Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Release Notes

Resolved Issues

The following issues have been fixed in 6.2.9. For inquires about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID

Description

665207 FortiManager needs IPv6 support on Syslog server setting.
697098 Retrieving HA configuration may fail when adding FortiGate.

701348

Once VRPP instance is created, user should be able to edit or delete it.

711713

DHCP relay is displayed as DHCP server when workspace is unlocked.

718184

AutoUpdate with "unset options" & "unset post-lang" may cause device database and policy package status shown as OUT-OF-SYNC.

719028

FortiManager may not update FortiGate's VDOM license information when it is changed.

735066

FortiManager may not be able to create a VDOM link via Device Manager with an error on "invalid vdom" message.

739369

When revision history is very large, FortiManager may not be able to retrieve configuration.

742960

After locked a FortiGate in workspace mode, FortiManager may not show button to upgrade the FortiGate's firmware.

Global ADOM

Bug ID

Description

680798 FortiManager may return error, "Could not read zone validation results", when assigning global ADOM changes with "Automatically Install Policies to ADOM Devices".

728803

Copying global firewall policy may fail due to duplicate IPS sensors.

741942

FortiManager should show clear error message for duplicated object assigned from Global ADOM.

745772 FortiManager may randomly delete FortiManager IPv4 policies when assigning from the Global ADOM.

753299

FortiManager cannot save scripts in Global ADOM.

Others

Bug ID

Description

657997 Assigning device to system template may not work via JSON when FortiManager is in workspace mode.
724470 dmworker may crash on device retrieve or revision import.

728375

JSON API may return "runtime error 0: invalid value" error when getting dynamic mapping with "fields" attribute.

740523

Retrieve task may fail due to autoupdate file already been deleted by fgfm.

742137

FortiManager may return an error when running an Ansible script to configure network interfaces, zones, and policies.

Policy and Objects

Bug ID Description
642708 View Mode may unexpectedly change from Interface Pair View to By Sequence mode.

664655

Export policy in CSV may result in an empty file.

686911 Workflow session may not be able to compare with error: "Can not compare because of invalid Revision Diff data".

704637

FortiManager allows VIP to be configured without default value or dynamic mapping.

709908

When checking the status on AntiVirus profile, it may not show the correct inspection mode in list view with status stays in "flow-based (Full Scan)".

711679

IPS custom object and signature name should be unique across all VDOMs.

715269

"CVE-2021-26857" default action should be Drop on the FortiManager when the IPS version is greater than 18.028.

715275

FortiManager may not be able to show specific signature.

715722

Users may not be able to delete global object.

738475

Special characters within policy's comment causes all policies missing on GUI.

740944

Custom IPS Signature script may fail to run on policy package or ADOM database.

Revision History

Bug ID Description
691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.
711314 VDOM specific 'Disclaimer Page' configuration is purged from 'default' replacemsg-group during Policy Package installation.

725717

After upgrade, installation may fail due to mcast-session-counting.

735455

FortiManager may try to delete thousands of policies during install.

742242

Install fails after upgrade due to "set server-identity-check enable" on LDAP server configuration.

755687

FortiManager may show admin with no password when adding a new VDOM to FortiGate-2200E/2201E.

Script

Bug ID Description
715305 When changing system setting opmode from nat to transparent via a script, FortiManager may return failure to commit to database stating that there is no interface.

721740

FortiManager may fail to run CLI script on Device DB after dmworker crash.

740938

Direct CLI script may fail when it contains an 'exec' command.

755606

Running script to create transparent VDOM may fail.

Services

Bug ID Description
688498 FortiSwitch version shown in the FortiGuard package page is not seen on FortiGate.
733174 FortiManager may not be able to recognize the object id 06002000NIDS02604 as IPS Signature Database(Extended).

System Settings

Bug ID Description
711446 Copy may fail due to invalid protocol options when both FortiGate and ADOM are upgraded to v6.2.

715590

As soon as a policy-package is located within two nested folders, locked policy packages must be shown and took into account in Settings > Admin Sessions.

738778

ADOM upgrade may fail from version 5.4 to 5.6 due to incorrect check on policy block.

VPN Manager

Bug ID Description
712861 Policy Package Status stays Synchronized despite SSL-VPN Portal configuration is changed using VPN Manager.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID Description
714934

FortiManager 6.2.9 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-32587

715916

FortiManager 6.2.9 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-32598

Resolved Issues

The following issues have been fixed in 6.2.9. For inquires about a particular bug, please contact Customer Service & Support.

Device Manager

Bug ID

Description

665207 FortiManager needs IPv6 support on Syslog server setting.
697098 Retrieving HA configuration may fail when adding FortiGate.

701348

Once VRPP instance is created, user should be able to edit or delete it.

711713

DHCP relay is displayed as DHCP server when workspace is unlocked.

718184

AutoUpdate with "unset options" & "unset post-lang" may cause device database and policy package status shown as OUT-OF-SYNC.

719028

FortiManager may not update FortiGate's VDOM license information when it is changed.

735066

FortiManager may not be able to create a VDOM link via Device Manager with an error on "invalid vdom" message.

739369

When revision history is very large, FortiManager may not be able to retrieve configuration.

742960

After locked a FortiGate in workspace mode, FortiManager may not show button to upgrade the FortiGate's firmware.

Global ADOM

Bug ID

Description

680798 FortiManager may return error, "Could not read zone validation results", when assigning global ADOM changes with "Automatically Install Policies to ADOM Devices".

728803

Copying global firewall policy may fail due to duplicate IPS sensors.

741942

FortiManager should show clear error message for duplicated object assigned from Global ADOM.

745772 FortiManager may randomly delete FortiManager IPv4 policies when assigning from the Global ADOM.

753299

FortiManager cannot save scripts in Global ADOM.

Others

Bug ID

Description

657997 Assigning device to system template may not work via JSON when FortiManager is in workspace mode.
724470 dmworker may crash on device retrieve or revision import.

728375

JSON API may return "runtime error 0: invalid value" error when getting dynamic mapping with "fields" attribute.

740523

Retrieve task may fail due to autoupdate file already been deleted by fgfm.

742137

FortiManager may return an error when running an Ansible script to configure network interfaces, zones, and policies.

Policy and Objects

Bug ID Description
642708 View Mode may unexpectedly change from Interface Pair View to By Sequence mode.

664655

Export policy in CSV may result in an empty file.

686911 Workflow session may not be able to compare with error: "Can not compare because of invalid Revision Diff data".

704637

FortiManager allows VIP to be configured without default value or dynamic mapping.

709908

When checking the status on AntiVirus profile, it may not show the correct inspection mode in list view with status stays in "flow-based (Full Scan)".

711679

IPS custom object and signature name should be unique across all VDOMs.

715269

"CVE-2021-26857" default action should be Drop on the FortiManager when the IPS version is greater than 18.028.

715275

FortiManager may not be able to show specific signature.

715722

Users may not be able to delete global object.

738475

Special characters within policy's comment causes all policies missing on GUI.

740944

Custom IPS Signature script may fail to run on policy package or ADOM database.

Revision History

Bug ID Description
691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.
711314 VDOM specific 'Disclaimer Page' configuration is purged from 'default' replacemsg-group during Policy Package installation.

725717

After upgrade, installation may fail due to mcast-session-counting.

735455

FortiManager may try to delete thousands of policies during install.

742242

Install fails after upgrade due to "set server-identity-check enable" on LDAP server configuration.

755687

FortiManager may show admin with no password when adding a new VDOM to FortiGate-2200E/2201E.

Script

Bug ID Description
715305 When changing system setting opmode from nat to transparent via a script, FortiManager may return failure to commit to database stating that there is no interface.

721740

FortiManager may fail to run CLI script on Device DB after dmworker crash.

740938

Direct CLI script may fail when it contains an 'exec' command.

755606

Running script to create transparent VDOM may fail.

Services

Bug ID Description
688498 FortiSwitch version shown in the FortiGuard package page is not seen on FortiGate.
733174 FortiManager may not be able to recognize the object id 06002000NIDS02604 as IPS Signature Database(Extended).

System Settings

Bug ID Description
711446 Copy may fail due to invalid protocol options when both FortiGate and ADOM are upgraded to v6.2.

715590

As soon as a policy-package is located within two nested folders, locked policy packages must be shown and took into account in Settings > Admin Sessions.

738778

ADOM upgrade may fail from version 5.4 to 5.6 due to incorrect check on policy block.

VPN Manager

Bug ID Description
712861 Policy Package Status stays Synchronized despite SSL-VPN Portal configuration is changed using VPN Manager.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID Description
714934

FortiManager 6.2.9 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-32587

715916

FortiManager 6.2.9 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-32598