Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in 6.4.5. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
633171 There may be DFS Channel mismatch between FortiManager and FortiGate for FAP-223E.
648812 DHCP server is incorrectly created for Bridge SSID.
674636 SSID may be empty on AP Manager > WiFi Profiles > SSID column.

Device Manager

Bug ID

Description

485037 Monitor > Map view may fail if proxy is enabled.
545239 After adding FortiAnalyzer fabric ADOM to FortiManager, Device Manager's log status, Log Rate, or Device Astore column cannot get data from FortiAnalyzer.
554241 FortiManager cannot delete and reassign ports to VDOM when split VDOM is enabled.
563690 Device Manager fails to add FortiAnalyzer which contains a FortiGate HA device with error: Serial number does not match database.
575215 When creating an new interface for a VDOM, FortiManager may list interfaces that may belong to another ADOM.
596711 FortiManager CLI Configuration shows incorrect default wildcard value for router access-list.
598431 Install wizard may show a blank area when scrolling down the wizard to select device(s).
604125 FortiManager may not be able to edit VDOM link interface from VDOM level.
610568 FortiManager may not follow the order in CLI Script template.
615044 Configuration status may be shown as modified after adding FortiGate to FortiManager.
624325 Creating or editing transparent VDOM to disable may get stuck at 20%.
630316 After auto-conf IPv6 address is changed on FortiGate, the address is not updated in the device database.
636357 Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error.
636638 Fabric view may get stuck at loading.
640907 FortiManager is unable to configure FortiSwitch port mirroring.
651560 SD-WAN monitor may get stuck loading when an admin user belongs to a device group.
652052 FortiManager may fail to add another FortiManager in Fabric ADOM.
659981 FortiManager should be able to identify and show default SSL-SSH profile as read-only profiles.
660491 Device Manager system interface should not allow duplicated secondary IP address.
665207 FortiManager needs IPv6 support on Syslog server setting.
665955 FortiManager is not reflecting proper admin timeout value in CLI only object.
666872 BGP Neighbors table does not have height limit and vertical scrollbar.
667738 GUI should generate error message when using invalid IP address or special characters in interface name.
670535 Install fails when creating a new DHCP reservation due to missing MAC address.
670577 When creating an API admin from CLI Configuration, trusted host section is missing.
673548 FortiManager may not be able to make any changes to the FortiGate interface settings when the interface type is Software Switch.
674123 SD-WAN template > SD-WAN Rules options for Load Balance Mode do not match those on FortiOS.
674904 FortiManager may not be able to import policy with interface binding contradiction on srcintf error.
676002 FortiManager is not re-installing a policy when the user selects all devices with VDOMs from Device Manager.
678495 FortiManager VPN L2TP may prompt invalid ip range.
680516 Host Name is truncated when name has more than 31 characters.
681627 FortiManager is accepting DNS source IP even though it is not part of the available interfaces.

683411

FortiManager may not display a FortiGate under the Device Manager > Managed Devices.

684372 When using VDOMs, Policy Package status remains in modified status after using Push to device.
684462 FortiManager truncates the device configuration when downloading from View configuration option.
689014 FortiManager may return an error when changing FortiGate device log configuration from FortiManager with management VDOM is moved to another VDOM.
689721 When changing FortiGuard related settings via CLI Configuration, FortiManager shows changes are reverted back but it also show the message: Successfully updated.
690493 License check setting may not be saved.
690566 Changed to the Disclaimer Page may not be saved with error.
690608 Duplicate entries for FortiExtenders may exist with same serial number.
692669 Browser may display a message, A webpage is slowing down your browser, while checking revision difference.

FortiSwitch Manager

Bug ID Description
667703 After adding FortiSwitch, running a script to provision may fail.
674539 FortiManager may fail to upgrade two FortiSwitch devices at the same time.

676739

FortiManager may not be able to delete VLAN interfaces created by FortiSwitch Manager.

690995

FortiSwitch Manager should not install the auto-detected setting to FortiGate.

Global ADOM

Bug ID

Description

662216 In Global ADOMs the Where Used tool may not show object usage in ADOM.
667197 User should not be able to delete global object when ADOM is not locked.
680798 FortiManager may return error, Could not read zone validation results, when assigning global ADOM changes with Automatically Install Policies to ADOM Devices.
689965 Replacement message type UTM is not being pushed from global ADOM to local ADOM.
691562 Threat feeds global objects are not installed to destination ADOM when using the Assign All object option.
693510 Display Options for Object Config will reset to default after sometimes.

Others

Bug ID Description

510508

FortiManager cannot assign multiple ADOMs to an admin user via JSON API.

605560 Flag is_model and linked_to_model are not working when adding model device with JSON API.
667442 FortiManager may not be able to connect to FortiGate CLI via SSH widget or execute TCL scripts.
678322 Rebuilding database may never start when FortiAnalyzer mode is enabled.
680806 GUI access for multiple administrators may hang when upgrading multiple FortiGate devices.
681625 The svc cdb reader process may crash during ADOM upgrade.
681707 The diagnose cdb upgrade check +al659981 command may unset defmap-intf.
683841 FortiManager databases may randomly lose integrity.
686460 ADOM integrity check may run slowly and it takes several minutes to response for each ADOM.

Policy & Objects

Bug ID Description
538057 The "OR" button in column filter may not work.
580880 FortiManager is unable to see dynamic mapping for Local Certificate if workflow session is created.
585177 FortiManager is unable to create VIPv6 virtual server objects.
593072 After a non super user deleted a device, "super_user" admin cannot edit zone or interface with the deleted device's dynamic mappings.
601696 FortiManager may add unexpected IPv6 address to IPv6 address field when deleting ::/0.
607628 After deletion, creating another DNS Filter object with the same name and "Domain Filter Subtable" returns a duplicate error.
608535 NAT option is missing from Central NAT policy package.
615624 Firewall policy and proxy policy cannot select IP type external resource as address.
617894 FortiManager is missing IPV6 none values after modifying policy.
623100 FortiManager is constantly changing UUID for firewall address object.
630431 Some application and filter overrides are not displayed in the GUI.
631158 FortiManager is unable to import firewall objects of fsso fortiems-cloud user due to Server cannot be empty.
646329 Policy Check may claim that different IPS profiles as duplicate.
652753 Wen an obsolete internet service is selected, FortiManager may show entry IDs instead of names.
655601 FortiManager may be slow to add or remove a URL entry on web filter with a large list.
656991 FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address.
659296 FortiManager may take a lot of time to update web filter URL filter list.
663109 FortiManager should not allow user to select a profile group in a flow-based policy that uses a proxy-based feature.
666258 User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop.
670061 FortiManager does not report error when an unsupported FQDN address format is created.
675509 FortiManager may randomly set IPv4 IP Pool object to overload.
677528 Address object search may not display the address group which contains the searched object within the group.
679282 Editing a global object in an ADOM is not possible generating error, undefined is not iterable.
681006 Domain Name and FortiGuard Category Threat Feeds are not installed when set as Allow action in security profiles.
681453 Copy fails for address and group from the exempt list of an SSL profile not used in the policy package.
682356 FortiManager may not be able to map normalized interface.
683167 Policy Package single entry change may impact all Policy Package Installation Targets status.
684081 Policy Check and Find Unused Policies may not work for FortiGate in Policy-Based mode.
686902 FortiManager may not be able to configure ipv4-split-exclude attribute via CLI Object.
686911 Workflow session may not be able to compare with error: Cannot compare because of invalid Revision Diff data.
686962 FortiManager is not allowed to rename application control profile.
687460 The same filter may behave differently between source address and destination address.
687784 FortiManager may not be able to add rule with ISDB object when a rule is created with add above or below option.
689589 Internet Services may not match between FortiManager and FortiGate.
690269 Newly imported Cisco ACI connector object does not appear for selection until browser is refreshed.
692114 Where Used returns No Record Found when IPS Custom Signature is being used.
694605 FortiManager may not be able to push the entire Azure SDN Connector configuration.

673554

FortiManager should not allow policy to set destination address with a Virtual Server when inspection-mode is set as "flow".

Revision History

Bug ID

Description

606737 User may not be able to install policy package due to change with external interface with VIP settings.
618305 FortiManager changes configuration system csf settings.
623159 Zone validation in Re-Install Policy is not saving the user choice and deleting all related policies.
635957 Install fails for subnet overlap IP between two interfaces.
664284 FortiManager may not be able to configure SSH certificate.

671481

FortiManager may unset inspection-mode for 6.2 FortiGates in 6.0 ADOM while installation.

672609 After import, FortiManager may prompt password error on administrator during install.
674094 FortiManager may unset explicit proxy's HTTPS and PAC ports and change the value to 0 instead.
675867 The ssl-anomaly-log configuration may be incorrectly pushed by FortiManager when installing 5.6 ADOM policy to 6.0 FortiGate.
679139 When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios.
687769 FortiManager may not be able to set auto-asic-offload to disable.
689270 The following attributes under configs vpn ssl setting may have invalid range: login-attempt-limit, login-block-time, http-request-header-timeout, http-request-body-timeout and router bgp keep-alive-timer.
691835 FortiManager should be able to move one VLAN to a different zone without deleting many rules or zones.
693225 FortiManager may install unset inspection-mode to FortiGate 6.2 device in 6.0 ADOM.
694380 Installation may fail when set whitelist enable in ssl-ssh-profile is pushed to FortiGate 6.2 from a in 6.0 ADOM.

Script

Bug ID Description
613575 After script is run directly on CLI, FortiManager may fail to reload configuration.
668876 Using CLI script to create SD-WAN with auto-numbering, 'edit 0', may not work.
668947 Changes using CLI script may not be applied to devices in the container or folder.
671998 TCL scripts may not work when ssh-kex-sha1 and ssh-mac-weak are not enabled on FortiGate.

Services

Bug ID Description
567664 HA secondary device does not update FortiMeter license.
616703 GUI CLI Console may not response.
617601 Sort by Time Used in task monitor may not be correct.

680857

FortiExtender, FortiAP, or FortiSwitch upgrades can fail due to custom image being deleted during or after a failed upgrade.

System Settings

Bug ID

Description

517964 FortiManager may crate incorrect certificate and it cannot be deleted.
579964 FMGVM64-Cloud needs to provide GUI support for ADOM upgrade in system information dashboard.
598194 FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication.
614127 FortiManager should show details in the fnbamd debug if login fails due to trusted hosts.
625683 Changes made by ADOM upgrade may not update Last Modified date/time and user admin.
635181 FortiManager is unable to delete mail server with error message used displayed.
652417 FortiManager HA may go out of synchronization periodically based on the logs.
660130 Invalid setting of ssl-exempt may cause ADOM upgrade to fail.
670497 After upgrading FortiManager, syslog configuration may be deleted.
684907 Changing of FortiGuard Server Location in License Information Dashboard may not have any effect.
686569 Creating and deleting the static route may remove specific connected route.
687171 Users may not be able to assign devices to the ADOMs to which they have full access.
687223 Users may not be able to upgrade ADOM because of profile-protocol-options.
687968 FortiManager should not change to ipv6-autoconf to disable when management access is changed to the ipv6-autoconf enable state.
688517 Upgrading ADOM may fail due to FortiExtender Object.
695058 Radius response packets should not timeout with less of the remoteauthtimeout setting.

699185

If Management Extension Applications are enabled, all system settings may be lost after upgraded FortiManager.

Workaround: Please disable all Management Extension Applications (MEA) prior to upgrade.

VPN Manager

Bug ID Description
681110 VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate.

Known Issues

The following issues have been identified in 6.4.5. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
633171 There may be DFS Channel mismatch between FortiManager and FortiGate for FAP-223E.
648812 DHCP server is incorrectly created for Bridge SSID.
674636 SSID may be empty on AP Manager > WiFi Profiles > SSID column.

Device Manager

Bug ID

Description

485037 Monitor > Map view may fail if proxy is enabled.
545239 After adding FortiAnalyzer fabric ADOM to FortiManager, Device Manager's log status, Log Rate, or Device Astore column cannot get data from FortiAnalyzer.
554241 FortiManager cannot delete and reassign ports to VDOM when split VDOM is enabled.
563690 Device Manager fails to add FortiAnalyzer which contains a FortiGate HA device with error: Serial number does not match database.
575215 When creating an new interface for a VDOM, FortiManager may list interfaces that may belong to another ADOM.
596711 FortiManager CLI Configuration shows incorrect default wildcard value for router access-list.
598431 Install wizard may show a blank area when scrolling down the wizard to select device(s).
604125 FortiManager may not be able to edit VDOM link interface from VDOM level.
610568 FortiManager may not follow the order in CLI Script template.
615044 Configuration status may be shown as modified after adding FortiGate to FortiManager.
624325 Creating or editing transparent VDOM to disable may get stuck at 20%.
630316 After auto-conf IPv6 address is changed on FortiGate, the address is not updated in the device database.
636357 Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error.
636638 Fabric view may get stuck at loading.
640907 FortiManager is unable to configure FortiSwitch port mirroring.
651560 SD-WAN monitor may get stuck loading when an admin user belongs to a device group.
652052 FortiManager may fail to add another FortiManager in Fabric ADOM.
659981 FortiManager should be able to identify and show default SSL-SSH profile as read-only profiles.
660491 Device Manager system interface should not allow duplicated secondary IP address.
665207 FortiManager needs IPv6 support on Syslog server setting.
665955 FortiManager is not reflecting proper admin timeout value in CLI only object.
666872 BGP Neighbors table does not have height limit and vertical scrollbar.
667738 GUI should generate error message when using invalid IP address or special characters in interface name.
670535 Install fails when creating a new DHCP reservation due to missing MAC address.
670577 When creating an API admin from CLI Configuration, trusted host section is missing.
673548 FortiManager may not be able to make any changes to the FortiGate interface settings when the interface type is Software Switch.
674123 SD-WAN template > SD-WAN Rules options for Load Balance Mode do not match those on FortiOS.
674904 FortiManager may not be able to import policy with interface binding contradiction on srcintf error.
676002 FortiManager is not re-installing a policy when the user selects all devices with VDOMs from Device Manager.
678495 FortiManager VPN L2TP may prompt invalid ip range.
680516 Host Name is truncated when name has more than 31 characters.
681627 FortiManager is accepting DNS source IP even though it is not part of the available interfaces.

683411

FortiManager may not display a FortiGate under the Device Manager > Managed Devices.

684372 When using VDOMs, Policy Package status remains in modified status after using Push to device.
684462 FortiManager truncates the device configuration when downloading from View configuration option.
689014 FortiManager may return an error when changing FortiGate device log configuration from FortiManager with management VDOM is moved to another VDOM.
689721 When changing FortiGuard related settings via CLI Configuration, FortiManager shows changes are reverted back but it also show the message: Successfully updated.
690493 License check setting may not be saved.
690566 Changed to the Disclaimer Page may not be saved with error.
690608 Duplicate entries for FortiExtenders may exist with same serial number.
692669 Browser may display a message, A webpage is slowing down your browser, while checking revision difference.

FortiSwitch Manager

Bug ID Description
667703 After adding FortiSwitch, running a script to provision may fail.
674539 FortiManager may fail to upgrade two FortiSwitch devices at the same time.

676739

FortiManager may not be able to delete VLAN interfaces created by FortiSwitch Manager.

690995

FortiSwitch Manager should not install the auto-detected setting to FortiGate.

Global ADOM

Bug ID

Description

662216 In Global ADOMs the Where Used tool may not show object usage in ADOM.
667197 User should not be able to delete global object when ADOM is not locked.
680798 FortiManager may return error, Could not read zone validation results, when assigning global ADOM changes with Automatically Install Policies to ADOM Devices.
689965 Replacement message type UTM is not being pushed from global ADOM to local ADOM.
691562 Threat feeds global objects are not installed to destination ADOM when using the Assign All object option.
693510 Display Options for Object Config will reset to default after sometimes.

Others

Bug ID Description

510508

FortiManager cannot assign multiple ADOMs to an admin user via JSON API.

605560 Flag is_model and linked_to_model are not working when adding model device with JSON API.
667442 FortiManager may not be able to connect to FortiGate CLI via SSH widget or execute TCL scripts.
678322 Rebuilding database may never start when FortiAnalyzer mode is enabled.
680806 GUI access for multiple administrators may hang when upgrading multiple FortiGate devices.
681625 The svc cdb reader process may crash during ADOM upgrade.
681707 The diagnose cdb upgrade check +al659981 command may unset defmap-intf.
683841 FortiManager databases may randomly lose integrity.
686460 ADOM integrity check may run slowly and it takes several minutes to response for each ADOM.

Policy & Objects

Bug ID Description
538057 The "OR" button in column filter may not work.
580880 FortiManager is unable to see dynamic mapping for Local Certificate if workflow session is created.
585177 FortiManager is unable to create VIPv6 virtual server objects.
593072 After a non super user deleted a device, "super_user" admin cannot edit zone or interface with the deleted device's dynamic mappings.
601696 FortiManager may add unexpected IPv6 address to IPv6 address field when deleting ::/0.
607628 After deletion, creating another DNS Filter object with the same name and "Domain Filter Subtable" returns a duplicate error.
608535 NAT option is missing from Central NAT policy package.
615624 Firewall policy and proxy policy cannot select IP type external resource as address.
617894 FortiManager is missing IPV6 none values after modifying policy.
623100 FortiManager is constantly changing UUID for firewall address object.
630431 Some application and filter overrides are not displayed in the GUI.
631158 FortiManager is unable to import firewall objects of fsso fortiems-cloud user due to Server cannot be empty.
646329 Policy Check may claim that different IPS profiles as duplicate.
652753 Wen an obsolete internet service is selected, FortiManager may show entry IDs instead of names.
655601 FortiManager may be slow to add or remove a URL entry on web filter with a large list.
656991 FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address.
659296 FortiManager may take a lot of time to update web filter URL filter list.
663109 FortiManager should not allow user to select a profile group in a flow-based policy that uses a proxy-based feature.
666258 User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop.
670061 FortiManager does not report error when an unsupported FQDN address format is created.
675509 FortiManager may randomly set IPv4 IP Pool object to overload.
677528 Address object search may not display the address group which contains the searched object within the group.
679282 Editing a global object in an ADOM is not possible generating error, undefined is not iterable.
681006 Domain Name and FortiGuard Category Threat Feeds are not installed when set as Allow action in security profiles.
681453 Copy fails for address and group from the exempt list of an SSL profile not used in the policy package.
682356 FortiManager may not be able to map normalized interface.
683167 Policy Package single entry change may impact all Policy Package Installation Targets status.
684081 Policy Check and Find Unused Policies may not work for FortiGate in Policy-Based mode.
686902 FortiManager may not be able to configure ipv4-split-exclude attribute via CLI Object.
686911 Workflow session may not be able to compare with error: Cannot compare because of invalid Revision Diff data.
686962 FortiManager is not allowed to rename application control profile.
687460 The same filter may behave differently between source address and destination address.
687784 FortiManager may not be able to add rule with ISDB object when a rule is created with add above or below option.
689589 Internet Services may not match between FortiManager and FortiGate.
690269 Newly imported Cisco ACI connector object does not appear for selection until browser is refreshed.
692114 Where Used returns No Record Found when IPS Custom Signature is being used.
694605 FortiManager may not be able to push the entire Azure SDN Connector configuration.

673554

FortiManager should not allow policy to set destination address with a Virtual Server when inspection-mode is set as "flow".

Revision History

Bug ID

Description

606737 User may not be able to install policy package due to change with external interface with VIP settings.
618305 FortiManager changes configuration system csf settings.
623159 Zone validation in Re-Install Policy is not saving the user choice and deleting all related policies.
635957 Install fails for subnet overlap IP between two interfaces.
664284 FortiManager may not be able to configure SSH certificate.

671481

FortiManager may unset inspection-mode for 6.2 FortiGates in 6.0 ADOM while installation.

672609 After import, FortiManager may prompt password error on administrator during install.
674094 FortiManager may unset explicit proxy's HTTPS and PAC ports and change the value to 0 instead.
675867 The ssl-anomaly-log configuration may be incorrectly pushed by FortiManager when installing 5.6 ADOM policy to 6.0 FortiGate.
679139 When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios.
687769 FortiManager may not be able to set auto-asic-offload to disable.
689270 The following attributes under configs vpn ssl setting may have invalid range: login-attempt-limit, login-block-time, http-request-header-timeout, http-request-body-timeout and router bgp keep-alive-timer.
691835 FortiManager should be able to move one VLAN to a different zone without deleting many rules or zones.
693225 FortiManager may install unset inspection-mode to FortiGate 6.2 device in 6.0 ADOM.
694380 Installation may fail when set whitelist enable in ssl-ssh-profile is pushed to FortiGate 6.2 from a in 6.0 ADOM.

Script

Bug ID Description
613575 After script is run directly on CLI, FortiManager may fail to reload configuration.
668876 Using CLI script to create SD-WAN with auto-numbering, 'edit 0', may not work.
668947 Changes using CLI script may not be applied to devices in the container or folder.
671998 TCL scripts may not work when ssh-kex-sha1 and ssh-mac-weak are not enabled on FortiGate.

Services

Bug ID Description
567664 HA secondary device does not update FortiMeter license.
616703 GUI CLI Console may not response.
617601 Sort by Time Used in task monitor may not be correct.

680857

FortiExtender, FortiAP, or FortiSwitch upgrades can fail due to custom image being deleted during or after a failed upgrade.

System Settings

Bug ID

Description

517964 FortiManager may crate incorrect certificate and it cannot be deleted.
579964 FMGVM64-Cloud needs to provide GUI support for ADOM upgrade in system information dashboard.
598194 FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication.
614127 FortiManager should show details in the fnbamd debug if login fails due to trusted hosts.
625683 Changes made by ADOM upgrade may not update Last Modified date/time and user admin.
635181 FortiManager is unable to delete mail server with error message used displayed.
652417 FortiManager HA may go out of synchronization periodically based on the logs.
660130 Invalid setting of ssl-exempt may cause ADOM upgrade to fail.
670497 After upgrading FortiManager, syslog configuration may be deleted.
684907 Changing of FortiGuard Server Location in License Information Dashboard may not have any effect.
686569 Creating and deleting the static route may remove specific connected route.
687171 Users may not be able to assign devices to the ADOMs to which they have full access.
687223 Users may not be able to upgrade ADOM because of profile-protocol-options.
687968 FortiManager should not change to ipv6-autoconf to disable when management access is changed to the ipv6-autoconf enable state.
688517 Upgrading ADOM may fail due to FortiExtender Object.
695058 Radius response packets should not timeout with less of the remoteauthtimeout setting.

699185

If Management Extension Applications are enabled, all system settings may be lost after upgraded FortiManager.

Workaround: Please disable all Management Extension Applications (MEA) prior to upgrade.

VPN Manager

Bug ID Description
681110 VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate.