Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 6.4.1. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
555159 After deleting an SSID from Device Manager, AP Manager still shows the SSID.
620117 AP Manager needs to support of FortiAP-U431F and FortiAP-U433F.

629182

Verification may fail with wtp-profile for FAPU431F-default or FAPU433F-default with radio 3 mode set as ap.

Device Manager

Bug ID Description
525051 Automation stitch cannot add FortiGates to automation.
543824 User with restricted permissions may be able to access global settings.
544982 Policy Package Status may become out-of-sync for all devices when adding one device to Install On.
589453 Application group of type category should not be used for SD-WAN rules.
601692 FortiManager is unable to overwrite IPv6 default route.
603286 Device Manager's dashboard System Time and HA Mode buttons do not work.
610071 When creating a new interface based VPN phase1, FortiManager should not allow duplicated names.
610585 Device Manager cannot save DHCP for Unknown MAC address with action set to block.
610937 In non-root management VDOM, FortiManager prompts no permission error when accessing device interface.
611315 SD-WAN should be allowed to configure port for HTTP health-check server.
613426 VDOMs may show up twice in Device Manager.
613762 Connecting to CLI via SSH may not work when FortiGate is behind NAT.
615092 FortiManager should allow using FQDN for FortiAnalyzer logging.
616264 IPv6 extra-address may not convert properly.
616537 FortiGate and FortiManager GUI should use similar terminology for configuring weight and volume-ratio in SD-WAN.
620029 Deleting a VDOM may prompt "Internal Error".
622353 Cloning VPN Phase1-Interface does not clone Phase1 proposals.
625691 FortiManager does not allow DHCP lease time to be disabled.
626152 Adding FortiGate-100E may fail at "user group.guest".
627351 System Templates are unable to apply or import certificate in syslog settings for v6.0 ADOMs.

624596

Device Manager's Connect to CLI function with SSH may prompt an error message.

625831

Deleting a device from Device Manager may take a long time and FortiManager becomes very slow.

631576

Device list may be empty under device group when trying to edit it.

638351

FortiManager is unable to set FAZ IP override setting as global setting.

FortiSwitch Manager

Bug ID Description
624143 FortiSwitch Manager may not install VLAN to FortiGate.

Others

Bug ID Description
622411 Valid zone and interface mappings are deleted after running the diag cdb check policy-packages command.

623147

FortiManager may never form a HA due to variance in certificates.

629332

Securityconsole may crash when copying policy package.

635616

The ADOM integrity check may fail with SD-WAN dynamic interface members.

Policy and Objects

Bug ID Description
553462 FortiManager may prompt error, when Zone member VLAN is used by another zone, when installing policy package.
577201 Next button should be inactive until zone validation is fixed in the case of Re-Install Policy.
577816 Policy-based rule shows NAT status as disabled or empty.
577818 When a policy package in an ADOM v6.0 is enabled with policy-based mode, the rules do not show the application column.
580166 Bulk installation gets stuck with fake policy package.
581588 Central SNAT policy does not support showing IPv6 address on table.
582255 FortiManager is unable to lock ADOM if another admin is installing a policy to same FortiGate in a different ADOM.
596533 Renaming policy package changes the implicit policy's "Log Violation Traffic" setting to "No Log".
599780 If one or more devices has a policy validation error, FortiManager does not show other devices that are "ready to install".
601320 FortiManager should be able to display IPv4 policies in Interface Pair View mode.
607281 pxgrid connector on FortiManager may not work with Cisco ISE version 2.7.
609300 FortiManager may not be able to import all Cisco ACI Fabric Connector address.
612445 Policy package for v5.6 cannot be installed on v6.0 devices if default deep SSL inspection is used.
613840 Process bar does not show correct status when an address fails to import for fabric connector.
614710 Result of search in device interface should display zone that the interface is a member of.
618711 Install to FortiGate may fails for dhcp-relay-agent-option.
622129 FortiManager may return validation error when creating a policy within a profile based policy package.
623104 FortiManager may not be able to promote the Web Filter object from any ADOM to Global ADOM.
624561 Changing an Accept policy with proxy-based inspection mode to Deny may lead to installation failure.
624586 FortiManager may try to unset "server-identity-check " while pushing a new LDAP server.
628830 FortiManager should be able to select a device to install after adding a group object member to a nested group.
629412 ADOM v6.0 ssl-ssh-profile with deep inspection disabled is changed with deep inspection when installing to a FortiGate v6.2 device.

620890

Unlock and discard changes on policy package may create duplicate section titles.

625665

Policy package installation may fail due to certificates errors after creating a new VDOM.

627796

FortiManager may prompt copy failure on webfilter ftgd-local-rating.

628326

FortiManager may delete reserved address on FortiGate AWS causing installation failure.

629961

When installing to a FortiGate 6.0 device, ssl-ssh-profile status is changed to deep inspection after policy package install.

631138

Copy may fail due to missing SDN connector configuration.

631405

FortiManager should check for 'mgmt' interface configuration for 'dedicated to mgmt' setting before allow using the interface on a policy.

632545

Installing policy package may result in an error: "Could not read zone validation results".

633248

Web proxy profile is not being installed on FortiGate when the proxy type is "Transparent-web".

633870

Installing geneve configuration may fail at verification stage.

634597

FortiManager may unset speed on ports which are configured with 10000full.

636732

Copying policy causes interface binding contradiction for object member.

Revision History

Bug ID

Description

604680 FortiManager sets FSSO to disable even though FSSO group is in use.
604738 Verification fails for replacemsg "auth-authorization-fail" after upgraded FortiManager and installed to FortiGate with system template assigned.
608051 Policy package install time increases when using policy package diff option.
624583 When pushing a new configuration, FortiManager may try to change the Kerberos keytab on the FortiGate causing install failure.

Services

Bug ID

Description

591519 FortiManager adds upgrade support for FortiAP-231E.

633485

FortiManager as a FortiGuard server for FortiClient web filtering queries may not be available.

633534

Validation license process is not working for model device preventing firmware upgrade upon discovery.

System Settings

Bug ID Description
557949 Changing password should be enabled by default for all admin users.
579563 Workflow Session List menu seems to always match the first wildcard TACACS admin.
623149 The list to select device is not consistent with All except ADOMs list restriction.

626773

FortiManager cannot perform system backup when SD-WAN Orchestrator is enabled.

VPN Manager

Bug ID

Description

621209 VPN monitor should show the corresponding VPN community tunnels only under each community.

Resolved Issues

The following issues have been fixed in 6.4.1. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
555159 After deleting an SSID from Device Manager, AP Manager still shows the SSID.
620117 AP Manager needs to support of FortiAP-U431F and FortiAP-U433F.

629182

Verification may fail with wtp-profile for FAPU431F-default or FAPU433F-default with radio 3 mode set as ap.

Device Manager

Bug ID Description
525051 Automation stitch cannot add FortiGates to automation.
543824 User with restricted permissions may be able to access global settings.
544982 Policy Package Status may become out-of-sync for all devices when adding one device to Install On.
589453 Application group of type category should not be used for SD-WAN rules.
601692 FortiManager is unable to overwrite IPv6 default route.
603286 Device Manager's dashboard System Time and HA Mode buttons do not work.
610071 When creating a new interface based VPN phase1, FortiManager should not allow duplicated names.
610585 Device Manager cannot save DHCP for Unknown MAC address with action set to block.
610937 In non-root management VDOM, FortiManager prompts no permission error when accessing device interface.
611315 SD-WAN should be allowed to configure port for HTTP health-check server.
613426 VDOMs may show up twice in Device Manager.
613762 Connecting to CLI via SSH may not work when FortiGate is behind NAT.
615092 FortiManager should allow using FQDN for FortiAnalyzer logging.
616264 IPv6 extra-address may not convert properly.
616537 FortiGate and FortiManager GUI should use similar terminology for configuring weight and volume-ratio in SD-WAN.
620029 Deleting a VDOM may prompt "Internal Error".
622353 Cloning VPN Phase1-Interface does not clone Phase1 proposals.
625691 FortiManager does not allow DHCP lease time to be disabled.
626152 Adding FortiGate-100E may fail at "user group.guest".
627351 System Templates are unable to apply or import certificate in syslog settings for v6.0 ADOMs.

624596

Device Manager's Connect to CLI function with SSH may prompt an error message.

625831

Deleting a device from Device Manager may take a long time and FortiManager becomes very slow.

631576

Device list may be empty under device group when trying to edit it.

638351

FortiManager is unable to set FAZ IP override setting as global setting.

FortiSwitch Manager

Bug ID Description
624143 FortiSwitch Manager may not install VLAN to FortiGate.

Others

Bug ID Description
622411 Valid zone and interface mappings are deleted after running the diag cdb check policy-packages command.

623147

FortiManager may never form a HA due to variance in certificates.

629332

Securityconsole may crash when copying policy package.

635616

The ADOM integrity check may fail with SD-WAN dynamic interface members.

Policy and Objects

Bug ID Description
553462 FortiManager may prompt error, when Zone member VLAN is used by another zone, when installing policy package.
577201 Next button should be inactive until zone validation is fixed in the case of Re-Install Policy.
577816 Policy-based rule shows NAT status as disabled or empty.
577818 When a policy package in an ADOM v6.0 is enabled with policy-based mode, the rules do not show the application column.
580166 Bulk installation gets stuck with fake policy package.
581588 Central SNAT policy does not support showing IPv6 address on table.
582255 FortiManager is unable to lock ADOM if another admin is installing a policy to same FortiGate in a different ADOM.
596533 Renaming policy package changes the implicit policy's "Log Violation Traffic" setting to "No Log".
599780 If one or more devices has a policy validation error, FortiManager does not show other devices that are "ready to install".
601320 FortiManager should be able to display IPv4 policies in Interface Pair View mode.
607281 pxgrid connector on FortiManager may not work with Cisco ISE version 2.7.
609300 FortiManager may not be able to import all Cisco ACI Fabric Connector address.
612445 Policy package for v5.6 cannot be installed on v6.0 devices if default deep SSL inspection is used.
613840 Process bar does not show correct status when an address fails to import for fabric connector.
614710 Result of search in device interface should display zone that the interface is a member of.
618711 Install to FortiGate may fails for dhcp-relay-agent-option.
622129 FortiManager may return validation error when creating a policy within a profile based policy package.
623104 FortiManager may not be able to promote the Web Filter object from any ADOM to Global ADOM.
624561 Changing an Accept policy with proxy-based inspection mode to Deny may lead to installation failure.
624586 FortiManager may try to unset "server-identity-check " while pushing a new LDAP server.
628830 FortiManager should be able to select a device to install after adding a group object member to a nested group.
629412 ADOM v6.0 ssl-ssh-profile with deep inspection disabled is changed with deep inspection when installing to a FortiGate v6.2 device.

620890

Unlock and discard changes on policy package may create duplicate section titles.

625665

Policy package installation may fail due to certificates errors after creating a new VDOM.

627796

FortiManager may prompt copy failure on webfilter ftgd-local-rating.

628326

FortiManager may delete reserved address on FortiGate AWS causing installation failure.

629961

When installing to a FortiGate 6.0 device, ssl-ssh-profile status is changed to deep inspection after policy package install.

631138

Copy may fail due to missing SDN connector configuration.

631405

FortiManager should check for 'mgmt' interface configuration for 'dedicated to mgmt' setting before allow using the interface on a policy.

632545

Installing policy package may result in an error: "Could not read zone validation results".

633248

Web proxy profile is not being installed on FortiGate when the proxy type is "Transparent-web".

633870

Installing geneve configuration may fail at verification stage.

634597

FortiManager may unset speed on ports which are configured with 10000full.

636732

Copying policy causes interface binding contradiction for object member.

Revision History

Bug ID

Description

604680 FortiManager sets FSSO to disable even though FSSO group is in use.
604738 Verification fails for replacemsg "auth-authorization-fail" after upgraded FortiManager and installed to FortiGate with system template assigned.
608051 Policy package install time increases when using policy package diff option.
624583 When pushing a new configuration, FortiManager may try to change the Kerberos keytab on the FortiGate causing install failure.

Services

Bug ID

Description

591519 FortiManager adds upgrade support for FortiAP-231E.

633485

FortiManager as a FortiGuard server for FortiClient web filtering queries may not be available.

633534

Validation license process is not working for model device preventing firmware upgrade upon discovery.

System Settings

Bug ID Description
557949 Changing password should be enabled by default for all admin users.
579563 Workflow Session List menu seems to always match the first wildcard TACACS admin.
623149 The list to select device is not consistent with All except ADOMs list restriction.

626773

FortiManager cannot perform system backup when SD-WAN Orchestrator is enabled.

VPN Manager

Bug ID

Description

621209 VPN monitor should show the corresponding VPN community tunnels only under each community.