Known Issues Version 9.4.4
|
Ticket # |
Description |
|---|---|
|
1003792 |
Hosts not registering correctly when using Auto Registration function in model configuration for some Cisco switches. |
|
998758 |
Captive Portal Authentication Failure message "Custom text" not taking effect when customized via Portal Configuration. |
|
972501 |
Syslog messages are not sent to new external log server until restart of services is preformed. |
|
986049 |
FortiSwitch MAC Trap Notifications not mapping to correct port. |
|
979194 |
Users & Hosts screen delay in loading caused by LDAP lookup. |
|
978586 |
L2 poll of Palo Alto firewall brings VPN clients offline. |
|
975442 |
Unable to Read VLANs/Ports on Mist AP's. |
|
946405 |
Scheduler pop up dialog box with CLI Configurations error of undefined. |
|
934794 |
Performance issues with host record aging. |
|
969655 |
LAG ports on FortiGate are not shown in Inventory > ports view. |
|
968100 |
Aggregate ports do not display in the FortiNAC UI for Dell EMC switches. |
|
970076 |
Extreme 4826GTS-PWR+ (OID: enterprises.45.3.78.1) CLI credentials fail to validate. |
|
926614 |
Secondary FortiNAC can't connect to local MySQL server through socket. |
|
730221 |
Support for Meraki Wired Switch Stacks. |
|
936053 |
User & Hosts > Guests & Contractors view is slow to load. |
|
961573 |
FSW Port Descriptions don't update on Resync Interfaces. |
|
941175 |
Admin UI showing error "You do not have permission to access this page" for specific pages. |
|
956130 |
"Blink by Amazon" contains a trailing space in the OUI database. |
|
955704 |
Space after Vendor Name "Blink by Amazon" prevents Device Profiling rule from matching. Workaround: Modify and delete trailing space under Vendor OUIs. |
|
950004 |
Bearer Token Authentication is currently not supported for Jamf MDM integrations. Basic Authentication must be used. |
|
948600 |
Performance issue related to SSO Initialization with FortiGates. |
|
930027 |
Portal SSL setting is not staying enabled, after restart of NAC services or failover to secondary and resume control to primary. Workaround: Re-enable the Portal SSL setting. |
|
949069 |
Alarms stop generating notifications. |
|
948598 |
L2 polling loop when reading L2 Data from FortiGate. |
|
942947 |
Uncompressed database backup replication to secondary causing 100% Disk usage. |
|
944906 |
Admin UI Logins only check primary radius server. |
|
941702 |
Old portal server after upgrade. Workaround: Remove index.html from appropriate directory bsc/www/portal/<registration/remediation/deadend> |
|
939970 |
Device Discovery process not scanning entire provided subnet range |
|
938146 |
Hosts registered in gSuite with a common ethernet adapter host records are being over-written. |
|
937206 |
Devices modeled with SnmpV1 when SnmpV2 is specified via the SNMP REST API Endpoint. |
| 924690 | Using a single dot as the Scan name should be restricted by the API, as it causes filesystem issues. |
| 936086 | 7.4OS FortiLink FSWs are not deleted with their associated FGT. |
| 935588 | The Device Discovery range reports more devices scanned than IP addresses defined in the range. |
| 934127 | In Endpoint Compliance - Custom Scan - Add: an invalid scan name/label produces an error message that needs updating. |
| 932546 | In [9.4.4] on NCM, 'Server Responses' appear duplicated when distributing firmware. |
| 931804 | The System Performance Widget does not load data when added. It waits for user input. |
| 931698 | L3 Device Identification displays errors in logs when attempting to initiate Device Identification on Fortiswitch. |
| 924236 | In [9.4.4], many 'cert chain was null' entries appear in output.master when adding endpoint compliance scans to NCM via script. |
| 914909 | The GUI reports that the HA CA system is licensed without certificates after a failover. |
| 914409 | There is an error retrieving the log snapshot in the GUI when attempting to download logs from both HA NCM & HA CA simultaneously. |
| 905476 | The count of Conference User Registered Attendees does not increase. |
| 899383 | In 0752 - User&Hosts>Hosts>Import: when importing a file with errors, the view needs expanding to read the import file error. |
|
833437 |
Config Wizard: Entering an invalid character results in empty UI and browser console error. |
|
930027 |
Portal SSL setting is disabled after a fail over to Secondary Server or resume control to Primary Server in a High Availability configuration. Workaround: Re-enable the Portal SSL setting. |
|
889609 |
Switch port is not dynamically changed to uplink when v-edge router is directly connected to Cisco switch port. Workaround: Add v-edge router to L2 Wired Device group. |
|
913616 |
No error message or feedback when configuring Winbind with a local netbios name that exceeds 15 characters. |
|
922114 |
Modifying nested group membership is not logged in admin auditing. |
|
932917 |
SSH keys must be manually generated when MultiKnownHostEntries is set. Otherwise, CLI credential validation fails when device owning VIP changes. For details and workaround see KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-CLI-credential-validation-fails-in-device/ta-p/271544 |
|
841488 |
Adapters: Go To Host(s) action not working correctly - loads all hosts. |
|
928827 |
Host aging is not applied to IP Phone device type. |
|
924474 |
Unable to select SSIDs when creating/modifying a port group under System > Groups. Workaround: Under SSID tab, right click SSID, select Group Membership & select the desired group. |
|
925603 |
FortiNAC currently supports one VLAN instance per FortiLink port per VDOM. |
|
886554 |
Radius Proxy is not forwarded to external radius server when SSID Server Definitions are Inherited from Device. Workaround: Define Primary RADIUS server and Secondary RADIUS server in SSID configuration |
|
910226 |
Default principal process threads thresholds are low and cause warnings or alarms immediately after update. |
|
910817 |
404 errors not being handled gracefully when requesting physical MAC for specific host. |
|
899821 |
Password Display/Generation Behavior Needs Updating in Admin Guide due to changes in 9.2. For details see KB article 256200. |
|
889618 |
Guest & Contractors View Accounts Print and Print Badge buttons print all badges and not the one selected. |
|
836136 |
Guest passwords not read correctly out of the database. |
|
908343 |
Address objects added in the model configuration to manage VPN do not take effect until a resync of the device. |
|
868999 |
Host status "pending at risk" is not honored if host status "safe" is ranked higher in policy where profile is applicable. |
|
800326 |
Cisco chassis switch with a Cisco WLC connected via port channel shows as a rogue. |
|
904535 |
3Com 4800G unable to read MAC Addresses from MAC Address Table. |
|
894661 |
When Admin UI is left unattended, and admin session times out, previous active page is still visible in the background. |
|
903393 |
Unable to Remove High Availability Configuration with Control and Application server pair. |
|
780312 |
FortiNAC does not integrate with Azure Active Directory due to SAML connection requirements. |
| 811404 807309 | Admin UI showing error "You do not have permission to access this page". Workaround: Restart tomcat-admin service. |
| 686910 714219 | Control Manager (NCM) communication issues when the NAC systems are connected through the WAN.For details see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-NCM-communication-issues-with-systems-across-WAN/ta-p/192434. |
| 891890 | Windows 11 hosts detected as Windows 10 hosts when using Dissolvable agent. |
| 891530 | Unable to set Admin Profile using "Set Admin Profile". |
| 890893, 907482 |
Global objects synchronization not completing between manager and appliances. Workaround: Reboot of the CA server |
| 887478 | Links in the Persistent Agent Summary panel produce redundant results. |
| 887470 | Domain with single character between dots in multiple dot domains results in error when adding to allowed domains. |
| 884414 | Unable to switch VLANs manually in Port Properties for Aruba CX switch. |
| 881837 | Hosts with spaces in the hostname throws an exception when trying to make an edit to the host where hostname contains whitespace. |
| 878059 | Using Location that specifies a device will not work if that device is a FortiLinked FortiSwitch |
| 874037 | GUI > Users & Hosts > Host View > Quick Search - Unable to locate host by hyphen or no delimiter. |
| 872245 | The migration procedure to move existing FortiNAC servers from CentOS to FortiNAC-OS is currently not supported. |
| 870875 | Address Group Object "In Use" button does not display accurate results. |
| 866378 | Custom Login using a Guest Self Registration account fails with error Registered Client Not Found. |
| 863826 | License Management view in the UI always displays "Base" for the License Name when using subscription licenses. Workaround: Use the License Information Dashboard Widget. |
| 861201 | Windows 11 Domain Check. |
| 860996 | Unable to read VLANs or L2 data for Huawei S6720-30C-EI-24S-AC. |
| 858138 | FSSO Tags are not sent to Wired and Wireless FortiGates after reconnecting the LAN port on FGT1101E. |
| 857083 | After Self Registration, FortiNAC doesn't sent Disconnect-Request to Huawei Controller. |
| 854239 | Radius CoA is not working as expected - ClassNotFoundException for CambiumAP in 9.2 release. |
| 853870 | Kaspersky Endpoint Protection 11.10 is not supported by FortiNAC. |
| 852670 | AP showing up as learned uplink not WAP Uplink. |
| 852560 | Custom Guest Account Password e-mail template is not used for Self Registration Self Registered Guest. |
| 847630 | Newly deployed NAC via OVA was incomplete requiring various manual workarounds to get completed. |
| 846822 | FortiNAC failed the NMAP scan due to old IP reported from the arptool. |
| 845412 | When a sync is performed on the Network Control Manager, modified group names are not synchronized to the managed pod. |
| 845008 | Grab-log-snapshot should collect more master log files than the two collected. |
| 845003 | Unable to register hosts to usernames in format of an email address. An “Error – Failed to Save Host – null” message appears. |
| 845000 | Unable to add a new LDAP or local user account when the username is in the format of an email address. A “Failed to modify User” message appears. |
| 843401 | Wrong portal selected despite matching specific portal policy. |
| 842134 | Blank section to Captive Portal page for mobile devices added after upgrade. |
| 841825 | Guest Self-Registration fails if using SMS. |
| 838525 | Configuring Remote Backup results in a "HTTP Status 500 – Internal Server" error. |
| 836435 | Unable to read VLANs on Huawei 6508 WLC. |
| 835782 | Config Wizard: Entering Application Server license is showing error (500 - Unable to compile class for JSP) |
| 834094 | When a sync is performed on the Network Control Manager, if an IO error occurs, global device profiling rules may be removed from the managed pod due to returning an empty list. |
| 834089 | When a sync is performed on the Network Control Manager, if an IO error occurs, global port group membership may be removed from the managed pod due to returning an empty list. |
| 833735 | Host icons in the Inventory view are not updated until a Layer 2 poll occurs. |
| 833324 | FortiNAC unexpectedly disabling Juniper EX interfaces when host is deleted in "Host View". |
| 832313 | SSH keyboard-interactive is disabled by default starting with versions 9.2.7, 9.4.2 and F7.2. This may affect FortiNAC's CLI access to a limited number of devices (like Arista switches). For details and workaround, see KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-SSH-login-fails-due-to-SSH-keyboard/ta-p/244979 |
| 829702 | FortiGate wireless clients cannot connect after a FortiNAC software upgrade if the FortiGate device model's RADIUS secret is not populated. This is true even though the VDOM radius secret is populated. |
| 828499 | HTTPD failed state after 9.2.5 upgrade requiring cleaning up semaphores. |
| 827283 | Roaming Guest Logical Network missing from FortiGate Model Configuration and possibly other vendors. |
| 826924 | Issue with automatic VLAN assignment to ports on switch. |
| 826653 | FortiNAC supplied Dynamic Addresses on the FortiGate can become orphaned in FortiNAC High Availability environments. This can cause unintended network access. |
| 824088 | Unable to update existing Registered Host records using Legacy View > Hosts > Import. |
| 818504 | Linux Persistent Agent fails to install using the .deb package. |
| 817040 | FortiNAC Manager fails to connect to pods configured for L2 High Availabilty with a virtual IP. Manager is querying eth0 IP instead of Virtual IP. |
| 816828 | Wrong License Displayed (Base instead of Plus). Polling of entitlements is failing. |
| 814183 | Unable to view all Certificate Details in the Certificate Management view. |
| 813652 | Security Alarms are not generating from Security Events. |
| 812908 | /var/log/messages is not rotating generating large files and high disk usage issues. |
| 811783 | Links in the Persistent Agent Summary panel produce redundant results. |
| 810574 | "Unable to scan" message when using Dissolvable agent if scan configuration label contains non US-ASCII characters. |
| 809769 | HTML is not supported when using "Guest Account Details" message type template. |
| 808523 | Delete User: Admin User without Admin User Permissions is able to delete another Admin User. |
| 804519 | Network Events and other Views - Filtering based on content entered in the filter field does not produce results. Workaround: Leave filter field blank and select an object in the drop-down instead. |
| 800870 | Packet from a secondary that is not the secondary in the configuration will prevent the primary from starting. |
| 800325 | Cisco Port Channel Link Resolution. |
| 795411 | Not able to click the "In Use" number of Concurrent Licenses Widget. |
| 793634 | MDM Server Last Polled and Last Successful Poll information removed in 9.x. |
| 792968 | Legacy View for Users & Hosts > Hosts does not display items in tables. Workaround: Enter “*” (asterisk) in search field. |
| 791739 | Google Authentication: Google Identity Services Library is currently not supported. |
| 791442 | Able to delete a Portal Configuration which is in use by a Portal Policy. Removal is done without warning the user. |
| 784642 | Norton Antivirus Plus (Norton 360) installed from app store not detected in endpoint compliance scan. |
| 783304 | DHCP responds with unexpected addresses in the DHCP-Server-Identifier attribute.This causes release/renew to fail. Affects appliances configured for seperate isolation networks (Registration, Remediation, DeadEnd, etc). |
| 776077 | Local Radius to Winbind connection cannot be secured at this time. |
| 774048 | L2 HA + VIP Pairing Process Failing. Configuration completes but leaves both appliances in a "processes down" state. Workaround: Reboot appliances. |
| 773733 | Enhance DeviceInterface debug dumpSSOTargets output. |
| 770974 | Event to Alarm mappings failing for Clear on Event criteria. |
| 770091 | Port changes/VLAN assignments made using Local RADIUS are not being logged as port changes. |
| 767548 | Register Game system with Host Inventory success page is not working. |
| 765172 | Configuration Wizard does not check whether user input subnet masks are valid. |
| 762704 | After clicking the 'restart services' button when applying SSL certificates to the Admin UI Certificate Target, the prompt does not clear and there is no confirmation dialogue (even though it was successful). Clicking the 'restart services' button again generates an error. |
| 761745 | Mist AP - Port Connection State NOT WAP Uplink. |
| 754346 | Selecting Port Changes under the Ports tab of a specific device in Network > Inventory does not display expected results. For details and workaround, see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Default-filter-for-Port-Changes-does-not-populate/ta-p/209297. |
| 752538 | When in the Users & Hosts > Applications view, selecting an application and clicking the Show Hosts option displays a page that does not provide accurately filtered results. Workaround: Navigate Users & Hosts > Hosts and create a custom filter to list hosts associated to an application. |
| 739990 | Android Mobile Agent prompts for server name. |
| 730221 | Stacked Meraki switches currently not supported. |
| 710583 | L2 Polling Mist APs can result in more API requests than Mist allows per hour. |
| 708936 | FortiNAC will log off SSO for sessions that remain connected to a managed FortiGate IPSec VPN tunnel after 12 hours. |
| 708720 | Policy evaluation may not be triggered after a host status update in Microsoft InTune. This can prevent the host from being moved to the proper network. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Policy-evaluation-not-triggered-after-Microsoft/ta-p/203843. |
| 699106 | After a reboot, FortiNAC may change the Native VLAN on a wired switch port following a layer 2 poll. This may cause issues for ip phones, should they connect to a port where the native/default VLAN isn't the correct VLAN. |
| 695435 | FortiEDR is currently not supported. If required, contact sales or open a support ticket to submit a New Feature Request (NFR). |
| 694407 | Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being detected by the agent. This causes hosts running CrowdStrike Falcon to incorrectly fail scans. For details and workaround, see related KB article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Linux-hosts-running-CrowdStrike-Falcon/ta-p/202694. |
| 682438 | Page Unresponsive' error when exporting hosts. For details and workaround see related KB article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Page-Unresponsive-error-when-exporting-hosts/ta-p/193878. |
| 674438 | Processes Scan Type option is not available when creating custom scans for macOS systems. |
| 631115 | Only 50000 records display in Adapter and Host Views. Example: Adapters - Displayed: 50000. Total: 57500 |
| Not all models of all network devices can be configured to perform Physical MAC Address Filtering even though the Admin UI indicates that the configuration can be set. Resolution: Hosts can be disabled by implementing a Dead-end VLAN. | |
| For Portal v2 configurations, web pages that are stored in the site directory to be used for Scan Configurations will not be included when you do an Export of the Portal v2 configuration. Resolution: The files in the site directory are backed up with the Remote Backup feature, but otherwise keep a copy of these files in a safe place. | |
| Removing a device from the L2 Wired Devices or L2 Wireless Devices Group does not disable L2 (Hosts) Polling under the Polling tab in Topology. | |
| The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all hosts marked At-Risk to Safe. However, the status of the individual scans for each host remain unchanged. | |
| In a Layer 3 High Availability (HA) environment, configWizard must have a DHCP scope defined. Running configWizard without a DHCP scope can cause a failover. | |
| On FortiNAC appliances with CentOS 7, duplicate log messages may appear in dhcpd.log for each sub interface (eth1, eth1:1, eth1:2, etc). | |
| System > Settings > Updates > Operating System will only record and display dates of OS updates that are completed through the Administrative UI. If Operating System updates are run via command line using the "yum" tool, the update is not recorded. Resolution: Execute Operating System Updates through the Administrative UI in order to maintain update history. | |
| Only English versions of AV/AS and their corresponding definitions are supported. | |
| Anti-Virus product Iolo technologies System Mechanic Professional is currently not supported. |