FortiNAC - Release Notes

Version 9.4.8
FORTINET DOCUMENT LIBRARY
[Link]

FORTINET VIDEO GUIDE

[Link]

FORTINET BLOG
[Link]

CUSTOMER SERVICE & SUPPORT

[Link]

FORTINET TRAINING & CERTIFICATION PROGRAM

[Link]

NSE INSTITUTE
[Link]

FORTIGUARD CENTER
[Link]

END USER LICENSE AGREEMENT

[Link]

FEEDBACK
Email: techdoc@[Link]

November 24, 2024

FortiNAC 9.4.8 Release Notes
49-922-769106-20211216
 TABLE OF CONTENTS

Change log 5
Overview of Version 9.4.8 6
Notes 6
Supplemental Documentation 6
Version Information 6
Upgrade Requirements 8
Upgrade path 9
Pre-upgrade Procedures 11
Compatibility 13
Agents 13
Web Browsers for the Administration UI 13
Operating Systems Supported Without an Agent 13
What's new 14
New features in 9.4.8 14
Important notice 14
New features in 9.4.7 14
Important notice 14
New features in 9.4.6 14
Important notice 15
New features in 9.4.5 15
Important notice 15
New features in 9.4.4 15
Important notice 15
New features 15
New features in 9.4.3 16
Important notice 16
New features in 9.4.2 16
New features in 9.4.1 16
New features in 9.4.0 16
Enhancements and Addressed Issues 19
Version 9.4.8 19
Version 9.4.7 19
Version 9.4.6 23
Version 9.4.5 25
Version 9.4.4 31
Version 9.4.3 37
Version 9.4.2 40
Version 9.4.1 50
Version 9.4.0 55

FortiNAC 9.4.8 Release Notes 3

Fortinet Inc.
 Known Issues Version 9.4.8 64
Known Issues Version 9.4.7 66
Device Support Considerations 69
Device Support 70
Version 9.4.8 70
Version 9.4.7 72
Version 9.4.6 74
Version 9.4.5 75
Version 9.4.4 77
Version 9.4.3 79
Version 9.4.2 81
Version 9.4.1 83
Version 9.4.0 85
System Update Settings 86
Numbering Conventions 88

FortiNAC 9.4.8 Release Notes 4

Fortinet Inc.
Change log

Change log

Date Change Description

November 24, Initial release.

2024

FortiNAC 9.4.8 Release Notes 5

Fortinet Inc.
Overview of Version 9.4.8

Overview of Version 9.4.8

FortiNAC v9.4.8 is the latest release being made available to customers to provide functionality and address
some known issues. Build number 0853.

Critical information about upgrading your FortiNAC should be viewed in New Features.

Notes

l Starting from 9.1.0, FortiNAC uses a new GUI format. FortiNAC cannot go backwards to a previous
version. Snapshots should always be taken on virtual appliances prior to upgrade.
l Prior to upgrading, review the FortiNAC Known Anomalies posted in the Fortinet Document Library.
l If using agents or configured for High Availability, additional steps may be required after upgrade for proper
functionality. See Upgrade Instructions and Considerations posted in the Fortinet Document Library.
l CentOS 7.4 or higher is required. The current CentOS version installed is listed as "Distribution" in the CLI
login banner or typing "sysinfo".
Example:
> sysinfo
************************************************************************
Recognized platform: Linux
Distribution: CentOS Linux release 7.6.1810 (Core)
If the CentOS version is below 7.4, run OS updates and reboot before upgrading. For instructions on
updating CentOS, refer to the Fortinet Document Library.
l For upgrade procedure, see Upgrade Instructions and Considerations posted in the Fortinet Document
Library.

Supplemental Documentation

The following can be found in the Fortinet Document Library.

l FortiNAC Release Matrix

Version Information

These Release Notes contain additional Enhancements, Device Support, and features. Unique numbering is
used for the various components of the product. The software version and Agent version supplied with this
release are listed below.

FortiNAC 9.4.8 Release Notes 6

Fortinet Inc.
Overview of Version 9.4.8

Version: 9.4.8
Agent Version: 9.4.0
A newer Persistent Agent may be required to support certain antivirus and anti-spyware products. Refer to the
Agent Release Notes in the Fortinet Document Library.
Firmware version represents a collection of system services and operating system features imaged on to the
appliance before it leaves manufacturing. The firmware image cannot be updated by a Fortinet customer.
Services within the image are updated by Fortinet or a certified Fortinet Partner in appliance maintenance
packages released as new more robust and secure versions of services become available.
Note: Upgrading software versions does not change firmware nor does it automatically require an upgrade to
the Persistent Agent. Newer Persistent Agents are not compatible with older software versions unless that
capability is specifically highlighted in the corresponding release notes.

FortiNAC 9.4.8 Release Notes 7

Fortinet Inc.
Upgrade Requirements

Upgrade Requirements

Ticket # Description

931408 Under Portal > Portal SSL the "Disabled" option is no longer available as
of FortiNAC v9.4.5, vF7.2.5 and vF7.4.0. If using this option, install SSL
certificates in the Portal target prior to upgrade. See Certificate
management in the Administration Guide.

Legacy SSH Ciphers Vulnerable Diffie-Hellman SSH Ciphers were removed from versions 9.2.8,
9.4.4. F7.2.3 and greater. The removal of these ciphers can cause SSH
communication to fail between FortiNAC and network infrastructure devices
still using these legacy ciphers. Depending upon the device, resulting
behavior can vary from failing L2 and L3 polling to failing VLAN switching.
The following events would be generated for the affected device:
l L2 Poll Failed

l L3 Poll Failed
l VLAN Switch Failure
The legacy ciphers must be re-added to FortiNAC via the CLI after upgrade.
For details, see KB article [Link]
F/Troubleshooting-Tip-SSH-communication-fails-after-upgrade-due-to/ta-
p/281029

FortiNAC License Key: Upgrading to this release requires the FortiNAC

License. It is possible, however unlikely, older appliances may not have this
specific type of license key installed. In such cases, an error will display
during the upgrade. For additional details, see KB article
[Link]
fails-with-license-requirement-error/ta-p/246324

892856 High Availability and FortiNAC Manager Environments: The following are
required as of 9.4.3:
l Key files containing certificates are installed in all FortiNAC servers.

License keys with certificates were introduced on January 1st 2020.

Appliances registered after January 1st should have certificates. To
confirm, login to the UI of each appliance and review the System
Summary Dashboard widget (Certificates = Yes). If there are no
certificates, see Importing License Key Certificates in the applicable
FortiNAC Manager Guide.
l Allowed serial numbers: Due to enhancements in communication
between FortiNAC servers, a list of allowed FortiNAC appliance serial
numbers must be set. This can be configured prior to upgrade to avoid
communication interruption. For instructions, see Pre-upgrade
Procedures.

885056 All devices managed by FortiNAC must have a unique IP address. This
includes FortiSwitches in Link Mode: Managed FortiSwitch interface IP
addresses must be unique. Otherwise, they will not be properly managed

FortiNAC 9.4.8 Release Notes 8

Fortinet Inc.
Upgrade Requirements

Ticket # Description

by FortiNAC and inconsistencies may occur. This is also noted in the

FortiSwitch Integration reference manual.

9.2 As of Persistent Agent version 5.3, there is no option to disable secure

agent communications. Agents upgraded from previous versions to 5.3 or
greater will communicate over TCP 4568 regardless of the
"securityEnabled" Persistent Agent setting. Therefore, the following must
be done prior to upgrading hosts to agent version 5.3:
Ensure valid SSL certificates are installed in the Persistent Agent Certificate
Target. For details see section Certificate Management in the
Administration Guide.
Packet Transport Configurations must have TCP 4568 listed. For
instructions see section Transport configurations in the Administration
Guide.

9.2 The number of Operating System and Anti-Virus program options in the
Scan Configuration have been reduced. Only those currently supported or
commonly in use are now listed. For a list of available Operating Systems
and Anti-Virus programs, see KB article 198098.

834826 As of FortiNAC versions 9.4.2 & vF7.x, Persistent Agent communication

using UDP 4567 is no longer supported.
It is recommended the following be checked prior to upgrade to avoid agent
communication disruptions:
SSL certificates are installed for the Persistent Agent target
Persistent Agents are running a minimum version of 5.3
For additional details see KB article 251359.
[Link]
communication-using-UDP-4567-no-longer/ta-p/251359

Upgrade path

Important notice
Version 9.1.7 may directly upgrade to 7.x, without any intermediary steps.
However, Version 9.1.6 must follow this path:
9.1.6 > 9.2.6 > 7.x

Current Version Target Version Upgrade Path Ticket #

Requirement

9.4.0 9.4.8 None N/A

9.4.1

FortiNAC 9.4.8 Release Notes 9

Fortinet Inc.
Upgrade Requirements

Current Version Target Version Upgrade Path Ticket #

Requirement

9.4.2

9.4.3

9.4.4

9.4.5

9.4.6

9.4.7

9.1 9.4 None

9.2

9.1.6 9.2 9.2.4 or higher 798530

8.2 or lower 8.4 or higher Upgrade to 8.3 first

FortiNAC 9.4.8 Release Notes 10

Fortinet Inc.
Pre-upgrade Procedures

Pre-upgrade Procedures

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following
procedure should be done prior to upgrade to prevent communication interruption.
l This configuration applies to FortiNAC version 9.4.3 and greater.
Configure all servers to allow communication between each other. This is done using an attribute that lists all
the allowed serial numbers with which appliances can communicate.
Steps
1. Confirm key files containing certificates are installed in all FortiNAC servers.
Administration UI Method:
The System Summary Dashboard widget should show 'Certificates = Yes'.
CLI Method:
Virtual appliance: Log in to the CLI as root and type:
licensetool

Physical appliance: Log in to the CLI as root and type:

licensetool -key FILE -file /bsc/campusMgr/.licenseKeyHW

Response from the above commands should show:

"certificates =[xxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxx]".

If 'certificates = []' or there is not a 'certificates' entry listed at all, keys with certificates must be
installed. See Importing License Key Certificates in the FortiNAC Manager Guide.
2. Compile the allowed serial number list. In a text file (Notepad, etc), document the serial numbers of each
appliance. Serial numbers can be obtained in the following ways:
l Customer Portal ([Link]
l System Summery Dashboard widget in the Administration UI of each appliance
l CLI of each appliance using licensetool command
Example:
FortiNAC Manager A (primary) & B (secondary)
FortiNAC-CA servers A (primary) & B (secondary)
FortiNAC-CA server C

Record serial numbers for:

FortiNAC Manager A: FNVM-Mxxxxx1
FortiNAC Manager B: FNVM-Mxxxxx2
FortiNAC-CA server A: FNVM-CAxxxxx4
FortiNAC-CA server B: FNVM-CAxxxxx5
FortiNAC-CA server C: FNVM-CAxxxxx6
3. In the same text file, write the following command, listing all the serial numbers recorded in step 2:

FortiNAC 9.4.8 Release Notes 11

Fortinet Inc.
Pre-upgrade Procedures

Command:
globaloptiontool -name [Link] -setRaw
"<serialnumber1>,<serialnumber2>,<serialnumber3>"

Example
globaloptiontool -name [Link] -setRaw "FNVM-Mxxxxxxx1,FNVM-
Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6"

4. Perform the following steps on all servers.

a. Log in to the CLI as root.
b. Paste the globaloptiontool command from the text file.
Note:
l The message "Warning: There is no known option with name: [Link]" may
appear. This is normal.
l In High Availability configurations, only the Primary Server need to have the command entered.
Database replication will copy the configuration to the Secondary Server. Using the above example,
CLI configuration would be applied to Manager A.
Example
> globaloptiontool -name [Link] -setRaw "FNVM-
Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6"
Warning: There is no known option with name: [Link]
New option added

c. Confirm entry by typing:

globaloptiontool -name [Link]

Example
> globaloptiontool -name [Link]
Warning: There is no known option with name: [Link]
122 [Link]: FNVM-Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-
CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6

5. Log out of the CLI. Type:

logout

You have completed the pre-upgrade procedure.

FortiNAC 9.4.8 Release Notes 12

Fortinet Inc.
Compatibility

Compatibility

FortiNAC Product releases are not backwards compatible. It is not possible to go from a newer release to any
older release.
Example: 9.4.0.0171 cannot be downgraded to any other release.
To backup the current system prior to upgrade on virtual machines, perform a snapshot. For physical
appliances refer to the document Back Up and Restore an Image of a FortiNAC Appliance.

Agents

FortiNAC Agent Package releases 5.x are compatible with FortiNAC Product release 9.x. Compatibility of Agent
Package versions 4.x and below with FortiNAC versions 9.x are not guaranteed.

Web Browsers for the Administration UI

Many of the views in FortiNAC are highly dependent on JavaScript. The browser used directly impacts the
performance of these views. It is recommended that you choose a browser with enhanced JavaScript
processing.

Operating Systems Supported Without an Agent

Android Apple iOS Blackberry OS BlackBerry 10 OS

Chrome OS Free BSD Kindle Kindle Fire

iOS for iPad iOS for iPhone iOS for iPod Linux

Mac OS X Open BSD Net BSD RIM Tablet OS

Solaris Symbian Web OS Windows

Windows CE Windows Phone Windows RT

FortiNAC 9.4.8 Release Notes 13

Fortinet Inc.
What's new

What's new

New features in 9.4.8

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate.
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features in 9.4.7

Discontinuing OVA and ISO formats

For all subsequent versions of 9.4 starting with v9.4.7, FortiNAC is discontinuing the OVA and ISO formats. The
.bin file is is available for upgrades.

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate.
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features in 9.4.6

Multiple enhancements to the MSInTune MDM integration:

l MSIntune Integration to query MSIntune API for a specific host on-demand

l Certificate Based Authentication support
For details, refer to the Third Party MDM Integration Guide.

FortiNAC 9.4.8 Release Notes 14

Fortinet Inc.
What's new

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate.
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features in 9.4.5

Support of Meraki MX as Radius Concentrator/Wireless Controller

See the Meraki MX Controller Wireless Integration Reference Manual.

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate.
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features in 9.4.4

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features

RADIUS MSCHAPv2 credential validation against local users

Allows mschap module in FreeRADIUS service to authenticate user credentials without a query to a backend
active directory.
Add keytab support for Winbind
Allows for winbind configuration supporting RADIUS MSCHAPv2 authentication requests and Portal
authentication via Kerberos without requiring an administrator password to join the domain.
Add support for OAuth2.0 authentication
Added FortiNAC integration with Airwatch to support OAuth authentication.

FortiNAC 9.4.8 Release Notes 15

Fortinet Inc.
What's new

New features in 9.4.3

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features in 9.4.2

There are no new features in FortiNAC v9.4.2.

New features in 9.4.1

There are no new features in FortiNAC v9.4.1.

New features in 9.4.0

New features

User Group Support with FortiAuthenticator RADIUS Integrations (715957, 713515)

Version 9.4.0 has made it easier to use FortiAuthenticator with FortiNAC for RADIUS integrations.
Administrators will no longer be forced to change their FortiAuthenticator configuration when connecting to
FortiNAC. New enhancements allow FortiNAC to receive user groups from FortiAuthenticator during the
RADIUS authentication process.
For details, see "Fortinet-Group-Name" under RADIUS section of the Administration Guide.
[Link]

SMS Gateway (586499)

FortiNAC has the ability to send SMS messages to administrators, guests or users. Previous versions of
FortiNAC only supported the Mail to SMS method; now, FortiNAC adds support for API/HTTPS-based SMS
gateway integration. FortiNAC 9.4.0 has built-in integration with cloud-based SMS providers such as Twilio, and
LDAP group mapping for sponsors.
In the GUI, see: Network > Service Connectors > Email/SMS

FortiNAC 9.4.8 Release Notes 16

Fortinet Inc.
What's new

See information in the Administration Guide: [Link]

guide/19358/email-sms

AV agent monitoring (759481)

Previous versions of FortiNAC only checked for Antivirus compliance within the Windows Defender AV product.
v9.4.0 adds an option to choose "Security-Center" in the Windows AV category for up-to-date virus definitions,
providing compliant protection for those Windows running end points.

Kerberos Support (699487)

v9.4.0 adds Kerberos support for admin and for user authentication on FortiNAC-CA, as well as admin
authentication on FNAC-M.

Enhancements

RADIUS Logging and Dashboard (744581, 751403)

Version 9.4.0 has made it easier to authenticate large numbers of users with 802.1x. With concise information
on the dashboard to see pass/fails of 802.1x/MAB authentication, v9.4.0 gives at-a-glance insight. Importantly,
logs of failed authentications can be exported.
In the GUI, see: Network > RADIUS > Activity
For information in the administration guide, see:
[Link]

Azure Document update (667439)

Updated and enhanced FortiNAC Azure deployment guide. See:

[Link]
00505692583a/FortiNAC-8.6.0-Azure_Deployment_Guide.pdf

Device support

Huawei Wireless LAN Controllers AC 6605, 6005 and 6508 (592592, 566257)

FortiNAC v9.4.0 adds device support for Huawei AC-6005-8 Wireless Controller.

Palo Alto VPN (606729)

Added support for Palo Alto VPN.

Add User Organizational Unit OU LDAP mapping in User/Host Profile (699857)

Added User Organizational Unit "OU" LDAP mapping in User/Host profile. FortiNAC sends OU along with
FortiGate Device Tag and User Group via FSSO communication with FortiGate.

FortiNAC 9.4.8 Release Notes 17

Fortinet Inc.
What's new

UI

New dashboard widgets (615850)

The Recent Hosts widget displays newly discovered hosts by type.

The Top Host Activity widget displays the hosts with the most connection activity over a configurable period of
time.
The Logical Network Access widget displays all Hosts that had access to each Logical Network over a
configurable period of time.
The RADIUS widget displays success/failure information over specified time frames.

FortiNAC 9.4.8 Release Notes 18

Fortinet Inc.
Enhancements and Addressed Issues

Enhancements and Addressed Issues

These changes have been made in FortiNAC Version 9.4.8. These enhancements are in addition to the
enhancements that are outlined in previous releases.

Version 9.4.8

Ticket # Description

1093080 Failover occurs on High Availability pair configured with a shared IP (VIP).
Caused by the system check failing on the primary server. For details and
workaround see KB article 354324.
[Link]
FortiNAC-to-9-4-7-on-an-HA-pair/ta-p/354324

1091748 Host network access reevaluation does not occur after a host-state change
from Registered-At-Risk to Registered.

1070490 Unable to filter using multi-search options.

1064753 Delay in Sending Disconnect Request for Huawei AC6508 WLC.

Version 9.4.7

Ticket # Description

1056183 L2 Polling does not work properly for DELL Switch`s 802.1x enabled ports.

1080122 RADIUS changes included to support FOS version 7.2.11, 7.4.6 and 7.6.1
requiring Message-Authenticator in response. Previously, FortiGates
running these FOS versions would fail CLI/GUI RADIUS server connectivity
test with FortiNAC. Note RADIUS client connectivity is not affected.

1041463 RADIUS nas table missing entries or ignoring incoming request from
devices properly configured for RADIUS.

1075274 Host import not working as expected.

1071760 Hosts not being set as 'Managed by MDM' for multiple MDM's.

1068185 Meraki MX non-WAP devices are created as WAPs.

1067692 Ruijie S6110-24MG4VS-UP - FortiNAC can not learn current VLAN or

change VLAN.

1065740 "Summary" column does not display any information when exported data

FortiNAC 9.4.8 Release Notes 19

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

from "Audit logs".

1064105 High memory utilization due to memory leak.

1061842 Unable to retrieve SNMP Hardware Status Monitoring Information for

FortiNAC-OS.

1056228 HP Comware Switch H3C CLI credentional validation failing.

1050487 FortiNAC unable to model Cisco IE1000 Industrial Ethernet Switch.

1048910 API query return error 500 when accessed through a reverse proxy.

1048537 Duplicate APs created if DHCP is used to assign IPs to Mist APs.

1045924 NAC-Default role is overriding roles set through Guest template or Captive
Portal.

1045324 FortiNAC is evaluating the incorrect port when learning host from HPE
OfficeConnect 1920S using RADIUS.

1045323 RADIUS authentication loop when unauthenticated and at-risk host

connects to wired switch port.

1043654 Unable to model and show SSID/interfaces for Aruba Instant AP (Aruba-
AirOS.8).

1042939 GetInterfaceIPs not working on FortiNAC [Link] could cause some

unexpected behavior.

1040350 Support for Bearer Token Authentication in Jamf Pro 11.5x where Basic
authentication in the Classic API has been removed. See Jamf in Third
Party MDM Device Integration for details.
[Link]
integration/288790/jamf

1039636 SSO&VPN address object names are no longer reused to avoid confusion.

1039584 WLC Huawei AC6508 L2 Polling Issue.

1039524 Connection state of FortiGate's FortiLink interface in FortiNAC inventory

changed to learned uplink unexpectedly.

1039188 Custom login form custom User Registration Approval not being sent.

1036269 Flickering in Model Configuration page.

1034917 MSIntune On Demand Registration: Rogue Not Registered Until After

Scheduled Poll.

1031545 FortiNAC is not sending RADIUS CoA to Meraki AP after Host is marked
AtRisk or Safe.

1031409 Japanese text is garbled on Policy Failure page.

1030100 Wired connection action state values set to "Bypass" via API display as
"Enforce" in GUI.

FortiNAC 9.4.8 Release Notes 20

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

1029194 Device type failing to load when modifying a host.

1027894 Proxy RADIUS server - modify entry ignores changes to the validation
account password using Test & Save.

1027862 FortiNAC randomly changes VLAN on wrong FortiSwitch for same port ID in
Fortilink mode using RADIUS.

1025116 Unable to select groups that include Apostrophe in the Name.

1024528 Adaptor Auth Type Field is not being Populated for Wired Clients When
FortiNAC is configured as RADIUS Proxy.

1022946 FortiNAC L2 polling is removing Host records from HP switch learned via
RADIUS.

1022348 Delays in dynamic address tag being sent due to host VPN adapter
association.

1020243 Uploading a trusted certificate to "Radius Endpoint Trust" fails with "Internal
Server Error" after upgrade to v9.4.6.

1018443 FortiNAC is not updating the Endpoint Fingerprint Source record that is
reporting new OS in "Host Identity Changed" events.

1016338 Aruba CX JL725A 6200FRADIUS 802.1x authentication failure.

1015964 FortiNAC can not change the VLAN on the Extreme 210-Series Switch.

1015947 iPhones registered in MSIntune are being skipped during polling to

MSIntune.

1014967 Resynchronizing interfaces, all ports are changed to "learned uplink" on

both FortiGate and FortiSwitch (FortiLink mode).

1013178 FortiNAC Manager unable to sync with High Availability pair where
secondary server is in control.

1012874 Unable to read, change VLANs or update port status for ICX8200 switch.

1011825 High Availability failover due to RADIUS service health check timing out.

1010094 Firewall sessions on a FortiGate are not displayed properly.

1010068 Inaccurate ports and VLAN assignments are displayed when securing a
device using API.

1009925 RADIUS Authenticated Endpoints on Huawei switch S5731 are shown

Connected to a different Interface/Port on FortiNAC.

1008915 Using API to get a device by-mac address returns the MAC address doesnt
exist.

1008427 Cannot update admin password for FortiGate Model via API .

1008410 IPV6 Address not visible in UI when provided by agent.

FortiNAC 9.4.8 Release Notes 21

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

1008341 Import of Host not working when Legacy View is turned on.

1008097 Winrm "Windows Profile" Method if Failing due to [Link]:

Unexpected end of ZLIB input stream.

1007671 High Availability:httpd service on primary server stopped running after

upgrade from 9.2.8 to 9.4.6, causing a [Link]:Resume
control of primary server.

1004015 FortiNAC unable to join domain when using Kerberos Keytab file generated
with a targeted [Link] by adding optional OU field to Winbind Join
Domain UI.

1002789 Custom mobile properties made in the Portal Configurator > Custom Styles
editor are not reflected on a mobile device.

999668 FortiNAC tags not being removed in FortiGate VPN integration.

998416 Frequent SSH logins to Cisco switch when RADIUS authentication is

enabled on switch.

993873, 995406 Users & Hosts - Quick Search gives unexpected results in Hosts and
Adapters views.

992508 SNMP Failure Events Generated on Startup for FortiSwitch Models in

FortiLink Mode.

988974 Unable to manually change VLANs using Port Properties on D-LINK DGS-
1210-28P FW 6.30.016.

984493 Guest User is created even if the mobile number format is not valid.

978539 Ruggedcom Siemens RSG2488 displays as unknown and cannot change

VLANs.

978164 Logs & Events > Reports > Connection Logs will only print historical
Connection Logs and not any new Network Events.

975348 FortiNAC inconsistent in Host role assignment through Device profiler when
registering as "Host to Logged In User (If Present)".

970257 Post upgrade to 7.2.4 role is not applied when a device is registered via the
Portal.

968065 Host role always set to NAC-Default on creation regardless of Role

selection.

955985 Extreme switch with 'description-string' in switchport configuration won't

display connected adapters in GUI device model.

950857 FortiNAC not sending CoA Automatically to Extreme Switch 4950GTS-

PWR+.

950434 COA disconnect request sent from FortiNAC is not acknowledged by HPE
5140 48G switch due to AVP:Calling-Station-Id(31) format.

FortiNAC 9.4.8 Release Notes 22

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

943966 VLAN change on the HP Aruba 1930 switch series not working.

852670 Switch port being set as learned uplink instead of WAP uplink.

835149 The host role cannot be modified for an endpoint registered as a device in
the Host and Inventory view from within the Inventory/Topology view.

Version 9.4.6

Ticket # Description

992475 High Thread counts observed after upgrading to interim build.

981753 Discovery frequency check and discovery quantity check could be

incorrectly done on single range when there are lists of ranges in one
request. Moved the checking to the beginning of the request.

810574 "Unable to scan" message when using Dissolvable agent if scan

configuration label contains non US-ASCII characters.

752538, 996381 When in the Users & Hosts > Applications view, selecting an application
and clicking the Show Hosts option displays a page that does not provide
accurately filtered results. Workaround: Navigate Users & Hosts > Hosts
and create a custom filter to list hosts associated to an application.

852560 Custom Guest Account Password email template is not used for Self
Registration. Self Registered Guest.

887470 A domain with a single character between dots in multiple dot domains
results in an error when adding to allowed domains.

902533 Modifying port name value via port properties that include '&' generates
'amp;' in the port name.

910216 Added 'Credential JSON' field in GSuite Service Connector for importing
gsuite_credentials.json file. For details, see:
[Link]
integration/409089/mdm-service-connectors

919953 Enhance MSIntune Integration to query MSIntune API for a specific host
on-demand.

926831 Whenever the laptop is connected with a dock and Persistent Agent
installed, 'managed by MDM' flag is not showing in FortiNAC.

927754 Custom Registration failed with the error 'Anonymous Guest Access is not
Enabled.'

929383 FortiNAC-F initial setup fails when admin GUI password containing '&'
character is used.

FortiNAC 9.4.8 Release Notes 23

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

950004 Added Bearer Token Authentication Support in Jamf MDM integration. For
details, see [Link]
mdm-device-integration/288790/jamf

954103 After FortiGate power cycle, FortiNAC shows incorrect port state for
Fortiswitches (fortilink) once the device is pingable again.

955965 Access enforcement setting is not applied for manually created logical
networks when the setting is set to 'Deny' only.

956436 FortiNAC doesn't work as RADIUS proxy properly when integrated with
NEC-QX switch.

960361 Standard User Captive Portal Error 'The input is required.'

969258 Config Wizard - configuring an Invalid Subnet Mask (255.255. 225 .0) on an
Isolation Interface (Isol-Reg...) is accepted.

969655 LAG ports on FortiGate are not shown in Inventory > ports view.

973078 Added API call to trigger an interface resync. For details, see:
[Link]
device-resync-interfaces

974223 NEC-QX Switch Radius COA Disconnect On Host State Change.

977249 Host removed from GUI when L2-Poll with NEC-QX Switch.

978006 FortiNAC keeps sending disconnect-request with the old calling-station-ID

even though it is connected to a new docking station.

978586 L2 poll of PaloAlto firewall brings VPN client offline.

980338 When enable authentication in MICROSENS G6 Micro-Switch port, the

host information appears only in port 1.

980783 CLI tool does not set Device Name completely.

981854 Registration Requests view is visible for admin users that do not have 'Host
Registration Requests' permissions.

982255 Unable to Parse L3 HPE 5130-24G-SFP-4SFP+ EI Switch.

982765 Proxy Radius validation and test and save function result in Radius reject
due to incorrect password attribute.

983350 Parsed VLAN is incorrect for Mist AP.

985148 Error Generated when Deleting Guest Account Request with a Blank
Message Field.

985365 Due to synchronization issue, the scheduler page takes too long to load.

986049 FortiSwitch MAC Trap Notifications not mapping to correct port.

986547 Port Changes view in FortiNAC GUI showing incorrect values.

FortiNAC 9.4.8 Release Notes 24

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

989054 Host filter not working properly.

989068 Enhanced search functionality using the 'Name' field in FortiNAC Manager
UI under Hosts > Locate Hosts. For details, see:
[Link]
manager/955632/locate

989786 Certificate Based Authentication support for Microsoft InTune integrations.

990873 Unable to L2 poll ICX8200-C08PF-POE with firmware version 10.0.10b.

994775 Port Properties view now displays the current Port_Mode value and
provides a 'Clear' option to reset it to 'NORMAL'. For details see:
[Link]
guide/608458/port-properties

994839 When creating a group with SSIDs, the blue icon is missing.

995346 Persistent Agent cannot detect Kaspersky End point security 12

[Link] in January 29th auto-definition update.

995844 Scheduler has tasks for hosts that were deleted.

996006 API failures resulting in Null Pointer Exception.

998736 FortiGate 7.4.2 FortLink FortiSwitch Syslog not parsing.

998758 Captive Portal Authentication Failure message 'Custom text' not taking
effect when we customized it via Portal Configuration.

999354 Delay in Agent reporting external network connectors causing host to

remain isolated.

999775 Deleting Device Profiling Rule - Remnant Remains on Adapter Rule.

1000237 Host connected to Juniper switch is shown on incorrect switch port.

1003792 RADIUS Auto Registration does not register hosts using machine
authentication (username starts with "host/").

Version 9.4.5

Ticket # Description

932570 Unable to determine mibID when FirmwareVersion contains no suffix (e.g.

FirmwareVersion = Huawei instead of Huawei.10). Causes operations
requiring the mibID to fail (L2 Polling, reading SSIDs, etc).

943504 No COA Disconnect Request sent to Huawei S5731-H24P4XC 802.1x

wired authentication.

961235 Managed Fortilink system. System>Settings>Groups Port group

FortiNAC 9.4.8 Release Notes 25

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

FortiSwitch does not populate the FortiSwitch ports.

969596 Dynamic Tags sent to FortiGate without SSO configured in FortiNAC.

971169 SSO addresses not always cleared from internal address cache.

972151 Reboot of FortiNAC after vlan switch causes race conditions with tags being
sent to FortiGate.

972343 FortiNAC unable to join security fabric upon initial configuration.

925603 FortiNAC currently supports one VLAN instance per FortiLink port per
VDOM.

968050 Unable to read VLANs for MICROSENS G6 Industrial Switch

945416 FortiNAC supports CLI configuration of Huawei Switch S5720-28X-PWR-

SI-AC.

925641 Fixed issue with mapping and [Link].

967631 FortiNAC is incorrectly determining that clients are no longer connected to

switchports with FortiSwitch link mode to FortiGate.

936086 7.4OS FortiLink FortiSwitches are not deleted with their associated
FortiGate.

936053 User & Hosts > Guests & Contractors view is slow to load.

948598 L2 polling loop occurs when reading L2 Data from FortiGate.

956130 "Blink by Amazon" contains a trailing space in the OUI database.

968630 In High Availability configurations, disk fills on Primary and Secondary

servers after a period of time due to large backup files.

898595 FortiNAC addresses won't update on FortiGate after upgrading to FOS

v7.2.4.

948600 Performance issue related to SSO Initialization with FortiGates.

977937 Performance problems with FortiGate VPN integration.

930027, 962032 Portal SSL setting does not stay enabled after FortiNAC services restart,
failover to secondary or resuming control to primary.

944475 Routes are not created dynamically for scopes in configWizard.

951943 Device Profiling Rules fail on 'TCPPortMethod IP not initialized' when the
host has a recent IP in ArpTool.

938165 Ability to skip FQDN parsing during device discovery. For details, see Add
or modify a device and Discovery in the Administration Guide.

953226 Unable to complete Machine Authentication using MSCHAPv2.

973813 MAC notify traps from Aruba CX switches are not processed correctly.

FortiNAC 9.4.8 Release Notes 26

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

979152 Brocade switch - Cannot read all VLANs.

968263 Eduroam Hosts are aging out unexpectedly.

975442 Unable to Read VLANs/Ports on Mist AP's.

968809 Host view: Failed to retrieve Device Types - An error occurred when
processing your request.

974008 Administrator > Users page does not load properly due to an OutOfMemory
condition.

958984 Correct VLAN ID not shown on FortiNAC GUI.

972054 Adding a device to Inventory using the same IP address as a previously

deleted device generates an error.

973842 Authentication failure events are generated for Devices authenticating with
802.1x EAP-TLS using preinstalled certificates.

912555 Sponsor Approval Link Requires Login for non-admin users.

897459 Registration through Captive portal integrated with Shibboleth SSO is

failing after upgrade from 9.2.7 to 9.4.2 GA.

948193 Filters applied in Network>Port changes are not being applied after
updating the selection.

865256 Vendor OUI Device Type based Device Profiling rule is not working as
expected.

946405 Scheduler popup dialog box with CLI Configurations error: [Link] is
undefined.

942947 Uncompressed database backup replication to secondary causing 100%

Disk usage.

925124 Send Guest Details email is not sent for guest accounts despite the
indication that mail is sent.

846822 FortiNAC failed the NMAP scan due to an old IP reported from the arptool.

910706 Cannot create Guest account with REST v2; results in errors 400 and 500.

903055 Device type field under host tab in default filter for IP Phone is empty.

931408 The HTTP cookie is missing a Secure attribute on port 80. Addressed by
forcing http redirection to https when accessing the portal. Important:
Requires certificate to be installed for the portal target. See Upgrade
Requirements.

908857 Gateway IP address in High Availability configuration is overwritten when

making changes in configWizard in Azure.

914051 Clients get 'no failed scans' remediation page, host health status shows
scan failed, no actions possible for the user.

FortiNAC 9.4.8 Release Notes 27

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

928189 FortiNAC does not send FSSO TAG when internal ARP cache entry is
expected to be updated from the Persistent Agent.

938146 Hosts registered in Google GSuite with a common ethernet adapter are not
properly imported into FortiNAC.

939122 FortiNAC cannot read endpoint's vulnerability status from FortiEMS.

959047 Network device role is not applied when a port is configured for RADIUS.

939970 Discovery is not scanning the full range.

891890 Windows 11 hosts are detected as Windows 10 hosts when using the
Dissolvable agent.

923688 Self Guest Registration Page with Dissolvable Agent is not redirecting to
the Success Page after Scanning.

941702 FortiNAC serves Portal v1 pages if [Link] file is present in the system.

918221 Host import fails to merge all the sibling adapters.

960436 FortiNAC is unable to read the ARP table from Forcepoint firewall.

968050 Unable to read VLANs for MICROSENS G6 Industrial Switch.

922114 Modifying nested group membership is not logged in admin auditing.

934696 Groups can become corrupted if organized in a fashion that can cause a
logic loop. Example: Group A is both a parent and a child of Group B.

927791 Added support for new CLI login sequences for Ruckus 8200 Switch Series
Version 10.

920800 404 errors are not being handled gracefully when requesting physical MAC
for a specific host.

942642 Ruckus Integration does not support environments with a large number of
SSIDs.

977910 SonicWall 7.0.1: Unable to read L2/L3 data.

972925 OS information on device/adapter is not always accurate.

976781 ExportTopology CLI Command does not list all devices that are in the
inventory.

974363 Lantech switch: VLAN change and traps are not functioning.

959490 After creating the new Address Object, all Members in the Members list
become deselected.

951419 HTTPS Status 500 - Internal Server Error occurs when attempting to
access model config from the right-click context menu.

968100 Dell EMC Networking OS10 Enterprise Switch: Aggregate Ports are being
ignored.

FortiNAC 9.4.8 Release Notes 28

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

870875 Address Group Object 'In Use' button does not display accurate results.

833324 FortiNAC unexpectedly disables Juniper EX interfaces when a host is

deleted in 'Host View'.

783304 DHCP responds with unexpected addresses in the DHCP-Server-Identifier

attribute, causing release/renew to fail.

730221 Added support for Meraki Wired Switch Stacks.

928328 Attempting to change multiple Virtualized Device Model Configs fails.

811783 Links in the Persistent Agent Summary panel produce redundant results.

954095 Groups page view throws a 500 error.

958433 FortiNAC sends the API request for Ruckus SZ300 by the wrong port
number.

920942 Unable to re-sync interfaces on Cisco ASA when the username is

configured with privilege level 15.

961805 Port names are not preserved on FortiGate managed devices.

945086 L2 polling does not function on private VLAN enabled Cisco-XE switches.

949524 Huawei Access Points (AP) are not listed in the FortiNAC inventory.

920334 VLAN Changes are incorrectly reflected on FortiNAC inventory when

integrated with FortiSwitch.

874037 GUI > Users & Hosts > Host View > Quick Search - Unable to locate the
host by hyphen or no delimiter.

985653 Host/agent is connecting to FortiNAC despite having the 'require connected

adapter' feature enabled.

936140 Entitlements are removed after an upgrade on a managed server with

.licenseKeyNCM in the old key format.

972501 Syslog messages are not sent to the new external log server until a restart
of services is performed.

907504 Fix error messaging when a server cannot be added to FortiNAC Manager.

916319 Excessive ManagedElementInterface calls are being made if 'Source IP

Address' is not defined in the model configuration.

908777 [GUI] CLI Configuration for Logical Network in Model Configuration is not
applied properly.

941175 Admin UI is showing error 'You do not have permission to access this page'
for specific pages.

968649 DPR using Network Traffic as a method will accept any IP as the
destination.

FortiNAC 9.4.8 Release Notes 29

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

953685 Secondary takes control too soon after ETH0 comes up.

962475 After a Failover test (hsForceFailover), Reboot and PowerOff is the wrong
behavior from the GUI 'Power Management'.

916289 Aruba AP's are seen as moving between WLC's, and this is initiating L2
polls at a very high rate.

889609 Switch port is not dynamically changed to uplink when a v-edge router is
directly connected to the Cisco switch port.

960060 SNMP traps for link state do not present the port value in event logs the
same as in the captured packets as seen in pcap.

934794 Performance issues with host record aging.

964473 HTTPS Device Profiling Method expects SAN to be present in the certificate
of IoT/OT endpoint devices and fails if not present.

897660 After an upgrade, FSSO information is not being sent for endpoints not
directly connected to FortiGate.

962235 Can't schedule a task in the scheduler to start at [Link] or any time with
00 as the hour.

897534 Approving self-registered requests is broken when Legacy View is enabled.

934685 FortiLink over P2P L2 - FortiNAC is not setting Uplink Ports.

955704 Vendor Name 'Blink by Amazon' has a trailing space.

904624 Host summary panel does not show an accurate total host count.

919423 API endpoint '/host/scan' returns status code 405 (Method Not Allowed) to
POST request.

937206 SNMP API Endpoint issue.

951420 Huawei switch with new port format fails L2 polling.

917032 MICROSENS G6 Switch not modeling properly when switch has 'hide macs
on link ports' feature enabled.

917610 Updated dialog box presented when the root CLI password is changed.

930459 Integration with Tellabs switches including CLI access, changing and
reading VLANs.

926831 Whenever the laptop is connected with a dock and a Persistent Agent
installed, the 'managed by MDM' flag is not showing in FortiNAC.

949067 Use CLI to L2 Poll Tellabs Switches instead of SNMP.

970763 FortiNAC SSH client no longer supports the weaker SHA1 based kex
algorithms.

952292 System - Groups: XSS executed for "Group Member Of" and "Manages"

FortiNAC 9.4.8 Release Notes 30

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

actions.

987520 Error message shows 'upgrade' during an upgrade in HA setup.

969640 Periodic syncing FSSO for FortiGate & FortiNAC does not work.

966737 FortiNAC does not send dynamic firewall tags down to FortiGate when the
device port is enabled.

Version 9.4.4

Ticket # Description

924690 Using a single dot as the Scan name should be restricted by the API, as it
causes filesystem issues.

833088 Deleting a switch removes all port nesting's removing all ports from
FortiNAC System Port Group.

834025 Allied Telesys devices using standard SNMP for L2 polling fails if there are
entries in the dot1qTpFdb table with a port index of 0.

835149 When an endpoint is registered as a device in Host AND

Inventory/Topology, it is not possible to edit the host role. The option is
available, but changes do not apply.

858184 Custom Subject line for Self Registration Request sent to sponsor does not
reflect custom text.

860595 FortiNAC unable to change admin state on FortiGate firewall physical ports.

866343 Proxy RADIUS support added for Arista switches (802.1x and MAB).

867183 CLI communication can fail due to invalid SSH key when devices using a
Virtual IP (VIP) fail over.A new device attribute (MultiKnownHostEntries)
has been added to [Link] details see Model configuration in the 9.4
Administration Guide.

868451 L3 support for Forcepoint firewalls.

868712 In some instances, Administration UI is inaccessible after running the

Configuration Wizard during a new [Link] Config Wizard
results in "No User"error.

869052 Meraki MX doesn't pass CLI credentials validation.

869097 Prioritize the IP -> MAC value provided by RadiusServer for managed
wireless clients.

869316 Excessive "Authentication Failure" events after L2 poll.

FortiNAC 9.4.8 Release Notes 31

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

869605 CLI credentials are removed from the Ubiquiti AP device model after
applying changes.

869961 Added Aruba CX series switch Port Channel support.

874812 Private VLANs not switching on Cisco switches.

875287 Added User/Host Profile and Policy Configuration ID validation for API
POSTs to Authentication, Endpoint Compliance, Portal, Supplicant, and
Access policies.

875588 Unable to remove users from the All Administrators group.

875720 REST API v2 query for Scan Results returns no results.

876003 Incorrect license information displayed in License Management GUI view

after upgrade to 9.4.2. License Key Details list features as "Disabled".
Correct entitlements displayed in Dashboard and CLI.

876116 Upgrade to 9.4.2 > ManagedElementInterface causing issues with startup

and device credentials.

877934 LDAP communication failure if Primary AD is reachable but Secondary is

not.

877942 Performance issues related to Firewall Session table growing to large.

877980 Navigating to Logs > Audit Logs generates console error "Missing Type:
LOGICAL_NETWORK" when in Legacy View.

878080 Aruba CX Switch Incorrect VLAN Management Syntax.

878836 Intune MDM Integration 'Invalid Audience' when using an App registration in
the Azure Government cloud.

879773 Cannot Change "Perform proactive "Active" method profiling" setting in

Device Profiler.

880761 IP->MAC resolution doesn't update the adapter's IP after a proactive L3

polling when VLAN change occurs.

880796 API - AccessConfiguration - Access configurations should not require a

Logical Network.

882265 FortiNAC is not sending the correct serial number field to FortiAnalyzer
(FAZ).

882782 Fix NullPointerException in [Link]().

883046 Fortinac not sending Radius Disconnect/CoA to Aruba IAP when there is a
status change/policy match.

883068 SMTP SMS Gateway service connector: Country code prefix is incorrectly
prepended to outgoing SMS messages.

883080 Local Radius attempts to look up mac addresses in the directory for mac-

FortiNAC 9.4.8 Release Notes 32

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

auth auth requests.

883129 Mist L2 polling may not function properly due to how Mist devices are
modeled in FortiNAC.

883146 Secondary may restart repeatedly.

883221 FortiNAC now processes static MAC address entries by default for Arista
switches.

883680 404 response to HTTPS GET when polling Firewall Sessions on FortiGate
running FOS 7.2+.

884329 Base license, User/Host profiles and Network Access Policies throw
permissions errors.

884345 Improved error messaging when creating a new device using REST API.

887915 Endpoint Compliance Custom scans improperly state "in-use" by deleted

scans and cannot be deleted.

888179 Updated integer fields in the FirewallSession table to accomodate bigger

values.

888212 High Availability configuration: Endpoint Compliance Scans are not

replicated to secondary.

889103 Test Device Profiling Rule option in Network > Inventory Adapters view is
not matching properly.

889132 Global Custom Scans are not fully removed after deleting from
[Link], scan cannot be edited or deleted on the managed
FortiNAC server.

890009 Unable to read VLANs on Ruijie S5310 switch.

890015 Unexpected error encountered when attempting to modify or create a

Syslog file under System > Settings > System communication > Syslog
Files.

890929 Unable to restart server after uploading new license key through UI (Setup
Progress > Enter License Key).

891332 HTTP 500 error when installing license key using Modify License button in
License Management view.

892486 Secondary server in a High Availability configuration does not reflect the
correct concurrent count in License Management.

892856 Communication between FortiNAC Manager and managed FortiNAC

servers enhanced for security. Important: Requires additional configuration.
See Upgrade Requirements for details.

893582 Changing default credentials in Config Wizard logs an error.

FortiNAC 9.4.8 Release Notes 33

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

894157 Guest > View > Send SMS button returns error.

895085 RADIUS Performance problems on rogue host record creation.

896471 Licensetool not correctly displaying the subscription level from the FortiNAC
Manager.

0896100 , 0896556 Error adding/removing Switch Ports to Port Group from Groups view.

883378, 882567 HA>UI hangs when re-running config HA when connected to the shared
address.

884322, 855084 Type column would not render correctly for Device Profiling Rule.

888616, 893561 System > Scheduler GUI error encountered after upgrade from an older
FortiNAC version.

897851 FortiNAC not supporting QX series Mac-notification trap.

905865 Cannot enable "Enable Quarantine VLAN Switching" option in GUI.

871758 Parse IPv6 addresses from the ipNetToPhysical table correctly.

904541 FirmwareVersion attribute missing from Meraki APs on upgrade.

904755 Several log messages related to SSO addressing initialization were always
being printed which filled the logs with unnecessary info.

904052 Policy & Objects - Endpoint Compliance - Scans - Fixed rendering of

escaped characters in both editors and tables.

833305 Guest account password is unmasked on badge when user does not have
password viewing permissions.

903869 Improve error message if NCM add server fails.

901925 Disable revoking admin permissions when all mappings are removed.

899075 NPE in readarp function caused an incomplete ARP table for Sonicwall
appliance.

902072 Replace Hashtable with ConcurrentHashMap for

[Link].

900284 Issue in TelnetServer that causes the Juniper logout sequence to pause for
the entirety of the current Telnet/SSH timeout.

899047 Replace: systemd-run -M VIRT_WINBIND_INST systemctl is-enabled

winbindWith: systemctl is-enabled -M VIRT_WINBIND_INST winbind

897921 Removed hostname column from Firewall Sessions view.

872900 Typo in Guided Installation informational dialog.

888213 Validate credentials of FS results in severe

removeLogicalNetworkConfigurations passed null or transient
ManagedElement.

FortiNAC 9.4.8 Release Notes 34

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

885306 WLC Extreme VX9000 MAC table cannot be parsed.

884077 Gracefully handle guest account passwords permissions issue.

874363 SSLVPN user loses and receives TAG periodically.

871340 Entering XSS causes exception and blank page.

876504 Fixed username formatting.

876818 Download Logs from UI should have longer timeout.

906953 Check if the device supports the UCD-SNMP-MIB, if so, model as a Ubiquiti
switch.

907844 Add missing RADIUS properties to Arista switches.

897921 Allow hostname collection from firewall with a global option.

883989 Update default Phone attribute for AD LDAP.

901236 Fix RADIUS Access-Reject when Direct Configuration Network Access

Policy is in use.

895097 Only return the custom device type if it is a system created device type or if
the type starts with cust_.

894165 Fix to ensure DPC rules with multiple adjacent spaces run correctly.

907854 VLAN change commands fail for Cisco SG-250.

897921 This allows the hostnames to show up in the firewall session table, but does
not update the host record unless the global option is enabled.

879697 Sync Global Objects and EPC Scans via REST RPC.

911439 Incorrect OID in device properties file - Device support for MICROSENS G6
Switch.

900281 Reverse proxy via FortiPoC causes incorrect URLs in Config Wizard.

890988 Fixed handle of Inventory > Network.

910216 Unable to upload G Suite Credential JSON file on NacOS.

907328 Fixed Guest & Contractor table null reporting total when empty.

902533 Fixed char escaping in Port and Adapter Props.

901257 HTML is not supported in the "Guest Account details".

904624 Host summary panel does not show accurate total host count.

908861 Custom filter is not applied in host or adapter view.

879814 879814 - Users & Hosts - Guests & Contractors - View Accounts - Guest
Account - Max Attendees should not show any number at all because it is
not a conference.

FortiNAC 9.4.8 Release Notes 35

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

903055 Hosts - Filters - IP Phone - Fixed lack of selection for in the Host->Device
Type dropdown.

906398 Fixed validation error preventing log receiver modification; modifications

were rejected as duplicates based on matching existing ip and port.

896002 Error creating guest accounts with duration greater than 20 days.

907523 Fixed Guest & Contractors table filter function, also fixed option menu
layout issue.

911132 Container status check is now failing due to changes to the NAC sudoers
file.

885306 Fixed StringIndexOutOfBoundsException regarding the WLC Extreme

VX9000 MAC table parsing.

897921 Added code to retrieve the hostname field from the response.

885306 Fixed an issue with regex regarding the WLC Extreme VX9000 MAC table
parsing.

881650 HP J9776A 2530-24G Switch - uplink ports are not properly displayed in
Ports view.

912128 Disconnect requests are not sent for Meraki switches.

917032 MICROSENS G6 Switch and hide Macs on link feature.

915532 Adding a DHCP scope with invalid label prevents ConfigWizard from
applying any further DHCP scope changes.

919423 API endpoint /host/scan returns status code 405 (Method Not Allowed) to
POST request.

927355 User is unable to edit the current VLAN value in the port properties dialog
on a FortiSwitch modeled in the QA FortiNAC system.

924250 PaloAlto fails validation for CLI testing SSH when REST API is supposed to
be used.

922911 Add missing radius options to the various NEC-QX switch Model
Configuration views.

925117 Fix retrieval of MibId value and add session logout to [Link] file.

899075 NPE in readarp function causes an incomplete ARP table for Sonicwall
appliance.

909839 SSO messages are being logged on and off repeatedly.

910706 Cannot create Guest account with REST v2 results in errors 400 and 500.

922274 Custom fields not loading Security Incidents.

912115 Guest Self Registration Error "The input is required".

FortiNAC 9.4.8 Release Notes 36

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

908302 FortiNAC Icons are squeezed in the host status.

889986 Issues while enabling and adding subnets in Require Connected Adapter.

932578 Unable to L2 poll FortiLink switches on FOS 7.4.

Version 9.4.3

Ticket # Description

833088 Deleting a switch removes all port nesting's removing all ports from
FortiNAC System Port Group.

834025 Allied Telesys devices using standard SNMP for L2 polling fails if there are
entries in the dot1qTpFdb table with a port index of 0.

835149 When an endpoint is registered as a device in Host AND

Inventory/Topology, it is not possible to edit the host role. The option is
available, but changes do not apply.

858184 Custom Subject line for Self Registration Request sent to sponsor does not
reflect custom text.

860595 FortiNAC unable to change admin state on FortiGate firewall physical ports.

866343 Proxy RADIUS support added for Arista switches (802.1x and MAB).

867183 CLI communication can fail due to invalid SSH key when devices using a
Virtual IP (VIP) fail over.A new device attribute (MultiKnownHostEntries)
has been added to [Link] details see Model configuration in the 9.4
Administration Guide.

868451 L3 support for Forcepoint firewalls.

868712 In some instances, Administration UI is inaccessible after running the

Configuration Wizard during a new [Link] Config Wizard
results in "No User"error.

869052 Meraki MX doesn't pass CLI credentials validation.

869097 Prioritize the IP -> MAC value provided by RadiusServer for managed
wireless clients.

869316 Excessive "Authentication Failure" events after L2 poll.

869605 CLI credentials are removed from the Ubiquiti AP device model after
applying changes.

869961 Added Aruba CX series switch Port Channel support.

874812 Private VLANs not switching on Cisco switches.

875287 Added User/Host Profile and Policy Configuration ID validation for API

FortiNAC 9.4.8 Release Notes 37

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

POSTs to Authentication, Endpoint Compliance, Portal, Supplicant, and

Access policies.

875588 Unable to remove users from the All Administrators group.

875720 REST API v2 query for Scan Results returns no results.

876003 Incorrect license information displayed in License Management GUI view

after upgrade to 9.4.2. License Key Details list features as "Disabled".
Correct entitlements displayed in Dashboard and CLI.

876116 Upgrade to 9.4.2 > ManagedElementInterface causing issues with startup

and device credentials.

877934 LDAP communication failure if Primary AD is reachable but Secondary is

not.

877942 Performance issues related to Firewall Session table growing to large.

877980 Navigating to Logs > Audit Logs generates console error "Missing Type:
LOGICAL_NETWORK" when in Legacy View.

878080 Aruba CX Switch Incorrect VLAN Management Syntax.

878836 Intune MDM Integration 'Invalid Audience' when using an App registration in
the Azure Government cloud.

879773 Cannot Change "Perform proactive "Active" method profiling" setting in

Device Profiler.

880761 IP->MAC resolution doesn't update the adapter's IP after a proactive L3

polling when VLAN change occurs.

880796 API - AccessConfiguration - Access configurations should not require a

Logical Network.

882265 FortiNAC is not sending the correct serial number field to FortiAnalyzer
(FAZ).

882782 Fix NullPointerException in [Link]().

883046 Fortinac not sending Radius Disconnect/CoA to Aruba IAP when there is a
status change/policy match.

883068 SMTP SMS Gateway service connector: Country code prefix is incorrectly
prepended to outgoing SMS messages.

883080 Local Radius attempts to look up mac addresses in the directory for mac-
auth auth requests.

883129 Mist L2 polling may not function properly due to how Mist devices are
modeled in FortiNAC.

883146 Secondary may restart repeatedly.

883221 FortiNAC now processes static MAC address entries by default for Arista

FortiNAC 9.4.8 Release Notes 38

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

switches.

883680 404 response to HTTPS GET when polling Firewall Sessions on FortiGate
running FOS 7.2+.

884329 Base license, User/Host profiles and Network Access Policies throw
permissions errors.

884345 Improved error messaging when creating a new device using REST API.

887915 Endpoint Compliance Custom scans improperly state "in-use" by deleted

scans and cannot be deleted.

888179 Updated integer fields in the FirewallSession table to accomodate bigger

values.

888212 High Availability configuration: Endpoint Compliance Scans are not

replicated to secondary.

889103 Test Device Profiling Rule option in Network > Inventory Adapters view is
not matching properly.

889132 Global Custom Scans are not fully removed after deleting from
[Link], scan cannot be edited or deleted on the managed
FortiNAC server.

890009 Unable to read VLANs on Ruijie S5310 switch.

890015 Unexpected error encountered when attempting to modify or create a

Syslog file under System > Settings > System communication > Syslog
Files.

890929 Unable to restart server after uploading new license key through UI (Setup
Progress > Enter License Key).

891332 HTTP 500 error when installing license key using Modify License button in
License Management view.

892486 Secondary server in a High Availability configuration does not reflect the
correct concurrent count in License Management.

892856 Communication between FortiNAC Manager and managed FortiNAC

servers enhanced for security. Important: Requires additional configuration.
See Upgrade Requirements for details.

893582 Changing default credentials in Config Wizard logs an error.

894157 Guest > View > Send SMS button returns error.

895085 RADIUS Performance problems on rogue host record creation.

896471 Licensetool not correctly displaying the subscription level from the FortiNAC
Manager.

0896100 , 0896556 Error adding/removing Switch Ports to Port Group from Groups view.

FortiNAC 9.4.8 Release Notes 39

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

883378, 882567 HA>UI hangs when re-running config HA when connected to the shared
address.

884322, 855084 Type column would not render correctly for Device Profiling Rule.

888616, 893561 System > Scheduler GUI error encountered after upgrade from an older
FortiNAC version.

None Device support for Dlink DGS-1210-10 Ports-Firmware 6.11.B028.

Version 9.4.2

Ticket # Description

835782 Config Wizard: Entering Application Server license is showing error (500 -
Unable to compile class for JSP)

802335 Getting a JSON string error when setting registered or logged user role on
host view page.

832313 SSH keyboard-interactive authentication fails, preventing SSH

communication to some devices.

683842 Adapter media type is set to wireless for devices that connect to wired ports
on a Fortigate.

705823 Editing or creating a groupunder NCM > Policy & Objects > Roles > Create
groups opens a new window instead of an overlay on top of the same view.

758623 The status spinner does not complete and page does not refresh when an
"in use" role is deleted.

778575 grabDeviceDebug script for more efficient log collection for device
integration issues.

792657 Deleting a currently applied shared filter in the Administration UI results in

browser console errors.

796969 FortiNAC counts FortiSwitch ports as error ports even though they are UP
and operating.

796972 Virtual port connection state displays as "not connected" even though there
are multiple hosts using that VLAN interface.

800255 DPC IP Range wildcards don't include the full range of IPs that should be
valid.

803386 Local RADIUS port can default to 0, should default to 1645.

808088 Alarms stop generating notifications.

814476 HP Switch aggregated uplink ports are not properly displayed in Ports view.

FortiNAC 9.4.8 Release Notes 40

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

814845 Navigation Panel:Some views do not hide the navigation panel correctly.

814926 Policy & Objects > Roles: "unexpected error occurred" message when
configuring the role.

815626 Upload Certificate: Long file name in Certificates field is not rendered
correctly.

816472 NCM: Logical Networks view not accessible.

820160 Roles view not available with Base license.

821112 Admins without Audit permissions see context menu.

821392 Column Filters: performing an Exact Match filter with an empty string has
inconsistent results.

821902 Search option for Firewall Groups does not display search results when
editing a Logical Network in a VDOM.

823079 Host Import: Clicking Cancel in Browse dialog removes previously selected
file.

826517 Edit Task: Title has Create Background Task as title (Create instead of
Edit).

826913 Unable to create a Network Device Role for Direct Configuration.

827870 Syslog listener addresses for FortiGate add/delete/move messages are not
updated.

828128 Unable to add allowed domains containing underscores.

829009 VLANs not being properly managed in Aruba CX series switch.

829019 NCM High Availability Resume button not working from dashboard.

829290 Context menus now have a menu separator similar to User/Host Profiles.

829361 If captive portal is not configured, High Availability system fails over due to
DHCP server not running.

829379 Unable to upgrade to version F7.2 from Administration UI. If attempted from
CLI, prompts for downgrade.

830159 Unable to Add Roles without specifying groups.

830534 SQL syntax error displayed when configuring High Availability .

830581 IP Phones in a host group fail to match policy.

830902 High Availability configurations may fail with a DHCP related error when
appliances do not have eth1 interfaces configured.

830932 Unable to configure "Entitlement Polling Success" event to alarm mapping.

831061 Unable to resume control in a High Availability system using the Admin UI.

FortiNAC 9.4.8 Release Notes 41

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

832730 Unable to set groups for a [Link] are not saved during create or edit.

833270 Device Profiler is not matching rules.

833302 Unable to create a user on the FortiNAC appliance where the same userID
exists on the Manager (NCM).

833327 Static Routes no longer present after reboot/FortiNAC service restart.

833752 Unregistered hosts in EMS are marked as "Managed By MDM" in FortiNAC.

834041 High Availability Configuraiton page now has text indicating only the Shared
IP is GUI is accessible (when configured).

834044 Create/Modify Administrator User Generates Error But Still Performs

Action.

834461 FortiNAC is not sending required CoA attributes to Ruckus controller.

834772 Exception and 'forever loading' when importing invalid Device Profiling
Rules file.

835143 MSIntune returns partial results during MDM poll causing some host
records to be removed if "Remove Hosts Deleted from MDM Server" option
is enabled.

835405 UI is inaccessible after running the Config Wizard due to an unrecognized

keystore. The browser displays "Connection refused".

835551 Upgrade to version F7.2 from previous version gives message that
downgrading is not supported.

835838 S5735-L24P4X-A1 andAR129CGVW-L have duplicate mappings.

836136 Guest passwords not read correctly out of the database.

836137 No Results Found on RADIUS > Winbind view if results are sorted by
Joined column.

836146 [Link] file can grow too large if debug is left enabled.

836470 Manager (NCM) receives 500 error when running Config Wizard.

836606 Polling GSuite server results in a timeout, but is shown as successful.

836831 L2 poll not working in HPE Walljack.

837023 Exception unmarshalling REST Ping message.

837229 Nmap parsing fails.

837938 Edit User view will not allow for user settings to be changed.

838561 Roles: Entering angle brackets for Name and Notes converts to &lt and &gt.

838610 ConfigWizard is reporting "Unknown operation dnsmasq".

838963 Entering a script as a quick search filter name will execute the script on

FortiNAC 9.4.8 Release Notes 42

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

create and edit.

839045 RADIUS does not return the port default VLAN ID when the request does
not match any policy or enforcement group.

839399 Rest > Google Domain client POST does not allow empty values.

839417 REST > RadiusAttrGroupService does not allow ID of 0.

839888 Rest API documentation: Edit item - specifying ID which does not exist
creates new record with new ID.

839892 Rest API documentation: Typos ('an User' should be 'a User').

840218 No records found in FortiNAC "Ports" tab for CISCO ASA interfaces.

840693 Changing time zone in Config Wizard doesn't apply.

840788 RADIUS/Winbind Status not showing enabled when service is running.

840796 Host lookups in MS InTune MDM are now done based on MAC address first
and Serial number as last resort.

841405 Users & Hosts - Locate Hosts: Clicking icon in Views column leads to view
with 'Login failed for: root' message.

841540 "Enable Application Updating" option has been removed from the following
MDM Servers configuration as they do not apply: Google GSuite, MS
InTune, and Fortinet EMS.

841770 Host - Policy Details - Edit Test: performing test does not run.

841781 Allowing duplicate forwarding entries on Fortigate during L2 [Link]

FortiNAC from sending RADIUS CoA packets to the FortiGate consistently.

841851 Manager (NCM) Dashboard:System Summary Missing Summary Data.

841874 Named [Link] files are missing.

841907 Slow display response in Manager (NCM) UI when pulling in Clients on

managed FortiNAC appliances.

842122 Incorrect license use percentage on dashboard.

842181 RADIUS Change of Authorization (CoA) with custom attribute Fortinet-

Host-Port-AVPair for FortiSwitch. See KB article 242393 for details.

842274 Additional routes view in Config Wizard won't load.

842280 Self-Registered guest: Checkboxes have been added to specify whether

separate emails, or, conversely, a single combined e-mail, are to be used
for providing the username and password to the user.

842370 "Local" Radius Mode is ignored in the SSID configuration if Model

Configuration is set to use Proxy.

842546 Unable to install upgrade on CentOS via GUI.

FortiNAC 9.4.8 Release Notes 43

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

842569 Modify Group: Clicking the In Use link does not work.

842607 Portal SSL changes not saved.

843049 Add Host: incorrect role being used.

843410 Exceptions in log when creating new Winbind instances under Network >
RADIUS > Windbind.

843414 URLs are not validated before being set/used under System > Settings >
User Host Management > DeviceProfiler.

843509 Corrected mapping for Dell Networking X1026 1Gb [Link] incorrect
mapping prevented FortiNAC from accessing the switch CLI via SSH.

843897 Exceptions in the nessus log running certain DPC rules types.

844417 Under Policy & Objects > Endpoint Compliance: Scans, running a
scheduled task for a scan generates an exception in the logs.

844982 "Cannot read properties of undefined (reading 'element')" after selecting

Portal > Portal Configuration.

845035 Palo Alto VPN integration is dropping syslog messages.

845049 Users & Hosts - Hosts - Adapter Properties: Enabling Adapter is causing
browser console error.

845120 Creating a radius attribute of "<img src=x onerror=alert(Z)>" causes

RADIUS process to fail.

845175 Attempting to export an empty dataset can cause a log exception.

845454 Remote backup fails to copy files to remote server.

845792 [Link] returned v1 error - OID [Link].[Link].[Link].1

845894 Display Public SSH Keys not returning key data.

845930 Error in Manager (NCM) UI when synchronizing with a POD that has been
re-added to the Server List.

845935 UI turns gray and does not allow input when scanning a host.

846212 Network - RADIUS: toolbar buttons not in consistent order.

846257 HTTP 415 error occurs when generating a guest password.

846286 License Management view does not display information accurately.

846668 FortiNAC can't process the Mac Notification traps from FortiSwitch running
7.2.1.

846680 Administrator login RADIUS authentication failure on FortiNAC Manager

(NCM) due to duplicate FortiNAC model.

846782 Unable to read complete network configuration from Aruba IAP because of
# symbol.

FortiNAC 9.4.8 Release Notes 44

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

847955 404 errors when accessing System > Settings.

848243 Invalid data c in attribute identifier causes Radius to terminate.

848274 Create Service Connector view is empty.

848285 ApresiaPlugin debug output was enabled unnecessarily, causing

extraneous log entries.

848374 Cryptic error message displayed when setting threat override for an
application as a user who has permissions for only "Users" and "Hosts".

848620 Appliances do not start after configuring L2 High Availability with a shared
IP.

848732 Administrators - Users - Copy: Password field populated, but the user is told
to enter a valid password.

848776 Permissions - Dashboard: Unable to edit task in Pending Tasks dashboard

widget or in Alerts menu.

848954 New GUI > Users > Dialog maps Allowed Hosts to the wrong data.

849088 Permissions - Dashboard: Logical Network Host Access - panel does not
load.

849114 Recent Hosts panel does not load.

849140 Control Manager API ping of Secondary Server returns the wrong serial
number, causing ping to fail.

849244 Policy & Objects - Remediation Configuration: Remove causes exception.

849437 Unable to reset guest account password.

849455 Role view Last Modified By/Date column sorting/filtering does not work.

849459 Network Device Roles - Column Filtering: Access column filter applies filter
opposite of what is specified.

849469 User with custom permissions to only view own Self Registration requests
can see all requests.

849472 An exception occurs when a user with only "Reporting" permissions

performs actions within the Logs > Reports pages.

849483 Passive Agent - search for Passive Agent fails.

849497 FreeRADIUS service restarted whenever a new device is modeled even if

local RADIUS is not enabled.

849506 Permissions - Portal Configuration: Exception and view hangs uploading

image.

849514 FortiNAC SNMP Agent is throwing IllegalArgumentException in

[Link].

FortiNAC 9.4.8 Release Notes 45

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

849556 Cannot filter request processing rules by last modified by/date.

849871 802.1x EAP fails authentication after Quarantine VLAN is defined in Model
Configuration.

850085 Added support for non-default API domains in Juniper Mist

[Link], only [Link] was supported.

850163 Create new Device Profiling Rule fails on "type" field.

850913 High Availability:Manager (NCM) not in control displays HTTP Status code
500 when Admin UI is accessed.

850940 Stuck on spinner on Manager (NCM) when adding endpoint compliance

policy & configuration.

851010 FortiSwitches in FortiLink mode and VDOMs get corrupted and deleted
during a resync when a VDOM is given a NAS-IP address matching a
FortiSwitch.

851427 Adapters view - Status tooltip values - Media / Access Value fields are
swapped.

852533 Synchronization fails to delete multiple Device Profiling rules.

852636 System Performance dashboard tile can display a max of 101%.

852705 Cannot save "Confirm Rule on Interval" setting within Device Proifling rule.

852946 System Management settings cannot be saved due to error (HTTP 500).

853007 Excessive number of API requests sent to Meraki API Cloud, causingL2
Poll to fail.

853025 Nested port groups are not sychronized from Manager (NCM) to managed
FortiNAC appliance.

853446 API - Authentication Configuration - POST: Unable to create/edit an entry

with just name and note.

853499 API - Authentication Policy - POST: Unable to create an entry without

specifying ENABLED.

853507 API - Authentication Policy - POST: Unable to edit an entry without

specifying RANK.

853833 API - Portal Policy - POST: Unable to create an entry without specifying
ENABLED.

853840 API Documentation - PortalPolicy: "an portal" should be "a portal".

853894 Exceptions in logs after adding devices to L3 polling with create rogues
enabled.

853970 API - AccessConfiguration - POST:able to create/edit entry with no logical

network (which is a required field).

FortiNAC 9.4.8 Release Notes 46

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

854205 API - Network Access Policy - POST: Unable to edit an entry without
specifying RANK.

854228 nac sudoers file needs journalctl entries with no unit param passed.

854236 Errors on scheduler view on Manager (NCM) due to obsolete tasks.

854270 API - Supplicant EasyConnect Policy - POST: Unable to create an entry

without specifying ENABLED.

854659 Pop-up error when selecting the Agent Packages view.

854675 Removed API call for usage of an Endpoint Compliance Policy. There is no
"Used By" option in the UI for Policies.

854753 API requests to endpoint-compliance/scan do not require a Scan Name and

default to scriptType 0 resulting in a non-visible scan in the Scans view.

854782 API - Endpoint Compliance - Scans - POST: Result for "copy" differs when
run from API versus UI.

854800 API - Endpoint Compliance - Scans - POST: Editing a scan with bad ID
results in inconsistent error.

855065 API - Endpoint Compliance - Scan - GET: Issuing request for /product is not
returning results.

855072 API - Endpoint Compliance Policy - POST: Unable to create an entry

without specifying ENABLED.

855104 Added support for Meraki Cloud v1 API.

855192 API - Endpoint Compliance Actions - POST: Unable to create/edit event

action - required Activity cannot be specified.

855199 Config Wizard apply script not completing.

855891 FSSO failing to send to FortiGate for hosts with Persistent Agent due to lack
of IP address.

855897 Added CLI Configuration in Model Configuration view for Huawei Switch
S5731-H48P4XC.

856217 Hosts discovered by certain MDMs are incorrectly marked as having a PA.

856350 Unable to Admin Up a port via port properties in Adapter [Link] port
is shown.

856362 Upgrade from 8.x to 9.2.6 GA changes Conference account password.

857035 FortiNAC cannot read the MAC-Address table for Extreme Networks
Controller.

857093 grab-log-snapshot stacktrace files are empty.

857360 Duplicate instances of the same IP address under Settings > Log Receivers
could (incorrectly) be created.

FortiNAC 9.4.8 Release Notes 47

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

858210 CoA not working for FortiAP connections.

858213 Under Users & Hosts > Device Profiling Rules, warnings are generated in
the logs when importing an exported device profile rules XML file.

858667 High Availability: Unable to download Secondary Server logs via

"Download Logs" menu in the Primary Server Admin UI.

858669 Dashboard widget "Logical Network Host Access" does not show correct
name, and does not update if logical network name changes.

858839 REST > settings/device/device-type/create-from-archive supplying invalid

image name reports success.

859149 VLAN IDs not available under Model Configuration for APs managed by
Extreme WLC .

859473 Getting NumberFormatException when processing Mac Notification traps

from FortiSwitch in FortiLink Mode.

859702 Enhanced Palo Alto SSO REST API to allow for bulk messaging.

860206 Polling threads get locked when communications are terminated

unexpectedly from the Manager (NCM).

860493 Hosts that have disconnected from Westermo switch continue to display as
"connected" in FortiNAC.

860501 Adding LDAP user populates undefined values in the fields.

860546 Added L3 polling for Extreme Campus Controllers ( XCC ).

861633 Switch doesnt have ability to add CLI config for our VOIP VLAN.

861985 Run FortiGuard IoT Scan from the Adapter View results in an error.

861989 Inventory > Events > Note is displaying the escaped text.

863439 Google Auth service connector displays escaped values.

863831 Passive Agent Configuration allows angle brackets in the name, resulting in
extra characters added to the name.

863840 Network Access Policies with angle brackets in the name cause additional
characters to be added on modification.

863859 User Host Profiles created with angle brackets in the name show up with a
blank name in the view.

863872 Angle brackets are no longer allowed to be used in the name when creating
roles.

865088 Group > Show Members renders HTML.

865110 Guest > Name column shows escaped values.

865136 User/Host Profile - Who/What Attrs - HTML values not rendering in modify

FortiNAC 9.4.8 Release Notes 48

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

dialog.

865138 The host profiles displayed in Portal Policy Add/Modify dialog could fail to
appear.

865165 Creating Host with Custom Device Type, when using a name that contains
angle brackets, results in a broken image.

865169 Hosts - Adapter Info: Adapter Description is empty if entered with angle
brackets.

865202 Network Access - Configuration - In Use - Unescaped name shown.

865268 The Policy Details dialog for a host is converting angle brackets for
user/host profiles, policies, and configurations.

866419 No landing page set for Config Wizard only users under Users & Hosts >
Administrators > Profiles > Permissions.

866432 Admin users with only System Settings permissions receive an error when
accessing the Allowed Domains page.

866507 Modify Schedule Rescan of Agents - brackets in name not displaying.

866535 Profile Device User > Profiled Devices > Select Notes receives an error.

866966 Unable to download Agent packages from Administration UI.

867285 Device Type changes do not appear in audit log.

867293 Remote SSH backup reports "SSH keys are not configured properly" when
"Test Connection" is clicked.

867366 Configuring IPv6 address in Basic Network Config Wizard page results in
exception. Page goes blank.

868340 Reset doesn't restore Additional Routes in Config Wizard.

868651 ConfigWizard cannot be accessed after resetting FortiNAC appliance to

factory defaults.

869948 Cannot enable/disable Network Access Policies from the Network Access
Policy View.

870920 Unable to authenticate using MS-CHAP-v2 and Local RADIUS.

871268 New Android DHCP fingerprints have been added.

0834094, 0834089, 0845505, Global objects may not synchronize correctly (including Device profiling
0845493 rules, groups and group members) between the Manager (NCM) and
managed appliances.

0856192 , 0864253 FNAC FSSO does not send required groups to FortiGate.

835551, 836475 Upgrade from previous version gives message that downgrading is not
supported.

FortiNAC 9.4.8 Release Notes 49

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

848301, 770091 Network Events table not populating RADIUS events.

845163 In a High Availability environment, if no isolation networks are configured,

the dhcpd service will fail to start resulting in a failover.

Version 9.4.1

Ticket # Description

701822 Fully Qualified Host Name info Bubble is misleading.

734571 Clicking import and apply without selecting a file imports the last imported
file.

769019 Post install keytool exception in log,

773088 VLAN read failure for Adtran NetVanta 1638.

775679 Hosts are incorrectly enabled after an LDAP sync.

784543 Portal policy permission set is required to send guest email details from
Guests and Contractors [Link], 403 error is thrown.

785791 Fortigate cluster not modeled completely.

786651 MICROSENS G6 Micro-Switch not switching VLANs.

787687 Inventory > Firewall Session Polling defaults to a frequency of 0.

789654 Clients shown offline in Ruckus controller v6.0.

789840 Users & Hosts > Guests & Contractors : The description in the popup
window for Send SMS are not correct.

789970 FortiNAC does not send SSO messaging to all slots in FortiGate 6000 &
7000 chassis.

790393 In RADIUS view, able to delete TLS Service Configuration which results in
invalid state and browser error.

790864 UI allows a License key with non-matching MAC/UUID to be

[Link] and configuration tasks consequently fail.

791405 "Request unsuccessful with no errors reported" message opening Model

Configuration tab for HPE Walljack.

791751 In some cases, importing hosts with siblings (Adapters that are on the same
host) can result in "null" error.

791889 Audit Logs do not report the Adds from a Host Import.

795932 Radius auth fails when primary LDAP directory is down

796965 Inconsistency with device count & results returned from clicked for more

FortiNAC 9.4.8 Release Notes 50

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

details in Network Devices dashboard tile

797009 Registration Requests: Browser Console Error - logicalNetworkPanel is not

defined

799401 SNMP MAC-Notification trap support for Dell EMC Networking N3248P-
ON.

799439 Notification of failure to import expired hosts is not present

800422 exception when modify endpoint compliance policy

801717 AdminProfileMapping doesnt change the admin profiles of the groups

802114 Juniper EX9253 and qfx5120-48y-8c, Type is "Unknown" and Version is

null in the Inventory.

802908 RADIUS default server config not created on first startup

802969 Account Requests view has incorrect or missing sort keys.

803314 ConfigWizard does not correctly update hostname in /etc/hosts.

803382 Audit Log service does not use the Audit Log permissions.

803692 Non-alphanumeric characters in group names do not get created in UI

correctly.

804759 In Users & Hosts > User Accounts, clearing a value in the search box and
clicking enter results in several empty rows.

804910 Alarms: Inconsistency between "Clear" and "Delete" terminology.

804913 When clicking the count of hosts in the Logical Network Host Access tile,the
list of MAC addresses used to query the hosts is not clearing.

805426 Null pointer exception in dynamic connection host API call.

805799 NullPointerException in [Link] when there is no default gateway.

806106 Juniper Change of Authorization (CoA) Fails.

806616 RADIUS Change of Auth (COA) does not complete when hosts are
[Link], VLAN switching does not occur and host is not
isolated.

806666 Duplicate label in both overlays within the Network Events view.

806936 Importing Mist APs with CLI import tool does not add the AP models to the
L2 Wireless nor Device Interface Status groups.

807311 After NAC services restart: MAB RADIUS session times out due to
FortiNAC being busy in SSH communication with the switch.

807396 Logical Network Host Access dashboard tile not displaying accurate
counts.

FortiNAC 9.4.8 Release Notes 51

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

807689 For endpoints managed in SSO integrations, FortiNAC no longer performs

L3 polls for Rogue hosts. They are not neccessary.

808084 Send SMS in Guestserver is using user record to send the sms when it
should be using the guest record.

809462 Several NullPointerExceptions in [Link] when polling FortiSwitch.

809492 Exception in OVA deploy of 9.4.0.0717: FileNotFoundException

(ScanPolicyList).

809493 Exception in OVA deploy of 9.4.0.0717: CertMgmtException.

809538 High Availability Database synchronization failure.

809857 Network > Service connectors > REST SMS gateway : password is set to
null after upgrade.

810167 iOS fingerprints misclassified as macOS.

810197 Local RADIUS panel does not prevent the configuration of an

authentication port already in use by Proxy RADIUS.

810209 SSIDs are not complete in UI for Aruba controller VIP.

811447 Upgrade failed due to: Operation CREATE USER failed for nac@localhost.

811479 High Availability: RADIUS service can start/run on primary when secondary
is in control.

811775 Performance improvements with client lookups.

812169 Virtual Winbind service management queries periodically fail.

812581 Duplicate user ID exceptions during RADIUS auth when userID does not
match the name in an email address.

812674 RADIUS Change of Auth (CoA) is not being sent to Huawei wireless after
host has [Link] changing VLANs.

812908 /var/log/messages is not rotating,generating large files and high disk usage.

812930 SSO tags not being sent in 9.4.0 without group option being set.

812933 L2 poll not working for HP NJ5000-5G-PoE+ Walljack.

813564 FortiNAC fails to find API port from FortiSwitch.

813654 Added support for FortiSwitch MAC Notification traps.

813681 Missing resource exception: SSOManager in [Link].

814082 Average Requests/Min value in RADIUS dashboard now shows a fractional

value when the requests/minutes value is < [Link], values < 1
displayed as 0.

814493 Restarting admin GUI may result in loss of access to GUI until server
restarted.

FortiNAC 9.4.8 Release Notes 52

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

814631 Ports not properly configured using Aruba CLI [Link] reads Port
ID for the port variable instead of port number.

815352 Logical network configuration mappings can return the wrong value when
host is connected via more than one interface.

815732 Obsolete RADIUS support message has been removed from generic
SNMP device Model Configuration view.

816028 RADIUS Activity view is presenting access-accept value when no activities

is recorded per snapshot.

816031 FSSO tag information is not sent to FortiGate.

816407 FortiGate L3 polling doesn't update the client IP.

816451 Importing DHCP Scopes - Wizard shows blank scope data.

816799 Fix TaskFilterSpecification startId and maxRows.

816828 Polling of entitlements for subscription licenses fail.

816871 System Update settings do not update on the Secondary Server in High
Availability environments.

816877 Host icon does not match the icon assigned by Device Profiling Rule

817022 Hosts View - Rogue record Host Name is not updated from DHCP.

817473 FortiNAC is installing two versions of the ecj jar file.

817563 In certain cases, the Network Events view does not load and Network tab
displays HTTP errors.

817767 CLI failure on Alaxala switch with enable password bypass configured.

817845 L2 Polling queue backed up, excessive polling completion times.

819384 Added DHCP fingerprint for Fortinet IP Phone.

819470 Fingerprints that can match Windows 2012 do not indicate Windows 2012.

819753 FSSO Tag assignment is not triggered before the next L3 poll.

820375 Meraki ( and possibly other ) devices incorrected managed with Generic
Radius [Link] include the Change of Auth (CoA) packet being
sent over the wrong port.

820569 Policy - User Permissions: No Group Access causes Who/What Groups

and Where Locations Select Entries panels to hang.

821244 Device Profiler failing to match Fortiguard method when Fortiguard polling
returns confidence values over 127.

821399 FortiGuard IoT Scan doesn't work as expected.

821473 RADIUS Activity Dashboard- Show Rejected Hosts View - Changed

EAP/Outer EAP type columns to EAP/Inner EAP for consistency.

FortiNAC 9.4.8 Release Notes 53

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

821527 RADIUS does not start after upgrade from 9.4.0.0717 GA to 10.0.0.0013.

821656 Help tips added in the Settings panel for the RADIUS Widget in dashboard.

823908 Aruba switch device failed to connect using valid CLI credentials.

823955 Wireless clients connected to FortiAP show up in FNAC on wrong interface.

825436 IP addresses appended to network device names during discovery are

truncated. This can result in duplicate device and port names.

825467 WinRM Device Profiling Method doesnt handle multiple credentials

properly.

825766 Adapters View - Status tooltip clips if it contains more than 2 rows of data.

825770 DOC API - FortiNAC_REST_Schema_9.[Link] - "deviceID" required for -

policy/logical-network-configuration/element/properties.

825920 Ruckus SZ Controller:When NAS ID = Controller IP and the Source IP =

Access Point IP, RADIUS CoA fails unexpectedly.

826155 Updated OUIs.

826648 Wireless hosts are not displayed correctly in Meraki AP device port/adapter
view.

826924 Fixed integration for DGS-1510-28X Gigabit Ethernet SmartPro Switch.

828242 Ruckus Switch Non-Default VRF Arp entries no longer contained at

ipNetToMediaPhysAddress.

828500 Unable to add domains to [Link] via GUI (Allowed Domains).

828912 MDM poll fails for MaaS360.

832965 COA Disconnect not working on Juniper EX.

833332 When an Admin user changes their own password, and error message
appears and they are immediately logged out.

833351 Guests: Cannot modify Guest - Invalid Password error.

833429 Config Wizard: Clicking Next or Back on any non-Basic Network page
returns user to Basic Network page.

833445 Config Wizard - Add/Modify Scope: Clicking Help opens page with 9.4
version loaded by default.

833700 RADIUS server fails to enable when upgrading from build 0721 to 0722.

834302 Updating NTP generates "Failed to save Time Config".

834479 When creating a new user via the REST API (and thus GUI), the password
was not hashed properly.

0810167, 0810180 Fixed fingerprints for iOS, FortiGate and [Link], they could
match the wrong devices.

FortiNAC 9.4.8 Release Notes 54

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

751468, 811479, 770730 RADIUS/Winbind services need manual startup to handle system reboot.

Version 9.4.0

Ticket # Description

643817 Added L2 Polling to Palo Alto

692446 Added Preserve Port Names option to update port names when changed at
the switch. Option can be modified at the switch and global level. See
Device properties and Network device in the administration Guide for more
information.

699487 Kerberos support

699857 User Organizational Unit OU LDAP mapping to use it in User/Host Profile

709286 New UI menu to download log files for troubleshooting. See Download logs
in the 9.4 Administration Guide.

726333 Entitlements (such as concurrent licenses) for Subscription Licenses are

not accurately reflected in the Administration UI License Management view
and only show Base licenses.

733943 Changing password in bulk using Set Model Configuration sets the same
username for all selected devices.

747921 Portal renaming does not rename the associated CSS files.

750248 Unable to access the secondary server's Configuration Wizard in a High

Availability configuration.

752941 GUI option to select the RADIUS MAC delimiter for Juniper Switches

755328 Embed Tomcat into yams

756167 RADIUS view sort by Winbind column fails, shows empty table.

756499 MicroSoft InTune MDM integration does not support latest API.

759018 Admin user with admin user profile permissions to Access, Add/Modify and
delete "Users" is unable to create a new regular user.

762071 Radius Auth/EAP Type columns empty in Network > Device > Ports >
Adapters table.

762081 bsc-rename-ethers service fails on virtual machines.

770208 Juniper switches fail to change VLAN on ports that are RADIUS enabled.

770930 High L3 Polling frequency in environments with no SSO management

configured.

FortiNAC 9.4.8 Release Notes 55

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

770974 Event Lifetime alarm trigger rule is not being honored when configured.

773426 Continued work on wired generic RADIUS integration

773828 Not polling L2 information from PNetworks switches with latest firmware.

774724 Unable to filter Hosts and Adapters by status through API.

776171 Rewrite Host/User/Adapter dialogs

777400 Syncing "Role Based Access" may delete sub-groups

778157 L2 Polling issues with Cisco 9800 WLC firmware 17.3.

778520 Added SQL query for [Link]() when

determining group membership in order to improve performance.

778940 AV Product to detect Windows Security Center-detected products

779414 Client filter for User Accounts, Hosts, and Adapters not functioning properly
rewrite of OmniSources.

779873 FortiNAC processes taking unusually long to startup due to delays

resuming FirewallSessionMgr.

779901 Vulnerabilties in mysql versions less than 5.6.42.

780282 FortiNAC Events using old vendor name "Bradford Networks".

780626 Huawei Wireless controller imports nameless APs.

780755 Alarms view used the legacy Dashboard actions.

780790 CLI Failing to Alcatel Omni 6860-P48.

781520 RADIUS COA failing for FortiAP when hosts are deleted.

782374 L2 polling not parsing correctly for Motorola 7.X devices.

782418 Hide Accepted Requests Enabled and click on Expand Widget - Widget
shows Accept Requests

782433 Fix Integration for D-Link DGS-3130-30TS.

782438 InvalidYamsUserException seen during UI logout.

782740 Unable to read default and current vlans for Ruijie switches.

782744 Script install-winbind-virtual contains spaces around = assignments -

invalid.

782760 Huawei S7706 switch is not reflecting the interface port number correctly in
the Label column.

782884 Green theme has similar colors for charts.

783227 Check that freeradius gpg key is imported.

FortiNAC 9.4.8 Release Notes 56

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

783536 Portal Auth - FAC VSA Fortinet-Group-Name is not created in FNAC.

783544 Fortigate FG-200F improperly labeled as FG-201E.

783552 NAC service not running at startup when no IP address is configured for
eth0. This causes "Processes Down" to display in UI.

783587 AirWatch MDM roles are overwritten by user roles.

783621 Host import related Memory issues.

783944 Exception reading VLANs on Meru 4100 with firmware 5.1-93.

784045 Memory leak in [Link] includes Dashboard

becoming unresponsive if left open for long periods of time.

784346 RADIUS Reject doughnut is not centered if filter does not include any reject
counts.

784517 Location filtering not working on Connections view.

784601 Group membership lookup causing high CPU utilization.

784618 RADIUS Failures after upgrading from 8.5 to 8.8 due to bad secret.

784957 Not polling L2 information from Cisco ME-3400E-24TS-M router.

785367 RADIUS GroupName - Group Members list does not show all members.

785403 Unable to add user to user group containing * in name.

785438 A None/Use Default option has been added to Users Dialog > Mobile
Providers.

786277 RADIUS Group - Exception when user group already exists with Type non-
User.

786401 Remote Scan -> Linux x86_64 -> 500 Error

786434 Allow changing CLI Passwords from Secondary and FNAC-A systems.

786670 Exception thrown when loading Logical Network Host Access tile.

786744 User Accounts view > create user is not passing password as encoded, and
will not match auth requests.

786751 Distinguished Name (DN) can now be used in User view filters.

786785 Not able to add ciphers under RADIUS > TLS config page.

787271 Certificate Management View - Server Certs & Trusted Certs views both
showing results from both views.

787562 MDM sources can't override the host icon.

787563 Fix null pointer exception during SNMP read of Meraki L2.

787584 Logical Network Host Access host info slider not displaying info.

FortiNAC 9.4.8 Release Notes 57

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

787585 DHCP fingerprints are not matching DHCP message type.

787909 Portal configuration changes don't take effect without restart.

787957 Self-Registered Guest Login,: Failed to retrieve SMS Providers - null

788066 Server startup delayed by incorrect thread start logic on Network Session
Event updater.

788089 RADIUS service will not start after upgrade to 9.2 if winbind is not fully
configured.

788119 Network Events table does not show totals for Event Type column.

788138 Network Events has no option to filter child records.

788729 Randomly RADIUS 802.1x proxy stops working.

788825 DHCP fingerprint additions, changes or improvements to the following:

"Camera","D-Link"
"Camera","TRENDnet"
"HVAC","Honeywell"
"Mobile","Samsung SmartWatch"
"Gaming","Nintendo"
"Network","Router/Netgear"
"Network","Router/D-Link"
"Network","Router/Trendnet"
"Network","Apple TV" -> "internet_tv","Apple TV"
"Network","Amazon Fire TV" -> "internet_tv","Amazon Fire TV"
"Network","Chromecast" -> "internet_tv","Chromecast"
"Network","DIRECTV" -> "internet_tv","DIRECTV"
"Network","DVR/TiVo" -> "internet_tv","DVR/TiVo"
"Network","Roku Media Player" -> "internet_tv","Roku Media Player"

788849 New dashboard tiles relating to Connections were incorrectly not masking
the background.

789018 Service Connectors > REST SMS Gateway > The required fields should be
the same in create and edit page

789061 Service Connectors > REST SMS Gateway > HTTPs Toggle is not working
expectedly when API URL is specified with https.

789228 Modifying adapter allows Physical Address to be left blank.

789309 Filtering on the column Type does not work on Network Events.

789316 Deleting multiple User Accounts in a row does not delete all user in table.

789396 Service Connectors > REST SMS Gateway > Overview: Cant tell which
REST SMS Gateway is set as default.

FortiNAC 9.4.8 Release Notes 58

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

789440 SMS sending would stop after the first user.

789763 When changing the date via the Settings tile, Recent Hosts tile date range
not updating properly.

789785 Not able to add groups to the Roles.

789865 Network > Service Connectors > REST SMS Gateway: The default
gateway is not working when the mobile provider is None.

790010 Two tiles without settings still show Settings.

790403 Fix ClassCastException in AirespaceSwitch during WAP read.

790580 Network > Service Connectors > REST SMS Gateway: Security Incidents
of a host doesn't trigger the corresponding SMS.

790747 FGT interface with VLANs does not show device connections to VLAN sub
interfaces for traps.

790854 Failure to properly read Cisco trunk ports results in undesired VLAN
switching.

790904 Creating new user as non-admin hangs retrieving Role dropdown values.

791273 Non Admin User Can Edit Admin User.

791276 Clicking EULA Link When Logging In As New User Goes To Broken Link.

791304 Admin Profile > Uncheck All removes General permissions.

791327 FortiNAC is changing WAP Uplink ports Current VLAN to match the Default
VLAN.

791342 Manually Registered IP Phones get incorrect device type assigned.

791401 Dashboard > Scans > By Day grouping is incorrect.

791841 Edit Host Dialog > Device Type is not reading/writing the correct value.

792452 NetworkSessionEventUpdater is throwing an exception on startup.

792514 A remote unauthorized user can gain the version of the Tomcat used by
FortiNAC by sending an HTTP GET request.

792516 Vulnerable scripts

792522 Fix Database auth changes for initial install.

792986 Device Types, Role, User ID drop down is not ordered.

793169 Messaging Gateways > Change how passwords are transmitted.

793920 Default Admin Profiles Have No Permissions.

794036 User Record values must be populated automatically if the user exists in an
Active Directory or an NCM.

794067 Not pulling L2 information from Aruba 8.X firmware.

FortiNAC 9.4.8 Release Notes 59

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

794362 System Update not reliably trusting [Link].

794381 Fortigate forwarding class does not work with tlsv1.3.

794774 Landing Page does not work for all choices.

794783 Typo in a CLI Password error message.

794791 Admin user is brought to the last-viewed page when logging in to UI instead
of designated Landing page.

794937 The Recent Hosts widget is not displaying addtional host info when clicking
counts.

795243 Portal - Request Processing Rules: Text at edge of window for Auto
Configure and Publish.

795260 Local RADIUS Server not returning proxy-state attribute in Access Accept
for Motorola/Extreme Networks WiNG VX 9000.

795260 Motorola controllers proxying AP auth requests send Proxy-State attr and
expect it unchanged in response. RADIUS (local) does not send it back.

795623 Log output from Windows Profile method when parsing fails.

796048 An error is getting thrown during NetworkSessionEvent archive & purge.

796065 Unable to set device profiling to Host to Logged in User (if Present) on
NCM.

796105 Device Type incorrectly changing for registered devices.

796145 Guest and Contractors > Select one and View > send SMS throws a null
pointer exception.

796259 In Pending Tasks page, tasks are allowed to be completed, even if their
parent task is incomplete.

796515 UnsupportedOperationException trying to autoclose FileSystem in process

manager.

796522 TelnetServer not handling SocketTimeoutException.

796533 Support for Physical Ethernet MAC for Apple TV in Jamf.

796623 MicroSoft Intune API only returns ethernetMacAddress per device.

796659 Host information does not display when clicking "Total Count" on Persistent
Agent Summary widget.

796663 Setting option for Persistent Agent System Page is not allowing to toggle
between visualizations.

796908 Clicking the number in the Logical Network Host Access tile does not open
the hosts slide.

796965 Network Device Summary widget not showing complete switches and

FortiNAC 9.4.8 Release Notes 60

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

Wireless AP counts.

797369 Added Minutes/Hours/Days control to Logical Network Host Access tile.

797439 Host > Edit Host > Cannot change the Role or manually Register as Device.

797465 Nested group memberships not detected.

797542 Dashboard > Scan > Group by Hour adjusts timezone.

797708 Force 10 switches sometimes modeled incorrectly.

797723 Local RADIUS mode:RADIUS fails for endpoints connecting to a

FortiSwitch that has been renamed.

797778 AdminProfileManager has a null reference on Startup.

797834 Unable to properly expand details of "Network Events".

797919 Network > Service Connector > REST SMS: All of the SMS sent out using
the default SMS Gateway even when the mobile provider is set.

798181 RADIUS Service Host MAC filter does not print debug if supplicant does not
use colon mac delimiter.

798234 Rejected Hosts view in RADIUS Activity tab doesn't properly filter table
results to exclude a specific reject cause.

798234 RADIUS dashboard tile - rejected hosts slide opens empty.

798511 Upgrading from 0159 to 0160 results in error: Access denied for user
nac@localhost (using password: NO).

798651 Can not access RADIUS Activity view if user has "Activity" but not "Local
Service" RADIUS view permissions.

798665 REST SMS Gateway: In Captive network > Guest Self Registratiion page,
when Mobile Provider=None, the SMS is not sent.

799804 TLSv1 and TLSv1.1 is now disabled in portal by default.

800323 Policy name in Admin Profile > Permissions are not consistent with policy
name in Policy & Object.

800408 API query for FLink FSW data deprecated in FOS 7.2+.Prevents
FortiSwitches in Link mode from being added to Inventory when the
managing FortiGate is discovered.

800811 User with permission for access users is also able to delete user.

801221 SQL Exception thrown in NetworkSessionEventUpdater if DYNAMICLOG

table is missing from database.

801252 RADIUS not mapping to correct AD server when kerberos and netbios
names differ for a single winbind instance.

801623 Phone numbers formatted to E.164 before sending to gateway.

FortiNAC 9.4.8 Release Notes 61

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

801661 GUI - URI navigation drops query params, losing tab indicator, prevents
direct links to secondary views.

801666 Host summary tile total values don't apply filter.

801971 Groups view doesn't automatically reload.

802343 The message template under Notify User Via Email is not editable in Self
Registration Login Portal Configuration.

802372 Vulnerability Scan Status on Host view page displays as "-1" instead of
passed, failed or not scanned.

802913 Clicking Cancel in Create User view results in browser console errors.

802923 ClassCastException when creating/deleting trigger.

802942 Parsing issue with Mobile Iron Cloud integration.

803033 FortiNAC Agent version [Link] is included with this release.

803061 Multicast IPv6 addresses can now be excluded using the MAC address
Exclusion view. See MAC address exclusion in the 9.4 Administration
Guide for details. Note: After upgrade, toggle the option off and on in order
for the function to take effect.

803645 [Link] - several [Link] errors

803651 Model Config of VDOM reports 404 error and exception in [Link].

803745 Top Host Activity Widget - maps Device Type to User&Hosts > Hosts >
Operating Systems Column instead of Device Type.

803745 The Top Host Activity tile was using getTypeLabel instead of getIconType
to populate the Device Type column

804512 A null reference exception is thrown sometimes when expanding/scrolling

the Network Events datatable.

804518 Local Radius leaves out Tunnel-Private-Group-ID and Filter-ID when

Quarantine enforcement is set to "bypass".

804913 Logical Network Host Access total count slide out shows all hosts for the
Logical Network instead of only hosts for the specificed time sample.

805725 Historic Network Event data is incorrectly setting Disconnect time.

805866 Scheduled Shared Filter Reports result in error event.

806122 Roles not being assigned properly to Registered Hosts.

806141 Network > NetworkEvents - upgrade from 9.x to 9.4Type, LogicalNetwork

and NetID is not showing expected data.

806141 Network > NetworkEvents Type, LogicalNetwork and NetID is not showing
expected data.

FortiNAC 9.4.8 Release Notes 62

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

806282 When a user attempts to complete a task via the notification bell, and it has
a parent task that is still open, it incorrectly displays a "Changes Saved"
message.

806567 known_hosts file has duplicate host entries.

807062 On upgrade, FortiNAC loses it eth0 IP Address.

807383 The POST method to add a new HostRecord has changed in this
[Link] attempts using the old API call fails.

586499 SMS Gateway Support

765212

725235 Debug logging enhancements

756818

751403 RADIUS Activity Monitoring - Additional Misc Fixes.

782386

782391 RADIUS health activity- Current last 90 min does not match Timeline Chart
782386 Time Span for 90 min

784737 Location and IPRange method match failure prevent matching lower rank
785526 rules.

801948 Fresh Deployed server will not start: [Link]: Connections

803681 could not be acquired from the underlying database.

750209 Enhancement made to detect unrecognized devices that support standard

based RADIUS management via CoA/Disconnect.

759481 FortiNAC detects AV engine status on windows

FortiNAC 9.4.8 Release Notes 63

Fortinet Inc.
Known Issues Version 9.4.8

Known Issues Version 9.4.8

Ticket # Description

1092462 Selecting "Resume Control" button multiple times in shot succession can
potentially cause database corruption and prevent the restore to Primary
from working properly.

1070325 Making changes in the older Model Configuration views (right-click model >
Model Configuration) can override custom SSH port settings in the
Credentials tab. Workaround: Make all changes using the newer Model
Configuration and Credentials tabs at the top of the Inventory view.

1030210 Need to prevent dir sync from running multiple processes at once.

1030103 Model Configuration > 500 error if there are no CLI configurations.

1022559 FortiNAC has no ability to support weak SSH ciphers.

1022276 NCM standalone and HA CA license entitlement is correctly reflected, but

accessing the portal on Primary CA throws "You do not have permission to
access this page" and accessing any menu under Policy & Objects throws
“Server Error”.

974270 Non fabric root FortiGate do not have dynamic tags after firmware update.

932546 In [9.4.4] on NCM, 'Server Responses' appear duplicated when distributing

firmware.

928827 Host aging is not applied to IP Phone device type.

924474 Unable to select SSIDs when creating/modifying a port group under System
> Groups. Workaround: Under SSID tab, right click SSID, select Group
Membership & select the desired group.

863826 License Management view in the UI always displays "Base" for the License
Name when using subscription licenses. Workaround: Use the License
Information Dashboard Widget.

827283 Roaming Guest Logical Network missing from FortiGate Model

Configuration and possibly other vendors.

826653 FortiNAC supplied Dynamic Addresses on the FortiGate can become

orphaned in FortiNAC High Availability environments. This can cause
unintended network access.

824088 Unable to update existing Registered Host records using Legacy View >
Hosts > Import.

800326 Cisco chassis switch with a Cisco WLC connected via port channel shows
as a rogue.

776077 Local Radius to Winbind connection cannot be secured at this time.

FortiNAC 9.4.8 Release Notes 64

Fortinet Inc.
Known Issues Version 9.4.8

Ticket # Description

767548 Register Game system with Host Inventory success page is not working.

710583 L2 Polling Mist APs can result in more API requests than Mist allows per
hour.

708936 FortiNAC will log off SSO for sessions that remain connected to a managed
FortiGate IPSec VPN tunnel after 12 hours.

Not all models of all network devices can be configured to perform Physical
MAC Address Filtering even though the Admin UI indicates that the
configuration can be set. Resolution: Hosts can be disabled by
implementing a Dead-end VLAN.

For Portal v2 configurations, web pages that are stored in the site directory
to be used for Scan Configurations will not be included when you do an
Export of the Portal v2 configuration. Resolution: The files in the site
directory are backed up with the Remote Backup feature, but otherwise
keep a copy of these files in a safe place.

Removing a device from the L2 Wired Devices or L2 Wireless Devices

Group does not disable L2 (Hosts) Polling under the Polling tab in
Topology.

The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all
hosts marked At-Risk to Safe. However, the status of the individual scans
for each host remain unchanged.

In a Layer 3 High Availability (HA) environment, configWizard must have a

DHCP scope defined. Running configWizard without a DHCP scope can
cause a failover.

FortiNAC 9.4.8 Release Notes 65

Fortinet Inc.
Known Issues Version 9.4.7

Known Issues Version 9.4.7

Ticket # Description

1093080 Failover occurs on High Availability pair configured with a shared IP (VIP).
Caused by the system check failing on the primary server. For details and
workaround see KB article 354324.
[Link]
FortiNAC-to-9-4-7-on-an-HA-pair/ta-p/354324

1070325 Making changes in the older Model Configuration views (right-click model >
Model Configuration) can override custom SSH port settings in the
Credentials tab. Workaround: Make all changes using the newer Model
Configuration and Credentials tabs at the top of the Inventory view.

1030210 Need to prevent dir sync from running multiple processes at once.

1030103 Model Configuration > 500 error if there are no CLI configurations.

1022559 FortiNAC has no ability to support weak SSH ciphers.

1022276 NCM standalone and HA CA license entitlement is correctly reflected, but

accessing the portal on Primary CA throws "You do not have permission to
access this page" and accessing any menu under Policy & Objects throws
“Server Error”.

1016576 FortiNAC sometimes creates duplicate virtual interfaces.

1014123 Mist AP's do not discover properly if Hostname is not configured.

1010097 Re-scanning a host at risk causes false positives having Required Critical
Updates applied on endpoint compliance scan.

1002475 Unable to scan using Dissolvable Agent with spaces in scan name.

974270 Non fabric root FortiGate do not have dynamic tags after firmware update.

932546 In [9.4.4] on NCM, 'Server Responses' appear duplicated when distributing

firmware.

928827 Host aging is not applied to IP Phone device type.

924474 Unable to select SSIDs when creating/modifying a port group under System
> Groups. Workaround: Under SSID tab, right click SSID, select Group
Membership & select the desired group.

863826 License Management view in the UI always displays "Base" for the License
Name when using subscription licenses. Workaround: Use the License
Information Dashboard Widget.

861201 Windows 11 Domain Check.

827283 Roaming Guest Logical Network missing from FortiGate Model

Configuration and possibly other vendors.

FortiNAC 9.4.8 Release Notes 66

Fortinet Inc.
Known Issues Version 9.4.7

Ticket # Description

826653 FortiNAC supplied Dynamic Addresses on the FortiGate can become

orphaned in FortiNAC High Availability environments. This can cause
unintended network access.

824088 Unable to update existing Registered Host records using Legacy View >
Hosts > Import.

800326 Cisco chassis switch with a Cisco WLC connected via port channel shows
as a rogue.

776077 Local Radius to Winbind connection cannot be secured at this time.

767548 Register Game system with Host Inventory success page is not working.

710583 L2 Polling Mist APs can result in more API requests than Mist allows per
hour.

708936 FortiNAC will log off SSO for sessions that remain connected to a managed
FortiGate IPSec VPN tunnel after 12 hours.

Not all models of all network devices can be configured to perform Physical
MAC Address Filtering even though the Admin UI indicates that the
configuration can be set. Resolution: Hosts can be disabled by
implementing a Dead-end VLAN.

For Portal v2 configurations, web pages that are stored in the site directory
to be used for Scan Configurations will not be included when you do an
Export of the Portal v2 configuration. Resolution: The files in the site
directory are backed up with the Remote Backup feature, but otherwise
keep a copy of these files in a safe place.

Removing a device from the L2 Wired Devices or L2 Wireless Devices

Group does not disable L2 (Hosts) Polling under the Polling tab in
Topology.

The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all
hosts marked At-Risk to Safe. However, the status of the individual scans
for each host remain unchanged.

In a Layer 3 High Availability (HA) environment, configWizard must have a

DHCP scope defined. Running configWizard without a DHCP scope can
cause a failover.

On FortiNAC appliances with CentOS 7, duplicate log messages may

appear in [Link] for each sub interface (eth1, eth1:1, eth1:2, etc).

System > Settings > Updates > Operating System will only record and
display dates of OS updates that are completed through the Administrative
UI. If Operating System updates are run via command line using the "yum"
tool, the update is not recorded. Resolution: Execute Operating System
Updates through the Administrative UI in order to maintain update history.

Only English versions of AV/AS and their corresponding definitions are

FortiNAC 9.4.8 Release Notes 67

Fortinet Inc.
Known Issues Version 9.4.7

Ticket # Description

supported.

Anti-Virus product Iolo technologies System Mechanic Professional is

currently not supported.

FortiNAC 9.4.8 Release Notes 68

Fortinet Inc.
Device Support Considerations

Device Support Considerations

Ticket # Description

897151 Device mapping for Cisco C9800-AP's adds AP's as a Cisco 9800 Wireless
controller. Cisco C9800-AP Software is not currently supported.

548902 Management of wired ports on Aerohive AP-150W controlled by

AerohiveNG is currently unsupported.

679230 Aruba 9012-US currently not supported. If required, contact sales or

support to submit a New Feature Request (NFR).

At this time, integration with Juniper MAG6610 VPN Gateway is not

supported. This includes Pulse Connect Secure ASA.

At this time, integration with Cisco 1852i Controller is not supported due to
the device's limited CLI and SNMP capability. For details, see related KB
article 189545.

At this time, Fortinet does not support wired port management for the Cisco
702W. The access point does not provide the management capabilities
required.

At this time, Fortinet is not able to support the Linksys LAPN600 Wireless-
N600 Dual Band Access Point.

Ports on Avaya Networks 4850GTS-PWR+ switches sometimes show "Not

Connected" even though the port is active. This is due to multiple ports on
the switch using the same MAC Address. This prevents NAC from correctly
discerning which are "Connected" versus "Not Connected". There is no
workaround.

Device models for Avaya 4800 switches (and potentially other related
models) only support SSH. Device models for Avaya Ethernet Routing
Switches only support Telnet. Contact Support if the alternate protocol is
required.

FortiNAC 9.4.8 Release Notes 69

Fortinet Inc.
Device Support

Device Support

These changes have been made in FortiNAC Version 9.4.8. These are in addition to the device support added
in previous releases.

Version 9.4.8

Ticket # Description

1091682 Support for Ruckus ICX8200 switch running v10

1089864 Fortinet
Extreme Networks Switch Engine (5420F-48P-4XE-SwitchEngine)Extreme
Networks Switch Engine (5420F-48P-4XE-SwitchEngine)
Ruijie AP680(CD) (802.11a/n/ac/ax and 802.11b/g/n/ax)
Extreme Networks Switch Engine (5420M-48W-4YE-SwitchEngine)
Aruba Instant On 1930 24G Class4 PoE 4SFP/SFP+ 195W Switch JL683B
Juniper Networks, Inc. qfx10002-36q Ethernet Switch, kernel JUNOS
22.2R3.15
Juniper Networks, Inc. srx320 internet router, kernel JUNOS 20.2R3-S4.7

1084926 D-LINK DGS-1210-28 3.01.003

D-LINK DGS-1210-20/C1 4.00.041
D-LINK WS6-DGS-1210-20/F1 6.10.007
D-LINK DGS-1210-28XS/ME/B2
Extreme Networks Switch Engine (5420F-48T-4XE-SwitchEngine) version
[Link] [Link]
Extreme Networks, Inc. B5K125-48 Rev 06.81.08.0005
Extreme Networks Switch Engine (5320-24T-8XE-SwitchEngine) version
[Link] [Link]
Huawei AR161F Huawei Versatile Routing Platform Software VRP
HUAWEI CloudEngine S5735-L-V2
HUAWEI CloudEngine S5335-L-V2
Juniper Switch
Cisco C9300 - 48 5Gbps UPOE ports (100M/1G/2.5G/5Gbps)
Cisco Catalyst 1300 Series Managed Switch, 48-port GE, PoE, 4x1G SFP
(C1300-48P-4G)
Cisco Catalyst 1300 Series Managed Switch, 48-port GE, PoE, 4x10G
SFP+ (C1300-48P-4X)
Ruijie Gigabit Wireless Switch(WS6008)

1074187 Extreme Networks 5320-24T-8XE-FabricEngine ([Link])

FortiNAC 9.4.8 Release Notes 70

Fortinet Inc.
Device Support

Ticket # Description

Extreme Networks Switch Engine (Stack) version [Link] [Link]

HPE Comware Platform Software, Software Version 7.1.070, Release
7639P02 HP 7503
JetStream 24-Port Gigabit L2 Managed Switch with 4 SFP Slots
Meraki MS130-8X Cloud Managed PoE Switch
Netgear 24-Port Gigabit Smart Switch with PoE and 4 SFP uplinks
Netgear GS724TPP: 24-Port Gigabit Hi-Power PoE+ Ethernet Smart
Managed Pro Switch with 2 SFP Ports and Cloud Management
Omada 48-Port Gigabit L2 Managed Switch with 4 SFP Slots
Ruckus Wireless R710
Arista Networks EOS version 4.29.2F running on an Arista Networks CCS-
720DF-48Y-2
Cambium XE5-8 Five Radio Tri Band Wi-Fi 6E 8x8 High-Density Indoor
Access Point with SDR
Cisco CBS350-16T-2G 16-Port Gigabit Managed Switch
Cisco CBS350-24FP-4X 24-Port Gigabit PoE Stackable Managed Switch
with 10G Uplinks
Cisco CBS350-24FP-4X 24-Port Gigabit PoE Stackable Managed Switch
with 10G Uplinks
Cisco CBS350-48FP-4G 48-Port Gigabit PoE Managed Switch
Cisco IOS Software [Cupertino], C9800-AP Software (C9800-AP-K9_
IOSXE-UNIVERSALK9-M), Version 17.9.4
Cisco IOS Software [Dublin], C9800-AP Software (C9800-AP-K9_IOSXE-
UNIVERSALK9-M), Version 17.12.3
Cisco SG250-18 18-Port Gigabit Smart Switch
Dell EMC Networking N1148P-ON, [Link]
D-LINK DGS-1100-10MP Gigabit Ethernet Switch
D-LINK DGS-1100-10MP Gigabit Ethernet Switch
D-LINK DGS-1100-10MP Gigabit Ethernet Switch
D-LINK DGS-1210-28/ME 6.11.R010B
D-LINK DGS-1210-52/C1 4.10.004
D-LINK DGS-1500-28 1.00.013
D-LINK DGS-1510-28XMP Gigabit Ethernet SmartPro Switch
D-LINK DGS-3100-24 Gigabit stackable L2 Managed Switch
D-LINK WS6-DGS-1210-28MP/F1 6.30.016
D-LINK WS6-DGS-1210-52MP/F1 6.31.002

FortiNAC 9.4.8 Release Notes 71

Fortinet Inc.
Device Support

Version 9.4.7

Ticket # Description

1065647 ArubaWiredSwitchJL
arubaWiredSwitchR8Q67A
Juniper Switch
Cisco NX-OS(tm) Nexus9300 C93180YC-FX3H, Software (NXOS 64-bit),
Version 10.3(4a)
Cisco NX-OS(tm) m9100, Software (m9100-s6ek9-mz), Version 8.2(1)
Cisco 24-Port Gigabit Smart Switch
OAW-AP1322 4.0.7
Meraki MS130-8P Cloud Managed PoE Switch
Cisco IOS Software [IOSXE], IE31xx Switch Software (IE31xx-
UNIVERSALK9-M), Version 17.13.1
Catalyst 1300 Series Managed Switch, 4-port 2.5GE, 4-port GE, PoE,
2x10G SFP+ (C1300-8MGP-2X)

1060520 Cisco SG250-50 50-Port Gigabit Smart Switch

Cambium XV2-22H Two Radio Dual Band Wi-Fi 6 2x2 Wall Plate Indoor
Access Point
HUAWEI CE6810-32T16S4Q-LI
HUAWEI S5700-52C-PWR-SI
HUAWEI S2720-52TP-PWR-EI
HUAWEI CloudEngine S6750-H
HUAWEI CloudEngine S5735-L-V2
Cisco IOS Software, C800M Software (C800M-UNIVERSALK9-M), Version
15.9(3)M8
Allied Telesis router/switch, AW+ v5.4.6-0.1
Ruckus Wireless, Inc. ICX8200-24F, IronWare Version 10.0.10cT253
Meraki MS130-48P Cloud Managed PoE Switch

1054376 HP Comware Platform Software, Software Version 5.20.99, Release

2108P07 HP A3600-48 v2 EI Switch
CBS350-16P-E-2G 16-Port Gigabit PoE Managed Switch
D-LINK DES-3552P Fast Ethernet Switch
D-LINK DGS-F1210-26PS-E HW A1 Firmware V5.2.11.1
Cambium XV2-2 Two Radio Dual Band Wi-Fi 6 2x2 Indoor Access Point
Aruba JL727B 6200F 48G CL4 4SFP+370W
D-LINK WS6-DGS-1210-52/F1 6.20.007
Palo Alto Networks PA-1400
Cisco NX-OS(tm) Nexus9000 C9316D-GX, Software (NXOS 64-bit),
Version 10.3(5)

FortiNAC 9.4.8 Release Notes 72

Fortinet Inc.
Device Support

Ticket # Description

HPE Comware Platform Software, Software Version 5.20.99, Release

2112P05 HPE 3600-48-PoE+ v2 EI Switch

1004158 Ability to detect endpoints connected to the LAG ports on a FortiLink Switch
969655

1034608 Ubiquity Unifi USW 24 PoE Gen2 Switch

1055634

1028999 Planet IGS-5225-8P4S

1028499 Antaira LMP-1002G-SFP-24-T

1026068 Allied Telesis Switches AT-x530l, AT-GS950

1020145 NEC QX-S4124GT-4G-PW NEC QX-S4148GT-4G-PW

1019754 Aruba Hospitality Access Points

1018900 BoostLink SW, model - 701125

1013934 Forcepoint FlexEdge Secure SD-WAN Engine

1013020 Ruckus ICX8200-48P-POE, ICX6450-48-HPOE

1006580 Cisco IOS Software [Cupertino], ISR Software (ARMV8EL_LINUX_IOSD-

UNIVERSALK9-M), Version 17.9.4a,
Ethernet Routing Switch 3526T Avaya Networks
Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.5.3-0.2
Ruckus Wireless, Inc. ICX7150-48, IronWare Version 08.0.95gT213
Extreme Networks, Inc. A4H124-48P Rev 06.81.10.0001
Meraki MS125-48 Cloud Managed Switch
Huawei YunShan OS Version [Link]
Ruckus Wireless, Inc. ICX8200-48PF2-POE, IronWare Version
10.0.00aT253
Colubris V-M200 - Hardware revision 29-76-3501-01
Extreme 210-Series 24GE
HPE Comware Platform Software, Software Version 7.1.070, Release
3506P02 HPE 5130 24G 4SFP+ EI Switch
SG250-26HP 26-Port Gigabit PoE Smart Switch
Aruba Wired Switch (arubaOS-CX)

1004757 Nexans FTTO Switch

1003716 Huawei S6730-H24X6C

995789 Kyland Industrial Ethernet Switch

985364 Moxa switch models Moxa EDS-P506E, EDS-G512E, EDS-G516E

FortiNAC 9.4.8 Release Notes 73

Fortinet Inc.
Device Support

Version 9.4.6

Ticket # Description

964929 Korenix JetNet 5310G Industrial Ethernet Switch

981176 Intelligent IEC 61850-3 28-port rack mount managed Gigabit Ethernet
switch with 4 slots

979576 RFL 3200Mk-28switch

961515 Lantech IPES-3416DSFP Switch

996537 Extreme Networks Switch Engine (5420F-16MW-32P-4XE-SwitchEngine)

version [Link]
Extreme Networks, Inc. C5G124-48 Rev 06.81.08.0005
Huawei AR617VW-LTE4EA Huawei Versatile Routing Platform Software
VRP (R) software,Version 5.170
Cisco IOS Software [Bengaluru], IE3x00 Switch Software (IE3x00-
UNIVERSALK9-M), Version 17.6.3
Huawei YunShan OS Version [Link] (S5700 V600R022C01SPC500)
Cisco IOS Software, S5700 Software (S5700-UNIVERSALK9-M), Version
15.2(7)E3
HPE Comware Platform Software, Software Version 7.1.070
Cisco IOS Software [Bengaluru], IE3x00 Switch Software (IE3x00-
UNIVERSALK9-M), Version 17.6.3
Industrial 8-P GbE RJ45 + 2-P GbE RJ45/SFP Combo L2 Plus Managed
PoE Switch
08G20G2-08 Gigabit Ethernet Switch
JetStream 8-Port Gigabit L2 Managed Switch with 2 SFP Slots
Aruba R8Q71A 6200M 36G 12SR5 CL6 PoE 4SFP+

984156 DGS-1210-48 2.00.011

JetStream 24-Port Gigabit Stackable Smart Switch with 4 10GE SFP+ Slots
JetStream 24-Port Gigabit L2+ Managed Switch with 4 10GE SFP+ Slots
Aruba JL722C 8360 24p 10G SFP/SFP+ and 2p 40/100G QSFP+/QSFP28
switch
Aruba Instant On 1830 8G 4p Class4 PoE 65W Switch JL811A, InstantOn_
1830_2.6.0.0 (75), Linux 4.4.120, U-Boot
Cisco IOS Software [Cupertino], Catalyst L3 Switch Software (IE9K_
IOSXE), Version 17.9.2, RELEASE SOFTWARE (fc2)
Cisco IOS Software, S5700 Software (S5700-UNIVERSALK9-M), Version
15.2(7)E
Aruba R8Q70A 6200M 48G CL4 PoE 4SFP+
FortiAP-U431F
Cisco IOS Software, S5700 Software (S5700-UNIVERSALK9-M), Version
15.2(6)E2a

FortiNAC 9.4.8 Release Notes 74

Fortinet Inc.
Device Support

Ticket # Description

HP Comware Platform Software, Software Version 5.20.99, Release

2110P02 HP 3600-24 v2 EI Switch
1620-24G Switch Software Version 5.20.99, Release 1113
Arista Networks EOS version 4.30.4M running on an Arista Networks CCS-
720DT-48S-2
Brocade Communications Systems, Inc. ICX7250-24, IronWare Version
08.0.30fT213
CBS350-48FP-4X 48-Port Gigabit PoE Stackable Managed Switch with
10G Uplinks
Juniper Networks, Inc. ex4100-f-12p Ethernet Switch, kernel JUNOS
22.3R2-S2.9
Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE)
Aruba Instant On 1930 24G Class4 PoE 4SFP/SFP+ 370W Switch JL684B

Version 9.4.5

Ticket # Vendor

971655 Cisco IOS Software [Bengaluru], IE3x00 Switch Software (IE3x00-

UNIVERSALK9-M)
Cisco NX-OS(tm) [Link], Software (nxos), Version 9.3(8)
Cisco IOS Software, C1000 Software (C1000-UNIVERSALK9-M), Version
15.2(7)E4
Alcatel-Lucent Enterprise OS6360-P24 8.7.98.R03 GA
ArubaOS (MODEL: Aruba9240-US), Version [Link] LSR

976355 OAW-AP1331 4.0.7

CBS250-16P-2G 16-Port Gigabit PoE Smart Switch
Meraki MR28 Cloud Managed AP
Brocade Communications Systems, Inc. ICX7450-48
DGS-1510-52 Gigabit Ethernet SmartPro Switch
CBS250-24T-4G 24-Port Gigabit Smart Switch
Aruba Instant On 1830 48G 24p Class4 PoE 4SFP 370W Switch JL815A

980903 Huawei AR651W-8P Huawei Versatile Routing Platform Software VRP

S5731-S24UN4X2Q Huawei Versatile Routing Platform Software VRP
S2700-26TP-SI-AC Huawei Versatile Routing Platform Software VRP
JetStream 24-Port Gigabit L2+ Managed Switch with 4 SFP Slots
Cisco IOS Software [Bengaluru], c8000be Software (X86_64_LINUX_
IOSD-UNIVERSALK9-M), Version 17.5.1a
H3C Comware Platform Software, Software Version 5.20 Release 2202P06
H3C S5120-28C-EI

FortiNAC 9.4.8 Release Notes 75

Fortinet Inc.
Device Support

Ticket # Vendor

959926 Arista CCS-722

961726 Extreme ISW 8Gbp Rugged Switch

968088 Claroty industrial security solution

922122 Ruckus Wireless, Inc. ICX8200-48PF-POE

966745 Alcatel-Lucent Enterprise OS6360-PH24 8.7.252.R02 GA.

S1720-10GW-2P-E Huawei Versatile Routing Platform Software VRP (R)
software, Version 5.170 (S1720GWR V200R010C00SPC600).
SG550XG-24F 24-Port 10G SFP+ Stackable Managed Switch.
Ruckus Wireless, Inc. ICX8200-48P-POE, IronWare Version
10.0.10aT253.
Huawei Versatile Routing Platform Software VRP Software Version 3.10,
Quidway S5624P-PWR Product Version S5600-1510P02.
Cisco IOS Software [Fuji], ISR Software (ARMV8EB_LINUX_IOSD-
UNIVERSALK9_IAS-M), Version 16.9.8.
Extreme Networks Switch Engine (5320-48P-8XE-SwitchEngine) version
[Link].
Extreme Networks Switch Engine (5320-24P-8XE-SwitchEngine) version
[Link].
CBS250-16T-2G 16-Port Gigabit Smart Switch.
Huawei Versatile Routing Platform Software VRP (R) software, Version
8.100 (CE6850HI V100R005C10SPC200) HUAWEI CE6850-48S6Q-HI.
Huawei Versatile Routing Platform Software VRP (R) software, Version
8.100 (CE12800 V100R005C10SPC200) HUAWEI CE12808.
DGS-F1500-52MP.
D-LINK DGS-F1210-26PS-E HW A2 Firmware V5.2.10.1-g50cdbd731, L2
Ethernet PoE Switch.
D-LINK DGS-F1210-26PS-E HW A1 Firmware V5.2.10.1-g836e4f620, L2
Ethernet PoE Switch.

962116 Aruba JL717C 8360-32Y4C v2 Switch LL.10.11.1030.

Arista Networks EOS version 4.29.5M running on an Arista Networks CCS-
722XPM-48Y4.
Ethernet Routing Switch 3550T-PWR+ HW:01, FW:[Link], SW:v5.3.0.004
BN:04 by Avaya Networks.
OAW-AP1321 4.0.2.
SG300-10SFP 10-Port Gigabit Managed SFP Switch.
S5731-S24P4X Huawei Versatile Routing Platform Software VRP (R)
software, Version 5.170 (S5731 V200R021C10SPC600).
Huawei AirEngine6760R-51E Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.170 (AirEngine6760R-51E
V200R022C00SPC100).

FortiNAC 9.4.8 Release Notes 76

Fortinet Inc.
Device Support

Ticket # Vendor

M4300-52G-PoE+ ProSAFE 48-port 1G PoE+ and 2-port 10GBASE-T and

2-port 10G SFP+, [Link], B1.0.0.16.
Siemens, SIMATIC NET, SCALANCE XC208, 6GK5 208-0BA00-2AC2,
HW: Version 3, FW: Version V04.02.00.
HPE Comware Platform Software, Software Version 5.20.99, Release 2111
HPE 3600-24-PoE+ v2 SI Switch"

Version 9.4.4

Ticket # Vendor

906953 Several models of Ubiquiti UniFi switches are identified as Ubiquiti APs.

901235 Added support for RAD PowerFlow switches.

897601 Extreme SLX9540 switches Layer 2 support

898891 Cisco IOS Software [Bengaluru], c8000be Software (X86_64_LINUX_

IOSD-UNIVERSALK9-M), Version 17.6.5, RELEASE SOFTWARE (fc2)
Hirschmann RSR
Cisco IOS Software, ir800 Software (ir800-UNIVERSALK9-M), Version
15.9(3)M5, RELEASE SOFTWARE (fc1)
Cisco IOS Software [Cupertino], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9_IOT-M), Version 17.9.1, RELEASE SOFTWARE (fc8)

897151 Removed invalid device mapping for C9800-AP Software.

905491 Cisco Adaptive Security Appliance Version 9.13(1)2

Cisco IOS Software [Amsterdam], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9-M), Version 17.3.4a, RELEASE SOFTWARE (fc3)
Brocade Communications Systems, Inc. Stacking System FCX648S-
HPOE-PREM, IronWare Version 08.0.30qT7F2 labeled as FCXR08030q
Ruckus Wireless, Inc. ICX7650-48Z-HPOE, IronWare Version
08.0.70dT231 Compiled on Nov 28 2018 at [Link] labeled as
TNS08070d
S5720-28X-PWR-LI-AC Huawei Versatile Routing Platform Software VRP
(R) software,Version 5.170 (S5720 V200R011C10SPC600)
Aruba R0X25A 6410 Chassis FL.10.09.1010
Juniper Networks, Inc. ex4400-48p Ethernet Switch, kernel JUNOS
21.2R3.8
Dell Networking X1052 1-10Gb Switch
Dell EMC Networking OS Operating System Version: 2.0 Application
Software Version: 9.14(2.10) Series: S3124F
Juniper Networks, Inc. ex4100-48mp Ethernet Switch, kernel JUNOS
22.3R1.12

FortiNAC 9.4.8 Release Notes 77

Fortinet Inc.
Device Support

Ticket # Vendor

Arista 7148S-F
CBS350-16FP-2G 16-Port Gigabit PoE Managed Switch

909011 Added device support for Netonix WS-12-250-AC.

906953 Updated the element type and used CommonSNMP to read Ports.

911439 Added device support for MICROSENS G6 Switch.

911123 Computer Services

NUSTCY3140
Alcatel-Lucent Enterprise OS6560-P24Z24 [Link].R02 GA, September
01, 2017.
Alcatel-Lucent Enterprise OS6900-T20 8.5.255.R02 GA, August 29, 2018.
Aruba JL678A 6100 24G 4SFP+ Swch PL.10.08.1040
Cisco Adaptive Security Appliance Version 9.8(4)35
HPE Comware Platform Software, Software Version 7.1.070, Release 6330
HPE 5140 8G 2SFP 2GT EI Sw Copyright (c) 2010-2021 Hewlett Packard
Enterprise Development LP

914193 Encountered issues with Brocade switch - not all VLANs are visible,
affecting VLAN settings in the model.

906953 Introduced a property allowing the use of CLI to read VLANs from Unifi
Switches.

915803 FG600F_India
ExtremeXOS (X465-24MU-24W) version [Link] [Link] by release-
manager on Fri 16 Dec 2022 [Link] AM UTC
NetVanta 1234 PoE, Version: R13.10.2, Date: Tue Aug 31 [Link] 2021
SF350-48P 48-Port 10/100 PoE Managed Switch
48-port 10/100/1000 Ethernet Switch with PoE
24-port 10/100/1000 Ethernet Switch with PoE

920357 Huawei YunShan OS Version [Link] (S5700 V600R022C01SPC500)

Copyright (C) 2021-2022 Huawei Technologies Co., Ltd. HUAWEI
CloudEngine S5735-S-V2
Aruba R8N89A 6000 12G CL4 2SFP 139W Swch PL.10.08.1010
Ruckus Wireless, Inc. ICX8200-C08PF-POE, IronWare Version
10.0.00T253 Compiled on Nov 1 2022 at [Link] labeled as RDR10000
Alcatel-Lucent OS6860E-U28 [Link].R01 Service Release, November
18, 2015.
Huawei AR151-S2 Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (AR150 V200R010C10SPC700) Copyright (C)
2011-2020 Huawei Technologies Co., Ltd

FortiNAC 9.4.8 Release Notes 78

Fortinet Inc.
Device Support

Ticket # Vendor

S5720-28TP-PWR-LI-AC Huawei Versatile Routing Platform Software VRP

(R) software,Version 5.170 (S5720 V200R019C10SPC500) Copyright (C)
2007 Huawei Technologies Co., Ltd.
S5720-52P-PWR-LI-AC Huawei Versatile Routing Platform Software VRP
(R) software,Version 5.170 (S5720 V200R011C10SPC600) Copyright (C)
2007 Huawei Technologies Co., Ltd.
ArubaOS (MODEL: Aruba9004), Version [Link]-[Link] (83952)

918683 Added device support for TPLink TL-SG2428 switches.

924265 Huawei Versatile Routing Platform Software VRP (R) software, Version
8.100 (CE5855EI V100R005C10SPC200) Copyright (C) 2012-2015
Huawei Technologies Co., Ltd. HUAWEI CE5855-24T4S2Q-EI
Cambium cnPilot E400 Access Point
Quidway S7712 Huawei Versatile Routing Platform Software VRP (R)
Software, Version 5.170 (S7700 V200R010C00SPC600) Copyright (c)
2000-2016 Huawei Technologies Co., Ltd
Aruba Instant On 1830 24G 12p Class4 PoE 2SFP 195W Switch JL813A,
InstantOn_1830_2.5.0.0 (48), Linux 4.4.120, U-Boot 2013.01 (V1.0.0.17)
S5710-28C-EI Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.110 (S5710 V200R001C00SPC300) Copyright (C)
2007 Huawei Technologies Co., Ltd.
Huawei AR2220 Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.120 (AR2220 V200R003C01SPC900) Copyright (C)
2011-2013 Huawei Technologies Co., Ltd

918683 Changed the end-of-line value to a carriage return for TP-Link switches.

871657 Pnetworks switches with newer firmware are identified as generic firewalls.

Version 9.4.3

Ticket # Vendor

875730 S5720-28X-SI-24S-AC Huawei Versatile Routing Platform Software VRP

S1720-52GWR-PWR-4P-E Huawei Versatile Routing Platform Software
VRP
S5735-S32ST4X Huawei Versatile Routing Platform Software VRP
AC6805 Huawei Versatile Routing Platform Software VRP
Alcatel-Lucent Enterprise AOS-W Version [Link]-[Link]
Cisco CBS250-8PP-D 8-Port Gigabit PoE Smart Switch
Cisco CBS350-8T-E-2G 8-Port Gigabit Managed Switch
Cisco SX350X-24F 24-Port 10G SFP+ Stackable Managed Switch

FortiNAC 9.4.8 Release Notes 79

Fortinet Inc.
Device Support

Ticket # Vendor

Cisco IOS Software, C1700 Software (AP3G2-K9W7-M), Version 15.3

(3)JD

868451 Forcepoint NGFW Firewall

878013 Meraki CW9166I Cloud Managed AP

Meraki MX105 Cloud Managed Security Appliance
Juniper Networks, Inc. ex4100-48p Ethernet Switch, kernel JUNOS
22.3R1.12
Cisco SF350-08 8-Port 10/100 Managed Switch

884423 Cisco IOS Software [Bengaluru], IE3x00 Switch Software (IE3x00-

UNIVERSALK9-M), Version 17.6.4
S5735-L48T4X-A1 Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S5735 V200R020C10SPC500)
S5720S-12TP-PWR-LI-AC Huawei Versatile Routing Platform Software
VRP (R) software,Version 5.170 (S5720 V200R019C10SPC500)
Dell Networking N3224T-ON, [Link], Linux 4.15.18-2e794c6e
Ruijie 10G Ethernet Switch (S5310-24GT4XS-P-E)
Cisco Sx220 Series Switch Software, Version [Link]
S6730-H24X6C Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S6730 V200R021C00SPC100)
SG350-20 20-Port Gigabit Managed Switch

889578 HPE Comware Platform Software, Software Version 7.1.070, Release

6530P02 HPE 5520 48G PoE+ 4SFP+ HI Swch R8M29A
Juniper Networks, Inc. ex4650-48y-8c Ethernet Switch, kernel JUNOS
21.4R3-S2.4
Aruba JL668A 6300F 24G 4SFP56
CBS350-24T-4G 24-Port Gigabit Managed Switch
Aruba JL264A 2930F-48G-PoE+-4SFP+-TAA Switch, revision
WC.16.08.0016, ROM WC.16.01.0006
HP J9855A 2530-48G-2SFP+ Switch, revision YA.16.02.0014, ROM
YA.15.19
FG400F-HYAC-01 - Routing
Cisco IOS Software, S5400 Software (S5400-UNIVERSALK9-M), Version
15.2(8)E
Extreme Networks Switch Engine (5320-48T-8XE-SwitchEngine) version
[Link] [Link]

891820 Aruba JL817A 4100i 12G CL4/6 POE 2SFP+ DIN Sw RL.10.10.1040
Huawei S1720-10GW-PWR-2P-E
Cisco IOS Software [Gibraltar], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9_IAS-M), Version 16.10.1b
Aruba 6000 48G 4SFP Switch

FortiNAC 9.4.8 Release Notes 80

Fortinet Inc.
Device Support

Ticket # Vendor

894124 Cisco 48-Port Gigabit Smart Switch

Cisco IOS Software [Cupertino], Catalyst L3 Switch Software (CAT9K_
LITE_IOSXE), Version 17.9.1

Version 9.4.2

Ticket # Vendor

793480 Cambium Networks cnPilot E410

Cambium Networks cnPilot E600

672701 Cambium XV(XV3-8, XV2-2T0)

cnPilot(E500, E430, E700) series APs

831482 Aruba JL727A 6200F 48G CL4 4SFP+370W Swch

S5735-L12P4S-A Huawei Versatile Routing Platform Software
PowerConnect 7024, [Link], VxWorks 6.6
OAW-AP1201 4.0.2
S5732-H24S6Q Huawei Versatile Routing Platform Software
AP7522 Access Point, Version [Link]-018R MIB=01a
Fortinet FortiGate
Meraki MR36H Cloud Managed AP

836420 Juniper eqfx5120-48t-6c switch

Managed Hardened PoE+ Switch, (8) 10/100/1000Base-T PoE+ Ports + (4)
100/1000Base-X SFP
Palo Alto Networks PA-400 series firewall
Dell EMC Networking OS10 Enterprise S5296F-ON

838902 Cisco IOS Software, C2960SM Software (C2960SM-LANBASEK9-M),

Version 12.2(52)EX1
Huawei AirEngine9700-M1 Huawei Versatile Routing Platform Software
VRP
Meraki MR57 Cloud Managed Indoor AP

840205 Westermo L210-F2G Rugged Compact Switches

842976 Cisco IOS Software, C800 Software

DGS-1510-52X Gigabit Ethernet SmartPro Switch
Aruba Wired Switch R8N88A

844425 Allied Telesis 510L-52GT & 550-18XSQ switches

845410 CBS350-24P-4X 24-Port Gigabit PoE Stackable Managed Switch with 10G
Uplinks

FortiNAC 9.4.8 Release Notes 81

Fortinet Inc.
Device Support

Ticket # Vendor

S6720-30C-EI-24S-AC Huawei Versatile Routing Platform Software VRP

S6730-H48X6C Huawei Versatile Routing Platform Software VRP
S5735-L8P4X-IA1 Huawei Versatile Routing Platform Software VRP

847082 Huawei NE40E-X3

Extreme SLX9540 Switch/Router
Baseline Switch 2250-SFP Plus
WS6-DGS-1210-10P/F1 6.20.007

849478 Cisco IOS Software [Gibraltar]

DGS-1210-28P/C1 4.10.004

851405 Fortinet FortiGate

Alcatel-Lucent Enterprise OS6360-P24X 8.8.56.R02 GA
Meraki MX75
Aruba JL667A 6300F 48G 4SFP56 Sw
ArubaOS (MODEL: 635)

852981 Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.5.0-2.10

854248 S1720-28GWR-PWR-4P Huawei Versatile Routing Platform Software VRP

S1730S-S24P4S-A Huawei Versatile Routing Platform Software VRP
Extreme Networks Switch Engine (Stack)
Extreme Networks Switch Engine (5320-16P-4XE-SwitchEngine)

856760 Cisco IOS Software, IE2000 Software (IE2000-UNIVERSALK9-M)

SG350-28MP 28-Port Gigabit PoE Managed Switch
Cisco IOS Software, C900 Software (C900-UNIVERSALK9-M)
Aruba Instant On 1930 24G Class4 PoE 4SFP/SFP+ 370W Switch JL684A
S5735-L48P4S-A1 Huawei Versatile Routing Platform Software

859465 Brocade Communications Systems, Inc. ICX7450-48, IronWare

Brocade Communications Systems, Inc. FWS624G-POE-PREM, IronWare
Brocade Communications Systems, Inc. FWS624G-PREM, IronWare
Brocade Communications Systems, Inc. FWS648G-PREM, IronWare
Brocade Communications Systems, Inc. FWS648, IronWare
Cisco Controller
SG550X-24 24-Port Gigabit Stackable Managed Switch

859816 Allied Telesis X510-28-GTX switches

863408 CBS350-8P-2G 8-Port Gigabit PoE Managed Switch

Cisco IOS Software, ASR900 Software (PPC_LINUX_IOSD-
UNIVERSALK9_NPE-M)
Cisco IOS Software, IE2000U Software (IE2000U-LANBASEK9-M),
Version 15.2(5)E

FortiNAC 9.4.8 Release Notes 82

Fortinet Inc.
Device Support

Ticket # Vendor

S5735-S24P4X Huawei Versatile Routing Platform Software VRP

Cisco IOS Software [Cupertino], IE3x00 Switch Software (IE3x00-
UNIVERSALK9-M)
Symbol AP410C
SG550XG-8F8T 16-Port 10G Stackable Managed Switch
Symbol AP310-1
Symbol AP7532 Access Point
Cisco CBS350-48T-4X 48-Port Gigabit Stackable Managed Switch with
10G Uplinks
Avaya Networks Ethernet Routing Switch 3526T-PWR+

871270 Huawei S5720-36C-PWR-EI-AC

Cisco IOS Software, IE2000 Software (IE2000-UNIVERSALK9-M)
Huawei S5335-L24P4X-A
Aruba JL663A 6300M 48G 4SFP56 Swch
Aruba JL719C 8360-48Y6C v2 Switch
ExtremeXOS 5320-48P-8XE-EXOS
Avaya Networks Ethernet Routing Switch 3524GT
Accton Technology SG 2404 PoE L2+ Gigabit Ethernet Switch
Huawei S5735S-L48T4S-A
Juniper SRX345

Version 9.4.1

Ticket # Vendor

805669 Extreme VSP-7400-48Y-8C ([Link])

806646 S5735-L24T4X-A1 Huawei Versatile Routing Platform Software VRP

FGT85F
S5731-H24T4XC Huawei Versatile Routing Platform Software
FGTVM641000C
S5732-H48UM2CC Huawei Versatile Routing Platform Software
FGT50A
JL581A Aruba 8320 48p
Juniper Networks, Inc. ex3400-48t Ethernet Switch

814620 Cisco IOS Software, c6848x Software (c6848x-ADVENTERPRISEK9-M)

Palo Alto Networks PA-3200 series firewall
S5735-L24P4X-A1 Huawei Versatile Routing Platform Software
S5735-L24P4S-A1 Huawei Versatile Routing Platform Software

FortiNAC 9.4.8 Release Notes 83

Fortinet Inc.
Device Support

Ticket # Vendor

Extreme Networks Switch Engine (5420F-24P-4XE-SwitchEngine)

PowerConnect 7024, [Link], VxWorks 6.6
Aruba JL658A 6300M 24SFP+ 4SFP56 Swch FL.10.09.1000
Datacenter Switch
Cisco IOS Software [Bengaluru],c8000be Software(X86_64_LINUX_IOSD-
UNIVERSALK9-M)

820169 Ruckus Wireless, Inc. ICX7850-48F, IronWare Version 08.0.95fT233

820969 HP A5120-24G SI Switch Software Version 5.20, Release 1513P13

S5720-52P-PWR-LI-AC Huawei Versatile Routing Platform Software VRP
(R) software,Version 5.170 (S5720 V200R011C10SPC600)
S5735-L8T4S-A1 Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S5735 V200R020C10SPC500)
SG500X-24 24-Port Gigabit with 4-Port 10-Gigabit Stackable Managed
Switch

824676 Dell EMC Networking OS10 Enterprise.

Palo Alto Networks PA-400 series firewall
FGT-SG-SSL
U6-Lite 6.0.19.13671
Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.5.1-2.4
CBS350-8FP-2G 8-Port Gigabit PoE Managed Switch

825863 Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.4.9-0.2

827842 Alcatel-Lucent Enterprise OS6560-P48Z16 8.7.98.R03 GA, July 05, 2021.

Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.5.1-2.4
Cisco IOS Software, IE2000 Software (IE2000-UNIVERSALK9-M), Version
15.0(1)EY
Meraki MR44 Cloud Managed AP
Cisco IOS Software, cgr1000 Software (cgr1000-UNIVERSALK9-M),
Version 15.7(3)M1
S5731-S24T4X Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S5731 V200R021C00SPC100)
PowerConnect 7024P, [Link], VxWorks 6.6

830112 Dell EMC Networking N3224P-ON, [Link], Linux 4.15.18-2ac8b3ec

Huawei AP5030DN Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (AP5030DN V200R010C00SPCd00) Dell EMC
Networking OS10 Enterprise.

833731 Huawei AR129CGVW-L Huawei Versatile Routing Platform Software VRP

S6720-56C-PWH-SI-AC Huawei Versatile Routing Platform Software VRP
Dell Networking N1524P
S5735-L24P4X-A1 Huawei Versatile Routing Platform Software VRP

FortiNAC 9.4.8 Release Notes 84

Fortinet Inc.
Device Support

Version 9.4.0

Ticket # Vendor

765568 Add support for Huawei AR550E router/switch

765569 Add support for DIGI cellular routers

779607 Add Device support from set mapping emails (2 models)

781634 Add Device support from set mapping emails (Huawei S5700-52P-LI-AC)

787686 S5735-L48T4S-A1 Huawei Versatile Routing Platform Software VRP (R)

software
CBS350-48P-4X 48-Port Gigabit PoE Stackable Managed Switch with 10G
Uplinks
CBS350-48P-4G 48-Port Gigabit PoE Managed Switch
CBS350-8P-E-2G 8-Port Gigabit PoE Managed Switch
CBS350-24T-4X 24-Port Gigabit Stackable Managed Switch with 10G
Uplinks
Linux Lethe 2.6.18-92cpx86_64 1 SMP Mon Oct 8 [Link] IDT 2018 x86_
64
Juniper Networks, Inc. srx380-poe-ac internet router, kernel JUNOS
20.4R3-S1.3
S5735-L8P4S-A1 Huawei Versatile Routing Platform Software VRP (R)
software
Fortigate fwf51E
Quidway S9712 Huawei Versatile Routing Platform Software VRP (R)
Software
Brocade Communications Systems, Inc. FastIron SX 1600
CCB 1st Sessions Court FS108F Meraki MR36H Cloud Managed AP

789282 Add support for Extreme Campus Controller WLC

792686 Huawei AR129CGVW-L Huawei Versatile Routing Platform Software VRP

(R) software
Cisco NX-OS(tm) [Link], Software (nxos)
Juniper Networks, Inc. ex4400-24p Ethernet Switch, kernel JUNOS
21.1R1.11
Aruba R8N85A 6000 48G CL4 4SFP Swch PL.10.09.1000
Aruba Instant On 1930 8G 2SFP Switch JL680A, InstantOn_1930_1.0.5.0
(139)
IE1000 Industrial Ethernet Switch, Version: 1.7.0#2018-05-
02T[Link]+00:00

796633 fortigate
Cisco IOS Software, C1000 Software (C1000-UNIVERSALK9-M), Version
15.2(7)E4

FortiNAC 9.4.8 Release Notes 85

Fortinet Inc.
Device Support

Ticket # Vendor

Aruba R8N87A 6000 24G CL4 4SFP Swch PL.10.08.1010

Meraki MS355-48X2 Cloud Managed Switch
Dell EMC Networking OS10 Enterprise.S5224F-ON

801676 HPE Comware Platform Software, Software Version 7.1.070, Release 6327
SG350XG-24F 24-Port 10G SFP+ Stackable Managed Switch
SG300-28SFP 28-Port Gigabit Managed SFP Switch
Linux PA-Mac-Ops-BCKPF-S 4.14.76-release-1.3.0 1 SMP
Aruba JL725A 6200F 24G CL4 4SFP+370W Swch ML.10.09.1000
Cisco IOS Software [Cupertino], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9-M), Version 17.7.1a
Cisco Sx220 Series Switch Software, Version [Link]
CBS350-24P-4G 24-Port Gigabit PoE Managed Switch
Firewall OCI Unimedsc
Palo Alto Networks VM-Series firewall
Canton-Firewall

783982 S5720-12TP-LI-AC
S5720-36PC-EI-AC
S5720S-52P-SI-AC
S5700-10P-PWR-LI-AC

786422 ArubaOS (MODEL: 565), Version [Link]-[Link]

790006 Netgear S4300 and S3300 Switches

792592 FortiFone X80

566257 Support for Huawei AC6605 wireless controller

System Update Settings

Field Definition

Host Set to [Link]

Auto-Definition Directory Keep the current value.

Product Distribution Set to Version_9_4

Directory

Agent Distribution Keep the current value.

Directory

User Set to updates (in lowercase)

FortiNAC 9.4.8 Release Notes 86

Fortinet Inc.
Device Support

Field Definition

Password Keep the current value.

Protocol Set to desired protocol (FTP, PFTP, HTTP, HTTPS)

Note: SFTP has been deprecated and connections will fail using this option.
SFTP will be removed from the drop down menu in a later release.

FortiNAC 9.4.8 Release Notes 87

Fortinet Inc.
Numbering Conventions

Numbering Conventions

Fortinet is using the following version number format:

<First Number>.<Second Number>.<Third Number>.<Fourth Number>
Example: [Link]
l First Number = major version
l Second Number = minor version
l Third Number = maintenance version
l Fourth Number = build version

l Release Notes pertain to a certain version of the product. Release Notes are revised as needed. The Rev
letter increments accordingly. For example, updating the Release Notes from Rev C to Rev D indicates
changes in the Release notes only -- no changes were made to the product.
l The next number represents the version in which a Known Anomaly was added to the release notes (for
example, V8.0).

FortiNAC 9.4.8 Release Notes 88

Fortinet Inc.
Copyright© 2024 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the
U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be
trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and
other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding
commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s
General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such
event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be
limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or
development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and
guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable.