Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in 6.4.3. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

667215

FortiManager should be able to classify Rogue FortiAPs.

669906

FortiManager may not be able to install mpsk-key from AP Manager.

Device Manager

Bug ID Description
575215 When creating a new interface for a VDOM, FortiManager may list interfaces that may belong to another ADOM.
598431 Install wizard may show a blank area when scrolling down the wizard to select device(s).
609744 Device Manager > System > Interface may not be able to delete SSID interface.
627664 FortiManager cannot cooperate with socket-size 0 and changes it to 1 automatically.
636012 Importing a policy may report conflict for the default SSH CA certificates.
636357 Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error.
645086 Policy Lookup shows an error even though the device is in sync.
646421 FortiManager may not be able to configure VDOM property resources setting.
649785 SD-WAN > Monitor may hang for an ADOM with 1500 devices.
649821 Installation may fail for FortiGate-600D.
652052 FortiManager may fail to add another FortiManager in Fabric ADOM.
654190 FortiManager should not modify IPv4 addressing mode when IPv6 addressing mode is changed.
655264 VDOM count is not correct when vdom-mode split-vdom is configured on FortiGate with VM0xV license.
659387 FortiManager should be able to provision CLI-template, SD-WAN-template, and Policy Package together to the model device.
659981 FortiManager should be able to identify and show default SSL-SSH profile as read-only profiles.
662243 FortiManager is unable to clone SNMP Community under System Templates.
664253 The auto-join-forticloud configuration may cause out-of-sync status.
665955 FortiManager is not reflecting proper admintimeout value in CLI only object.
666833 GUI returns no warning when 4-byte AS or invalid community being configured on Standard community.
666872 BGP Neighbors table does not have height limit and vertical scroll bar.
667738 GUI should generate error message when using invalid IP address or special characters in interface name.
669129 FortiManager does not create dynamic mapping for address group causing import failure.
669155 SD-WAN monitor hangs while loading when admin profile is set to Read-Only for SD-WAN.
669704 FortiManager does not allow the user to configure FortiGate admin password longer than 32 characters.

670535

Install fails when creating a new DHCP reservation, due to missing MAC address.

670577 When creating an API admin from CLI Configuration, Trusted Host section is missing.
670839 FortiManager should be able to configure IPSec Phase2 selector using the same IP range.
671348 FortiManager should allow more than ten incoming source interfaces for policy routing decision.
672338 FortiManager may unset interface weight in SD-WAN when installing within 6.0 ADOM.
674904 FortiManager may not be able to import policy with interface binding contradiction on srcintf error.

FortiSwitch Manager

Bug ID

Description

650453 FortiSwitch template and VLAN shall appear for firewall policy creation.

Global ADOM

Bug ID

Description

632400 When installing a global policy, FortiManager may delete policy routes and settings on an ADOM.
667197 User should not be able to delete global object when ADOM is not locked.
667423 Assigned header policy from the global ADOM shows up on excluded policy package.

670280

Promoting the Profile Group object should not promote the default Protocol option.

Others

Bug ID

Description

659916 FortiManager may consume high memory usage by the svc sys daemon.
661069 ADOM restricted access user is able to pull Device Manager information from ADOMs via JSON API.
665617 FortiManager may consume high CPU resource when locking ADOM or loading policy.

Policy & Objects

Bug ID Description
565301 Exporting policy package to Excel may not work.
612317 FortiManager shows incorrect country code for Cyprus under User definition.
623100 FortiManager is constantly changing UUID for firewall address object.
652753 When an obsolete internet service is selected, FortiManager may show entry IDs instead of names.
658528 The URL remote category, FortiGuard Threat Feed, is not available in the drop down menu for Proxy Address.
669389 Install may fail due to web filter profile in flow mode with setting changes available in proxy mode only.
670019 There is no Decrypted Traffic Mirror option in policy when only one port mapping is enabled in Full SSL/SSH Inspection.
670061 FortiManager does not report error when an unsupported FQDN address format is created.
670833 Search box for address may not always work.
671265 Global object assignment may not work.
671988 FortiManager is not able to push dynamic objects to FortiGate after received the configurations from NSXT connector.
673305 Policy package install may stuck and fail due to high memory usage.
675541 Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile.

Revision History

Bug ID

Description

601229 FortiManager is missing device-type option for custom device dynamic mapping.
615936 FortiManager is missing the SSH protocol in DLP filter.
637103 Scrolling in Install Preview is not smooth and may get stuck.
647189 FortiManager dynamic object filter generator is adding a "s" at the end of tag resulting in non working object.
651991 After adding and removing Security Profile, policy Security Profile change from no-inspection to empty.
657026 GUI stuck in loading when trying to apply changes made to Anti Virus profile.
660483 IPS signatures may not match between FortiGate and FortiManager.
661590 Without selecting security profile group on proxy policy, FortiManager should fail to install with a proper error message.
664284 FortiManager may not be able to configure SSH certificate.
666258 User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop.
666913 Web URL Filter is deleted when URL Filter option is unchecked under the Web Filter Profile.
667148 When a policy install is performed, Install preview shows lot of firewall policies with metafield changes without any actual change been done.
667414 FortiManager may freeze when editing the comment field on a policy package with many policies.
673327 With traffic shaper in Mbps or Gbps, FortiManager should convert it to Kbps if installation target is non 64 bits FortiGate model.
675867 The ssl-anomaly-log configuration may incorrectly pushed by FortiManager when installing 5.6 ADOM policy to 6.0 FortiGate.

Script

Bug ID Description
668947 Changes using CLI Script may not be applied to devices in the container or folder.
637465 Installation fails when installing global v6.2 IPv4 policy to v6.4 FortiGate.
660525 Installing from FortiManager, it may undo comment, organization, and subnet-name during the install.
662661 Default value of global: system npu ip-reassembly:max-timeout NPU setting in ADOM 6.0 for FortiGate-1800F should be changed to 10000 to avoid Conflict status.

663820

The LDAP port value remains 636 on device database and FortiManager is not accepting custom port number via CLI script.

Services

Bug ID Description
591748 Hide or show license expired devices may not work.
671387 FortiManager installs the latest IPS and application control signatures on managed device despite the To Be Deployed Version is configured.

System Settings

Bug ID

Description

489837 Certificate request CRS does not include the SAN DNS.

489837

Certificate request CRS does not include the SAN DNS.

623457 FortiManager prompts error while importing CA certificate.
631733 Changing trusted IP can be saved and installed.
642205 While FortiAnalyzer model is disabled, FortiManager may fail to create an ADOM due to over size with disk quota.
652417 FortiManager HA may go out of synchronization periodically based on the logs.
660130 ADOM upgrade may fail caused by invalid setting of ssl-exempt.
662970 Firewall addresses may not be not visible on GUI after upgraded FortiManager.
667445 FortiManager may show errors on dynamic_mapping.local-int during upgrade.
677118 Upgrading ADOM from 6.2 to 6.4 may fail due to replacement message.

VPN Manager

Bug ID Description
596953 When the user goes to VPN manager > Monitor, and selects a specific community from the tree menu to show only that community's tunnels, the monitor page displays a white screen.
608221 There is no XAUTH USER column in VPN Manager Monitor.
653328 FortiManager is unable to edit a SSL portal in VPN Manager containing "/" special character.
658221 The dns-suffix on SSL VPN portal is not installed if web-mode is disabled.

Known Issues

The following issues have been identified in 6.4.3. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

667215

FortiManager should be able to classify Rogue FortiAPs.

669906

FortiManager may not be able to install mpsk-key from AP Manager.

Device Manager

Bug ID Description
575215 When creating a new interface for a VDOM, FortiManager may list interfaces that may belong to another ADOM.
598431 Install wizard may show a blank area when scrolling down the wizard to select device(s).
609744 Device Manager > System > Interface may not be able to delete SSID interface.
627664 FortiManager cannot cooperate with socket-size 0 and changes it to 1 automatically.
636012 Importing a policy may report conflict for the default SSH CA certificates.
636357 Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error.
645086 Policy Lookup shows an error even though the device is in sync.
646421 FortiManager may not be able to configure VDOM property resources setting.
649785 SD-WAN > Monitor may hang for an ADOM with 1500 devices.
649821 Installation may fail for FortiGate-600D.
652052 FortiManager may fail to add another FortiManager in Fabric ADOM.
654190 FortiManager should not modify IPv4 addressing mode when IPv6 addressing mode is changed.
655264 VDOM count is not correct when vdom-mode split-vdom is configured on FortiGate with VM0xV license.
659387 FortiManager should be able to provision CLI-template, SD-WAN-template, and Policy Package together to the model device.
659981 FortiManager should be able to identify and show default SSL-SSH profile as read-only profiles.
662243 FortiManager is unable to clone SNMP Community under System Templates.
664253 The auto-join-forticloud configuration may cause out-of-sync status.
665955 FortiManager is not reflecting proper admintimeout value in CLI only object.
666833 GUI returns no warning when 4-byte AS or invalid community being configured on Standard community.
666872 BGP Neighbors table does not have height limit and vertical scroll bar.
667738 GUI should generate error message when using invalid IP address or special characters in interface name.
669129 FortiManager does not create dynamic mapping for address group causing import failure.
669155 SD-WAN monitor hangs while loading when admin profile is set to Read-Only for SD-WAN.
669704 FortiManager does not allow the user to configure FortiGate admin password longer than 32 characters.

670535

Install fails when creating a new DHCP reservation, due to missing MAC address.

670577 When creating an API admin from CLI Configuration, Trusted Host section is missing.
670839 FortiManager should be able to configure IPSec Phase2 selector using the same IP range.
671348 FortiManager should allow more than ten incoming source interfaces for policy routing decision.
672338 FortiManager may unset interface weight in SD-WAN when installing within 6.0 ADOM.
674904 FortiManager may not be able to import policy with interface binding contradiction on srcintf error.

FortiSwitch Manager

Bug ID

Description

650453 FortiSwitch template and VLAN shall appear for firewall policy creation.

Global ADOM

Bug ID

Description

632400 When installing a global policy, FortiManager may delete policy routes and settings on an ADOM.
667197 User should not be able to delete global object when ADOM is not locked.
667423 Assigned header policy from the global ADOM shows up on excluded policy package.

670280

Promoting the Profile Group object should not promote the default Protocol option.

Others

Bug ID

Description

659916 FortiManager may consume high memory usage by the svc sys daemon.
661069 ADOM restricted access user is able to pull Device Manager information from ADOMs via JSON API.
665617 FortiManager may consume high CPU resource when locking ADOM or loading policy.

Policy & Objects

Bug ID Description
565301 Exporting policy package to Excel may not work.
612317 FortiManager shows incorrect country code for Cyprus under User definition.
623100 FortiManager is constantly changing UUID for firewall address object.
652753 When an obsolete internet service is selected, FortiManager may show entry IDs instead of names.
658528 The URL remote category, FortiGuard Threat Feed, is not available in the drop down menu for Proxy Address.
669389 Install may fail due to web filter profile in flow mode with setting changes available in proxy mode only.
670019 There is no Decrypted Traffic Mirror option in policy when only one port mapping is enabled in Full SSL/SSH Inspection.
670061 FortiManager does not report error when an unsupported FQDN address format is created.
670833 Search box for address may not always work.
671265 Global object assignment may not work.
671988 FortiManager is not able to push dynamic objects to FortiGate after received the configurations from NSXT connector.
673305 Policy package install may stuck and fail due to high memory usage.
675541 Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile.

Revision History

Bug ID

Description

601229 FortiManager is missing device-type option for custom device dynamic mapping.
615936 FortiManager is missing the SSH protocol in DLP filter.
637103 Scrolling in Install Preview is not smooth and may get stuck.
647189 FortiManager dynamic object filter generator is adding a "s" at the end of tag resulting in non working object.
651991 After adding and removing Security Profile, policy Security Profile change from no-inspection to empty.
657026 GUI stuck in loading when trying to apply changes made to Anti Virus profile.
660483 IPS signatures may not match between FortiGate and FortiManager.
661590 Without selecting security profile group on proxy policy, FortiManager should fail to install with a proper error message.
664284 FortiManager may not be able to configure SSH certificate.
666258 User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop.
666913 Web URL Filter is deleted when URL Filter option is unchecked under the Web Filter Profile.
667148 When a policy install is performed, Install preview shows lot of firewall policies with metafield changes without any actual change been done.
667414 FortiManager may freeze when editing the comment field on a policy package with many policies.
673327 With traffic shaper in Mbps or Gbps, FortiManager should convert it to Kbps if installation target is non 64 bits FortiGate model.
675867 The ssl-anomaly-log configuration may incorrectly pushed by FortiManager when installing 5.6 ADOM policy to 6.0 FortiGate.

Script

Bug ID Description
668947 Changes using CLI Script may not be applied to devices in the container or folder.
637465 Installation fails when installing global v6.2 IPv4 policy to v6.4 FortiGate.
660525 Installing from FortiManager, it may undo comment, organization, and subnet-name during the install.
662661 Default value of global: system npu ip-reassembly:max-timeout NPU setting in ADOM 6.0 for FortiGate-1800F should be changed to 10000 to avoid Conflict status.

663820

The LDAP port value remains 636 on device database and FortiManager is not accepting custom port number via CLI script.

Services

Bug ID Description
591748 Hide or show license expired devices may not work.
671387 FortiManager installs the latest IPS and application control signatures on managed device despite the To Be Deployed Version is configured.

System Settings

Bug ID

Description

489837 Certificate request CRS does not include the SAN DNS.

489837

Certificate request CRS does not include the SAN DNS.

623457 FortiManager prompts error while importing CA certificate.
631733 Changing trusted IP can be saved and installed.
642205 While FortiAnalyzer model is disabled, FortiManager may fail to create an ADOM due to over size with disk quota.
652417 FortiManager HA may go out of synchronization periodically based on the logs.
660130 ADOM upgrade may fail caused by invalid setting of ssl-exempt.
662970 Firewall addresses may not be not visible on GUI after upgraded FortiManager.
667445 FortiManager may show errors on dynamic_mapping.local-int during upgrade.
677118 Upgrading ADOM from 6.2 to 6.4 may fail due to replacement message.

VPN Manager

Bug ID Description
596953 When the user goes to VPN manager > Monitor, and selects a specific community from the tree menu to show only that community's tunnels, the monitor page displays a white screen.
608221 There is no XAUTH USER column in VPN Manager Monitor.
653328 FortiManager is unable to edit a SSL portal in VPN Manager containing "/" special character.
658221 The dns-suffix on SSL VPN portal is not installed if web-mode is disabled.