Known Issues
The following issues have been identified in 6.4.2. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.
AP Manager
Bug ID |
Description |
---|---|
607107 | FortiManager prompts installation errors when certain channels are selected for Radio 2 in 5 GHZ band of FAP-421E. |
599189 |
FortiManager should be able to handle upgrading more than 10 APs at once. |
607170 |
Dynamic VLAN option is not saved in SSID in AP Manager. |
633171 |
There may be a DFS Channel mismatch between FortiManager and FortiGate for FAP-223E. |
645030 |
Adding FortiGate using custom admin profile may fail to list FAP in AP Manager. |
645713 |
FortiManager is able to create SSID which cannot be deleted after. |
648812 |
DHCP server is incorrectly created for Bridge SSID. |
653329 |
FortiManager is sending the wrong device setting after changing the FAP name. |
Device Manager
Bug ID |
Description |
---|---|
547768 | FortiManager should allow easier management of the compliance exempt lists. |
552492 | VAP is always loading under CLI configuration. |
595058 | The user sets Scheduled Updates configuration to 1 hour in FortiGuard; however, in the FortiManager Device Manager, the installation preview is configured as "set time 1:60". |
598916 | When creating user groups via CLI Only Objects, comma separated values are treated as a string instead of a list. |
610568 | FortiManager may not follow the order in CLI Script template. |
627749 | Admin user with device-config
set as read in admin profile cannot download configuration revision. |
640907 | FortiManager is unable to configure FortiSwitch port mirroring. |
598424 |
Interface cannot create more than 48 IP-MAC bindings in DHCP reservation from GUI. |
602393 |
Device joined telemetry not showing on FortiManager under Telemetry group. |
604125 |
FortiManager may not be able to edit VDOM link interface from VDOM level. |
605688 |
Pac file data limited to 4000 characters under CLI Configuration. |
607923 |
Security Fabric Connection option is removed from VLAN interface after changes are applied. |
613029 |
SD-WAN Monitor is showing effect of exceeded SLA even if when it is disabled. |
625541 |
Changing a certificate on FortiGate triggers auto-update that may incorrectly update partial configuration on multiple VDOMs. |
627664 |
FortiManager cannot work with socket-size 0 and changes it to 1 automatically. |
630316 |
After auto-conf IPv6 address is changed on FortiGate, the address is not updated into device database. |
635316 |
Return button is not working when viewing HA mode. |
636012 |
Importing a policy may report conflict for the default SSH CA certificates. |
636357 |
Retrieve may fail on FortiGate cluster with "Failed to reload configuration. invalid value" error. |
636638 |
Fabric view may stuck at loading. |
638061 |
FortiGate 7000 may not be added and result with failure to update device information. |
639854 |
No IPv6 format in router GUI for BGP. |
644596 |
FortiManager is unable to deauthorize explicit proxy user(s). |
645086 |
Policy Lookup shows an error even though device is in sync. |
649157 |
Mapping interface containing "/" results error "Object does not exist" during import policy. |
649566 |
CLI Template is not able to install same name interface using vpn ipsec phase1-interface and config system ipsec-aggregate. |
649769 |
FortiManager cannot view full list of Extenders. |
649785 |
SD-WAN > Monitor may hang for an ADOM with 1500 devices. |
651560 |
SD-WAN monitor may stuck loading when the admin user belongs to device group. |
651712 |
SD-WAN monitor keeps loading and not displaying anything in backup mode ADOM. |
652052 |
FortiManager may fail to add another FortiManager in Fabric ADOM. |
652427 |
FortiManager may not be able to configure any value on the access list prefix. |
652481 |
Allow access is missing under interface on AWS FortiGate and may cause installation to fail. |
653388 |
IPsec VPN Phase-1 tunnel interface is not added in VDOM interface list with long VDOM name. |
653465 |
FortiManager may not be able to edit DHCP options function on GUI. |
FortiSwitch Manager
Bug ID |
Description |
---|---|
650453 | FortiSwitch template and VLAN shall appear for firewall policy creation. |
651788 |
FortiSwitch Manager not showing correct online or offline status. |
Global ADOM
Bug ID |
Description |
---|---|
632400 | When installing global policy, FortiManager may delete policy routes and settings on an ADOM. |
Others
Bug ID | Description |
---|---|
632822 | The merged_daemons process goes to 100% usage and prevents radius authentication. |
647337 |
FortiManager fails to retrieve FSSO user groups via FortiGate |
481129 |
FortiManager is lacking API for policy consistency check. |
647156 |
FortiManager cannot clone any of the |
Policy & Objects
Bug ID |
Description |
---|---|
523350 | FortiManager does not show the default certificate under SSL/SSH Inspection within a policy. |
545759 | From or To column filter displays unmapped interfaces in the drop-down list. |
547052 | FortiManager GUI should not allow creating Security Profiles without any SSL/SSH Inspection Profile defined. |
586026 | FortiManager should display zone icon based on existing and non existing dynamic mappings. |
611980 | Policy is not installed on selected devices when one device is excluded due to Zone validation failed. |
612317 | FortiManager shows incorrect country code for Cyprus under User definition. |
618321 | FortiManager is unable to create RSSO Group if Agent is configured with custom name. |
620092 | Interface Pair View is not working for Security Policies. |
623100 | FortiManager is constantly changing UUID for firewall address object. |
630431 | Some application and filter overrides are not displayed on GUI. |
631158 | FortiManager is unable to
import firewall objects of fsso fortiems-cloud user due to Server cannot be
empty. |
634241 | VIP created using CLI script is not available to use in policy. |
635966 | Azure SDN connector only fetches the first page of results. |
640157 | Verification may fail due to wrong default setting of 'log.memory.global-setting' > 'set max-size'. |
525625 |
When configuring web filter rating override, the configuration is pushed to all the VDOMs even when web filter is not used. |
531112 |
Consolidated policy is missing implicit deny policy. |
568482 |
FortiManager ADOM web filter profile configuration promoted to Global database does not rename associated FortiGuard local categories. |
580880 |
FortiManager is unable to see dynamic mapping for Local Certificate if workflow session is created. |
583151 |
FortiManager should not change default value of scan-mode and ssl-ssh-profile/inspection-mode when installing v6.0 policy package to v6.2. |
585177 |
FortiManager is unable to create VIPv6 virtual server objects. |
597011 |
Importing groups from Aruba ClearPass may fail. |
599129 |
While editing policy from Policy Package, it is not possible to select SSL/SSH Inspection profile. |
613171 |
FortiManager is unable to export 3000 Policies to Excel Spreadsheet and return error InternalError: "too much recursion". |
617894 |
FortiManager is missing IPV6 none values after modifying policy. |
623833 |
Username cannot exceed 35 characters. |
631311 |
Promoting object groups to global may attempt to install contained objects back to ADOM upon global policy package assignment. |
645058 |
Existing objects may disappear while editing policy and adding new one in batch mode. |
647189 |
FortiManager dynamic object filter generator is adding a "s" at the end of tag resulting in non-working object. |
648767 |
No connection request is sent out for ClearPass connector in ADOM. |
648815 |
Package with address group in SSL inspection cannot be installed to FortiGate. |
650339 |
Source or destination address may not show in policy. |
652753 |
FortiManager may show entry IDs instead of names when an obsolete internet service is selected. |
655248 |
Policy Consistency Check may return duplicate address object names. |
615624 | Firewall policy and proxy policy cannot select IP type external resource as address. |
651955 | Thread feed is not deleted by install even it is removed from a policy. |
654562 | FortiManager may fail to install profile-group and apply it on a policy. |
632771 |
Sometimes users are not updated on FortiManager after a new session is created on ISE. |
Revision History
Bug ID |
Description |
---|---|
597650 | FortiManager cannot install allowed DNS and URL threat feed configuration. |
604927 | FortiManager can create custom device without category which may lead to failed installation. |
618305 | FortiManager changes
configuration system csf settings. |
586275 |
Policy Package Diff does not show user or admin details. |
496870 |
Fabric SDN Connector is installed on FortiGate even if it is not in used. |
587682 |
Installing mobile token that does not belong to target FortiGate may fail. |
606005 |
FortiManager may not show interface delta changes. |
606737 |
User may not be able to install policy package due to change with external interface with VIP settings. |
611169 |
Install may fail with error "Associated Interface conflict detected!" |
612263 |
FortiManager may not install ADSL vci and VPI to FWF-60E-DSL. |
623159 |
Zone validation in re-Install Policy is not saving the user choice and deleting all related policies. |
635786 |
Default hbdev values may change after upgrade. |
635957 |
Install fails for subnet overlap IP between two interfaces. |
637103 |
Scrolling in install preview is not smooth and may get stuck. |
647180 |
Install copy may fail with error message "ftgd-wf - - The category is already set in another filter." |
650239 |
Installation fails with "wireless-controller vap mesh-backhaul" setting despite setting being disabled on FortiManager. |
652337 |
VPN Manager changes may result in unnecessary FortiGate configuration changes. |
654496 |
When installing configuration to a device after Auto link, FortiManager may send incorrect system ntp commands causing install to fail. |
655246 |
The adom-rev-auto-delete option may not work to automatically delete revisions. |
656505 |
Install may fail for youtube-channel-filter after creating a web filter profile. |
Script
Bug ID |
Description |
---|---|
630016 | FortiGate user can see scripts from all ADOMs. |
632014 | When editing CLI script group, the user cannot see full CLI script name. |
611396 |
After locked on a device, FortiManager cannot show the list of devices to run a script. |
613575 |
After script is run directly on CLI, FortiManager may fail to reload configuration. |
Services
Bug ID |
Description |
---|---|
437935 | FAD-VM license may not be validated on FortiManager. |
541192 | FortiManager should keep firmware image files when the files are for different FortiExtender devices. |
567664 |
HA secondary device does not update FortiMeter license. |
587730 |
FortiGate-VM64-AZURE may not be listed in firmware image page. |
591821 |
FortiManager may not honor the |
603414 |
FortiManager may show incorrect firmware upgrade path. |
616320 |
FortiManager may ignore FortiGuard update schedule. |
652764 |
FortiManager Enforce Firmware Version may fail to upgrade FortGate to a custom build. |
654129 |
FortiManager may not have the correct upgrade path for FortiGate KVM. |
System Settings
Bug ID | Description |
---|---|
556334 | Standard ADOM users should be able to assign system templates to FortiGate devices. |
586626 | Users should be able to identify who locked their assigned ADOM. |
596212 | SSH filter profile is unset in firewall profile group upon ADOM upgrade. |
611215 | SNMP Hosts in SNMP Community are not displayed in the GUI if ADOM is unlocked. |
631733 | Changing trusted IP can be saved and installed. |
479723 |
FortiManager may have no control to Fabric View in admin profile. |
489837 |
Certificate request CRS does not include the SAN DNS. |
598194 |
FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication. |
614127 |
FortiManager should show details in the fnbamd debug if login fails due to trusted hosts. |
623457 |
FortiManager prompts error while importing CA certificate. |
625683 |
Changes made by ADOM upgrade may not update "Last Modified" date/time and user admin. |
639099 |
There are many "cdb event log for object changed" in event logs after upgrade. |
650326 |
After HA failover, the new master may have incorrect policies. |
652417 |
FortiManager HA may go out of synchronization periodically based on the logs. |
654637 |
Changing a non super user password may not take effect after an upgrade. |
655515 |
FortiManager may not be able to clone the Security Fabric ADOM. |
VPN Manager
Bug ID |
Description |
---|---|
596953 | The Monitor page displays a white screen when the user goes to VPN manager > Monitor, and selects a specific community from the tree menu to show only that community's tunnels. |
576601 |
FortiManager should be able to manage phase2 selectors separately. |
608221 |
There is no "XAUTH USER" column in VPN Manager Monitor. |
620801 |
SSLVPN > Edit SSLVPN Settings > IP Range only shows configuration from ADOM database objects. |
645093 |
VPN Manager error Peer type cannot be peer when authentication method is pre-share key. |
647413 |
User should be able to select the OS to allow or deny an SSL-VPN tunnel connection. |
650454 |
Installation may fail when Dialup VPN interface is PPPoE logical interface. |
653328 |
FortiManager is unable to edit a SSL portal in VPN Manager containing "/" special character. |