The following issues have been identified in 6.4.5. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.
|There may be DFS Channel mismatch between FortiManager and FortiGate for FAP-223E.
|DHCP server is incorrectly created for Bridge SSID.
|SSID may be empty on AP Manager > WiFi Profiles > SSID column.
|Monitor > Map view may fail if proxy is enabled.
|After adding FortiAnalyzer fabric ADOM to FortiManager, Device Manager's log status, Log Rate, or Device Astore column cannot get data from FortiAnalyzer.
|FortiManager cannot delete and reassign ports to VDOM when split VDOM is enabled.
|Device Manager fails to add FortiAnalyzer which contains a FortiGate HA device with error: Serial number does not match database.
|When creating an new interface for a VDOM, FortiManager may list interfaces that may belong to another ADOM.
|FortiManager CLI Configuration shows incorrect default wildcard value for router access-list.
|Install wizard may show a blank area when scrolling down the wizard to select device(s).
|FortiManager may not be able to edit VDOM link interface from VDOM level.
|FortiManager may not follow the order in CLI Script template.
|Configuration status may be shown as modified after adding FortiGate to FortiManager.
|Creating or editing transparent VDOM to disable may get stuck at 20%.
|After auto-conf IPv6 address is changed on FortiGate, the address is not updated in the device database.
|Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error.
|Fabric view may get stuck at loading.
|FortiManager is unable to configure FortiSwitch port mirroring.
|SD-WAN monitor may get stuck loading when an admin user belongs to a device group.
|FortiManager may fail to add another FortiManager in Fabric ADOM.
|FortiManager should be able to identify and show default SSL-SSH profile as read-only profiles.
|Device Manager system interface should not allow duplicated secondary IP address.
|FortiManager needs IPv6 support on Syslog server setting.
|FortiManager is not reflecting proper admin timeout value in CLI only object.
|BGP Neighbors table does not have height limit and vertical scrollbar.
|GUI should generate error message when using invalid IP address or special characters in interface name.
|Install fails when creating a new DHCP reservation due to missing MAC address.
|When creating an API admin from CLI Configuration, trusted host section is missing.
|FortiManager may not be able to make any changes to the FortiGate interface settings when the interface type is Software Switch.
|SD-WAN template > SD-WAN Rules options for Load Balance Mode do not match those on FortiOS.
|FortiManager may not be able to import policy with interface binding contradiction on srcintf error.
|FortiManager is not re-installing a policy when the user selects all devices with VDOMs from Device Manager.
|FortiManager VPN L2TP may prompt invalid ip range.
|Host Name is truncated when name has more than 31 characters.
|FortiManager is accepting DNS source IP even though it is not part of the available interfaces.
FortiManager may not display a FortiGate under the Device Manager > Managed Devices.
|When using VDOMs, Policy Package status remains in modified status after using Push to device.
|FortiManager truncates the device configuration when downloading from View configuration option.
|FortiManager may return an error when changing FortiGate device log configuration from FortiManager with management VDOM is moved to another VDOM.
|When changing FortiGuard related settings via CLI Configuration, FortiManager shows changes are reverted back but it also show the message: Successfully updated.
|License check setting may not be saved.
|Changed to the Disclaimer Page may not be saved with error.
|Duplicate entries for FortiExtenders may exist with same serial number.
|Browser may display a message, A webpage is slowing down your browser, while checking revision difference.
|After adding FortiSwitch, running a script to provision may fail.
|FortiManager may fail to upgrade two FortiSwitch devices at the same time.
FortiManager may not be able to delete VLAN interfaces created by FortiSwitch Manager.
FortiSwitch Manager should not install the auto-detected setting to FortiGate.
|In Global ADOMs the Where Used tool may not show object usage in ADOM.
|User should not be able to delete global object when ADOM is not locked.
|FortiManager may return error, Could not read zone validation results, when assigning global ADOM changes with Automatically Install Policies to ADOM Devices.
|Replacement message type UTM is not being pushed from global ADOM to local ADOM.
|Threat feeds global objects are not installed to destination ADOM when using the Assign All object option.
|Display Options for Object Config will reset to default after sometimes.
FortiManager cannot assign multiple ADOMs to an admin user via JSON API.
|Flag is_model and linked_to_model are not working when adding model device with JSON API.
|FortiManager may not be able to connect to FortiGate CLI via SSH widget or execute TCL scripts.
|Rebuilding database may never start when FortiAnalyzer mode is enabled.
|GUI access for multiple administrators may hang when upgrading multiple FortiGate devices.
|The svc cdb reader process may crash during ADOM upgrade.
diagnose cdb upgrade
check +al659981 command may unset
|FortiManager databases may randomly lose integrity.
|ADOM integrity check may run slowly and it takes several minutes to response for each ADOM.
|The "OR" button in column filter may not work.
|FortiManager is unable to see dynamic mapping for Local Certificate if workflow session is created.
|FortiManager is unable to create VIPv6 virtual server objects.
|After a non super user deleted a device, "super_user" admin cannot edit zone or interface with the deleted device's dynamic mappings.
|FortiManager may add
unexpected IPv6 address to IPv6 address field when deleting
|After deletion, creating another DNS Filter object with the same name and "Domain Filter Subtable" returns a duplicate error.
|NAT option is missing from Central NAT policy package.
|Firewall policy and proxy policy cannot select IP type external resource as address.
|FortiManager is missing IPV6 none values after modifying policy.
|FortiManager is constantly changing UUID for firewall address object.
|Some application and filter overrides are not displayed in the GUI.
|FortiManager is unable to
import firewall objects of
fsso fortiems-cloud user due to Server cannot be
|Policy Check may claim that different IPS profiles as duplicate.
|Wen an obsolete internet service is selected, FortiManager may show entry IDs instead of names.
|FortiManager may be slow to add or remove a URL entry on web filter with a large list.
|FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address.
|FortiManager may take a lot of time to update web filter URL filter list.
|FortiManager should not allow user to select a profile group in a flow-based policy that uses a proxy-based feature.
|User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop.
|FortiManager does not report error when an unsupported FQDN address format is created.
|FortiManager may randomly set IPv4 IP Pool object to overload.
|Address object search may not display the address group which contains the searched object within the group.
|Editing a global object in an ADOM is not possible generating error, undefined is not iterable.
|Domain Name and FortiGuard Category Threat Feeds are not installed when set as Allow action in security profiles.
|Copy fails for address and group from the exempt list of an SSL profile not used in the policy package.
|FortiManager may not be able to map normalized interface.
|Policy Package single entry change may impact all Policy Package Installation Targets status.
|Policy Check and Find Unused Policies may not work for FortiGate in Policy-Based mode.
|FortiManager may not be able to
ipv4-split-exclude attribute via CLI Object.
|Workflow session may not be able to compare with error: Cannot compare because of invalid Revision Diff data.
|FortiManager is not allowed to rename application control profile.
|The same filter may behave differently between source address and destination address.
|FortiManager may not be able to add rule with ISDB object when a rule is created with add above or below option.
|Internet Services may not match between FortiManager and FortiGate.
|Newly imported Cisco ACI connector object does not appear for selection until browser is refreshed.
|Where Used returns No Record Found when IPS Custom Signature is being used.
|FortiManager may not be able to push the entire Azure SDN Connector configuration.
FortiManager should not allow policy to set destination address with a Virtual Server when inspection-mode is set as "flow".
|User may not be able to install policy package due to change with external interface with VIP settings.
|FortiManager changes configuration system csf settings.
|Zone validation in Re-Install Policy is not saving the user choice and deleting all related policies.
|Install fails for subnet overlap IP between two interfaces.
|FortiManager may not be able to configure SSH certificate.
FortiManager may unset inspection-mode for 6.2 FortiGates in 6.0 ADOM while installation.
|After import, FortiManager may prompt password error on administrator during install.
|FortiManager may unset explicit proxy's HTTPS and PAC ports and change the value to 0 instead.
configuration may be incorrectly pushed by FortiManager when installing 5.6 ADOM
policy to 6.0 FortiGate.
|When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios.
|FortiManager may not be able to
|The following attributes under
configs vpn ssl setting may have invalid range:
router bgp keep-alive-timer.
|FortiManager should be able to move one VLAN to a different zone without deleting many rules or zones.
|FortiManager may install
unset inspection-mode to FortiGate 6.2 device in 6.0 ADOM.
|Installation may fail when
set whitelist enable in
ssl-ssh-profile is pushed to FortiGate
6.2 from a in 6.0 ADOM.
|After script is run directly on CLI, FortiManager may fail to reload configuration.
|Using CLI script to create
SD-WAN with auto-numbering, '
edit 0', may not work.
|Changes using CLI script may not be applied to devices in the container or folder.
|TCL scripts may not work when
ssh-mac-weak are not enabled on FortiGate.
|HA secondary device does not update FortiMeter license.
|GUI CLI Console may not response.
|Sort by Time Used in task monitor may not be correct.
FortiExtender, FortiAP, or FortiSwitch upgrades can fail due to custom image being deleted during or after a failed upgrade.
|FortiManager may crate incorrect certificate and it cannot be deleted.
|FMGVM64-Cloud needs to provide GUI support for ADOM upgrade in system information dashboard.
|FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication.
|FortiManager should show
details in the
fnbamd debug if login fails due to trusted hosts.
|Changes made by ADOM upgrade may not update Last Modified date/time and user admin.
|FortiManager is unable to delete mail server with error message used displayed.
|FortiManager HA may go out of synchronization periodically based on the logs.
| Invalid setting of
ssl-exempt may cause ADOM upgrade to fail.
|After upgrading FortiManager, syslog configuration may be deleted.
|Changing of FortiGuard Server Location in License Information Dashboard may not have any effect.
|Creating and deleting the static route may remove specific connected route.
|Users may not be able to assign devices to the ADOMs to which they have full access.
|Users may not be able to upgrade ADOM because of profile-protocol-options.
|FortiManager should not change to ipv6-autoconf to disable when management access is changed to the ipv6-autoconf enable state.
|Upgrading ADOM may fail due to FortiExtender Object.
|Radius response packets should not timeout with less of the remoteauthtimeout setting.
If Management Extension Applications are enabled, all system settings may be lost after upgraded FortiManager.
Workaround: Please disable all Management Extension Applications (MEA) prior to upgrade.
|VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate.