Resolved Issues
The following issues have been fixed in 6.4.7. To inquire about a particular bug, please contact Customer Service & Support.
AP Manager
Bug ID |
Description |
---|---|
633171 | There may be DFS Channel mismatch between FortiManager and FortiGate for FAP-223E. |
677419 | FortiManager may show
installation error on dual-5G radio band while pushing wireless-controller
configuration. |
682443 | FortiManager should allow setting the index floor value and AP location should not be lost. |
689325 | FortiManager may not be able to configure Channel 13 for Germany AP profile. |
698004 | When installing to a 6.4 FortiGate
device from a 6.2 ADOM, there may be issue with set vap-all
manual within the AP Profile. |
702114 | FortiManager is unable to see 5Ghz Clients in Health Monitor. |
716135 | There may be verification error when trying to install FortiAP with 2.4GHZ Radio 1 channel disabled. |
Device Manager
Bug ID | Description |
---|---|
563690 | Device Manager fails to add FortiAnalyzer which contains a FortiGate HA device with error: serial number does not match database. |
615044 | Configuration status may be shown as modified after adding FortiGate to FortiManager. |
640907 | FortiManager is unable to configure FortiSwitch port mirroring. |
665207 | FortiManager needs IPv6 support on Syslog server setting. |
670577 | When creating an API admin from CLI Configuration, the trusted host section is missing. |
674123 | SD-WAN template > SD-WAN Rules options for Load Balance Mode do not match that on FortiOS. |
690493 | License check setting may not be saved. |
692200 | FortiManager may return
conflict after a zero-touch-provisioning cluster deployment. |
696730 | FortiManager is unable to promote Secondary FortiGate as Primary in a HA Cluster. |
697148 | Interfaces that are members of SD-WAN and with interface-based traffic shaping applied should be displayed in the Traffic Shaping widget. |
697596 | Advanced Options is not displayed when creating a new interface. |
702906 | DHCP Relay Service may not be deleted when it is configured on VLAN interface. |
705448 | Device connection status may remain Up after shutting down device port and update device status. |
709214 | System template should allow
Source Interface to be selected when specify is activated as
interface-select-method . |
711005 | Under backup ADOM, FortiManager should hide the selection for Provisioning Templates" and Policy Packages in the Add Device wizard, device Dashboard, and device Edit page. |
711713 | DHCP relay is displayed as DHCP server when Workspace is unlocked. |
711888 | FortiManager is not retrieving
and saving the vdom-exception configuration. |
714036 | SD-WAN widget cannot be loaded when a rule uses a specific SLA target. |
714208 | Device Manager may not be able
to save scan-botnet-connections option in interface settings page. |
714611 | Creating interface from VDOM may return No Match Found error. |
714710 | Secondary interface configuration may not show on Device Manager. |
718184 | AutoUpdate with unset
options & unset post-lang may cause device database and
policy package status to show OUT-OF-SYNC. |
719028 | FortiManager may not update FortiGate's VDOM license information when it is changed. |
719968 | SD-WAN Monitor should show the proper Map View of all devices. |
726359 | After upgrade, Device Manager may not show managed devices after switching from Table View to Map View. |
726990 | When an administrator has access to a specified device group, FortiManager may remove devices that do not belong to the group when synchronizing device list to FortiAnalyzer. |
728655 | Configuration status may not be shown as Synchronized after installation. |
728687 | Policy package status may change to Modified on all FortiGate devices when a dynamic address group changes. |
729301 | A managed FortiGate with assigned CLI template remains in modified state following a successful device configure installation. |
731551 | FortiManager may return error, Failed to synchronize FortiAnalyzer with current ADOM data.Fail(errno=-3):Object does not exist, when adding FortiAnalyzer device. |
733076 | Model device links to real device may not work. |
733080 | Device status appears in the GUI even though there is no activity for the session between FortiManager and FortiGate. |
735106 | Delete is spelled incorrectly when attempting to delete invalid host cluster device. |
FortiSwitch Manager
Bug ID | Description |
---|---|
700023 | Install may fail with switch-controller managed-sweatshop-pre-standard-detection after upgrade. |
716277 | FortiSwitch Manager > Managed Switches tab is not in place after re-sorted. |
740936 |
FortiSwitch VLAN template creates unknown interface platform mapping. |
Global ADOM
Bug ID | Description |
---|---|
667197 |
Users should not be able to delete global object when ADOM is not locked. |
680798 | FortiManager may return error, Could not read zone validation results, when assigning global ADOM changes with Automatically Install Policies to ADOM Devices. |
693510 | Display Options for Object Config will reset to default after sometime. |
710963 | FortiManager may show unclear error message when trying to promote an object from an ADOM to Global database under Workspace or Workflow mode. |
722562 | Users may not be able to filter ADOM when assigning Global Policy. |
724229 | Global ADOM display options may be reset to default after reboot. |
Others
Bug ID | Description |
---|---|
697361 | FortiExtender status may not be correctly displayed. |
724470 | dmworker may crash on device
retrieve or revision import. |
728375 | JSON API may return
"runtime error 0: invalid value" error when getting dynamic mapping
with "fields" attribute. |
732144 | A CA certificate may be missing from some older FortiManager platforms causing failure to login with FortiCloud SSO. |
679163 |
Execute tac report launched in CLI Widget fills the /tmp and prevents retrieval of FortiGate's configuration. |
Policy and Objects
Bug ID | Description |
---|---|
487186 | FortiManager may install a different local category ID to FortiGate causing conflict with custom URL rating list. |
569446 | Interface subnet address object may show any as interface instead of the selected interface. |
636537 | CLI Only Objects > User > peergrp is not able to delete peergrp. |
642708 | View Mode may unexpectedly change from Interface Pair View to By Sequence mode. |
654172 | There may be webfilter local category ID mismatch between FortiManager and FortiGate causing incorrect action when using Custom URL List. |
663109 | FortiManager should not allow user to select a profile group in a flow-based policy that uses a proxy-based feature. |
666091 | After cloning a policy package, the cloned policy package loses the installation targets. |
666258 | User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop. |
677528 | Address object search may not display the address group which contains the searched object within the group. |
679282 | Editing a global object in an ADOM is not possible and generathe s te error, "undefined is not iterable". |
686911 | Workflow session may not be able to compare with error: "Can not compare because of invalid Revision Diff data". |
690231 | Where-used may fail to display references to certificate-inspection that were added to firewall policies in previous versions. |
690295 | FortiManager may be slow when multiple users access GUI at the same time. |
696489 | URL Filter under Web Filter profile may not be enabled properly. |
701526 | There may be issue to scroll down to view policy consistency results. |
704148 | FortiManager is missing some IPS signatures while they are available on FortiGate. |
704637 |
FortiManager allows VIP to be configured without default value or dynamic mapping. |
705189 | "config authentication scheme" policy is not available for more than one FortiGate on the same policy package. |
712213 | Users may not be able to filter policy using Inspection Mode field. |
715269 | CVE-2021-26857 default action should be Drop on the FortiManager when the IPS version is greater than 18.028. |
715275 | FortiManager may not be able to show a specific signature. |
715722 | Users may not be able to delete a Global Object. |
716114 | FortiManager should push changed in ssl-ssh-profile with Untrusted SSL Certificates setting reverted from Block to Allow. |
719698 | Performance for policy install may be slightly degraded after upgrading from 6.4.5 to 6.4.6. |
719700 | FortiManager may have incorrect IPS default action entries in database. |
719981 | Where Used function may return no result for Internet Service objects. |
720896 | SSO admin with a Restricted Admin profile should be able to view Web Filter, Application Control, or IPS objects. |
722087 | Edit user group with remote members on FortiManager GUI may cause unexpected change in set group-name. |
723409 | After upgrade, installing to policy to FortiOS 6.0 devices may fail. |
724718 | When FortiManager's NSX-T connector is executing an API request, it should not be limited to 50 records. |
725132 | When modifying the IP address of Default VPN Interface of spoke in Device Manager, the hub remote gateway should be modified to reflect that change. |
725274 | GUI may be slow when filtering many entries with DNS filter. |
726424 | IPS signature list may be empty after upgrade. |
727329 | FortiManager may fail to identify case sensitivity with an interface that has a similar name for the Normalized Interface settings. |
729287 | User may not be able to edit DNAT. |
730487 | Copy procedure may stall at 67%
with securityconsole crashes when copying policy package. |
730523 | Unused policies tool may always generate a PDF containing all policies. |
732208 | The ip_addresses
from NSX-T are incorrectly Resolved To in FortiManager. |
738109 | FortiManager may not install auth-cert from policy package to device. |
738745 | When an object is renamed, the new name must be used on all policies. |
738595 |
FortiManager may not correctly push AWS connector credentials. |
Revision History
Bug ID |
Description |
---|---|
642878 | FortiManager should return a clear copy fail log for dynamic interface check error. |
683728 | Installation fails due to VIP mapped IP range error when installing v6.2 policy package to v6.4 device. |
691240 | FortiManager should not unset
the value of forward-error-correction with certain FortiGate platforms. |
708913 | FortiManager may try to set
sflow-counter-interval and unset trunk-member resulting in installation
failure. |
711314 | VDOM specific Disclaimer Page
configuration is purged from default replacemsg-group during Policy Package
installation. |
724340 | FortiManager may unset
forward-error-correction from FortiGate 7060E devices. |
724976 | In Zero Touch Provisioning deployment, device database may get wiped by an AutoRetreive task. |
725717 | After upgrade, installation may
fail due to mcast-session-counting . |
728117 | After upgrade, install may fail
due to set pri-type-max 1000000 . |
728422 | Policy validation may fail due to dynamic mapping for global object that is for FortiGate 6.2 device but it is in 6.0 ADOM. |
733518 | FortiManager may incorrectly move DNAT objects. |
735988 | Switch and AP names may be reverted by controller status update from FortiGate. |
742242 |
Install fails after upgrade due to |
Script
Bug ID |
Description |
---|---|
630016 | FortiGate users can see scripts from all ADOMs. |
689775 | Users may not be able to edit an empty CLI Script Group. |
707952 | Copying of CLI Script Group from one ADOM to another ADOM may not work. |
715632 | Script configuring AntiVirus quarantine may fail. |
721740 | FortiManager may fail to run
CLI script on Device DB after dmworker crash. |
729571 | TCL script commands run on device no longer show in the script log. |
Services
Bug ID |
Description |
---|---|
567664 | HA secondary device does not update FortiMeter license. |
673302 | FDS updates may fail with TLS v1.3. |
685678 | When FortiMail FIPS mode is enabled, FortiManager should be able to validate its license. |
688498 | FortiSwitch version shown in the FortiGuard package page is not seen on FortiGate. |
700579 | FortiManager should be able to provide the license information for isolated FortiSanbox. |
702001 | When receiving valid FCP updates, FortiManager should remove model flag for non FortiGate platforms. |
704057 |
FOS-VM may not be able to update ISDB due to no contract on FortiManager. |
725721 | FortiManager may not be able to recognize all FortiGate units within an HA cluster, and it may not be able to update services to all units. |
733174 | FortiManager may not be able to
recognize the object id 06002000NIDS02604 as IPS Signature
Database(Extended). |
System Settings
Bug ID |
Description |
---|---|
663185 | Search may not work for event logs in text mode. |
672954 | Users should not be able to disable ADOM when there is non-root ADOM. |
687968 | FortiManager should not change
to ipv6-autoconf to disable when management access is changed to the
ipv6-autoconf enable state. |
700608 |
The variable from meta data that is shown as not case sensitive, whereas the variable is case sensitive when using in a CLI template. |
705145 | Username is truncated to 49 characters in the notification Emails sent by FortiManager for workflow approvals. |
709873 | Global task assignment time may not be accurate. |
711686 | Workflow approval does not work when admin name has more than 49 characters. |
722320 | The NOT search in advanced/text mode search is not working for system event logs. |
723117 | Admin user may not be able to see who has locked an ADOM. |
726007 | Admin User systematically gets access to Root ADOM in case of RADIUS authentication and "Fortinet-Vdom-Name" VSA not set. |
726138 | After upgrade, FortiSwitch Template setting 'poe-pre-standard-detection' may cause installation failure. |
727458 | FortiManager may not allow users to access all the VDOMs within an ADOM. |
738395 | FortiManager tasks' time used should not be increased by timezone. |
VPN Manager
Bug ID | Description |
---|---|
712861 | Policy Package Status stays Synchronized despite SSL-VPN Portal configuration is changed using VPN Manager. |