Fortinet black logo

Release Notes

Resolved Issues

Resolved Issues

The following issues have been fixed in 6.0.7. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

547361 AP Profile in AP Manager offers redundant options for specific AP models, which can lead to failed installation.
548329 WiFi profiles SSID DHCP Server toolbar is hidden if System Settings is set to None in an Admin Profile.
564936 AP Manager does not allow Security Exempt List when Portal Type does not contain Authentication.
570936 AP Manager is pushing incorrect syntax for FAPU24JEV wtp-profile, causing installation failure.
570937 AP Manager should allow individual configure LAN ports.
571722 AP Manager should hide WIDE profiles if they cannot be used in certain modes.
572544 When creating a managed AP, FortiManager should properly save the Name and AP Profile fields, and it should not accept FAP's serial number with lowercase letters.

Device Manager

Bug ID

Description

483821

Two default values are incorrect in FMG database ("wad-worker-count" and "socket-size").

508020 Web & IPS conflict information is not visible while importing policy package.
514299 If the address objects have the same configuration, FortiManager should not add dynamic mapping for the same identical objects during the import.
528965 FortiManager needs to support four modes for SD-WAN service's output interface: Auto, Manual, Priority, and SLA Assign.
536078 Device Manager may not be able to display more than 50 VDOMs.
539928 Objects used in SD-WAN rules show as not in use in address list.
542961 FortiManager is unable to change FGT's administrator password from CLI Configurations.
544597 VLAN interface is not available for EMAC VLAN on Device Manager > System > Interfaces.
544880 FortiManager should not allow adding loopback interface to a zone.
547528 FortiManager may be slow to view large device revisions on Firefox.
549638 MAC address Access Control List entries under DHCP server get duplicated when editing an entry.
549674 Users should be able to create a new SD-WAN template even if System Settings is set to None in the Admin Profile.
550237 Read-only admin should not be allowed to add detected devices.
550239 System SNMP user is missing the value aes256cisco for the field priv-proto.
550513 Users should be able to change IPSec Phase1 within IPSec Phase2 settings.
551077 FortiManager may not be able to import policies from FortiGate SLBC.
551701 FortiManager is unable to set OSPF Interface Network Type as P2MP.
553491 Enabling or disabling multiple interfaces should be allowed in Device Manager.
554154 FortiManager should be able to select multiple FortiExtender units for upgrade from the Extender tab.
555394 Policy route's columns for Source and Destination show port information instead of subnet addresses.
555635 Certificate is not visible on GUI after restoring the configuration, which was exported from FortiManager.
564182 FortiManager should always respond with invalid VDOM name when accessing FortiManager with incorrect hyperlinks.
564625 Re-importing a policy package may result in changing policy package status to modified.
568626 FortiManager can only modify the order of DNS forwarder only if the IP addresses are in quotes ("") and when the IP addresses are not separated by a comma.
569468 Firmware version value is incorrect in device list after upgrade.
569900 FortiManager may hang when adding devices from root ADOM within the unregistered device list.
570109 FortiManager cannot configure fail-detect-option in interface's advanced options.
571581 FortiManager may not show zone changes in policy package diff.
574988 CLI only object cannot create router BGP AS-path list and community list, and prompts the error "entry does not exist".
575823 FortiManager should not allow user to delete extra proposals when SUITE-BPRF is enabled.
576320 Policy status of all devices used in VPN Manager is changing to modified after deleting some unrelated devices.
576565 Creating VXLAN may gradually take more time.
577937 Editing Restrict Access in VLAN interface settings removes interface from zone.

579648

FortiManager fgfmsd crashes when a FortiGate with 6.2.1 firmware sends registration request to FMG

581812 Sorting Extenders by Device Name does not work.
583467 FortiManager cannot edit the MTU parameter on an interface in Device Manager.
586550 Device Manager does not detect newly joined Telemetry group on FortiGate.

FortiClient Manager

Bug ID

Description

548572 FortiManager shows unclear message in FortiClient Profile with Response with errors instead of Device groups cannot be empty.

FortiSwitch Manager

Bug ID

Description

586557 User group for FortiSwitch Security Policy should not be removed once Workflow session is created and submitted.

Global ADOM

Bug ID

Description

509665 Global v5.2 assigned to ADOM v5.4 and webfilterftgd-local-rating might set to wrong category.
551072 Assignment of object-tag from 5.6 Global ADOM to 6.0 ADOM should not fail.
580600 FortiManager may not respond when assigning Global Objects.
587511 gSSO_Guest_User should work the same as predefined SSO_Guest_User.

Others

Bug ID

Description

529770 Policy package integrity check provides no clarification on intended database changes.
538915 Firmware version is not displayed on NOC - SOC page.
540034 There may be repetitive fmgd crashes in FortiManager's crashlog.
541880 The dmserver daemon may crash when installing to multiple devices and CPU usage reaches 100%.
551937 FortiManager should only allow the browser to save and paste credentials at the logon prompt only.
552222 When running cdbcheckpolicy-packages, FortiManager prompts central fap object not found errors.
561008 Second IP in central management removed by master FortiManager on re-connection.
561279 The newcli process may crash when running the diagnose cdb upgrade check +all command.
561946 Upgrading FortiManager may fail due to incorrect limit for user adgrp.
574826 FortiManager port negotiation switches to 100 half-duplex mode after a reboot.
576558 Delete invalid orphan entries" errors found by diag cdb upgrade check +all are not fixed.
580832 FortiManager may show disk unused under LVM.
586241 When locking an ADOM and deleting it with workflow enabled, the workflow stays with status changes to (null).
586991 Logver field is missing when FortiAnalyzer is enabled, affecting report related features.

589805

Installing policy package via JSON API with missing interface in zone definition deletes zone and corresponding firewall policies on FortiGate.

Policy and Objects

Bug ID

Description

571235

Enabling policy hit count locks ADOM and provokes GUI slowness.

494367 Users cannot search address in policy where the address is a part of a nested group.
521904 Policy and Object's folders do not reflect policy package status.
528881 Users are not able to remove all FSSO objects from selected list that has a large number of entries.
530717 Under Policy & Objects > Policy Package > right click > add address in policy, the page is stuck on loading with Microsoft Edge.
531585 A proxy policy's source address field should display all address objects in the search list despite the interface binding defined for the addresses.
534220 Users cannot add entries for per-device mapping with existing VIP group when a VIP binds to a port that is part of SD-WAN.
540045 Search is not persistent after creating or cloning a new object.
544404 A remote user approves a session, session list shows zero session.
545484 ADOM unable to create per-device mappings for local certificate.
546334 Dynamic interface is not visible in policies until web page refreshes.
547052 FortiManager GUI should not allow creating security profiles without any SSL/SSH inspection profile defined.
547055 FortiManager GUI should prevent CA certificate to be changed on built-in SSL/SSH inspection profiles.
549504 Wildcard remote admin cannot run schedule install.
553704 FortiManager may be stuck at loading when using the Find Duplicate Objects function.
554092 FortiManager is unable to use interface member of a zone as Source Interface filter for VIP object.
554901 EU country ID is available in FortiManager, but the ID is not part of the latest geographical database.
558408 When user installs a policy package to more than 20 devices, some of the task for this installation may hang and dmserver crashes.
559009 FortiManager should allow users to select SD-WAN interface on IPv6 policy.
559104 Incorrect ADOM name may be displayed in Where Used.
559112 FortiManager may not be able to edit a proxy policy that was inserted above or below.
559751 Duplicated ##seq appears in policy packages, and they cannot be fixed with diagnose command.
560694 If hitcount is updated while ADOM is locked, policies matched by traffic are highlighted as modified.
562160 FortiManager should be able to create dynamic mapping for object-tagging category.
563169 When user changes webfilter settings, username in last modified column should always be updated.
563629 Clicking on "+" function should allow users to add Wildcard FQDN objects.
564203 Policy package cannot export to Microsoft Excel when policy is more than 20,000 policies.
564405 FortiManager may not be able to modify Tag-Format field under Anti-spam profile.
566599 IPS Rate Based Signatures may be applied in the wrong order.
567514 Multiple policies may be deleted by accident, if they are selected on the background from the previous filtered result.
569551 FortiManager should be able to save quotas within webfilter profile.
576267 SSL/SSH inspection profile change does not change all related policy package statuses to modified.
579844 When user logs in with remote Radius authentication with assigned VDOM and access profile, FortiManager may not show the installation target devices.
580676 FortiManager may not delete and change a policy, and it affects another policy packages.
581481 FortiManager should allow adding a custom Application Control signature with the same attack ID as an existing one.
582685 Web Filter Profiles with URL filter lists may take a long time to load.
588548 Under workspace, addresses may be removed from a firewall policy when merging duplicated addresses.
588869 Re-installing policy package on FortiGate with multiple VDOMs may wipe out configuration on a VDOM that belongs to a different policy package.
590179 Drop-down cannot populate OCI Certificate for OCI Fabric Connector.

581495

Interface Validation should prompt only once per unmapped interface.

Revision History

Bug ID

Description

524611 FortiManager tries to set profile-type group even if there is no profile-group specified causing installation to fail.
539994 Installing to FortiGate fails when wildcard-fqdn address is used in SSL profile.
548027 After FortiGate upgrades, verification may fail on set nat enabled if set central-nat enable is configured.
549001 Installation may fail after changed inspection mode from Proxy to Flow.
555796 Installing policy on 6K series FortiGate may remove the interface setting set forward-error-correction rs-fec.
556985 FortiManager prompts unclear message when device configuration file is not found.
560689 Auto-Update revision is missing set stp-bpdu-guard enabled.
565436 After FortiManager processed many auto-update requests, FortiManager may not be able to create a new revision.
565636 FortiManager may prompt verification error on Global ADOM's gall address.
565970 One specific unused adgrp is getting pushed to FortiGate that does not use by FSSO anywhere.
566138 FortiManager may not correctly install Application Control configurations.
566390 Policy installation may fail due to FortiGuard certifications.
567770 Install custom internet service to FortiGate fails when None is selected for Master Service ID.
577964 FortiManager should install imported CA certificates to managed FortiGate device.
586992 FortiManager does not install broadcast-forward enabled on Virtual Switch to managed FortiGate.
589858 The BGP scan-time value of 0 can be set on FortiGate, but FortiManager resets it to default by unset scan-time on the next policy push.

Script

Bug ID

Description

519495 Running a script always returns the error, the script is not eligible, even though the actual error may be different.
530838 When viewing script results, there are several new lines in unexpected places.
550502 Installing DDoS policies via a CLI script may fail.
555175 User may mistakenly configures FortiManager to run script against a group of targets when targeting a single device.
559844 FortiManager may not be able to set client-idle-timeout to 0 in device database.
564937 FortiManager allows users not to set device type when creating a user device resulting in install failure.
565053 FortiManager cannot unset Security Exempt List.
577463 Script scheduling should not be affected by the order of configuration.
586817 Script may not be getting applied completely on policy package.
587015 When user tries to set signature with non escaped quotes from script, the signature becomes separate strings, and the installed string may not be what it is expected.

Services

Bug ID

Description

539196 FortiManager should not show FortiGuard subscription status Expired, if a trial license is expired.
543404 FortiManager should display log on FortiGuard Distribution Server Download Log.
551096 FortiMeter Program License is expired and it is displayed as FREZ even though FortiGate Traffic is still passing.
557355 FortiManager may not connect to FortiGuard when fds-ssl-protocol is set to either tlsv1.1 or tlsv1.2.
562021 FortiManager should support HTTPS proxy.

System Settings

Bug ID

Description

498133 0150: Syslog is not sent using IPv6.
529051 Map to Policy Interface & Scan out going connection to Botnet Sites disappears in v6.0.3 when running FortiManager in workflow mode.
537312 Event logs should not have the user from field when an internal process riggers the log.
537338 FortiManager should not reset objects' Created Time and Last Modified timestamps after upgrading ADOMs.
539137 User may not be able to access to FortiManager using IPv6 address, even if user sets IPv6 allow access on HTTPS and HTTP.
548034 System Settings' LDAP may not work with nested directory groups.
562239 Dynamic mappings may be deleted after ADOM upgrade.
563918 FortiManager should prompt more clear error when ADOM upgrade fails.
564400 ADOM upgrade may show the error firewall ssl-ssh-profile ssl-exempt wildcard-fqdn. detail: table limit.
576098 Event log may not show the correct username when changing a non policy related object.
579075 LDAP admin user may not be able to access FortiManager when there are many LDAP groups.
580486 Adding ADOM fails with errorCode 102: 'Fail to lock adom Global workspace' when workspace-mode is set to normal.
584749 System Settings may not show the ADOM-VDOM association.
587242 [b349] HA Cluster fails after upgrading to 6.0.6 with peer IP using IPv6.
588884 Event log for merging duplicated objects is missing object name.

VPN Manager

Bug ID

Description

546790 Table row's height too short to display the monitors for multiple phase 2 entries.
553860 Hub-to-Hub IPsec Phase1 interface install uses remote-gw as interface IP even though public IP is defined under the Advance section.
554857 Policy package does not go out-of-sync after VPN Manager is enabled.
556340 VPN manager > create a new VPN communities displays IKE Version default value as 2 instead of 1.
563961 Selection menus for authusrgrp and ipv4-split-include are not working in the gateway configuration for Dial-Up.
571164 VPN Manager has problem adding secondary WAN interface from a hub in star community.
574727 VPN Manager may not display SSL-VPN settings for some devices.
576308 Policy package exported as CSV contains hit count data only for IPv4, but not for IPv6.
577939 VPN Manager may install different PSKs to gateways.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

Description

542636 FortiManager is no longer vulnerable to the following CVE-Reference:
  • CVE-2019-6695
565905 FortiManager is no longer vulnerable to the following CVE Reference:
  • CVE-2019-1147
565947 FortiManager is no longer vulnerable to the following CVE Reference:
  • CVE-2019-11478
565967 FortiManager is no longer vulnerable to the following CVE Reference:
  • CVE-2019-11479

Resolved Issues

The following issues have been fixed in 6.0.7. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

547361 AP Profile in AP Manager offers redundant options for specific AP models, which can lead to failed installation.
548329 WiFi profiles SSID DHCP Server toolbar is hidden if System Settings is set to None in an Admin Profile.
564936 AP Manager does not allow Security Exempt List when Portal Type does not contain Authentication.
570936 AP Manager is pushing incorrect syntax for FAPU24JEV wtp-profile, causing installation failure.
570937 AP Manager should allow individual configure LAN ports.
571722 AP Manager should hide WIDE profiles if they cannot be used in certain modes.
572544 When creating a managed AP, FortiManager should properly save the Name and AP Profile fields, and it should not accept FAP's serial number with lowercase letters.

Device Manager

Bug ID

Description

483821

Two default values are incorrect in FMG database ("wad-worker-count" and "socket-size").

508020 Web & IPS conflict information is not visible while importing policy package.
514299 If the address objects have the same configuration, FortiManager should not add dynamic mapping for the same identical objects during the import.
528965 FortiManager needs to support four modes for SD-WAN service's output interface: Auto, Manual, Priority, and SLA Assign.
536078 Device Manager may not be able to display more than 50 VDOMs.
539928 Objects used in SD-WAN rules show as not in use in address list.
542961 FortiManager is unable to change FGT's administrator password from CLI Configurations.
544597 VLAN interface is not available for EMAC VLAN on Device Manager > System > Interfaces.
544880 FortiManager should not allow adding loopback interface to a zone.
547528 FortiManager may be slow to view large device revisions on Firefox.
549638 MAC address Access Control List entries under DHCP server get duplicated when editing an entry.
549674 Users should be able to create a new SD-WAN template even if System Settings is set to None in the Admin Profile.
550237 Read-only admin should not be allowed to add detected devices.
550239 System SNMP user is missing the value aes256cisco for the field priv-proto.
550513 Users should be able to change IPSec Phase1 within IPSec Phase2 settings.
551077 FortiManager may not be able to import policies from FortiGate SLBC.
551701 FortiManager is unable to set OSPF Interface Network Type as P2MP.
553491 Enabling or disabling multiple interfaces should be allowed in Device Manager.
554154 FortiManager should be able to select multiple FortiExtender units for upgrade from the Extender tab.
555394 Policy route's columns for Source and Destination show port information instead of subnet addresses.
555635 Certificate is not visible on GUI after restoring the configuration, which was exported from FortiManager.
564182 FortiManager should always respond with invalid VDOM name when accessing FortiManager with incorrect hyperlinks.
564625 Re-importing a policy package may result in changing policy package status to modified.
568626 FortiManager can only modify the order of DNS forwarder only if the IP addresses are in quotes ("") and when the IP addresses are not separated by a comma.
569468 Firmware version value is incorrect in device list after upgrade.
569900 FortiManager may hang when adding devices from root ADOM within the unregistered device list.
570109 FortiManager cannot configure fail-detect-option in interface's advanced options.
571581 FortiManager may not show zone changes in policy package diff.
574988 CLI only object cannot create router BGP AS-path list and community list, and prompts the error "entry does not exist".
575823 FortiManager should not allow user to delete extra proposals when SUITE-BPRF is enabled.
576320 Policy status of all devices used in VPN Manager is changing to modified after deleting some unrelated devices.
576565 Creating VXLAN may gradually take more time.
577937 Editing Restrict Access in VLAN interface settings removes interface from zone.

579648

FortiManager fgfmsd crashes when a FortiGate with 6.2.1 firmware sends registration request to FMG

581812 Sorting Extenders by Device Name does not work.
583467 FortiManager cannot edit the MTU parameter on an interface in Device Manager.
586550 Device Manager does not detect newly joined Telemetry group on FortiGate.

FortiClient Manager

Bug ID

Description

548572 FortiManager shows unclear message in FortiClient Profile with Response with errors instead of Device groups cannot be empty.

FortiSwitch Manager

Bug ID

Description

586557 User group for FortiSwitch Security Policy should not be removed once Workflow session is created and submitted.

Global ADOM

Bug ID

Description

509665 Global v5.2 assigned to ADOM v5.4 and webfilterftgd-local-rating might set to wrong category.
551072 Assignment of object-tag from 5.6 Global ADOM to 6.0 ADOM should not fail.
580600 FortiManager may not respond when assigning Global Objects.
587511 gSSO_Guest_User should work the same as predefined SSO_Guest_User.

Others

Bug ID

Description

529770 Policy package integrity check provides no clarification on intended database changes.
538915 Firmware version is not displayed on NOC - SOC page.
540034 There may be repetitive fmgd crashes in FortiManager's crashlog.
541880 The dmserver daemon may crash when installing to multiple devices and CPU usage reaches 100%.
551937 FortiManager should only allow the browser to save and paste credentials at the logon prompt only.
552222 When running cdbcheckpolicy-packages, FortiManager prompts central fap object not found errors.
561008 Second IP in central management removed by master FortiManager on re-connection.
561279 The newcli process may crash when running the diagnose cdb upgrade check +all command.
561946 Upgrading FortiManager may fail due to incorrect limit for user adgrp.
574826 FortiManager port negotiation switches to 100 half-duplex mode after a reboot.
576558 Delete invalid orphan entries" errors found by diag cdb upgrade check +all are not fixed.
580832 FortiManager may show disk unused under LVM.
586241 When locking an ADOM and deleting it with workflow enabled, the workflow stays with status changes to (null).
586991 Logver field is missing when FortiAnalyzer is enabled, affecting report related features.

589805

Installing policy package via JSON API with missing interface in zone definition deletes zone and corresponding firewall policies on FortiGate.

Policy and Objects

Bug ID

Description

571235

Enabling policy hit count locks ADOM and provokes GUI slowness.

494367 Users cannot search address in policy where the address is a part of a nested group.
521904 Policy and Object's folders do not reflect policy package status.
528881 Users are not able to remove all FSSO objects from selected list that has a large number of entries.
530717 Under Policy & Objects > Policy Package > right click > add address in policy, the page is stuck on loading with Microsoft Edge.
531585 A proxy policy's source address field should display all address objects in the search list despite the interface binding defined for the addresses.
534220 Users cannot add entries for per-device mapping with existing VIP group when a VIP binds to a port that is part of SD-WAN.
540045 Search is not persistent after creating or cloning a new object.
544404 A remote user approves a session, session list shows zero session.
545484 ADOM unable to create per-device mappings for local certificate.
546334 Dynamic interface is not visible in policies until web page refreshes.
547052 FortiManager GUI should not allow creating security profiles without any SSL/SSH inspection profile defined.
547055 FortiManager GUI should prevent CA certificate to be changed on built-in SSL/SSH inspection profiles.
549504 Wildcard remote admin cannot run schedule install.
553704 FortiManager may be stuck at loading when using the Find Duplicate Objects function.
554092 FortiManager is unable to use interface member of a zone as Source Interface filter for VIP object.
554901 EU country ID is available in FortiManager, but the ID is not part of the latest geographical database.
558408 When user installs a policy package to more than 20 devices, some of the task for this installation may hang and dmserver crashes.
559009 FortiManager should allow users to select SD-WAN interface on IPv6 policy.
559104 Incorrect ADOM name may be displayed in Where Used.
559112 FortiManager may not be able to edit a proxy policy that was inserted above or below.
559751 Duplicated ##seq appears in policy packages, and they cannot be fixed with diagnose command.
560694 If hitcount is updated while ADOM is locked, policies matched by traffic are highlighted as modified.
562160 FortiManager should be able to create dynamic mapping for object-tagging category.
563169 When user changes webfilter settings, username in last modified column should always be updated.
563629 Clicking on "+" function should allow users to add Wildcard FQDN objects.
564203 Policy package cannot export to Microsoft Excel when policy is more than 20,000 policies.
564405 FortiManager may not be able to modify Tag-Format field under Anti-spam profile.
566599 IPS Rate Based Signatures may be applied in the wrong order.
567514 Multiple policies may be deleted by accident, if they are selected on the background from the previous filtered result.
569551 FortiManager should be able to save quotas within webfilter profile.
576267 SSL/SSH inspection profile change does not change all related policy package statuses to modified.
579844 When user logs in with remote Radius authentication with assigned VDOM and access profile, FortiManager may not show the installation target devices.
580676 FortiManager may not delete and change a policy, and it affects another policy packages.
581481 FortiManager should allow adding a custom Application Control signature with the same attack ID as an existing one.
582685 Web Filter Profiles with URL filter lists may take a long time to load.
588548 Under workspace, addresses may be removed from a firewall policy when merging duplicated addresses.
588869 Re-installing policy package on FortiGate with multiple VDOMs may wipe out configuration on a VDOM that belongs to a different policy package.
590179 Drop-down cannot populate OCI Certificate for OCI Fabric Connector.

581495

Interface Validation should prompt only once per unmapped interface.

Revision History

Bug ID

Description

524611 FortiManager tries to set profile-type group even if there is no profile-group specified causing installation to fail.
539994 Installing to FortiGate fails when wildcard-fqdn address is used in SSL profile.
548027 After FortiGate upgrades, verification may fail on set nat enabled if set central-nat enable is configured.
549001 Installation may fail after changed inspection mode from Proxy to Flow.
555796 Installing policy on 6K series FortiGate may remove the interface setting set forward-error-correction rs-fec.
556985 FortiManager prompts unclear message when device configuration file is not found.
560689 Auto-Update revision is missing set stp-bpdu-guard enabled.
565436 After FortiManager processed many auto-update requests, FortiManager may not be able to create a new revision.
565636 FortiManager may prompt verification error on Global ADOM's gall address.
565970 One specific unused adgrp is getting pushed to FortiGate that does not use by FSSO anywhere.
566138 FortiManager may not correctly install Application Control configurations.
566390 Policy installation may fail due to FortiGuard certifications.
567770 Install custom internet service to FortiGate fails when None is selected for Master Service ID.
577964 FortiManager should install imported CA certificates to managed FortiGate device.
586992 FortiManager does not install broadcast-forward enabled on Virtual Switch to managed FortiGate.
589858 The BGP scan-time value of 0 can be set on FortiGate, but FortiManager resets it to default by unset scan-time on the next policy push.

Script

Bug ID

Description

519495 Running a script always returns the error, the script is not eligible, even though the actual error may be different.
530838 When viewing script results, there are several new lines in unexpected places.
550502 Installing DDoS policies via a CLI script may fail.
555175 User may mistakenly configures FortiManager to run script against a group of targets when targeting a single device.
559844 FortiManager may not be able to set client-idle-timeout to 0 in device database.
564937 FortiManager allows users not to set device type when creating a user device resulting in install failure.
565053 FortiManager cannot unset Security Exempt List.
577463 Script scheduling should not be affected by the order of configuration.
586817 Script may not be getting applied completely on policy package.
587015 When user tries to set signature with non escaped quotes from script, the signature becomes separate strings, and the installed string may not be what it is expected.

Services

Bug ID

Description

539196 FortiManager should not show FortiGuard subscription status Expired, if a trial license is expired.
543404 FortiManager should display log on FortiGuard Distribution Server Download Log.
551096 FortiMeter Program License is expired and it is displayed as FREZ even though FortiGate Traffic is still passing.
557355 FortiManager may not connect to FortiGuard when fds-ssl-protocol is set to either tlsv1.1 or tlsv1.2.
562021 FortiManager should support HTTPS proxy.

System Settings

Bug ID

Description

498133 0150: Syslog is not sent using IPv6.
529051 Map to Policy Interface & Scan out going connection to Botnet Sites disappears in v6.0.3 when running FortiManager in workflow mode.
537312 Event logs should not have the user from field when an internal process riggers the log.
537338 FortiManager should not reset objects' Created Time and Last Modified timestamps after upgrading ADOMs.
539137 User may not be able to access to FortiManager using IPv6 address, even if user sets IPv6 allow access on HTTPS and HTTP.
548034 System Settings' LDAP may not work with nested directory groups.
562239 Dynamic mappings may be deleted after ADOM upgrade.
563918 FortiManager should prompt more clear error when ADOM upgrade fails.
564400 ADOM upgrade may show the error firewall ssl-ssh-profile ssl-exempt wildcard-fqdn. detail: table limit.
576098 Event log may not show the correct username when changing a non policy related object.
579075 LDAP admin user may not be able to access FortiManager when there are many LDAP groups.
580486 Adding ADOM fails with errorCode 102: 'Fail to lock adom Global workspace' when workspace-mode is set to normal.
584749 System Settings may not show the ADOM-VDOM association.
587242 [b349] HA Cluster fails after upgrading to 6.0.6 with peer IP using IPv6.
588884 Event log for merging duplicated objects is missing object name.

VPN Manager

Bug ID

Description

546790 Table row's height too short to display the monitors for multiple phase 2 entries.
553860 Hub-to-Hub IPsec Phase1 interface install uses remote-gw as interface IP even though public IP is defined under the Advance section.
554857 Policy package does not go out-of-sync after VPN Manager is enabled.
556340 VPN manager > create a new VPN communities displays IKE Version default value as 2 instead of 1.
563961 Selection menus for authusrgrp and ipv4-split-include are not working in the gateway configuration for Dial-Up.
571164 VPN Manager has problem adding secondary WAN interface from a hub in star community.
574727 VPN Manager may not display SSL-VPN settings for some devices.
576308 Policy package exported as CSV contains hit count data only for IPv4, but not for IPv6.
577939 VPN Manager may install different PSKs to gateways.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID

Description

542636 FortiManager is no longer vulnerable to the following CVE-Reference:
  • CVE-2019-6695
565905 FortiManager is no longer vulnerable to the following CVE Reference:
  • CVE-2019-1147
565947 FortiManager is no longer vulnerable to the following CVE Reference:
  • CVE-2019-11478
565967 FortiManager is no longer vulnerable to the following CVE Reference:
  • CVE-2019-11479