Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 6.2.2. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

412143 Renaming user in policy objects does not update SSLVPN portal mapped user.
494367 Users cannot search address in policy where the address is a part of a nested group.
500037 FortiToken provision may not work.
502967 FortiManager attempts to push the incorrect VWP name to certain VDOMs when a FortiGate has multiple VDOMs with VWPs configured and the VWP uses the same dynamic interface.
521904 Policy and Object’s folders do not reflect policy package status.
522284 Access Point templates still have 5GHz channels that are not valid.
529051 Map to Policy Interface & Scan outgoing connection to Botnet Sites disappears in v6.0.3 when running FortiManager in workflow mode.
529770 Policy package integrity check provides no clarification on intended database changes.
530717 Under Policy & Objects > Policy Package > right click > add address in policy, the page is stuck on loading with Microsoft Edge.
531585 A Proxy policy’s source address field should display all address objects in the search list despite the interface binding defined for the addresses.
536078 Device Manager’s System->Virtual Domain cannot display more than 50 VDOMs.
537312 Event logs should not have the userfrom field when an internal process triggers the log.
537338 Policy & Objects created time and last modified timestamp reset after ADOM upgrade.
539137 User may not be able to access to FortiManager using IPv6 address even if user sets IPv6 allow access on HTTPS and HTTP.
539196 FortiManager should not show FortiGuard subscription status Expired if a trial license is expired.
539928 Objects used in SD-WAN rules show as not in use in address list.
540034 There may be repetitive fmgd crashes in FortiManager crash log.

544012

Missing DHCP mode in per-device mapping for FortiSwitch VLAN interface.

544597 VLAN interface is not available for EMAC VLAN on Device Manager > System > Interfaces.
546334 Dynamic interface is not visible in policies until web page refreshes.
547007 FortiManager may incorrectly show that a script finishes running.
547052 FortiManager GUI should not allow creating Security Profiles without any SSL/SSH Inspection Profile defined.
548027 After FortiGate upgrades, verification may fail on “set nat enabled” if “set central-nat enable” is configured.
548034 System Settings’ LDAP may not work with nested directory groups.
549932 FortiManager cannot use FQDN as Proxy address.
551566 Device Detection and its related settings are not available in SSID Central Management.
552222 When running "cdb check policy-packages", FortiManager prompts central fap object not found errors.
552403 FortiManager does not reflect SD-WAN Template rule has negated source or destination.
553860 Hub-to-Hub IPsec Phase1 interface install use remote-gw as interface IP even though public IP is defined under the Advance section.
553912 FortiManager should hide the Quick Mode Selector setting if mode-cfg enabled.
554325 When creating an administrator with remote user group within Device Manager, it may prompt the error: “The remote-group "tacgroup" is not in admin user's vdom.”
554901 EU country ID is available in FortiManager but is not part of latest geographical database.
555175 User may mistakenly configures FortiManager to run script against a group of targets when targeting a single device.
556985 FortiManager prompts unclear message when device configuration file is no found.
557471 FortiManager should prompt the list of firmware images for FortiGate 6000 and 7000 series.
559009 FortiManager should allow users to select SD-WAN interface on IPv6 policy.
561008 Second IP in central management removed by master FortiManager on re-connection.
561946 Upgrading FortiManager may fail due to incorrect limit for user adgrp.
563918 FortiManager should prompt more clear error when ADOM upgrade fails.
564182 FortiManager should always responds with "invalid VDOM name" when accessing FortiManager with incorrect hyperlinks.
564202 Policy package cannot export to excel when there is more than 20,000 policies.
564625 Re-importing a policy package may result in changing policy package status to "modified".
564937 FortiManager allows users not to set device type when creating a user device resulting in install failure.
565636 FortiManager may prompt verification error on Global ADOM’s gall address.
565772 User may not be able to add a black hole route.
566138 FortiManager may not correctly install Application Control configurations.
566310 FortiManager is unable to push or change GeoIP override country code to FortiGate.
566390 Policy installation may fail due to FortiGuard certifications.
567514 Multiple policies may deleted by accident if they are selected on the background from the previous filtered result.
567770 Install custom internet service to FortiGate fails when None is selected for Master Service ID.
568626 FortiManager can only modify the order of DNS forwarder only if the IP addresses are in quotes ("") and when the IP addresses are not separated by comma.
568988 FortiManager is unable to create access list entries with IPv4 format based subnet mask or wild card entries.
569188 After upgrade, installation may fail on VPN configurations.
569468 Firmware version value may be incorrect in device list after upgrade.
569551 FortiManager should be able save quotas within web filter profile.
569945 When editing a policy, Select All objects may not work when there is no object selected on a field.
569952 FortiSwitch Templates are incorrectly set mac-addr values to all zeros for all interfaces.
570109 FortiManager cannot configure fail-detect-option in interface's advanced options.
570936 AP Manager is pushing incorrect syntax for FAPU24JEV wtp-profile causing installation failure.
571164 VPN Manager has problem adding secondary WAN interface from a hub in star community.
571203 Changing interface order in SD-WAN SLA rule does not result in configuration push.
571722 AP Manager should hide WIDE profiles if they cannot be used in certain modes.
572191 Users are unable to remove ADOM when ADOM is set as a FortiAnalyzer ADOM.
572284 Policy hit counts may always show zero for FortiGate 7000 series.
572544 When creating a Managed AP, FortiManager should properly save the “Name” and “AP Profile” fields, and it should not accept FAP’s serial number with lower cases.
572756 The upgrade schedule status should correctly display for all the selected devices.
573221 FortiManager should be able to use default Replacement Message Group in policy package.
573250 Find Duplicate Objects may show inaccurate results.
573710 FortiManager should not use unused user group after changed the portal type from "Authentication" to "Disclaimer Only".
574148 Upgrading ADOM from v6.0 to v6.2 may fail due to “replacement message-Web Proxy authorization fail”.
574548 Upgrading ADOM from v5.6 to v6.0 may fail due to VDOM conflict in wtp.
574826 FortiManager port negotiation switches to 100 half-duplex mode after a reboot.
574847 Global objects in local ADOM should not editable.
574988 CLI only Object cannot create router BGP AS-path list and community list, and prompt the error “entry does not exist”.
575343 Users are unable to disable the tunnel interface with IP 0.0.0.0 within Device Manager.
575349 ADOM address objects override Global objects with the same name if promoted as part of the Address Group.
575736 The dhcp-lease-time setting from AP Manager installs under “wireless-controller vap” instead of “system dhcp server”.
575823 FortiManager should not allow user to delete extra proposals when SUITE-B PRF is enabled.
576267 SSL/SSH inspection profile change does not change all related policy package status to modified.
576308 Policy package exported as CSV contains hit count data only for IPv4 but not for IPv6.
576320 Policy status of all devices used in VPN Manager is changing to 'modified' after deleted some unrelated devices.
576565 Creating VXLAN may gradually take more time.
576841 FortiSwitch VLAN template should support IPv6 and dynamic mapping of IPv6 address.
576867 FortiAnalyzer wipes out NTPv3 authentication related settings after reboot.
576999 FortiManager prompts “runtime error -999” when changing setting in IPS profile on Global ADOM.
577158 Installation may fail when SSID dynamic interface is renamed.
577183 Scripts should be able to modify fsp vlan.
577463 Script scheduling should not be affected by the order of configuration.
577939 VPN Manager may install different PSKs to gateways.
577964 FortiManager should install imported CA certificates to managed FortiGate device.
578045 FortiManager is unable to configure OSPF routes with md5 keys via CLI script.
578622 Installation may fail when creating FortiLink interface.
579075 LDAP admin user may not be able to access FortiManager when there are many LDAP groups.
579286 The default value for weight or volume-ratio should not be zero on interfaces.
579646 Global Header/Footer policy cannot use Threat Feeds.
579844 When user login with remote Radius authentication with assigned VDOM and access profile, FortiManager may not show the installation target devices.
580486 Adding ADOM fails with errorCode 102 : 'Fail to lock adom Global workspace' when workspace-mode is set to normal.
580676 FortiManager may not delete and change a policy and it affects another policy package.
580951 LDAP admin user with specific Policy Package Access set should correctly see policy package status and not "Never Installed".
582685 Web Filter Profiles with URL filter lists may take a long time to load.
583010 Policy Block Name sets as a pre-fix to the individual Policy name for multiple times.
583467 FortiManager cannot edit the MTU parameter on an interface in Device Manager.
583741 Temporary device revision files may not be deleted.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID Description
542636 FortiManager 6.2.2 is no longer vulnerable to the following CVE Reference:
  • CVE-2019-6695

569307

FortiManager 6.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2019-17654

Resolved Issues

The following issues have been fixed in 6.2.2. For inquires about a particular bug, please contact Customer Service & Support.

Bug ID

Description

412143 Renaming user in policy objects does not update SSLVPN portal mapped user.
494367 Users cannot search address in policy where the address is a part of a nested group.
500037 FortiToken provision may not work.
502967 FortiManager attempts to push the incorrect VWP name to certain VDOMs when a FortiGate has multiple VDOMs with VWPs configured and the VWP uses the same dynamic interface.
521904 Policy and Object’s folders do not reflect policy package status.
522284 Access Point templates still have 5GHz channels that are not valid.
529051 Map to Policy Interface & Scan outgoing connection to Botnet Sites disappears in v6.0.3 when running FortiManager in workflow mode.
529770 Policy package integrity check provides no clarification on intended database changes.
530717 Under Policy & Objects > Policy Package > right click > add address in policy, the page is stuck on loading with Microsoft Edge.
531585 A Proxy policy’s source address field should display all address objects in the search list despite the interface binding defined for the addresses.
536078 Device Manager’s System->Virtual Domain cannot display more than 50 VDOMs.
537312 Event logs should not have the userfrom field when an internal process triggers the log.
537338 Policy & Objects created time and last modified timestamp reset after ADOM upgrade.
539137 User may not be able to access to FortiManager using IPv6 address even if user sets IPv6 allow access on HTTPS and HTTP.
539196 FortiManager should not show FortiGuard subscription status Expired if a trial license is expired.
539928 Objects used in SD-WAN rules show as not in use in address list.
540034 There may be repetitive fmgd crashes in FortiManager crash log.

544012

Missing DHCP mode in per-device mapping for FortiSwitch VLAN interface.

544597 VLAN interface is not available for EMAC VLAN on Device Manager > System > Interfaces.
546334 Dynamic interface is not visible in policies until web page refreshes.
547007 FortiManager may incorrectly show that a script finishes running.
547052 FortiManager GUI should not allow creating Security Profiles without any SSL/SSH Inspection Profile defined.
548027 After FortiGate upgrades, verification may fail on “set nat enabled” if “set central-nat enable” is configured.
548034 System Settings’ LDAP may not work with nested directory groups.
549932 FortiManager cannot use FQDN as Proxy address.
551566 Device Detection and its related settings are not available in SSID Central Management.
552222 When running "cdb check policy-packages", FortiManager prompts central fap object not found errors.
552403 FortiManager does not reflect SD-WAN Template rule has negated source or destination.
553860 Hub-to-Hub IPsec Phase1 interface install use remote-gw as interface IP even though public IP is defined under the Advance section.
553912 FortiManager should hide the Quick Mode Selector setting if mode-cfg enabled.
554325 When creating an administrator with remote user group within Device Manager, it may prompt the error: “The remote-group "tacgroup" is not in admin user's vdom.”
554901 EU country ID is available in FortiManager but is not part of latest geographical database.
555175 User may mistakenly configures FortiManager to run script against a group of targets when targeting a single device.
556985 FortiManager prompts unclear message when device configuration file is no found.
557471 FortiManager should prompt the list of firmware images for FortiGate 6000 and 7000 series.
559009 FortiManager should allow users to select SD-WAN interface on IPv6 policy.
561008 Second IP in central management removed by master FortiManager on re-connection.
561946 Upgrading FortiManager may fail due to incorrect limit for user adgrp.
563918 FortiManager should prompt more clear error when ADOM upgrade fails.
564182 FortiManager should always responds with "invalid VDOM name" when accessing FortiManager with incorrect hyperlinks.
564202 Policy package cannot export to excel when there is more than 20,000 policies.
564625 Re-importing a policy package may result in changing policy package status to "modified".
564937 FortiManager allows users not to set device type when creating a user device resulting in install failure.
565636 FortiManager may prompt verification error on Global ADOM’s gall address.
565772 User may not be able to add a black hole route.
566138 FortiManager may not correctly install Application Control configurations.
566310 FortiManager is unable to push or change GeoIP override country code to FortiGate.
566390 Policy installation may fail due to FortiGuard certifications.
567514 Multiple policies may deleted by accident if they are selected on the background from the previous filtered result.
567770 Install custom internet service to FortiGate fails when None is selected for Master Service ID.
568626 FortiManager can only modify the order of DNS forwarder only if the IP addresses are in quotes ("") and when the IP addresses are not separated by comma.
568988 FortiManager is unable to create access list entries with IPv4 format based subnet mask or wild card entries.
569188 After upgrade, installation may fail on VPN configurations.
569468 Firmware version value may be incorrect in device list after upgrade.
569551 FortiManager should be able save quotas within web filter profile.
569945 When editing a policy, Select All objects may not work when there is no object selected on a field.
569952 FortiSwitch Templates are incorrectly set mac-addr values to all zeros for all interfaces.
570109 FortiManager cannot configure fail-detect-option in interface's advanced options.
570936 AP Manager is pushing incorrect syntax for FAPU24JEV wtp-profile causing installation failure.
571164 VPN Manager has problem adding secondary WAN interface from a hub in star community.
571203 Changing interface order in SD-WAN SLA rule does not result in configuration push.
571722 AP Manager should hide WIDE profiles if they cannot be used in certain modes.
572191 Users are unable to remove ADOM when ADOM is set as a FortiAnalyzer ADOM.
572284 Policy hit counts may always show zero for FortiGate 7000 series.
572544 When creating a Managed AP, FortiManager should properly save the “Name” and “AP Profile” fields, and it should not accept FAP’s serial number with lower cases.
572756 The upgrade schedule status should correctly display for all the selected devices.
573221 FortiManager should be able to use default Replacement Message Group in policy package.
573250 Find Duplicate Objects may show inaccurate results.
573710 FortiManager should not use unused user group after changed the portal type from "Authentication" to "Disclaimer Only".
574148 Upgrading ADOM from v6.0 to v6.2 may fail due to “replacement message-Web Proxy authorization fail”.
574548 Upgrading ADOM from v5.6 to v6.0 may fail due to VDOM conflict in wtp.
574826 FortiManager port negotiation switches to 100 half-duplex mode after a reboot.
574847 Global objects in local ADOM should not editable.
574988 CLI only Object cannot create router BGP AS-path list and community list, and prompt the error “entry does not exist”.
575343 Users are unable to disable the tunnel interface with IP 0.0.0.0 within Device Manager.
575349 ADOM address objects override Global objects with the same name if promoted as part of the Address Group.
575736 The dhcp-lease-time setting from AP Manager installs under “wireless-controller vap” instead of “system dhcp server”.
575823 FortiManager should not allow user to delete extra proposals when SUITE-B PRF is enabled.
576267 SSL/SSH inspection profile change does not change all related policy package status to modified.
576308 Policy package exported as CSV contains hit count data only for IPv4 but not for IPv6.
576320 Policy status of all devices used in VPN Manager is changing to 'modified' after deleted some unrelated devices.
576565 Creating VXLAN may gradually take more time.
576841 FortiSwitch VLAN template should support IPv6 and dynamic mapping of IPv6 address.
576867 FortiAnalyzer wipes out NTPv3 authentication related settings after reboot.
576999 FortiManager prompts “runtime error -999” when changing setting in IPS profile on Global ADOM.
577158 Installation may fail when SSID dynamic interface is renamed.
577183 Scripts should be able to modify fsp vlan.
577463 Script scheduling should not be affected by the order of configuration.
577939 VPN Manager may install different PSKs to gateways.
577964 FortiManager should install imported CA certificates to managed FortiGate device.
578045 FortiManager is unable to configure OSPF routes with md5 keys via CLI script.
578622 Installation may fail when creating FortiLink interface.
579075 LDAP admin user may not be able to access FortiManager when there are many LDAP groups.
579286 The default value for weight or volume-ratio should not be zero on interfaces.
579646 Global Header/Footer policy cannot use Threat Feeds.
579844 When user login with remote Radius authentication with assigned VDOM and access profile, FortiManager may not show the installation target devices.
580486 Adding ADOM fails with errorCode 102 : 'Fail to lock adom Global workspace' when workspace-mode is set to normal.
580676 FortiManager may not delete and change a policy and it affects another policy package.
580951 LDAP admin user with specific Policy Package Access set should correctly see policy package status and not "Never Installed".
582685 Web Filter Profiles with URL filter lists may take a long time to load.
583010 Policy Block Name sets as a pre-fix to the individual Policy name for multiple times.
583467 FortiManager cannot edit the MTU parameter on an interface in Device Manager.
583741 Temporary device revision files may not be deleted.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID Description
542636 FortiManager 6.2.2 is no longer vulnerable to the following CVE Reference:
  • CVE-2019-6695

569307

FortiManager 6.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2019-17654