FortiNAC 9.4.6 Release Notes

Download as pdf or txt
Download as pdf or txt
You are on page 1of 76

FortiNAC - Release Notes

Version 9.4.6
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com

FORTINET VIDEO GUIDE


https://video.fortinet.com

FORTINET BLOG
https://blog.fortinet.com

CUSTOMER SERVICE & SUPPORT


https://support.fortinet.com

FORTINET TRAINING & CERTIFICATION PROGRAM


https://www.fortinet.com/training-certification

NSE INSTITUTE
https://training.fortinet.com

FORTIGUARD CENTER
https://www.fortiguard.com

END USER LICENSE AGREEMENT


https://www.fortinet.com/doc/legal/EULA.pdf

FEEDBACK
Email: [email protected]

March 19, 2024


FortiNAC 9.4.6 Release Notes
49-922-769106-20211216
TABLE OF CONTENTS

Change log 5
Overview of Version 9.4.6 6
Notes 6
Supplemental Documentation 6
Version Information 6
Upgrade Requirements 8
Pre-upgrade Procedures 10
Compatibility 12
Agents 12
Web Browsers for the Administration UI 12
Operating Systems Supported Without an Agent 12
What's new 13
New features in 9.4.6 13
Important notice 13
New features in 9.4.5 13
Important notice 13
New features in 9.4.4 13
Important notice 13
New features 14
New features in 9.4.3 14
Important notice 14
New features in 9.4.2 14
New features in 9.4.1 14
New features in 9.4.0 15
Enhancements and Addressed Issues 17
Version 9.4.6 17
Version 9.4.5 19
Version 9.4.4 25
Version 9.4.3 30
Version 9.4.2 34
Version 9.4.1 44
Version 9.4.0 49
Known Issues Version 9.4.6 58
Device Support Considerations 60
Device Support 61
Version 9.4.6 62
Version 9.4.5 63
Version 9.4.4 64
Version 9.4.3 67
Version 9.4.2 68

FortiNAC 9.4.6 Release Notes 3


Fortinet Inc.
Version 9.4.1 71
Version 9.4.0 72
System Update Settings 74
Numbering Conventions 75

FortiNAC 9.4.6 Release Notes 4


Fortinet Inc.
Change log

Change log

Date Change Description

3-21-2024 Initial release.

FortiNAC 9.4.6 Release Notes 5


Fortinet Inc.
Overview of Version 9.4.6

Overview of Version 9.4.6

FortiNAC v9.4.6 is the latest release being made available to customers to provide functionality and address
some known issues. Build number 0800.

Critical information about upgrading your FortiNAC should be viewed in New Features.

Notes

l Starting from 9.1.0, FortiNAC uses a new GUI format. FortiNAC cannot go backwards to a previous
version. Snapshots should always be taken on virtual appliances prior to upgrade.
l Prior to upgrading, review the FortiNAC Known Anomalies posted in the Fortinet Document Library.
l If using agents or configured for High Availability, additional steps may be required after upgrade for proper
functionality. See Upgrade Instructions and Considerations posted in the Fortinet Document Library.
l CentOS 7.4 or higher is required. The current CentOS version installed is listed as "Distribution" in the CLI
login banner or typing "sysinfo".
Example:
> sysinfo
************************************************************************
Recognized platform: Linux
Distribution: CentOS Linux release 7.6.1810 (Core)
If the CentOS version is below 7.4, run OS updates and reboot before upgrading. For instructions on
updating CentOS, refer to the Fortinet Document Library.
l For upgrade procedure, see Upgrade Instructions and Considerations posted in the Fortinet Document
Library.

Supplemental Documentation

The following can be found in the Fortinet Document Library.


l FortiNAC Release Matrix

Version Information

These Release Notes contain additional Enhancements, Device Support, and features. Unique numbering is
used for the various components of the product. The software version and Agent version supplied with this
release are listed below.

FortiNAC 9.4.6 Release Notes 6


Fortinet Inc.
Overview of Version 9.4.6

Version: 9.4.6
Agent Version: 9.4.0
A newer Persistent Agent may be required to support certain antivirus and anti-spyware products. Refer to the
Agent Release Notes in the Fortinet Document Library.
Firmware version represents a collection of system services and operating system features imaged on to the
appliance before it leaves manufacturing. The firmware image cannot be updated by a Fortinet customer.
Services within the image are updated by Fortinet or a certified Fortinet Partner in appliance maintenance
packages released as new more robust and secure versions of services become available.
Note: Upgrading software versions does not change firmware nor does it automatically require an upgrade to
the Persistent Agent. Newer Persistent Agents are not compatible with older software versions unless that
capability is specifically highlighted in the corresponding release notes.

FortiNAC 9.4.6 Release Notes 7


Fortinet Inc.
Upgrade Requirements

Upgrade Requirements

Ticket # Description

Upgrade Path Requirements Systems on version 9.1.6 must upgrade to either:


- Higher version of 9.1 (e.g. 9.1.7)
- 9.2.4 or higher
Systems on versions 8.2 or lower must upgrade to 8.3 before upgrading to
8.4 or higher.

Legacy SSH Ciphers Vulnerable Diffie-Hellman SSH Ciphers were removed from versions 9.2.8,
9.4.4. F7.2.3 and greater. The removal of these ciphers can cause SSH
communication to fail between FortiNAC and network infrastructure devices
still using these legacy ciphers. Depending upon the device, resulting
behavior can vary from failing L2 and L3 polling to failing VLAN switching.
The following events would be generated for the affected device:
l L2 Poll Failed

l L3 Poll Failed
l VLAN Switch Failure
The legacy ciphers must be re-added to FortiNAC via the CLI after upgrade.
For details, see KB article https://community.fortinet.com/t5/FortiNAC-
F/Troubleshooting-Tip-SSH-communication-fails-after-upgrade-due-to/ta-
p/281029

FortiNAC License Key: Upgrading to this release requires the FortiNAC


License. It is possible, however unlikely, older appliances may not have this
specific type of license key installed. In such cases, an error will display
during the upgrade. For additional details, see KB article
https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Upgrade-
fails-with-license-requirement-error/ta-p/246324

892856 High Availability and FortiNAC Manager Environments: The following are
required as of 9.4.3:
l Key files containing certificates are installed in all FortiNAC servers.

License keys with certificates were introduced on January 1st 2020.


Appliances registered after January 1st should have certificates. To
confirm, login to the UI of each appliance and review the System
Summary Dashboard widget (Certificates = Yes). If there are no
certificates, see Importing License Key Certificates in the applicable
FortiNAC Manager Guide.
l Allowed serial numbers: Due to enhancements in communication
between FortiNAC servers, a list of allowed FortiNAC appliance serial
numbers must be set. This can be configured prior to upgrade to avoid
communication interruption. For instructions, see Pre-upgrade
Procedures.

885056 All devices managed by FortiNAC must have a unique IP address. This

FortiNAC 9.4.6 Release Notes 8


Fortinet Inc.
Upgrade Requirements

Ticket # Description

includes FortiSwitches in Link Mode: Managed FortiSwitch interface IP


addresses must be unique. Otherwise, they will not be properly managed
by FortiNAC and inconsistencies may occur. This is also noted in the
FortiSwitch Integration reference manual.

9.2 As of Persistent Agent version 5.3, there is no option to disable secure


agent communications. Agents upgraded from previous versions to 5.3 or
greater will communicate over TCP 4568 regardless of the
"securityEnabled" Persistent Agent setting. Therefore, the following must
be done prior to upgrading hosts to agent version 5.3:
Ensure valid SSL certificates are installed in the Persistent Agent Certificate
Target. For details see section Certificate Management in the
Administration Guide.
Packet Transport Configurations must have TCP 4568 listed. For
instructions see section Transport configurations in the Administration
Guide.

9.2 The number of Operating System and Anti-Virus program options in the
Scan Configuration have been reduced. Only those currently supported or
commonly in use are now listed. For a list of available Operating Systems
and Anti-Virus programs, see KB article 198098.

834826 As of FortiNAC versions 9.4.2 & vF7.x, Persistent Agent communication


using UDP 4567 is no longer supported.
It is recommended the following be checked prior to upgrade to avoid agent
communication disruptions:
SSL certificates are installed for the Persistent Agent target
Persistent Agents are running a minimum version of 5.3
For additional details see KB article 251359.
https://community.fortinet.com/t5/FortiNAC/Technical-Note-Agent-
communication-using-UDP-4567-no-longer/ta-p/251359

FortiNAC 9.4.6 Release Notes 9


Fortinet Inc.
Pre-upgrade Procedures

Pre-upgrade Procedures

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following
procedure should be done prior to upgrade to prevent communication interruption.
l This configuration applies to FortiNAC version 9.4.3 and greater.
Configure all servers to allow communication between each other. This is done using an attribute that lists all
the allowed serial numbers with which appliances can communicate.
Steps
1. Confirm key files containing certificates are installed in all FortiNAC servers.
Administration UI Method:
The System Summary Dashboard widget should show 'Certificates = Yes'.
CLI Method:
Virtual appliance: Log in to the CLI as root and type:
licensetool

Physical appliance: Log in to the CLI as root and type:


licensetool -key FILE -file /bsc/campusMgr/.licenseKeyHW

Response from the above commands should show:


"certificates =[xxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxx]".

If 'certificates = []' or there is not a 'certificates' entry listed at all, keys with certificates must be
installed. See Importing License Key Certificates in the FortiNAC Manager Guide.
2. Compile the allowed serial number list. In a text file (Notepad, etc), document the serial numbers of each
appliance. Serial numbers can be obtained in the following ways:
l Customer Portal (https://support.fortinet.com)
l System Summery Dashboard widget in the Administration UI of each appliance
l CLI of each appliance using licensetool command
Example:
FortiNAC Manager A (primary) & B (secondary)
FortiNAC-CA servers A (primary) & B (secondary)
FortiNAC-CA server C

Record serial numbers for:


FortiNAC Manager A: FNVM-Mxxxxx1
FortiNAC Manager B: FNVM-Mxxxxx2
FortiNAC-CA server A: FNVM-CAxxxxx4
FortiNAC-CA server B: FNVM-CAxxxxx5
FortiNAC-CA server C: FNVM-CAxxxxx6
3. In the same text file, write the following command, listing all the serial numbers recorded in step 2:

FortiNAC 9.4.6 Release Notes 10


Fortinet Inc.
Pre-upgrade Procedures

Command:
globaloptiontool -name security.allowedserialnumbers -setRaw
"<serialnumber1>,<serialnumber2>,<serialnumber3>"

Example
globaloptiontool -name security.allowedserialnumbers -setRaw "FNVM-Mxxxxxxx1,FNVM-
Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6"

4. Perform the following steps on all servers.


a. Log in to the CLI as root.
b. Paste the globaloptiontool command from the text file.
Note:
l The message "Warning: There is no known option with name: security.allowedserialnumbers" may
appear. This is normal.
l In High Availability configurations, only the Primary Server need to have the command entered.
Database replication will copy the configuration to the Secondary Server. Using the above example,
CLI configuration would be applied to Manager A.
Example
> globaloptiontool -name security.allowedserialnumbers -setRaw "FNVM-
Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6"
Warning: There is no known option with name: security.allowedserialnumbers
New option added

c. Confirm entry by typing:


globaloptiontool -name security.allowedserialnumbers

Example
> globaloptiontool -name security.allowedserialnumbers
Warning: There is no known option with name: security.allowedserialnumbers
122 security.allowedserialnumbers: FNVM-Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-
CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6

5. Log out of the CLI. Type:


logout

You have completed the pre-upgrade procedure.

FortiNAC 9.4.6 Release Notes 11


Fortinet Inc.
Compatibility

Compatibility

FortiNAC Product releases are not backwards compatible. It is not possible to go from a newer release to any
older release.
Example: 9.4.0.0171 cannot be downgraded to any other release.
To backup the current system prior to upgrade on virtual machines, perform a snapshot. For physical
appliances refer to the document Back Up and Restore an Image of a FortiNAC Appliance.

Agents

FortiNAC Agent Package releases 5.x are compatible with FortiNAC Product release 9.x. Compatibility of Agent
Package versions 4.x and below with FortiNAC versions 9.x are not guaranteed.

Web Browsers for the Administration UI

Many of the views in FortiNAC are highly dependent on JavaScript. The browser used directly impacts the
performance of these views. It is recommended that you choose a browser with enhanced JavaScript
processing.

Operating Systems Supported Without an Agent

Android Apple iOS Blackberry OS BlackBerry 10 OS

Chrome OS Free BSD Kindle Kindle Fire

iOS for iPad iOS for iPhone iOS for iPod Linux

Mac OS X Open BSD Net BSD RIM Tablet OS

Solaris Symbian Web OS Windows

Windows CE Windows Phone Windows RT

FortiNAC 9.4.6 Release Notes 12


Fortinet Inc.
What's new

What's new

New features in 9.4.6

Multiple enhancements to the MSInTune MDM integration:

l MSIntune Integration to query MSIntune API for a specific host on-demand


l Certificate Based Authentication support
For details, refer to the Third Party MDM Integration Guide.

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate.
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features in 9.4.5

There are no new features in FortiNAC v9.4.5.

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate.
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features in 9.4.4

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following

FortiNAC 9.4.6 Release Notes 13


Fortinet Inc.
What's new

See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features

RADIUS MSCHAPv2 credential validation against local users


Allows mschap module in FreeRADIUS service to authenticate user credentials without a query to a backend
active directory.
Add keytab support for Winbind
Allows for winbind configuration supporting RADIUS MSCHAPv2 authentication requests and Portal
authentication via Kerberos without requiring an administrator password to join the domain.
Add support for OAuth2.0 authentication
Added FortiNAC integration with Airwatch to support OAuth authentication.

New features in 9.4.3

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features in 9.4.2

There are no new features in FortiNAC v9.4.2.

New features in 9.4.1

There are no new features in FortiNAC v9.4.1.

FortiNAC 9.4.6 Release Notes 14


Fortinet Inc.
What's new

New features in 9.4.0

New features

User Group Support with FortiAuthenticator RADIUS Integrations (715957, 713515)

Version 9.4.0 has made it easier to use FortiAuthenticator with FortiNAC for RADIUS integrations.
Administrators will no longer be forced to change their FortiAuthenticator configuration when connecting to
FortiNAC. New enhancements allow FortiNAC to receive user groups from FortiAuthenticator during the
RADIUS authentication process.
For details, see "Fortinet-Group-Name" under RADIUS section of the Administration Guide.
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/214558/radius

SMS Gateway (586499)

FortiNAC has the ability to send SMS messages to administrators, guests or users. Previous versions of
FortiNAC only supported the Mail to SMS method; now, FortiNAC adds support for API/HTTPS-based SMS
gateway integration. FortiNAC 9.4.0 has built-in integration with cloud-based SMS providers such as Twilio, and
LDAP group mapping for sponsors.
In the GUI, see: Network > Service Connectors > Email/SMS
See information in the Administration Guide: https://docs.fortinet.com/document/fortinac/9.4.0/administration-
guide/19358/email-sms

AV agent monitoring (759481)

Previous versions of FortiNAC only checked for Antivirus compliance within the Windows Defender AV product.
v9.4.0 adds an option to choose "Security-Center" in the Windows AV category for up-to-date virus definitions,
providing compliant protection for those Windows running end points.

Kerberos Support (699487)

v9.4.0 adds Kerberos support for admin and for user authentication on FortiNAC-CA, as well as admin
authentication on FNAC-M.

Enhancements

RADIUS Logging and Dashboard (744581, 751403)

Version 9.4.0 has made it easier to authenticate large numbers of users with 802.1x. With concise information
on the dashboard to see pass/fails of 802.1x/MAB authentication, v9.4.0 gives at-a-glance insight. Importantly,
logs of failed authentications can be exported.
In the GUI, see: Network > RADIUS > Activity
For information in the administration guide, see:
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/270902/activity

FortiNAC 9.4.6 Release Notes 15


Fortinet Inc.
What's new

Azure Document update (667439)

Updated and enhanced FortiNAC Azure deployment guide. See:


https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/3c52cb13-d573-11e9-8977-
00505692583a/FortiNAC-8.6.0-Azure_Deployment_Guide.pdf

Device support

Huawei Wireless LAN Controllers AC 6605, 6005 and 6508 (592592, 566257)

FortiNAC v9.4.0 adds device support for Huawei AC-6005-8 Wireless Controller.

Palo Alto VPN (606729)

Added support for Palo Alto VPN.

Add User Organizational Unit OU LDAP mapping in User/Host Profile (699857)

Added User Organizational Unit "OU" LDAP mapping in User/Host profile. FortiNAC sends OU along with
FortiGate Device Tag and User Group via FSSO communication with FortiGate.

UI

New dashboard widgets (615850)

The Recent Hosts widget displays newly discovered hosts by type.


The Top Host Activity widget displays the hosts with the most connection activity over a configurable period of
time.
The Logical Network Access widget displays all Hosts that had access to each Logical Network over a
configurable period of time.
The RADIUS widget displays success/failure information over specified time frames.

FortiNAC 9.4.6 Release Notes 16


Fortinet Inc.
Enhancements and Addressed Issues

Enhancements and Addressed Issues

These changes have been made in FortiNAC Version 9.4.6. These enhancements are in addition to the
enhancements that are outlined in previous releases.

Version 9.4.6

Ticket # Description

810574 "Unable to scan" message when using Dissolvable agent if scan


configuration label contains non US-ASCII characters.

752538, 996381 When in the Users & Hosts > Applications view, selecting an application
and clicking the Show Hosts option displays a page that does not provide
accurately filtered results. Workaround: Navigate Users & Hosts > Hosts
and create a custom filter to list hosts associated to an application.

852560 Custom Guest Account Password email template is not used for Self
Registration. Self Registered Guest.

887470 A domain with a single character between dots in multiple dot domains
results in an error when adding to allowed domains.

902533 Modifying port name value via port properties that include '&' generates
'amp;' in the port name.

910216 Added 'Credential JSON' field in GSuite Service Connector for importing
gsuite_credentials.json file. For details, see:
https://docs.fortinet.com/document/fortinac/9.4.0/third-party-mdm-device-
integration/409089/mdm-service-connectors

919953 Enhance MSIntune Integration to query MSIntune API for a specific host
on-demand.

926831 Whenever the laptop is connected with a dock and Persistent Agent
installed, 'managed by MDM' flag is not showing in FortiNAC.

927754 Custom Registration failed with the error 'Anonymous Guest Access is not
Enabled.'

929383 FortiNAC-F initial setup fails when admin GUI password containing '&'
character is used.

950004 Added Bearer Token Authentication Support in Jamf MDM integration. For
details, see https://docs.fortinet.com/document/fortinac/9.4.0/third-party-
mdm-device-integration/288790/jamf

954103 After FortiGate power cycle, FortiNAC shows incorrect port state for
Fortiswitches (fortilink) once the device is pingable again.

FortiNAC 9.4.6 Release Notes 17


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

955965 Access enforcement setting is not applied for manually created logical
networks when the setting is set to 'Deny' only.

956436 FortiNAC doesn't work as RADIUS proxy properly when integrated with
NEC-QX switch.

960361 Standard User Captive Portal Error 'The input is required.'

969258 Config Wizard - configuring an Invalid Subnet Mask (255.255. 225 .0) on an
Isolation Interface (Isol-Reg...) is accepted.

969655 LAG ports on FortiGate are not shown in Inventory > ports view.

973078 Added API call to trigger an interface resync. For details, see:
https://docs.fortinet.com/document/fortinac-f/7.4.0/rest-api/611859/post-
device-resync-interfaces

974223 NEC-QX Switch Radius COA Disconnect On Host State Change.

977249 Host removed from GUI when L2-Poll with NEC-QX Switch.

978006 FortiNAC keeps sending disconnect-request with the old calling-station-ID


even though it is connected to a new docking station.

978586 L2 poll of PaloAlto firewall brings VPN client offline.

980338 When enable authentication in MICROSENS G6 Micro-Switch port, the


host information appears only in port 1.

980783 CLI tool does not set Device Name completely.

981854 Registration Requests view is visible for admin users that do not have 'Host
Registration Requests' permissions.

982255 Unable to Parse L3 HPE 5130-24G-SFP-4SFP+ EI Switch.

982765 Proxy Radius validation and test and save function result in Radius reject
due to incorrect password attribute.

983350 Parsed VLAN is incorrect for Mist AP.

985148 Error Generated when Deleting Guest Account Request with a Blank
Message Field.

985365 Due to synchronization issue, the scheduler page takes too long to load.

986049 FortiSwitch MAC Trap Notifications not mapping to correct port.

986547 Port Changes view in FortiNAC GUI showing incorrect values.

989054 Host filter not working properly.

989068 Enhanced search functionality using the 'Name' field in FortiNAC Manager
UI under Hosts > Locate Hosts. For details, see:
https://docs.fortinet.com/document/fortinac/9.4.0/fortinac-
manager/955632/locate

FortiNAC 9.4.6 Release Notes 18


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

989786 Certificate Based Authentication support for Microsoft InTune integrations.

990873 Unable to L2 poll ICX8200-C08PF-POE with firmware version 10.0.10b.

994775 Port Properties view now displays the current Port_Mode value and
provides a 'Clear' option to reset it to 'NORMAL'. For details see:
https://docs.fortinet.com/document/fortinac/9.4.0/administration-
guide/608458/port-properties

994839 When creating a group with SSIDs, the blue icon is missing.

995346 Persistent Agent cannot detect Kaspersky End point security 12


definitions.Addressed in January 29th auto-definition update.

995844 Scheduler has tasks for hosts that were deleted.

996006 API failures resulting in Null Pointer Exception.

998736 FortiGate 7.4.2 FortLink FortiSwitch Syslog not parsing.

998758 Captive Portal Authentication Failure message 'Custom text' not taking
effect when we customized it via Portal Configuration.

999354 Delay in Agent reporting external network connectors causing host to


remain isolated.

999775 Deleting Device Profiling Rule - Remnant Remains on Adapter Rule.

1000237 Host connected to Juniper switch is shown on incorrect switch port.

1003792 RADIUS Auto Registration does not register hosts using machine
authentication (username starts with "host/").

Version 9.4.5

Ticket # Description

943504 No COA Disconnect Request sent to Huawei S5731-H24P4XC 802.1x


wired authentication.

961235 Managed Fortilink system. System>Settings>Groups Port group


FortiSwitch does not populate the FortiSwitch ports.

969596 Dynamic Tags sent to FortiGate without SSO configured in FortiNAC.

971169 SSO addresses not always cleared from internal address cache.

972151 Reboot of FortiNAC after vlan switch causes race conditions with tags being
sent to FortiGate.

FortiNAC 9.4.6 Release Notes 19


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

972343 FortiNAC unable to join security fabric upon initial configuration.

925603 FortiNAC currently supports one VLAN instance per FortiLink port per
VDOM.

968050 Unable to read VLANs for MICROSENS G6 Industrial Switch

945416 FortiNAC supports CLI configuration of Huawei Switch S5720-28X-PWR-


SI-AC.

925641 Fixed issue with mapping and adtran.mib.

967631 FortiNAC is incorrectly determining that clients are no longer connected to


switchports with FortiSwitch link mode to FortiGate.

936086 7.4OS FortiLink FortiSwitches are not deleted with their associated
FortiGate.

936053 User & Hosts > Guests & Contractors view is slow to load.

948598 L2 polling loop occurs when reading L2 Data from FortiGate.

956130 "Blink by Amazon" contains a trailing space in the OUI database.

968630 In High Availability configurations, disk fills on Primary and Secondary


servers after a period of time due to large backup files.

898595 FortiNAC addresses won't update on FortiGate after upgrading to FOS


v7.2.4.

948600 Performance issue related to SSO Initialization with FortiGates.

977937 Performance problems with FortiGate VPN integration.

930027, 962032 Portal SSL setting does not stay enabled after FortiNAC services restart,
failover to secondary or resuming control to primary.

944475 Routes are not created dynamically for scopes in configWizard.

951943 Device Profiling Rules fail on 'TCPPortMethod IP not initialized' when the
host has a recent IP in ArpTool.

938165 Ability to skip FQDN parsing during device discovery. For details, see Add
or modify a device and Discovery in the Administration Guide.

953226 Unable to complete Machine Authentication using MSCHAPv2.

973813 MAC notify traps from Aruba CX switches are not processed correctly.

979152 Brocade switch - Cannot read all VLANs.

968263 Eduroam Hosts are aging out unexpectedly.

975442 Unable to Read VLANs/Ports on Mist AP's.

968809 Host view: Failed to retrieve Device Types - An error occurred when
processing your request.

FortiNAC 9.4.6 Release Notes 20


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

974008 Administrator > Users page does not load properly due to an OutOfMemory
condition.

958984 Correct VLAN ID not shown on FortiNAC GUI.

972054 Adding a device to Inventory using the same IP address as a previously


deleted device generates an error.

973842 Authentication failure events are generated for Devices authenticating with
802.1x EAP-TLS using preinstalled certificates.

912555 Sponsor Approval Link Requires Login for non-admin users.

897459 Registration through Captive portal integrated with Shibboleth SSO is


failing after upgrade from 9.2.7 to 9.4.2 GA.

948193 Filters applied in Network>Port changes are not being applied after
updating the selection.

865256 Vendor OUI Device Type based Device Profiling rule is not working as
expected.

946405 Scheduler popup dialog box with CLI Configurations error: a.name is
undefined.

942947 Uncompressed database backup replication to secondary causing 100%


Disk usage.

925124 Send Guest Details email is not sent for guest accounts despite the
indication that mail is sent.

846822 FortiNAC failed the NMAP scan due to an old IP reported from the arptool.

910706 Cannot create Guest account with REST v2; results in errors 400 and 500.

903055 Device type field under host tab in default filter for IP Phone is empty.

931408 HTTP Cookie missing Secure attribute on port 80.

908857 Gateway IP address in High Availability configuration is overwritten when


making changes in configWizard in Azure.

914051 Clients get 'no failed scans' remediation page, host health status shows
scan failed, no actions possible for the user.

928189 FortiNAC does not send FSSO TAG when internal ARP cache entry is
expected to be updated from the Persistent Agent.

938146 Hosts registered in Google GSuite with a common ethernet adapter are not
properly imported into FortiNAC.

939122 FortiNAC cannot read endpoint's vulnerability status from FortiEMS.

959047 Network device role is not applied when a port is configured for RADIUS.

939970 Discovery is not scanning the full range.

FortiNAC 9.4.6 Release Notes 21


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

891890 Windows 11 hosts are detected as Windows 10 hosts when using the
Dissolvable agent.

923688 Self Guest Registration Page with Dissolvable Agent is not redirecting to
the Success Page after Scanning.

941702 FortiNAC serves Portal v1 pages if index.html file is present in the system.

918221 Host import fails to merge all the sibling adapters.

960436 FortiNAC is unable to read the ARP table from Forcepoint firewall.

968050 Unable to read VLANs for MICROSENS G6 Industrial Switch.

922114 Modifying nested group membership is not logged in admin auditing.

934696 Groups can become corrupted if organized in a fashion that can cause a
logic loop. Example: Group A is both a parent and a child of Group B.

927791 Added support for new CLI login sequences for Ruckus 8200 Switch Series
Version 10.

920800 404 errors are not being handled gracefully when requesting physical MAC
for a specific host.

942642 Ruckus Integration does not support environments with a large number of
SSIDs.

977910 SonicWall 7.0.1: Unable to read L2/L3 data.

972925 OS information on device/adapter is not always accurate.

976781 ExportTopology CLI Command does not list all devices that are in the
inventory.

974363 Lantech switch: VLAN change and traps are not functioning.

959490 After creating the new Address Object, all Members in the Members list
become deselected.

951419 HTTPS Status 500 - Internal Server Error occurs when attempting to
access model config from the right-click context menu.

968100 Dell EMC Networking OS10 Enterprise Switch: Aggregate Ports are being
ignored.

870875 Address Group Object 'In Use' button does not display accurate results.

833324 FortiNAC unexpectedly disables Juniper EX interfaces when a host is


deleted in 'Host View'.

783304 DHCP responds with unexpected addresses in the DHCP-Server-Identifier


attribute, causing release/renew to fail.

730221 Added support for Meraki Wired Switch Stacks.

928328 Attempting to change multiple Virtualized Device Model Configs fails.

FortiNAC 9.4.6 Release Notes 22


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

811783 Links in the Persistent Agent Summary panel produce redundant results.

954095 Groups page view throws a 500 error.

958433 FortiNAC sends the API request for Ruckus SZ300 by the wrong port
number.

920942 Unable to re-sync interfaces on Cisco ASA when the username is


configured with privilege level 15.

961805 Port names are not preserved on FortiGate managed devices.

945086 L2 polling does not function on private VLAN enabled Cisco-XE switches.

949524 Huawei Access Points (AP) are not listed in the FortiNAC inventory.

920334 VLAN Changes are incorrectly reflected on FortiNAC inventory when


integrated with FortiSwitch.

874037 GUI > Users & Hosts > Host View > Quick Search - Unable to locate the
host by hyphen or no delimiter.

985653 Host/agent is connecting to FortiNAC despite having the 'require connected


adapter' feature enabled.

936140 Entitlements are removed after an upgrade on a managed server with


.licenseKeyNCM in the old key format.

972501 Syslog messages are not sent to the new external log server until a restart
of services is performed.

907504 Fix error messaging when a server cannot be added to FortiNAC Manager.

916319 Excessive ManagedElementInterface calls are being made if 'Source IP


Address' is not defined in the model configuration.

908777 [GUI] CLI Configuration for Logical Network in Model Configuration is not
applied properly.

941175 Admin UI is showing error 'You do not have permission to access this page'
for specific pages.

968649 DPR using Network Traffic as a method will accept any IP as the
destination.

953685 Secondary takes control too soon after ETH0 comes up.

962475 After a Failover test (hsForceFailover), Reboot and PowerOff is the wrong
behavior from the GUI 'Power Management'.

916289 Aruba AP's are seen as moving between WLC's, and this is initiating L2
polls at a very high rate.

889609 Switch port is not dynamically changed to uplink when a v-edge router is
directly connected to the Cisco switch port.

960060 SNMP traps for link state do not present the port value in event logs the

FortiNAC 9.4.6 Release Notes 23


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

same as in the captured packets as seen in pcap.

934794 Performance issues with host record aging.

964473 HTTPS Device Profiling Method expects SAN to be present in the certificate
of IoT/OT endpoint devices and fails if not present.

897660 After an upgrade, FSSO information is not being sent for endpoints not
directly connected to FortiGate.

962235 Can't schedule a task in the scheduler to start at 00:00:00 or any time with
00 as the hour.

897534 Approving self-registered requests is broken when Legacy View is enabled.

934685 FortiLink over P2P L2 - FortiNAC is not setting Uplink Ports.

955704 Vendor Name 'Blink by Amazon' has a trailing space.

904624 Host summary panel does not show an accurate total host count.

919423 API endpoint '/host/scan' returns status code 405 (Method Not Allowed) to
POST request.

937206 SNMP API Endpoint issue.

951420 Huawei switch with new port format fails L2 polling.

917032 MICROSENS G6 Switch not modeling properly when switch has 'hide macs
on link ports' feature enabled.

917610 Updated dialog box presented when the root CLI password is changed.

930459 Integration with Tellabs switches including CLI access, changing and
reading VLANs.

926831 Whenever the laptop is connected with a dock and a Persistent Agent
installed, the 'managed by MDM' flag is not showing in FortiNAC.

949067 Use CLI to L2 Poll Tellabs Switches instead of SNMP.

970763 FortiNAC SSH client no longer supports the weaker SHA1 based kex
algorithms.

952292 System - Groups: XSS executed for "Group Member Of" and "Manages"
actions.

987520 Error message shows 'upgrade' during an upgrade in HA setup.

969640 Periodic syncing FSSO for FortiGate & FortiNAC does not work.

966737 FortiNAC does not send dynamic firewall tags down to FortiGate when the
device port is enabled.

FortiNAC 9.4.6 Release Notes 24


Fortinet Inc.
Enhancements and Addressed Issues

Version 9.4.4

Ticket # Description

924690 Using a single dot as the Scan name should be restricted by the API, as it
causes filesystem issues.

833088 Deleting a switch removes all port nesting's removing all ports from
FortiNAC System Port Group.

834025 Allied Telesys devices using standard SNMP for L2 polling fails if there are
entries in the dot1qTpFdb table with a port index of 0.

835149 When an endpoint is registered as a device in Host AND


Inventory/Topology, it is not possible to edit the host role. The option is
available, but changes do not apply.

858184 Custom Subject line for Self Registration Request sent to sponsor does not
reflect custom text.

860595 FortiNAC unable to change admin state on FortiGate firewall physical ports.

866343 Proxy RADIUS support added for Arista switches (802.1x and MAB).

867183 CLI communication can fail due to invalid SSH key when devices using a
Virtual IP (VIP) fail over.A new device attribute (MultiKnownHostEntries)
has been added to address.For details see Model configuration in the 9.4
Administration Guide.

868451 L3 support for Forcepoint firewalls.

868712 In some instances, Administration UI is inaccessible after running the


Configuration Wizard during a new deployment.Clicking Config Wizard
results in "No User"error.

869052 Meraki MX doesn't pass CLI credentials validation.

869097 Prioritize the IP -> MAC value provided by RadiusServer for managed
wireless clients.

869316 Excessive "Authentication Failure" events after L2 poll.

869605 CLI credentials are removed from the Ubiquiti AP device model after
applying changes.

869961 Added Aruba CX series switch Port Channel support.

874812 Private VLANs not switching on Cisco switches.

875287 Added User/Host Profile and Policy Configuration ID validation for API
POSTs to Authentication, Endpoint Compliance, Portal, Supplicant, and
Access policies.

875588 Unable to remove users from the All Administrators group.

875720 REST API v2 query for Scan Results returns no results.

FortiNAC 9.4.6 Release Notes 25


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

876003 Incorrect license information displayed in License Management GUI view


after upgrade to 9.4.2. License Key Details list features as "Disabled".
Correct entitlements displayed in Dashboard and CLI.

876116 Upgrade to 9.4.2 > ManagedElementInterface causing issues with startup


and device credentials.

877934 LDAP communication failure if Primary AD is reachable but Secondary is


not.

877942 Performance issues related to Firewall Session table growing to large.

877980 Navigating to Logs > Audit Logs generates console error "Missing Type:
LOGICAL_NETWORK" when in Legacy View.

878080 Aruba CX Switch Incorrect VLAN Management Syntax.

878836 Intune MDM Integration 'Invalid Audience' when using an App registration in
the Azure Government cloud.

879773 Cannot Change "Perform proactive "Active" method profiling" setting in


Device Profiler.

880761 IP->MAC resolution doesn't update the adapter's IP after a proactive L3


polling when VLAN change occurs.

880796 API - AccessConfiguration - Access configurations should not require a


Logical Network.

882265 FortiNAC is not sending the correct serial number field to FortiAnalyzer
(FAZ).

882782 Fix NullPointerException in MessagingGatewayPlugin.sendSMS().

883046 Fortinac not sending Radius Disconnect/CoA to Aruba IAP when there is a
status change/policy match.

883068 SMTP SMS Gateway service connector: Country code prefix is incorrectly
prepended to outgoing SMS messages.

883080 Local Radius attempts to look up mac addresses in the directory for mac-
auth auth requests.

883129 Mist L2 polling may not function properly due to how Mist devices are
modeled in FortiNAC.

883146 Secondary may restart repeatedly.

883221 FortiNAC now processes static MAC address entries by default for Arista
switches.

883680 404 response to HTTPS GET when polling Firewall Sessions on FortiGate
running FOS 7.2+.

884329 Base license, User/Host profiles and Network Access Policies throw
permissions errors.

FortiNAC 9.4.6 Release Notes 26


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

884345 Improved error messaging when creating a new device using REST API.

887915 Endpoint Compliance Custom scans improperly state "in-use" by deleted


scans and cannot be deleted.

888179 Updated integer fields in the FirewallSession table to accomodate bigger


values.

888212 High Availability configuration: Endpoint Compliance Scans are not


replicated to secondary.

889103 Test Device Profiling Rule option in Network > Inventory Adapters view is
not matching properly.

889132 Global Custom Scans are not fully removed after deleting from
Manager.Consequently, scan cannot be edited or deleted on the managed
FortiNAC server.

890009 Unable to read VLANs on Ruijie S5310 switch.

890015 Unexpected error encountered when attempting to modify or create a


Syslog file under System > Settings > System communication > Syslog
Files.

890929 Unable to restart server after uploading new license key through UI (Setup
Progress > Enter License Key).

891332 HTTP 500 error when installing license key using Modify License button in
License Management view.

892486 Secondary server in a High Availability configuration does not reflect the
correct concurrent count in License Management.

892856 Communication between FortiNAC Manager and managed FortiNAC


servers enhanced for security. Important: Requires additional configuration.
See Upgrade Requirements for details.

893582 Changing default credentials in Config Wizard logs an error.

894157 Guest > View > Send SMS button returns error.

895085 RADIUS Performance problems on rogue host record creation.

896471 Licensetool not correctly displaying the subscription level from the FortiNAC
Manager.

0896100 , 0896556 Error adding/removing Switch Ports to Port Group from Groups view.

883378, 882567 HA>UI hangs when re-running config HA when connected to the shared
address.

884322, 855084 Type column would not render correctly for Device Profiling Rule.

888616, 893561 System > Scheduler GUI error encountered after upgrade from an older
FortiNAC version.

FortiNAC 9.4.6 Release Notes 27


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

897851 FortiNAC not supporting QX series Mac-notification trap.

905865 Cannot enable "Enable Quarantine VLAN Switching" option in GUI.

871758 Parse IPv6 addresses from the ipNetToPhysical table correctly.

904541 FirmwareVersion attribute missing from Meraki APs on upgrade.

904755 Several log messages related to SSO addressing initialization were always
being printed which filled the logs with unnecessary info.

904052 Policy & Objects - Endpoint Compliance - Scans - Fixed rendering of


escaped characters in both editors and tables.

833305 Guest account password is unmasked on badge when user does not have
password viewing permissions.

903869 Improve error message if NCM add server fails.

901925 Disable revoking admin permissions when all mappings are removed.

899075 NPE in readarp function caused an incomplete ARP table for Sonicwall
appliance.

902072 Replace Hashtable with ConcurrentHashMap for


DatabaseServer.savedObjects.

900284 Issue in TelnetServer that causes the Juniper logout sequence to pause for
the entirety of the current Telnet/SSH timeout.

899047 Replace: systemd-run -M VIRT_WINBIND_INST systemctl is-enabled


winbindWith: systemctl is-enabled -M VIRT_WINBIND_INST winbind

897921 Removed hostname column from Firewall Sessions view.

872900 Typo in Guided Installation informational dialog.

888213 Validate credentials of FS results in severe


removeLogicalNetworkConfigurations passed null or transient
ManagedElement.

885306 WLC Extreme VX9000 MAC table cannot be parsed.

884077 Gracefully handle guest account passwords permissions issue.

874363 SSLVPN user loses and receives TAG periodically.

871340 Entering XSS causes exception and blank page.

876504 Fixed username formatting.

876818 Download Logs from UI should have longer timeout.

906953 Check if the device supports the UCD-SNMP-MIB, if so, model as a Ubiquiti
switch.

907844 Add missing RADIUS properties to Arista switches.

FortiNAC 9.4.6 Release Notes 28


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

897921 Allow hostname collection from firewall with a global option.

883989 Update default Phone attribute for AD LDAP.

901236 Fix RADIUS Access-Reject when Direct Configuration Network Access


Policy is in use.

895097 Only return the custom device type if it is a system created device type or if
the type starts with cust_.

894165 Fix to ensure DPC rules with multiple adjacent spaces run correctly.

907854 VLAN change commands fail for Cisco SG-250.

897921 This allows the hostnames to show up in the firewall session table, but does
not update the host record unless the global option is enabled.

879697 Sync Global Objects and EPC Scans via REST RPC.

911439 Incorrect OID in device properties file - Device support for MICROSENS G6
Switch.

900281 Reverse proxy via FortiPoC causes incorrect URLs in Config Wizard.

890988 Fixed handle of Inventory > Network.

910216 Unable to upload G Suite Credential JSON file on NacOS.

907328 Fixed Guest & Contractor table null reporting total when empty.

902533 Fixed char escaping in Port and Adapter Props.

901257 HTML is not supported in the "Guest Account details".

904624 Host summary panel does not show accurate total host count.

908861 Custom filter is not applied in host or adapter view.

879814 879814 - Users & Hosts - Guests & Contractors - View Accounts - Guest
Account - Max Attendees should not show any number at all because it is
not a conference.

903055 Hosts - Filters - IP Phone - Fixed lack of selection for in the Host->Device
Type dropdown.

906398 Fixed validation error preventing log receiver modification; modifications


were rejected as duplicates based on matching existing ip and port.

896002 Error creating guest accounts with duration greater than 20 days.

907523 Fixed Guest & Contractors table filter function, also fixed option menu
layout issue.

911132 Container status check is now failing due to changes to the NAC sudoers
file.

885306 Fixed StringIndexOutOfBoundsException regarding the WLC Extreme


VX9000 MAC table parsing.

FortiNAC 9.4.6 Release Notes 29


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

897921 Added code to retrieve the hostname field from the response.

885306 Fixed an issue with regex regarding the WLC Extreme VX9000 MAC table
parsing.

881650 HP J9776A 2530-24G Switch - uplink ports are not properly displayed in
Ports view.

912128 Disconnect requests are not sent for Meraki switches.

917032 MICROSENS G6 Switch and hide Macs on link feature.

915532 Adding a DHCP scope with invalid label prevents ConfigWizard from
applying any further DHCP scope changes.

919423 API endpoint /host/scan returns status code 405 (Method Not Allowed) to
POST request.

927355 User is unable to edit the current VLAN value in the port properties dialog
on a FortiSwitch modeled in the QA FortiNAC system.

924250 PaloAlto fails validation for CLI testing SSH when REST API is supposed to
be used.

922911 Add missing radius options to the various NEC-QX switch Model
Configuration views.

925117 Fix retrieval of MibId value and add session logout to Ruijie.mib file.

899075 NPE in readarp function causes an incomplete ARP table for Sonicwall
appliance.

909839 SSO messages are being logged on and off repeatedly.

910706 Cannot create Guest account with REST v2 results in errors 400 and 500.

922274 Custom fields not loading Security Incidents.

912115 Guest Self Registration Error "The input is required".

908302 FortiNAC Icons are squeezed in the host status.

889986 Issues while enabling and adding subnets in Require Connected Adapter.

932578 Unable to L2 poll FortiLink switches on FOS 7.4.

Version 9.4.3

Ticket # Description

833088 Deleting a switch removes all port nesting's removing all ports from
FortiNAC System Port Group.

834025 Allied Telesys devices using standard SNMP for L2 polling fails if there are

FortiNAC 9.4.6 Release Notes 30


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

entries in the dot1qTpFdb table with a port index of 0.

835149 When an endpoint is registered as a device in Host AND


Inventory/Topology, it is not possible to edit the host role. The option is
available, but changes do not apply.

858184 Custom Subject line for Self Registration Request sent to sponsor does not
reflect custom text.

860595 FortiNAC unable to change admin state on FortiGate firewall physical ports.

866343 Proxy RADIUS support added for Arista switches (802.1x and MAB).

867183 CLI communication can fail due to invalid SSH key when devices using a
Virtual IP (VIP) fail over.A new device attribute (MultiKnownHostEntries)
has been added to address.For details see Model configuration in the 9.4
Administration Guide.

868451 L3 support for Forcepoint firewalls.

868712 In some instances, Administration UI is inaccessible after running the


Configuration Wizard during a new deployment.Clicking Config Wizard
results in "No User"error.

869052 Meraki MX doesn't pass CLI credentials validation.

869097 Prioritize the IP -> MAC value provided by RadiusServer for managed
wireless clients.

869316 Excessive "Authentication Failure" events after L2 poll.

869605 CLI credentials are removed from the Ubiquiti AP device model after
applying changes.

869961 Added Aruba CX series switch Port Channel support.

874812 Private VLANs not switching on Cisco switches.

875287 Added User/Host Profile and Policy Configuration ID validation for API
POSTs to Authentication, Endpoint Compliance, Portal, Supplicant, and
Access policies.

875588 Unable to remove users from the All Administrators group.

875720 REST API v2 query for Scan Results returns no results.

876003 Incorrect license information displayed in License Management GUI view


after upgrade to 9.4.2. License Key Details list features as "Disabled".
Correct entitlements displayed in Dashboard and CLI.

876116 Upgrade to 9.4.2 > ManagedElementInterface causing issues with startup


and device credentials.

877934 LDAP communication failure if Primary AD is reachable but Secondary is


not.

FortiNAC 9.4.6 Release Notes 31


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

877942 Performance issues related to Firewall Session table growing to large.

877980 Navigating to Logs > Audit Logs generates console error "Missing Type:
LOGICAL_NETWORK" when in Legacy View.

878080 Aruba CX Switch Incorrect VLAN Management Syntax.

878836 Intune MDM Integration 'Invalid Audience' when using an App registration in
the Azure Government cloud.

879773 Cannot Change "Perform proactive "Active" method profiling" setting in


Device Profiler.

880761 IP->MAC resolution doesn't update the adapter's IP after a proactive L3


polling when VLAN change occurs.

880796 API - AccessConfiguration - Access configurations should not require a


Logical Network.

882265 FortiNAC is not sending the correct serial number field to FortiAnalyzer
(FAZ).

882782 Fix NullPointerException in MessagingGatewayPlugin.sendSMS().

883046 Fortinac not sending Radius Disconnect/CoA to Aruba IAP when there is a
status change/policy match.

883068 SMTP SMS Gateway service connector: Country code prefix is incorrectly
prepended to outgoing SMS messages.

883080 Local Radius attempts to look up mac addresses in the directory for mac-
auth auth requests.

883129 Mist L2 polling may not function properly due to how Mist devices are
modeled in FortiNAC.

883146 Secondary may restart repeatedly.

883221 FortiNAC now processes static MAC address entries by default for Arista
switches.

883680 404 response to HTTPS GET when polling Firewall Sessions on FortiGate
running FOS 7.2+.

884329 Base license, User/Host profiles and Network Access Policies throw
permissions errors.

884345 Improved error messaging when creating a new device using REST API.

887915 Endpoint Compliance Custom scans improperly state "in-use" by deleted


scans and cannot be deleted.

888179 Updated integer fields in the FirewallSession table to accomodate bigger


values.

888212 High Availability configuration: Endpoint Compliance Scans are not

FortiNAC 9.4.6 Release Notes 32


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

replicated to secondary.

889103 Test Device Profiling Rule option in Network > Inventory Adapters view is
not matching properly.

889132 Global Custom Scans are not fully removed after deleting from
Manager.Consequently, scan cannot be edited or deleted on the managed
FortiNAC server.

890009 Unable to read VLANs on Ruijie S5310 switch.

890015 Unexpected error encountered when attempting to modify or create a


Syslog file under System > Settings > System communication > Syslog
Files.

890929 Unable to restart server after uploading new license key through UI (Setup
Progress > Enter License Key).

891332 HTTP 500 error when installing license key using Modify License button in
License Management view.

892486 Secondary server in a High Availability configuration does not reflect the
correct concurrent count in License Management.

892856 Communication between FortiNAC Manager and managed FortiNAC


servers enhanced for security. Important: Requires additional configuration.
See Upgrade Requirements for details.

893582 Changing default credentials in Config Wizard logs an error.

894157 Guest > View > Send SMS button returns error.

895085 RADIUS Performance problems on rogue host record creation.

896471 Licensetool not correctly displaying the subscription level from the FortiNAC
Manager.

0896100 , 0896556 Error adding/removing Switch Ports to Port Group from Groups view.

883378, 882567 HA>UI hangs when re-running config HA when connected to the shared
address.

884322, 855084 Type column would not render correctly for Device Profiling Rule.

888616, 893561 System > Scheduler GUI error encountered after upgrade from an older
FortiNAC version.

None Device support for Dlink DGS-1210-10 Ports-Firmware 6.11.B028.

FortiNAC 9.4.6 Release Notes 33


Fortinet Inc.
Enhancements and Addressed Issues

Version 9.4.2

Ticket # Description

835782 Config Wizard: Entering Application Server license is showing error (500 -
Unable to compile class for JSP)

802335 Getting a JSON string error when setting registered or logged user role on
host view page.

832313 SSH keyboard-interactive authentication fails, preventing SSH


communication to some devices.

683842 Adapter media type is set to wireless for devices that connect to wired ports
on a Fortigate.

705823 Editing or creating a groupunder NCM > Policy & Objects > Roles > Create
groups opens a new window instead of an overlay on top of the same view.

758623 The status spinner does not complete and page does not refresh when an
"in use" role is deleted.

778575 grabDeviceDebug script for more efficient log collection for device
integration issues.

792657 Deleting a currently applied shared filter in the Administration UI results in


browser console errors.

796969 FortiNAC counts FortiSwitch ports as error ports even though they are UP
and operating.

796972 Virtual port connection state displays as "not connected" even though there
are multiple hosts using that VLAN interface.

800255 DPC IP Range wildcards don't include the full range of IPs that should be
valid.

803386 Local RADIUS port can default to 0, should default to 1645.

808088 Alarms stop generating notifications.

814476 HP Switch aggregated uplink ports are not properly displayed in Ports view.

814845 Navigation Panel:Some views do not hide the navigation panel correctly.

814926 Policy & Objects > Roles: "unexpected error occurred" message when
configuring the role.

815626 Upload Certificate: Long file name in Certificates field is not rendered
correctly.

816472 NCM: Logical Networks view not accessible.

820160 Roles view not available with Base license.

821112 Admins without Audit permissions see context menu.

821392 Column Filters: performing an Exact Match filter with an empty string has

FortiNAC 9.4.6 Release Notes 34


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

inconsistent results.

821902 Search option for Firewall Groups does not display search results when
editing a Logical Network in a VDOM.

823079 Host Import: Clicking Cancel in Browse dialog removes previously selected
file.

826517 Edit Task: Title has Create Background Task as title (Create instead of
Edit).

826913 Unable to create a Network Device Role for Direct Configuration.

827870 Syslog listener addresses for FortiGate add/delete/move messages are not
updated.

828128 Unable to add allowed domains containing underscores.

829009 VLANs not being properly managed in Aruba CX series switch.

829019 NCM High Availability Resume button not working from dashboard.

829290 Context menus now have a menu separator similar to User/Host Profiles.

829361 If captive portal is not configured, High Availability system fails over due to
DHCP server not running.

829379 Unable to upgrade to version F7.2 from Administration UI. If attempted from
CLI, prompts for downgrade.

830159 Unable to Add Roles without specifying groups.

830534 SQL syntax error displayed when configuring High Availability .

830581 IP Phones in a host group fail to match policy.

830902 High Availability configurations may fail with a DHCP related error when
appliances do not have eth1 interfaces configured.

830932 Unable to configure "Entitlement Polling Success" event to alarm mapping.

831061 Unable to resume control in a High Availability system using the Admin UI.

832730 Unable to set groups for a role.Settings are not saved during create or edit.

833270 Device Profiler is not matching rules.

833302 Unable to create a user on the FortiNAC appliance where the same userID
exists on the Manager (NCM).

833327 Static Routes no longer present after reboot/FortiNAC service restart.

833752 Unregistered hosts in EMS are marked as "Managed By MDM" in FortiNAC.

834041 High Availability Configuraiton page now has text indicating only the Shared
IP is GUI is accessible (when configured).

834044 Create/Modify Administrator User Generates Error But Still Performs

FortiNAC 9.4.6 Release Notes 35


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

Action.

834461 FortiNAC is not sending required CoA attributes to Ruckus controller.

834772 Exception and 'forever loading' when importing invalid Device Profiling
Rules file.

835143 MSIntune returns partial results during MDM poll causing some host
records to be removed if "Remove Hosts Deleted from MDM Server" option
is enabled.

835405 UI is inaccessible after running the Config Wizard due to an unrecognized


keystore. The browser displays "Connection refused".

835551 Upgrade to version F7.2 from previous version gives message that
downgrading is not supported.

835838 S5735-L24P4X-A1 andAR129CGVW-L have duplicate mappings.

836136 Guest passwords not read correctly out of the database.

836137 No Results Found on RADIUS > Winbind view if results are sorted by
Joined column.

836146 radius.log file can grow too large if debug is left enabled.

836470 Manager (NCM) receives 500 error when running Config Wizard.

836606 Polling GSuite server results in a timeout, but is shown as successful.

836831 L2 poll not working in HPE Walljack.

837023 Exception unmarshalling REST Ping message.

837229 Nmap parsing fails.

837938 Edit User view will not allow for user settings to be changed.

838561 Roles: Entering angle brackets for Name and Notes converts to &lt and &gt.

838610 ConfigWizard is reporting "Unknown operation dnsmasq".

838963 Entering a script as a quick search filter name will execute the script on
create and edit.

839045 RADIUS does not return the port default VLAN ID when the request does
not match any policy or enforcement group.

839399 Rest > Google Domain client POST does not allow empty values.

839417 REST > RadiusAttrGroupService does not allow ID of 0.

839888 Rest API documentation: Edit item - specifying ID which does not exist
creates new record with new ID.

839892 Rest API documentation: Typos ('an User' should be 'a User').

FortiNAC 9.4.6 Release Notes 36


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

840218 No records found in FortiNAC "Ports" tab for CISCO ASA interfaces.

840693 Changing time zone in Config Wizard doesn't apply.

840788 RADIUS/Winbind Status not showing enabled when service is running.

840796 Host lookups in MS InTune MDM are now done based on MAC address first
and Serial number as last resort.

841405 Users & Hosts - Locate Hosts: Clicking icon in Views column leads to view
with 'Login failed for: root' message.

841540 "Enable Application Updating" option has been removed from the following
MDM Servers configuration as they do not apply: Google GSuite, MS
InTune, and Fortinet EMS.

841770 Host - Policy Details - Edit Test: performing test does not run.

841781 Allowing duplicate forwarding entries on Fortigate during L2 poll.Prevents


FortiNAC from sending RADIUS CoA packets to the FortiGate consistently.

841851 Manager (NCM) Dashboard:System Summary Missing Summary Data.

841874 Named root.hint files are missing.

841907 Slow display response in Manager (NCM) UI when pulling in Clients on


managed FortiNAC appliances.

842122 Incorrect license use percentage on dashboard.

842181 RADIUS Change of Authorization (CoA) with custom attribute Fortinet-


Host-Port-AVPair for FortiSwitch. See KB article 242393 for details.

842274 Additional routes view in Config Wizard won't load.

842280 Self-Registered guest: Checkboxes have been added to specify whether


separate emails, or, conversely, a single combined e-mail, are to be used
for providing the username and password to the user.

842370 "Local" Radius Mode is ignored in the SSID configuration if Model


Configuration is set to use Proxy.

842546 Unable to install upgrade on CentOS via GUI.

842569 Modify Group: Clicking the In Use link does not work.

842607 Portal SSL changes not saved.

843049 Add Host: incorrect role being used.

843410 Exceptions in log when creating new Winbind instances under Network >
RADIUS > Windbind.

843414 URLs are not validated before being set/used under System > Settings >
User Host Management > DeviceProfiler.

843509 Corrected mapping for Dell Networking X1026 1Gb Switch.The incorrect

FortiNAC 9.4.6 Release Notes 37


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

mapping prevented FortiNAC from accessing the switch CLI via SSH.

843897 Exceptions in the nessus log running certain DPC rules types.

844417 Under Policy & Objects > Endpoint Compliance: Scans, running a
scheduled task for a scan generates an exception in the logs.

844982 "Cannot read properties of undefined (reading 'element')" after selecting


Portal > Portal Configuration.

845035 Palo Alto VPN integration is dropping syslog messages.

845049 Users & Hosts - Hosts - Adapter Properties: Enabling Adapter is causing
browser console error.

845120 Creating a radius attribute of "<img src=x onerror=alert(Z)>" causes


RADIUS process to fail.

845175 Attempting to export an empty dataset can cause a log exception.

845454 Remote backup fails to copy files to remote server.

845792 CommonMib.snmpGet returned v1 error - OID 1.3.6.1.2.1.17.7.1.4.5.1.1

845894 Display Public SSH Keys not returning key data.

845930 Error in Manager (NCM) UI when synchronizing with a POD that has been
re-added to the Server List.

845935 UI turns gray and does not allow input when scanning a host.

846212 Network - RADIUS: toolbar buttons not in consistent order.

846257 HTTP 415 error occurs when generating a guest password.

846286 License Management view does not display information accurately.

846668 FortiNAC can't process the Mac Notification traps from FortiSwitch running
7.2.1.

846680 Administrator login RADIUS authentication failure on FortiNAC Manager


(NCM) due to duplicate FortiNAC model.

846782 Unable to read complete network configuration from Aruba IAP because of
# symbol.

847955 404 errors when accessing System > Settings.

848243 Invalid data c in attribute identifier causes Radius to terminate.

848274 Create Service Connector view is empty.

848285 ApresiaPlugin debug output was enabled unnecessarily, causing


extraneous log entries.

848374 Cryptic error message displayed when setting threat override for an
application as a user who has permissions for only "Users" and "Hosts".

FortiNAC 9.4.6 Release Notes 38


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

848620 Appliances do not start after configuring L2 High Availability with a shared
IP.

848732 Administrators - Users - Copy: Password field populated, but the user is told
to enter a valid password.

848776 Permissions - Dashboard: Unable to edit task in Pending Tasks dashboard


widget or in Alerts menu.

848954 New GUI > Users > Dialog maps Allowed Hosts to the wrong data.

849088 Permissions - Dashboard: Logical Network Host Access - panel does not
load.

849114 Recent Hosts panel does not load.

849140 Control Manager API ping of Secondary Server returns the wrong serial
number, causing ping to fail.

849244 Policy & Objects - Remediation Configuration: Remove causes exception.

849437 Unable to reset guest account password.

849455 Role view Last Modified By/Date column sorting/filtering does not work.

849459 Network Device Roles - Column Filtering: Access column filter applies filter
opposite of what is specified.

849469 User with custom permissions to only view own Self Registration requests
can see all requests.

849472 An exception occurs when a user with only "Reporting" permissions


performs actions within the Logs > Reports pages.

849483 Passive Agent - search for Passive Agent fails.

849497 FreeRADIUS service restarted whenever a new device is modeled even if


local RADIUS is not enabled.

849506 Permissions - Portal Configuration: Exception and view hangs uploading


image.

849514 FortiNAC SNMP Agent is throwing IllegalArgumentException in


output.master.

849556 Cannot filter request processing rules by last modified by/date.

849871 802.1x EAP fails authentication after Quarantine VLAN is defined in Model
Configuration.

850085 Added support for non-default API domains in Juniper Mist


integrations.Previously, only api.mist.com was supported.

850163 Create new Device Profiling Rule fails on "type" field.

850913 High Availability:Manager (NCM) not in control displays HTTP Status code
500 when Admin UI is accessed.

FortiNAC 9.4.6 Release Notes 39


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

850940 Stuck on spinner on Manager (NCM) when adding endpoint compliance


policy & configuration.

851010 FortiSwitches in FortiLink mode and VDOMs get corrupted and deleted
during a resync when a VDOM is given a NAS-IP address matching a
FortiSwitch.

851427 Adapters view - Status tooltip values - Media / Access Value fields are
swapped.

852533 Synchronization fails to delete multiple Device Profiling rules.

852636 System Performance dashboard tile can display a max of 101%.

852705 Cannot save "Confirm Rule on Interval" setting within Device Proifling rule.

852946 System Management settings cannot be saved due to error (HTTP 500).

853007 Excessive number of API requests sent to Meraki API Cloud, causingL2
Poll to fail.

853025 Nested port groups are not sychronized from Manager (NCM) to managed
FortiNAC appliance.

853446 API - Authentication Configuration - POST: Unable to create/edit an entry


with just name and note.

853499 API - Authentication Policy - POST: Unable to create an entry without


specifying ENABLED.

853507 API - Authentication Policy - POST: Unable to edit an entry without


specifying RANK.

853833 API - Portal Policy - POST: Unable to create an entry without specifying
ENABLED.

853840 API Documentation - PortalPolicy: "an portal" should be "a portal".

853894 Exceptions in logs after adding devices to L3 polling with create rogues
enabled.

853970 API - AccessConfiguration - POST:able to create/edit entry with no logical


network (which is a required field).

854205 API - Network Access Policy - POST: Unable to edit an entry without
specifying RANK.

854228 nac sudoers file needs journalctl entries with no unit param passed.

854236 Errors on scheduler view on Manager (NCM) due to obsolete tasks.

854270 API - Supplicant EasyConnect Policy - POST: Unable to create an entry


without specifying ENABLED.

854659 Pop-up error when selecting the Agent Packages view.

854675 Removed API call for usage of an Endpoint Compliance Policy. There is no

FortiNAC 9.4.6 Release Notes 40


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

"Used By" option in the UI for Policies.

854753 API requests to endpoint-compliance/scan do not require a Scan Name and


default to scriptType 0 resulting in a non-visible scan in the Scans view.

854782 API - Endpoint Compliance - Scans - POST: Result for "copy" differs when
run from API versus UI.

854800 API - Endpoint Compliance - Scans - POST: Editing a scan with bad ID
results in inconsistent error.

855065 API - Endpoint Compliance - Scan - GET: Issuing request for /product is not
returning results.

855072 API - Endpoint Compliance Policy - POST: Unable to create an entry


without specifying ENABLED.

855104 Added support for Meraki Cloud v1 API.

855192 API - Endpoint Compliance Actions - POST: Unable to create/edit event


action - required Activity cannot be specified.

855199 Config Wizard apply script not completing.

855891 FSSO failing to send to FortiGate for hosts with Persistent Agent due to lack
of IP address.

855897 Added CLI Configuration in Model Configuration view for Huawei Switch
S5731-H48P4XC.

856217 Hosts discovered by certain MDMs are incorrectly marked as having a PA.

856350 Unable to Admin Up a port via port properties in Adapter view.Incorrect port
is shown.

856362 Upgrade from 8.x to 9.2.6 GA changes Conference account password.

857035 FortiNAC cannot read the MAC-Address table for Extreme Networks
Controller.

857093 grab-log-snapshot stacktrace files are empty.

857360 Duplicate instances of the same IP address under Settings > Log Receivers
could (incorrectly) be created.

858210 CoA not working for FortiAP connections.

858213 Under Users & Hosts > Device Profiling Rules, warnings are generated in
the logs when importing an exported device profile rules XML file.

858667 High Availability: Unable to download Secondary Server logs via


"Download Logs" menu in the Primary Server Admin UI.

858669 Dashboard widget "Logical Network Host Access" does not show correct
name, and does not update if logical network name changes.

858839 REST > settings/device/device-type/create-from-archive supplying invalid

FortiNAC 9.4.6 Release Notes 41


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

image name reports success.

859149 VLAN IDs not available under Model Configuration for APs managed by
Extreme WLC .

859473 Getting NumberFormatException when processing Mac Notification traps


from FortiSwitch in FortiLink Mode.

859702 Enhanced Palo Alto SSO REST API to allow for bulk messaging.

860206 Polling threads get locked when communications are terminated


unexpectedly from the Manager (NCM).

860493 Hosts that have disconnected from Westermo switch continue to display as
"connected" in FortiNAC.

860501 Adding LDAP user populates undefined values in the fields.

860546 Added L3 polling for Extreme Campus Controllers ( XCC ).

861633 Switch doesnt have ability to add CLI config for our VOIP VLAN.

861985 Run FortiGuard IoT Scan from the Adapter View results in an error.

861989 Inventory > Events > Note is displaying the escaped text.

863439 Google Auth service connector displays escaped values.

863831 Passive Agent Configuration allows angle brackets in the name, resulting in
extra characters added to the name.

863840 Network Access Policies with angle brackets in the name cause additional
characters to be added on modification.

863859 User Host Profiles created with angle brackets in the name show up with a
blank name in the view.

863872 Angle brackets are no longer allowed to be used in the name when creating
roles.

865088 Group > Show Members renders HTML.

865110 Guest > Name column shows escaped values.

865136 User/Host Profile - Who/What Attrs - HTML values not rendering in modify
dialog.

865138 The host profiles displayed in Portal Policy Add/Modify dialog could fail to
appear.

865165 Creating Host with Custom Device Type, when using a name that contains
angle brackets, results in a broken image.

865169 Hosts - Adapter Info: Adapter Description is empty if entered with angle
brackets.

865202 Network Access - Configuration - In Use - Unescaped name shown.

FortiNAC 9.4.6 Release Notes 42


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

865268 The Policy Details dialog for a host is converting angle brackets for
user/host profiles, policies, and configurations.

866419 No landing page set for Config Wizard only users under Users & Hosts >
Administrators > Profiles > Permissions.

866432 Admin users with only System Settings permissions receive an error when
accessing the Allowed Domains page.

866507 Modify Schedule Rescan of Agents - brackets in name not displaying.

866535 Profile Device User > Profiled Devices > Select Notes receives an error.

866966 Unable to download Agent packages from Administration UI.

867285 Device Type changes do not appear in audit log.

867293 Remote SSH backup reports "SSH keys are not configured properly" when
"Test Connection" is clicked.

867366 Configuring IPv6 address in Basic Network Config Wizard page results in
exception. Page goes blank.

868340 Reset doesn't restore Additional Routes in Config Wizard.

868651 ConfigWizard cannot be accessed after resetting FortiNAC appliance to


factory defaults.

869948 Cannot enable/disable Network Access Policies from the Network Access
Policy View.

870920 Unable to authenticate using MS-CHAP-v2 and Local RADIUS.

871268 New Android DHCP fingerprints have been added.

0834094, 0834089, 0845505, Global objects may not synchronize correctly (including Device profiling
0845493 rules, groups and group members) between the Manager (NCM) and
managed appliances.

0856192 , 0864253 FNAC FSSO does not send required groups to FortiGate.

835551, 836475 Upgrade from previous version gives message that downgrading is not
supported.

848301, 770091 Network Events table not populating RADIUS events.

845163 In a High Availability environment, if no isolation networks are configured,


the dhcpd service will fail to start resulting in a failover.

FortiNAC 9.4.6 Release Notes 43


Fortinet Inc.
Enhancements and Addressed Issues

Version 9.4.1

Ticket # Description

701822 Fully Qualified Host Name info Bubble is misleading.

734571 Clicking import and apply without selecting a file imports the last imported
file.

769019 Post install keytool exception in log,

773088 VLAN read failure for Adtran NetVanta 1638.

775679 Hosts are incorrectly enabled after an LDAP sync.

784543 Portal policy permission set is required to send guest email details from
Guests and Contractors view.Otherwise, 403 error is thrown.

785791 Fortigate cluster not modeled completely.

786651 MICROSENS G6 Micro-Switch not switching VLANs.

787687 Inventory > Firewall Session Polling defaults to a frequency of 0.

789654 Clients shown offline in Ruckus controller v6.0.

789840 Users & Hosts > Guests & Contractors : The description in the popup
window for Send SMS are not correct.

789970 FortiNAC does not send SSO messaging to all slots in FortiGate 6000 &
7000 chassis.

790393 In RADIUS view, able to delete TLS Service Configuration which results in
invalid state and browser error.

790864 UI allows a License key with non-matching MAC/UUID to be


installed.Installation and configuration tasks consequently fail.

791405 "Request unsuccessful with no errors reported" message opening Model


Configuration tab for HPE Walljack.

791751 In some cases, importing hosts with siblings (Adapters that are on the same
host) can result in "null" error.

791889 Audit Logs do not report the Adds from a Host Import.

795932 Radius auth fails when primary LDAP directory is down

796965 Inconsistency with device count & results returned from clicked for more
details in Network Devices dashboard tile

797009 Registration Requests: Browser Console Error - logicalNetworkPanel is not


defined

799401 SNMP MAC-Notification trap support for Dell EMC Networking N3248P-
ON.

799439 Notification of failure to import expired hosts is not present

FortiNAC 9.4.6 Release Notes 44


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

800422 exception when modify endpoint compliance policy

801717 AdminProfileMapping doesnt change the admin profiles of the groups

802114 Juniper EX9253 and qfx5120-48y-8c, Type is "Unknown" and Version is


null in the Inventory.

802908 RADIUS default server config not created on first startup

802969 Account Requests view has incorrect or missing sort keys.

803314 ConfigWizard does not correctly update hostname in /etc/hosts.

803382 Audit Log service does not use the Audit Log permissions.

803692 Non-alphanumeric characters in group names do not get created in UI


correctly.

804759 In Users & Hosts > User Accounts, clearing a value in the search box and
clicking enter results in several empty rows.

804910 Alarms: Inconsistency between "Clear" and "Delete" terminology.

804913 When clicking the count of hosts in the Logical Network Host Access tile,the
list of MAC addresses used to query the hosts is not clearing.

805426 Null pointer exception in dynamic connection host API call.

805799 NullPointerException in output.master when there is no default gateway.

806106 Juniper Change of Authorization (CoA) Fails.

806616 RADIUS Change of Auth (COA) does not complete when hosts are
deleted.Consequently, VLAN switching does not occur and host is not
isolated.

806666 Duplicate label in both overlays within the Network Events view.

806936 Importing Mist APs with CLI import tool does not add the AP models to the
L2 Wireless nor Device Interface Status groups.

807311 After NAC services restart: MAB RADIUS session times out due to
FortiNAC being busy in SSH communication with the switch.

807396 Logical Network Host Access dashboard tile not displaying accurate
counts.

807689 For endpoints managed in SSO integrations, FortiNAC no longer performs


L3 polls for Rogue hosts. They are not neccessary.

808084 Send SMS in Guestserver is using user record to send the sms when it
should be using the guest record.

809462 Several NullPointerExceptions in output.master when polling FortiSwitch.

809492 Exception in OVA deploy of 9.4.0.0717: FileNotFoundException


(ScanPolicyList).

FortiNAC 9.4.6 Release Notes 45


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

809493 Exception in OVA deploy of 9.4.0.0717: CertMgmtException.

809538 High Availability Database synchronization failure.

809857 Network > Service connectors > REST SMS gateway : password is set to
null after upgrade.

810167 iOS fingerprints misclassified as macOS.

810197 Local RADIUS panel does not prevent the configuration of an


authentication port already in use by Proxy RADIUS.

810209 SSIDs are not complete in UI for Aruba controller VIP.

811447 Upgrade failed due to: Operation CREATE USER failed for nac@localhost.

811479 High Availability: RADIUS service can start/run on primary when secondary
is in control.

811775 Performance improvements with client lookups.

812169 Virtual Winbind service management queries periodically fail.

812581 Duplicate user ID exceptions during RADIUS auth when userID does not
match the name in an email address.

812674 RADIUS Change of Auth (CoA) is not being sent to Huawei wireless after
host has registered.Prevents changing VLANs.

812908 /var/log/messages is not rotating,generating large files and high disk usage.

812930 SSO tags not being sent in 9.4.0 without group option being set.

812933 L2 poll not working for HP NJ5000-5G-PoE+ Walljack.

813564 FortiNAC fails to find API port from FortiSwitch.

813654 Added support for FortiSwitch MAC Notification traps.

813681 Missing resource exception: SSOManager in output.master.

814082 Average Requests/Min value in RADIUS dashboard now shows a fractional


value when the requests/minutes value is < 1.Previously, values < 1
displayed as 0.

814493 Restarting admin GUI may result in loss of access to GUI until server
restarted.

814631 Ports not properly configured using Aruba CLI scripts.FortiNAC reads Port
ID for the port variable instead of port number.

815352 Logical network configuration mappings can return the wrong value when
host is connected via more than one interface.

815732 Obsolete RADIUS support message has been removed from generic
SNMP device Model Configuration view.

FortiNAC 9.4.6 Release Notes 46


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

816028 RADIUS Activity view is presenting access-accept value when no activities


is recorded per snapshot.

816031 FSSO tag information is not sent to FortiGate.

816407 FortiGate L3 polling doesn't update the client IP.

816451 Importing DHCP Scopes - Wizard shows blank scope data.

816799 Fix TaskFilterSpecification startId and maxRows.

816828 Polling of entitlements for subscription licenses fail.

816871 System Update settings do not update on the Secondary Server in High
Availability environments.

816877 Host icon does not match the icon assigned by Device Profiling Rule

817022 Hosts View - Rogue record Host Name is not updated from DHCP.

817473 FortiNAC is installing two versions of the ecj jar file.

817563 In certain cases, the Network Events view does not load and Network tab
displays HTTP errors.

817767 CLI failure on Alaxala switch with enable password bypass configured.

817845 L2 Polling queue backed up, excessive polling completion times.

819384 Added DHCP fingerprint for Fortinet IP Phone.

819470 Fingerprints that can match Windows 2012 do not indicate Windows 2012.

819753 FSSO Tag assignment is not triggered before the next L3 poll.

820375 Meraki ( and possibly other ) devices incorrected managed with Generic
Radius plugin.Symptoms include the Change of Auth (CoA) packet being
sent over the wrong port.

820569 Policy - User Permissions: No Group Access causes Who/What Groups


and Where Locations Select Entries panels to hang.

821244 Device Profiler failing to match Fortiguard method when Fortiguard polling
returns confidence values over 127.

821399 FortiGuard IoT Scan doesn't work as expected.

821473 RADIUS Activity Dashboard- Show Rejected Hosts View - Changed


EAP/Outer EAP type columns to EAP/Inner EAP for consistency.

821527 RADIUS does not start after upgrade from 9.4.0.0717 GA to 10.0.0.0013.

821656 Help tips added in the Settings panel for the RADIUS Widget in dashboard.

823908 Aruba switch device failed to connect using valid CLI credentials.

823955 Wireless clients connected to FortiAP show up in FNAC on wrong interface.

FortiNAC 9.4.6 Release Notes 47


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

825436 IP addresses appended to network device names during discovery are


truncated. This can result in duplicate device and port names.

825467 WinRM Device Profiling Method doesnt handle multiple credentials


properly.

825766 Adapters View - Status tooltip clips if it contains more than 2 rows of data.

825770 DOC API - FortiNAC_REST_Schema_9.2.pdf - "deviceID" required for -


policy/logical-network-configuration/element/properties.

825920 Ruckus SZ Controller:When NAS ID = Controller IP and the Source IP =


Access Point IP, RADIUS CoA fails unexpectedly.

826155 Updated OUIs.

826648 Wireless hosts are not displayed correctly in Meraki AP device port/adapter
view.

826924 Fixed integration for DGS-1510-28X Gigabit Ethernet SmartPro Switch.

828242 Ruckus Switch Non-Default VRF Arp entries no longer contained at


ipNetToMediaPhysAddress.

828500 Unable to add domains to zones.common via GUI (Allowed Domains).

828912 MDM poll fails for MaaS360.

832965 COA Disconnect not working on Juniper EX.

833332 When an Admin user changes their own password, and error message
appears and they are immediately logged out.

833351 Guests: Cannot modify Guest - Invalid Password error.

833429 Config Wizard: Clicking Next or Back on any non-Basic Network page
returns user to Basic Network page.

833445 Config Wizard - Add/Modify Scope: Clicking Help opens page with 9.4
version loaded by default.

833700 RADIUS server fails to enable when upgrading from build 0721 to 0722.

834302 Updating NTP generates "Failed to save Time Config".

834479 When creating a new user via the REST API (and thus GUI), the password
was not hashed properly.

0810167, 0810180 Fixed fingerprints for iOS, FortiGate and FortiSwitch.Previously, they could
match the wrong devices.

751468, 811479, 770730 RADIUS/Winbind services need manual startup to handle system reboot.

FortiNAC 9.4.6 Release Notes 48


Fortinet Inc.
Enhancements and Addressed Issues

Version 9.4.0

Ticket # Description

643817 Added L2 Polling to Palo Alto

692446 Added Preserve Port Names option to update port names when changed at
the switch. Option can be modified at the switch and global level. See
Device properties and Network device in the administration Guide for more
information.

699487 Kerberos support

699857 User Organizational Unit OU LDAP mapping to use it in User/Host Profile

709286 New UI menu to download log files for troubleshooting. See Download logs
in the 9.4 Administration Guide.

726333 Entitlements (such as concurrent licenses) for Subscription Licenses are


not accurately reflected in the Administration UI License Management view
and only show Base licenses.

733943 Changing password in bulk using Set Model Configuration sets the same
username for all selected devices.

747921 Portal renaming does not rename the associated CSS files.

750248 Unable to access the secondary server's Configuration Wizard in a High


Availability configuration.

752941 GUI option to select the RADIUS MAC delimiter for Juniper Switches

755328 Embed Tomcat into yams

756167 RADIUS view sort by Winbind column fails, shows empty table.

756499 MicroSoft InTune MDM integration does not support latest API.

759018 Admin user with admin user profile permissions to Access, Add/Modify and
delete "Users" is unable to create a new regular user.

762071 Radius Auth/EAP Type columns empty in Network > Device > Ports >
Adapters table.

762081 bsc-rename-ethers service fails on virtual machines.

770208 Juniper switches fail to change VLAN on ports that are RADIUS enabled.

770930 High L3 Polling frequency in environments with no SSO management


configured.

770974 Event Lifetime alarm trigger rule is not being honored when configured.

773426 Continued work on wired generic RADIUS integration

773828 Not polling L2 information from PNetworks switches with latest firmware.

774724 Unable to filter Hosts and Adapters by status through API.

FortiNAC 9.4.6 Release Notes 49


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

776171 Rewrite Host/User/Adapter dialogs

777400 Syncing "Role Based Access" may delete sub-groups

778157 L2 Polling issues with Cisco 9800 WLC firmware 17.3.

778520 Added SQL query for GroupManager.getGroupsMembershipIDs() when


determining group membership in order to improve performance.

778940 AV Product to detect Windows Security Center-detected products

779414 Client filter for User Accounts, Hosts, and Adapters not functioning properly
rewrite of OmniSources.

779873 FortiNAC processes taking unusually long to startup due to delays


resuming FirewallSessionMgr.

779901 Vulnerabilties in mysql versions less than 5.6.42.

780282 FortiNAC Events using old vendor name "Bradford Networks".

780626 Huawei Wireless controller imports nameless APs.

780755 Alarms view used the legacy Dashboard actions.

780790 CLI Failing to Alcatel Omni 6860-P48.

781520 RADIUS COA failing for FortiAP when hosts are deleted.

782374 L2 polling not parsing correctly for Motorola 7.X devices.

782418 Hide Accepted Requests Enabled and click on Expand Widget - Widget
shows Accept Requests

782433 Fix Integration for D-Link DGS-3130-30TS.

782438 InvalidYamsUserException seen during UI logout.

782740 Unable to read default and current vlans for Ruijie switches.

782744 Script install-winbind-virtual contains spaces around = assignments -


invalid.

782760 Huawei S7706 switch is not reflecting the interface port number correctly in
the Label column.

782884 Green theme has similar colors for charts.

783227 Check that freeradius gpg key is imported.

783536 Portal Auth - FAC VSA Fortinet-Group-Name is not created in FNAC.

783544 Fortigate FG-200F improperly labeled as FG-201E.

783552 NAC service not running at startup when no IP address is configured for
eth0. This causes "Processes Down" to display in UI.

783587 AirWatch MDM roles are overwritten by user roles.

FortiNAC 9.4.6 Release Notes 50


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

783621 Host import related Memory issues.

783944 Exception reading VLANs on Meru 4100 with firmware 5.1-93.

784045 Memory leak in stacked-area-chart.Symptom includes Dashboard


becoming unresponsive if left open for long periods of time.

784346 RADIUS Reject doughnut is not centered if filter does not include any reject
counts.

784517 Location filtering not working on Connections view.

784601 Group membership lookup causing high CPU utilization.

784618 RADIUS Failures after upgrading from 8.5 to 8.8 due to bad secret.

784957 Not polling L2 information from Cisco ME-3400E-24TS-M router.

785367 RADIUS GroupName - Group Members list does not show all members.

785403 Unable to add user to user group containing * in name.

785438 A None/Use Default option has been added to Users Dialog > Mobile
Providers.

786277 RADIUS Group - Exception when user group already exists with Type non-
User.

786401 Remote Scan -> Linux x86_64 -> 500 Error

786434 Allow changing CLI Passwords from Secondary and FNAC-A systems.

786670 Exception thrown when loading Logical Network Host Access tile.

786744 User Accounts view > create user is not passing password as encoded, and
will not match auth requests.

786751 Distinguished Name (DN) can now be used in User view filters.

786785 Not able to add ciphers under RADIUS > TLS config page.

787271 Certificate Management View - Server Certs & Trusted Certs views both
showing results from both views.

787562 MDM sources can't override the host icon.

787563 Fix null pointer exception during SNMP read of Meraki L2.

787584 Logical Network Host Access host info slider not displaying info.

787585 DHCP fingerprints are not matching DHCP message type.

787909 Portal configuration changes don't take effect without restart.

787957 Self-Registered Guest Login,: Failed to retrieve SMS Providers - null

788066 Server startup delayed by incorrect thread start logic on Network Session
Event updater.

FortiNAC 9.4.6 Release Notes 51


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

788089 RADIUS service will not start after upgrade to 9.2 if winbind is not fully
configured.

788119 Network Events table does not show totals for Event Type column.

788138 Network Events has no option to filter child records.

788729 Randomly RADIUS 802.1x proxy stops working.

788825 DHCP fingerprint additions, changes or improvements to the following:


"Camera","D-Link"
"Camera","TRENDnet"
"HVAC","Honeywell"
"Mobile","Samsung SmartWatch"
"Gaming","Nintendo"
"Network","Router/Netgear"
"Network","Router/D-Link"
"Network","Router/Trendnet"
"Network","Apple TV" -> "internet_tv","Apple TV"
"Network","Amazon Fire TV" -> "internet_tv","Amazon Fire TV"
"Network","Chromecast" -> "internet_tv","Chromecast"
"Network","DIRECTV" -> "internet_tv","DIRECTV"
"Network","DVR/TiVo" -> "internet_tv","DVR/TiVo"
"Network","Roku Media Player" -> "internet_tv","Roku Media Player"

788849 New dashboard tiles relating to Connections were incorrectly not masking
the background.

789018 Service Connectors > REST SMS Gateway > The required fields should be
the same in create and edit page

789061 Service Connectors > REST SMS Gateway > HTTPs Toggle is not working
expectedly when API URL is specified with https.

789228 Modifying adapter allows Physical Address to be left blank.

789309 Filtering on the column Type does not work on Network Events.

789316 Deleting multiple User Accounts in a row does not delete all user in table.

789396 Service Connectors > REST SMS Gateway > Overview: Cant tell which
REST SMS Gateway is set as default.

789440 SMS sending would stop after the first user.

789763 When changing the date via the Settings tile, Recent Hosts tile date range
not updating properly.

789785 Not able to add groups to the Roles.

789865 Network > Service Connectors > REST SMS Gateway: The default

FortiNAC 9.4.6 Release Notes 52


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

gateway is not working when the mobile provider is None.

790010 Two tiles without settings still show Settings.

790403 Fix ClassCastException in AirespaceSwitch during WAP read.

790580 Network > Service Connectors > REST SMS Gateway: Security Incidents
of a host doesn't trigger the corresponding SMS.

790747 FGT interface with VLANs does not show device connections to VLAN sub
interfaces for traps.

790854 Failure to properly read Cisco trunk ports results in undesired VLAN
switching.

790904 Creating new user as non-admin hangs retrieving Role dropdown values.

791273 Non Admin User Can Edit Admin User.

791276 Clicking EULA Link When Logging In As New User Goes To Broken Link.

791304 Admin Profile > Uncheck All removes General permissions.

791327 FortiNAC is changing WAP Uplink ports Current VLAN to match the Default
VLAN.

791342 Manually Registered IP Phones get incorrect device type assigned.

791401 Dashboard > Scans > By Day grouping is incorrect.

791841 Edit Host Dialog > Device Type is not reading/writing the correct value.

792452 NetworkSessionEventUpdater is throwing an exception on startup.

792514 A remote unauthorized user can gain the version of the Tomcat used by
FortiNAC by sending an HTTP GET request.

792516 Vulnerable scripts

792522 Fix Database auth changes for initial install.

792986 Device Types, Role, User ID drop down is not ordered.

793169 Messaging Gateways > Change how passwords are transmitted.

793920 Default Admin Profiles Have No Permissions.

794036 User Record values must be populated automatically if the user exists in an
Active Directory or an NCM.

794067 Not pulling L2 information from Aruba 8.X firmware.

794362 System Update not reliably trusting fnac-updates.fortinet.net.

794381 Fortigate forwarding class does not work with tlsv1.3.

794774 Landing Page does not work for all choices.

FortiNAC 9.4.6 Release Notes 53


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

794783 Typo in a CLI Password error message.

794791 Admin user is brought to the last-viewed page when logging in to UI instead
of designated Landing page.

794937 The Recent Hosts widget is not displaying addtional host info when clicking
counts.

795243 Portal - Request Processing Rules: Text at edge of window for Auto
Configure and Publish.

795260 Local RADIUS Server not returning proxy-state attribute in Access Accept
for Motorola/Extreme Networks WiNG VX 9000.

795260 Motorola controllers proxying AP auth requests send Proxy-State attr and
expect it unchanged in response. RADIUS (local) does not send it back.

795623 Log output from Windows Profile method when parsing fails.

796048 An error is getting thrown during NetworkSessionEvent archive & purge.

796065 Unable to set device profiling to Host to Logged in User (if Present) on
NCM.

796105 Device Type incorrectly changing for registered devices.

796145 Guest and Contractors > Select one and View > send SMS throws a null
pointer exception.

796259 In Pending Tasks page, tasks are allowed to be completed, even if their
parent task is incomplete.

796515 UnsupportedOperationException trying to autoclose FileSystem in process


manager.

796522 TelnetServer not handling SocketTimeoutException.

796533 Support for Physical Ethernet MAC for Apple TV in Jamf.

796623 MicroSoft Intune API only returns ethernetMacAddress per device.

796659 Host information does not display when clicking "Total Count" on Persistent
Agent Summary widget.

796663 Setting option for Persistent Agent System Page is not allowing to toggle
between visualizations.

796908 Clicking the number in the Logical Network Host Access tile does not open
the hosts slide.

796965 Network Device Summary widget not showing complete switches and
Wireless AP counts.

797369 Added Minutes/Hours/Days control to Logical Network Host Access tile.

797439 Host > Edit Host > Cannot change the Role or manually Register as Device.

FortiNAC 9.4.6 Release Notes 54


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

797465 Nested group memberships not detected.

797542 Dashboard > Scan > Group by Hour adjusts timezone.

797708 Force 10 switches sometimes modeled incorrectly.

797723 Local RADIUS mode:RADIUS fails for endpoints connecting to a


FortiSwitch that has been renamed.

797778 AdminProfileManager has a null reference on Startup.

797834 Unable to properly expand details of "Network Events".

797919 Network > Service Connector > REST SMS: All of the SMS sent out using
the default SMS Gateway even when the mobile provider is set.

798181 RADIUS Service Host MAC filter does not print debug if supplicant does not
use colon mac delimiter.

798234 Rejected Hosts view in RADIUS Activity tab doesn't properly filter table
results to exclude a specific reject cause.

798234 RADIUS dashboard tile - rejected hosts slide opens empty.

798511 Upgrading from 0159 to 0160 results in error: Access denied for user
nac@localhost (using password: NO).

798651 Can not access RADIUS Activity view if user has "Activity" but not "Local
Service" RADIUS view permissions.

798665 REST SMS Gateway: In Captive network > Guest Self Registratiion page,
when Mobile Provider=None, the SMS is not sent.

799804 TLSv1 and TLSv1.1 is now disabled in portal by default.

800323 Policy name in Admin Profile > Permissions are not consistent with policy
name in Policy & Object.

800408 API query for FLink FSW data deprecated in FOS 7.2+.Prevents
FortiSwitches in Link mode from being added to Inventory when the
managing FortiGate is discovered.

800811 User with permission for access users is also able to delete user.

801221 SQL Exception thrown in NetworkSessionEventUpdater if DYNAMICLOG


table is missing from database.

801252 RADIUS not mapping to correct AD server when kerberos and netbios
names differ for a single winbind instance.

801623 Phone numbers formatted to E.164 before sending to gateway.

801661 GUI - URI navigation drops query params, losing tab indicator, prevents
direct links to secondary views.

801666 Host summary tile total values don't apply filter.

FortiNAC 9.4.6 Release Notes 55


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

801971 Groups view doesn't automatically reload.

802343 The message template under Notify User Via Email is not editable in Self
Registration Login Portal Configuration.

802372 Vulnerability Scan Status on Host view page displays as "-1" instead of
passed, failed or not scanned.

802913 Clicking Cancel in Create User view results in browser console errors.

802923 ClassCastException when creating/deleting trigger.

802942 Parsing issue with Mobile Iron Cloud integration.

803033 FortiNAC Agent version 9.4.0.93 is included with this release.

803061 Multicast IPv6 addresses can now be excluded using the MAC address
Exclusion view. See MAC address exclusion in the 9.4 Administration
Guide for details. Note: After upgrade, toggle the option off and on in order
for the function to take effect.

803645 output.nessus - several java.io.FileNotFoundException errors

803651 Model Config of VDOM reports 404 error and exception in output.master.

803745 Top Host Activity Widget - maps Device Type to User&Hosts > Hosts >
Operating Systems Column instead of Device Type.

803745 The Top Host Activity tile was using getTypeLabel instead of getIconType
to populate the Device Type column

804512 A null reference exception is thrown sometimes when expanding/scrolling


the Network Events datatable.

804518 Local Radius leaves out Tunnel-Private-Group-ID and Filter-ID when


Quarantine enforcement is set to "bypass".

804913 Logical Network Host Access total count slide out shows all hosts for the
Logical Network instead of only hosts for the specificed time sample.

805725 Historic Network Event data is incorrectly setting Disconnect time.

805866 Scheduled Shared Filter Reports result in error event.

806122 Roles not being assigned properly to Registered Hosts.

806141 Network > NetworkEvents - upgrade from 9.x to 9.4Type, LogicalNetwork


and NetID is not showing expected data.

806141 Network > NetworkEvents Type, LogicalNetwork and NetID is not showing
expected data.

806282 When a user attempts to complete a task via the notification bell, and it has
a parent task that is still open, it incorrectly displays a "Changes Saved"
message.

FortiNAC 9.4.6 Release Notes 56


Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

806567 known_hosts file has duplicate host entries.

807062 On upgrade, FortiNAC loses it eth0 IP Address.

807383 The POST method to add a new HostRecord has changed in this
version.POST attempts using the old API call fails.

586499 SMS Gateway Support


765212

725235 Debug logging enhancements


756818

751403 RADIUS Activity Monitoring - Additional Misc Fixes.


782386

782391 RADIUS health activity- Current last 90 min does not match Timeline Chart
782386 Time Span for 90 min

784737 Location and IPRange method match failure prevent matching lower rank
785526 rules.

801948 Fresh Deployed server will not start: java.sql.SQLException: Connections


803681 could not be acquired from the underlying database.

750209 Enhancement made to detect unrecognized devices that support standard


based RADIUS management via CoA/Disconnect.

759481 FortiNAC detects AV engine status on windows

FortiNAC 9.4.6 Release Notes 57


Fortinet Inc.
Known Issues Version 9.4.6

Known Issues Version 9.4.6

Ticket # Description

1010097 Re-scanning a host at risk causes false positives having Required Critical
Updates applied on endpoint compliance scan.

1002475 Unable to scan using Dissolvable Agent with spaces in scan name.

993873, Host Search with wildcard provides unexpected results.


995406

827283 The Roaming Guest Logical Network is missing from the Model
Configuration of FortiGate and possibly from other vendors.

955985 Extreme switch with 'description-string' in switchport config won't display


connected adapters in GUI device model.

974270 Non fabric root FortiGate do not have dynamic tags after firmware update.

932546 In [9.4.4] on NCM, 'Server Responses' appear duplicated when distributing


firmware.

928827 Host aging is not applied to IP Phone device type.

924474 Unable to select SSIDs when creating/modifying a port group under System
> Groups. Workaround: Under SSID tab, right click SSID, select Group
Membership & select the desired group.

800326 Cisco chassis switch with a Cisco WLC connected via port channel shows
as a rogue.

863826 License Management view in the UI always displays "Base" for the License
Name when using subscription licenses. Workaround: Use the License
Information Dashboard Widget.

861201 Windows 11 Domain Check.

852670 AP showing up as learned uplink not WAP Uplink.

827283 Roaming Guest Logical Network missing from FortiGate Model


Configuration and possibly other vendors.

826653 FortiNAC supplied Dynamic Addresses on the FortiGate can become


orphaned in FortiNAC High Availability environments. This can cause
unintended network access.

824088 Unable to update existing Registered Host records using Legacy View >
Hosts > Import.

776077 Local Radius to Winbind connection cannot be secured at this time.

767548 Register Game system with Host Inventory success page is not working.

710583 L2 Polling Mist APs can result in more API requests than Mist allows per

FortiNAC 9.4.6 Release Notes 58


Fortinet Inc.
Known Issues Version 9.4.6

Ticket # Description

hour.

708936 FortiNAC will log off SSO for sessions that remain connected to a managed
FortiGate IPSec VPN tunnel after 12 hours.

Not all models of all network devices can be configured to perform Physical
MAC Address Filtering even though the Admin UI indicates that the
configuration can be set. Resolution: Hosts can be disabled by
implementing a Dead-end VLAN.

For Portal v2 configurations, web pages that are stored in the site directory
to be used for Scan Configurations will not be included when you do an
Export of the Portal v2 configuration. Resolution: The files in the site
directory are backed up with the Remote Backup feature, but otherwise
keep a copy of these files in a safe place.

Removing a device from the L2 Wired Devices or L2 Wireless Devices


Group does not disable L2 (Hosts) Polling under the Polling tab in
Topology.

The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all
hosts marked At-Risk to Safe. However, the status of the individual scans
for each host remain unchanged.

In a Layer 3 High Availability (HA) environment, configWizard must have a


DHCP scope defined. Running configWizard without a DHCP scope can
cause a failover.

On FortiNAC appliances with CentOS 7, duplicate log messages may


appear in dhcpd.log for each sub interface (eth1, eth1:1, eth1:2, etc).

System > Settings > Updates > Operating System will only record and
display dates of OS updates that are completed through the Administrative
UI. If Operating System updates are run via command line using the "yum"
tool, the update is not recorded. Resolution: Execute Operating System
Updates through the Administrative UI in order to maintain update history.

Only English versions of AV/AS and their corresponding definitions are


supported.

Anti-Virus product Iolo technologies System Mechanic Professional is


currently not supported.

FortiNAC 9.4.6 Release Notes 59


Fortinet Inc.
Device Support Considerations

Device Support Considerations

Ticket # Description

897151 Device mapping for Cisco C9800-AP's adds AP's as a Cisco 9800 Wireless
controller. Cisco C9800-AP Software is not currently supported.

548902 Management of wired ports on Aerohive AP-150W controlled by


AerohiveNG is currently unsupported.

679230 Aruba 9012-US currently not supported. If required, contact sales or


support to submit a New Feature Request (NFR).

7680531 Ubiquiti Gen2 Unifi switches (example: USW-16-POE) are currently not
supported. If required, contact sales or support to submit a New Feature
Request (NFR).

At this time, integration with Juniper MAG6610 VPN Gateway is not


supported. This includes Pulse Connect Secure ASA.

At this time, integration with Cisco 1852i Controller is not supported due to
the device's limited CLI and SNMP capability. For details, see related KB
article 189545.

At this time, Fortinet does not support wired port management for the Cisco
702W. The access point does not provide the management capabilities
required.

At this time, Fortinet is not able to support the Linksys LAPN600 Wireless-
N600 Dual Band Access Point.

Ports on Avaya Networks 4850GTS-PWR+ switches sometimes show "Not


Connected" even though the port is active. This is due to multiple ports on
the switch using the same MAC Address. This prevents NAC from correctly
discerning which are "Connected" versus "Not Connected". There is no
workaround.

Device models for Avaya 4800 switches (and potentially other related
models) only support SSH. Device models for Avaya Ethernet Routing
Switches only support Telnet. Contact Support if the alternate protocol is
required.

FortiNAC 9.4.6 Release Notes 60


Fortinet Inc.
Device Support

Device Support

These changes have been made in FortiNAC Version 9.4.6. These are in addition to the device support added
in previous releases.

FortiNAC 9.4.6 Release Notes 61


Fortinet Inc.
Version 9.4.6

Version 9.4.6

Ticket # Description

964929 Integration with Korenix devices.

981176 Intelligent IEC 61850-3 28-port rack mount managed Gigabit Ethernet
switch with 4 slots

979576 RFL 3200Mk-28switch

961515 Lantech IPES-3416DSFP Switch

996537 Extreme Networks Switch Engine (5420F-16MW-32P-4XE-SwitchEngine)


version 32.6.1.5
Extreme Networks, Inc. C5G124-48 Rev 06.81.08.0005
Huawei AR617VW-LTE4EA Huawei Versatile Routing Platform Software
VRP (R) software,Version 5.170
Cisco IOS Software [Bengaluru], IE3x00 Switch Software (IE3x00-
UNIVERSALK9-M), Version 17.6.3
Huawei YunShan OS Version 1.22.0.1 (S5700 V600R022C01SPC500)
Cisco IOS Software, S5700 Software (S5700-UNIVERSALK9-M), Version
15.2(7)E3
HPE Comware Platform Software, Software Version 7.1.070
Cisco IOS Software [Bengaluru], IE3x00 Switch Software (IE3x00-
UNIVERSALK9-M), Version 17.6.3
Industrial 8-P GbE RJ45 + 2-P GbE RJ45/SFP Combo L2 Plus Managed
PoE Switch
08G20G2-08 Gigabit Ethernet Switch
JetStream 8-Port Gigabit L2 Managed Switch with 2 SFP Slots
Aruba R8Q71A 6200M 36G 12SR5 CL6 PoE 4SFP+

984156 DGS-1210-48 2.00.011


JetStream 24-Port Gigabit Stackable Smart Switch with 4 10GE SFP+ Slots
JetStream 24-Port Gigabit L2+ Managed Switch with 4 10GE SFP+ Slots
Aruba JL722C 8360 24p 10G SFP/SFP+ and 2p 40/100G QSFP+/QSFP28
switch
Aruba Instant On 1830 8G 4p Class4 PoE 65W Switch JL811A, InstantOn_
1830_2.6.0.0 (75), Linux 4.4.120, U-Boot
Cisco IOS Software [Cupertino], Catalyst L3 Switch Software (IE9K_
IOSXE), Version 17.9.2, RELEASE SOFTWARE (fc2)
Cisco IOS Software, S5700 Software (S5700-UNIVERSALK9-M), Version
15.2(7)E
Aruba R8Q70A 6200M 48G CL4 PoE 4SFP+
FortiAP-U431F

FortiNAC 9.4.6 Release Notes 62


Fortinet Inc.
Version 9.4.6

Ticket # Description

Cisco IOS Software, S5700 Software (S5700-UNIVERSALK9-M), Version


15.2(6)E2a
HP Comware Platform Software, Software Version 5.20.99, Release
2110P02 HP 3600-24 v2 EI Switch
1620-24G Switch Software Version 5.20.99, Release 1113
Arista Networks EOS version 4.30.4M running on an Arista Networks CCS-
720DT-48S-2
Brocade Communications Systems, Inc. ICX7250-24, IronWare Version
08.0.30fT213
CBS350-48FP-4X 48-Port Gigabit PoE Stackable Managed Switch with
10G Uplinks
Juniper Networks, Inc. ex4100-f-12p Ethernet Switch, kernel JUNOS
22.3R2-S2.9
Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE)
Aruba Instant On 1930 24G Class4 PoE 4SFP/SFP+ 370W Switch JL684B

Version 9.4.5

Ticket # Vendor

959926 Arista CCS-722

961726 Extreme ISW 8Gbp Rugged Switch

969097 Meraki MX acting as a wireless controller (managing Meraki APs)


See the Meraki MX Controller Reference Manual.

968088 Claroty industrial security solution

922122 Ruckus Wireless, Inc. ICX8200-48PF-POE

966745 Alcatel-Lucent Enterprise OS6360-PH24 8.7.252.R02 GA.


S1720-10GW-2P-E Huawei Versatile Routing Platform Software VRP (R)
software, Version 5.170 (S1720GWR V200R010C00SPC600).
SG550XG-24F 24-Port 10G SFP+ Stackable Managed Switch.
Ruckus Wireless, Inc. ICX8200-48P-POE, IronWare Version
10.0.10aT253.
Huawei Versatile Routing Platform Software VRP Software Version 3.10,
Quidway S5624P-PWR Product Version S5600-1510P02.
Cisco IOS Software [Fuji], ISR Software (ARMV8EB_LINUX_IOSD-
UNIVERSALK9_IAS-M), Version 16.9.8.
Extreme Networks Switch Engine (5320-48P-8XE-SwitchEngine) version
32.5.1.5.

FortiNAC 9.4.6 Release Notes 63


Fortinet Inc.
Version 9.4.6

Ticket # Vendor

Extreme Networks Switch Engine (5320-24P-8XE-SwitchEngine) version


32.5.1.5.
CBS250-16T-2G 16-Port Gigabit Smart Switch.
Huawei Versatile Routing Platform Software VRP (R) software, Version
8.100 (CE6850HI V100R005C10SPC200) HUAWEI CE6850-48S6Q-HI.
Huawei Versatile Routing Platform Software VRP (R) software, Version
8.100 (CE12800 V100R005C10SPC200) HUAWEI CE12808.
DGS-F1500-52MP.
D-LINK DGS-F1210-26PS-E HW A2 Firmware V5.2.10.1-g50cdbd731, L2
Ethernet PoE Switch.
D-LINK DGS-F1210-26PS-E HW A1 Firmware V5.2.10.1-g836e4f620, L2
Ethernet PoE Switch.

962116 Aruba JL717C 8360-32Y4C v2 Switch LL.10.11.1030.


Arista Networks EOS version 4.29.5M running on an Arista Networks CCS-
722XPM-48Y4.
Ethernet Routing Switch 3550T-PWR+ HW:01, FW:5.3.0.6, SW:v5.3.0.004
BN:04 by Avaya Networks.
OAW-AP1321 4.0.2.
SG300-10SFP 10-Port Gigabit Managed SFP Switch.
S5731-S24P4X Huawei Versatile Routing Platform Software VRP (R)
software, Version 5.170 (S5731 V200R021C10SPC600).
Huawei AirEngine6760R-51E Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.170 (AirEngine6760R-51E
V200R022C00SPC100).
M4300-52G-PoE+ ProSAFE 48-port 1G PoE+ and 2-port 10GBASE-T and
2-port 10G SFP+, 12.0.17.7, B1.0.0.16.
Siemens, SIMATIC NET, SCALANCE XC208, 6GK5 208-0BA00-2AC2,
HW: Version 3, FW: Version V04.02.00.
HPE Comware Platform Software, Software Version 5.20.99, Release 2111
HPE 3600-24-PoE+ v2 SI Switch"

Version 9.4.4

Ticket # Vendor

906953 Several models of Ubiquiti UniFi switches are identified as Ubiquiti APs.

901235 Added support for RAD PowerFlow switches.

897601 Extreme SLX9540 switches Layer 2 support

898891 Cisco IOS Software [Bengaluru], c8000be Software (X86_64_LINUX_


IOSD-UNIVERSALK9-M), Version 17.6.5, RELEASE SOFTWARE (fc2)

FortiNAC 9.4.6 Release Notes 64


Fortinet Inc.
Version 9.4.6

Ticket # Vendor

Hirschmann RSR
Cisco IOS Software, ir800 Software (ir800-UNIVERSALK9-M), Version
15.9(3)M5, RELEASE SOFTWARE (fc1)
Cisco IOS Software [Cupertino], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9_IOT-M), Version 17.9.1, RELEASE SOFTWARE (fc8)

897151 Removed invalid device mapping for C9800-AP Software.

905491 Cisco Adaptive Security Appliance Version 9.13(1)2


Cisco IOS Software [Amsterdam], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9-M), Version 17.3.4a, RELEASE SOFTWARE (fc3)
Brocade Communications Systems, Inc. Stacking System FCX648S-
HPOE-PREM, IronWare Version 08.0.30qT7F2 labeled as FCXR08030q
Ruckus Wireless, Inc. ICX7650-48Z-HPOE, IronWare Version
08.0.70dT231 Compiled on Nov 28 2018 at 10:47:15 labeled as
TNS08070d
S5720-28X-PWR-LI-AC Huawei Versatile Routing Platform Software VRP
(R) software,Version 5.170 (S5720 V200R011C10SPC600)
Aruba R0X25A 6410 Chassis FL.10.09.1010
Juniper Networks, Inc. ex4400-48p Ethernet Switch, kernel JUNOS
21.2R3.8
Dell Networking X1052 1-10Gb Switch
Dell EMC Networking OS Operating System Version: 2.0 Application
Software Version: 9.14(2.10) Series: S3124F
Juniper Networks, Inc. ex4100-48mp Ethernet Switch, kernel JUNOS
22.3R1.12
Arista 7148S-F
CBS350-16FP-2G 16-Port Gigabit PoE Managed Switch

909011 Added device support for Netonix WS-12-250-AC.

906953 Updated the element type and used CommonSNMP to read Ports.

911439 Added device support for MICROSENS G6 Switch.

911123 Computer Services


NUSTCY3140
Alcatel-Lucent Enterprise OS6560-P24Z24 8.4.1.229.R02 GA, September
01, 2017.
Alcatel-Lucent Enterprise OS6900-T20 8.5.255.R02 GA, August 29, 2018.
Aruba JL678A 6100 24G 4SFP+ Swch PL.10.08.1040
Cisco Adaptive Security Appliance Version 9.8(4)35
HPE Comware Platform Software, Software Version 7.1.070, Release 6330
HPE 5140 8G 2SFP 2GT EI Sw Copyright (c) 2010-2021 Hewlett Packard
Enterprise Development LP

914193 Encountered issues with Brocade switch - not all VLANs are visible,

FortiNAC 9.4.6 Release Notes 65


Fortinet Inc.
Version 9.4.6

Ticket # Vendor

affecting VLAN settings in the model.

906953 Introduced a property allowing the use of CLI to read VLANs from Unifi
Switches.

915803 FG600F_India
ExtremeXOS (X465-24MU-24W) version 32.3.1.11 32.3.1.11 by release-
manager on Fri 16 Dec 2022 11:30:47 AM UTC
NetVanta 1234 PoE, Version: R13.10.2, Date: Tue Aug 31 13:29:02 2021
SF350-48P 48-Port 10/100 PoE Managed Switch
48-port 10/100/1000 Ethernet Switch with PoE
24-port 10/100/1000 Ethernet Switch with PoE

920357 Huawei YunShan OS Version 1.22.0.1 (S5700 V600R022C01SPC500)


Copyright (C) 2021-2022 Huawei Technologies Co., Ltd. HUAWEI
CloudEngine S5735-S-V2
Aruba R8N89A 6000 12G CL4 2SFP 139W Swch PL.10.08.1010
Ruckus Wireless, Inc. ICX8200-C08PF-POE, IronWare Version
10.0.00T253 Compiled on Nov 1 2022 at 00:46:53 labeled as RDR10000
Alcatel-Lucent OS6860E-U28 8.2.1.258.R01 Service Release, November
18, 2015.
Huawei AR151-S2 Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (AR150 V200R010C10SPC700) Copyright (C)
2011-2020 Huawei Technologies Co., Ltd
S5720-28TP-PWR-LI-AC Huawei Versatile Routing Platform Software VRP
(R) software,Version 5.170 (S5720 V200R019C10SPC500) Copyright (C)
2007 Huawei Technologies Co., Ltd.
S5720-52P-PWR-LI-AC Huawei Versatile Routing Platform Software VRP
(R) software,Version 5.170 (S5720 V200R011C10SPC600) Copyright (C)
2007 Huawei Technologies Co., Ltd.
ArubaOS (MODEL: Aruba9004), Version 8.7.0.0-2.3.0.7 (83952)

918683 Added device support for TPLink TL-SG2428 switches.

924265 Huawei Versatile Routing Platform Software VRP (R) software, Version
8.100 (CE5855EI V100R005C10SPC200) Copyright (C) 2012-2015
Huawei Technologies Co., Ltd. HUAWEI CE5855-24T4S2Q-EI
Cambium cnPilot E400 Access Point
Quidway S7712 Huawei Versatile Routing Platform Software VRP (R)
Software, Version 5.170 (S7700 V200R010C00SPC600) Copyright (c)
2000-2016 Huawei Technologies Co., Ltd
Aruba Instant On 1830 24G 12p Class4 PoE 2SFP 195W Switch JL813A,
InstantOn_1830_2.5.0.0 (48), Linux 4.4.120, U-Boot 2013.01 (V1.0.0.17)
S5710-28C-EI Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.110 (S5710 V200R001C00SPC300) Copyright (C)
2007 Huawei Technologies Co., Ltd.

FortiNAC 9.4.6 Release Notes 66


Fortinet Inc.
Version 9.4.6

Ticket # Vendor

Huawei AR2220 Huawei Versatile Routing Platform Software VRP (R)


software,Version 5.120 (AR2220 V200R003C01SPC900) Copyright (C)
2011-2013 Huawei Technologies Co., Ltd

918683 Changed the end-of-line value to a carriage return for TP-Link switches.

871657 Pnetworks switches with newer firmware are identified as generic firewalls.

Version 9.4.3

Ticket # Vendor

875730 S5720-28X-SI-24S-AC Huawei Versatile Routing Platform Software VRP


S1720-52GWR-PWR-4P-E Huawei Versatile Routing Platform Software
VRP
S5735-S32ST4X Huawei Versatile Routing Platform Software VRP
AC6805 Huawei Versatile Routing Platform Software VRP
Alcatel-Lucent Enterprise AOS-W Version 6.4.2.6-4.1.1.13
Cisco CBS250-8PP-D 8-Port Gigabit PoE Smart Switch
Cisco CBS350-8T-E-2G 8-Port Gigabit Managed Switch
Cisco SX350X-24F 24-Port 10G SFP+ Stackable Managed Switch
Cisco IOS Software, C1700 Software (AP3G2-K9W7-M), Version 15.3
(3)JD

868451 Forcepoint NGFW Firewall

878013 Meraki CW9166I Cloud Managed AP


Meraki MX105 Cloud Managed Security Appliance
Juniper Networks, Inc. ex4100-48p Ethernet Switch, kernel JUNOS
22.3R1.12
Cisco SF350-08 8-Port 10/100 Managed Switch

884423 Cisco IOS Software [Bengaluru], IE3x00 Switch Software (IE3x00-


UNIVERSALK9-M), Version 17.6.4
S5735-L48T4X-A1 Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S5735 V200R020C10SPC500)
S5720S-12TP-PWR-LI-AC Huawei Versatile Routing Platform Software
VRP (R) software,Version 5.170 (S5720 V200R019C10SPC500)
Dell Networking N3224T-ON, 6.8.1.0, Linux 4.15.18-2e794c6e
Ruijie 10G Ethernet Switch (S5310-24GT4XS-P-E)
Cisco Sx220 Series Switch Software, Version 1.2.1.2
S6730-H24X6C Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S6730 V200R021C00SPC100)
SG350-20 20-Port Gigabit Managed Switch

FortiNAC 9.4.6 Release Notes 67


Fortinet Inc.
Version 9.4.6

Ticket # Vendor

889578 HPE Comware Platform Software, Software Version 7.1.070, Release


6530P02 HPE 5520 48G PoE+ 4SFP+ HI Swch R8M29A
Juniper Networks, Inc. ex4650-48y-8c Ethernet Switch, kernel JUNOS
21.4R3-S2.4
Aruba JL668A 6300F 24G 4SFP56
CBS350-24T-4G 24-Port Gigabit Managed Switch
Aruba JL264A 2930F-48G-PoE+-4SFP+-TAA Switch, revision
WC.16.08.0016, ROM WC.16.01.0006
HP J9855A 2530-48G-2SFP+ Switch, revision YA.16.02.0014, ROM
YA.15.19
FG400F-HYAC-01 - Routing
Cisco IOS Software, S5400 Software (S5400-UNIVERSALK9-M), Version
15.2(8)E
Extreme Networks Switch Engine (5320-48T-8XE-SwitchEngine) version
32.3.1.11 32.3.1.11

891820 Aruba JL817A 4100i 12G CL4/6 POE 2SFP+ DIN Sw RL.10.10.1040
Huawei S1720-10GW-PWR-2P-E
Cisco IOS Software [Gibraltar], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9_IAS-M), Version 16.10.1b
Aruba 6000 48G 4SFP Switch

894124 Cisco 48-Port Gigabit Smart Switch


Cisco IOS Software [Cupertino], Catalyst L3 Switch Software (CAT9K_
LITE_IOSXE), Version 17.9.1

Version 9.4.2

Ticket # Vendor

793480 Cambium Networks cnPilot E410


Cambium Networks cnPilot E600

672701 Cambium XV(XV3-8, XV2-2T0)


cnPilot(E500, E430, E700) series APs

831482 Aruba JL727A 6200F 48G CL4 4SFP+370W Swch


S5735-L12P4S-A Huawei Versatile Routing Platform Software
PowerConnect 7024, 5.1.17.1, VxWorks 6.6
OAW-AP1201 4.0.2
S5732-H24S6Q Huawei Versatile Routing Platform Software
AP7522 Access Point, Version 7.7.0.0-018R MIB=01a
Fortinet FortiGate

FortiNAC 9.4.6 Release Notes 68


Fortinet Inc.
Version 9.4.6

Ticket # Vendor

Meraki MR36H Cloud Managed AP

836420 Juniper eqfx5120-48t-6c switch


Managed Hardened PoE+ Switch, (8) 10/100/1000Base-T PoE+ Ports + (4)
100/1000Base-X SFP
Palo Alto Networks PA-400 series firewall
Dell EMC Networking OS10 Enterprise S5296F-ON

838902 Cisco IOS Software, C2960SM Software (C2960SM-LANBASEK9-M),


Version 12.2(52)EX1
Huawei AirEngine9700-M1 Huawei Versatile Routing Platform Software
VRP
Meraki MR57 Cloud Managed Indoor AP

840205 Westermo L210-F2G Rugged Compact Switches

842976 Cisco IOS Software, C800 Software


DGS-1510-52X Gigabit Ethernet SmartPro Switch
Aruba Wired Switch R8N88A

844425 Allied Telesis 510L-52GT & 550-18XSQ switches

845410 CBS350-24P-4X 24-Port Gigabit PoE Stackable Managed Switch with 10G
Uplinks
S6720-30C-EI-24S-AC Huawei Versatile Routing Platform Software VRP
S6730-H48X6C Huawei Versatile Routing Platform Software VRP
S5735-L8P4X-IA1 Huawei Versatile Routing Platform Software VRP

847082 Huawei NE40E-X3


Extreme SLX9540 Switch/Router
Baseline Switch 2250-SFP Plus
WS6-DGS-1210-10P/F1 6.20.007

849478 Cisco IOS Software [Gibraltar]


DGS-1210-28P/C1 4.10.004

851405 Fortinet FortiGate


Alcatel-Lucent Enterprise OS6360-P24X 8.8.56.R02 GA
Meraki MX75
Aruba JL667A 6300F 48G 4SFP56 Sw
ArubaOS (MODEL: 635)

852981 Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.5.0-2.10

854248 S1720-28GWR-PWR-4P Huawei Versatile Routing Platform Software VRP


S1730S-S24P4S-A Huawei Versatile Routing Platform Software VRP
Extreme Networks Switch Engine (Stack)
Extreme Networks Switch Engine (5320-16P-4XE-SwitchEngine)

FortiNAC 9.4.6 Release Notes 69


Fortinet Inc.
Version 9.4.6

Ticket # Vendor

856760 Cisco IOS Software, IE2000 Software (IE2000-UNIVERSALK9-M)


SG350-28MP 28-Port Gigabit PoE Managed Switch
Cisco IOS Software, C900 Software (C900-UNIVERSALK9-M)
Aruba Instant On 1930 24G Class4 PoE 4SFP/SFP+ 370W Switch JL684A
S5735-L48P4S-A1 Huawei Versatile Routing Platform Software

859465 Brocade Communications Systems, Inc. ICX7450-48, IronWare


Brocade Communications Systems, Inc. FWS624G-POE-PREM, IronWare
Brocade Communications Systems, Inc. FWS624G-PREM, IronWare
Brocade Communications Systems, Inc. FWS648G-PREM, IronWare
Brocade Communications Systems, Inc. FWS648, IronWare
Cisco Controller
SG550X-24 24-Port Gigabit Stackable Managed Switch

859816 Allied Telesis X510-28-GTX switches

863408 CBS350-8P-2G 8-Port Gigabit PoE Managed Switch


Cisco IOS Software, ASR900 Software (PPC_LINUX_IOSD-
UNIVERSALK9_NPE-M)
Cisco IOS Software, IE2000U Software (IE2000U-LANBASEK9-M),
Version 15.2(5)E
S5735-S24P4X Huawei Versatile Routing Platform Software VRP
Cisco IOS Software [Cupertino], IE3x00 Switch Software (IE3x00-
UNIVERSALK9-M)
Symbol AP410C
SG550XG-8F8T 16-Port 10G Stackable Managed Switch
Symbol AP310-1
Symbol AP7532 Access Point
Cisco CBS350-48T-4X 48-Port Gigabit Stackable Managed Switch with
10G Uplinks
Avaya Networks Ethernet Routing Switch 3526T-PWR+

871270 Huawei S5720-36C-PWR-EI-AC


Cisco IOS Software, IE2000 Software (IE2000-UNIVERSALK9-M)
Huawei S5335-L24P4X-A
Aruba JL663A 6300M 48G 4SFP56 Swch
Aruba JL719C 8360-48Y6C v2 Switch
ExtremeXOS 5320-48P-8XE-EXOS
Avaya Networks Ethernet Routing Switch 3524GT
Accton Technology SG 2404 PoE L2+ Gigabit Ethernet Switch
Huawei S5735S-L48T4S-A
Juniper SRX345

FortiNAC 9.4.6 Release Notes 70


Fortinet Inc.
Version 9.4.6

Version 9.4.1

Ticket # Vendor

805669 Extreme VSP-7400-48Y-8C (8.1.6.0)

806646 S5735-L24T4X-A1 Huawei Versatile Routing Platform Software VRP


FGT85F
S5731-H24T4XC Huawei Versatile Routing Platform Software
FGTVM641000C
S5732-H48UM2CC Huawei Versatile Routing Platform Software
FGT50A
JL581A Aruba 8320 48p
Juniper Networks, Inc. ex3400-48t Ethernet Switch

814620 Cisco IOS Software, c6848x Software (c6848x-ADVENTERPRISEK9-M)


Palo Alto Networks PA-3200 series firewall
S5735-L24P4X-A1 Huawei Versatile Routing Platform Software
S5735-L24P4S-A1 Huawei Versatile Routing Platform Software
Extreme Networks Switch Engine (5420F-24P-4XE-SwitchEngine)
PowerConnect 7024, 5.1.18.1, VxWorks 6.6
Aruba JL658A 6300M 24SFP+ 4SFP56 Swch FL.10.09.1000
Datacenter Switch
Cisco IOS Software [Bengaluru],c8000be Software(X86_64_LINUX_IOSD-
UNIVERSALK9-M)

820169 Ruckus Wireless, Inc. ICX7850-48F, IronWare Version 08.0.95fT233

820969 HP A5120-24G SI Switch Software Version 5.20, Release 1513P13


S5720-52P-PWR-LI-AC Huawei Versatile Routing Platform Software VRP
(R) software,Version 5.170 (S5720 V200R011C10SPC600)
S5735-L8T4S-A1 Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S5735 V200R020C10SPC500)
SG500X-24 24-Port Gigabit with 4-Port 10-Gigabit Stackable Managed
Switch

824676 Dell EMC Networking OS10 Enterprise.


Palo Alto Networks PA-400 series firewall
FGT-SG-SSL
U6-Lite 6.0.19.13671
Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.5.1-2.4
CBS350-8FP-2G 8-Port Gigabit PoE Managed Switch

825863 Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.4.9-0.2

827842 Alcatel-Lucent Enterprise OS6560-P48Z16 8.7.98.R03 GA, July 05, 2021.


Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.5.1-2.4

FortiNAC 9.4.6 Release Notes 71


Fortinet Inc.
Version 9.4.6

Ticket # Vendor

Cisco IOS Software, IE2000 Software (IE2000-UNIVERSALK9-M), Version


15.0(1)EY
Meraki MR44 Cloud Managed AP
Cisco IOS Software, cgr1000 Software (cgr1000-UNIVERSALK9-M),
Version 15.7(3)M1
S5731-S24T4X Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S5731 V200R021C00SPC100)
PowerConnect 7024P, 5.1.18.1, VxWorks 6.6

830112 Dell EMC Networking N3224P-ON, 6.6.3.14, Linux 4.15.18-2ac8b3ec


Huawei AP5030DN Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (AP5030DN V200R010C00SPCd00) Dell EMC
Networking OS10 Enterprise.

833731 Huawei AR129CGVW-L Huawei Versatile Routing Platform Software VRP


S6720-56C-PWH-SI-AC Huawei Versatile Routing Platform Software VRP
Dell Networking N1524P
S5735-L24P4X-A1 Huawei Versatile Routing Platform Software VRP

Version 9.4.0

Ticket # Vendor

765568 Add support for Huawei AR550E router/switch

765569 Add support for DIGI cellular routers

779607 Add Device support from set mapping emails (2 models)

781634 Add Device support from set mapping emails (Huawei S5700-52P-LI-AC)

787686 S5735-L48T4S-A1 Huawei Versatile Routing Platform Software VRP (R)


software
CBS350-48P-4X 48-Port Gigabit PoE Stackable Managed Switch with 10G
Uplinks
CBS350-48P-4G 48-Port Gigabit PoE Managed Switch
CBS350-8P-E-2G 8-Port Gigabit PoE Managed Switch
CBS350-24T-4X 24-Port Gigabit Stackable Managed Switch with 10G
Uplinks
Linux Lethe 2.6.18-92cpx86_64 1 SMP Mon Oct 8 10:34:42 IDT 2018 x86_
64
Juniper Networks, Inc. srx380-poe-ac internet router, kernel JUNOS
20.4R3-S1.3
S5735-L8P4S-A1 Huawei Versatile Routing Platform Software VRP (R)
software

FortiNAC 9.4.6 Release Notes 72


Fortinet Inc.
Version 9.4.6

Ticket # Vendor

Fortigate fwf51E
Quidway S9712 Huawei Versatile Routing Platform Software VRP (R)
Software
Brocade Communications Systems, Inc. FastIron SX 1600
CCB 1st Sessions Court FS108F Meraki MR36H Cloud Managed AP

789282 Add support for Extreme Campus Controller WLC

792686 Huawei AR129CGVW-L Huawei Versatile Routing Platform Software VRP


(R) software
Cisco NX-OS(tm) nxos.9.3.7.bin, Software (nxos)
Juniper Networks, Inc. ex4400-24p Ethernet Switch, kernel JUNOS
21.1R1.11
Aruba R8N85A 6000 48G CL4 4SFP Swch PL.10.09.1000
Aruba Instant On 1930 8G 2SFP Switch JL680A, InstantOn_1930_1.0.5.0
(139)
IE1000 Industrial Ethernet Switch, Version: 1.7.0#2018-05-
02T18:19:37+00:00

796633 fortigate
Cisco IOS Software, C1000 Software (C1000-UNIVERSALK9-M), Version
15.2(7)E4
Aruba R8N87A 6000 24G CL4 4SFP Swch PL.10.08.1010
Meraki MS355-48X2 Cloud Managed Switch
Dell EMC Networking OS10 Enterprise.S5224F-ON

801676 HPE Comware Platform Software, Software Version 7.1.070, Release 6327
SG350XG-24F 24-Port 10G SFP+ Stackable Managed Switch
SG300-28SFP 28-Port Gigabit Managed SFP Switch
Linux PA-Mac-Ops-BCKPF-S 4.14.76-release-1.3.0 1 SMP
Aruba JL725A 6200F 24G CL4 4SFP+370W Swch ML.10.09.1000
Cisco IOS Software [Cupertino], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9-M), Version 17.7.1a
Cisco Sx220 Series Switch Software, Version 1.1.3.1
CBS350-24P-4G 24-Port Gigabit PoE Managed Switch
Firewall OCI Unimedsc
Palo Alto Networks VM-Series firewall
Canton-Firewall

783982 S5720-12TP-LI-AC
S5720-36PC-EI-AC
S5720S-52P-SI-AC
S5700-10P-PWR-LI-AC

786422 ArubaOS (MODEL: 565), Version 8.7.1.8-8.7.1.8

FortiNAC 9.4.6 Release Notes 73


Fortinet Inc.
Version 9.4.6

Ticket # Vendor

790006 Netgear S4300 and S3300 Switches

792592 FortiFone X80

566257 Support for Huawei AC6605 wireless controller

System Update Settings

Field Definition

Host Set to fnac-updates.fortinet.net

Auto-Definition Directory Keep the current value.

Product Distribution Set to Version_9_4


Directory

Agent Distribution Keep the current value.


Directory

User Set to updates (in lowercase)

Password Keep the current value.

Protocol Set to desired protocol (FTP, PFTP, HTTP, HTTPS)


Note: SFTP has been deprecated and connections will fail using this option.
SFTP will be removed from the drop down menu in a later release.

FortiNAC 9.4.6 Release Notes 74


Fortinet Inc.
Numbering Conventions

Numbering Conventions

Fortinet is using the following version number format:


<First Number>.<Second Number>.<Third Number>.<Fourth Number>
Example: 8.0.6.15
l First Number = major version
l Second Number = minor version
l Third Number = maintenance version
l Fourth Number = build version

l Release Notes pertain to a certain version of the product. Release Notes are revised as needed. The Rev
letter increments accordingly. For example, updating the Release Notes from Rev C to Rev D indicates
changes in the Release notes only -- no changes were made to the product.
l The next number represents the version in which a Known Anomaly was added to the release notes (for
example, V8.0).

FortiNAC 9.4.6 Release Notes 75


Fortinet Inc.
Copyright© 2024 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the
U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be
trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and
other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding
commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s
General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such
event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be
limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or
development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and
guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable.

You might also like