Resolved Issues
The following issues have been fixed in 6.2.6. For inquires about a particular bug, please contact Customer Service & Support.
AP Manager
Bug ID | Description |
---|---|
556036 | FortiManager cannot configure AP profile short-guard-interval. |
599666 | Empty LLDP status information is shown under AP Manager. |
610724 | Unauthorized APs should be displayed so that users can authorize the APs. |
644584 | Upgrading an AP may get stuck at 5 % and no task is created for it. |
645030 | Adding FortiGate using custom admin profile may fail to list FAP in AP Manager. |
645713 | FortiManager allows the user to create SSID which cannot be deleted later. |
653329 | FortiManager is sending the wrong device setting after changing the FAP name. |
587879 |
AP Manager central mode is missing AP group with VLAN ID. |
607170 | Dynamic VLAN option is not saved in SSID in AP Manager. |
654171 | There may be duplicate entries in objcfg_wireless_controller_wtp preventing the user to delete some custom WTP profiles. |
Device Manager
Bug ID |
Description |
---|---|
581940 | SD-WAN Monitor may show gaps on the SD-WAN monitoring graph. |
593364 | FortiManager does not install md5 key for OSPF interface configured from Device Manager. |
598794 | IPSec Phase 1 setting shows inconsistencies between Lock and Unlock. |
599852 | When password policy is set as enforced, FortiManager should not accept the password if it does not meet the policy. |
603291 | Group membership may be incorrect after adding a VDOM. |
603820 | FortiManager fails to import policy when reputation-minimum and reputation-direction are set. |
605688 |
Pac-file-data is limited to 4000
characters under CLI Configuration. |
610071 | FortiManager should not allow duplicated names when creating a new interface based VPN phase1. |
611315 | SD-WAN should be allowed to configure port for HTTP health-check server. |
612355 | Policy Package status remains in modified status after using Push to device on an updated object. |
616271 |
FortiManager prompts a, response format error, when adding per-device mapping to a new interface in a new workflow session |
619106 | When importing a policy, the conflict page may truncate outputs. |
624596 | Device Manager's Connect to CLI function with SSH may prompt an error message. |
625831 | Deleting a device from Device Manager may take a long time and FortiManager becomes very slow. |
626598 | Custom Device Meta fields cannot be modified. |
631576 | Device list may be empty under device group when trying to edit it. |
637630 | FortiManager is not showing interface status in Device Manager interface page. |
637672 | Importing AP Profile in AP Manager may cause Config Status changes to Modified. |
637794 | FortiManager is unable to
import firewall policy if the SD-WAN member interface referenced is dstaddr . |
638351 | FortiManager is unable to set FAZ IP override setting as global setting. |
643172 | FortiManager does not support dnsproxy-worker-count higher than two. |
644223 | FortiManager is unable to add FortiAnalyzer and triggers an error: Object does not exist. |
649195 | Editing an address group does not trigger any configuration change when the installation target is set to specific device(s). |
649711 | FortiManager is unable to add FortiAnalyzer and fails to synchronize FortiAnalyzer with current ADOM data with error: Fail(errno=-3):Object does not exist. |
650545 | Import may get stuck in an infinite loop when there is a recursive reference. |
558176 | Interface-subnet type addresses' interface are re-set to zone after import, causing the copy to fail during install. |
649566 | CLI Template is not able to install an interface with the same name using vpn ipsec phase1-interface and config system ipsec-aggregate. |
653388 | IPsec VPN Phase-1 tunnel interface is not added to the VDOM interface list in a VDOM that has a long name. |
653465 | FortiManager may not be able to edit DHCP options function on the GUI. |
656984 | Importing system template CLI may fail. |
552492 | VAP is always loading under CLI configuration. |
633767 | There is a typo in Japanese in NTP Service of DHCP Server setting. |
651712 | SD-WAN monitor keeps loading and not displaying anything in backup mode ADOM. |
FortiSwitch Manager
Bug ID |
Description |
---|---|
642959 | When re-installing or installing any policy package, FortiManager tries to install security-8021x-dynamic-vlan-id even if there is no 8021x authenticationn configured on FortiManager. |
651788 | FortiSwitch Manager is not showing the correct online or offline status. |
Global ADOM
Bug ID | Description |
---|---|
645702 | Global policy install should not show warnings when a policy package has no installation target. |
647736 | Global ADOM policy package assignment may fail. |
Others
Bug ID | Description |
---|---|
551710 | /bin/ha may have high memory usage. |
623147 | FortiManager may never form a HA due to variance in certificates. |
626338 | The exec fmpolicy CLI command
may not print out a policy package correctly. |
635616 | The ADOM integrity check may fail with SD-WAN dynamic interface members. |
643784 | FortiManager is crashing on security console and wizard is stopped at 50% of deployment. |
647791 | Cloning VDOM object may fail via the CLI. |
647156 | FortiManager cannot clone any of the deep-inspection ssl-ssh-profiles using JSON API. |
657566 | After upgrade, copy may fail for central SD-WAN with configuration error error service - 2 :-2 - Please assign a member. |
Policy and Objects
Bug ID | Description |
---|---|
525625 | When configuring web filter rating override, the configuration is pushed to all the VDOMs even a web filter is not used. |
540716 | Under Policy,there is no Session Count, Session First Used, Session Last Used options in the Column Settings drop-down list. |
553462 | FortiManager may prompt the error, Zone member VLAN is used by another zone, when installing policy package. |
569226 | The section title should always be displayed for filtered policy and the section title should not be deleted after policy was deleted. |
578501 | FortiManager should show global icon for global objects assigned to ADOMs. |
581588 | Central SNAT policy does not support showing IPv6 address in the table. |
593417 | FortiManager shows incorrect action for allowing invalid SSL certificates. |
596533 | Renaming policy package changes the implicit policy's Log Violation Traffic setting to No Log. |
609300 | FortiManager may not be able to import all Cisco ACI Fabric Connector address. |
612445 | Policy package for v5.6 cannot be installed on v6.0 devices if default deep SSL inspection is used. |
613840 | Process bar does not show correct status when some addresses fail to import for fabric connector. |
614710 | Search result in device interface should display the zone that the interface is a member of. |
615117 | Policy Package section is not sent over to FortiGate if Policy Blocks are under the section in FortiManager. |
620890 | Unlock and discard changes on policy package may create duplicate section titles. |
625665 | Policy package installation may fail due to certificates errors after creating a new VDOM. |
626060 | FortiManager cannot set per-device mapping for user-radius-accounting-server-source-ip. |
628389 | When workspace is enabled, Policy Package status may change to Modified when there is nothing to be installed. |
628748 | When scrolling through URL Filter list under Web Filter Profile, the list either takes time to load or it does not show all URLs. |
630055 | Some custom application signatures have id 0 in the application list. |
630582 | Deleted policy IDs may still appear in the GUI. |
630891 | Cloned policy may not get installed onto devices. |
631405 | FortiManager should check for mgmt interface configuration for dedicated to mgmt setting before allow using the interface on a policy. |
632545 | Installing policy package may result in an error: Could not read zone validation results. |
632715 | In DoS policy, changing quarantine from attacker to none keeps quarantine-expiry set incorrectly. |
632771 | Sometimes users are not updated on FortiManager after a new session is created on ISE. |
633248 | Web proxy profile is not being installed on FortiGate when the proxy type is Transparent-web. |
633431 | Changing to Classical Dual Pane disables Policy Hit Count. |
633727 | FortiManager is unable to display summary of policy package diff for VDOM with a long name. |
634597 | FortiManager may unset speed on ports which are configured with 10000full. |
636010 | FortiManager cannot push custom application signatures from different policy packages to the same FortiGate. |
636133 | When is bfd disabled, FortiManager should exclude bfd-desired-min-tx and bfd-required-min-rx from installation. |
636732 | Copying policy causes interface binding contradiction for object member. |
637688 | FortiManager prompts the error message, The data is invalid for selected url, when copying and pasting policy to a different policy package. |
639753 | After a FortiToken is activated on the FortiGate, the next policy install from FortiManager would unset reg-id and os-ver on the token. |
640400 | FortiManager may purge the list of resolved IPs of a dynamic address on the FortiGate. |
640662 | Policy page shows a blank entry for the Users column when device group is selected. |
643098 | FortiManager may have slow installation of policy package due to many VIPs have the same external VIP. |
643113 | Changing an Accept policy to Deny when the policy contains a Security Profile Group results in installation failure. |
643930 | Finding Duplicate Objects shows does not display duplicated addresses if wildcard is empty. |
643957 | When there are many firewall addresses, FortiManager may be slow to show all addresses under CLI Only Objects. |
645367 | Discarded policy deletion in Policy Package may delete all policies while they are still visible on the GUI. |
645661 | A valid custom IPS signature may still trigger invalid IPS data error. |
647337 | FortiManager may fail to retrieve FSSO user groups via FortiGate. |
599129 | While editing policy from Policy Package, it is not possible to select SSL/SSH Inspection profile. |
618321 | FortiManager is unable to create RSSO Group if Agent is configured with a custom name. |
620092 | Interface Pair view is not working for Security Policies. |
634241 | VIP created using CLI script is not available to use in a policy. |
644689 | FortiManager may not be able to load application control profile. |
583151 | FortiManager should not change the default value of scan-mode and ssl-ssh-profile/inspection-mode when installing v6.0 policy package to v6.2. |
600165 | Firewall consolidated policy is still named as SSL Inspection & Authentication when it is profile based. |
623833 | Username cannot exceed 35 characters. |
640157 | Verification may fail due to wrong default setting of log.memory.global-setting > set max-size'. |
Revision History
Bug ID | Description |
---|---|
586275 | Policy Package Diff does not show user or admin details. |
594933 | Re-installing Policy Package cannot skip to Install Policy Package, which fails validation. |
604680 | FortiManager sets FSSO to disable even though FSSO group is in use. |
610032 | After upgrade, installation fails due to the set mediatype command of an interface. |
610687 | FortiManager should not unset forward-error-correct during install. |
613901 | FortiManager may not be able to show more than one log based on one revision ID. |
622540 | FortiManager prompts error, no hub configured, for a site even the site is not part of VPN Manager. |
632129 | syslogd setting source-ip is still visible after setting status to disable, which causes a verification failure. |
633515 | FortiManager should improve error message when FortiManager receives blank or invalid configurations from FortiGate. |
643803 | Policy Package Diff may shows all objects as new changes. |
646372 | When a customer applies changes to a policy package, then all the policy packages in this ADOM change to a Modified state. |
650239 | Installation fails with wireless-controller vap mesh-backhaul setting despite setting being disabled on FortiManager. |
652337 | VPN Manager changes may result in unnecessary FortiGate configuration changes. |
647180 | Install copy may fail with error message ftgd-wf - - The category is already set in another filter. |
634032 | Installing a policy may fail due to log disk setting. |
657344 | Installing from 6.0 ADOM may try to unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2. |
Script
Bug ID | Description |
---|---|
611396 | When a device is locked, FortiManager cannot show the list of devices to run a script. |
634242 | After applying profile-type group on a firewall policy via a script, proxy and SSL profiles should be removed from the corresponding firewall policy. |
592660 | Running a script remotely may trigger a full configuration retrieve instead of a partial configuration retrieve. |
Services
Bug ID | Description |
---|---|
569679 | Port 8888 or 8889 should not always be opened. |
647680 | When importing firmware image for FAP 321E, FortiManager reports the platform as a invalid model. |
652764 | FortiManager to Enforce Firmware Version may fail to upgrade FortGate to a custom build. |
System Settings
Bug ID |
Description |
---|---|
493533 | FortiManager needs to rename custom default protocol option after upgrade. |
556334 | Standard ADOM users should be able to assign system templates to FortiGate devices. |
557949 | Changing a password should be enabled by default for all admin users. |
579563 | Workflow Session List menu seems to always match the first wildcard TACACS admin. |
596212 | SSH filter profile is unset in firewall profile group upon ADOM upgrade. |
618213 | When trying to upgrade FortiManager cluster from FortiManager Master GUI, FortiManager Master reboots before finishing to send firmware to FortiManager secondary device. |
618607 | Upgrading 5.4 ADOM does not convert delay-tcp-npu-sessoin to delay-tcp-npu-session and delete the option. |
628006 | Even though a user has Manage Device Configurations read/write privileges, the user appears to have partial permissions within Device Manager. |
637044 | FortiManager may not be able to save changes under Workspace mode and prompt the error Workspace request failed, please try again. |
640505 | Remote admin authentication with RADIUS may stop working. |
641018 | Upgrading Global ADOM may fail due to Fortinet_NSX local certificate. |
644660 | Installation preview may get stuck and system may run out of memory. |
647575 | Cloning an ADOM may fail with error 0: invalid value. |
655515 | FortiManager may not be able to clone the Security Fabric ADOM. |
650326 | After an HA failover, the new master may have incorrect policies. |
654370 | Users may not be able to access Java console with an error message: Too many concurrent connections. |
VPN Manager
Bug ID |
Description |
---|---|
594889 | Dial-up IPSec VPN tunnel should show tunnel up on VPN manager monitor as it appears on FortiGate. |
621209 | VPN monitor should show the corresponding VPN community tunnels only under each community. |
622046 | Local ID should be visible from the GUI and should be able to modify it when using dial-up group. |
650454 | Installation may fail when Dialup VPN interface is PPPoE logical interface. |