Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in 6.4.4. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
633171 There may be DFS Channel mismatch between FortiManager and FortiGate for FAP-223E.
648812 DHCP server is incorrectly created for Bridge SSID.

674636

SSID may be empty in AP Manager> WiFi Profiles> SSID column.

Device Manager

Bug ID Description
485037 Monitor > Map View may fail if proxy is enabled.
575215 When creating an new interface for a VDOM, FortiManager may list interfaces that may belong to another ADOM.
596711 FortiManager CLI Configuration shows incorrect default wildcard value for router access-list.
598431 Install wizard may show a blank area when scrolling down the wizard to select device(s).
604125 FortiManager may not be able to edit VDOM link interface from VDOM level.
610568 FortiManager may not follow the order in CLI Script template.
615044 Configuration status may be shown modified after added FortiGate to FortiManager.
630316 After auto-conf IPv6 address is changed on FortiGate, the address is not updated into device database.
636357 Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error.
636638 Fabric view may stuck at loading.
640907 FortiManager is unable to configure FortiSwitch port mirroring.
651560 SD-WAN monitor may stuck loading when admin user belongs to device group.
652052 FortiManager may fail to add another FortiManager in Fabric ADOM.
659387 FortiManager should be able to provision CLI-template, SD-WAN-template, and Policy Package together to the model device.
659981 FortiManager should be able to identify and show default SSL-SSH profile as ready only profiles.
660491 Device Manager system interface should not allow duplicated secondary IP address.
665207 FortiManager needs IPv6 support on Syslog server setting.
665955 FortiManager is not reflecting proper admintimeout value in CLI only object.
666872 BGP Neighbors table does not have height limit and vertical scroll bar.
667738 GUI should generate error message when using invalid IP address or special characters in interface name.
670535 Install fails when creating a new DHCP reservation due to missing MAC address.
670577 When creating an API admin from CLI Configuration, trusted host section is missing.
674123 SD-WAN template > SD-WAN Rules options for Load Balance Mode do not match those on FortiOS.
674904 FortiManager may not be able to import policy with interface binding contradiction on srcintf error.
680516 Host Name is truncated when name has more than 31 characters.

684955

Customized system dashboard may disappear after a while.

FortiSwitch Manager

Bug ID

Description

667703 After FortiSwitch is added, running a script to provision may fail.
674539 FortiManager may fail to upgrade two FortiSwitch devices at the same time.

Global ADOM

Bug ID

Description

667197 User should not be able to delete global object when ADOM is not locked.

Others

Bug ID Description
605560 Flag is_model and linked_to_model are not working for add model device with JSON API.
678322 Rebuilding the database may never start when FortiAnalyzer mode is enabled.
681707 The diagnose cdb upgrade check +all command may unset defmap-intf.

Policy & Objects

Bug ID

Description

580880 FortiManager is unable to see dynamic mapping for Local Certificate if workflow session is created.
585177 FortiManager is unable to create VIPv6 virtual server objects.
601696 FortiManager may add unexpected IPv6 address to IPv6 address field when deleting ::/0.
608535 NAT option is missing from Central NAT policy package.
615624 Firewall policy and proxy policy cannot select IP type external resource as address.
617894 FortiManager is missing IPV6 none values after modifying policy.
623100 FortiManager is constantly changing UUID for firewall address object.
630431 Some application and filter overrides are not displayed on GUI.
631158 FortiManager is unable to import firewall objects of fsso fortiems-cloud user due to Server cannot be empty.
652753 When an obsolete internet service is selected, FortiManager may show entries IDs instead of names.
655601 FortiManager may be slow to add or remove a URL entry on web filter with a large list.
656991 FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address.
659296 FortiManager may take a lot of time to update web filter URL filter list.
660483 IPS signatures may not match between FortiGate and FortiManager.
663109 FortiManager should not allow a user to select a profile group in a flow-based policy that uses a proxy-based feature.
666258 User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop.
670061 FortiManager does not report error when an unsupported FQDN address format is created.
675509 FortiManager may randomly set IPv4 IP Pool object to overload.
677528 Address object search may not display the address group which contains the searched object within the group.
679282 Editing a global object in an ADOM is not possible and generates an error, undefined is not iterable.
682356 FortiManager may not be able to map normalized interface.
684081 Policy Check and Find Unused Policies may not work for FortiGate in Policy-Based mode.

Revision History

Bug ID Description
606737 User may not be able to install policy package due to change with external interface with VIP settings.
618305 FortiManager changes configuration system csf settings.
623159 Zone validation in re-Install Policy is not saving the user choice and deleting all related policies.
635957 Install fails for subnet overlap IP between two interfaces.
664284 FortiManager may not be able to configure SSH certificate.
672609 After import, FortiManager may prompt password error on administrator during install.
674094 FortiManager may unset explicit proxy's HTTPS and PAC ports and change the value to 0 instead.
675867 The ssl-anomaly-log configuration may be incorrectly pushed by FortiManager when installing 5.6 ADOM policy to 6.0 FortiGate.
679139 When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios.

Script

Bug ID

Description

613575 After script is run directly on CLI, FortiManager may fail to reload configuration.
668876 Using CLI script to create SD-WAN with auto-numbering, edit 0, may not work.
668947 Changes using CLI Script may not be applied to devices in the container or folder.

Services

Bug ID Description
567664 HA secondary device does not update FortiMeter license.

System Settings

Bug ID Description
517964 FortiManager may create an incorrect certificate and it cannot be deleted.
579964 FMGVM64-Cloud needs to provide GUI support for ADOM upgrade in system information dashboard.
598194 FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication.
614127 FortiManager should show details in the fnbamd debug if login fails due to trusted hosts.
625683 Changes made by ADOM upgrade may not update Last Modified date/time and user admin.
635181 FortiManager is unable to delete mail server with error message used displayed.
652417 FortiManager HA may go out of synchronization periodically based on the logs.
660130 ADOM upgrade may fail caused by invalid setting of ssl-exempt.
670497 After upgraded FortiManager, it may delete syslog configuration.

VPN Manager

Bug ID Description
681110 VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate.

685704

After upgrading FortiManager, installing to any device participating in the full mesh VPN may fail with copy error fetch device/vdom list failed.

Known Issues

The following issues have been identified in 6.4.4. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
633171 There may be DFS Channel mismatch between FortiManager and FortiGate for FAP-223E.
648812 DHCP server is incorrectly created for Bridge SSID.

674636

SSID may be empty in AP Manager> WiFi Profiles> SSID column.

Device Manager

Bug ID Description
485037 Monitor > Map View may fail if proxy is enabled.
575215 When creating an new interface for a VDOM, FortiManager may list interfaces that may belong to another ADOM.
596711 FortiManager CLI Configuration shows incorrect default wildcard value for router access-list.
598431 Install wizard may show a blank area when scrolling down the wizard to select device(s).
604125 FortiManager may not be able to edit VDOM link interface from VDOM level.
610568 FortiManager may not follow the order in CLI Script template.
615044 Configuration status may be shown modified after added FortiGate to FortiManager.
630316 After auto-conf IPv6 address is changed on FortiGate, the address is not updated into device database.
636357 Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error.
636638 Fabric view may stuck at loading.
640907 FortiManager is unable to configure FortiSwitch port mirroring.
651560 SD-WAN monitor may stuck loading when admin user belongs to device group.
652052 FortiManager may fail to add another FortiManager in Fabric ADOM.
659387 FortiManager should be able to provision CLI-template, SD-WAN-template, and Policy Package together to the model device.
659981 FortiManager should be able to identify and show default SSL-SSH profile as ready only profiles.
660491 Device Manager system interface should not allow duplicated secondary IP address.
665207 FortiManager needs IPv6 support on Syslog server setting.
665955 FortiManager is not reflecting proper admintimeout value in CLI only object.
666872 BGP Neighbors table does not have height limit and vertical scroll bar.
667738 GUI should generate error message when using invalid IP address or special characters in interface name.
670535 Install fails when creating a new DHCP reservation due to missing MAC address.
670577 When creating an API admin from CLI Configuration, trusted host section is missing.
674123 SD-WAN template > SD-WAN Rules options for Load Balance Mode do not match those on FortiOS.
674904 FortiManager may not be able to import policy with interface binding contradiction on srcintf error.
680516 Host Name is truncated when name has more than 31 characters.

684955

Customized system dashboard may disappear after a while.

FortiSwitch Manager

Bug ID

Description

667703 After FortiSwitch is added, running a script to provision may fail.
674539 FortiManager may fail to upgrade two FortiSwitch devices at the same time.

Global ADOM

Bug ID

Description

667197 User should not be able to delete global object when ADOM is not locked.

Others

Bug ID Description
605560 Flag is_model and linked_to_model are not working for add model device with JSON API.
678322 Rebuilding the database may never start when FortiAnalyzer mode is enabled.
681707 The diagnose cdb upgrade check +all command may unset defmap-intf.

Policy & Objects

Bug ID

Description

580880 FortiManager is unable to see dynamic mapping for Local Certificate if workflow session is created.
585177 FortiManager is unable to create VIPv6 virtual server objects.
601696 FortiManager may add unexpected IPv6 address to IPv6 address field when deleting ::/0.
608535 NAT option is missing from Central NAT policy package.
615624 Firewall policy and proxy policy cannot select IP type external resource as address.
617894 FortiManager is missing IPV6 none values after modifying policy.
623100 FortiManager is constantly changing UUID for firewall address object.
630431 Some application and filter overrides are not displayed on GUI.
631158 FortiManager is unable to import firewall objects of fsso fortiems-cloud user due to Server cannot be empty.
652753 When an obsolete internet service is selected, FortiManager may show entries IDs instead of names.
655601 FortiManager may be slow to add or remove a URL entry on web filter with a large list.
656991 FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address.
659296 FortiManager may take a lot of time to update web filter URL filter list.
660483 IPS signatures may not match between FortiGate and FortiManager.
663109 FortiManager should not allow a user to select a profile group in a flow-based policy that uses a proxy-based feature.
666258 User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop.
670061 FortiManager does not report error when an unsupported FQDN address format is created.
675509 FortiManager may randomly set IPv4 IP Pool object to overload.
677528 Address object search may not display the address group which contains the searched object within the group.
679282 Editing a global object in an ADOM is not possible and generates an error, undefined is not iterable.
682356 FortiManager may not be able to map normalized interface.
684081 Policy Check and Find Unused Policies may not work for FortiGate in Policy-Based mode.

Revision History

Bug ID Description
606737 User may not be able to install policy package due to change with external interface with VIP settings.
618305 FortiManager changes configuration system csf settings.
623159 Zone validation in re-Install Policy is not saving the user choice and deleting all related policies.
635957 Install fails for subnet overlap IP between two interfaces.
664284 FortiManager may not be able to configure SSH certificate.
672609 After import, FortiManager may prompt password error on administrator during install.
674094 FortiManager may unset explicit proxy's HTTPS and PAC ports and change the value to 0 instead.
675867 The ssl-anomaly-log configuration may be incorrectly pushed by FortiManager when installing 5.6 ADOM policy to 6.0 FortiGate.
679139 When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios.

Script

Bug ID

Description

613575 After script is run directly on CLI, FortiManager may fail to reload configuration.
668876 Using CLI script to create SD-WAN with auto-numbering, edit 0, may not work.
668947 Changes using CLI Script may not be applied to devices in the container or folder.

Services

Bug ID Description
567664 HA secondary device does not update FortiMeter license.

System Settings

Bug ID Description
517964 FortiManager may create an incorrect certificate and it cannot be deleted.
579964 FMGVM64-Cloud needs to provide GUI support for ADOM upgrade in system information dashboard.
598194 FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication.
614127 FortiManager should show details in the fnbamd debug if login fails due to trusted hosts.
625683 Changes made by ADOM upgrade may not update Last Modified date/time and user admin.
635181 FortiManager is unable to delete mail server with error message used displayed.
652417 FortiManager HA may go out of synchronization periodically based on the logs.
660130 ADOM upgrade may fail caused by invalid setting of ssl-exempt.
670497 After upgraded FortiManager, it may delete syslog configuration.

VPN Manager

Bug ID Description
681110 VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate.

685704

After upgrading FortiManager, installing to any device participating in the full mesh VPN may fail with copy error fetch device/vdom list failed.