and local radius mode (and for a VDOM, additionally a Source IP address).
842280 Guest Self-Registration, when configured to e-mail users their credentials, now requires 2 separate e-mails (1 containing username and another containing password).
842122 An incorrect license utilization percentage is displayed in the Network Control Manager Dashboard license widget.
841907 The Network Control Manager can experience lengthy response times when querying hosts from the managed pods.
840796 InTune records without unique serial numbers can cause issues with FortiNAC's device lookups.Records are currently looked up via serial number first and MAC address second. Lookup order should be reversed.
838525 Configuring Remote Backup results in a "HTTP Status 500 – Internal Server" error.
837938 With Legacy Mode disabled, when attempting to edit user settings the "OK" button is disabled not allowing settings to be saved.
836606 When polling GSuite, if communication times out part way through, the poll is still reported as successful even though not all records were obtained.
836435 Unable to read VLANs on Huawei 6508 WLC.
836146 radius.log file can grow too large if debug is left enabled.
836137 Existing results disappear on RADIUS -> Winbind view if the results are sorted by Joined column.
835782 Applying a license key in the Configuration Wizard can result in a "HTTP Status 500 – Unable to compile class for JSP" error message.
835405 Admin UI is inaccessible after running the Configuration Wizard during a new deployment. Logs indicate the keystore is unrecognized.
835149 When an endpoint is registered as a device in Host AND Inventory/Topology, it is not possible to edit the host role. The option is available, but changes do not apply.
835143 When querying Microsoft Intunes network details, FortiNAC does not validate whether the response is successful. As a result, additional queries fail until the token is refreshed.
834461 All required radius CoA attributes are not sent to Ruckus controllers in a disconnect request.
833735 Host icons in the Inventory view are not updated until a Layer 2 poll occurs.
833327 Routes specifying an interface are no longer present after reboot or restart of processes.
833305 Guest account password is unmasked when printing badge even though admin user does not have password viewing permissions.
833302 When adding an admin user on the local pod whose userID matches that of a user on the NCM, the user created is "root".
832313 Device integration does not handle CLI connections to infrastructure configured with keyboard-interactive password challenge.
830932 Entitlement Polling Success event is not listed as an option for triggering or clearing an Alarm Mapping.
830581 IP Phones will not match policy if host group membership is configured as a User/Host Profile requirement despite the phone being a member of the host group.
830159 Unable to add new Roles from the Policy & Objects > Roles view without additionally defining a group.
829702 FortiGate wireless clients cannot connect after a FortiNAC software upgrade if the FortiGate device model's RADIUS secret is not populated. This is true even though the VDOM radius secret is populated.
829019 Manager's (NCM) Resume Control button on the Dashboard in a High Availability environment does not restore control to the primary Manager.

863826

License Management view in the UI always displays "Base" for the License Name when using subscription licenses. Workaround: Use the License Information Dashboard Widget. Solution: Addressed in version F7.2.1 and greater.

827870 When a FortiGate device model's IP address is changed in the Inventory view, add/delete/move syslog messages from the new IP address is discarded until FortiNAC services are restarted.
827283 Roaming Guest Logical Network missing from FortiGate Model Configuration.
826913 Creating a Network Device Role using Direct Configurations reverts to Logical Networks.
826653 FortiNAC supplied Dynamic Addresses on the FortiGate can become orphaned in FortiNAC High Availability environments.This can cause unintended network access.
824088 Unable to update existing Registered Host records using Legacy View > Hosts > Import.
820160 Roles view is not available with a Base License.
818504 Linux Persistent Agent fails to install using the .deb package.
817040 FortiNAC Manager fails to connect to pods configured for L2 High Availabilty with a virtual IP.Manager is querying eth0 IP instead of Virtual IP.
814183 Unable to view all Certificate Details in the Certificate Management view.
813652 Security Alarms are not generating from Security Events.
811783 Links in the Persistent Agent Summary panel produce redundant results.
810574 Unable to scan message when using Dissolvable agent if scan configuration label contains non US-ASCII characters.
808523 Delete User: Admin User without Admin User Permissions is able to delete another Admin User
808088 Alarms stop generating notifications. Affects environments with notifications configured for high frequency alarms.
804519 Network Events and other Views - Filtering based on content entered in the filter field does not produce results. Workaround: Leave filter field blank and select an object in the drop-down instead.
800255 Device Profiling IP Range Method does not include .255 when using wildcards.
793634 MDM Server Last Polled and Last Successful Poll information removed in 9.x.
792968 Legacy View for Users & Hosts > Hosts does not display items in tables. Workaround: Enter “*” (asterisk) in search field.
791442 Able to delete a Portal Configuration which is in use by a Portal Policy. Removal is done without warning the user.
784642 Norton Antivirus Plus (Norton 360) installed from app store not detected in endpoint compliance scan.
783304 DHCP responds with unexpected addresses in the DHCP-Server-Identifier attribute.This causes release/renew to fail.Affects appliances configured for seperate isolation networks (Registration, Remediation, DeadEnd, etc).
776077 Local Radius to Winbind connection cannot be secured at this time.
774048 L2 HA + VIP Pairing Process Failing.Configuration completes but leaves both appliances in a "processes down" state.Workaround: Reboot appliances.
770091 Port changes/VLAN assignments made using Local RADIUS are not being logged as port changes.
768717 FortiNAC not consistently sending SSO logon messages to FortiGate.
767548 Register Game system with Host Inventory success page is not working.
765172 Configuration Wizard does not check whether user input subnet masks are valid.
762704 After clicking the 'restart services' button when applying SSL certificates to the Admin UI Certificate Target, the prompt does not clear and there is no confirmation dialogue (even though it was successful). Clicking the 'restart services' button again generates an error.
761745 Mist AP - Port Connection State NOT WAP Uplink.
754346 Selecting Port Changes under the Ports tab of a specific device in Network > Inventory does not display expected results. For details and workaround, see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Default-filter-for-Port-Changes-does-not-populate/ta-p/209297.
752538 When in the Users & Hosts > Applications view, selecting an application and clicking the Show Hosts option displays a page that does not provide accurately filtered results. Workaround: Navigate Users & Hosts > Hosts and create a custom filter to list hosts associated to an application.
710583 L2 Polling Mist APs can result in more API requests than Mist allows per hour.
708936 FortiNAC will logoff SSO for sessions that remain connected to a managed FortiGate IPSec VPN tunnel after 12 hours.
708720 Policy evaluation may not be triggered after a host status update in Microsoft InTune. This can prevent the host from being moved to the proper network. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Policy-evaluation-not-triggered-after-Microsoft/ta-p/203843.
699106 After a reboot, FortiNAC may change the Native VLAN on a wired switch port following a layer 2 poll. This may cause issues for ip phones should they connect to a port where the native/default VLAN isn't the correct VLAN.
695435 FortiEDR is currently not supported. If required, contact sales or open a support ticket to submit a New Feature Request (NFR).
694407 Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being detected by the agent. This causes hosts running CrowdStrike Falcon to incorrectly fail scans. For details and workaround, see related KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Linux-hosts-running-CrowdStrike-Falcon/ta-p/202694.
682438 Page Unresponsive' error when exporting hosts.For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Page-Unresponsive-error-when-exporting-hosts/ta-p/193878.
674438 Processes Scan Type option is not available when creating custom scans for macOS systems.
631115 Only 50000 records display in Adapter and Host Views. Example: Adapters - Displayed: 50000Total: 57500
Not all models of all network devices can be configured to perform Physical MAC Address Filtering even though the Admin UI indicates that the configuration can be set. Resolution: Hosts can be disabled by implementing a Dead-end VLAN.
For Portal v2 configurations, web pages that are stored in the site directory to be used for Scan Configurations will not be included when you do an Export of the Portal v2 configuration. Resolution: The files in the site directory are backed up with the Remote Backup feature, but otherwise keep a copy of these files in a safe place.
Removing a device from the L2 Wired Devices or L2 Wireless Devices Group does not disable L2 (Hosts) Polling under the Polling tab in Topology.
The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all hosts marked At-Risk to Safe. However, the status of the individual scans for each host remain unchanged.
In a Layer 3 High Availability (HA) environment, configWizard must have a DHCP scope defined. Running configWizard without a DHCP scope can cause a failover.
On FortiNAC appliances with CentOS 7, duplicate log messages may appear in dhcpd.log for each sub interface (eth1, eth1:1, eth1:2, etc).
System > Settings > Updates > Operating System will only record and display dates of OS updates that are completed through the Administrative UI. If Operating System updates are run via command line using the "yum" tool, the update is not recorded. Resolution: Execute Operating System Updates through the Administrative UI in order to maintain update history.
Only English versions of AV/AS and their corresponding definitions are supported.
Anti-Virus product Iolo technologies System Mechanic Professional is currently not supported.
Sophos UTM is currently not supported.
846822 FortiNAC failed the NMAP scan due to old IP reported from the arptool.
860206 Polling threads get locked when communications are terminated unexpectedly from the NCM.
861201 Windows 11 Domain Check.
859149 FortiNAC needs to read the VLANs assigned to access points running in Bridge mode managed by Extreme WLC.
857035 Problem integrating added wifi controller VX9000 (Extreme / Motorola).
854239 Radius CoA is not working as expected - ClassNotFoundException for CambiumAP in 9.2 release.
812908 /var/log/messages is not rotating generating large files and high disk usage issues.
856350 Unable to Admin Up a port via port properties in Adapter view. Incorrect port is shown.
857083 After Self Registration, FortiNAC doesn't sent Disconnect-Request to Huawei Controller.
816828 Wrong License Displayed (Base instead of Plus). Polling of entitlements is failing.
855897 CLI config for Huawei Switch S5731-H48P4XC.
856362 Upgrade from 8.x to 9.2.6 GA changes Conference account password.
836136 Guest Portal Registration no longer working. Guest passwords not read correctly out of the database.
836470 New NCM deploy on NacOS receives "HTTP Status 500 - Internal Server Error".
856192 FortiNAC FSSO does not send required groups to FortiGate.
852946 FortiNAC 9.2.6 System Management menus gives HTTP 500 - Internal server error.
858184 Custom Subject line for Self Registration Request sent to sponsor does not reflect custom text.
853007 FortiNAC sends large amount of API requests to Meraki API.
852560 Custom Guest Account Password e-mail template is not used for Self Registration Self Registered Guest.
853870 Kaspersky Endpoint Protection 11.10 is not supported by FortiNAC.
826924 Issue with automatic VLAN assignment to ports on switch.
860996 Unable to read VLANs or L2 data for Huawei S6720-30C-EI-24S-AC.
855891 FSSO failing to send to FortiGate for hosts with PA.
842134 Blank section to Captive Portal page for mobile devices added after upgrade.
838561 Roles: Entering angle brackets for Name and Notes converts to &lt and &gt.
850085 Juniper MIST integration needs to handle other domains than api.mist.com.
859702 Enhance Palo Alto SSO REST API to allow for bulk messaging.
833324 FortiNAC unexpectedly disabling Juniper EX interfaces when host is deleted in "Host View".
840218 Cisco ASA firewall ports not showing on GUI.
841781 FNAC as Local Radius does not send Radius CoA after NAC policy is matched.
841710 No CoA seen when disconnecting Wireless Hosts/FortiAP integration.
852670 AP showing up as learned uplink not WAP Uplink.
814926 Unable to add Role.
858138 FSSO Tags are not sent to Wired and Wireless FortiGates after reconnecting the LAN port on FGT1101E.
770974 Event to Alarm mappings failing for Clear on Event criteria.
809769 HTML is not supported when using "Guest Account Details" message type template.
814476 HP J9776A 2530-24G Switch - Aggregation Port Issue.
847630 Newly deployed NAC via OVA was incomplete requiring various manual workarounds to get completed.
845505 Manager (NCM) not properly synchronizing nested Global Groups.
845493 Manager (NCM) not properly synchronizing Global Groups.
860546 L3 polling for Extreme Campus Controllers ( XCC ) is currently unsupported.
849497 The FreeRADIUS service is restarted whenever a new network device is modeled even if local RADIUS is not enabled.
849140 In a High Availability environment, the Network Control Managers API query to a managed pods secondary server will return the serial number of the in control server. If the in control server is the primary, the query to the secondary will fail.
848274 The Service Connectors view does not display the option to create a new connector.
846782 FortiNAC is unable to read roles and potentially other data from Aruba IAPs due to a # symbol automatically added to the wireless network name.
845935 From the Hosts view, when attempting to scan a host with a certificate check, the UI turns gray and does not allow input until either the browser is refreshed or closed/re-opened. This affects hosts running the 9.4 agent only.
845930 When a managed pod is removed from the Network Control Manager, not all references to the previously managed pod are removed from the database. The result is a “Sync failed to replace xyz” error message when a sync is attempted.
845505 When a sync is performed on the Network Control Manager, if an IO error occurs, nested global groups may be removed from the managed pod due to returning an empty list.
845412 When a sync is performed on the Network Control Manager, modified group names are not synchronized to the managed pod.
845493 When a sync is performed on the Network Control Manager, if an IO error occurs, global port groups may be removed from the managed pod due to returning an empty list.
845163 In a High Availability environment, if no isolation networks are configured, the dhcpd service will fail to start resulting in a failover.
845035 Palo Alto VPN integration does not support syslog notifications from Palo Alto devices running v9+.
845008 Grab-log-snapshot should collect more master log files than the two collected.
845003 Unable to register hosts to usernames in format of an email address. An “Error – Failed to Save Host – null” message appears.
845000 Unable to add a new LDAP or local user account when the username is in the format of an email address. A “Failed to modify User” message appears.
843401 Wrong portal selected despite matching specific portal policy.
843509 FortiNAC is unable to communicate with Dell x1026 switches.
842181 FortiNAC does not support the custom radius attribute Fortinet-Host-Port-AVPair action=bounce-port for Change of Authorization (CoA) with FortiSwitches.
842370 Radius will ignore incoming requests from a device if the Model Configuration or VDOM configuration does not specify a secret and local radius mode (and for a VDOM, additionally a Source IP address).
842280 Guest Self-Registration, when configured to e-mail users their credentials, now requires 2 separate e-mails (1 containing username and another containing password).
842122 An incorrect license utilization percentage is displayed in the Network Control Manager Dashboard license widget.
841907 The Network Control Manager can experience lengthy response times when querying hosts from the managed pods.
841825 Guest Self-Registration fails if using SMS.
840796 InTune records without unique serial numbers can cause issues with FortiNACs device lookups. Records are currently looked up via serial number first and mac address second. Lookup order should be reversed.
838525 Configuring Remote Backup results in a HTTP Status 500 – Internal Server error.
0837938 With Legacy Mode disabled, when attempting to edit user settings the "OK" button is disabled not allowing settings to be saved.
836831 Layer 2 polling HPE Walljacks fails if special characters are found in the devices mac-address table.
836606 When polling GSuite, if communication times out part way through, the poll is still reported as successful even though not all records were obtained.
836435 Unable to read VLANs on Huawei 6508 WLC.
836146 radius.log file can grow too large if debug is left enabled.
836137 Existing results disappear on RADIUS -> Winbind view if the results are sorted by Joined column.
835782 Applying a license key in the Configuration Wizard can result in a HTTP Status 500 – Unable to compile class for JSP error message.
835405 Admin UI is inaccessible after running the Configuration Wizard during a new deployment. Logs indicate the keystore is unrecognized.
835149 When an endpoint is registered as a device in Host AND Inventory/Topology, it is not possible to edit the host role. The option is available, but changes do not apply.
835143 When querying Microsoft Intunes network details, FortiNAC does not validate whether the response is successful. As a result, additional queries fail until the token is refreshed.
834461 All required radius CoA attributes are not sent to Ruckus controllers in a disconnect request.
834094 When a sync is performed on the Network Control Manager, if an IO error occurs, global device profiling rules may be removed from the managed pod due to returning an empty list.
834089 When a sync is performed on the Network Control Manager, if an IO error occurs, global port group membership may be removed from the managed pod due to returning an empty list.
833735 Host icons in the Inventory view are not updated until a Layer 2 poll occurs.
833327 Routes specifying an interface are no longer present after reboot or restart of processes.
833305 Guest account password is unmasked when printing badge even though admin user does not have password viewing permissions.
833302 When adding an admin user on the local pod whose userID matches that of a user on the NCM, the user created is "root".
833088 Deleting a switch removes all port nesting's removing all ports from FortiNAC System Port Group.
832313 Device integration does not handle CLI connections to infrastructure configured with keyboard-interactive password challenge.
830932 Entitlement Polling Success event is not listed as an option for triggering or clearing an Alarm Mapping.
830581 IP Phones will not match policy if host group membership is configured as a User/Host Profile requirement despite the phone being a member of the host group.
830159 Unable to add new Roles from the Policy & Objects > Roles view without additionally defining a group.
829702 FortiGate wireless clients cannot connect after a FortiNAC software upgrade if the FortiGate device model's RADIUS secret is not populated. This is true even though the VDOM radius secret is populated.
829009 The Allowed VLAN list is not properly managed on Aruba CX switches. When FortiNAC performs a VLAN change, only the new VLAN is set. The previously configured Allowed VLAN is not removed. This causes the Allowed VLANs list to grow over time.
829019 Manager's (NCM) Resume Control button on the Dashboard in a High Availability environment does not restore control to the primary Manager.
828499 HTTPD failed state after 9.2.5 upgrade requiring cleaning up semaphores.
828128 Unable to add Allowed Domains containing underscore symbols.
827870 When a FortiGate device model's IP address is changed in the Inventory view, add/delete/move syslog messages from the new IP address is discarded until FortiNAC services are restarted.
827283 Roaming Guest Logical Network missing from FortiGate Model Configuration and possibly other vendors.
826913 Creating a Network Device Role using Direct Configurations reverts to Logical Networks.
826653 FortiNAC supplied Dynamic Addresses on the FortiGate can become orphaned in FortiNAC High Availability environments.This can cause unintended network access.
824088 Unable to update existing Registered Host records using Legacy View > Hosts > Import.
820160 Roles view is not available with a Base License but necessary for Network Access Policies.
818504 Linux Persistent Agent fails to install using the .deb package because setup.py doesn't exist.
817040 FortiNAC Manager fails to connect to pods configured for L2 High Availability with a virtual IP. Manager is querying eth0 IP instead of Virtual IP.
814183 Unable to view all Certificate Details in the Certificate Management view.
813652 Security Alarms not generating from Security Event.
811783 Links in the Persistent Agent Summary panel produce redundant results.
810574 "Unable to scan" message when using Dissolvable agent if scan configuration label contains non US-ASCII characters.
808088 Alarms stop generating notifications. Affects environments with notifications configured for high frequency alarms.
0807309 0811404 Admin UI showing error "You do not have permission to access this page". Workaround: Restart tomcat-admin service.
800870 Packet from from a secondary that is not the secondary in the configuration will prevent the primary from starting.
800325 Cisco Port Channel Link Resolution.
800255 Device Profiling IP Range Method does not include .255 when using wildcards.
793634 MDM Server Last Polled and Last Successful Poll information removed in 9.x.
791739 Google Authentication:Google Identity Services Library is currently not supported.
783304 DHCP responds with unexpected addresses in the DHCP-Server-Identifier attribute. This causes release/renew to fail. Affects appliances configured for separate isolation networks (Registration, Remediation, DeadEnd, etc).
776077 Local Radius to Winbind connection cannot be secured at this time.
774048 L2 HA + VIP Pairing Process Failing.Configuration completes but leaves both appliances in a "processes down" state.
773733 Enhance DeviceInterface debug dumpSSOTargets output.
770091 VLAN assignments made using RADIUS are not logged as port changes.
767548 Register Game system with Host Inventory success page is not working.
765172 Configuration Wizard does not check whether user input subnet masks are valid.
762704 After clicking the 'restart services' button when applying SSL certificates to the Admin UI Certificate Target, the prompt does not clear and there is no confirmation dialogue (even though it was successful). Clicking the 'restart services' button again generates an error.
761745 Mist AP - Port Connection State NOT WAP Uplink.
754346 Selecting Port Changes under the Ports tab of a specific device in Network > Inventory does not display expected results.
752538 When in the Users & Hosts > Applications view, selecting an application and clicking the Show Hosts option displays a page that does not provide accurately filtered results.
739990 Android Mobile Agent prompts for server name.
710583 L2 Polling Mist APs can result in more API requests than Mist allows per hour.
708936 FortiNAC will logoff SSO for sessions that remain connected to a managed FortiGate IPSec VPN tunnel after 12 hours.
708720 Policy evaluation may not be triggered after a host status update in an MDM solution. This can prevent the host from being moved to the proper network until the next Layer 2 Poll.
699106 After a reboot, FortiNAC may change the Native VLAN on a wired switch port following a layer 2 poll. This may cause issues for ip phones should they connect to a port where the native/default VLAN isn't the correct VLAN.
694407 Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being detected by the agent. This causes hosts running CrowdStrike Falcon to incorrectly fail scans.
686910 Control Manager (NCM) communication issues when the NAC systems are connected through the WAN.

795411

Not able to click the "In Use" number of Concurrent Licenses Widget.

870875

Address Group Object "In Use" button does not display accurate results.