FortiNAC 9.4.6 Release Notes
FortiNAC 9.4.6 Release Notes
FortiNAC 9.4.6 Release Notes
Version 9.4.6
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com
FORTINET BLOG
https://blog.fortinet.com
NSE INSTITUTE
https://training.fortinet.com
FORTIGUARD CENTER
https://www.fortiguard.com
FEEDBACK
Email: [email protected]
Change log 5
Overview of Version 9.4.6 6
Notes 6
Supplemental Documentation 6
Version Information 6
Upgrade Requirements 8
Pre-upgrade Procedures 10
Compatibility 12
Agents 12
Web Browsers for the Administration UI 12
Operating Systems Supported Without an Agent 12
What's new 13
New features in 9.4.6 13
Important notice 13
New features in 9.4.5 13
Important notice 13
New features in 9.4.4 13
Important notice 13
New features 14
New features in 9.4.3 14
Important notice 14
New features in 9.4.2 14
New features in 9.4.1 14
New features in 9.4.0 15
Enhancements and Addressed Issues 17
Version 9.4.6 17
Version 9.4.5 19
Version 9.4.4 25
Version 9.4.3 30
Version 9.4.2 34
Version 9.4.1 44
Version 9.4.0 49
Known Issues Version 9.4.6 58
Device Support Considerations 60
Device Support 61
Version 9.4.6 62
Version 9.4.5 63
Version 9.4.4 64
Version 9.4.3 67
Version 9.4.2 68
Change log
FortiNAC v9.4.6 is the latest release being made available to customers to provide functionality and address
some known issues. Build number 0800.
Critical information about upgrading your FortiNAC should be viewed in New Features.
Notes
l Starting from 9.1.0, FortiNAC uses a new GUI format. FortiNAC cannot go backwards to a previous
version. Snapshots should always be taken on virtual appliances prior to upgrade.
l Prior to upgrading, review the FortiNAC Known Anomalies posted in the Fortinet Document Library.
l If using agents or configured for High Availability, additional steps may be required after upgrade for proper
functionality. See Upgrade Instructions and Considerations posted in the Fortinet Document Library.
l CentOS 7.4 or higher is required. The current CentOS version installed is listed as "Distribution" in the CLI
login banner or typing "sysinfo".
Example:
> sysinfo
************************************************************************
Recognized platform: Linux
Distribution: CentOS Linux release 7.6.1810 (Core)
If the CentOS version is below 7.4, run OS updates and reboot before upgrading. For instructions on
updating CentOS, refer to the Fortinet Document Library.
l For upgrade procedure, see Upgrade Instructions and Considerations posted in the Fortinet Document
Library.
Supplemental Documentation
Version Information
These Release Notes contain additional Enhancements, Device Support, and features. Unique numbering is
used for the various components of the product. The software version and Agent version supplied with this
release are listed below.
Version: 9.4.6
Agent Version: 9.4.0
A newer Persistent Agent may be required to support certain antivirus and anti-spyware products. Refer to the
Agent Release Notes in the Fortinet Document Library.
Firmware version represents a collection of system services and operating system features imaged on to the
appliance before it leaves manufacturing. The firmware image cannot be updated by a Fortinet customer.
Services within the image are updated by Fortinet or a certified Fortinet Partner in appliance maintenance
packages released as new more robust and secure versions of services become available.
Note: Upgrading software versions does not change firmware nor does it automatically require an upgrade to
the Persistent Agent. Newer Persistent Agents are not compatible with older software versions unless that
capability is specifically highlighted in the corresponding release notes.
Upgrade Requirements
Ticket # Description
Legacy SSH Ciphers Vulnerable Diffie-Hellman SSH Ciphers were removed from versions 9.2.8,
9.4.4. F7.2.3 and greater. The removal of these ciphers can cause SSH
communication to fail between FortiNAC and network infrastructure devices
still using these legacy ciphers. Depending upon the device, resulting
behavior can vary from failing L2 and L3 polling to failing VLAN switching.
The following events would be generated for the affected device:
l L2 Poll Failed
l L3 Poll Failed
l VLAN Switch Failure
The legacy ciphers must be re-added to FortiNAC via the CLI after upgrade.
For details, see KB article https://community.fortinet.com/t5/FortiNAC-
F/Troubleshooting-Tip-SSH-communication-fails-after-upgrade-due-to/ta-
p/281029
892856 High Availability and FortiNAC Manager Environments: The following are
required as of 9.4.3:
l Key files containing certificates are installed in all FortiNAC servers.
885056 All devices managed by FortiNAC must have a unique IP address. This
Ticket # Description
9.2 The number of Operating System and Anti-Virus program options in the
Scan Configuration have been reduced. Only those currently supported or
commonly in use are now listed. For a list of available Operating Systems
and Anti-Virus programs, see KB article 198098.
Pre-upgrade Procedures
Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following
procedure should be done prior to upgrade to prevent communication interruption.
l This configuration applies to FortiNAC version 9.4.3 and greater.
Configure all servers to allow communication between each other. This is done using an attribute that lists all
the allowed serial numbers with which appliances can communicate.
Steps
1. Confirm key files containing certificates are installed in all FortiNAC servers.
Administration UI Method:
The System Summary Dashboard widget should show 'Certificates = Yes'.
CLI Method:
Virtual appliance: Log in to the CLI as root and type:
licensetool
If 'certificates = []' or there is not a 'certificates' entry listed at all, keys with certificates must be
installed. See Importing License Key Certificates in the FortiNAC Manager Guide.
2. Compile the allowed serial number list. In a text file (Notepad, etc), document the serial numbers of each
appliance. Serial numbers can be obtained in the following ways:
l Customer Portal (https://support.fortinet.com)
l System Summery Dashboard widget in the Administration UI of each appliance
l CLI of each appliance using licensetool command
Example:
FortiNAC Manager A (primary) & B (secondary)
FortiNAC-CA servers A (primary) & B (secondary)
FortiNAC-CA server C
Command:
globaloptiontool -name security.allowedserialnumbers -setRaw
"<serialnumber1>,<serialnumber2>,<serialnumber3>"
Example
globaloptiontool -name security.allowedserialnumbers -setRaw "FNVM-Mxxxxxxx1,FNVM-
Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6"
Example
> globaloptiontool -name security.allowedserialnumbers
Warning: There is no known option with name: security.allowedserialnumbers
122 security.allowedserialnumbers: FNVM-Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-
CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6
Compatibility
FortiNAC Product releases are not backwards compatible. It is not possible to go from a newer release to any
older release.
Example: 9.4.0.0171 cannot be downgraded to any other release.
To backup the current system prior to upgrade on virtual machines, perform a snapshot. For physical
appliances refer to the document Back Up and Restore an Image of a FortiNAC Appliance.
Agents
FortiNAC Agent Package releases 5.x are compatible with FortiNAC Product release 9.x. Compatibility of Agent
Package versions 4.x and below with FortiNAC versions 9.x are not guaranteed.
Many of the views in FortiNAC are highly dependent on JavaScript. The browser used directly impacts the
performance of these views. It is recommended that you choose a browser with enhanced JavaScript
processing.
iOS for iPad iOS for iPhone iOS for iPod Linux
What's new
Important notice
Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate.
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.
Important notice
Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate.
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.
Important notice
Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.
New features
Important notice
Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.
New features
Version 9.4.0 has made it easier to use FortiAuthenticator with FortiNAC for RADIUS integrations.
Administrators will no longer be forced to change their FortiAuthenticator configuration when connecting to
FortiNAC. New enhancements allow FortiNAC to receive user groups from FortiAuthenticator during the
RADIUS authentication process.
For details, see "Fortinet-Group-Name" under RADIUS section of the Administration Guide.
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/214558/radius
FortiNAC has the ability to send SMS messages to administrators, guests or users. Previous versions of
FortiNAC only supported the Mail to SMS method; now, FortiNAC adds support for API/HTTPS-based SMS
gateway integration. FortiNAC 9.4.0 has built-in integration with cloud-based SMS providers such as Twilio, and
LDAP group mapping for sponsors.
In the GUI, see: Network > Service Connectors > Email/SMS
See information in the Administration Guide: https://docs.fortinet.com/document/fortinac/9.4.0/administration-
guide/19358/email-sms
Previous versions of FortiNAC only checked for Antivirus compliance within the Windows Defender AV product.
v9.4.0 adds an option to choose "Security-Center" in the Windows AV category for up-to-date virus definitions,
providing compliant protection for those Windows running end points.
v9.4.0 adds Kerberos support for admin and for user authentication on FortiNAC-CA, as well as admin
authentication on FNAC-M.
Enhancements
Version 9.4.0 has made it easier to authenticate large numbers of users with 802.1x. With concise information
on the dashboard to see pass/fails of 802.1x/MAB authentication, v9.4.0 gives at-a-glance insight. Importantly,
logs of failed authentications can be exported.
In the GUI, see: Network > RADIUS > Activity
For information in the administration guide, see:
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/270902/activity
Device support
Huawei Wireless LAN Controllers AC 6605, 6005 and 6508 (592592, 566257)
FortiNAC v9.4.0 adds device support for Huawei AC-6005-8 Wireless Controller.
Added User Organizational Unit "OU" LDAP mapping in User/Host profile. FortiNAC sends OU along with
FortiGate Device Tag and User Group via FSSO communication with FortiGate.
UI
These changes have been made in FortiNAC Version 9.4.6. These enhancements are in addition to the
enhancements that are outlined in previous releases.
Version 9.4.6
Ticket # Description
752538, 996381 When in the Users & Hosts > Applications view, selecting an application
and clicking the Show Hosts option displays a page that does not provide
accurately filtered results. Workaround: Navigate Users & Hosts > Hosts
and create a custom filter to list hosts associated to an application.
852560 Custom Guest Account Password email template is not used for Self
Registration. Self Registered Guest.
887470 A domain with a single character between dots in multiple dot domains
results in an error when adding to allowed domains.
902533 Modifying port name value via port properties that include '&' generates
'amp;' in the port name.
910216 Added 'Credential JSON' field in GSuite Service Connector for importing
gsuite_credentials.json file. For details, see:
https://docs.fortinet.com/document/fortinac/9.4.0/third-party-mdm-device-
integration/409089/mdm-service-connectors
919953 Enhance MSIntune Integration to query MSIntune API for a specific host
on-demand.
926831 Whenever the laptop is connected with a dock and Persistent Agent
installed, 'managed by MDM' flag is not showing in FortiNAC.
927754 Custom Registration failed with the error 'Anonymous Guest Access is not
Enabled.'
929383 FortiNAC-F initial setup fails when admin GUI password containing '&'
character is used.
950004 Added Bearer Token Authentication Support in Jamf MDM integration. For
details, see https://docs.fortinet.com/document/fortinac/9.4.0/third-party-
mdm-device-integration/288790/jamf
954103 After FortiGate power cycle, FortiNAC shows incorrect port state for
Fortiswitches (fortilink) once the device is pingable again.
Ticket # Description
955965 Access enforcement setting is not applied for manually created logical
networks when the setting is set to 'Deny' only.
956436 FortiNAC doesn't work as RADIUS proxy properly when integrated with
NEC-QX switch.
969258 Config Wizard - configuring an Invalid Subnet Mask (255.255. 225 .0) on an
Isolation Interface (Isol-Reg...) is accepted.
969655 LAG ports on FortiGate are not shown in Inventory > ports view.
973078 Added API call to trigger an interface resync. For details, see:
https://docs.fortinet.com/document/fortinac-f/7.4.0/rest-api/611859/post-
device-resync-interfaces
977249 Host removed from GUI when L2-Poll with NEC-QX Switch.
981854 Registration Requests view is visible for admin users that do not have 'Host
Registration Requests' permissions.
982765 Proxy Radius validation and test and save function result in Radius reject
due to incorrect password attribute.
985148 Error Generated when Deleting Guest Account Request with a Blank
Message Field.
985365 Due to synchronization issue, the scheduler page takes too long to load.
989068 Enhanced search functionality using the 'Name' field in FortiNAC Manager
UI under Hosts > Locate Hosts. For details, see:
https://docs.fortinet.com/document/fortinac/9.4.0/fortinac-
manager/955632/locate
Ticket # Description
994775 Port Properties view now displays the current Port_Mode value and
provides a 'Clear' option to reset it to 'NORMAL'. For details see:
https://docs.fortinet.com/document/fortinac/9.4.0/administration-
guide/608458/port-properties
994839 When creating a group with SSIDs, the blue icon is missing.
998758 Captive Portal Authentication Failure message 'Custom text' not taking
effect when we customized it via Portal Configuration.
1003792 RADIUS Auto Registration does not register hosts using machine
authentication (username starts with "host/").
Version 9.4.5
Ticket # Description
971169 SSO addresses not always cleared from internal address cache.
972151 Reboot of FortiNAC after vlan switch causes race conditions with tags being
sent to FortiGate.
Ticket # Description
925603 FortiNAC currently supports one VLAN instance per FortiLink port per
VDOM.
936086 7.4OS FortiLink FortiSwitches are not deleted with their associated
FortiGate.
936053 User & Hosts > Guests & Contractors view is slow to load.
930027, 962032 Portal SSL setting does not stay enabled after FortiNAC services restart,
failover to secondary or resuming control to primary.
951943 Device Profiling Rules fail on 'TCPPortMethod IP not initialized' when the
host has a recent IP in ArpTool.
938165 Ability to skip FQDN parsing during device discovery. For details, see Add
or modify a device and Discovery in the Administration Guide.
973813 MAC notify traps from Aruba CX switches are not processed correctly.
968809 Host view: Failed to retrieve Device Types - An error occurred when
processing your request.
Ticket # Description
974008 Administrator > Users page does not load properly due to an OutOfMemory
condition.
973842 Authentication failure events are generated for Devices authenticating with
802.1x EAP-TLS using preinstalled certificates.
948193 Filters applied in Network>Port changes are not being applied after
updating the selection.
865256 Vendor OUI Device Type based Device Profiling rule is not working as
expected.
946405 Scheduler popup dialog box with CLI Configurations error: a.name is
undefined.
925124 Send Guest Details email is not sent for guest accounts despite the
indication that mail is sent.
846822 FortiNAC failed the NMAP scan due to an old IP reported from the arptool.
910706 Cannot create Guest account with REST v2; results in errors 400 and 500.
903055 Device type field under host tab in default filter for IP Phone is empty.
914051 Clients get 'no failed scans' remediation page, host health status shows
scan failed, no actions possible for the user.
928189 FortiNAC does not send FSSO TAG when internal ARP cache entry is
expected to be updated from the Persistent Agent.
938146 Hosts registered in Google GSuite with a common ethernet adapter are not
properly imported into FortiNAC.
959047 Network device role is not applied when a port is configured for RADIUS.
Ticket # Description
891890 Windows 11 hosts are detected as Windows 10 hosts when using the
Dissolvable agent.
923688 Self Guest Registration Page with Dissolvable Agent is not redirecting to
the Success Page after Scanning.
941702 FortiNAC serves Portal v1 pages if index.html file is present in the system.
960436 FortiNAC is unable to read the ARP table from Forcepoint firewall.
934696 Groups can become corrupted if organized in a fashion that can cause a
logic loop. Example: Group A is both a parent and a child of Group B.
927791 Added support for new CLI login sequences for Ruckus 8200 Switch Series
Version 10.
920800 404 errors are not being handled gracefully when requesting physical MAC
for a specific host.
942642 Ruckus Integration does not support environments with a large number of
SSIDs.
976781 ExportTopology CLI Command does not list all devices that are in the
inventory.
974363 Lantech switch: VLAN change and traps are not functioning.
959490 After creating the new Address Object, all Members in the Members list
become deselected.
951419 HTTPS Status 500 - Internal Server Error occurs when attempting to
access model config from the right-click context menu.
968100 Dell EMC Networking OS10 Enterprise Switch: Aggregate Ports are being
ignored.
870875 Address Group Object 'In Use' button does not display accurate results.
Ticket # Description
811783 Links in the Persistent Agent Summary panel produce redundant results.
958433 FortiNAC sends the API request for Ruckus SZ300 by the wrong port
number.
945086 L2 polling does not function on private VLAN enabled Cisco-XE switches.
949524 Huawei Access Points (AP) are not listed in the FortiNAC inventory.
874037 GUI > Users & Hosts > Host View > Quick Search - Unable to locate the
host by hyphen or no delimiter.
972501 Syslog messages are not sent to the new external log server until a restart
of services is performed.
907504 Fix error messaging when a server cannot be added to FortiNAC Manager.
908777 [GUI] CLI Configuration for Logical Network in Model Configuration is not
applied properly.
941175 Admin UI is showing error 'You do not have permission to access this page'
for specific pages.
968649 DPR using Network Traffic as a method will accept any IP as the
destination.
953685 Secondary takes control too soon after ETH0 comes up.
962475 After a Failover test (hsForceFailover), Reboot and PowerOff is the wrong
behavior from the GUI 'Power Management'.
916289 Aruba AP's are seen as moving between WLC's, and this is initiating L2
polls at a very high rate.
889609 Switch port is not dynamically changed to uplink when a v-edge router is
directly connected to the Cisco switch port.
960060 SNMP traps for link state do not present the port value in event logs the
Ticket # Description
964473 HTTPS Device Profiling Method expects SAN to be present in the certificate
of IoT/OT endpoint devices and fails if not present.
897660 After an upgrade, FSSO information is not being sent for endpoints not
directly connected to FortiGate.
962235 Can't schedule a task in the scheduler to start at 00:00:00 or any time with
00 as the hour.
904624 Host summary panel does not show an accurate total host count.
919423 API endpoint '/host/scan' returns status code 405 (Method Not Allowed) to
POST request.
917032 MICROSENS G6 Switch not modeling properly when switch has 'hide macs
on link ports' feature enabled.
917610 Updated dialog box presented when the root CLI password is changed.
930459 Integration with Tellabs switches including CLI access, changing and
reading VLANs.
926831 Whenever the laptop is connected with a dock and a Persistent Agent
installed, the 'managed by MDM' flag is not showing in FortiNAC.
970763 FortiNAC SSH client no longer supports the weaker SHA1 based kex
algorithms.
952292 System - Groups: XSS executed for "Group Member Of" and "Manages"
actions.
969640 Periodic syncing FSSO for FortiGate & FortiNAC does not work.
966737 FortiNAC does not send dynamic firewall tags down to FortiGate when the
device port is enabled.
Version 9.4.4
Ticket # Description
924690 Using a single dot as the Scan name should be restricted by the API, as it
causes filesystem issues.
833088 Deleting a switch removes all port nesting's removing all ports from
FortiNAC System Port Group.
834025 Allied Telesys devices using standard SNMP for L2 polling fails if there are
entries in the dot1qTpFdb table with a port index of 0.
858184 Custom Subject line for Self Registration Request sent to sponsor does not
reflect custom text.
860595 FortiNAC unable to change admin state on FortiGate firewall physical ports.
866343 Proxy RADIUS support added for Arista switches (802.1x and MAB).
867183 CLI communication can fail due to invalid SSH key when devices using a
Virtual IP (VIP) fail over.A new device attribute (MultiKnownHostEntries)
has been added to address.For details see Model configuration in the 9.4
Administration Guide.
869097 Prioritize the IP -> MAC value provided by RadiusServer for managed
wireless clients.
869605 CLI credentials are removed from the Ubiquiti AP device model after
applying changes.
875287 Added User/Host Profile and Policy Configuration ID validation for API
POSTs to Authentication, Endpoint Compliance, Portal, Supplicant, and
Access policies.
Ticket # Description
877980 Navigating to Logs > Audit Logs generates console error "Missing Type:
LOGICAL_NETWORK" when in Legacy View.
878836 Intune MDM Integration 'Invalid Audience' when using an App registration in
the Azure Government cloud.
882265 FortiNAC is not sending the correct serial number field to FortiAnalyzer
(FAZ).
883046 Fortinac not sending Radius Disconnect/CoA to Aruba IAP when there is a
status change/policy match.
883068 SMTP SMS Gateway service connector: Country code prefix is incorrectly
prepended to outgoing SMS messages.
883080 Local Radius attempts to look up mac addresses in the directory for mac-
auth auth requests.
883129 Mist L2 polling may not function properly due to how Mist devices are
modeled in FortiNAC.
883221 FortiNAC now processes static MAC address entries by default for Arista
switches.
883680 404 response to HTTPS GET when polling Firewall Sessions on FortiGate
running FOS 7.2+.
884329 Base license, User/Host profiles and Network Access Policies throw
permissions errors.
Ticket # Description
884345 Improved error messaging when creating a new device using REST API.
889103 Test Device Profiling Rule option in Network > Inventory Adapters view is
not matching properly.
889132 Global Custom Scans are not fully removed after deleting from
Manager.Consequently, scan cannot be edited or deleted on the managed
FortiNAC server.
890929 Unable to restart server after uploading new license key through UI (Setup
Progress > Enter License Key).
891332 HTTP 500 error when installing license key using Modify License button in
License Management view.
892486 Secondary server in a High Availability configuration does not reflect the
correct concurrent count in License Management.
894157 Guest > View > Send SMS button returns error.
896471 Licensetool not correctly displaying the subscription level from the FortiNAC
Manager.
0896100 , 0896556 Error adding/removing Switch Ports to Port Group from Groups view.
883378, 882567 HA>UI hangs when re-running config HA when connected to the shared
address.
884322, 855084 Type column would not render correctly for Device Profiling Rule.
888616, 893561 System > Scheduler GUI error encountered after upgrade from an older
FortiNAC version.
Ticket # Description
904755 Several log messages related to SSO addressing initialization were always
being printed which filled the logs with unnecessary info.
833305 Guest account password is unmasked on badge when user does not have
password viewing permissions.
901925 Disable revoking admin permissions when all mappings are removed.
899075 NPE in readarp function caused an incomplete ARP table for Sonicwall
appliance.
900284 Issue in TelnetServer that causes the Juniper logout sequence to pause for
the entirety of the current Telnet/SSH timeout.
906953 Check if the device supports the UCD-SNMP-MIB, if so, model as a Ubiquiti
switch.
Ticket # Description
895097 Only return the custom device type if it is a system created device type or if
the type starts with cust_.
894165 Fix to ensure DPC rules with multiple adjacent spaces run correctly.
897921 This allows the hostnames to show up in the firewall session table, but does
not update the host record unless the global option is enabled.
879697 Sync Global Objects and EPC Scans via REST RPC.
911439 Incorrect OID in device properties file - Device support for MICROSENS G6
Switch.
900281 Reverse proxy via FortiPoC causes incorrect URLs in Config Wizard.
907328 Fixed Guest & Contractor table null reporting total when empty.
904624 Host summary panel does not show accurate total host count.
879814 879814 - Users & Hosts - Guests & Contractors - View Accounts - Guest
Account - Max Attendees should not show any number at all because it is
not a conference.
903055 Hosts - Filters - IP Phone - Fixed lack of selection for in the Host->Device
Type dropdown.
896002 Error creating guest accounts with duration greater than 20 days.
907523 Fixed Guest & Contractors table filter function, also fixed option menu
layout issue.
911132 Container status check is now failing due to changes to the NAC sudoers
file.
Ticket # Description
897921 Added code to retrieve the hostname field from the response.
885306 Fixed an issue with regex regarding the WLC Extreme VX9000 MAC table
parsing.
881650 HP J9776A 2530-24G Switch - uplink ports are not properly displayed in
Ports view.
915532 Adding a DHCP scope with invalid label prevents ConfigWizard from
applying any further DHCP scope changes.
919423 API endpoint /host/scan returns status code 405 (Method Not Allowed) to
POST request.
927355 User is unable to edit the current VLAN value in the port properties dialog
on a FortiSwitch modeled in the QA FortiNAC system.
924250 PaloAlto fails validation for CLI testing SSH when REST API is supposed to
be used.
922911 Add missing radius options to the various NEC-QX switch Model
Configuration views.
925117 Fix retrieval of MibId value and add session logout to Ruijie.mib file.
899075 NPE in readarp function causes an incomplete ARP table for Sonicwall
appliance.
910706 Cannot create Guest account with REST v2 results in errors 400 and 500.
889986 Issues while enabling and adding subnets in Require Connected Adapter.
Version 9.4.3
Ticket # Description
833088 Deleting a switch removes all port nesting's removing all ports from
FortiNAC System Port Group.
834025 Allied Telesys devices using standard SNMP for L2 polling fails if there are
Ticket # Description
858184 Custom Subject line for Self Registration Request sent to sponsor does not
reflect custom text.
860595 FortiNAC unable to change admin state on FortiGate firewall physical ports.
866343 Proxy RADIUS support added for Arista switches (802.1x and MAB).
867183 CLI communication can fail due to invalid SSH key when devices using a
Virtual IP (VIP) fail over.A new device attribute (MultiKnownHostEntries)
has been added to address.For details see Model configuration in the 9.4
Administration Guide.
869097 Prioritize the IP -> MAC value provided by RadiusServer for managed
wireless clients.
869605 CLI credentials are removed from the Ubiquiti AP device model after
applying changes.
875287 Added User/Host Profile and Policy Configuration ID validation for API
POSTs to Authentication, Endpoint Compliance, Portal, Supplicant, and
Access policies.
Ticket # Description
877980 Navigating to Logs > Audit Logs generates console error "Missing Type:
LOGICAL_NETWORK" when in Legacy View.
878836 Intune MDM Integration 'Invalid Audience' when using an App registration in
the Azure Government cloud.
882265 FortiNAC is not sending the correct serial number field to FortiAnalyzer
(FAZ).
883046 Fortinac not sending Radius Disconnect/CoA to Aruba IAP when there is a
status change/policy match.
883068 SMTP SMS Gateway service connector: Country code prefix is incorrectly
prepended to outgoing SMS messages.
883080 Local Radius attempts to look up mac addresses in the directory for mac-
auth auth requests.
883129 Mist L2 polling may not function properly due to how Mist devices are
modeled in FortiNAC.
883221 FortiNAC now processes static MAC address entries by default for Arista
switches.
883680 404 response to HTTPS GET when polling Firewall Sessions on FortiGate
running FOS 7.2+.
884329 Base license, User/Host profiles and Network Access Policies throw
permissions errors.
884345 Improved error messaging when creating a new device using REST API.
Ticket # Description
replicated to secondary.
889103 Test Device Profiling Rule option in Network > Inventory Adapters view is
not matching properly.
889132 Global Custom Scans are not fully removed after deleting from
Manager.Consequently, scan cannot be edited or deleted on the managed
FortiNAC server.
890929 Unable to restart server after uploading new license key through UI (Setup
Progress > Enter License Key).
891332 HTTP 500 error when installing license key using Modify License button in
License Management view.
892486 Secondary server in a High Availability configuration does not reflect the
correct concurrent count in License Management.
894157 Guest > View > Send SMS button returns error.
896471 Licensetool not correctly displaying the subscription level from the FortiNAC
Manager.
0896100 , 0896556 Error adding/removing Switch Ports to Port Group from Groups view.
883378, 882567 HA>UI hangs when re-running config HA when connected to the shared
address.
884322, 855084 Type column would not render correctly for Device Profiling Rule.
888616, 893561 System > Scheduler GUI error encountered after upgrade from an older
FortiNAC version.
Version 9.4.2
Ticket # Description
835782 Config Wizard: Entering Application Server license is showing error (500 -
Unable to compile class for JSP)
802335 Getting a JSON string error when setting registered or logged user role on
host view page.
683842 Adapter media type is set to wireless for devices that connect to wired ports
on a Fortigate.
705823 Editing or creating a groupunder NCM > Policy & Objects > Roles > Create
groups opens a new window instead of an overlay on top of the same view.
758623 The status spinner does not complete and page does not refresh when an
"in use" role is deleted.
778575 grabDeviceDebug script for more efficient log collection for device
integration issues.
796969 FortiNAC counts FortiSwitch ports as error ports even though they are UP
and operating.
796972 Virtual port connection state displays as "not connected" even though there
are multiple hosts using that VLAN interface.
800255 DPC IP Range wildcards don't include the full range of IPs that should be
valid.
814476 HP Switch aggregated uplink ports are not properly displayed in Ports view.
814845 Navigation Panel:Some views do not hide the navigation panel correctly.
814926 Policy & Objects > Roles: "unexpected error occurred" message when
configuring the role.
815626 Upload Certificate: Long file name in Certificates field is not rendered
correctly.
821392 Column Filters: performing an Exact Match filter with an empty string has
Ticket # Description
inconsistent results.
821902 Search option for Firewall Groups does not display search results when
editing a Logical Network in a VDOM.
823079 Host Import: Clicking Cancel in Browse dialog removes previously selected
file.
826517 Edit Task: Title has Create Background Task as title (Create instead of
Edit).
827870 Syslog listener addresses for FortiGate add/delete/move messages are not
updated.
829019 NCM High Availability Resume button not working from dashboard.
829290 Context menus now have a menu separator similar to User/Host Profiles.
829361 If captive portal is not configured, High Availability system fails over due to
DHCP server not running.
829379 Unable to upgrade to version F7.2 from Administration UI. If attempted from
CLI, prompts for downgrade.
830902 High Availability configurations may fail with a DHCP related error when
appliances do not have eth1 interfaces configured.
831061 Unable to resume control in a High Availability system using the Admin UI.
832730 Unable to set groups for a role.Settings are not saved during create or edit.
833302 Unable to create a user on the FortiNAC appliance where the same userID
exists on the Manager (NCM).
834041 High Availability Configuraiton page now has text indicating only the Shared
IP is GUI is accessible (when configured).
Ticket # Description
Action.
834772 Exception and 'forever loading' when importing invalid Device Profiling
Rules file.
835143 MSIntune returns partial results during MDM poll causing some host
records to be removed if "Remove Hosts Deleted from MDM Server" option
is enabled.
835551 Upgrade to version F7.2 from previous version gives message that
downgrading is not supported.
836137 No Results Found on RADIUS > Winbind view if results are sorted by
Joined column.
836146 radius.log file can grow too large if debug is left enabled.
836470 Manager (NCM) receives 500 error when running Config Wizard.
837938 Edit User view will not allow for user settings to be changed.
838561 Roles: Entering angle brackets for Name and Notes converts to < and >.
838963 Entering a script as a quick search filter name will execute the script on
create and edit.
839045 RADIUS does not return the port default VLAN ID when the request does
not match any policy or enforcement group.
839399 Rest > Google Domain client POST does not allow empty values.
839888 Rest API documentation: Edit item - specifying ID which does not exist
creates new record with new ID.
839892 Rest API documentation: Typos ('an User' should be 'a User').
Ticket # Description
840218 No records found in FortiNAC "Ports" tab for CISCO ASA interfaces.
840796 Host lookups in MS InTune MDM are now done based on MAC address first
and Serial number as last resort.
841405 Users & Hosts - Locate Hosts: Clicking icon in Views column leads to view
with 'Login failed for: root' message.
841540 "Enable Application Updating" option has been removed from the following
MDM Servers configuration as they do not apply: Google GSuite, MS
InTune, and Fortinet EMS.
841770 Host - Policy Details - Edit Test: performing test does not run.
842569 Modify Group: Clicking the In Use link does not work.
843410 Exceptions in log when creating new Winbind instances under Network >
RADIUS > Windbind.
843414 URLs are not validated before being set/used under System > Settings >
User Host Management > DeviceProfiler.
843509 Corrected mapping for Dell Networking X1026 1Gb Switch.The incorrect
Ticket # Description
mapping prevented FortiNAC from accessing the switch CLI via SSH.
843897 Exceptions in the nessus log running certain DPC rules types.
844417 Under Policy & Objects > Endpoint Compliance: Scans, running a
scheduled task for a scan generates an exception in the logs.
845049 Users & Hosts - Hosts - Adapter Properties: Enabling Adapter is causing
browser console error.
845930 Error in Manager (NCM) UI when synchronizing with a POD that has been
re-added to the Server List.
845935 UI turns gray and does not allow input when scanning a host.
846668 FortiNAC can't process the Mac Notification traps from FortiSwitch running
7.2.1.
846782 Unable to read complete network configuration from Aruba IAP because of
# symbol.
848374 Cryptic error message displayed when setting threat override for an
application as a user who has permissions for only "Users" and "Hosts".
Ticket # Description
848620 Appliances do not start after configuring L2 High Availability with a shared
IP.
848732 Administrators - Users - Copy: Password field populated, but the user is told
to enter a valid password.
848954 New GUI > Users > Dialog maps Allowed Hosts to the wrong data.
849088 Permissions - Dashboard: Logical Network Host Access - panel does not
load.
849140 Control Manager API ping of Secondary Server returns the wrong serial
number, causing ping to fail.
849455 Role view Last Modified By/Date column sorting/filtering does not work.
849459 Network Device Roles - Column Filtering: Access column filter applies filter
opposite of what is specified.
849469 User with custom permissions to only view own Self Registration requests
can see all requests.
849871 802.1x EAP fails authentication after Quarantine VLAN is defined in Model
Configuration.
850913 High Availability:Manager (NCM) not in control displays HTTP Status code
500 when Admin UI is accessed.
Ticket # Description
851010 FortiSwitches in FortiLink mode and VDOMs get corrupted and deleted
during a resync when a VDOM is given a NAS-IP address matching a
FortiSwitch.
851427 Adapters view - Status tooltip values - Media / Access Value fields are
swapped.
852705 Cannot save "Confirm Rule on Interval" setting within Device Proifling rule.
852946 System Management settings cannot be saved due to error (HTTP 500).
853007 Excessive number of API requests sent to Meraki API Cloud, causingL2
Poll to fail.
853025 Nested port groups are not sychronized from Manager (NCM) to managed
FortiNAC appliance.
853833 API - Portal Policy - POST: Unable to create an entry without specifying
ENABLED.
853894 Exceptions in logs after adding devices to L3 polling with create rogues
enabled.
854205 API - Network Access Policy - POST: Unable to edit an entry without
specifying RANK.
854228 nac sudoers file needs journalctl entries with no unit param passed.
854675 Removed API call for usage of an Endpoint Compliance Policy. There is no
Ticket # Description
854782 API - Endpoint Compliance - Scans - POST: Result for "copy" differs when
run from API versus UI.
854800 API - Endpoint Compliance - Scans - POST: Editing a scan with bad ID
results in inconsistent error.
855065 API - Endpoint Compliance - Scan - GET: Issuing request for /product is not
returning results.
855891 FSSO failing to send to FortiGate for hosts with Persistent Agent due to lack
of IP address.
855897 Added CLI Configuration in Model Configuration view for Huawei Switch
S5731-H48P4XC.
856217 Hosts discovered by certain MDMs are incorrectly marked as having a PA.
856350 Unable to Admin Up a port via port properties in Adapter view.Incorrect port
is shown.
857035 FortiNAC cannot read the MAC-Address table for Extreme Networks
Controller.
857360 Duplicate instances of the same IP address under Settings > Log Receivers
could (incorrectly) be created.
858213 Under Users & Hosts > Device Profiling Rules, warnings are generated in
the logs when importing an exported device profile rules XML file.
858669 Dashboard widget "Logical Network Host Access" does not show correct
name, and does not update if logical network name changes.
Ticket # Description
859149 VLAN IDs not available under Model Configuration for APs managed by
Extreme WLC .
859702 Enhanced Palo Alto SSO REST API to allow for bulk messaging.
860493 Hosts that have disconnected from Westermo switch continue to display as
"connected" in FortiNAC.
861633 Switch doesnt have ability to add CLI config for our VOIP VLAN.
861985 Run FortiGuard IoT Scan from the Adapter View results in an error.
861989 Inventory > Events > Note is displaying the escaped text.
863831 Passive Agent Configuration allows angle brackets in the name, resulting in
extra characters added to the name.
863840 Network Access Policies with angle brackets in the name cause additional
characters to be added on modification.
863859 User Host Profiles created with angle brackets in the name show up with a
blank name in the view.
863872 Angle brackets are no longer allowed to be used in the name when creating
roles.
865136 User/Host Profile - Who/What Attrs - HTML values not rendering in modify
dialog.
865138 The host profiles displayed in Portal Policy Add/Modify dialog could fail to
appear.
865165 Creating Host with Custom Device Type, when using a name that contains
angle brackets, results in a broken image.
865169 Hosts - Adapter Info: Adapter Description is empty if entered with angle
brackets.
Ticket # Description
865268 The Policy Details dialog for a host is converting angle brackets for
user/host profiles, policies, and configurations.
866419 No landing page set for Config Wizard only users under Users & Hosts >
Administrators > Profiles > Permissions.
866432 Admin users with only System Settings permissions receive an error when
accessing the Allowed Domains page.
866535 Profile Device User > Profiled Devices > Select Notes receives an error.
867293 Remote SSH backup reports "SSH keys are not configured properly" when
"Test Connection" is clicked.
867366 Configuring IPv6 address in Basic Network Config Wizard page results in
exception. Page goes blank.
869948 Cannot enable/disable Network Access Policies from the Network Access
Policy View.
0834094, 0834089, 0845505, Global objects may not synchronize correctly (including Device profiling
0845493 rules, groups and group members) between the Manager (NCM) and
managed appliances.
0856192 , 0864253 FNAC FSSO does not send required groups to FortiGate.
835551, 836475 Upgrade from previous version gives message that downgrading is not
supported.
Version 9.4.1
Ticket # Description
734571 Clicking import and apply without selecting a file imports the last imported
file.
784543 Portal policy permission set is required to send guest email details from
Guests and Contractors view.Otherwise, 403 error is thrown.
789840 Users & Hosts > Guests & Contractors : The description in the popup
window for Send SMS are not correct.
789970 FortiNAC does not send SSO messaging to all slots in FortiGate 6000 &
7000 chassis.
790393 In RADIUS view, able to delete TLS Service Configuration which results in
invalid state and browser error.
791751 In some cases, importing hosts with siblings (Adapters that are on the same
host) can result in "null" error.
791889 Audit Logs do not report the Adds from a Host Import.
796965 Inconsistency with device count & results returned from clicked for more
details in Network Devices dashboard tile
799401 SNMP MAC-Notification trap support for Dell EMC Networking N3248P-
ON.
Ticket # Description
803382 Audit Log service does not use the Audit Log permissions.
804759 In Users & Hosts > User Accounts, clearing a value in the search box and
clicking enter results in several empty rows.
804913 When clicking the count of hosts in the Logical Network Host Access tile,the
list of MAC addresses used to query the hosts is not clearing.
806616 RADIUS Change of Auth (COA) does not complete when hosts are
deleted.Consequently, VLAN switching does not occur and host is not
isolated.
806666 Duplicate label in both overlays within the Network Events view.
806936 Importing Mist APs with CLI import tool does not add the AP models to the
L2 Wireless nor Device Interface Status groups.
807311 After NAC services restart: MAB RADIUS session times out due to
FortiNAC being busy in SSH communication with the switch.
807396 Logical Network Host Access dashboard tile not displaying accurate
counts.
808084 Send SMS in Guestserver is using user record to send the sms when it
should be using the guest record.
Ticket # Description
809857 Network > Service connectors > REST SMS gateway : password is set to
null after upgrade.
811447 Upgrade failed due to: Operation CREATE USER failed for nac@localhost.
811479 High Availability: RADIUS service can start/run on primary when secondary
is in control.
812581 Duplicate user ID exceptions during RADIUS auth when userID does not
match the name in an email address.
812674 RADIUS Change of Auth (CoA) is not being sent to Huawei wireless after
host has registered.Prevents changing VLANs.
812908 /var/log/messages is not rotating,generating large files and high disk usage.
812930 SSO tags not being sent in 9.4.0 without group option being set.
814493 Restarting admin GUI may result in loss of access to GUI until server
restarted.
814631 Ports not properly configured using Aruba CLI scripts.FortiNAC reads Port
ID for the port variable instead of port number.
815352 Logical network configuration mappings can return the wrong value when
host is connected via more than one interface.
815732 Obsolete RADIUS support message has been removed from generic
SNMP device Model Configuration view.
Ticket # Description
816871 System Update settings do not update on the Secondary Server in High
Availability environments.
816877 Host icon does not match the icon assigned by Device Profiling Rule
817022 Hosts View - Rogue record Host Name is not updated from DHCP.
817563 In certain cases, the Network Events view does not load and Network tab
displays HTTP errors.
817767 CLI failure on Alaxala switch with enable password bypass configured.
819470 Fingerprints that can match Windows 2012 do not indicate Windows 2012.
819753 FSSO Tag assignment is not triggered before the next L3 poll.
820375 Meraki ( and possibly other ) devices incorrected managed with Generic
Radius plugin.Symptoms include the Change of Auth (CoA) packet being
sent over the wrong port.
821244 Device Profiler failing to match Fortiguard method when Fortiguard polling
returns confidence values over 127.
821527 RADIUS does not start after upgrade from 9.4.0.0717 GA to 10.0.0.0013.
821656 Help tips added in the Settings panel for the RADIUS Widget in dashboard.
823908 Aruba switch device failed to connect using valid CLI credentials.
Ticket # Description
825766 Adapters View - Status tooltip clips if it contains more than 2 rows of data.
826648 Wireless hosts are not displayed correctly in Meraki AP device port/adapter
view.
833332 When an Admin user changes their own password, and error message
appears and they are immediately logged out.
833429 Config Wizard: Clicking Next or Back on any non-Basic Network page
returns user to Basic Network page.
833445 Config Wizard - Add/Modify Scope: Clicking Help opens page with 9.4
version loaded by default.
833700 RADIUS server fails to enable when upgrading from build 0721 to 0722.
834479 When creating a new user via the REST API (and thus GUI), the password
was not hashed properly.
0810167, 0810180 Fixed fingerprints for iOS, FortiGate and FortiSwitch.Previously, they could
match the wrong devices.
751468, 811479, 770730 RADIUS/Winbind services need manual startup to handle system reboot.
Version 9.4.0
Ticket # Description
692446 Added Preserve Port Names option to update port names when changed at
the switch. Option can be modified at the switch and global level. See
Device properties and Network device in the administration Guide for more
information.
709286 New UI menu to download log files for troubleshooting. See Download logs
in the 9.4 Administration Guide.
733943 Changing password in bulk using Set Model Configuration sets the same
username for all selected devices.
747921 Portal renaming does not rename the associated CSS files.
752941 GUI option to select the RADIUS MAC delimiter for Juniper Switches
756167 RADIUS view sort by Winbind column fails, shows empty table.
756499 MicroSoft InTune MDM integration does not support latest API.
759018 Admin user with admin user profile permissions to Access, Add/Modify and
delete "Users" is unable to create a new regular user.
762071 Radius Auth/EAP Type columns empty in Network > Device > Ports >
Adapters table.
770208 Juniper switches fail to change VLAN on ports that are RADIUS enabled.
770974 Event Lifetime alarm trigger rule is not being honored when configured.
773828 Not polling L2 information from PNetworks switches with latest firmware.
Ticket # Description
779414 Client filter for User Accounts, Hosts, and Adapters not functioning properly
rewrite of OmniSources.
781520 RADIUS COA failing for FortiAP when hosts are deleted.
782418 Hide Accepted Requests Enabled and click on Expand Widget - Widget
shows Accept Requests
782740 Unable to read default and current vlans for Ruijie switches.
782760 Huawei S7706 switch is not reflecting the interface port number correctly in
the Label column.
783552 NAC service not running at startup when no IP address is configured for
eth0. This causes "Processes Down" to display in UI.
Ticket # Description
784346 RADIUS Reject doughnut is not centered if filter does not include any reject
counts.
784618 RADIUS Failures after upgrading from 8.5 to 8.8 due to bad secret.
785367 RADIUS GroupName - Group Members list does not show all members.
785438 A None/Use Default option has been added to Users Dialog > Mobile
Providers.
786277 RADIUS Group - Exception when user group already exists with Type non-
User.
786434 Allow changing CLI Passwords from Secondary and FNAC-A systems.
786670 Exception thrown when loading Logical Network Host Access tile.
786744 User Accounts view > create user is not passing password as encoded, and
will not match auth requests.
786751 Distinguished Name (DN) can now be used in User view filters.
786785 Not able to add ciphers under RADIUS > TLS config page.
787271 Certificate Management View - Server Certs & Trusted Certs views both
showing results from both views.
787563 Fix null pointer exception during SNMP read of Meraki L2.
787584 Logical Network Host Access host info slider not displaying info.
788066 Server startup delayed by incorrect thread start logic on Network Session
Event updater.
Ticket # Description
788089 RADIUS service will not start after upgrade to 9.2 if winbind is not fully
configured.
788119 Network Events table does not show totals for Event Type column.
788849 New dashboard tiles relating to Connections were incorrectly not masking
the background.
789018 Service Connectors > REST SMS Gateway > The required fields should be
the same in create and edit page
789061 Service Connectors > REST SMS Gateway > HTTPs Toggle is not working
expectedly when API URL is specified with https.
789309 Filtering on the column Type does not work on Network Events.
789316 Deleting multiple User Accounts in a row does not delete all user in table.
789396 Service Connectors > REST SMS Gateway > Overview: Cant tell which
REST SMS Gateway is set as default.
789763 When changing the date via the Settings tile, Recent Hosts tile date range
not updating properly.
789865 Network > Service Connectors > REST SMS Gateway: The default
Ticket # Description
790580 Network > Service Connectors > REST SMS Gateway: Security Incidents
of a host doesn't trigger the corresponding SMS.
790747 FGT interface with VLANs does not show device connections to VLAN sub
interfaces for traps.
790854 Failure to properly read Cisco trunk ports results in undesired VLAN
switching.
790904 Creating new user as non-admin hangs retrieving Role dropdown values.
791276 Clicking EULA Link When Logging In As New User Goes To Broken Link.
791327 FortiNAC is changing WAP Uplink ports Current VLAN to match the Default
VLAN.
791841 Edit Host Dialog > Device Type is not reading/writing the correct value.
792514 A remote unauthorized user can gain the version of the Tomcat used by
FortiNAC by sending an HTTP GET request.
794036 User Record values must be populated automatically if the user exists in an
Active Directory or an NCM.
Ticket # Description
794791 Admin user is brought to the last-viewed page when logging in to UI instead
of designated Landing page.
794937 The Recent Hosts widget is not displaying addtional host info when clicking
counts.
795243 Portal - Request Processing Rules: Text at edge of window for Auto
Configure and Publish.
795260 Local RADIUS Server not returning proxy-state attribute in Access Accept
for Motorola/Extreme Networks WiNG VX 9000.
795260 Motorola controllers proxying AP auth requests send Proxy-State attr and
expect it unchanged in response. RADIUS (local) does not send it back.
795623 Log output from Windows Profile method when parsing fails.
796065 Unable to set device profiling to Host to Logged in User (if Present) on
NCM.
796145 Guest and Contractors > Select one and View > send SMS throws a null
pointer exception.
796259 In Pending Tasks page, tasks are allowed to be completed, even if their
parent task is incomplete.
796659 Host information does not display when clicking "Total Count" on Persistent
Agent Summary widget.
796663 Setting option for Persistent Agent System Page is not allowing to toggle
between visualizations.
796908 Clicking the number in the Logical Network Host Access tile does not open
the hosts slide.
796965 Network Device Summary widget not showing complete switches and
Wireless AP counts.
797439 Host > Edit Host > Cannot change the Role or manually Register as Device.
Ticket # Description
797919 Network > Service Connector > REST SMS: All of the SMS sent out using
the default SMS Gateway even when the mobile provider is set.
798181 RADIUS Service Host MAC filter does not print debug if supplicant does not
use colon mac delimiter.
798234 Rejected Hosts view in RADIUS Activity tab doesn't properly filter table
results to exclude a specific reject cause.
798511 Upgrading from 0159 to 0160 results in error: Access denied for user
nac@localhost (using password: NO).
798651 Can not access RADIUS Activity view if user has "Activity" but not "Local
Service" RADIUS view permissions.
798665 REST SMS Gateway: In Captive network > Guest Self Registratiion page,
when Mobile Provider=None, the SMS is not sent.
800323 Policy name in Admin Profile > Permissions are not consistent with policy
name in Policy & Object.
800408 API query for FLink FSW data deprecated in FOS 7.2+.Prevents
FortiSwitches in Link mode from being added to Inventory when the
managing FortiGate is discovered.
800811 User with permission for access users is also able to delete user.
801252 RADIUS not mapping to correct AD server when kerberos and netbios
names differ for a single winbind instance.
801661 GUI - URI navigation drops query params, losing tab indicator, prevents
direct links to secondary views.
Ticket # Description
802343 The message template under Notify User Via Email is not editable in Self
Registration Login Portal Configuration.
802372 Vulnerability Scan Status on Host view page displays as "-1" instead of
passed, failed or not scanned.
802913 Clicking Cancel in Create User view results in browser console errors.
803061 Multicast IPv6 addresses can now be excluded using the MAC address
Exclusion view. See MAC address exclusion in the 9.4 Administration
Guide for details. Note: After upgrade, toggle the option off and on in order
for the function to take effect.
803651 Model Config of VDOM reports 404 error and exception in output.master.
803745 Top Host Activity Widget - maps Device Type to User&Hosts > Hosts >
Operating Systems Column instead of Device Type.
803745 The Top Host Activity tile was using getTypeLabel instead of getIconType
to populate the Device Type column
804913 Logical Network Host Access total count slide out shows all hosts for the
Logical Network instead of only hosts for the specificed time sample.
806141 Network > NetworkEvents Type, LogicalNetwork and NetID is not showing
expected data.
806282 When a user attempts to complete a task via the notification bell, and it has
a parent task that is still open, it incorrectly displays a "Changes Saved"
message.
Ticket # Description
807383 The POST method to add a new HostRecord has changed in this
version.POST attempts using the old API call fails.
782391 RADIUS health activity- Current last 90 min does not match Timeline Chart
782386 Time Span for 90 min
784737 Location and IPRange method match failure prevent matching lower rank
785526 rules.
Ticket # Description
1010097 Re-scanning a host at risk causes false positives having Required Critical
Updates applied on endpoint compliance scan.
1002475 Unable to scan using Dissolvable Agent with spaces in scan name.
827283 The Roaming Guest Logical Network is missing from the Model
Configuration of FortiGate and possibly from other vendors.
974270 Non fabric root FortiGate do not have dynamic tags after firmware update.
924474 Unable to select SSIDs when creating/modifying a port group under System
> Groups. Workaround: Under SSID tab, right click SSID, select Group
Membership & select the desired group.
800326 Cisco chassis switch with a Cisco WLC connected via port channel shows
as a rogue.
863826 License Management view in the UI always displays "Base" for the License
Name when using subscription licenses. Workaround: Use the License
Information Dashboard Widget.
824088 Unable to update existing Registered Host records using Legacy View >
Hosts > Import.
767548 Register Game system with Host Inventory success page is not working.
710583 L2 Polling Mist APs can result in more API requests than Mist allows per
Ticket # Description
hour.
708936 FortiNAC will log off SSO for sessions that remain connected to a managed
FortiGate IPSec VPN tunnel after 12 hours.
Not all models of all network devices can be configured to perform Physical
MAC Address Filtering even though the Admin UI indicates that the
configuration can be set. Resolution: Hosts can be disabled by
implementing a Dead-end VLAN.
For Portal v2 configurations, web pages that are stored in the site directory
to be used for Scan Configurations will not be included when you do an
Export of the Portal v2 configuration. Resolution: The files in the site
directory are backed up with the Remote Backup feature, but otherwise
keep a copy of these files in a safe place.
The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all
hosts marked At-Risk to Safe. However, the status of the individual scans
for each host remain unchanged.
System > Settings > Updates > Operating System will only record and
display dates of OS updates that are completed through the Administrative
UI. If Operating System updates are run via command line using the "yum"
tool, the update is not recorded. Resolution: Execute Operating System
Updates through the Administrative UI in order to maintain update history.
Ticket # Description
897151 Device mapping for Cisco C9800-AP's adds AP's as a Cisco 9800 Wireless
controller. Cisco C9800-AP Software is not currently supported.
7680531 Ubiquiti Gen2 Unifi switches (example: USW-16-POE) are currently not
supported. If required, contact sales or support to submit a New Feature
Request (NFR).
At this time, integration with Cisco 1852i Controller is not supported due to
the device's limited CLI and SNMP capability. For details, see related KB
article 189545.
At this time, Fortinet does not support wired port management for the Cisco
702W. The access point does not provide the management capabilities
required.
At this time, Fortinet is not able to support the Linksys LAPN600 Wireless-
N600 Dual Band Access Point.
Device models for Avaya 4800 switches (and potentially other related
models) only support SSH. Device models for Avaya Ethernet Routing
Switches only support Telnet. Contact Support if the alternate protocol is
required.
Device Support
These changes have been made in FortiNAC Version 9.4.6. These are in addition to the device support added
in previous releases.
Version 9.4.6
Ticket # Description
981176 Intelligent IEC 61850-3 28-port rack mount managed Gigabit Ethernet
switch with 4 slots
Ticket # Description
Version 9.4.5
Ticket # Vendor
Ticket # Vendor
Version 9.4.4
Ticket # Vendor
906953 Several models of Ubiquiti UniFi switches are identified as Ubiquiti APs.
Ticket # Vendor
Hirschmann RSR
Cisco IOS Software, ir800 Software (ir800-UNIVERSALK9-M), Version
15.9(3)M5, RELEASE SOFTWARE (fc1)
Cisco IOS Software [Cupertino], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9_IOT-M), Version 17.9.1, RELEASE SOFTWARE (fc8)
906953 Updated the element type and used CommonSNMP to read Ports.
914193 Encountered issues with Brocade switch - not all VLANs are visible,
Ticket # Vendor
906953 Introduced a property allowing the use of CLI to read VLANs from Unifi
Switches.
915803 FG600F_India
ExtremeXOS (X465-24MU-24W) version 32.3.1.11 32.3.1.11 by release-
manager on Fri 16 Dec 2022 11:30:47 AM UTC
NetVanta 1234 PoE, Version: R13.10.2, Date: Tue Aug 31 13:29:02 2021
SF350-48P 48-Port 10/100 PoE Managed Switch
48-port 10/100/1000 Ethernet Switch with PoE
24-port 10/100/1000 Ethernet Switch with PoE
924265 Huawei Versatile Routing Platform Software VRP (R) software, Version
8.100 (CE5855EI V100R005C10SPC200) Copyright (C) 2012-2015
Huawei Technologies Co., Ltd. HUAWEI CE5855-24T4S2Q-EI
Cambium cnPilot E400 Access Point
Quidway S7712 Huawei Versatile Routing Platform Software VRP (R)
Software, Version 5.170 (S7700 V200R010C00SPC600) Copyright (c)
2000-2016 Huawei Technologies Co., Ltd
Aruba Instant On 1830 24G 12p Class4 PoE 2SFP 195W Switch JL813A,
InstantOn_1830_2.5.0.0 (48), Linux 4.4.120, U-Boot 2013.01 (V1.0.0.17)
S5710-28C-EI Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.110 (S5710 V200R001C00SPC300) Copyright (C)
2007 Huawei Technologies Co., Ltd.
Ticket # Vendor
918683 Changed the end-of-line value to a carriage return for TP-Link switches.
871657 Pnetworks switches with newer firmware are identified as generic firewalls.
Version 9.4.3
Ticket # Vendor
Ticket # Vendor
891820 Aruba JL817A 4100i 12G CL4/6 POE 2SFP+ DIN Sw RL.10.10.1040
Huawei S1720-10GW-PWR-2P-E
Cisco IOS Software [Gibraltar], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9_IAS-M), Version 16.10.1b
Aruba 6000 48G 4SFP Switch
Version 9.4.2
Ticket # Vendor
Ticket # Vendor
845410 CBS350-24P-4X 24-Port Gigabit PoE Stackable Managed Switch with 10G
Uplinks
S6720-30C-EI-24S-AC Huawei Versatile Routing Platform Software VRP
S6730-H48X6C Huawei Versatile Routing Platform Software VRP
S5735-L8P4X-IA1 Huawei Versatile Routing Platform Software VRP
Ticket # Vendor
Version 9.4.1
Ticket # Vendor
Ticket # Vendor
Version 9.4.0
Ticket # Vendor
781634 Add Device support from set mapping emails (Huawei S5700-52P-LI-AC)
Ticket # Vendor
Fortigate fwf51E
Quidway S9712 Huawei Versatile Routing Platform Software VRP (R)
Software
Brocade Communications Systems, Inc. FastIron SX 1600
CCB 1st Sessions Court FS108F Meraki MR36H Cloud Managed AP
796633 fortigate
Cisco IOS Software, C1000 Software (C1000-UNIVERSALK9-M), Version
15.2(7)E4
Aruba R8N87A 6000 24G CL4 4SFP Swch PL.10.08.1010
Meraki MS355-48X2 Cloud Managed Switch
Dell EMC Networking OS10 Enterprise.S5224F-ON
801676 HPE Comware Platform Software, Software Version 7.1.070, Release 6327
SG350XG-24F 24-Port 10G SFP+ Stackable Managed Switch
SG300-28SFP 28-Port Gigabit Managed SFP Switch
Linux PA-Mac-Ops-BCKPF-S 4.14.76-release-1.3.0 1 SMP
Aruba JL725A 6200F 24G CL4 4SFP+370W Swch ML.10.09.1000
Cisco IOS Software [Cupertino], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9-M), Version 17.7.1a
Cisco Sx220 Series Switch Software, Version 1.1.3.1
CBS350-24P-4G 24-Port Gigabit PoE Managed Switch
Firewall OCI Unimedsc
Palo Alto Networks VM-Series firewall
Canton-Firewall
783982 S5720-12TP-LI-AC
S5720-36PC-EI-AC
S5720S-52P-SI-AC
S5700-10P-PWR-LI-AC
Ticket # Vendor
Field Definition
Numbering Conventions
l Release Notes pertain to a certain version of the product. Release Notes are revised as needed. The Rev
letter increments accordingly. For example, updating the Release Notes from Rev C to Rev D indicates
changes in the Release notes only -- no changes were made to the product.
l The next number represents the version in which a Known Anomaly was added to the release notes (for
example, V8.0).