Resolved Issues
The following issues have been fixed in 6.4.3. For inquires about a particular bug, please contact Customer Service & Support.
AP Manager
Bug ID |
Description |
---|---|
587879 | AP Manager central mode is missing AP group with VLAN ID. |
607107 |
FortiManager prompts installation errors when certain channels are selected for Radio 2 in 5 GHZ band of FAP-421E. |
607170 | Dynamic VLAN option is not saved in SSID in AP Manager. |
608870 | Changing FortiAP setting to override radio 1 TX power control from auto to manual generates incorrect configuration causing install to fail. |
610724 | Unauthorized APs should be displayed so that users can authorize the APs. |
645030 | Adding FortiGate using custom admin profile may fail to list FortiAP in AP Manager. |
645713 | FortiManager is able to create SSID which cannot be deleted. |
653329 | FortiManager sends the wrong device setting after changing the FortiAP name. |
654171 | There may be duplicate entries in objcfg_wireless_controller_wtp not allowing the user to delete some custom WTP profiles. |
663983 |
FortiAP upgrade may not proceed past 20%. |
665945 |
Brazil country (BR) code does not offer any radio choices. |
Device Manager
Bug ID |
Description |
---|---|
552492 | VAP is always loading under CLI configuration. |
595058 | When customer sets Scheduled Updates configuration to 1 hour in FortiGuard on Device Manager, FortiManager installation preview is configured as set time 1:60. |
605688 | The character limit for pac-file-data is set to 4000 under CLI Configuration. |
613029 | SD-WAN Monitor is showing effect of exceeded SLA even when it is disabled. |
614953 | Device dashboard reboot and shutdown operations may not work. |
627749 | Admin users with device-config set as read in the admin profile cannot download configuration revision. |
635316 | Return button is not working when viewing HA mode. |
635701 | Blocked address, trusted address, disabled signature and disabled-sub-class lists are not displayed on WAF profile CLI Configuration. |
635738 | FortiManager should show a clear message when it fails to load device configuration. |
639854 | No IPv6 format in router GUI for BGP. |
644596 | FortiManager is unable to deauthorize explicit proxy user(s). |
646609 | Devices may disappear randomly after upgrade. |
649157 | Mapping interface containing "/" results error Object does not exist during import policy. |
649566 | CLI Template is not able to
install same name interface using vpn ipsec phase1-interface and config
system ipsec-aggregate . |
649769 | FortiManager cannot view full list of Extenders. |
650545 | Import may get stuck in an infinite loop when there is a recursive reference. |
650987 | Interface template may show an empty action list. |
651186 | DNS widget may be empty under system template. |
651712 | SD-WAN monitor keeps loading and not displaying anything in backup mode ADOM. |
652481 | Allow access is missing under interface on AWS FortiGate and may cause installation to fail. |
653331 | Device Manager may not be able to open the NTP page. |
653388 | IPsec VPN Phase-1 tunnel interface is not added in VDOM interface list with a long VDOM name. |
653465 | FortiManager may not be able to edit DHCP options function on GUI. |
653701 | When FortiManager is configured in advanced ADOM mode, FortiManager still allows device assignment of CLI Templates/Groups in an ADOM where the management VDOM of that device does not reside in that particular ADOM. |
656200 | SD-WAN rule may not show all internet services. |
656650 | Import policy may fail due to local certificate. |
657335 | When creating VLAN interface with non-management VDOM, no interfaces can be listed. |
657988 | FortiManager may lose connection and fail to install after FortiGate HA switching roll. |
659838 | Interfaces any and virtual-wan-link should not be visible as OSPF passive interface option. |
659862 | FortiManager sends unset serial for FortiAnalyzer settings when System Template is being used. |
660662 | FortiManager should support increased user local and user group member on FortiGate model 400E or 900E. |
661116 | Device configuration may not be updated after running CLI script on remote FortiGate. |
662073 | FortiManager should create a new OSPF interface when clicking the OK button. |
662095 | FortiManager may take a long time to send SLA updates to more than a thousand FortiGate devices. |
664999 | Importing a policy from FortiGate may not complete. |
665013 | After upgrade, FortiManager may not be able to refresh multiple devices at once. |
667142 | FortiManager is unable to edit or mouse over OSPF route after the seventh line. |
668315 |
Maximum device group section can create more than specified by device group license limit. |
668664 | Policy package diff is much slower after upgrade. |
668958 | After enabling DHCP relay on one interface, DHCP server is disabled on another interface during install. |
670072 |
FortiManager can export license file but it does not include HA information. |
671139 |
FMG-VM64-AWSOnDemand may show serial number as FMG-VM0000000000 with valid license status. |
FortiSwitch Manager
Bug ID |
Description |
---|---|
651788 | FortiSwitch Manager does not show the correct online or offline status. |
659568 | FortiSwitch may not be visible under FortiSwitch Manager. |
Global ADOM
Bug ID | Description |
---|---|
645702 | Global policy install should not show warnings when a policy package has no installation target. |
657642 | FortiManager is unable to replace firewall object in Global Header Policy using the option Find and Replace. |
666842 |
Cloning a global policy package may fail with runtime error -1: invalid value. |
Others
Bug ID |
Description |
---|---|
596067 | In workflow mode, FortiManager
cannot add devices to policy package installation target via JSON API. |
632822 | The merged_daemons process
goes to 100% usage and prevents radius authentication. |
647156 | FortiManager cannot clone any
of the deep-inspection ssl-ssh-profiles using JSON API. |
647488 | When using the Wireless Manager, FortiManager automatically returns to the main page after about 20 seconds. |
657450 | Docker interface range may create network conflict with the user's network. |
657566 | After upgrade, copy may fail for central SD-WAN with configuration error, error service - 2 :-2 - Please assign a member. |
662965 | Error may occur when checking
and repairing invalid object sequence with diagnose cdb upgrade
check . |
663476 | FortiManager is unable to configure system admin ssh-public-key via JSON API. |
664554 | HA sync error may print repeatedly on secondary FortiManager. |
665424 | Add an option in FortiManager CLI to skip unmapped normalized interface for input-device. |
Policy and Objects
Bug ID |
Description |
---|---|
525625 | When configuring web filter rating override, the configuration is pushed to all the VDOMs even when the web filter is not used. |
531112 | Consolidated policy is missing implicit deny policy. |
583151 | FortiManager should not change default value of scan-mode and ssl-ssh-profile/inspection-mode when installing v6.0 policy package to v6.2. |
599129 | While editing policy from Policy Package, it is not possible to select SSL/SSH Inspection profile. |
600165 | Firewall consolidated policy is still named SSL Inspection & Authentication when it is profile based. |
607958 | FortiManager should be able to modify per-device mapping for global VIP in local ADOM. |
609389 | Within the anti-virus profile, the Send Files to FortiSandbox Appliance for Inspection option should not always be set to None. |
618321 | FortiManager is unable to create RSSO Group if the agent is configured with custom name. |
620092 | Interface Pair View is not working for Security Policies. |
623833 | Username cannot exceed 35 characters. |
631372 |
Setting |
632771 | Users may not be updated on FortiManager after a new session is created on ISE. |
634241 | VIP created using CLI script is not available to use in a policy. |
635966 | Azure SDN connector only fetches the first page of results. |
639437 | FortiManager intermittently not displaying custom objects inside of address group. |
640157 | Verification may fail due to
wrong default setting of log.memory.global-setting'> set max-size . |
644689 | FortiManager may not be able to load application control profile. |
645058 | Existing objects may disappear while editing policy and adding new one in batch mode. |
646583 | Policy Lookup should be available on GUI. |
651785 | Address section under Policy & Objects > Security Profiles > SSL/SSH Inspection" may load indefinitely. |
651820 | FortiManager should remove interface reference check for normalized interface per-device mapping. |
654609 | FortiManager is unable to create and display destination of imported internet service custom object. |
655248 | Policy Consistency Check may return duplicate address object names. |
656206 | FortiManager may not be able to add a proxy policy and it may not be able to search on source address field. |
656324 | Policy object panel search may not work on source user group field. |
657826 | FortiManager should not allow unsupported options in Certificate Inspection SSL/SSH inspection profiles to be visible. |
657896 | FortiManager should provide more descriptive error message when copy fails. |
661268 | Renaming address object may bypass the length check. |
663219 |
FortiManager may not be able to add more than 10240 service objects. |
664307 | Cloning DNS filter profile that is assigned from Global ADOM results in Response with errors. |
Revision History
Bug ID |
Description |
---|---|
586275 | Policy Package Diff does not show user or admin details. |
587682 | Installing mobile token that does not belong to target FortiGate may fail. |
611536 | IPsec Phase1 dhgrp and proposal settings may be ignored for FortiOS v5.2 devices after FortiManager is upgraded. |
612263 | FortiManager may not install ADSL vci and VPI to FWF-60E-DSL. |
614485 | FortiManager should support
the configuration, set initiator-ts-narrow enable . |
622540 | FortiManager prompts error, 'no hub configured, for a site even when the site is not part of VPN Manager. |
634345 |
Install preview may not show CLI configurations correctly. |
647180 | Install copy may fail with error message ftgd-wf - - The category is already set in another filter. |
649662 | Installation may fail due to cert-validation-timeout setting error when installing v6.2 policy package to v6.4 FortiGate. |
650017 | Install fails for adding md5-key on OSPF interface when default authentication is set as None. |
650239 | Installation fails with wireless-controller vap mesh-backhaul setting despite setting being disabled on FortiManager. |
652337 | VPN Manager changes may result in unnecessary FortiGate configuration changes. |
654496 | Installing configuration to device after Auto link, FortiManager may send incorrect system ntp commands causing install to fail. |
656505 | Install may fail for youtube-channel-filter after creating a web filer profile. |
656645 | Copy may fail due to missing Health Check in device database. |
656713 | FortiManager may try to delete dynamically generated EMS firewall addresses which causes install failure. |
657344 | Installing from 6.0 ADOM may try to unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2. |
657424 | FortiManager may disable the l2forward and stpforward settings on virtual switch interface when installing policy package. |
657526 | FortiManager should not try to unset ssl-ssh-profile configuration if it is already configured. |
662438 |
FortiManager may try to purge all web rating override entries. |
Script
Bug ID |
Description |
---|---|
592660 | Running a script remotely may trigger a full configuration retrieve instead of a partial configuration retrieve. |
611396 | After it is locked on a device, FortiManager cannot show the list of devices to run a script. |
629722 | FortiManager cannot set system admin password with ENC format via CLI template. |
632014 | When editing CLI script group, user cannot see the full CLI script name. |
669198 | Running a script in Policy & Objects does not update Save status. |
Services
Bug ID |
Description |
---|---|
437935 | FAD-VM license may not be validated on FortiManager. |
587730 | FortiGate-VM64-AZURE may not be listed in firmware image page. |
603414 | FortiManager may show incorrect firmware upgrade path. |
652764 | In FortiManager, Enforce Firmware Version may fail to upgrade FortiGate to a custom build. |
654129 | FortiManager may not have the correct upgrade path for FortiGate KVM. |
666716 |
FortiGuard license status page should have an option to show all FortiGate HA cluster contracts. |
System Settings
Bug ID | Description |
---|---|
489837 |
Certificate request CRS does not include the SAN DNS. |
556334 | Standard ADOM users should be able to assign system templates to FortiGate devices. |
579727 | Removing enrollment method from local certificate. |
589203 | ADOM upgrade from 5.6 to 6.0 may fail due to invalid per-device mapping. |
596212 | SSH filter profile is unset in firewall profile group upon ADOM upgrade. |
597917 | Mail Server setting within Event Handler Notifications is not synchronized from FortiManager to managed FortiAnalyzer. |
611215 | SNMP Hosts in SNMP Community are not displayed in the GUI if ADOM is unlocked. |
619750 | When upgrading ADOM from 5.4 to 5.6, FortiManager does not add tcp-session-without-syn in all firewall policies. |
624354 | There may be an empty space in ADOM management page. |
639099 | There are many cdb event log for object changed in event logs after upgrade. |
640505 | Remote admin authentication with RADIUS may stop working. |
650326 | After HA failover, the new primary device may have incorrect policies. |
654370 | Users may not be able to access Java console with an error message: Too many concurrent connections. |
654637 | After upgrade, non super_user password changes may not taking effect. |
655515 | FortiManager may not be able to clone the Security Fabric ADOM. |
656703 | FortiManager requesting AuthnContext PasswordProtectedTransport causes errors if IdP is Azure AD with MFA. |
657403 | ADOM upgrade to 6.4 may hang and cause cdb reader to crash. |
657664 | FortiManager may not be able to upgrade ADOM from 6.2 to 6.4 when Policy Block is used. |
657843 | FortiManager needs to handle IPv6 policy migration with policy block. |
658689 | Log service may shutdown and restarted routinely. |
660226 | HA may crash when upgrading. |
660361 | ADOM upgrade may fail when
FortiManager has workspace-mode set to workflow . |
665033 | Global web rating overrides may not be assigned after upgrade. |
665356 | Event logs should not contain users are not responsible for synchronizing device manager database between FortiManager and FortiAnalyzer. |
667961 | The View SP Metadata button for single sign-on may not response. |
VPN Manager
Bug ID |
Description |
---|---|
647413 | Customer should be able to select the OS to allow or deny an SSL-VPN tunnel connection. |
650454 | Installation may fail when Dialup VPN interface is PPPoE logical interface. |
648067 |
VPN Manager needs to support dynamic address group that has nested dynamic address objects. |