Usage Profile TIME USAGE=Time used is not triggering COA or disconnect request to FortiGate.

Admin logout GUI glitch.

LDAP user import uses server IP from DB despite browser using/showing unsaved one.

'Export key and Certificate' option should be grayed out for an intermediate CA whose root uses HSM.

Changing from maint-mode-no-sync to maint-mode-sync does not appear to restore syncing.

SSL connection failed in case of an expired certificate issue is not explicit enough.

restore-admin CLI command needs improvement.

AP HA secondary cannot change the mgmt interface access configuration, and the option does not sync from primary either.

REST API /api/v1/tacpluspolicyclient/ endpoint does not recognize policy_name or client_name parameters.

SCEP Get CA requests intermittently fail under high SCEP load.

FortiAuthenticator does not support admin OIDs from FORTINET-CORE-MIB properly.

Incorrect Italian translation of Next button displayed on the reset password page.

Check the reason for FortiAuthenticator 400E auto reboot.

Sponsor is able to edit static routing settings.

Importing guest users via CSV does not add them to newly created user groups.

Token bypass not working for FIDO enabled self-service portal,

Single sign-on for one FortiAuthenticator as password and another as OTP not working as intended.

FortiAuthenticator as LDAP server; logs shows LDAP_FAC in the Source IP field.

FortiAuthenticator supports Zero Trust tunnels to multiple remote LDAP servers through one FortiGate only.

Self-service portal password change fails for remote LDAP users if UPN format is used.

Custom RADIUS attributes disappear on HA secondary after failover and we get 500 crash when clicking into RADIUS policy.

Narrowing the browser window causes GUI elements to overlap.

Narrow browser size to the smallest window size will cause all UI element to overlap display.

Local services cannot use cert with >97 character subject length.

TACACS+ authentication fails when the authentication process takes long.

Portal Policy on the Firefox web browser boxes not aligned properly.

Windows log events in FSSO are dropping after some time.

Back button in the user lookup page does not navigate back to the original user list page.

Upgrading FortiAuthenticator in HA-LB removes the MAC-address records form the LB node.

KVM model does not obey hypervisor soft restart/shutdown commands.

Resizing the window causes GUI fields to overlap in Logs page.

Usability of User Group GUI.

HA Cluster not forming due to differing smartconnect primary key name (upgrade path mismatch, but should work).

If the user has only an email token for it's second factor authentication, and the portal has Allow users to temporarily use email token authentication if an email was pre-configured enabled under Fortitoken Revocation, the user should not be able to use Switch to email token authentication.

t takes a long time for FortiAuthenticator to reflect active certificates in the GUI after successful SCEP enrollment request.

FortiAuthenticator fails to send out COA disconnect to FortiGate.

NTLM authentication failure under load.

RADIUS attribute name should be only unique within the dictionary, not across all dictionaries.

NTLM authentication does not work with child domain.

FortiAuthenticator remote user sync rules - Set Group Filter not working if OU has special characters in name, e.g., ( , ) , +.

Smart Connect for Android running on version 12 and 13 never installed the configuration profile.

In FortiAuthenticator CLI, a user can change DNS addresses even if we assign No-Access/Read-only admin profile.

FIDO users status bug on SAML.

Updating the image variable in SAML IdP replacement HTML editor could trigger 500 error.

FortiNAC can overwhelm FortiAuthenticator with many TACACS+ logins on the same service account.

FortiAuthenticator GUI/captive portal access freezes/become unresponsive during peak hours.

JavaScript error when using the filter button on local users page.

Sign in as a different user does not work on a proxy setup in SAML.

FortiAuthenticator drops FSSO events with work queue full, dropping logon error.

Change Western Sahara to Morocco (Southern Provinces) in the phone number country code.

FortiAuthenticator HA device with low priority stays primary.

IP lockout not being logged in on FortiAuthenticator logs.

Unable to delete a user group.

Machine authentication cache expiry.

Enable CSP on user pages.

Portal policy realms table values are in the wrong column.

403 Forbidden error while doing SAML authentication after OAuth succeeds.

Failed FIDO token authentication and reauthentication FIDO token using SP SAML portal causes error occurred.

Unable to use FortiAuthenticator images in System replacement messages.

FortiAuthenticator picks the incorrect IP from proxied requests from the header when multiple headers are used in a request.

FortiAuthenticator ignores the groups filtering rules and sends all SSO groups to FortiGate if the FortiGate is configured with FQDN.

Javascript errors being thrown by all(?) search filters.

SAML IdP's IAM button should not be displayed if the SAML IdP portal is disabled.

JavaScript error when enabling SSO on legacy self service portal.

500 error when launching a Smart Connect profile that contains a CSR for Android.

Certificate GUI filter by status times out when there are thousands of revoked certificates.

After a reboot, FortiAuthenticator shows 500 Internal Server Error when synchronizing hardware tokens.

Some users fail to authenticate through SSL VPN.

Upgrade from 6.3.3 to 6.5.0 gives error in wad-service logs.

Select All checkbox for Remote user sync rule does not select all the rules in Firefox without private window.

HA boots into unstable state when cluster peer is not found.

Javascript error when changing FortiAuthenticator GUI log history period.

SNMP v3 with non-ENG letter pass gives authentication failed.

FortiAuthenticator HA is out of sync and web server crashes when clicking on Packet Capture with 500 Internal server error.

Error in logs for FTM authentication with mschapv2.

HA Load balancer node is not synchronizing.

SAML IdP Login Success Page: last login information not shown when the previous IdP session was cleared.

500 error when accessing SAML IdP with http.

Unable to import 10k plus groups from Azure via SAML in FortiAuthenticator.

SAML: Launching SP-initiated SAML session for a user with FIDO AUTH produces server errors.

Admin password recheck popup should have a Cancel button.

Content security policy errors when trying to create new FTMs.

Read-only profile page does not show the correct information.

SAML sync rule groups input should be disabled when no server is selected.

FortiAuthenticator Remote user sync rules - Test filter not working if OU has special characters in name, e.g., ( , ) , +.

SAML token-only login displays password page instead of the token page.

Login page not found after successful user registration.

Unable to provision FortiToken Mobiles on FortiAuthenticator 200E/400E/3000E in 6.5.0/6.5.1.

WAD-enforced administrator/service access rules are only applied to the first four interfaces. The rest is still handled in Python.