Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 6.4.9. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

710550

Installation fails due to invalid handoff-sta-thresh.

794836 Protected Management Frames (PMF) feature always gets disabled when security mode is set to WPA2 (Enterprise or Personal).

Device Manager

Bug ID Description

676002

FortiManager does not allow reinstalling a policy when user selects all devices with VDOMs from Device Manager.

676415

SAML account with Remote certificate not getting imported to FortiManager-Cloud.

704106 Certificate Enrollment fails using SCEP on Microsoft server with sub-ca certificate chains.

746634

FMG3900E cannot connect to mapserver due to cert issue.

762650

FortiManager is sending commands which do not exist in FortiGates; issue happens only on 80/81F and 60F.

763234

Installation failed due to the syntax's difference between FortiGate and FortiManager in setting log-disk-quota for VDOMs.

773147

Installation fails due to the unexpected system interface config changes for "PVC" related settings.

775552

The View Device revision under Revision History does not display the full and complete device's configuration.

788923

SD-WAN template does not change the value of "service-sla-tie-break" for a SDWAN Zone.

791117

Unable to create simultaneous static routes with named address objects.

791274

When optional meta fields are being used users cannot edit the devices.

801022

Config status gets modified even though the installation preview is empty.

806622

Installation failed after configurating the link-monitor.

806941

In FortiManager 6.4.8, using CLI template adds double quote around the variables hence installation fails.

807656

Editing the Device Group does not load any group members.

811977

Device Manager does not display devices list properly.

812213

Default factory setting on FortiGate does not match with its default factory setting on FortiManager's DB. This causes status conflict if FortiGate added to the FortiManager using the "Add Model Device" method.

814420

After the upgrade the scroll bar is missing for Device Manager, SD-WAN, and SD-WAN Templates.

FortiSwitch Manager

Bug ID Description
803175 FortiSwitch template does not enable all the POE interfaces.

829700

FortiManager shows errors while installing FortiSwitch configuration.

Global ADOM

Bug ID Description

811660

Global Database object assignment to ADOMs fails.

Others

Bug ID Description

666037

Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.

671516 FortiManager/FortiAnalyzer cannot accept more than 100 concurrent admin sessions (Using JSON APIs).

682557

Installing gre-tunnel configuration to FGTs does not successfully complete due to the verification failure.

704093

Support FortiSandbox v4.0 objects in default download list.

711922

After firewall policy modification, the JSON response via proxy/JSON to get the FortiGate's config backup is not in clear text format any more.

747648 FortiManager does not support some of the FEX models and versions under the FEX Profiles.

776718

"FortiGuard Category Threat Feed"'s Fabric View does not display any interfaces under its Advanced setting.

784037

FortiManager offers low encryption cipher Suite in TLS 1.2.

792296

ADOM upgrade fails due to the Virtual wire pair policy.

804244

ADOMs created by XML API cannot be locked or unlocked.

806109

After ADOM upgrade, log-all is disabled for all protocols under Email Filter profile.

808822

Changing the HTTPS port used for Administrative Web Access will cause FortiManager to stop listening to port 443 for FortiGate update requests.

814425

Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.

815875

After FortiManager's upgrade, device level status has been modified and Install preview shows that pdf-report and fortiview features will be enabled on the FortiGates even if these are already enabled on the FortiGates before.

819494

Task completes successfully even when non-existing global package assignment is done using API request.

820248

Cloning same ADOM multiple times fails with error "Unknown DVM error".

820578

"svc authd" process is consuming 100% of CPU.

823294

SSH connection between FortiGate and FortiAnalyzer/FortiManagerv7.0.4/7.2.1 or later fails due to server_host_key_algorithms mismatch.

823547

In Advanced ADOM mode, it is not possible to create a new VDOM in a new ADOM via JSON API request.

826718

Failed to delete the hanging task from task monitor.

Policy and Objects

Bug ID

Description

620680

FortiManager does not support the geographic fields data for firewall internet-service Objects.

705302

Remote VPN certificate installation failed and certificate disappeared from FortiManager, however, on the FortiGate the certificate installed successfully.

706809

Policy Check export does not have the last hit count details anymore.

707481

Deleting DNS filter profile does not deletes the associated Domain filter.

716943

FortiManager's GUI shows so many blank areas after adding the IPS signatures and filters.

725132

When modifying IP address of Default VPN Interface of spoke in Device Manager, hub remote gateway should be modified to reflect that change.

731037

There may be File Filter file type mismatch between FortiGate and FortiManager.

758680

Unable to complete the Cisco pxGrid fabric connector's configuration on FortiManager.

765154

Installation fails when trying to disable the "safe search" on existing DNS filter from FortiManager.

767255

FortiManager fails to install the custom signature because it is too long.

773249

FortiManager may not display the correct number of firewall address objects while adding the objects to DoS policy.

773403

FortiManager may now differentiate between the ISDB objects "Predefined Internet Services" and "IP Reputation Database".

775733

When creating/editing an user in User & Authentication section, the Add to Groups section doesn't show any User Groups, even if the user has been already added to a group.

778171

After the upgrade, FortiManager is changing the "config antivirus quarantine" setting; this fails the installation.

791357

Installation failed when using custom-deep-inspection.

792980

Installation fails when trying to install SAML user configuration.

802934

FortiManager's Policy Package Diff displays policy objects change even though there is not any changes.

805642

New policies created in policy package do not inherit "global-label" section.

805783

After the 6.0 ADOM upgrade, installing the same v6.0 policy package got "unset webfilter-profile" in wanopt proxy policy.

805966

Verification fails due to the "resource-limits.proxy".

808033

Execution of the script on Policy & Packages for the first time does not change the status to "modify".

809888

Replacement Message Group under Security profiles gets removed by FortiManager during the installation.

811450

"Installation Preparation" step for installing the policy package to the FortiGate takes very long time.

812909

FortiManager unsets the "bypass-watchdog" setting on FGT400E-Bypass.

813237

View Mode feature does not work properly when workspace mode is enabled on FortiManager.

814468

FortiManager purges 'gcp-project-list' and unsets several values from GCP sdn-connector.

815281

SDN dynamic address object filter does not display the list properly.

815812

Installation failed because FortiManager tried removing the credentials for Amazon Web Services (AWS) type SDN Connector and enabling the "use-metadata-iam" feature.

816347

Objects Field search under the "Add Object(s)" feature does not properly locate any firewall object addresses for Source & Destination .

819713

FortiManager in task manager does not show the specific admin name who refreshes the hit-count.

825530

Explicit web proxy policy does not allow selecting any source address objects.

830502

FortiManager fails to create the CSV for Policy Package.

Revision History

Bug ID

Description

496870 Fabric SDN Connector is installed on FortiGate even if it is not in used.
691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.

Services

Bug ID

Description

752849 FortiManager doesn't have the proper version string of FortiGate's IPGeo Info.

754038

FortiGate firmware upgrade via FortiManager may break FortiGate HA cluster.

808121

FortiManager ignores "add_no_service" setting for the "Unauthorized Devices".

System Settings

Bug ID

Description

687223 Users may not be able to upgrade ADOM because of profile-protocol-options'.
811633 Restricted Administrators using the API requests have full read-write access.

815728

FortiManager takes very long hours to rebuild the HA cluster back to synchronization status.

818969

Unable to poll SNMP with SNMP Engine ID.

822776

Query Distinguished Name does not display the LDAP users in FMG when Secure connection is enabled.

829751

Installation tasks got stuck at 0% and failed to start any new installation tasks.

VPN Manager

Bug ID

Description

615890 IPSec VPN Authusergrp option "Inherit from Policy" is missing when setting xauthtype as auto server.
796104 FortiManager deletes and re-creates VPN routes with different id's on every install.

810027

FortiManager Spoke IP setting for vpn configuration sets properly but the policy package does not change on the Hub phase1.

Resolved Issues

The following issues have been fixed in 6.4.9. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

710550

Installation fails due to invalid handoff-sta-thresh.

794836 Protected Management Frames (PMF) feature always gets disabled when security mode is set to WPA2 (Enterprise or Personal).

Device Manager

Bug ID Description

676002

FortiManager does not allow reinstalling a policy when user selects all devices with VDOMs from Device Manager.

676415

SAML account with Remote certificate not getting imported to FortiManager-Cloud.

704106 Certificate Enrollment fails using SCEP on Microsoft server with sub-ca certificate chains.

746634

FMG3900E cannot connect to mapserver due to cert issue.

762650

FortiManager is sending commands which do not exist in FortiGates; issue happens only on 80/81F and 60F.

763234

Installation failed due to the syntax's difference between FortiGate and FortiManager in setting log-disk-quota for VDOMs.

773147

Installation fails due to the unexpected system interface config changes for "PVC" related settings.

775552

The View Device revision under Revision History does not display the full and complete device's configuration.

788923

SD-WAN template does not change the value of "service-sla-tie-break" for a SDWAN Zone.

791117

Unable to create simultaneous static routes with named address objects.

791274

When optional meta fields are being used users cannot edit the devices.

801022

Config status gets modified even though the installation preview is empty.

806622

Installation failed after configurating the link-monitor.

806941

In FortiManager 6.4.8, using CLI template adds double quote around the variables hence installation fails.

807656

Editing the Device Group does not load any group members.

811977

Device Manager does not display devices list properly.

812213

Default factory setting on FortiGate does not match with its default factory setting on FortiManager's DB. This causes status conflict if FortiGate added to the FortiManager using the "Add Model Device" method.

814420

After the upgrade the scroll bar is missing for Device Manager, SD-WAN, and SD-WAN Templates.

FortiSwitch Manager

Bug ID Description
803175 FortiSwitch template does not enable all the POE interfaces.

829700

FortiManager shows errors while installing FortiSwitch configuration.

Global ADOM

Bug ID Description

811660

Global Database object assignment to ADOMs fails.

Others

Bug ID Description

666037

Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.

671516 FortiManager/FortiAnalyzer cannot accept more than 100 concurrent admin sessions (Using JSON APIs).

682557

Installing gre-tunnel configuration to FGTs does not successfully complete due to the verification failure.

704093

Support FortiSandbox v4.0 objects in default download list.

711922

After firewall policy modification, the JSON response via proxy/JSON to get the FortiGate's config backup is not in clear text format any more.

747648 FortiManager does not support some of the FEX models and versions under the FEX Profiles.

776718

"FortiGuard Category Threat Feed"'s Fabric View does not display any interfaces under its Advanced setting.

784037

FortiManager offers low encryption cipher Suite in TLS 1.2.

792296

ADOM upgrade fails due to the Virtual wire pair policy.

804244

ADOMs created by XML API cannot be locked or unlocked.

806109

After ADOM upgrade, log-all is disabled for all protocols under Email Filter profile.

808822

Changing the HTTPS port used for Administrative Web Access will cause FortiManager to stop listening to port 443 for FortiGate update requests.

814425

Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.

815875

After FortiManager's upgrade, device level status has been modified and Install preview shows that pdf-report and fortiview features will be enabled on the FortiGates even if these are already enabled on the FortiGates before.

819494

Task completes successfully even when non-existing global package assignment is done using API request.

820248

Cloning same ADOM multiple times fails with error "Unknown DVM error".

820578

"svc authd" process is consuming 100% of CPU.

823294

SSH connection between FortiGate and FortiAnalyzer/FortiManagerv7.0.4/7.2.1 or later fails due to server_host_key_algorithms mismatch.

823547

In Advanced ADOM mode, it is not possible to create a new VDOM in a new ADOM via JSON API request.

826718

Failed to delete the hanging task from task monitor.

Policy and Objects

Bug ID

Description

620680

FortiManager does not support the geographic fields data for firewall internet-service Objects.

705302

Remote VPN certificate installation failed and certificate disappeared from FortiManager, however, on the FortiGate the certificate installed successfully.

706809

Policy Check export does not have the last hit count details anymore.

707481

Deleting DNS filter profile does not deletes the associated Domain filter.

716943

FortiManager's GUI shows so many blank areas after adding the IPS signatures and filters.

725132

When modifying IP address of Default VPN Interface of spoke in Device Manager, hub remote gateway should be modified to reflect that change.

731037

There may be File Filter file type mismatch between FortiGate and FortiManager.

758680

Unable to complete the Cisco pxGrid fabric connector's configuration on FortiManager.

765154

Installation fails when trying to disable the "safe search" on existing DNS filter from FortiManager.

767255

FortiManager fails to install the custom signature because it is too long.

773249

FortiManager may not display the correct number of firewall address objects while adding the objects to DoS policy.

773403

FortiManager may now differentiate between the ISDB objects "Predefined Internet Services" and "IP Reputation Database".

775733

When creating/editing an user in User & Authentication section, the Add to Groups section doesn't show any User Groups, even if the user has been already added to a group.

778171

After the upgrade, FortiManager is changing the "config antivirus quarantine" setting; this fails the installation.

791357

Installation failed when using custom-deep-inspection.

792980

Installation fails when trying to install SAML user configuration.

802934

FortiManager's Policy Package Diff displays policy objects change even though there is not any changes.

805642

New policies created in policy package do not inherit "global-label" section.

805783

After the 6.0 ADOM upgrade, installing the same v6.0 policy package got "unset webfilter-profile" in wanopt proxy policy.

805966

Verification fails due to the "resource-limits.proxy".

808033

Execution of the script on Policy & Packages for the first time does not change the status to "modify".

809888

Replacement Message Group under Security profiles gets removed by FortiManager during the installation.

811450

"Installation Preparation" step for installing the policy package to the FortiGate takes very long time.

812909

FortiManager unsets the "bypass-watchdog" setting on FGT400E-Bypass.

813237

View Mode feature does not work properly when workspace mode is enabled on FortiManager.

814468

FortiManager purges 'gcp-project-list' and unsets several values from GCP sdn-connector.

815281

SDN dynamic address object filter does not display the list properly.

815812

Installation failed because FortiManager tried removing the credentials for Amazon Web Services (AWS) type SDN Connector and enabling the "use-metadata-iam" feature.

816347

Objects Field search under the "Add Object(s)" feature does not properly locate any firewall object addresses for Source & Destination .

819713

FortiManager in task manager does not show the specific admin name who refreshes the hit-count.

825530

Explicit web proxy policy does not allow selecting any source address objects.

830502

FortiManager fails to create the CSV for Policy Package.

Revision History

Bug ID

Description

496870 Fabric SDN Connector is installed on FortiGate even if it is not in used.
691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.

Services

Bug ID

Description

752849 FortiManager doesn't have the proper version string of FortiGate's IPGeo Info.

754038

FortiGate firmware upgrade via FortiManager may break FortiGate HA cluster.

808121

FortiManager ignores "add_no_service" setting for the "Unauthorized Devices".

System Settings

Bug ID

Description

687223 Users may not be able to upgrade ADOM because of profile-protocol-options'.
811633 Restricted Administrators using the API requests have full read-write access.

815728

FortiManager takes very long hours to rebuild the HA cluster back to synchronization status.

818969

Unable to poll SNMP with SNMP Engine ID.

822776

Query Distinguished Name does not display the LDAP users in FMG when Secure connection is enabled.

829751

Installation tasks got stuck at 0% and failed to start any new installation tasks.

VPN Manager

Bug ID

Description

615890 IPSec VPN Authusergrp option "Inherit from Policy" is missing when setting xauthtype as auto server.
796104 FortiManager deletes and re-creates VPN routes with different id's on every install.

810027

FortiManager Spoke IP setting for vpn configuration sets properly but the policy package does not change on the Hub phase1.