Known Issues
The following issues have been identified in 6.4.5. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.
AP Manager
| Bug ID | Description |
|---|---|
| 633171 | There may be DFS Channel mismatch between FortiManager and FortiGate for FAP-223E. |
| 648812 | DHCP server is incorrectly created for Bridge SSID. |
| 674636 | SSID may be empty on AP Manager > WiFi Profiles > SSID column. |
Device Manager
| Bug ID |
Description |
|---|---|
| 485037 | Monitor > Map view may fail if proxy is enabled. |
| 545239 | After adding FortiAnalyzer fabric ADOM to FortiManager, Device Manager's log status, Log Rate, or Device Astore column cannot get data from FortiAnalyzer. |
| 554241 | FortiManager cannot delete and reassign ports to VDOM when split VDOM is enabled. |
| 563690 | Device Manager fails to add FortiAnalyzer which contains a FortiGate HA device with error: Serial number does not match database. |
| 575215 | When creating an new interface for a VDOM, FortiManager may list interfaces that may belong to another ADOM. |
| 596711 | FortiManager CLI Configuration shows incorrect default wildcard value for router access-list. |
| 598431 | Install wizard may show a blank area when scrolling down the wizard to select device(s). |
| 604125 | FortiManager may not be able to edit VDOM link interface from VDOM level. |
| 610568 | FortiManager may not follow the order in CLI Script template. |
| 615044 | Configuration status may be shown as modified after adding FortiGate to FortiManager. |
| 624325 | Creating or editing transparent VDOM to disable may get stuck at 20%. |
| 630316 | After auto-conf IPv6 address is changed on FortiGate, the address is not updated in the device database. |
| 636357 | Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error. |
| 636638 | Fabric view may get stuck at loading. |
| 640907 | FortiManager is unable to configure FortiSwitch port mirroring. |
| 651560 | SD-WAN monitor may get stuck loading when an admin user belongs to a device group. |
| 652052 | FortiManager may fail to add another FortiManager in Fabric ADOM. |
| 659981 | FortiManager should be able to identify and show default SSL-SSH profile as read-only profiles. |
| 660491 | Device Manager system interface should not allow duplicated secondary IP address. |
| 665207 | FortiManager needs IPv6 support on Syslog server setting. |
| 665955 | FortiManager is not reflecting proper admin timeout value in CLI only object. |
| 666872 | BGP Neighbors table does not have height limit and vertical scrollbar. |
| 667738 | GUI should generate error message when using invalid IP address or special characters in interface name. |
| 670535 | Install fails when creating a new DHCP reservation due to missing MAC address. |
| 670577 | When creating an API admin from CLI Configuration, trusted host section is missing. |
| 673548 | FortiManager may not be able to make any changes to the FortiGate interface settings when the interface type is Software Switch. |
| 674123 | SD-WAN template > SD-WAN Rules options for Load Balance Mode do not match those on FortiOS. |
| 674904 | FortiManager may not be able to import policy with interface binding contradiction on srcintf error. |
| 676002 | FortiManager is not re-installing a policy when the user selects all devices with VDOMs from Device Manager. |
| 678495 | FortiManager VPN L2TP may prompt invalid ip range. |
| 680516 | Host Name is truncated when name has more than 31 characters. |
| 681627 | FortiManager is accepting DNS source IP even though it is not part of the available interfaces. |
|
683411 |
FortiManager may not display a FortiGate under the Device Manager > Managed Devices. |
| 684372 | When using VDOMs, Policy Package status remains in modified status after using Push to device. |
| 684462 | FortiManager truncates the device configuration when downloading from View configuration option. |
| 689014 | FortiManager may return an error when changing FortiGate device log configuration from FortiManager with management VDOM is moved to another VDOM. |
| 689721 | When changing FortiGuard related settings via CLI Configuration, FortiManager shows changes are reverted back but it also show the message: Successfully updated. |
| 690493 | License check setting may not be saved. |
| 690566 | Changed to the Disclaimer Page may not be saved with error. |
| 690608 | Duplicate entries for FortiExtenders may exist with same serial number. |
| 692669 | Browser may display a message, A webpage is slowing down your browser, while checking revision difference. |
FortiSwitch Manager
| Bug ID | Description |
|---|---|
| 667703 | After adding FortiSwitch, running a script to provision may fail. |
| 674539 | FortiManager may fail to upgrade two FortiSwitch devices at the same time. |
|
676739 |
FortiManager may not be able to delete VLAN interfaces created by FortiSwitch Manager. |
|
690995 |
FortiSwitch Manager should not install the auto-detected setting to FortiGate. |
Global ADOM
|
Bug ID |
Description |
|---|---|
| 662216 | In Global ADOMs the Where Used tool may not show object usage in ADOM. |
| 667197 | User should not be able to delete global object when ADOM is not locked. |
| 680798 | FortiManager may return error, Could not read zone validation results, when assigning global ADOM changes with Automatically Install Policies to ADOM Devices. |
| 689965 | Replacement message type UTM is not being pushed from global ADOM to local ADOM. |
| 691562 | Threat feeds global objects are not installed to destination ADOM when using the Assign All object option. |
| 693510 | Display Options for Object Config will reset to default after sometimes. |
Others
| Bug ID | Description |
|---|---|
|
510508 |
FortiManager cannot assign multiple ADOMs to an admin user via JSON API. |
| 605560 | Flag is_model and linked_to_model are not working when adding model device with JSON API. |
| 667442 | FortiManager may not be able to connect to FortiGate CLI via SSH widget or execute TCL scripts. |
| 678322 | Rebuilding database may never start when FortiAnalyzer mode is enabled. |
| 680806 | GUI access for multiple administrators may hang when upgrading multiple FortiGate devices. |
| 681625 | The svc cdb reader process may crash during ADOM upgrade. |
| 681707 | The diagnose cdb upgrade
check +al659981 command may unset defmap-intf. |
| 683841 | FortiManager databases may randomly lose integrity. |
| 686460 | ADOM integrity check may run slowly and it takes several minutes to response for each ADOM. |
Policy & Objects
| Bug ID | Description |
|---|---|
| 538057 | The "OR" button in column filter may not work. |
| 580880 | FortiManager is unable to see dynamic mapping for Local Certificate if workflow session is created. |
| 585177 | FortiManager is unable to create VIPv6 virtual server objects. |
| 593072 | After a non super user deleted a device, "super_user" admin cannot edit zone or interface with the deleted device's dynamic mappings. |
| 601696 | FortiManager may add
unexpected IPv6 address to IPv6 address field when deleting ::/0. |
| 607628 | After deletion, creating another DNS Filter object with the same name and "Domain Filter Subtable" returns a duplicate error. |
| 608535 | NAT option is missing from Central NAT policy package. |
| 615624 | Firewall policy and proxy policy cannot select IP type external resource as address. |
| 617894 | FortiManager is missing IPV6 none values after modifying policy. |
| 623100 | FortiManager is constantly changing UUID for firewall address object. |
| 630431 | Some application and filter overrides are not displayed in the GUI. |
| 631158 | FortiManager is unable to
import firewall objects of fsso fortiems-cloud user due to Server cannot be
empty. |
| 646329 | Policy Check may claim that different IPS profiles as duplicate. |
| 652753 | Wen an obsolete internet service is selected, FortiManager may show entry IDs instead of names. |
| 655601 | FortiManager may be slow to add or remove a URL entry on web filter with a large list. |
| 656991 | FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address. |
| 659296 | FortiManager may take a lot of time to update web filter URL filter list. |
| 663109 | FortiManager should not allow user to select a profile group in a flow-based policy that uses a proxy-based feature. |
| 666258 | User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop. |
| 670061 | FortiManager does not report error when an unsupported FQDN address format is created. |
| 675509 | FortiManager may randomly set IPv4 IP Pool object to overload. |
| 677528 | Address object search may not display the address group which contains the searched object within the group. |
| 679282 | Editing a global object in an ADOM is not possible generating error, undefined is not iterable. |
| 681006 | Domain Name and FortiGuard Category Threat Feeds are not installed when set as Allow action in security profiles. |
| 681453 | Copy fails for address and group from the exempt list of an SSL profile not used in the policy package. |
| 682356 | FortiManager may not be able to map normalized interface. |
| 683167 | Policy Package single entry change may impact all Policy Package Installation Targets status. |
| 684081 | Policy Check and Find Unused Policies may not work for FortiGate in Policy-Based mode. |
| 686902 | FortiManager may not be able to
configure ipv4-split-exclude attribute via CLI Object. |
| 686911 | Workflow session may not be able to compare with error: Cannot compare because of invalid Revision Diff data. |
| 686962 | FortiManager is not allowed to rename application control profile. |
| 687460 | The same filter may behave differently between source address and destination address. |
| 687784 | FortiManager may not be able to add rule with ISDB object when a rule is created with add above or below option. |
| 689589 | Internet Services may not match between FortiManager and FortiGate. |
| 690269 | Newly imported Cisco ACI connector object does not appear for selection until browser is refreshed. |
| 692114 | Where Used returns No Record Found when IPS Custom Signature is being used. |
| 694605 | FortiManager may not be able to push the entire Azure SDN Connector configuration. |
|
673554 |
FortiManager should not allow policy to set destination address with a Virtual Server when inspection-mode is set as "flow". |
Revision History
|
Bug ID |
Description |
|---|---|
| 606737 | User may not be able to install policy package due to change with external interface with VIP settings. |
| 618305 | FortiManager changes configuration system csf settings. |
| 623159 | Zone validation in Re-Install Policy is not saving the user choice and deleting all related policies. |
| 635957 | Install fails for subnet overlap IP between two interfaces. |
| 664284 | FortiManager may not be able to configure SSH certificate. |
|
671481 |
FortiManager may unset inspection-mode for 6.2 FortiGates in 6.0 ADOM while installation. |
| 672609 | After import, FortiManager may prompt password error on administrator during install. |
| 674094 | FortiManager may unset explicit proxy's HTTPS and PAC ports and change the value to 0 instead. |
| 675867 | The ssl-anomaly-log
configuration may be incorrectly pushed by FortiManager when installing 5.6 ADOM
policy to 6.0 FortiGate. |
| 679139 | When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios. |
| 687769 | FortiManager may not be able to
set auto-asic-offload to disable. |
| 689270 | The following attributes under
configs vpn ssl setting may have invalid range: login-attempt-limit,
login-block-time, http-request-header-timeout, http-request-body-timeout and
router bgp keep-alive-timer. |
| 691835 | FortiManager should be able to move one VLAN to a different zone without deleting many rules or zones. |
| 693225 | FortiManager may install
unset inspection-mode to FortiGate 6.2 device in 6.0 ADOM. |
| 694380 | Installation may fail when
set whitelist enable in ssl-ssh-profile is pushed to FortiGate
6.2 from a in 6.0 ADOM. |
Script
| Bug ID | Description |
|---|---|
| 613575 | After script is run directly on CLI, FortiManager may fail to reload configuration. |
| 668876 | Using CLI script to create
SD-WAN with auto-numbering, 'edit 0', may not work. |
| 668947 | Changes using CLI script may not be applied to devices in the container or folder. |
| 671998 | TCL scripts may not work when
ssh-kex-sha1 and ssh-mac-weak are not enabled on FortiGate. |
Services
| Bug ID | Description |
|---|---|
| 567664 | HA secondary device does not update FortiMeter license. |
| 616703 | GUI CLI Console may not response. |
| 617601 | Sort by Time Used in task monitor may not be correct. |
|
680857 |
FortiExtender, FortiAP, or FortiSwitch upgrades can fail due to custom image being deleted during or after a failed upgrade. |
System Settings
|
Bug ID |
Description |
|---|---|
| 517964 | FortiManager may crate incorrect certificate and it cannot be deleted. |
| 579964 | FMGVM64-Cloud needs to provide GUI support for ADOM upgrade in system information dashboard. |
| 598194 | FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication. |
| 614127 | FortiManager should show
details in the fnbamd debug if login fails due to trusted hosts. |
| 625683 | Changes made by ADOM upgrade may not update Last Modified date/time and user admin. |
| 635181 | FortiManager is unable to delete mail server with error message used displayed. |
| 652417 | FortiManager HA may go out of synchronization periodically based on the logs. |
| 660130 | Invalid setting of ssl-exempt may cause ADOM upgrade to fail. |
| 670497 | After upgrading FortiManager, syslog configuration may be deleted. |
| 684907 | Changing of FortiGuard Server Location in License Information Dashboard may not have any effect. |
| 686569 | Creating and deleting the static route may remove specific connected route. |
| 687171 | Users may not be able to assign devices to the ADOMs to which they have full access. |
| 687223 | Users may not be able to upgrade ADOM because of profile-protocol-options. |
| 687968 | FortiManager should not change to ipv6-autoconf to disable when management access is changed to the ipv6-autoconf enable state. |
| 688517 | Upgrading ADOM may fail due to FortiExtender Object. |
| 695058 | Radius response packets should not timeout with less of the remoteauthtimeout setting. |
|
699185 |
If Management Extension Applications are enabled, all system settings may be lost after upgraded FortiManager. Workaround: Please disable all Management Extension Applications (MEA) prior to upgrade. |
VPN Manager
| Bug ID | Description |
|---|---|
| 681110 | VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate. |