Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in 6.4.1. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
607107 FortiManager prompts installation errors when certain channels are selected for Radio 2 in 5 GHZ band of FAP-421E.

Device Manager

Bug ID Description
547768 FortiManager should allow easier management of the compliance exempt lists.
552492 VAP is always loading under CLI configuration.
558176 Interface-subnet type addresses' interface are re-set to zone after imported leading to copy fail during install.
593364 FortiManager does not install md5 key for OSPF interface configured from Device Manager.
595058 When customer sets "Scheduled Updates" configuration to "1 hour" in FortiGuard on Device Manager, FortiManager installation preview is configured as "set time 1:60".
598916 When creating user groups via CLI Only Objects, comma separated values are treated as a string instead of a list.
599819 Changing static route from subnet to named address does not push the change to FortiGate.
610568 FortiManager may not follow the order in CLI Script template.
619106 When importing a policy, the conflict page may truncate outputs.

627749

Admin user with device-config set as read in admin profile cannot download configuration revision.

634206

SD-WAN Monitoring Table view is broken if a spoke is down.

637630

FortiManager is not showing interface status in Device Manager interface page.

640907

FortiManager is unable to configure FortiSwitch port mirroring.

642348

Device Manager package diff may not work. User may need to perform the package diff from the package install wizard first and go back to Device Manger and perform the diff again.

642512

FortiManager may prompt the "following Member is in use" error when editing a SD-WAN interface member.

642817

Importing interface may report an error when trying to map an interface to a normalized interface with a different name.

642831

SD-WAN may not list VLAN SD-WAN interface members when creating a VPN.

645929

During installation, FortiManager tries to delete internet-service-name, but cannot (static entry). Service name mismatch. Same ISDB ver.

Global ADOM

Bug ID

Description

632400 When installing global policy, FortiManager may delete policy routes and settings on an ADOM.

Others

Bug ID Description
626338 The exec fmpolicy CLI command may not print out policy package correctly.

632822

The merged_daemons process goes to 100% usage and prevents radius authentication.

642580

FortiManager may not be able to edit any existing SD-WAN entry after upgrade to 6.4.1.

647337

FortiManager fails to retrieve FSSO user groups via FortiGate.

Policy & Objects

Bug ID

Description

523350 FortiManager does not show the default certificate under SSL/SSH Inspection within policy.
545759 From or To column filter displays unmapped interfaces in the drop-down list.
547052 FortiManager GUI should not allow creating Security Profiles without any SSL/SSH Inspection Profile defined.
578501 FortiManager should show global icon for global objects assigned to ADOMs.
586026 FortiManager should display zone icon based on existing and non existing dynamic mappings.
612317 FortiManager shows incorrect country code for Cyprus under User definition.
617031 Right-clicking on IPv4/Proxy Policy or Installation Targets should not reload the page if the related information is already displayed.
618321 FortiManager is unable to create RSSO Group if Agent is configured with custom name.
618499 Right-click to edit zone incorrectly prompts dynamic interface window.
620092 Interface Pair View is not working for Security Policies.
623100 FortiManager is constantly changing UUID for firewall address object.

628389

When workspace is enabled, Policy Package Status may change to "Modified" but there is nothing to be installed.

630055

Some custom application signatures have id 0 in application list.

630431

Some application and filter overrides are not displayed on GUI.

631158

FortiManager is unable to import firewall objects of fsso fortiems-cloud user due to Server cannot be empty.

632715

In DoS policy, changing quarantine from attacker to none keeps quarantine-expiry set incorrectly.

633431

Changing to Classical Dual Pane disables Policy Hit Count.

634241

VIP created using CLI script is not available to use in policy.

635966

Azure SDN connector only fetches the first page of results.

636010

FortiManager cannot push custom application signatures from different policy packages to the same FortiGate.

636133

When is bfd disabled, FortiManager should exclude "bfd-desired-min-tx" and "bfd-required-min-rx" from installation.

639753

After a FortiToken is activated on the FortiGate, the next policy install from FortiManager would unset "reg-id" and "os-ver" on the token.

640157

Verification may fail due to wrong default setting of 'log.memory.global-setting' > 'set max-size'.

640662

Policy page shows a blank entry for the Users column when device group is selected.

642807

Find and Replace may not work.

636012

Build 1307: FortiManager reports a conflict for the default SSH CA certificate when importing a policy from a new FortiGate.

Revision History

Bug ID

Description

594933 Re-installing Policy Package cannot skip to install policy Package, which fails validation.
597650 FortiManager cannot install allowed DNS and URL threat feed configuration.
604927 FortiManager can create custom device without category which may lead to failed installation.

Script

Bug ID

Description

630016 FortiGate users can see scripts from all ADOMs.

632014

When editing CLI script group, user cannot see full CLI script name.

634242

After applying profile-type group on a firewall policy via a script, proxy and SSL profiles should be removed from the corresponding firewall policy.

Services

Bug ID Description
437935 FAD-VM license may not be validated on FortiManager.
541192 FortiManager should keep firmware image files when the files are for different FortiExtender devices.

System Settings

Bug ID

Description

556334 Standard ADOM users should be able to assign system templates to FortiGate devices.
586626 Users should be able to identify who locked their assigned ADOM.
611215 SNMP Hosts in SNMP Community are not displayed in the GUI if ADOM is unlocked.

628006

Even though a user has 'Manage Device Configurations' R/W privileges, the user appears to have partial permissions within Device Manager.

630000

SNMP trap is not sent immediately when connecting or disconnecting FortiManager cable.

631733

Changing "trusted IP" can be saved and installed.

641018

Upgrading Global ADOM may fail due to Fortinet_NSX local certificate.

VPN Manager

Bug ID

Description

596953 VPN manager > monitor > Select a specific community from the tree menu to show only that community's tunnels, the monitor page displays a white screen.

Known Issues

The following issues have been identified in 6.4.1. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
607107 FortiManager prompts installation errors when certain channels are selected for Radio 2 in 5 GHZ band of FAP-421E.

Device Manager

Bug ID Description
547768 FortiManager should allow easier management of the compliance exempt lists.
552492 VAP is always loading under CLI configuration.
558176 Interface-subnet type addresses' interface are re-set to zone after imported leading to copy fail during install.
593364 FortiManager does not install md5 key for OSPF interface configured from Device Manager.
595058 When customer sets "Scheduled Updates" configuration to "1 hour" in FortiGuard on Device Manager, FortiManager installation preview is configured as "set time 1:60".
598916 When creating user groups via CLI Only Objects, comma separated values are treated as a string instead of a list.
599819 Changing static route from subnet to named address does not push the change to FortiGate.
610568 FortiManager may not follow the order in CLI Script template.
619106 When importing a policy, the conflict page may truncate outputs.

627749

Admin user with device-config set as read in admin profile cannot download configuration revision.

634206

SD-WAN Monitoring Table view is broken if a spoke is down.

637630

FortiManager is not showing interface status in Device Manager interface page.

640907

FortiManager is unable to configure FortiSwitch port mirroring.

642348

Device Manager package diff may not work. User may need to perform the package diff from the package install wizard first and go back to Device Manger and perform the diff again.

642512

FortiManager may prompt the "following Member is in use" error when editing a SD-WAN interface member.

642817

Importing interface may report an error when trying to map an interface to a normalized interface with a different name.

642831

SD-WAN may not list VLAN SD-WAN interface members when creating a VPN.

645929

During installation, FortiManager tries to delete internet-service-name, but cannot (static entry). Service name mismatch. Same ISDB ver.

Global ADOM

Bug ID

Description

632400 When installing global policy, FortiManager may delete policy routes and settings on an ADOM.

Others

Bug ID Description
626338 The exec fmpolicy CLI command may not print out policy package correctly.

632822

The merged_daemons process goes to 100% usage and prevents radius authentication.

642580

FortiManager may not be able to edit any existing SD-WAN entry after upgrade to 6.4.1.

647337

FortiManager fails to retrieve FSSO user groups via FortiGate.

Policy & Objects

Bug ID

Description

523350 FortiManager does not show the default certificate under SSL/SSH Inspection within policy.
545759 From or To column filter displays unmapped interfaces in the drop-down list.
547052 FortiManager GUI should not allow creating Security Profiles without any SSL/SSH Inspection Profile defined.
578501 FortiManager should show global icon for global objects assigned to ADOMs.
586026 FortiManager should display zone icon based on existing and non existing dynamic mappings.
612317 FortiManager shows incorrect country code for Cyprus under User definition.
617031 Right-clicking on IPv4/Proxy Policy or Installation Targets should not reload the page if the related information is already displayed.
618321 FortiManager is unable to create RSSO Group if Agent is configured with custom name.
618499 Right-click to edit zone incorrectly prompts dynamic interface window.
620092 Interface Pair View is not working for Security Policies.
623100 FortiManager is constantly changing UUID for firewall address object.

628389

When workspace is enabled, Policy Package Status may change to "Modified" but there is nothing to be installed.

630055

Some custom application signatures have id 0 in application list.

630431

Some application and filter overrides are not displayed on GUI.

631158

FortiManager is unable to import firewall objects of fsso fortiems-cloud user due to Server cannot be empty.

632715

In DoS policy, changing quarantine from attacker to none keeps quarantine-expiry set incorrectly.

633431

Changing to Classical Dual Pane disables Policy Hit Count.

634241

VIP created using CLI script is not available to use in policy.

635966

Azure SDN connector only fetches the first page of results.

636010

FortiManager cannot push custom application signatures from different policy packages to the same FortiGate.

636133

When is bfd disabled, FortiManager should exclude "bfd-desired-min-tx" and "bfd-required-min-rx" from installation.

639753

After a FortiToken is activated on the FortiGate, the next policy install from FortiManager would unset "reg-id" and "os-ver" on the token.

640157

Verification may fail due to wrong default setting of 'log.memory.global-setting' > 'set max-size'.

640662

Policy page shows a blank entry for the Users column when device group is selected.

642807

Find and Replace may not work.

636012

Build 1307: FortiManager reports a conflict for the default SSH CA certificate when importing a policy from a new FortiGate.

Revision History

Bug ID

Description

594933 Re-installing Policy Package cannot skip to install policy Package, which fails validation.
597650 FortiManager cannot install allowed DNS and URL threat feed configuration.
604927 FortiManager can create custom device without category which may lead to failed installation.

Script

Bug ID

Description

630016 FortiGate users can see scripts from all ADOMs.

632014

When editing CLI script group, user cannot see full CLI script name.

634242

After applying profile-type group on a firewall policy via a script, proxy and SSL profiles should be removed from the corresponding firewall policy.

Services

Bug ID Description
437935 FAD-VM license may not be validated on FortiManager.
541192 FortiManager should keep firmware image files when the files are for different FortiExtender devices.

System Settings

Bug ID

Description

556334 Standard ADOM users should be able to assign system templates to FortiGate devices.
586626 Users should be able to identify who locked their assigned ADOM.
611215 SNMP Hosts in SNMP Community are not displayed in the GUI if ADOM is unlocked.

628006

Even though a user has 'Manage Device Configurations' R/W privileges, the user appears to have partial permissions within Device Manager.

630000

SNMP trap is not sent immediately when connecting or disconnecting FortiManager cable.

631733

Changing "trusted IP" can be saved and installed.

641018

Upgrading Global ADOM may fail due to Fortinet_NSX local certificate.

VPN Manager

Bug ID

Description

596953 VPN manager > monitor > Select a specific community from the tree menu to show only that community's tunnels, the monitor page displays a white screen.