Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known issues

The following issues have been identified in version 7.0.6. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Dashboard

Bug ID

Description

781654 EMS does not remove dashboard outbreak alerts when endpoint disconnects.

Endpoint management

Bug ID

Description

691790

EMS should not allow downloading requested diagnostic result for FortiClient (Linux).

760816 Group assignment rules based on IP addresses do not work when using split tunnel.
770364 EMS does not disable third party features for non-Windows endpoints.

772402

Endpoint does not move to correct workgroup based on installer ID after deploying FortiClient from EMS.

780630 EMS Active Directory schema does not fully update on EMS.

785186

EMS does not remove user from policy after deleting the domain.

792652

EMS cannot delete domain.

803887

GUI does not show assigned installer for fresh domain machine during deployment.

813513 User cannot download or view Sandbox malware report.
821704 EMS reports device as managed in verified and unverified user table after FortiClient is unregistered from EMS.

Endpoint policy and profile

Bug ID

Description

466124 User cannot change <nat_alive_freq> value.

766445

EMS enables or disables profile feature for all policies that use the defined profile.

799062

FortiClient does not send Web Filter traffic logs to FortiAnalyzer.

810123 VPN before logon does not appear with fresh FortiClient installation.
811199 FortiGate to EMS Web Filter profile synchronization misbehaves for Chromebook profiles.
816362 Web Filter profile synced from FortiManager does not allow Allow websites when rating error occurs.
817291 EMS cannot import some Web Filter options, such as safe search and Allow websites when rating error occurs from FortiManager.
823595 A newly created profile should have the invalid certificate action set to warning by default when EMS applies a valid certificate.
823685 Imported Web Filter profile from FortiGate or FortiManager changes to allow all categories after enabling Log User Initiated Traffic and resynchronizing.

License

Bug ID

Description

823458 EMS with Endpoint Protection Platform (EPP) only license and zero trust network access feature enabled reports EPP license as consumed but fails to quarantine endpoint.

Multitenancy

Bug ID

Description

745854 Super administrators convert to site administrators after enabling multitenancy.
816600 Non-default site database does not update EMS serial number after uploading new license.

Install and upgrade

Bug ID

Description

820546 EMS disables New EMS Version is available for deployment EMS alert after upgrade.
824303 Upgrading to 7.0.6 breaks Malware Protection profiles due to XML error.

Workaround: Open an existing profile, click the Advanced button, then go to the XML Configuration tab. Click the Edit button, then save it. This resolves the issue and removes the red X from the left window pane.

Zero Trust tagging

Bug ID

Description

712522

FortiGate does not receive some endpoint tags from EMS after upgrading.

726835 FortiGate cannot get the updated VPN IP address in firewall dynamic EMS tag address when FortiClient establishes the VPN tunnel.
765375 User in Active Directory Group Zero Trust Network Access rule does not identify domains.

781590

EMS does not send all tag definitions to all FortiGates if there are no FortiClients that use them.

783287

Let's Encrypt ACME certificate request fails due to port 80 on autotest system.

795202

IP/MAC address information is not present in dynamic address list when establishing SSL VPN.

815736

EMS fails to apply NOT for On-Fabric Status rule while creating a new tag.

Deployment and installers

Bug ID

Description

666289

EMS does not report correct deployment package state.

714496

FortiClient Cloud upgrade keeps installer on instance and causes disk to have no space.

773672 Disabling installer ID in FortiClient installer does not take effect.

814700

FIPS feature is gone after manual upgrade with FIPS-enabled installer that EMS created.

System Settings

Bug ID

Description

753951

EMS does not recognize disabling Use FortiManager for client software/signature updates > Failover.

784554 EMS displays error while importing ACME certificate.

807340

EMS tries to connect to FortiGuard Anycast server on port 8000.

794841

Email alerts are not triggered when the number of available licenses is less than 10% of the total.

753951

EMS does not recognize it when user disables Use FortiManager for client software/signature updates > Failover.

823701

User cannot enable Enforce User Verification on FortiClient Cloud.

Chromebook

Bug ID

Description

777957 EMS assigns the wrong profile.

Administration

Bug ID

Description

678899

Persisting LDAP configuration in multitenancy global/default/non-default administration users.

Performance

Bug ID

Description

731097 Updating or disabling policy assigned to large number of AD endpoints takes long time to process.
759729 Possible slow httpd file handle leak.

EMS HA

Bug ID

Description

809344 High availability (HA) does not start if starting without the database.
809396 EMS on HA backup generates a generic error.
816314 Restoring a database does not restore EMS configuration and settings in always on availability environment.

Configuration

Bug ID

Description

745913 SMTP configuration fails authentication.

Endpoint control

Bug ID

Description

776626

FortiClient may fail to get Web Filter custom message when EMS runs in high availability mode.

779652 IPsec VPN shows offline status in FortiGate endpoint record list and fails to resolve VPN IP address to EMS tag firewall dynamic address.
813531 EMS does not push profile to endpoints if they connect to EMS after enabling the feature under EMS System Settings.

GUI

Bug ID

Description

717433

Patching a vulnerability for a specific endpoint patches it on others.

731074

Importing the same JSON file for zero trust tagging twice introduces duplicate tags.

767469 EMS marks many endpoints as not installed after upgrading.
770204 When CX changes the invitation link expiry date, the previous invitation link does not work.
771027 FortiClient does not detect virus within large zip file, but detects it when extracted.

774880

You can import the same Zero Trust tagging rules multiple times by clicking the Import button multiple times.

793313

Detailed deployment states list does not fit in window.

811774

EMS with Remote Access-only license shows unrelated feature options on GUI.

816151

Toggle for Use FortiManager for client software/signature updates appears disabled after enabling the feature.

819205

License widget shows Forensic license as NaN used of X when no license is in use.

Malware Protection and Sandbox

Bug ID

Description

793926 FortiShield blocks spoolsv.exe on Citrix virtual machine servers.

Vulnerability Scan

Bug ID

Description

725170 Vulnerabilities detected on FortiClient do not show in EMS.

740041

Vulnerability logging does not have filepath and applications information.

Other

Bug ID

Description

752052 EMS does not sending alert emails.

786181

EMS is not sending EMS and endpoint alert emails.

820060 Verified user and unverified user tables show same device list with the same logins and registered LDAP users.

Known issues

The following issues have been identified in version 7.0.6. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Dashboard

Bug ID

Description

781654 EMS does not remove dashboard outbreak alerts when endpoint disconnects.

Endpoint management

Bug ID

Description

691790

EMS should not allow downloading requested diagnostic result for FortiClient (Linux).

760816 Group assignment rules based on IP addresses do not work when using split tunnel.
770364 EMS does not disable third party features for non-Windows endpoints.

772402

Endpoint does not move to correct workgroup based on installer ID after deploying FortiClient from EMS.

780630 EMS Active Directory schema does not fully update on EMS.

785186

EMS does not remove user from policy after deleting the domain.

792652

EMS cannot delete domain.

803887

GUI does not show assigned installer for fresh domain machine during deployment.

813513 User cannot download or view Sandbox malware report.
821704 EMS reports device as managed in verified and unverified user table after FortiClient is unregistered from EMS.

Endpoint policy and profile

Bug ID

Description

466124 User cannot change <nat_alive_freq> value.

766445

EMS enables or disables profile feature for all policies that use the defined profile.

799062

FortiClient does not send Web Filter traffic logs to FortiAnalyzer.

810123 VPN before logon does not appear with fresh FortiClient installation.
811199 FortiGate to EMS Web Filter profile synchronization misbehaves for Chromebook profiles.
816362 Web Filter profile synced from FortiManager does not allow Allow websites when rating error occurs.
817291 EMS cannot import some Web Filter options, such as safe search and Allow websites when rating error occurs from FortiManager.
823595 A newly created profile should have the invalid certificate action set to warning by default when EMS applies a valid certificate.
823685 Imported Web Filter profile from FortiGate or FortiManager changes to allow all categories after enabling Log User Initiated Traffic and resynchronizing.

License

Bug ID

Description

823458 EMS with Endpoint Protection Platform (EPP) only license and zero trust network access feature enabled reports EPP license as consumed but fails to quarantine endpoint.

Multitenancy

Bug ID

Description

745854 Super administrators convert to site administrators after enabling multitenancy.
816600 Non-default site database does not update EMS serial number after uploading new license.

Install and upgrade

Bug ID

Description

820546 EMS disables New EMS Version is available for deployment EMS alert after upgrade.
824303 Upgrading to 7.0.6 breaks Malware Protection profiles due to XML error.

Workaround: Open an existing profile, click the Advanced button, then go to the XML Configuration tab. Click the Edit button, then save it. This resolves the issue and removes the red X from the left window pane.

Zero Trust tagging

Bug ID

Description

712522

FortiGate does not receive some endpoint tags from EMS after upgrading.

726835 FortiGate cannot get the updated VPN IP address in firewall dynamic EMS tag address when FortiClient establishes the VPN tunnel.
765375 User in Active Directory Group Zero Trust Network Access rule does not identify domains.

781590

EMS does not send all tag definitions to all FortiGates if there are no FortiClients that use them.

783287

Let's Encrypt ACME certificate request fails due to port 80 on autotest system.

795202

IP/MAC address information is not present in dynamic address list when establishing SSL VPN.

815736

EMS fails to apply NOT for On-Fabric Status rule while creating a new tag.

Deployment and installers

Bug ID

Description

666289

EMS does not report correct deployment package state.

714496

FortiClient Cloud upgrade keeps installer on instance and causes disk to have no space.

773672 Disabling installer ID in FortiClient installer does not take effect.

814700

FIPS feature is gone after manual upgrade with FIPS-enabled installer that EMS created.

System Settings

Bug ID

Description

753951

EMS does not recognize disabling Use FortiManager for client software/signature updates > Failover.

784554 EMS displays error while importing ACME certificate.

807340

EMS tries to connect to FortiGuard Anycast server on port 8000.

794841

Email alerts are not triggered when the number of available licenses is less than 10% of the total.

753951

EMS does not recognize it when user disables Use FortiManager for client software/signature updates > Failover.

823701

User cannot enable Enforce User Verification on FortiClient Cloud.

Chromebook

Bug ID

Description

777957 EMS assigns the wrong profile.

Administration

Bug ID

Description

678899

Persisting LDAP configuration in multitenancy global/default/non-default administration users.

Performance

Bug ID

Description

731097 Updating or disabling policy assigned to large number of AD endpoints takes long time to process.
759729 Possible slow httpd file handle leak.

EMS HA

Bug ID

Description

809344 High availability (HA) does not start if starting without the database.
809396 EMS on HA backup generates a generic error.
816314 Restoring a database does not restore EMS configuration and settings in always on availability environment.

Configuration

Bug ID

Description

745913 SMTP configuration fails authentication.

Endpoint control

Bug ID

Description

776626

FortiClient may fail to get Web Filter custom message when EMS runs in high availability mode.

779652 IPsec VPN shows offline status in FortiGate endpoint record list and fails to resolve VPN IP address to EMS tag firewall dynamic address.
813531 EMS does not push profile to endpoints if they connect to EMS after enabling the feature under EMS System Settings.

GUI

Bug ID

Description

717433

Patching a vulnerability for a specific endpoint patches it on others.

731074

Importing the same JSON file for zero trust tagging twice introduces duplicate tags.

767469 EMS marks many endpoints as not installed after upgrading.
770204 When CX changes the invitation link expiry date, the previous invitation link does not work.
771027 FortiClient does not detect virus within large zip file, but detects it when extracted.

774880

You can import the same Zero Trust tagging rules multiple times by clicking the Import button multiple times.

793313

Detailed deployment states list does not fit in window.

811774

EMS with Remote Access-only license shows unrelated feature options on GUI.

816151

Toggle for Use FortiManager for client software/signature updates appears disabled after enabling the feature.

819205

License widget shows Forensic license as NaN used of X when no license is in use.

Malware Protection and Sandbox

Bug ID

Description

793926 FortiShield blocks spoolsv.exe on Citrix virtual machine servers.

Vulnerability Scan

Bug ID

Description

725170 Vulnerabilities detected on FortiClient do not show in EMS.

740041

Vulnerability logging does not have filepath and applications information.

Other

Bug ID

Description

752052 EMS does not sending alert emails.

786181

EMS is not sending EMS and endpoint alert emails.

820060 Verified user and unverified user tables show same device list with the same logins and registered LDAP users.