Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 6.4.2. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

599666 Empty LLDP status information is shown under AP Manager.
619796 When "JSON API Access" is set properly, admin user cannot authorize or deauthorize FAP, FSW, or FEX.

556036

FortiManager cannot configure AP profile short-guard-interval.

Device Manager

Bug ID Description
581940 SD-WAN Monitor may show gaps on the SD-WAN monitoring graph.
593364 FortiManager does not install md5 key for OSPF interface configured from Device Manager.
599852 When password policy is set as enforced, FortiManager should not accept password if it does not meet the policy.
603291 Group membership may be incorrect after adding a VDOM.
603820 FortiManager fails to import policy when reputation-minimum and reputation-direction are set.
612355 Policy Package status remains in modified status after using "Push to device" on an updated object.
619106 When importing a policy, the conflict page may truncate outputs.
626598 Custom Device Meta Fields cannot be modified.
633767 Japanese typo in NTP Service of DHCP Server setting.
637630 FortiManager is not showing interface status in device manager interface page.
637672 Importing AP Profile in AP Manager may cause Config Status changes to "Modified".
642348 Policy package diff from Device Manager may not work.

642817

Importing an interface may report datasrc invalid error if trying to map an interface to an ADOM with a different name.

643172

FortiManager does not support dnsproxy-worker-count higher than two.

644223

FortiManager is unable to add FortiAnalyzer and triggers an error: Object does not exist.

647664

The loopback interface should not be allowed to be added into the zone interface in Device Manager.

648842

CLI only object is missing the fmg-source-ip4 setting.

649195

Editing an address group does not trigger any configuration change when installation target is set to specific device(s).

649711

FortiManager is unable to add FortiAnalyzer and fail to synchronize FortiAnalyzer with current ADOM data with error: Fail(errno=-3):Object does not exist.

650768

When using the model device auto-link feature, FortiManager should keep the remote FortiGate configuration during auto-link install.

FortiSwitch Manager

Bug ID

Description

585926 FortiSwitch Manager under per-device or central mode has no support for multiple FortiLink interfaces.
642959 When re-installing or installing any policy package, FortiManager tries to install security-8021x-dynamic-vlan-id even if there is no 8021x authentication configured on FortiManager.

Global ADOM

 

 

647736

Global ADOM policy package assignment may fail.

Others

Bug ID

Description

626338 The exec fmpolicy CLI command may not print out a policy package correctly.
643784 FortiManager is crashing on security console and wizard is stopped at 50% of deployment.

647791

Cloning VDOM object may fail via CLI.

Policy and Objects

Bug ID

Description

540716 Under Policy Package, the Column Settings dropdown list does not display the Session Count, Session First Used, and Session Last Used options .
545605 Searching on Created Time or Last Modified does not work on policy table.
569226 Section title should always be displayed for filtered policy and section title should not be deleted after policy was deleted.
578501 FortiManager should show global icon for global objects assigned to ADOMs.
591540 Export policy package to excel returns empty packages when table is not loaded.
593417 FortiManager shows incorrect action for allowing invalid SSL certificates.
594888 FortiManager is unable to export policies to excel when consolidated firewall mode is enabled.
601385 Restricted mode admin cannot install Web Rating Overrides changes.
615117 Policy Package section is not sent over to FortiGate if Policy Blocks are under the section in FortiManager.
617031 Right-clicking on IPv4/Proxy Policy or Installation Targets should not reload the page if the related information is already displayed.
626060 FortiManager cannot set per-device mapping for user-radius-accounting-server-source-ip.
628389 When workspace is enabled, Policy Package Status may change to Modified but there is nothing to be installed.
630033 Editing firewall policy and adding FSSO Groups is not displayed correctly.
630055 Some custom application signatures have id 0 in application list.
630582 Deleted policy IDs may still appear in the GUI.
630891 Cloned policy may not get installed onto devices.
631134 Profile type should be set to group if drag and drop security profile group into policy.
632715 In DoS policy, changing quarantine from attacker to none keeps quarantine-expiry set incorrectly.
633431 Changing to Classical Dual Pane disables Policy Hit Count.
633727 FortiManager is unable to display summary of policy package diff for a VDOM with a long name.
636010 FortiManager cannot push custom application signatures from different policy packages to the same FortiGate.
636133 When is bfd disabled, FortiManager should exclude bfd-desired-min-tx and bfd-required-min-rx from installation.
637688 FortiManager prompts the error message, "The data is invalid for selected url", when copying and pasting policy to a different policy package.
639753 After a FortiToken is activated on the FortiGate, the next policy install from FortiManager would unset "reg-id" and "os-ver" on the token.
640400 FortiManager may purge the list of resolved IPs of a dynamic address on the FortiGate.

643098

FortiManager may have slow installation of policy package due to many VIPs with the same external VIP.

643113

Changing an Accept policy to Deny in a policy that contains a Security Profile Group results in installation failure.

643930

Finding Duplicate Objects does not display duplicated addresses if wildcard is empty.

643957

When there are many firewall addresses, FortManager may be slow to show all addresses under CLI Only Objects.

645367

Discarded policy deletion in Policy Package may delete all policies while they are still visible in the GUI.

645661

A valid custom IPS signature may still trigger invalid IPS data error.

645960

FortiManager only sets profile feature set to proxy if the AV profile is used in proxy based policy.

647337

FortiManager may fail to retrieve FSSO user groups via FortiGate.

461746

FortiManager is unable to delete IP Pool Object when disabling Dynamic IP Pool in a policy.

630891

Cloned policy is not installed on devices (global ADOM v5.6).

Revision History

Bug ID

Description

594933 Re-installing Policy Package cannot skip to install policy Package, which fails validation.
610687 FortiManager should not unset forward-error-correct during install.
613901 FortiManager may not be able to show more than one log based on one revision ID.
622540 FortiManager prompts error, 'no hub configured', for a site even the site is not part of VPN Manager.
632129 The syslogd setting source-ip is still visible after setting status to disable, which causes verification failure.
633515 FortiManager should improve the error message when FortiManager receives blank or invalid configurations from FortiGate.
634345 Install preview may not show CLI configurations correctly.
637076 Installing PPPoE interface may fail.
641145 FMG-GCP-VM may always revert MTU to 1460.

643803

Policy Package Diff may shows all objects as new changes.

645929

If FortiGate and FortiManager have the same ISDB version, objects should match and installs should not fail due to mismatched internet service objects.

646372

When the user applies changes to a policy package, then all the policy packages in this ADOM change to a "Modified" state.

Script

Bug ID Description
634242 After applying profile-type group on a firewall policy via a script, proxy and SSL profiles should be removed from the corresponding firewall policy.

Services

Bug ID Description
569679 Port 8888 or 8889 should not always be opened.

647680

When importing firmware image for FAP 321E, FortiManager reports the platform as a invalid model.

654214

FortiManager cannot connect to FDS server via proxy when using FortiGuard Anycast.

System Settings

Bug ID Description
618213 When trying to upgrade FortiManager cluster from FortiManager Master GUI, FortiManager Master is rebooting before finishing to send firmware to FortiManager Slave.
628006 Even though a user has 'Manage Device Configurations' R/W privileges, the user appears to have partial permissions within Device Manager.
637044 FortiManager may not be able to save changes under Workspace mode and prompt error "Workspace request failed, please try again."

643246

FortiManager may not be able to save the remote server LDAP configuration with special characters in Organizational Unit names.

644660

Installation preview may stuck and system may running out of memory.

493533

FortiManager needs to rename custom 'default' protocol option after upgrade.

641018

Upgrading Global ADOM may fail due to Fortinet_NSX local certificate.

Resolved Issues

The following issues have been fixed in 6.4.2. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

599666 Empty LLDP status information is shown under AP Manager.
619796 When "JSON API Access" is set properly, admin user cannot authorize or deauthorize FAP, FSW, or FEX.

556036

FortiManager cannot configure AP profile short-guard-interval.

Device Manager

Bug ID Description
581940 SD-WAN Monitor may show gaps on the SD-WAN monitoring graph.
593364 FortiManager does not install md5 key for OSPF interface configured from Device Manager.
599852 When password policy is set as enforced, FortiManager should not accept password if it does not meet the policy.
603291 Group membership may be incorrect after adding a VDOM.
603820 FortiManager fails to import policy when reputation-minimum and reputation-direction are set.
612355 Policy Package status remains in modified status after using "Push to device" on an updated object.
619106 When importing a policy, the conflict page may truncate outputs.
626598 Custom Device Meta Fields cannot be modified.
633767 Japanese typo in NTP Service of DHCP Server setting.
637630 FortiManager is not showing interface status in device manager interface page.
637672 Importing AP Profile in AP Manager may cause Config Status changes to "Modified".
642348 Policy package diff from Device Manager may not work.

642817

Importing an interface may report datasrc invalid error if trying to map an interface to an ADOM with a different name.

643172

FortiManager does not support dnsproxy-worker-count higher than two.

644223

FortiManager is unable to add FortiAnalyzer and triggers an error: Object does not exist.

647664

The loopback interface should not be allowed to be added into the zone interface in Device Manager.

648842

CLI only object is missing the fmg-source-ip4 setting.

649195

Editing an address group does not trigger any configuration change when installation target is set to specific device(s).

649711

FortiManager is unable to add FortiAnalyzer and fail to synchronize FortiAnalyzer with current ADOM data with error: Fail(errno=-3):Object does not exist.

650768

When using the model device auto-link feature, FortiManager should keep the remote FortiGate configuration during auto-link install.

FortiSwitch Manager

Bug ID

Description

585926 FortiSwitch Manager under per-device or central mode has no support for multiple FortiLink interfaces.
642959 When re-installing or installing any policy package, FortiManager tries to install security-8021x-dynamic-vlan-id even if there is no 8021x authentication configured on FortiManager.

Global ADOM

 

 

647736

Global ADOM policy package assignment may fail.

Others

Bug ID

Description

626338 The exec fmpolicy CLI command may not print out a policy package correctly.
643784 FortiManager is crashing on security console and wizard is stopped at 50% of deployment.

647791

Cloning VDOM object may fail via CLI.

Policy and Objects

Bug ID

Description

540716 Under Policy Package, the Column Settings dropdown list does not display the Session Count, Session First Used, and Session Last Used options .
545605 Searching on Created Time or Last Modified does not work on policy table.
569226 Section title should always be displayed for filtered policy and section title should not be deleted after policy was deleted.
578501 FortiManager should show global icon for global objects assigned to ADOMs.
591540 Export policy package to excel returns empty packages when table is not loaded.
593417 FortiManager shows incorrect action for allowing invalid SSL certificates.
594888 FortiManager is unable to export policies to excel when consolidated firewall mode is enabled.
601385 Restricted mode admin cannot install Web Rating Overrides changes.
615117 Policy Package section is not sent over to FortiGate if Policy Blocks are under the section in FortiManager.
617031 Right-clicking on IPv4/Proxy Policy or Installation Targets should not reload the page if the related information is already displayed.
626060 FortiManager cannot set per-device mapping for user-radius-accounting-server-source-ip.
628389 When workspace is enabled, Policy Package Status may change to Modified but there is nothing to be installed.
630033 Editing firewall policy and adding FSSO Groups is not displayed correctly.
630055 Some custom application signatures have id 0 in application list.
630582 Deleted policy IDs may still appear in the GUI.
630891 Cloned policy may not get installed onto devices.
631134 Profile type should be set to group if drag and drop security profile group into policy.
632715 In DoS policy, changing quarantine from attacker to none keeps quarantine-expiry set incorrectly.
633431 Changing to Classical Dual Pane disables Policy Hit Count.
633727 FortiManager is unable to display summary of policy package diff for a VDOM with a long name.
636010 FortiManager cannot push custom application signatures from different policy packages to the same FortiGate.
636133 When is bfd disabled, FortiManager should exclude bfd-desired-min-tx and bfd-required-min-rx from installation.
637688 FortiManager prompts the error message, "The data is invalid for selected url", when copying and pasting policy to a different policy package.
639753 After a FortiToken is activated on the FortiGate, the next policy install from FortiManager would unset "reg-id" and "os-ver" on the token.
640400 FortiManager may purge the list of resolved IPs of a dynamic address on the FortiGate.

643098

FortiManager may have slow installation of policy package due to many VIPs with the same external VIP.

643113

Changing an Accept policy to Deny in a policy that contains a Security Profile Group results in installation failure.

643930

Finding Duplicate Objects does not display duplicated addresses if wildcard is empty.

643957

When there are many firewall addresses, FortManager may be slow to show all addresses under CLI Only Objects.

645367

Discarded policy deletion in Policy Package may delete all policies while they are still visible in the GUI.

645661

A valid custom IPS signature may still trigger invalid IPS data error.

645960

FortiManager only sets profile feature set to proxy if the AV profile is used in proxy based policy.

647337

FortiManager may fail to retrieve FSSO user groups via FortiGate.

461746

FortiManager is unable to delete IP Pool Object when disabling Dynamic IP Pool in a policy.

630891

Cloned policy is not installed on devices (global ADOM v5.6).

Revision History

Bug ID

Description

594933 Re-installing Policy Package cannot skip to install policy Package, which fails validation.
610687 FortiManager should not unset forward-error-correct during install.
613901 FortiManager may not be able to show more than one log based on one revision ID.
622540 FortiManager prompts error, 'no hub configured', for a site even the site is not part of VPN Manager.
632129 The syslogd setting source-ip is still visible after setting status to disable, which causes verification failure.
633515 FortiManager should improve the error message when FortiManager receives blank or invalid configurations from FortiGate.
634345 Install preview may not show CLI configurations correctly.
637076 Installing PPPoE interface may fail.
641145 FMG-GCP-VM may always revert MTU to 1460.

643803

Policy Package Diff may shows all objects as new changes.

645929

If FortiGate and FortiManager have the same ISDB version, objects should match and installs should not fail due to mismatched internet service objects.

646372

When the user applies changes to a policy package, then all the policy packages in this ADOM change to a "Modified" state.

Script

Bug ID Description
634242 After applying profile-type group on a firewall policy via a script, proxy and SSL profiles should be removed from the corresponding firewall policy.

Services

Bug ID Description
569679 Port 8888 or 8889 should not always be opened.

647680

When importing firmware image for FAP 321E, FortiManager reports the platform as a invalid model.

654214

FortiManager cannot connect to FDS server via proxy when using FortiGuard Anycast.

System Settings

Bug ID Description
618213 When trying to upgrade FortiManager cluster from FortiManager Master GUI, FortiManager Master is rebooting before finishing to send firmware to FortiManager Slave.
628006 Even though a user has 'Manage Device Configurations' R/W privileges, the user appears to have partial permissions within Device Manager.
637044 FortiManager may not be able to save changes under Workspace mode and prompt error "Workspace request failed, please try again."

643246

FortiManager may not be able to save the remote server LDAP configuration with special characters in Organizational Unit names.

644660

Installation preview may stuck and system may running out of memory.

493533

FortiManager needs to rename custom 'default' protocol option after upgrade.

641018

Upgrading Global ADOM may fail due to Fortinet_NSX local certificate.