Fortinet black logo

Resolved Issues

Resolved Issues

The following issues have been fixed in 6.4.4. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

593168

DFS channel list in WiFi template is inconsistent between FortiManager and FortiGate.

667215 FortiManager should be able to classify Rogue FortiAPs.
669906 FortiManager may not be able to install mpsk-key from AP Manager.

679115

No available interface can be selected when authorizing FortiExtender.

Device Manager

Bug ID

Description

604855 CLI Template should not prevent the lan interface from being deleted once all the dependencies have been removed.
609744 Device Manager > System > Interface may not be able to delete SSID interface.
627664 FortiManager cannot cooperate with socket-size 0 and changes it to 1 automatically.
636012 Importing a policy may report a conflict for the default SSH CA certificates.
643845 After auto link, FortiGate HA cluster members have the same hostname.
645086 Policy look-up shows an error even though the device is in sync.
646421 FortiManager may not be able to configure VDOM property resources setting.
649785 SD-WAN > Monitor may hang for an ADOM with 1500 devices.
649821 Installation may fail for FortiGate-600D.
654190 FortiManager should not modify IPv4 addressing mode when IPv6 addressing mode is changed.
655264 VDOM count is not correct when vdom-mode split-vdom is configured on FortiGate with VM0xV license.
656433 FortiManager device delete process may hang.
657988 FortiManager may lose connection and fail to install after FortiGate HA switches rolls.
662243 FortiManager is unable to clone SNMP Community under System Templates.
662656 When importing polices that contain policy block or global policy, the import wizard should give a warning that those polices will not be imported.
664253 The auto-join-forticloud configuration may cause out-of-sync status.
665344 A user with full read/write DVM privileges should be allowed to see and modify the System Provisioning Templates.
666833 GUI returns no warning when 4-byte AS or invalid community is being configured on Standard community.
667826 Device Manager may display No entry found and rtmmond and security console crashes.
669129 FortiManager does not create dynamic mapping for address group causing an import failure.
669155 SD-WAN monitor stuck at loading when admin profile is set to Read-Only for SD-WAN.
669704 FortiManager does not allow the user to configure FortiGate admin password longer than 32 characters.
670839 FortiManager should be able to configure IPSec Phase2 selector using the same IP range.
671348 FortiManager should allow more than ten incoming source interfaces for policy routing decision.
672319 View Config, View Install Log, and Revision Diff in workspace mode should not be greyed out when ADOM is unlocked.
672338 FortiManager may unset interface weight in SD-WAN when installing within 6.0 ADOM.
673008 SD-WAN Rules order changes to the default when creating a rule and moving it to the top.
673641 When creating a policy, all the vwpare names are display and not only the names from the installation target.
674282 FortiManager sends unset entry-id if FortiGate implements NAC access-mode at FortiSwitch switchport level.
674938 FortiManager should add support for set use-shortcut-sla option in SD-WAN rules.
677241 Interface speed is incorrectly set on port group due to missing aggregate membership verification.
678066 Install may fail when changing FortiGate admin password from FortiManager.

FortiSwitch Manager

Bug ID

Description

650453 FortiSwitch template and VLAN shall appear for firewall policy creation.

678804

FortiSwitch template is not working properly in switchport NAC access-mode.

Global ADOM

Bug ID

Description

632400 When installing a global policy, FortiManager may delete policy routes and settings on an ADOM.
667423 Assigned header policy from the global ADOM shows up on excluded policy package.

670280

Promoting the Profile Group object should not promote the default Protocol option.

Others

Bug ID

Description

649399 After upgrade, install may failed if a FortiGate was assigned to a system template.
659916 FortiManager may consume high memory usage by the svc sys daemon.
661069 ADOM restricted access user is able to pull Device Manager information from ADOMs via JSON API.
665617 FortiManager may consume high CPU resource when locking ADOM or loading policy.
670479 FortiManager configuration file size may be large due to a bulk of resync files.
673210 When checking unused policy, implicit policy information is not included.

Policy and Objects

Bug I D

Description

494367 Users cannot search address in policy where the address is a part of a nested group.
523350 FortiManager does not show the default certificate under SSL/SSH Inspection within policy.
547052 FortiManager GUI should not allow creating Security Profiles without any SSL/SSH Inspection Profile defined.
565301 Exporting policy package to Excel may not work.
587634 FortiManager may not be able to create new wildcard FQDN type address to FortiGate 6.2.
601229 FortiManager is missing device-type option for custom device dynamic mapping.
608268 Users may not be able to edit firewall policy due to session-ttl:out of range in v5.6 or v6.0 ADOM.
612317 FortiManager shows incorrect country code for Cyprus under User definition.
615936 FortiManager is missing the SSH protocol in DLP filter.
633727 FortiManager is unable to display summary of policy package diff for VDOM with a long name.
647189 FortiManager dynamic object filter generator is adding a "s" at the end of tag resulting in non- working object.
651991 After adding and removing Security Profile, the policy Security Profile changes from no-inspection to empty.
657026 The GUI hangs in loading when trying to apply changes made to Anti Virus profile.
658528 The URL remote category, FortiGuard Threat Feed, is not available in the drop down menu for Proxy Address.
660804 Kubernetes SDN connector may show less options than on FortiGate.
661590 Without selecting security profile group on proxy policy, FortiManager should fail the install with a proper error message.
666913 Web URL Filter is deleted when URL Filter option is unchecked under the Web Filter Profile.
667414 FortiManager may freeze when editing the comment field on a policy package with many policies.
668649 Install may hang at 75% when no VLAN interface is configured for fsp managed-switch.
669389 Install may fail due to web filter profile in flow mode with setting changes available in proxy mode only.
670019 There is no Decrypted Traffic Mirror option in a policy when only one port mapping is enabled in Full SSL/SSH Inspection.
670833 Search box for address may not always work.
671265 Global object assignment may not work.
671693 Internet Service Group should give an error or a warning when the direction setting is not the same.
671985 Decrypted Traffic Mirror setting is not being removed from policy after changing the SSL Inspection method.
671988 FortiManager is not able to push dynamic objects to FortiGate after receiving the configurations from NSXT connector.
673305 Policy package install may stall and fail due to high memory usage.
673311 Full SSL/SSH Inspection profile's Invalid SSL Certificates setting is not taking effect when Inspect All Ports is selected.
674899 FortiManager may not be able to edit proxy addresses objects.

675199

Local web category override is not installed if web filter is part of policy block package.

675501 Policy check may show negative values.
675541 Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile.
675587 Firewall VIP hover-over popup should not show ports when port forwarding is disabled.
678439 FortiManager may always configure empty application parameter values.
680750 IPS Profile is not able to set to action "Monitor" in the signature filter.
681342 Devices are evicted from Installation target after authorizing a new device.

682370

Having changed an IPS profile on the security profile, the change is not visible when editing the policy again.

Revision History

Bug I D

Description

492088

FortiManager attempts to change Chassis ID on FortiGate 7000 series when installing configuration.

579286 Installation may fail for FortiGate 6.2 within ADOM 6.0 due to configuration changes with virtual-wan-link member weight and volume-ratio, and internet-service-ctrl.
637465 Installation fails when installing global v6.2 IPv4 policy to v6.4 FortiGate.
642075 Install may fail with delete metadata-server error.
660525 When installing from FortiManager, it may unset comment, organization, and subnet-name during install.
662438 FortiManager may try to purge all web rating override entries.
662661 Default value of global: system npu ip-reassembly:max-timeout NPU setting in ADOM 6.0 for FortiGate-1800F should be changed to 10000 to avoid Conflict status.
667148 When a policy install is performed, Install preview shows a lot of firewall policies with metafield changes without any actual changes been done.
673327 With traffic shaper in Mbps or Gbps, FortiManager should convert it to Kbps if installation target is non 64 bits FortiGate model.

Script

Bug ID Description
663820 The LDAP port value remains 636 on device database and FortiManager is not accepting custom port number via CLI script.

Services

Bug ID

Description

591748 Hide or show license expired devices may not work.
671387 FortiManager installs the latest IPS and application control signatures on managed device despite the To Be Deployed Version is configured.
673307 FortiManager may return invalid license to FortiMail and cause AntiSpam license to expire.
674511 FortiManager should counts FMGC expired device number.

System Settings

Bug ID

Description

553488 TACACS is unable to assign multiple ADOMs to admins.
623457 FortiManager prompts an error while importing CA certificate.
631733 Changes to trusted IP are not saved and installed.
642205 While FortiAnalyzer model is disabled, FortiManager may fail to create an ADOM due to over size with disk quota.
654370 Users may not be able to access Java console with an error message: "Too many concurrent connections."
660226 HA may crash when upgrading.

662970

Firewall addresses may not be not visible in the GUI after upgrading FortiManager.

667445 FortiManager may show errors on "dynamic_mapping.local-int" during upgrade.

674661

After upgrade, FortiGate VDOM that contains a FortiToken user cannot be managed anymore, and policy install generates an error.

677118 Upgrading ADOM from 6.2 to 6.4 may fail due to replacement message.
677461 FortiManager is not able to identify ADOMs that are locked by none super user administrators.

VPN Manager

Bug ID Description
596953 Go to VPN manager > Monitor. Select a specific community from the tree menu to show only that community's tunnels, the monitor page displays a white screen.
608221 There is no XAUTH USER column in VPN Manager Monitor.
620801 SSLVPN > Edit SSLVPN Settings > IP Range, only shows configuration from ADOM database objects.
647394 VPN Manager with VPN zone feature disabled may trigger policy copy failure.
653328 FortiManager is unable to edit a SSL portal in VPN Manager containing "/" special character.
658221 The dns-suffix on SSL VPN portal is not installed if web-mode is disabled.

Resolved Issues

The following issues have been fixed in 6.4.4. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

593168

DFS channel list in WiFi template is inconsistent between FortiManager and FortiGate.

667215 FortiManager should be able to classify Rogue FortiAPs.
669906 FortiManager may not be able to install mpsk-key from AP Manager.

679115

No available interface can be selected when authorizing FortiExtender.

Device Manager

Bug ID

Description

604855 CLI Template should not prevent the lan interface from being deleted once all the dependencies have been removed.
609744 Device Manager > System > Interface may not be able to delete SSID interface.
627664 FortiManager cannot cooperate with socket-size 0 and changes it to 1 automatically.
636012 Importing a policy may report a conflict for the default SSH CA certificates.
643845 After auto link, FortiGate HA cluster members have the same hostname.
645086 Policy look-up shows an error even though the device is in sync.
646421 FortiManager may not be able to configure VDOM property resources setting.
649785 SD-WAN > Monitor may hang for an ADOM with 1500 devices.
649821 Installation may fail for FortiGate-600D.
654190 FortiManager should not modify IPv4 addressing mode when IPv6 addressing mode is changed.
655264 VDOM count is not correct when vdom-mode split-vdom is configured on FortiGate with VM0xV license.
656433 FortiManager device delete process may hang.
657988 FortiManager may lose connection and fail to install after FortiGate HA switches rolls.
662243 FortiManager is unable to clone SNMP Community under System Templates.
662656 When importing polices that contain policy block or global policy, the import wizard should give a warning that those polices will not be imported.
664253 The auto-join-forticloud configuration may cause out-of-sync status.
665344 A user with full read/write DVM privileges should be allowed to see and modify the System Provisioning Templates.
666833 GUI returns no warning when 4-byte AS or invalid community is being configured on Standard community.
667826 Device Manager may display No entry found and rtmmond and security console crashes.
669129 FortiManager does not create dynamic mapping for address group causing an import failure.
669155 SD-WAN monitor stuck at loading when admin profile is set to Read-Only for SD-WAN.
669704 FortiManager does not allow the user to configure FortiGate admin password longer than 32 characters.
670839 FortiManager should be able to configure IPSec Phase2 selector using the same IP range.
671348 FortiManager should allow more than ten incoming source interfaces for policy routing decision.
672319 View Config, View Install Log, and Revision Diff in workspace mode should not be greyed out when ADOM is unlocked.
672338 FortiManager may unset interface weight in SD-WAN when installing within 6.0 ADOM.
673008 SD-WAN Rules order changes to the default when creating a rule and moving it to the top.
673641 When creating a policy, all the vwpare names are display and not only the names from the installation target.
674282 FortiManager sends unset entry-id if FortiGate implements NAC access-mode at FortiSwitch switchport level.
674938 FortiManager should add support for set use-shortcut-sla option in SD-WAN rules.
677241 Interface speed is incorrectly set on port group due to missing aggregate membership verification.
678066 Install may fail when changing FortiGate admin password from FortiManager.

FortiSwitch Manager

Bug ID

Description

650453 FortiSwitch template and VLAN shall appear for firewall policy creation.

678804

FortiSwitch template is not working properly in switchport NAC access-mode.

Global ADOM

Bug ID

Description

632400 When installing a global policy, FortiManager may delete policy routes and settings on an ADOM.
667423 Assigned header policy from the global ADOM shows up on excluded policy package.

670280

Promoting the Profile Group object should not promote the default Protocol option.

Others

Bug ID

Description

649399 After upgrade, install may failed if a FortiGate was assigned to a system template.
659916 FortiManager may consume high memory usage by the svc sys daemon.
661069 ADOM restricted access user is able to pull Device Manager information from ADOMs via JSON API.
665617 FortiManager may consume high CPU resource when locking ADOM or loading policy.
670479 FortiManager configuration file size may be large due to a bulk of resync files.
673210 When checking unused policy, implicit policy information is not included.

Policy and Objects

Bug I D

Description

494367 Users cannot search address in policy where the address is a part of a nested group.
523350 FortiManager does not show the default certificate under SSL/SSH Inspection within policy.
547052 FortiManager GUI should not allow creating Security Profiles without any SSL/SSH Inspection Profile defined.
565301 Exporting policy package to Excel may not work.
587634 FortiManager may not be able to create new wildcard FQDN type address to FortiGate 6.2.
601229 FortiManager is missing device-type option for custom device dynamic mapping.
608268 Users may not be able to edit firewall policy due to session-ttl:out of range in v5.6 or v6.0 ADOM.
612317 FortiManager shows incorrect country code for Cyprus under User definition.
615936 FortiManager is missing the SSH protocol in DLP filter.
633727 FortiManager is unable to display summary of policy package diff for VDOM with a long name.
647189 FortiManager dynamic object filter generator is adding a "s" at the end of tag resulting in non- working object.
651991 After adding and removing Security Profile, the policy Security Profile changes from no-inspection to empty.
657026 The GUI hangs in loading when trying to apply changes made to Anti Virus profile.
658528 The URL remote category, FortiGuard Threat Feed, is not available in the drop down menu for Proxy Address.
660804 Kubernetes SDN connector may show less options than on FortiGate.
661590 Without selecting security profile group on proxy policy, FortiManager should fail the install with a proper error message.
666913 Web URL Filter is deleted when URL Filter option is unchecked under the Web Filter Profile.
667414 FortiManager may freeze when editing the comment field on a policy package with many policies.
668649 Install may hang at 75% when no VLAN interface is configured for fsp managed-switch.
669389 Install may fail due to web filter profile in flow mode with setting changes available in proxy mode only.
670019 There is no Decrypted Traffic Mirror option in a policy when only one port mapping is enabled in Full SSL/SSH Inspection.
670833 Search box for address may not always work.
671265 Global object assignment may not work.
671693 Internet Service Group should give an error or a warning when the direction setting is not the same.
671985 Decrypted Traffic Mirror setting is not being removed from policy after changing the SSL Inspection method.
671988 FortiManager is not able to push dynamic objects to FortiGate after receiving the configurations from NSXT connector.
673305 Policy package install may stall and fail due to high memory usage.
673311 Full SSL/SSH Inspection profile's Invalid SSL Certificates setting is not taking effect when Inspect All Ports is selected.
674899 FortiManager may not be able to edit proxy addresses objects.

675199

Local web category override is not installed if web filter is part of policy block package.

675501 Policy check may show negative values.
675541 Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile.
675587 Firewall VIP hover-over popup should not show ports when port forwarding is disabled.
678439 FortiManager may always configure empty application parameter values.
680750 IPS Profile is not able to set to action "Monitor" in the signature filter.
681342 Devices are evicted from Installation target after authorizing a new device.

682370

Having changed an IPS profile on the security profile, the change is not visible when editing the policy again.

Revision History

Bug I D

Description

492088

FortiManager attempts to change Chassis ID on FortiGate 7000 series when installing configuration.

579286 Installation may fail for FortiGate 6.2 within ADOM 6.0 due to configuration changes with virtual-wan-link member weight and volume-ratio, and internet-service-ctrl.
637465 Installation fails when installing global v6.2 IPv4 policy to v6.4 FortiGate.
642075 Install may fail with delete metadata-server error.
660525 When installing from FortiManager, it may unset comment, organization, and subnet-name during install.
662438 FortiManager may try to purge all web rating override entries.
662661 Default value of global: system npu ip-reassembly:max-timeout NPU setting in ADOM 6.0 for FortiGate-1800F should be changed to 10000 to avoid Conflict status.
667148 When a policy install is performed, Install preview shows a lot of firewall policies with metafield changes without any actual changes been done.
673327 With traffic shaper in Mbps or Gbps, FortiManager should convert it to Kbps if installation target is non 64 bits FortiGate model.

Script

Bug ID Description
663820 The LDAP port value remains 636 on device database and FortiManager is not accepting custom port number via CLI script.

Services

Bug ID

Description

591748 Hide or show license expired devices may not work.
671387 FortiManager installs the latest IPS and application control signatures on managed device despite the To Be Deployed Version is configured.
673307 FortiManager may return invalid license to FortiMail and cause AntiSpam license to expire.
674511 FortiManager should counts FMGC expired device number.

System Settings

Bug ID

Description

553488 TACACS is unable to assign multiple ADOMs to admins.
623457 FortiManager prompts an error while importing CA certificate.
631733 Changes to trusted IP are not saved and installed.
642205 While FortiAnalyzer model is disabled, FortiManager may fail to create an ADOM due to over size with disk quota.
654370 Users may not be able to access Java console with an error message: "Too many concurrent connections."
660226 HA may crash when upgrading.

662970

Firewall addresses may not be not visible in the GUI after upgrading FortiManager.

667445 FortiManager may show errors on "dynamic_mapping.local-int" during upgrade.

674661

After upgrade, FortiGate VDOM that contains a FortiToken user cannot be managed anymore, and policy install generates an error.

677118 Upgrading ADOM from 6.2 to 6.4 may fail due to replacement message.
677461 FortiManager is not able to identify ADOMs that are locked by none super user administrators.

VPN Manager

Bug ID Description
596953 Go to VPN manager > Monitor. Select a specific community from the tree menu to show only that community's tunnels, the monitor page displays a white screen.
608221 There is no XAUTH USER column in VPN Manager Monitor.
620801 SSLVPN > Edit SSLVPN Settings > IP Range, only shows configuration from ADOM database objects.
647394 VPN Manager with VPN zone feature disabled may trigger policy copy failure.
653328 FortiManager is unable to edit a SSL portal in VPN Manager containing "/" special character.
658221 The dns-suffix on SSL VPN portal is not installed if web-mode is disabled.