Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Release Notes

Known Issues

The following issues have been identified in 6.2.6. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

599189 FortiManager should be able to handle upgrading more than 10 APs at once.
633171 There may be DFS Channel mismatch between FortiManager and FortiGate for FAP-223E.

Device Manager

Bug ID

Description

547768 FortiManager should allow easier management of the compliance exempt lists.
598424 Interface cannot create more than 48 IP-MAC bindings in DHCP reservation from the GUI.
598916 When creating user groups via CLI Only Objects, comma separated values are treated as a string instead of a list.
601692 FortiManager is unable to overwrite IPv6 default route.
604125 FortiManager may not be able to edit the VDOM link interface from VDOM level.
607923 Security Fabric Connection option is removed from VLAN interface.
610568 FortiManager may not follow the order in CLI Script template.
613029 SD-WAN Monitor is showing effect of exceeded SLA even when it is disabled.
616537 FortiGate and FortiManager GUI should use similar terminology for configuring weight and volume-ratio in SD-WAN.
627664 FortiManager cannot understand socket-size 0 and changes it to 1 automatically.
627749 Admin user with device-config set as read in admin profile cannot download configuration revision.
635316 Return button is not working when viewing HA mode.
636012 Importing a policy may report conflict for the default SSH CA certificates.
636357 Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error.
636638 Fabric View keeps loading indefinitely.
638061 FortiGate 7000 may not be added and fails to update device information.
645086 Policy Lookup shows an error even though the device is in sync.
649769 FortiManager cannot view full list of Extenders.
649785 SD-WAN > Monitor may hang for an ADOM with 1500 devices.
652427 FortiManager may not be able to configure the any value on the access list prefix.
652481 Allow access is missing under interface on AWS FortiGate and may cause the installation to fail.
575215 When creating an new interface for a VDOM, FortiManager may list interfaces that may belong to another AODM.
598431 Install wizard may show a blank area when scrolling down the wizard to select device(s).
618354 Importing a policy with a profile group will display ssl-ssh profile and proxy options in the GUI.
646421 FortiManager may not be able to configure the VDOM property resources setting.
649821 Installation may fail for FortiGate-600D.

657933

Importing policy should be successful even with the zone name contains the / character.

468776

FortiManager fails to retrieve device configuration and displays data not exist error (g-xxxx firewall object).

FortiSwitch Manager

Bug ID

Description
650453 FortiSwitch template and VLAN is missing when creating a new firewall policy.
637220 FortiManager may not able to upgrade FortiSwitch firmware.

Global ADOM

Bug ID

Description

632400 When installing global policy, FortiManager may delete policy routes and settings on an ADOM.

Others

Bug ID Description
662438 FortiManager tries to purge all web rating override entries.

Policy & Objects

Bug ID

Description

531112 Consolidated policy is missing implicit deny policy.
580880 FortiManager is unable to see dynamic mapping for Local Certificate when workflow session is created.
585177 FortiManager is unable to create VIPv6 virtual server objects.
586026 FortiManager should display Zone icon based on existing and non existing dynamic mappings.
597011 Importing groups from Aruba ClearPass may fail.
598938 FortiManager should allow setting wildcard-fqdn type firewall address as a destination on proxy policy.
601385 A Restricted mode admin cannot install Web Rating Overrides changes.
602176 Creating a proxy policy with a profile group adds additional security profile.
612317 FortiManager shows the wrong country code for Cyprus under User definition.
615624 Firewall policy and proxy policy cannot select IP type external resource as address.
617031 Right-clicking on IPv4/Proxy Policy or Installation Targets should not reload the page if the related information is already displayed.
617894 FortiManager is missing IPV6 none values after modifying a policy.
618499 Right-clicking to edit zone incorrectly prompts dynamic interface window.
622040 Security Policy is missing Implicit Deny policy.
630431 Some application and filter overrides are not displayed on the GUI.
631158 FortiManager is unable to import firewall objects of fsso fortiems-cloud user because Server cannot be empty.
635966 Azure SDN connector only fetches the first page of results.
647189 FortiManager dynamic object filter generator is adding an "s" at the end of tag resulting in non working object.
648767 No connection request is sent out for ClearPass connector in an ADOM.
652753 When an obsolete internet service is selected, FortiManager may show entry IDs instead of names.
654562 FortiManager may fail to install a profile-group and apply it on a policy.
608535 NAT option is missing from Central NAT policy package.
651785 Address section under Policy & Objects > Security Profiles > SSL/SSH Inspection may load indefinitely.

658528

The URL remote category, FortiGuard Threat Feed, is not available in the dro down menu for Proxy Address.

Revision History

Bug ID

Description

597650 FortiManager cannot install allowed DNS and URL threat feed configuration.
606737 User may not be able to install a policy package due to a change with external interface with VIP settings.
611169 Install may fail with error Associated Interface conflict detected!
612263 FortiManager may not install ADSL vci and VPI to FWF-60E-DSL.
618305 FortiManager changes configuration system csf settings.
623159 When re-installing a policy, Zone validation is not saving the user choice and deleting all related policies.
635786 Default hbdev values may change after upgrade.
635957 Install fails for subnet overlap IP between two interfaces.
637103 Scrolling in Install Preview is not smooth and may get stuck.
654496 Installing configuration to device after Auto link, FortiManager may send incorrect system ntp commands causing the install to fail.
655246 The adom-rev-auto-delete option may not work to automatically delete revisions.

Script

Bug ID

Description

613575 After a script is run directly on the CLI, FortiManager may fail to reload the configuration.
630016 FortiGate user can see scripts from all ADOMs.
632014 When editing a CLI script group, the user cannot see the full CLI script name.

Services

Bug ID Description
541192 FortiManager should keep firmware image files when the files are for different FortiExtender devices.
567664 HA secondary device does not update the FortiMeter license.
587730 FortiGate-VM64-AZURE may not be listed in firmware image page.
654129 FortiManager may not have the correct upgrade path for FortiGate KVM.
592089 Firmware upgrade of FortiGate devices via Firmware Manager may be slow if there are offline devices.

System Settings

Bug ID

Description

611215 SNMP Hosts in SNMP Community are not displayed in the GUI if ADOM is unlocked.
625683 Changes made by ADOM upgrade may not update Last Modified date/time and user admin.
631733 Changing the trusted IP cannot be saved and installed.
639099 There are many cdb event log for object changed in event logs after upgrade.
654637 Changing a non-Super_User password may not take effect after upgrade.
619750 When upgrading an ADOM from 5.4 to 5.6, FortiManager does not add tcp-session-without-syn in all firewall policies.

VPN Manager

Bug ID

Description

596953 The Monitor page displays a white screen inVPN manager > Monitor, and the user selects a specific community from the tree menu to show only that community's tunnels.
608221 There is no XAUTH USER column in VPN Manager Monitor.
620801 SSLVPN > Edit SSLVPN Settings > IP Range, only shows configuration from ADOM database objects.
645093 VPN Manager error Peer Type cannot be peer when authentication method is a pre-share key.

658221

The dns-suffix on SSL VPN portal is not installed if web-mode is disabled.

Known Issues

The following issues have been identified in 6.2.6. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

599189 FortiManager should be able to handle upgrading more than 10 APs at once.
633171 There may be DFS Channel mismatch between FortiManager and FortiGate for FAP-223E.

Device Manager

Bug ID

Description

547768 FortiManager should allow easier management of the compliance exempt lists.
598424 Interface cannot create more than 48 IP-MAC bindings in DHCP reservation from the GUI.
598916 When creating user groups via CLI Only Objects, comma separated values are treated as a string instead of a list.
601692 FortiManager is unable to overwrite IPv6 default route.
604125 FortiManager may not be able to edit the VDOM link interface from VDOM level.
607923 Security Fabric Connection option is removed from VLAN interface.
610568 FortiManager may not follow the order in CLI Script template.
613029 SD-WAN Monitor is showing effect of exceeded SLA even when it is disabled.
616537 FortiGate and FortiManager GUI should use similar terminology for configuring weight and volume-ratio in SD-WAN.
627664 FortiManager cannot understand socket-size 0 and changes it to 1 automatically.
627749 Admin user with device-config set as read in admin profile cannot download configuration revision.
635316 Return button is not working when viewing HA mode.
636012 Importing a policy may report conflict for the default SSH CA certificates.
636357 Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error.
636638 Fabric View keeps loading indefinitely.
638061 FortiGate 7000 may not be added and fails to update device information.
645086 Policy Lookup shows an error even though the device is in sync.
649769 FortiManager cannot view full list of Extenders.
649785 SD-WAN > Monitor may hang for an ADOM with 1500 devices.
652427 FortiManager may not be able to configure the any value on the access list prefix.
652481 Allow access is missing under interface on AWS FortiGate and may cause the installation to fail.
575215 When creating an new interface for a VDOM, FortiManager may list interfaces that may belong to another AODM.
598431 Install wizard may show a blank area when scrolling down the wizard to select device(s).
618354 Importing a policy with a profile group will display ssl-ssh profile and proxy options in the GUI.
646421 FortiManager may not be able to configure the VDOM property resources setting.
649821 Installation may fail for FortiGate-600D.

657933

Importing policy should be successful even with the zone name contains the / character.

468776

FortiManager fails to retrieve device configuration and displays data not exist error (g-xxxx firewall object).

FortiSwitch Manager

Bug ID

Description
650453 FortiSwitch template and VLAN is missing when creating a new firewall policy.
637220 FortiManager may not able to upgrade FortiSwitch firmware.

Global ADOM

Bug ID

Description

632400 When installing global policy, FortiManager may delete policy routes and settings on an ADOM.

Others

Bug ID Description
662438 FortiManager tries to purge all web rating override entries.

Policy & Objects

Bug ID

Description

531112 Consolidated policy is missing implicit deny policy.
580880 FortiManager is unable to see dynamic mapping for Local Certificate when workflow session is created.
585177 FortiManager is unable to create VIPv6 virtual server objects.
586026 FortiManager should display Zone icon based on existing and non existing dynamic mappings.
597011 Importing groups from Aruba ClearPass may fail.
598938 FortiManager should allow setting wildcard-fqdn type firewall address as a destination on proxy policy.
601385 A Restricted mode admin cannot install Web Rating Overrides changes.
602176 Creating a proxy policy with a profile group adds additional security profile.
612317 FortiManager shows the wrong country code for Cyprus under User definition.
615624 Firewall policy and proxy policy cannot select IP type external resource as address.
617031 Right-clicking on IPv4/Proxy Policy or Installation Targets should not reload the page if the related information is already displayed.
617894 FortiManager is missing IPV6 none values after modifying a policy.
618499 Right-clicking to edit zone incorrectly prompts dynamic interface window.
622040 Security Policy is missing Implicit Deny policy.
630431 Some application and filter overrides are not displayed on the GUI.
631158 FortiManager is unable to import firewall objects of fsso fortiems-cloud user because Server cannot be empty.
635966 Azure SDN connector only fetches the first page of results.
647189 FortiManager dynamic object filter generator is adding an "s" at the end of tag resulting in non working object.
648767 No connection request is sent out for ClearPass connector in an ADOM.
652753 When an obsolete internet service is selected, FortiManager may show entry IDs instead of names.
654562 FortiManager may fail to install a profile-group and apply it on a policy.
608535 NAT option is missing from Central NAT policy package.
651785 Address section under Policy & Objects > Security Profiles > SSL/SSH Inspection may load indefinitely.

658528

The URL remote category, FortiGuard Threat Feed, is not available in the dro down menu for Proxy Address.

Revision History

Bug ID

Description

597650 FortiManager cannot install allowed DNS and URL threat feed configuration.
606737 User may not be able to install a policy package due to a change with external interface with VIP settings.
611169 Install may fail with error Associated Interface conflict detected!
612263 FortiManager may not install ADSL vci and VPI to FWF-60E-DSL.
618305 FortiManager changes configuration system csf settings.
623159 When re-installing a policy, Zone validation is not saving the user choice and deleting all related policies.
635786 Default hbdev values may change after upgrade.
635957 Install fails for subnet overlap IP between two interfaces.
637103 Scrolling in Install Preview is not smooth and may get stuck.
654496 Installing configuration to device after Auto link, FortiManager may send incorrect system ntp commands causing the install to fail.
655246 The adom-rev-auto-delete option may not work to automatically delete revisions.

Script

Bug ID

Description

613575 After a script is run directly on the CLI, FortiManager may fail to reload the configuration.
630016 FortiGate user can see scripts from all ADOMs.
632014 When editing a CLI script group, the user cannot see the full CLI script name.

Services

Bug ID Description
541192 FortiManager should keep firmware image files when the files are for different FortiExtender devices.
567664 HA secondary device does not update the FortiMeter license.
587730 FortiGate-VM64-AZURE may not be listed in firmware image page.
654129 FortiManager may not have the correct upgrade path for FortiGate KVM.
592089 Firmware upgrade of FortiGate devices via Firmware Manager may be slow if there are offline devices.

System Settings

Bug ID

Description

611215 SNMP Hosts in SNMP Community are not displayed in the GUI if ADOM is unlocked.
625683 Changes made by ADOM upgrade may not update Last Modified date/time and user admin.
631733 Changing the trusted IP cannot be saved and installed.
639099 There are many cdb event log for object changed in event logs after upgrade.
654637 Changing a non-Super_User password may not take effect after upgrade.
619750 When upgrading an ADOM from 5.4 to 5.6, FortiManager does not add tcp-session-without-syn in all firewall policies.

VPN Manager

Bug ID

Description

596953 The Monitor page displays a white screen inVPN manager > Monitor, and the user selects a specific community from the tree menu to show only that community's tunnels.
608221 There is no XAUTH USER column in VPN Manager Monitor.
620801 SSLVPN > Edit SSLVPN Settings > IP Range, only shows configuration from ADOM database objects.
645093 VPN Manager error Peer Type cannot be peer when authentication method is a pre-share key.

658221

The dns-suffix on SSL VPN portal is not installed if web-mode is disabled.