AP Manager

Bug ID Description
556036 FortiManager cannot configure AP profile short-guard-interval.
599666 Empty LLDP status information is shown under AP Manager.
610724 Unauthorized APs should be displayed so that users can authorize the APs.
644584 Upgrading an AP may get stuck at 5 % and no task is created for it.
645030 Adding FortiGate using custom admin profile may fail to list FAP in AP Manager.
645713 FortiManager allows the user to create SSID which cannot be deleted later.
653329 FortiManager is sending the wrong device setting after changing the FAP name.
587879 AP Manager central mode is missing AP group with VLAN ID.
607170 Dynamic VLAN option is not saved in SSID in AP Manager.
654171 There may be duplicate entries in objcfg_wireless_controller_wtp preventing the user to delete some custom WTP profiles.

Device Manager

Bug ID Description
581940 SD-WAN Monitor may show gaps on the SD-WAN monitoring graph.
593364 FortiManager does not install md5 key for OSPF interface configured from Device Manager.
598794 IPSec Phase 1 setting shows inconsistencies between Lock and Unlock.
599852 When password policy is set as enforced, FortiManager should not accept the password if it does not meet the policy.
603291 Group membership may be incorrect after adding a VDOM.
603820 FortiManager fails to import policy when reputation-minimum and reputation-direction are set.
605688 Pac-file-datais limited to 4000 characters under CLI Configuration.
610071 FortiManager should not allow duplicated names when creating a new interface based VPN phase1.
611315 SD-WAN should be allowed to configure port for HTTP health-check server.
612355 Policy Package status remains in modified status after using Push to device on an updated object.
616271 FortiManager prompts a, response format error, when adding per-device mapping to a new interface in a new workflow

session

619106 When importing a policy, the conflict page may truncate outputs.
624596 Device Manager’s Connect to CLI function with SSH may prompt an error message.
625831 Deleting a device from Device Manager may take a long time and FortiManager becomes very slow.
626598 Custom Device Meta fields cannot be modified.
631576 Device list may be empty under device group when trying to edit it.
637630 FortiManager is not showing interface status in Device Manager interface page.
637672 Importing AP Profile in AP Manager may cause Config Status changes to Modified.
637794 FortiManager is unable to import firewall policy if the SD-WAN member interface referenced is dstaddr.
638351 FortiManager is unable to set FAZ IP override setting as global setting.
643172 FortiManager does not support dnsproxy-worker-count higher than two.
644223 FortiManager is unable to add FortiAnalyzer and triggers an error: Object does not exist.
649195 Editing an address group does not trigger any configuration change when the installation target is set to specific device(s).
649711 FortiManager is unable to add FortiAnalyzer and fails to synchronize FortiAnalyzer with current ADOM data with error: Fail(errno=-3):Object does not exist.
650545 Import may get stuck in an infinite loop when there is a recursive reference.
558176 Interface-subnet type addresses’ interface are re-set to zone after import, causing the copy to fail during install.
649566 CLI Template is not able to install an interface with the same name using vpn ipsec phase1-interface and config system ipsec-aggregate.
653388 IPsec VPN Phase-1 tunnel interface is not added to the VDOM interface list in a VDOM that has a long name.
653465 FortiManager may not be able to edit DHCP options function on the GUI.
656984 Importing system template CLI may fail.
552492 VAP is always loading under CLI configuration.
633767 There is a typo in Japanese in NTP Service of DHCP Server setting.
651712 SD-WAN monitor keeps loading and not displaying anything in backup mode ADOM.

FortiSwitch Manager

Bug ID Description
642959 When re-installing or installing any policy package, FortiManager tries to install security-8021x-dynamic-vlan-id even if there is no 8021x authenticationn configured on FortiManager.
651788 FortiSwitch Manager is not showing the correct online or offline status.

Global ADOM

Bug ID Description
645702 Global policy install should not show warnings when a policy package has no installation target.
647736 Global ADOM policy package assignment may fail.

Others

Bug ID Description
551710 /bin/ha may have high memory usage.
623147 FortiManager may never form a HA due to variance in certificates.
626338 The exec fmpolicy CLI command may not print out a policy package correctly.
635616 The ADOM integrity check may fail with SD-WAN dynamic interface members.
643784 FortiManager is crashing on security console and wizard is stopped at 50% of deployment.
647791 Cloning VDOM object may fail via the CLI.
647156 FortiManager cannot clone any of the deep-inspection ssl-ssh-profiles using JSON API.
657566 After upgrade, copy may fail for central SD-WAN with configuration error error service – 2 :-2 – Please assign a member.

Policy and Objects

Bug ID Description
525625 When configuring web filter rating override, the configuration is pushed to all the VDOMs even a web filter is not used.
540716 Under Policy,there is no Session CountSession First UsedSession Last Used options in the Column Settings drop-down list.
553462 FortiManager may prompt the error, Zone member VLAN is used by another zone, when installing policy package.
569226 The section title should always be displayed for filtered policy and the section title should not be deleted after policy was deleted.
578501 FortiManager should show global icon for global objects assigned to ADOMs.
581588 Central SNAT policy does not support showing IPv6 address in the table.
593417 FortiManager shows incorrect action for allowing invalid SSL certificates.
596533 Renaming policy package changes the implicit policy’s Log Violation Traffic setting to No Log.
609300 FortiManager may not be able to import all Cisco ACI Fabric Connector address.
612445 Policy package for v5.6 cannot be installed on v6.0 devices if default deep SSL inspection is used.
613840 Process bar does not show correct status when some addresses fail to import for fabric connector.
614710 Search result in device interface should display the zone that the interface is a member of.
615117 Policy Package section is not sent over to FortiGate if Policy Blocks are under the section in FortiManager.
620890 Unlock and discard changes on policy package may create duplicate section titles.
625665 Policy package installation may fail due to certificates errors after creating a new VDOM.
626060 FortiManager cannot set per-device mapping for user-radius-accounting-server-source-ip.
628389 When workspace is enabled, Policy Package status may change to Modified when there is nothing to be installed.
628748 When scrolling through URL Filter list under Web Filter Profile, the list either takes time to load or it does not show all URLs.
630055 Some custom application signatures have id 0 in the application list.
630582 Deleted policy IDs may still appear in the GUI.
630891 Cloned policy may not get installed onto devices.
631405 FortiManager should check for mgmt interface configuration for dedicated to mgmt setting before allow using the interface on a policy.
632545 Installing policy package may result in an error: Could not read zone validation results.
632715 In DoS policy, changing quarantine from attacker to none keeps quarantine-expiry set incorrectly.
632771 Sometimes users are not updated on FortiManager after a new session is created on ISE.
633248 Web proxy profile is not being installed on FortiGate when the proxy type is Transparent-web.
633431 Changing to Classical Dual Pane disables Policy Hit Count.
633727 FortiManager is unable to display summary of policy package diff for VDOM with a long name.
634597 FortiManager may unset speed on ports which are configured with 10000full.
636010 FortiManager cannot push custom application signatures from different policy packages to the same FortiGate.
636133 When is bfd disabled, FortiManager should exclude bfd-desired-min-tx and bfd-required-min-rx from installation.
636732 Copying policy causes interface binding contradiction for object member.
637688 FortiManager prompts the error message, The data is invalid for selected url, when copying and pasting policy to a different policy package.
639753 After a FortiToken is activated on the FortiGate, the next policy install from FortiManager would unset reg-id and os-ver on the token.
640400 FortiManager may purge the list of resolved IPs of a dynamic address on the FortiGate.
640662 Policy page shows a blank entry for the Users column when device group is selected.
643098 FortiManager may have slow installation of policy package due to many VIPs have the same external VIP.
643113 Changing an Accept policy to Deny when the policy contains a Security Profile Group results in installation failure.
643930 Finding Duplicate Objects shows does not display duplicated addresses if wildcard is empty.
643957 When there are many firewall addresses, FortiManager may be slow to show all addresses under CLI Only Objects.
645367 Discarded policy deletion in Policy Package may delete all policies while they are still visible on the GUI.
645661 A valid custom IPS signature may still trigger invalid IPS data error.
647337 FortiManager may fail to retrieve FSSO user groups via FortiGate.
599129 While editing policy from Policy Package, it is not possible to select SSL/SSH Inspection profile.
618321 FortiManager is unable to create RSSO Group if Agent is configured with a custom name.
620092 Interface Pair view is not working for Security Policies.
634241 VIP created using CLI script is not available to use in a policy.
644689 FortiManager may not be able to load application control profile.
583151 FortiManager should not change the default value of scan-mode and ssl-ssh-profile/inspection-mode when installing v6.0 policy package to v6.2.
600165 Firewall consolidated policy is still named as SSL Inspection & Authentication when it is profile based.
623833 Username cannot exceed 35 characters.
640157 Verification may fail due to wrong default setting of log.memory.global-setting > set max-size‘.

Revision History

Bug ID Description
586275 Policy Package Diff does not show user or admin details.
594933 Re-installing Policy Package cannot skip to Install Policy Package, which fails validation.
604680 FortiManager sets FSSO to disable even though FSSO group is in use.
610032 After upgrade, installation fails due to the set mediatype command of an interface.
610687 FortiManager should not unset forward-error-correct during install.
613901 FortiManager may not be able to show more than one log based on one revision ID.
622540 FortiManager prompts error, no hub configured, for a site even the site is not part of VPN Manager.
632129 syslogd setting source-ip is still visible after setting status to disable, which causes a verification failure.
633515 FortiManager should improve error message when FortiManager receives blank or invalid configurations from FortiGate.
643803 Policy Package Diff may shows all objects as new changes.
646372 When a customer applies changes to a policy package, then all the policy packages in this ADOM change to a Modified state.
650239 Installation fails with wireless-controller vap mesh-backhaul setting despite setting being disabled on FortiManager.
652337 VPN Manager changes may result in unnecessary FortiGate configuration changes.
647180 Install copy may fail with error message ftgd-wf – – The category is already set in another filter.
634032 Installing a policy may fail due to log disk setting.
657344 Installing from 6.0 ADOM may try to unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2.

Script

Bug ID Description
611396 When a device is locked, FortiManager cannot show the list of devices to run a script.
634242 After applying profile-type group on a firewall policy via a script, proxy and SSL profiles should be removed from the corresponding firewall policy.
592660 Running a script remotely may trigger a full configuration retrieve instead of a partial configuration retrieve.

Services

Bug ID Description
569679 Port 8888 or 8889 should not always be opened.
647680 When importing firmware image for FAP 321E, FortiManager reports the platform as a invalid model.
652764 FortiManager to Enforce Firmware Version may fail to upgrade FortGate to a custom build.

System Settings

Bug ID Description
493533 FortiManager needs to rename custom default protocol option after upgrade.
556334 Standard ADOM users should be able to assign system templates to FortiGate devices.
557949 Changing a password should be enabled by default for all admin users.
579563 Workflow Session List menu seems to always match the first wildcard TACACS admin.
596212 SSH filter profile is unset in firewall profile group upon ADOM upgrade.
618213 When trying to upgrade FortiManager cluster from FortiManager Master GUI, FortiManager Master reboots before finishing to send firmware to FortiManager secondary device.
618607 Upgrading 5.4 ADOM does not convert delay-tcp-npu-sessoin to delay-tcp-npu-session and delete the option.
628006 Even though a user has Manage Device Configurations read/write privileges, the user appears to have partial permissions within Device Manager.
637044 FortiManager may not be able to save changes under Workspace mode and prompt the error Workspace request failed, please try again.
640505 Remote admin authentication with RADIUS may stop working.
641018 Upgrading Global ADOM may fail due to Fortinet_NSX local certificate.
644660 Installation preview may get stuck and system may run out of memory.
647575 Cloning an ADOM may fail with error 0: invalid value.
655515 FortiManager may not be able to clone the Security Fabric ADOM.
650326 After an HA failover, the new master may have incorrect policies.
654370 Users may not be able to access Java console with an error message: Too many concurrent connections.

VPN Manager

Bug ID Description
594889 Dial-up IPSec VPN tunnel should show tunnel up on VPN manager monitor as it appears on FortiGate.
621209 VPN monitor should show the corresponding VPN community tunnels only under each community.
622046 Local ID should be visible from the GUI and should be able to modify it when using dial-up group.
650454 Installation may fail when Dialup VPN interface is PPPoE logical interface.

Znane problemy do rozwiązania:

AP Manager

Bug ID Description
599189 FortiManager should be able to handle upgrading more than 10 APs at once.
633171 There may be DFS Channel mismatch between FortiManager and FortiGate for FAP-223E.

Device Manager

Bug ID Description
547768 FortiManager should allow easier management of the compliance exempt lists.
598424 Interface cannot create more than 48 IP-MAC bindings in DHCP reservation from the GUI.
598916 When creating user groups via CLI Only Objects, comma separated values are treated as a string instead of a list.
601692 FortiManager is unable to overwrite IPv6 default route.
604125 FortiManager may not be able to edit the VDOM link interface from VDOM level.
607923 Security Fabric Connection option is removed from VLAN interface.
610568 FortiManager may not follow the order in CLI Script template.
613029 SD-WAN Monitor is showing effect of exceeded SLA even when it is disabled.
616537 FortiGate and FortiManager GUI should use similar terminology for configuring weight and volume-ratio in SD-WAN.
627664 FortiManager cannot understand socket-size 0 and changes it to 1 automatically.
627749 Admin user with device-config set as read in admin profile cannot download configuration revision.
635316 Return button is not working when viewing HA mode.
636012 Importing a policy may report conflict for the default SSH CA certificates.
636357 Retrieve may fail on FortiGate cluster with Failed to reload configuration. invalid value error.
636638 Fabric View keeps loading indefinitely.
638061 FortiGate 7000 may not be added and fails to update device information.
645086 Policy Lookup shows an error even though the device is in sync.
649769 FortiManager cannot view full list of Extenders.
649785 SD-WAN > Monitor may hang for an ADOM with 1500 devices.
652427 FortiManager may not be able to configure the any value on the access list prefix.
652481 Allow access is missing under interface on AWS FortiGate and may cause the installation to fail.
575215 When creating an new interface for a VDOM, FortiManager may list interfaces that may belong to another AODM.
598431 Install wizard may show a blank area when scrolling down the wizard to select device(s).
618354 Importing a policy with a profile group will display ssl-ssh profile and proxy options in the GUI.
646421 FortiManager may not be able to configure the VDOM property resources setting.
649821 Installation may fail for FortiGate-600D.
657933 Importing policy should be successful even with the zone name contains the / character.
468776 FortiManager fails to retrieve device configuration and displays data not exist error (g-xxxx firewall object).

FortiSwitch Manager

Bug ID Description
650453 FortiSwitch template and VLAN is missing when creating a new firewall policy.
637220 FortiManager may not able to upgrade FortiSwitch firmware.

Global ADOM

Bug ID Description
632400 When installing global policy, FortiManager may delete policy routes and settings on an ADOM.

Policy & Objects

Bug ID Description
531112 Consolidated policy is missing implicit deny policy.
580880 FortiManager is unable to see dynamic mapping for Local Certificate when workflow session is created.
585177 FortiManager is unable to create VIPv6 virtual server objects.
586026 FortiManager should display Zone icon based on existing and non existing dynamic mappings.
597011 Importing groups from Aruba ClearPass may fail.
598938 FortiManager should allow setting wildcard-fqdn type firewall address as a destination on proxy policy.
601385 Restricted mode admin cannot install Web Rating Overrides changes.
602176 Creating a proxy policy with a profile group adds additional security profile.
612317 FortiManager shows the wrong country code for Cyprus under User definition.
615624 Firewall policy and proxy policy cannot select IP type external resource as address.
617031 Right-clicking on IPv4/Proxy Policy or Installation Targets should not reload the page if the related information is already displayed.
617894 FortiManager is missing IPV6 none values after modifying a policy.
618499 Right-clicking to edit zone incorrectly prompts dynamic interface window.
622040 Security Policy is missing Implicit Deny policy.
630431 Some application and filter overrides are not displayed on the GUI.
631158 FortiManager is unable to import firewall objects of fsso fortiems-cloud user because Server cannot be empty.
635966 Azure SDN connector only fetches the first page of results.
647189 FortiManager dynamic object filter generator is adding an “s” at the end of tag resulting in non working object.
648767 No connection request is sent out for ClearPass connector in an ADOM.
652753 When an obsolete internet service is selected, FortiManager may show entry IDs instead of names.
654562 FortiManager may fail to install a profile-group and apply it on a policy.
608535 NAT option is missing from Central NAT policy package.
651785 Address section under Policy & Objects > Security Profiles > SSL/SSH Inspection may load indefinitely.
658528 The URL remote category, FortiGuard Threat Feed, is not available in the dro down menu for Proxy Address.

Revision History

Bug ID Description
597650 FortiManager cannot install allowed DNS and URL threat feed configuration.
606737 User may not be able to install a policy package due to a change with external interface with VIP settings.
611169 Install may fail with error Associated Interface conflict detected!
612263 FortiManager may not install ADSL vci and VPI to FWF-60E-DSL.
618305 FortiManager changes configuration system csf settings.
623159 When re-installing a policy, Zone validation is not saving the user choice and deleting all related policies.
635786 Default hbdev values may change after upgrade.
635957 Install fails for subnet overlap IP between two interfaces.
637103 Scrolling in Install Preview is not smooth and may get stuck.
654496 Installing configuration to device after Auto link, FortiManager may send incorrect system ntp commands causing the install to fail.
655246 The adom-rev-auto-delete option may not work to automatically delete revisions.

Script

Bug ID Description
613575 After a script is run directly on the CLI, FortiManager may fail to reload the configuration.
630016 FortiGate user can see scripts from all ADOMs.
632014 When editing a CLI script group, the user cannot see the full CLI script name.

Services

Bug ID Description
541192 FortiManager should keep firmware image files when the files are for different FortiExtender devices.
567664 HA secondary device does not update the FortiMeter license.
587730 FortiGate-VM64-AZURE may not be listed in firmware image page.
654129 FortiManager may not have the correct upgrade path for FortiGate KVM.
592089 Firmware upgrade of FortiGate devices via Firmware Manager may be slow if there are offline devices.

System Settings

Bug ID Description
611215 SNMP Hosts in SNMP Community are not displayed in the GUI if ADOM is unlocked.
625683 Changes made by ADOM upgrade may not update Last Modified date/time and user admin.
631733 Changing the trusted IP cannot be saved and installed.
639099 There are many cdb event log for object changed in event logs after upgrade.
654637 Changing a non-Super_User password may not take effect after upgrade.
619750 When upgrading an ADOM from 5.4 to 5.6, FortiManager does not add tcp-session-without-syn in all firewall policies.

VPN Manager

Bug ID Description
596953 The Monitor page displays a white screen inVPN manager > Monitor, and the user selects a specific community from the tree menu to show only that community’s tunnels.
608221 There is no XAUTH USER column in VPN Manager Monitor.
620801 SSLVPN > Edit SSLVPN Settings > IP Range, only shows configuration from ADOM database objects.
645093 VPN Manager error Peer Type cannot be peer when authentication method is a pre-share key.
658221 The dns-suffix on SSL VPN portal is not installed if web-mode is disabled.

FortiManager 6.2.6 (Release Notes)