The following issues have been fixed in 6.2.1. For inquires about a particular bug, please contact Customer Service & Support.
|FortiManager should adjust Radius configuration on SSID when renaming a Radius server.
|VPN Phase 2 Address Selector is not updated when Named Address is updated in Policy and Objects.
|FortiToken provision does not work.
|When renaming a local certificate in Device Manager, the related dynamic mapping is not updated.
|Web & IPS conflict information is not visible while importing Policy Package.
|FortiManager may fail to install policy after FortiGate failover on Azure.
|FortiManager may try to unset category for user device when installing policy package.
|Search in zone does not work after upgrade.
|API request returns all the devices even when the user does not have access to other ADOMs.
|Upgrading ADOM may be very timing consuming.
|FortiManager may try to push unexpected changes after ADOM upgrade.
|Policy hit count needs to support proxy policy.
|After upgrade, the URL, pm/pkg/adom/<adom_name>/<name>/scope member, returns the error: The data is invalid for selected url.
|Users cannot add entries for per device mapping with existing VIP group when a VIP binds to a port that is part of SD-WAN.
|Vulnerability scan should not disrupt HA or trigger re-synchronization.
|CLI Script fails to change config system auto-update schedule settings with invalid value error.
|Encrypt Log Transmission for FortiAnalyzer is not properly configured within Device Manager.
|AP Manager is still trying to 'unset wtp-mode remote' when the option is configured on FortiGate.
|Firmware version is not displayed on NOC - SOC page.
|When configuration file is large, installing to device may delete configuration on FortiGate.
|There is an ordering issue on admin users where multiple wildcard users are configured on the same server.
|Verification fails after moving VDOM across vclusters from FortiGate GUI followed by an auto-update.
|GUI should support proxy address.
|The dmserver daemon may crash when installing to multiple devices and CPU usage reaches 100%.
|'Where Used' may not point to the entity using the object.
|Global user groups are not listed when creating an SSID in Per-Device AP management mode.
|Key Type specified as elliptic curve is not functional when generating a CSR.
|Installation log is missing due to dpm-logsize limited to 10 MB.
|Installation fails due to DNS server "SameasInterfaceIP" option inside device interface configuration.
|Two SSL-SSH profiles added by FortiManager may cause installation issues.
|FortiManager should not allow adding loopback interface to a zone.
|When importing device list of multiple model devices with PSKs, FortiManager prompts the error,"Serial number already in use".
|Adding wildcard FQDN for SSL inspection exemption list from FortiManager fails.
|If a script is used to update SNMP passwords with "?" character, the installation fails during validation.
|AP Profile in AP Manager offers redundant options for specific AP models which can lead to failed installation.
|User should be able to create a FortiGate admin account with Restricted Administrator to Guest Account Provisioning Only option selected with VDOM(s) guest group(s).
|Changes on Existing Static Route is not displayed on Installation Preview.
|FortiManager may have a memory leak when running copy & install with a sub-admin.
|MAC address Access Control List entries under DHCP server get duplicated when editing an entry.
|It is possible to cause a DoS for remote user authentication by trying to login with a password of specific length.
|Read-only admin should not be allowed to add detected devices.
|System SNMP user is missing the value 'aes256cisco' for the field 'priv-proto'.
|FortiGuard service event logs should always be generated with an internal FortiManager user.
|Installing DDoS policies via a CLI script may fail.
|FortiManager does not give an option to choose RSA4096 and Elliptic Curve algorithms in certificates.
|Assignment of 'object-tag' from 5.6 Global ADOM to 6.0 ADOM should not fail.
|FortiManager may not be able to import policies from FortiGate SLBC.
|FortiMeter Program License is expired and it is displayed as FREZ even though FortiGate Traffic is still passing.
|A failed retrieve operation may result in empty device configuration.
|FortiManager is unable to set OSPF Interface Network Type as P2MP.
|FortiManager may fail to install local certificate on FortiGate and private key is missing after saving the configuration.
|The fmgd daemon may crash after upgrading FortiManager.
|FortiManager prompts Runtime Error when trying to import an AP profile that has a SSID with space character.
|Enabling or disabling multiple interfaces should be allowed in Device Manager.
|FortiManager may be stuck at loading when using the "Find Duplicate Objects" function.
|FortiManager is unable to use interface member of a zone as Source Interface filter for VIP object.
|FortiManager may not be able to upgrade ADOM from 5.4 to 5.6 with the error, "Fail(errno=0):invalid value".
|FortiManager should be able to select multiple FortiExtenders for upgrade from the Extender Tab.
|FortiManager should be able to save longer description for SD-WAN template.
|Policy package does not go out-of-sync after VPN manager is enabled.
|Certificate is not visible on GUI after restoring the configuration which was exported from FortiManager.
|Installing policy on 6K series FortiGate may remove the interface setting "set forward-error-correction rs-fec".
|When user wants to move a policy package to a different folder, the pop-up window does not list folders in alphabetical order.
|FortiManager may not connect to Fortiguard when fds-ssl-protocol is set to either tlsv1.1 or tlsv1.2.
|GUI response is slow with a large numbers of address objects.
|Incorrect ADOM name may be displayed in where Used.
|FortiManager may not be able to edit a proxy policy that was inserted above or below.
|Duplicated ##seq appears in policy packages and they cannot be fixed with diagnose command.
|FortiManager may not be able to set client-idle-timeout to 0 in device database.
|FortiManager may not accept the Log FortiAnalyzer setting without FortiAnalyzer serial number.
|If hitcount is updated while ADOM is locked, policies matched by traffic are highlighted as modified.
|SD-WAN Bandwidth Overview widget may not display the correct data.
|The newcli process may crash when running the "diagnose cdb upgrade check +all" command.
|FortiManager should be able to create dynamic mapping for object-tagging category.
|When user changes webfilter settings, username in last modified column should always be updated.
|The exchange-interface-ip should be available in VPN Manager.
|After FortiManager processed many auto-update requests, FortiManager may not be able to create a new revision.
|One specific unused adgrp is getting pushed to FortiGate that does not use FSSO anywhere.
|FortiManager should support firmware upgrade for FortiExtender 200 series.
Visit https://fortiguard.com/psirt for more information.
FortiManager 6.2.1 is no longer vulnerable to the issue described in the following link - https://fortiguard.com/psirt/FG-IR-19-144.
FortiManager 6.2.1 is no longer vulnerable to the following CVE Reference: