Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 6.0.5. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

403766

Firmware upgrade task was stuck in that state for more than 2 hours.

436774 FortiManager is missing permission settings when managing FortiAnalyzer.
443240 HA-status changes to standalone from ELBC cluster when making changes to FortiGuard server setting directly on FortiGate.
460615 FortiManager should adjust Radius configuration on SSID when renaming a Radius server.
474245 The "set disk-usage log" command should not be installed for devices with log disk.
489373 Passwords should allow special characters on certificate templates in FortiManager.
492088 FortiManager attempts to change Chassis ID on FortiGate 7000 series when installing configuration.
497900 User cannot paste password in managed device’s Telnet or SSH console.
498107 When an address is a member of a dynamic address group, its "Where Used" results does not say which dynamic group it belongs.
500037 FortiToken provision does not work.
502882 Operator to filter Event logs on FortiManager may not work properly.
502945 FortiManager returns TCL Error when pushing Policy to FortiGate due to failure to resolve hostname defined under “set fmg”.
503722 FortiSwitch Manager and AP Manager reports switches and APs connected to FortiGates as online when the devices are no longer powered on.
504962 When creating new vdom-link from the global interface menu, all the VDOMs should be visible in the management VDOM.
507044 FortiManager always overrides the device-level configured parameters to DPD 'default values' making impossible to tune DPD settings when using VPN Manager.
507231 FortiManager pushes IP POOL with pool type not specified but with parameter "set num-blocks-per-user 32" set.
508340 With the ADOM option "Perform Policy Check Before Every Install" enabled and no changes to install, an install will fail with the "Validation Failed" message.
511826 FortiManager should remove the mandatory requirement of having a hub-to-hub interface when two hubs are defined in a VPN community using VPN Manager.
512046 When workspace is enabled, IPv6 session based counters are synchronized with FortiGate.
515101 Admin users are unable to login from the GUI when their password contains two sequential question marks.
517061 ADOM upgrade may fail when the IPs in FortiSwitch VLAN DHCP server are configured with zero.
517376 FortiSwitch Manager > FortiSwitch Templates > FortiSwitch VLANs missing advanced options.
518351 During import, FortiManager does not checking if adding suffix to object name will exceed character limit.
519422 Deleting multiple SD-WAN rules does not work.
519484 DHCP Gateway option may not working in AP Manager.
519495 Running a script always returns the error, 'the script is not eligible', even though the actual error may be different.
520651 When querying a policy package, FortiManager API's response may be missing the VDOM information.
520691 FortiManager should warn user in install wizard if there is an IP address being installed that is 0.0.0.0/0.
520964 FortiManager is not able to assign FQDN address object to Static Route Named Address.
521063 FortiManager responses with errors if multiple protected subnets are defined in Dial-Up community external spoke configuration.
521649 Policy counters may not be accurately synchronized with the FortiGate devices.
521900 SD-WAN rule protocol options 'ANY' is not saved on GUI.
521905 Tooltip for device lock is not show in Device Manger’s device tree.
522070 Right-click menu does not allow firmware upgrade with device locked.
522206 GTP global tunnel limit is not configurable on FortiManager.
522456 FortiManager does not support the increased firewall addresses limit to 10000 objects for FGT81E or FGT81_POE.
522713 ADOM upgrade stuck at 5%.
522828 FortiManager unsets dhcp-snooping when installing from a 5.4 ADOM.
523208 FortiManager is trying to unset the category for user device when pushing policy package.
523228 Search in zone does not work after upgrade.
523480 IPS Filter does not include ALL if filtered based on OS.
523649 FortiManager is not updating the last modified time when modifying a web filter category.
523705 In web filter profile, FortiManager should only allow configuring quota for categories set to monitor, warning, or authenticate.
523712 FortiManager may attempt to add trailing spaces for VIP’s mapped IP.
523817 Push update should be available from Manager > License.
524447 Editing SD-WAN interface shows inaccurate GUI Page.
524607 FortiManager should not allow illegal change with ssl-ssh-profile causing installation to fail.
524684 API request returns all the devices even when the user does not have access to other ADOMs.

525231

When adding a system administrator, the Virtual Domain field is missing when the option, "Match a user on remote server group/Match all users on remote server " is selected.

525646 FortiManager cannot delete WF and AS FortiGuard databases on FortiManager.
525926 The Local Users column is always empty even if a token is assigned.
525927 Import all objects is not importing unused FortiTokens.
525928 Token used in device local admin configuration is displayed as not used at ADOM level.
526002 When having multiple hosts within an SNMP community, it is not possible to edit a host and change the status of HA-direct.
526232 The execute reset hitcount command tries to reset on v5.2 ADOMs, which have no hitcounts feature resulting system returning failure with code -160
526287 Policy install may stuck at 67%.
526642 Some SMTP/splice options under firewall profile-protocol options cannot be disabled.
526935 List of static route is always empty if user uses search filter before edit or clone a static route.
527140 FortiManager is unable to add multiple DHCP Relay Servers from the Device Manager System Interface Menu.
527407 Users may not be able to change the FortiGate HA management interface IP.
527650 Importing a local certificate with a big number of subject alternative names is not supported.
528633 IS-IS interfaces cannot be deleted from GUI.
528916 Users may not be able to upgrade ADOM after ADOM name has been changed.
528931 FOS-VM may be getting invalid license from FMGR-VM-Meter.
528938 FortiManager does not allow users to manually set SD-WAN member sequence ID.
528977 FortiGuard 7000 Service Status shows slave chassis with serial number instead of host name.
529036 VPN Manager should not show the options for main and aggressive mode when IKEv2 is selected.
529045 FortiManager should not prompt for Device setting for static route in TP VDOM.
529475 Web filter and Application profiles are not available in the FortiClient profile GUI.
529771 Upgrading ADOM 5.2 to 5.4 may be very timing consuming.
530207 Installing configuration after fail-over in cluster causes installation fail because of difference in management-ip.
530249 Policies that are Last Modified matched by actual traffic always shows recently modified by 'admin' even if the default admin user is not present in the FortiManager configuration.
530376 Users are unable to select Schedule Object for SSID in AP Manager.
530498 Read-Only admin can enable VPN Manager in the ADOM.
530735 FortiManager may not be able to configure a full-mesh VPN among FortiGates with multi-VDOMs.
530749 FortiManager is unable to import policy configuration from devices with a long VDOM name.
530792 When configuring Per-Device Mappings for Real Servers, mode is missing and users cannot create multiple real servers.
530837 Users should not be allowed to delete default Meta fields.
531338 Column showing unused object reverts to original size after scrolling down.
531489 Re-importing a device may result in policy package status change to "modified" for many devices.
531508 When trying to add a new gateway from VPN Manager, FortiManager returns an error 'peer invalid value’.
531573 FortiManager is not able to set Type of Service field for SD-WAN service.
531610 FortiManager is showing 'Create New' option under script even though ADOM is not locked.
531645 FortiManager should be able to configure dynamic mappings for SD-WAN via a script.
531813 With Safari, there are two issues when user editing device group: there are two scrollbars in the "Edit Device Group" window and "Edit Device Group" window size cannot be changed.

531826

Duplicated section title name issue in policy packages.

531963 SSL/SSH Profile should not allow the user to enable "Allow Invalid SSL Certificates" when Inspection mode is "SSL Certificate Inspection".
532075 When editing comment/description, FortiManager may display the slash character, “/”, as “&#x2F”.
532275 Device Manager > System Admin Profile: Unable to change Access control due to JavaScript error.
532488 Bytes/Hit/packet count should not be a parameter to consider in the Diff as these are not part of configuration.
532721 Once a Local ID value is configured for a VPN Node within VPN Manager, it can no longer be removed.
532943 FortiGate's system time is now shown on FortiManager when time zone index is set at 79, 80, or 83.
533141 Retrieving configuration under Workspace mode does not allow further changes under AP manager.
533213 FortiManager should support encrypted disk on AWS Cloud.
533857 FortiManager is unable to automatically register devices via Pre-Shared Key method if a revision is imported prior to registering the devices.
534173 FGFM debug shows fgfm_keepalive_handler entries for all managed devices in fgfm debug output when device filter is specified.
534188 FortiManager is unable to import 7040E v5.6.
534559 Editing Wi-Fi interface, which is a zone member, should not enable block intra-zone traffic.
534784 FSSO Agent with option Select FSSO groups via FortiGate does not work if the policy has no pending changes.
534927 When there is a dynamic interface and a multicast interface that has the same name within a policy package, the install wizard was not be able to create dynamic mappings.
535170 FortiManager does not accept FQDN address configuration containing the _ character.
535245 After upgrade, install may fail due to invalid VDOM snmp-index.
535525 Dynamic/Dialup Type IPSec Tunnel Interface cannot be added as SD-WAN member.
535621 Retrieving or importing configuration revision fails if configuration contains a large number of CRLs.
535743 Downstream FortiManager does not update Signature until changing schedule setting in the second tier FortiManager's FDN.
536043 When ADOM is locked, FortiManager may display incorrect values or configurations from some objects or policies.
536113 AP Manager may not be able to change wtp-mode.
536805 Install fails for DoS policy quarantine-expiry.
537135 There is no GUI validation when an invalid subnet mask is used as destination for a Static Route.
537197 Change to policy with install target specified should not change the status of ALL targets within the policy package.
537214 The command, execute device replace, is missing username.
537236 LDAP query failure over slow satellite connection.
537752 FortiManager tries to add full scan options while using quick scan in default AV profile.
537775 Proxy policy should not allow empty source address.
538029 Occasionally, duplicate sequence number may appear in some policy packages.
538934 Install to device may delete configuration on FortiGate cluster with large configuration file.
539184 FortiManager should not install forward-error-correction on VLANs.
539197 The "Policy Package" column is missing in "Where Used" result after upgrade.
539998 Install fails when deny rule contains DNS filter profile.
540065 FortiManager should be able to display CA certificate under 6.0 ADOM.
540095 Scheduled TCL Script intermittently fails to run on the scheduled time after upgrade.
540222 Policy package status changed to "Never Installed" after upgrade.
540657 There is an ordering issue on admin users where multiple wildcard users are configured on the same server.
540936 Remote wildcard users breaks user profile access to workflow sessions.
541015 FortiManager may not be able to configure or import IPS custom signature.
542024 Where Used may not point to the entity using the object.
542472 Adding section for traffic shaping policies causes runtime error.
542823 Script fails to set accprofile on device database.
543129 User may not be able to delete ADOM from Global Assignment.
543251 Policy Package name is truncated in table with "Where Used" output.
543567 FortiManager does not install new certificate obtained from FortiAuthenticator.
543734 Key Type specified, as elliptic curve is not functional when generating a CSR.
544121 Installation log is missing due to dpm-logsize limited to 10MB.
544142 Installation fails due to DNS server "Same as Interface IP" option inside device interface configuration.
544580 Two SSL-SSH profiles added by FortiManager may cause installation issue.
544886 When importing device list of multiple model devices with PSKs, FortiManager prompts the error, "Serial number already in use".
545143 Adding wildcard FQDN for SSL inspection exemption list from FortiManager fails.
545457 AP Manager may not be able to show map.
545480 When attempting to remove a VDOM from a FortiGate by running a script, the script fails unexpectedly and the VDOM is not deleted.
545491 FortiManager may fail to retrieve configuration when there are more than 10000 central NAT entries.
545813 Users may not be able to see SD-WAN options in Backup mode after switching from Normal mode.
547646 FortiManager should not push ssh-filter profile upgrade_1 to FortiGate devices after upgrade.
547740 When FortiManager is running in workspace mode, FortiManager may unexpectedly delete firewall policy.
548320 User should be able to create a FortiGate admin account with Restrict Admin to Guest Account Provisioning Only option selected with VDOM(s) guest group(s).
548416 Changes on Existing Static Route is not displayed on Installation Preview.
550240 FortiGuard service event logs should always been generated with an internal FortiManager user.
551057 FortiManager does not give an option to choose RSA 4096 and Elliptic Curve algorithms in certificates.
552069 FortiManager may fail to install local certificate on FortiGate and private key is missing after saving the configuration.

Resolved Issues

The following issues have been fixed in 6.0.5. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

403766

Firmware upgrade task was stuck in that state for more than 2 hours.

436774 FortiManager is missing permission settings when managing FortiAnalyzer.
443240 HA-status changes to standalone from ELBC cluster when making changes to FortiGuard server setting directly on FortiGate.
460615 FortiManager should adjust Radius configuration on SSID when renaming a Radius server.
474245 The "set disk-usage log" command should not be installed for devices with log disk.
489373 Passwords should allow special characters on certificate templates in FortiManager.
492088 FortiManager attempts to change Chassis ID on FortiGate 7000 series when installing configuration.
497900 User cannot paste password in managed device’s Telnet or SSH console.
498107 When an address is a member of a dynamic address group, its "Where Used" results does not say which dynamic group it belongs.
500037 FortiToken provision does not work.
502882 Operator to filter Event logs on FortiManager may not work properly.
502945 FortiManager returns TCL Error when pushing Policy to FortiGate due to failure to resolve hostname defined under “set fmg”.
503722 FortiSwitch Manager and AP Manager reports switches and APs connected to FortiGates as online when the devices are no longer powered on.
504962 When creating new vdom-link from the global interface menu, all the VDOMs should be visible in the management VDOM.
507044 FortiManager always overrides the device-level configured parameters to DPD 'default values' making impossible to tune DPD settings when using VPN Manager.
507231 FortiManager pushes IP POOL with pool type not specified but with parameter "set num-blocks-per-user 32" set.
508340 With the ADOM option "Perform Policy Check Before Every Install" enabled and no changes to install, an install will fail with the "Validation Failed" message.
511826 FortiManager should remove the mandatory requirement of having a hub-to-hub interface when two hubs are defined in a VPN community using VPN Manager.
512046 When workspace is enabled, IPv6 session based counters are synchronized with FortiGate.
515101 Admin users are unable to login from the GUI when their password contains two sequential question marks.
517061 ADOM upgrade may fail when the IPs in FortiSwitch VLAN DHCP server are configured with zero.
517376 FortiSwitch Manager > FortiSwitch Templates > FortiSwitch VLANs missing advanced options.
518351 During import, FortiManager does not checking if adding suffix to object name will exceed character limit.
519422 Deleting multiple SD-WAN rules does not work.
519484 DHCP Gateway option may not working in AP Manager.
519495 Running a script always returns the error, 'the script is not eligible', even though the actual error may be different.
520651 When querying a policy package, FortiManager API's response may be missing the VDOM information.
520691 FortiManager should warn user in install wizard if there is an IP address being installed that is 0.0.0.0/0.
520964 FortiManager is not able to assign FQDN address object to Static Route Named Address.
521063 FortiManager responses with errors if multiple protected subnets are defined in Dial-Up community external spoke configuration.
521649 Policy counters may not be accurately synchronized with the FortiGate devices.
521900 SD-WAN rule protocol options 'ANY' is not saved on GUI.
521905 Tooltip for device lock is not show in Device Manger’s device tree.
522070 Right-click menu does not allow firmware upgrade with device locked.
522206 GTP global tunnel limit is not configurable on FortiManager.
522456 FortiManager does not support the increased firewall addresses limit to 10000 objects for FGT81E or FGT81_POE.
522713 ADOM upgrade stuck at 5%.
522828 FortiManager unsets dhcp-snooping when installing from a 5.4 ADOM.
523208 FortiManager is trying to unset the category for user device when pushing policy package.
523228 Search in zone does not work after upgrade.
523480 IPS Filter does not include ALL if filtered based on OS.
523649 FortiManager is not updating the last modified time when modifying a web filter category.
523705 In web filter profile, FortiManager should only allow configuring quota for categories set to monitor, warning, or authenticate.
523712 FortiManager may attempt to add trailing spaces for VIP’s mapped IP.
523817 Push update should be available from Manager > License.
524447 Editing SD-WAN interface shows inaccurate GUI Page.
524607 FortiManager should not allow illegal change with ssl-ssh-profile causing installation to fail.
524684 API request returns all the devices even when the user does not have access to other ADOMs.

525231

When adding a system administrator, the Virtual Domain field is missing when the option, "Match a user on remote server group/Match all users on remote server " is selected.

525646 FortiManager cannot delete WF and AS FortiGuard databases on FortiManager.
525926 The Local Users column is always empty even if a token is assigned.
525927 Import all objects is not importing unused FortiTokens.
525928 Token used in device local admin configuration is displayed as not used at ADOM level.
526002 When having multiple hosts within an SNMP community, it is not possible to edit a host and change the status of HA-direct.
526232 The execute reset hitcount command tries to reset on v5.2 ADOMs, which have no hitcounts feature resulting system returning failure with code -160
526287 Policy install may stuck at 67%.
526642 Some SMTP/splice options under firewall profile-protocol options cannot be disabled.
526935 List of static route is always empty if user uses search filter before edit or clone a static route.
527140 FortiManager is unable to add multiple DHCP Relay Servers from the Device Manager System Interface Menu.
527407 Users may not be able to change the FortiGate HA management interface IP.
527650 Importing a local certificate with a big number of subject alternative names is not supported.
528633 IS-IS interfaces cannot be deleted from GUI.
528916 Users may not be able to upgrade ADOM after ADOM name has been changed.
528931 FOS-VM may be getting invalid license from FMGR-VM-Meter.
528938 FortiManager does not allow users to manually set SD-WAN member sequence ID.
528977 FortiGuard 7000 Service Status shows slave chassis with serial number instead of host name.
529036 VPN Manager should not show the options for main and aggressive mode when IKEv2 is selected.
529045 FortiManager should not prompt for Device setting for static route in TP VDOM.
529475 Web filter and Application profiles are not available in the FortiClient profile GUI.
529771 Upgrading ADOM 5.2 to 5.4 may be very timing consuming.
530207 Installing configuration after fail-over in cluster causes installation fail because of difference in management-ip.
530249 Policies that are Last Modified matched by actual traffic always shows recently modified by 'admin' even if the default admin user is not present in the FortiManager configuration.
530376 Users are unable to select Schedule Object for SSID in AP Manager.
530498 Read-Only admin can enable VPN Manager in the ADOM.
530735 FortiManager may not be able to configure a full-mesh VPN among FortiGates with multi-VDOMs.
530749 FortiManager is unable to import policy configuration from devices with a long VDOM name.
530792 When configuring Per-Device Mappings for Real Servers, mode is missing and users cannot create multiple real servers.
530837 Users should not be allowed to delete default Meta fields.
531338 Column showing unused object reverts to original size after scrolling down.
531489 Re-importing a device may result in policy package status change to "modified" for many devices.
531508 When trying to add a new gateway from VPN Manager, FortiManager returns an error 'peer invalid value’.
531573 FortiManager is not able to set Type of Service field for SD-WAN service.
531610 FortiManager is showing 'Create New' option under script even though ADOM is not locked.
531645 FortiManager should be able to configure dynamic mappings for SD-WAN via a script.
531813 With Safari, there are two issues when user editing device group: there are two scrollbars in the "Edit Device Group" window and "Edit Device Group" window size cannot be changed.

531826

Duplicated section title name issue in policy packages.

531963 SSL/SSH Profile should not allow the user to enable "Allow Invalid SSL Certificates" when Inspection mode is "SSL Certificate Inspection".
532075 When editing comment/description, FortiManager may display the slash character, “/”, as “&#x2F”.
532275 Device Manager > System Admin Profile: Unable to change Access control due to JavaScript error.
532488 Bytes/Hit/packet count should not be a parameter to consider in the Diff as these are not part of configuration.
532721 Once a Local ID value is configured for a VPN Node within VPN Manager, it can no longer be removed.
532943 FortiGate's system time is now shown on FortiManager when time zone index is set at 79, 80, or 83.
533141 Retrieving configuration under Workspace mode does not allow further changes under AP manager.
533213 FortiManager should support encrypted disk on AWS Cloud.
533857 FortiManager is unable to automatically register devices via Pre-Shared Key method if a revision is imported prior to registering the devices.
534173 FGFM debug shows fgfm_keepalive_handler entries for all managed devices in fgfm debug output when device filter is specified.
534188 FortiManager is unable to import 7040E v5.6.
534559 Editing Wi-Fi interface, which is a zone member, should not enable block intra-zone traffic.
534784 FSSO Agent with option Select FSSO groups via FortiGate does not work if the policy has no pending changes.
534927 When there is a dynamic interface and a multicast interface that has the same name within a policy package, the install wizard was not be able to create dynamic mappings.
535170 FortiManager does not accept FQDN address configuration containing the _ character.
535245 After upgrade, install may fail due to invalid VDOM snmp-index.
535525 Dynamic/Dialup Type IPSec Tunnel Interface cannot be added as SD-WAN member.
535621 Retrieving or importing configuration revision fails if configuration contains a large number of CRLs.
535743 Downstream FortiManager does not update Signature until changing schedule setting in the second tier FortiManager's FDN.
536043 When ADOM is locked, FortiManager may display incorrect values or configurations from some objects or policies.
536113 AP Manager may not be able to change wtp-mode.
536805 Install fails for DoS policy quarantine-expiry.
537135 There is no GUI validation when an invalid subnet mask is used as destination for a Static Route.
537197 Change to policy with install target specified should not change the status of ALL targets within the policy package.
537214 The command, execute device replace, is missing username.
537236 LDAP query failure over slow satellite connection.
537752 FortiManager tries to add full scan options while using quick scan in default AV profile.
537775 Proxy policy should not allow empty source address.
538029 Occasionally, duplicate sequence number may appear in some policy packages.
538934 Install to device may delete configuration on FortiGate cluster with large configuration file.
539184 FortiManager should not install forward-error-correction on VLANs.
539197 The "Policy Package" column is missing in "Where Used" result after upgrade.
539998 Install fails when deny rule contains DNS filter profile.
540065 FortiManager should be able to display CA certificate under 6.0 ADOM.
540095 Scheduled TCL Script intermittently fails to run on the scheduled time after upgrade.
540222 Policy package status changed to "Never Installed" after upgrade.
540657 There is an ordering issue on admin users where multiple wildcard users are configured on the same server.
540936 Remote wildcard users breaks user profile access to workflow sessions.
541015 FortiManager may not be able to configure or import IPS custom signature.
542024 Where Used may not point to the entity using the object.
542472 Adding section for traffic shaping policies causes runtime error.
542823 Script fails to set accprofile on device database.
543129 User may not be able to delete ADOM from Global Assignment.
543251 Policy Package name is truncated in table with "Where Used" output.
543567 FortiManager does not install new certificate obtained from FortiAuthenticator.
543734 Key Type specified, as elliptic curve is not functional when generating a CSR.
544121 Installation log is missing due to dpm-logsize limited to 10MB.
544142 Installation fails due to DNS server "Same as Interface IP" option inside device interface configuration.
544580 Two SSL-SSH profiles added by FortiManager may cause installation issue.
544886 When importing device list of multiple model devices with PSKs, FortiManager prompts the error, "Serial number already in use".
545143 Adding wildcard FQDN for SSL inspection exemption list from FortiManager fails.
545457 AP Manager may not be able to show map.
545480 When attempting to remove a VDOM from a FortiGate by running a script, the script fails unexpectedly and the VDOM is not deleted.
545491 FortiManager may fail to retrieve configuration when there are more than 10000 central NAT entries.
545813 Users may not be able to see SD-WAN options in Backup mode after switching from Normal mode.
547646 FortiManager should not push ssh-filter profile upgrade_1 to FortiGate devices after upgrade.
547740 When FortiManager is running in workspace mode, FortiManager may unexpectedly delete firewall policy.
548320 User should be able to create a FortiGate admin account with Restrict Admin to Guest Account Provisioning Only option selected with VDOM(s) guest group(s).
548416 Changes on Existing Static Route is not displayed on Installation Preview.
550240 FortiGuard service event logs should always been generated with an internal FortiManager user.
551057 FortiManager does not give an option to choose RSA 4096 and Elliptic Curve algorithms in certificates.
552069 FortiManager may fail to install local certificate on FortiGate and private key is missing after saving the configuration.