Fortinet black logo

Known issues

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID Description
555180 Push notification certificates are not restored to the disk following a model conversion.
526202 FortiAuthenticator does not check if the signature of a CSR is valid when processing it during a SCEP enrollment request.
548689 FortiAuthenticator should not delete a revoked local service certificate until it has expired.
538059 Importing an ECDSA-signed certificate and key causes an error.
544851 Unable to re-enable HA from the CLI if HA was disabled from the GUI on the backup device.
528352 Unable to configure HA role and priority from the CLI on a load-balancing device that has HA disabled.
546764 The use of non-ASCII characters in replacement messages causes the URL in email messages to render incorrectly.
478985 The FortiAuthenticator Windows Agent doesn't always locate the domain name, and users are not able to login.
524131 There is a multisecond delay between queuing and sending of push notifications.
538216 FortiAuthenticator FSSO service can be unstable due to crashing DC agent daemon.
468513 Excluding a user from SSO causes the FSSO server to exit and not recover.
540932 FSSOMA nested group search fails if nested via the primary group.
541043 SAML authentication with Azure UUID mapping does not include SSO group for the user as expected.
555320 When using device only (MAC address) authentication, the guest portal time schedule is ignored.
482900 User registration through a guest portal requires the approver to enable RADIUS authentication first.
558797 Users assigned an admin profile with full read and write permissions are unable to access Authentication > Guest Portal > General.
532604 The Social Login Users list displays 'unknown' in the user column.
530392

Unable to log into a guest portal with a social user account if the account has expired.

Workaround: From Authentication > User Account Policies > General, enable Automatically purge disabled user accounts and set the frequency to Hourly. This removes all expired accounts.

543791 When a users audit report is generated, the 'last used' and 'created' columns contain incorrect data for LDAP users.
557353 Occasionally, FortiAuthenticator widgets will fail to load.
510931 The connection status displayed for Windows Active Directory servers can be are unclear and inconsistent.
536211 FortiAuthenticator should limit FSSO passwords to 15 characters since that is the limit on FortiGate.
532652 Users audit reports are not working on the backup device in an active-active HA cluster.
558790 Unable to assign more than one admin profile to a user.
550800 The Authentication Activity widget can display inconsistent information.
548527

User accounts that have been locked due to repeated invalid password attempts cannot be unlocked from the User Lookup page.

544023 Importing MD5-hashed certificates for system access causes Apache to crash repeatedly.
543646 When creating a password policy, entering foreign characters in the 'Use non-alphanumeric characters in random passwords' field will cause an error to occur when viewing the list of guest users.
540587 Clicking on a guest user on a load-balancing device causes a GUI crash.
490281 FortiAuthenticator logs show the column name 'Type id', however downloaded logs and logs sent to FortiAnalyzer show this column name as 'Log id'.
557762 In an active-active HA configuration, after an HA password change, backup devices are unable to synchronize.
557771 The role of active-passive cluster standby members locks to standby member if the active member shuts down while status is 'in_sync = 0'.
551706 Load-balancing HA clusters are unable to have two remote FortiAuthenticator administrators with the same username when two-factor authentication is enabled.
516357 Toggling load-balancing off and back on in an existing cluster can impact availability for hours or days.
543729 RADIUS Client service not working after upgrading firmware from version 4.2.1 to version 5.5.
548556 If FortiAuthenticator is configured as an LDAP server and the secure password option is enabled, the LDAP client receives an invalid credentials error during the bind attempt.
511093 In an active-active HA configuration, Radiusd on the backup device crashes if a large custom RADIUS dictionary is uploaded to the primary device.
556721 When using the /auth/ REST API endpoint, case insensitivity is ignored when handling the 'user has no token configured' option.
543993 Unable to create more than one SSO group using REST API.

Known issues

This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please visit the Fortinet Support website.

Bug ID Description
555180 Push notification certificates are not restored to the disk following a model conversion.
526202 FortiAuthenticator does not check if the signature of a CSR is valid when processing it during a SCEP enrollment request.
548689 FortiAuthenticator should not delete a revoked local service certificate until it has expired.
538059 Importing an ECDSA-signed certificate and key causes an error.
544851 Unable to re-enable HA from the CLI if HA was disabled from the GUI on the backup device.
528352 Unable to configure HA role and priority from the CLI on a load-balancing device that has HA disabled.
546764 The use of non-ASCII characters in replacement messages causes the URL in email messages to render incorrectly.
478985 The FortiAuthenticator Windows Agent doesn't always locate the domain name, and users are not able to login.
524131 There is a multisecond delay between queuing and sending of push notifications.
538216 FortiAuthenticator FSSO service can be unstable due to crashing DC agent daemon.
468513 Excluding a user from SSO causes the FSSO server to exit and not recover.
540932 FSSOMA nested group search fails if nested via the primary group.
541043 SAML authentication with Azure UUID mapping does not include SSO group for the user as expected.
555320 When using device only (MAC address) authentication, the guest portal time schedule is ignored.
482900 User registration through a guest portal requires the approver to enable RADIUS authentication first.
558797 Users assigned an admin profile with full read and write permissions are unable to access Authentication > Guest Portal > General.
532604 The Social Login Users list displays 'unknown' in the user column.
530392

Unable to log into a guest portal with a social user account if the account has expired.

Workaround: From Authentication > User Account Policies > General, enable Automatically purge disabled user accounts and set the frequency to Hourly. This removes all expired accounts.

543791 When a users audit report is generated, the 'last used' and 'created' columns contain incorrect data for LDAP users.
557353 Occasionally, FortiAuthenticator widgets will fail to load.
510931 The connection status displayed for Windows Active Directory servers can be are unclear and inconsistent.
536211 FortiAuthenticator should limit FSSO passwords to 15 characters since that is the limit on FortiGate.
532652 Users audit reports are not working on the backup device in an active-active HA cluster.
558790 Unable to assign more than one admin profile to a user.
550800 The Authentication Activity widget can display inconsistent information.
548527

User accounts that have been locked due to repeated invalid password attempts cannot be unlocked from the User Lookup page.

544023 Importing MD5-hashed certificates for system access causes Apache to crash repeatedly.
543646 When creating a password policy, entering foreign characters in the 'Use non-alphanumeric characters in random passwords' field will cause an error to occur when viewing the list of guest users.
540587 Clicking on a guest user on a load-balancing device causes a GUI crash.
490281 FortiAuthenticator logs show the column name 'Type id', however downloaded logs and logs sent to FortiAnalyzer show this column name as 'Log id'.
557762 In an active-active HA configuration, after an HA password change, backup devices are unable to synchronize.
557771 The role of active-passive cluster standby members locks to standby member if the active member shuts down while status is 'in_sync = 0'.
551706 Load-balancing HA clusters are unable to have two remote FortiAuthenticator administrators with the same username when two-factor authentication is enabled.
516357 Toggling load-balancing off and back on in an existing cluster can impact availability for hours or days.
543729 RADIUS Client service not working after upgrading firmware from version 4.2.1 to version 5.5.
548556 If FortiAuthenticator is configured as an LDAP server and the secure password option is enabled, the LDAP client receives an invalid credentials error during the bind attempt.
511093 In an active-active HA configuration, Radiusd on the backup device crashes if a large custom RADIUS dictionary is uploaded to the primary device.
556721 When using the /auth/ REST API endpoint, case insensitivity is ignored when handling the 'user has no token configured' option.
543993 Unable to create more than one SSO group using REST API.