FortiNAC - Release Notes

Version 9.4.4
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com

FORTINET VIDEO GUIDE

https://video.fortinet.com

FORTINET BLOG
https://blog.fortinet.com

CUSTOMER SERVICE & SUPPORT

https://support.fortinet.com

FORTINET TRAINING & CERTIFICATION PROGRAM

https://www.fortinet.com/training-certification

NSE INSTITUTE
https://training.fortinet.com

FORTIGUARD CENTER
https://www.fortiguard.com

END USER LICENSE AGREEMENT

https://www.fortinet.com/doc/legal/EULA.pdf

FEEDBACK
Email: [email protected]

July 25, 2023

FortiNAC 9.4.4 Release Notes
49-922-769106-20211216
 TABLE OF CONTENTS

Change log 5
Overview of Version 9.4.4 6
Notes 6
Supplemental Documentation 6
Version Information 6
Upgrade Requirements 8
Pre-upgrade Procedures 10
Compatibility 12
Agents 12
Web Browsers for the Administration UI 12
Operating Systems Supported Without an Agent 12
What's new 13
New features in 9.4.4 13
Important notice 13
New features 13
New features in 9.4.3 13
Important notice 13
New features in 9.4.2 13
New features in 9.4.1 14
New features in 9.4.0 14
Enhancements and Addressed Issues 16
Version 9.4.4 16
Version 9.4.3 22
Version 9.4.2 25
Version 9.4.1 35
Version 9.4.0 40
Known Issues Version 9.4.4 49
Device Support Considerations 58
Device Support 59
Version 9.4.4 59
Version 9.4.3 61
Version 9.4.2 63
Version 9.4.1 65
Version 9.4.0 66
System Update Settings 68
End of Support/End of Life 70
End of Support 70
Agent 70
Software 70
Hardware 70
Appliance Operating System 70

FortiNAC 9.4.4 Release Notes 3

Fortinet Inc.
 End of Life 71
Software 71
Numbering Conventions 72

FortiNAC 9.4.4 Release Notes 4

Fortinet Inc.
Change log

Change log

Date Change Description

7-24-2023 Initial release.

FortiNAC 9.4.4 Release Notes 5

Fortinet Inc.
Overview of Version 9.4.4

Overview of Version 9.4.4

FortiNAC v9.4.4 is the latest release being made available to customers to provide functionality and address
some known issues. Build number 0767.

Critical information about upgrading your FortiNAC should be viewed in New Features.

Notes

l Starting from 9.1.0, FortiNAC uses a new GUI format. FortiNAC cannot go backwards to a previous
version. Snapshots should always be taken on virtual appliances prior to upgrade.
l Prior to upgrading, review the FortiNAC Known Anomalies posted in the Fortinet Document Library.
l If using agents or configured for High Availability, additional steps may be required after upgrade for proper
functionality. See Upgrade Instructions and Considerations posted in the Fortinet Document Library.
l CentOS 7.4 or higher is required. The current CentOS version installed is listed as "Distribution" in the CLI
login banner or typing "sysinfo".
Example:
> sysinfo
************************************************************************
Recognized platform: Linux
Distribution: CentOS Linux release 7.6.1810 (Core)
If the CentOS version is below 7.4, run OS updates and reboot before upgrading. For instructions on
updating CentOS, refer to the Fortinet Document Library.
l For upgrade procedure, see Upgrade Instructions and Considerations posted in the Fortinet Document
Library.

Supplemental Documentation

The following can be found in the Fortinet Document Library.

l FortiNAC Release Matrix

Version Information

These Release Notes contain additional Enhancements, Device Support, and features. Unique numbering is
used for the various components of the product. The software version and Agent version supplied with this
release are listed below.

FortiNAC 9.4.4 Release Notes 6

Fortinet Inc.
Overview of Version 9.4.4

Version: 9.4.4
Agent Version: 9.4.0
A newer Persistent Agent may be required to support certain antivirus and anti-spyware products. Refer to the
Agent Release Notes in the Fortinet Document Library.
Firmware version represents a collection of system services and operating system features imaged on to the
appliance before it leaves manufacturing. The firmware image cannot be updated by a Fortinet customer.
Services within the image are updated by Fortinet or a certified Fortinet Partner in appliance maintenance
packages released as new more robust and secure versions of services become available.
Note: Upgrading software versions does not change firmware nor does it automatically require an upgrade to
the Persistent Agent. Newer Persistent Agents are not compatible with older software versions unless that
capability is specifically highlighted in the corresponding release notes.

FortiNAC 9.4.4 Release Notes 7

Fortinet Inc.
Upgrade Requirements

Upgrade Requirements

Ticket # Description

Upgrade Path Requirements Systems on version 9.1.6 must upgrade to either:

- Higher version of 9.1 (e.g. 9.1.7)
- 9.2.4 or higher
Systems on versions 8.2 or lower must upgrade to 8.3 before upgrading to
8.4 or higher.

FortiNAC License Key: Upgrading to this release requires the FortiNAC

License. It is possible, however unlikely, older appliances may not have this
specific type of license key installed. In such cases, an error will display
during the upgrade. For additional details, see KB article
https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Upgrade-
fails-with-license-requirement-error/ta-p/246324

892856 High Availability and FortiNAC Manager Environments: The following are
required as of 9.4.3:
l Key files containing certificates are installed in all FortiNAC servers.

License keys with certificates were introduced on January 1st 2020.

Appliances registered after January 1st should have certificates. To
confirm, login to the UI of each appliance and review the System
Summary Dashboard widget (Certificates = Yes). If there are no
certificates, see Importing License Key Certificates in the applicable
FortiNAC Manager Guide.
l Allowed serial numbers: Due to enhancements in communication
between FortiNAC servers, a list of allowed FortiNAC appliance serial
numbers must be set. This can be configured prior to upgrade to avoid
communication interruption. For instructions, see Pre-upgrade
Procedures.

885056 All devices managed by FortiNAC must have a unique IP address. This
includes FortiSwitches in Link Mode: Managed FortiSwitch interface IP
addresses must be unique. Otherwise, they will not be properly managed
by FortiNAC and inconsistencies may occur. This is also noted in the
FortiSwitch Integration reference manual.

9.2 As of Persistent Agent version 5.3, there is no option to disable secure

agent communications. Agents upgraded from previous versions to 5.3 or
greater will communicate over TCP 4568 regardless of the
"securityEnabled" Persistent Agent setting. Therefore, the following must
be done prior to upgrading hosts to agent version 5.3:
Ensure valid SSL certificates are installed in the Persistent Agent Certificate
Target. For details see section Certificate Management in the
Administration Guide.

FortiNAC 9.4.4 Release Notes 8

Fortinet Inc.
Upgrade Requirements

Ticket # Description

Packet Transport Configurations must have TCP 4568 listed. For

instructions see section Transport configurations in the Administration
Guide.

9.2 The number of Operating System and Anti-Virus program options in the
Scan Configuration have been reduced. Only those currently supported or
commonly in use are now listed. For a list of available Operating Systems
and Anti-Virus programs, see KB article 198098.

834826 As of FortiNAC versions 9.4.2 & vF7.x, Persistent Agent communication

using UDP 4567 is no longer supported.
It is recommended the following be checked prior to upgrade to avoid agent
communication disruptions:
SSL certificates are installed for the Persistent Agent target
Persistent Agents are running a minimum version of 5.3
For additional details see KB article 251359.
https://community.fortinet.com/t5/FortiNAC/Technical-Note-Agent-
communication-using-UDP-4567-no-longer/ta-p/251359

FortiNAC 9.4.4 Release Notes 9

Fortinet Inc.
Pre-upgrade Procedures

Pre-upgrade Procedures

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following
procedure should be done prior to upgrade to prevent communication interruption.
l This configuration applies to FortiNAC version 9.4.3 and greater.
Configure all servers to allow communication between each other. This is done using an attribute that lists all
the allowed serial numbers with which appliances can communicate.
Steps
1. Confirm key files containing certificates are installed in all FortiNAC servers.
Administration UI Method:
The System Summary Dashboard widget should show 'Certificates = Yes'.
CLI Method:
Virtual appliance: Log in to the CLI as root and type:
licensetool

Physical appliance: Log in to the CLI as root and type:

licensetool -key FILE -file /bsc/campusMgr/.licenseKeyHW

Response from the above commands should show:

"certificates =[xxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxx]".

If 'certificates = []' or there is not a 'certificates' entry listed at all, keys with certificates must be
installed. See Importing License Key Certificates in the FortiNAC Manager Guide.
2. Compile the allowed serial number list. In a text file (Notepad, etc), document the serial numbers of each
appliance. Serial numbers can be obtained in the following ways:
l Customer Portal (https://support.fortinet.com)
l System Summery Dashboard widget in the Administration UI of each appliance
l CLI of each appliance using licensetool command
Example:
FortiNAC Manager A (primary) & B (secondary)
FortiNAC-CA servers A (primary) & B (secondary)
FortiNAC-CA server C

Record serial numbers for:

FortiNAC Manager A: FNVM-Mxxxxx1
FortiNAC Manager B: FNVM-Mxxxxx2
FortiNAC-CA server A: FNVM-CAxxxxx4
FortiNAC-CA server B: FNVM-CAxxxxx5
FortiNAC-CA server C: FNVM-CAxxxxx6
3. In the same text file, write the following command, listing all the serial numbers recorded in step 2:

FortiNAC 9.4.4 Release Notes 10

Fortinet Inc.
Pre-upgrade Procedures

Command:
globaloptiontool -name security.allowedserialnumbers -setRaw
"<serialnumber1>,<serialnumber2>,<serialnumber3>"

Example
globaloptiontool -name security.allowedserialnumbers -setRaw "FNVM-Mxxxxxxx1,FNVM-
Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6"

4. Perform the following steps on all servers.

a. Log in to the CLI as root.
b. Paste the globaloptiontool command from the text file.
Note:
l The message "Warning: There is no known option with name: security.allowedserialnumbers" may
appear. This is normal.
l In High Availability configurations, only the Primary Server need to have the command entered.
Database replication will copy the configuration to the Secondary Server. Using the above example,
CLI configuration would be applied to Manager A.
Example
> globaloptiontool -name security.allowedserialnumbers -setRaw "FNVM-
Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6"
Warning: There is no known option with name: security.allowedserialnumbers
New option added

c. Confirm entry by typing:

globaloptiontool -name security.allowedserialnumbers

Example
> globaloptiontool -name security.allowedserialnumbers
Warning: There is no known option with name: security.allowedserialnumbers
122 security.allowedserialnumbers: FNVM-Mxxxxxxx1,FNVM-Mxxxxxxx2,FNVM-
CAxxxxx4,FNVM-CAxxxxx5,FNVM-CAxxxxx6

5. Log out of the CLI. Type:

logout

You have completed the pre-upgrade procedure.

FortiNAC 9.4.4 Release Notes 11

Fortinet Inc.
Compatibility

Compatibility

FortiNAC Product releases are not backwards compatible. It is not possible to go from a newer release to any
older release.
Example: 9.4.0.0171 cannot be downgraded to any other release.
To backup the current system prior to upgrade on virtual machines, perform a snapshot. For physical
appliances refer to the document Back Up and Restore an Image of a FortiNAC Appliance.

Agents

FortiNAC Agent Package releases 5.x are compatible with FortiNAC Product release 9.x. Compatibility of Agent
Package versions 4.x and below with FortiNAC versions 9.x are not guaranteed.

Web Browsers for the Administration UI

Many of the views in FortiNAC are highly dependent on JavaScript. The browser used directly impacts the
performance of these views. It is recommended that you choose a browser with enhanced JavaScript
processing.

Operating Systems Supported Without an Agent

Android Apple iOS Blackberry OS BlackBerry 10 OS

Chrome OS Free BSD Kindle Kindle Fire

iOS for iPad iOS for iPhone iOS for iPod Linux

Mac OS X Open BSD Net BSD RIM Tablet OS

Solaris Symian Web OS Windows

Windows CE Windows Phone Windows RT

FortiNAC 9.4.4 Release Notes 12

Fortinet Inc.
What's new

What's new

New features in 9.4.4

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features

RADIUS MSCHAPv2 credential validation against local users

Allows mschap module in FreeRADIUS service to authenticate user credentials without a query to a backend
active directory.
Add keytab support for Winbind
Allows for winbind configuration supporting RADIUS MSCHAPv2 authentication requests and Portal
authentication via Kerberos without requiring an administrator password to join the domain.
Add support for OAuth2.0 authentication
Added FortiNAC integration with Airwatch to support OAuth authentication.

New features in 9.4.3

Important notice

Enhancements were made to the communication method between FortiNAC servers for security. Due to this
change, all FortiNAC servers must have additional configuration in order to communicate. The following
See Pre-upgrade Procedures for procedures that should be done prior to upgrade to prevent communication
interruption.

New features in 9.4.2

There are no new features in FortiNAC v9.4.2.

FortiNAC 9.4.4 Release Notes 13

Fortinet Inc.
What's new

New features in 9.4.1

There are no new features in FortiNAC v9.4.1.

New features in 9.4.0

New features

User Group Support with FortiAuthenticator RADIUS Integrations (715957, 713515)

Version 9.4.0 has made it easier to use FortiAuthenticator with FortiNAC for RADIUS integrations.
Administrators will no longer be forced to change their FortiAuthenticator configuration when connecting to
FortiNAC. New enhancements allow FortiNAC to receive user groups from FortiAuthenticator during the
RADIUS authentication process.
For details, see "Fortinet-Group-Name" under RADIUS section of the Administration Guide.
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/214558/radius

SMS Gateway (586499)

FortiNAC has the ability to send SMS messages to administrators, guests or users. Previous versions of
FortiNAC only supported the Mail to SMS method; now, FortiNAC adds support for API/HTTPS-based SMS
gateway integration. FortiNAC 9.4.0 has built-in integration with cloud-based SMS providers such as Twilio, and
LDAP group mapping for sponsors.
In the GUI, see: Network > Service Connectors > Email/SMS
See information in the Administration Guide: https://docs.fortinet.com/document/fortinac/9.4.0/administration-
guide/19358/email-sms

AV agent monitoring (759481)

Previous versions of FortiNAC only checked for Antivirus compliance within the Windows Defender AV product.
v9.4.0 adds an option to choose "Security-Center" in the Windows AV category for up-to-date virus definitions,
providing compliant protection for those Windows running end points.

Kerberos Support (699487)

v9.4.0 adds Kerberos support for admin and for user authentication on FortiNAC-CA, as well as admin
authentication on FNAC-M.

Enhancements

RADIUS Logging and Dashboard (744581, 751403)

Version 9.4.0 has made it easier to authenticate large numbers of users with 802.1x. With concise information
on the dashboard to see pass/fails of 802.1x/MAB authentication, v9.4.0 gives at-a-glance insight. Importantly,

FortiNAC 9.4.4 Release Notes 14

Fortinet Inc.
What's new

logs of failed authentications can be exported.

In the GUI, see: Network > RADIUS > Activity
For information in the administration guide, see:
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/270902/activity

Azure Document update (667439)

Updated and enhanced FortiNAC Azure deployment guide. See:

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/3c52cb13-d573-11e9-8977-
00505692583a/FortiNAC-8.6.0-Azure_Deployment_Guide.pdf

Device support

Huawei Wireless LAN Controllers AC 6605, 6005 and 6508 (592592, 566257)

FortiNAC v9.4.0 adds device support for Huawei AC-6005-8 Wireless Controller.

Palo Alto VPN (606729)

Added support for Palo Alto VPN.

Add User Organizational Unit OU LDAP mapping in User/Host Profile (699857)

Added User Organizational Unit "OU" LDAP mapping in User/Host profile. FortiNAC sends OU along with
FortiGate Device Tag and User Group via FSSO communication with FortiGate.

UI

New dashboard widgets (615850)

The Recent Hosts widget displays newly discovered hosts by type.

The Top Host Activity widget displays the hosts with the most connection activity over a configurable period of
time.
The Logical Network Access widget displays all Hosts that had access to each Logical Network over a
configurable period of time.
The RADIUS widget displays success/failure information over specified time frames.

FortiNAC 9.4.4 Release Notes 15

Fortinet Inc.
Enhancements and Addressed Issues

Enhancements and Addressed Issues

These changes have been made in FortiNAC Version 9.4.4. These enhancements are in addition to the
enhancements that are outlined in previous releases.

Version 9.4.4

Ticket # Description

833088 Deleting a switch removes all port nesting's removing all ports from
FortiNAC System Port Group.

834025 Allied Telesys devices using standard SNMP for L2 polling fails if there are
entries in the dot1qTpFdb table with a port index of 0.

835149 When an endpoint is registered as a device in Host AND

Inventory/Topology, it is not possible to edit the host role. The option is
available, but changes do not apply.

858184 Custom Subject line for Self Registration Request sent to sponsor does not
reflect custom text.

860595 FortiNAC unable to change admin state on FortiGate firewall physical ports.

866343 Proxy RADIUS support added for Arista switches (802.1x and MAB).

867183 CLI communication can fail due to invalid SSH key when devices using a
Virtual IP (VIP) fail over.A new device attribute (MultiKnownHostEntries)
has been added to address.For details see Model configuration in the 9.4
Administration Guide.

868451 L3 support for Forcepoint firewalls.

868712 In some instances, Administration UI is inaccessible after running the

Configuration Wizard during a new deployment.Clicking Config Wizard
results in "No User"error.

869052 Meraki MX doesn't pass CLI credentials validation.

869097 Prioritize the IP -> MAC value provided by RadiusServer for managed
wireless clients.

869316 Excessive "Authentication Failure" events after L2 poll.

869605 CLI credentials are removed from the Ubiquiti AP device model after
applying changes.

869961 Added Aruba CX series switch Port Channel support.

874812 Private VLANs not switching on Cisco switches.

FortiNAC 9.4.4 Release Notes 16

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

875287 Added User/Host Profile and Policy Configuration ID validation for API
POSTs to Authentication, Endpoint Compliance, Portal, Supplicant, and
Access policies.

875588 Unable to remove users from the All Administrators group.

875720 REST API v2 query for Scan Results returns no results.

876003 Incorrect license information displayed in License Management GUI view

after upgrade to 9.4.2. License Key Details list features as "Disabled".
Correct entitlements displayed in Dashboard and CLI.

876116 Upgrade to 9.4.2 > ManagedElementInterface causing issues with startup

and device credentials.

877934 LDAP communication failure if Primary AD is reachable but Secondary is

not.

877942 Performance issues related to Firewall Session table growing to large.

877980 Navigating to Logs > Audit Logs generates console error "Missing Type:
LOGICAL_NETWORK" when in Legacy View.

878080 Aruba CX Switch Incorrect VLAN Management Syntax.

878836 Intune MDM Integration 'Invalid Audience' when using an App registration in
the Azure Government cloud.

879773 Cannot Change "Perform proactive "Active" method profiling" setting in

Device Profiler.

880761 IP->MAC resolution doesn't update the adapter's IP after a proactive L3

polling when VLAN change occurs.

880796 API - AccessConfiguration - Access configurations should not require a

Logical Network.

882265 FortiNAC is not sending the correct serial number field to FortiAnalyzer
(FAZ).

882782 Fix NullPointerException in MessagingGatewayPlugin.sendSMS().

883046 Fortinac not sending Radius Disconnect/CoA to Aruba IAP when there is a
status change/policy match.

883068 SMTP SMS Gateway service connector: Country code prefix is incorrectly
prepended to outgoing SMS messages.

883080 Local Radius attempts to look up mac addresses in the directory for mac-
auth auth requests.

883129 Mist L2 polling may not function properly due to how Mist devices are
modeled in FortiNAC.

883146 Secondary may restart repeatedly.

FortiNAC 9.4.4 Release Notes 17

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

883221 FortiNAC now processes static MAC address entries by default for Arista
switches.

883680 404 response to HTTPS GET when polling Firewall Sessions on FortiGate
running FOS 7.2+.

884329 Base license, User/Host profiles and Network Access Policies throw
permissions errors.

884345 Improved error messaging when creating a new device using REST API.

887915 Endpoint Compliance Custom scans improperly state "in-use" by deleted

scans and cannot be deleted.

888179 Updated integer fields in the FirewallSession table to accomodate bigger

values.

888212 High Availability configuration: Endpoint Compliance Scans are not

replicated to secondary.

889103 Test Device Profiling Rule option in Network > Inventory Adapters view is
not matching properly.

889132 Global Custom Scans are not fully removed after deleting from
Manager.Consequently, scan cannot be edited or deleted on the managed
FortiNAC server.

890009 Unable to read VLANs on Ruijie S5310 switch.

890015 Unexpected error encountered when attempting to modify or create a

Syslog file under System > Settings > System communication > Syslog
Files.

890929 Unable to restart server after uploading new license key through UI (Setup
Progress > Enter License Key).

891332 HTTP 500 error when installing license key using Modify License button in
License Management view.

892486 Secondary server in a High Availability configuration does not reflect the
correct concurrent count in License Management.

892856 Communication between FortiNAC Manager and managed FortiNAC

servers enhanced for security. Important: Requires additional configuration.
See Upgrade Requirements for details.

893582 Changing default credentials in Config Wizard logs an error.

894157 Guest > View > Send SMS button returns error.

895085 RADIUS Performance problems on rogue host record creation.

896471 Licensetool not correctly displaying the subscription level from the FortiNAC
Manager.

FortiNAC 9.4.4 Release Notes 18

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

0896100 , 0896556 Error adding/removing Switch Ports to Port Group from Groups view.

883378, 882567 HA>UI hangs when re-running config HA when connected to the shared
address.

884322, 855084 Type column would not render correctly for Device Profiling Rule.

888616, 893561 System > Scheduler GUI error encountered after upgrade from an older
FortiNAC version.

897851 FortiNAC not supporting QX series Mac-notification trap.

905865 Cannot enable "Enable Quarantine VLAN Switching" option in GUI.

871758 Parse IPv6 addresses from the ipNetToPhysical table correctly.

904541 FirmwareVersion attribute missing from Meraki APs on upgrade.

904755 Several log messages related to SSO addressing initialization were always
being printed which filled the logs with unnecessary info.

904052 Policy & Objects - Endpoint Compliance - Scans - Fixed rendering of

escaped characters in both editors and tables.

833305 Guest account password is unmasked on badge when user does not have
password viewing permissions.

903869 Improve error message if NCM add server fails.

901925 Disable revoking admin permissions when all mappings are removed.

899075 NPE in readarp function caused an incomplete ARP table for Sonicwall
appliance.

902072 Replace Hashtable with ConcurrentHashMap for

DatabaseServer.savedObjects.

900284 Issue in TelnetServer that causes the Juniper logout sequence to pause for
the entirety of the current Telnet/SSH timeout.

899047 Replace: systemd-run -M VIRT_WINBIND_INST systemctl is-enabled

winbindWith: systemctl is-enabled -M VIRT_WINBIND_INST winbind

897921 Removed hostname column from Firewall Sessions view.

872900 Typo in Guided Installation informational dialog.

888213 Validate credentials of FS results in severe

removeLogicalNetworkConfigurations passed null or transient
ManagedElement.

885306 WLC Extreme VX9000 MAC table cannot be parsed.

884077 Gracefully handle guest account passwords permissions issue.

874363 SSLVPN user loses and receives TAG periodically.

FortiNAC 9.4.4 Release Notes 19

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

871340 Entering XSS causes exception and blank page.

876504 Fixed username formatting.

876818 Download Logs from UI should have longer timeout.

906953 Check if the device supports the UCD-SNMP-MIB, if so, model as a Ubiquiti
switch.

907844 Add missing RADIUS properties to Arista switches.

897921 Allow hostname collection from firewall with a global option.

883989 Update default Phone attribute for AD LDAP.

901236 Fix RADIUS Access-Reject when Direct Configuration Network Access

Policy is in use.

895097 Only return the custom device type if it is a system created device type or if
the type starts with cust_.

894165 Fix to ensure DPC rules with multiple adjacent spaces run correctly.

907854 VLAN change commands fail for Cisco SG-250.

897921 This allows the hostnames to show up in the firewall session table, but does
not update the host record unless the global option is enabled.

879697 Sync Global Objects and EPC Scans via REST RPC.

911439 Incorrect OID in device properties file - Device support for MICROSENS G6
Switch.

900281 Reverse proxy via FortiPoC causes incorrect URLs in Config Wizard.

890988 Fixed handle of Inventory > Network.

910216 Unable to upload G Suite Credential JSON file on NacOS.

907328 Fixed Guest & Contractor table null reporting total when empty.

902533 Fixed char escaping in Port and Adapter Props.

901257 HTML is not supported in the "Guest Account details".

904624 Host summary panel does not show accurate total host count.

908861 Custom filter is not applied in host or adapter view.

879814 879814 - Users & Hosts - Guests & Contractors - View Accounts - Guest
Account - Max Attendees should not show any number at all because it is
not a conference.

903055 Hosts - Filters - IP Phone - Fixed lack of selection for in the Host->Device
Type dropdown.

906398 Fixed validation error preventing log receiver modification; modifications

were rejected as duplicates based on matching existing ip and port.

FortiNAC 9.4.4 Release Notes 20

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

896002 Error creating guest accounts with duration greater than 20 days.

907523 Fixed Guest & Contractors table filter function, also fixed option menu
layout issue.

911132 Container status check is now failing due to changes to the NAC sudoers
file.

885306 Fixed StringIndexOutOfBoundsException regarding the WLC Extreme

VX9000 MAC table parsing.

897921 Added code to retrieve the hostname field from the response.

885306 Fixed an issue with regex regarding the WLC Extreme VX9000 MAC table
parsing.

881650 HP J9776A 2530-24G Switch - uplink ports are not properly displayed in
Ports view.

912128 Disconnect requests are not sent for Meraki switches.

917032 MICROSENS G6 Switch and hide Macs on link feature.

915532 Adding a DHCP scope with invalid label prevents ConfigWizard from
applying any further DHCP scope changes.

919423 API endpoint /host/scan returns status code 405 (Method Not Allowed) to
POST request.

927355 User is unable to edit the current VLAN value in the port properties dialog
on a FortiSwitch modeled in the QA FortiNAC system.

924250 PaloAlto fails validation for CLI testing SSH when REST API is supposed to
be used.

922911 Add missing radius options to the various NEC-QX switch Model
Configuration views.

925117 Fix retrieval of MibId value and add session logout to Ruijie.mib file.

899075 NPE in readarp function causes an incomplete ARP table for Sonicwall
appliance.

909839 SSO messages are being logged on and off repeatedly.

910706 Cannot create Guest account with REST v2 results in errors 400 and 500.

922274 Custom fields not loading Security Incidents.

912115 Guest Self Registration Error "The input is required".

908302 FortiNAC Icons are squeezed in the host status.

889986 Issues while enabling and adding subnets in Require Connected Adapter.

932578 Unable to L2 poll FortiLink switches on FOS 7.4.

FortiNAC 9.4.4 Release Notes 21

Fortinet Inc.
Enhancements and Addressed Issues

Version 9.4.3

Ticket # Description

833088 Deleting a switch removes all port nesting's removing all ports from
FortiNAC System Port Group.

834025 Allied Telesys devices using standard SNMP for L2 polling fails if there are
entries in the dot1qTpFdb table with a port index of 0.

835149 When an endpoint is registered as a device in Host AND

Inventory/Topology, it is not possible to edit the host role. The option is
available, but changes do not apply.

858184 Custom Subject line for Self Registration Request sent to sponsor does not
reflect custom text.

860595 FortiNAC unable to change admin state on FortiGate firewall physical ports.

866343 Proxy RADIUS support added for Arista switches (802.1x and MAB).

867183 CLI communication can fail due to invalid SSH key when devices using a
Virtual IP (VIP) fail over.A new device attribute (MultiKnownHostEntries)
has been added to address.For details see Model configuration in the 9.4
Administration Guide.

868451 L3 support for Forcepoint firewalls.

868712 In some instances, Administration UI is inaccessible after running the

Configuration Wizard during a new deployment.Clicking Config Wizard
results in "No User"error.

869052 Meraki MX doesn't pass CLI credentials validation.

869097 Prioritize the IP -> MAC value provided by RadiusServer for managed
wireless clients.

869316 Excessive "Authentication Failure" events after L2 poll.

869605 CLI credentials are removed from the Ubiquiti AP device model after
applying changes.

869961 Added Aruba CX series switch Port Channel support.

874812 Private VLANs not switching on Cisco switches.

875287 Added User/Host Profile and Policy Configuration ID validation for API
POSTs to Authentication, Endpoint Compliance, Portal, Supplicant, and
Access policies.

FortiNAC 9.4.4 Release Notes 22

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

875588 Unable to remove users from the All Administrators group.

875720 REST API v2 query for Scan Results returns no results.

876003 Incorrect license information displayed in License Management GUI view

after upgrade to 9.4.2. License Key Details list features as "Disabled".
Correct entitlements displayed in Dashboard and CLI.

876116 Upgrade to 9.4.2 > ManagedElementInterface causing issues with startup

and device credentials.

877934 LDAP communication failure if Primary AD is reachable but Secondary is

not.

877942 Performance issues related to Firewall Session table growing to large.

877980 Navigating to Logs > Audit Logs generates console error "Missing Type:
LOGICAL_NETWORK" when in Legacy View.

878080 Aruba CX Switch Incorrect VLAN Management Syntax.

878836 Intune MDM Integration 'Invalid Audience' when using an App registration in
the Azure Government cloud.

879773 Cannot Change "Perform proactive "Active" method profiling" setting in

Device Profiler.

880761 IP->MAC resolution doesn't update the adapter's IP after a proactive L3

polling when VLAN change occurs.

880796 API - AccessConfiguration - Access configurations should not require a

Logical Network.

882265 FortiNAC is not sending the correct serial number field to FortiAnalyzer
(FAZ).

882782 Fix NullPointerException in MessagingGatewayPlugin.sendSMS().

883046 Fortinac not sending Radius Disconnect/CoA to Aruba IAP when there is a
status change/policy match.

883068 SMTP SMS Gateway service connector: Country code prefix is incorrectly
prepended to outgoing SMS messages.

883080 Local Radius attempts to look up mac addresses in the directory for mac-
auth auth requests.

883129 Mist L2 polling may not function properly due to how Mist devices are
modeled in FortiNAC.

883146 Secondary may restart repeatedly.

883221 FortiNAC now processes static MAC address entries by default for Arista
switches.

883680 404 response to HTTPS GET when polling Firewall Sessions on FortiGate

FortiNAC 9.4.4 Release Notes 23

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

running FOS 7.2+.

884329 Base license, User/Host profiles and Network Access Policies throw
permissions errors.

884345 Improved error messaging when creating a new device using REST API.

887915 Endpoint Compliance Custom scans improperly state "in-use" by deleted

scans and cannot be deleted.

888179 Updated integer fields in the FirewallSession table to accomodate bigger

values.

888212 High Availability configuration: Endpoint Compliance Scans are not

replicated to secondary.

889103 Test Device Profiling Rule option in Network > Inventory Adapters view is
not matching properly.

889132 Global Custom Scans are not fully removed after deleting from
Manager.Consequently, scan cannot be edited or deleted on the managed
FortiNAC server.

890009 Unable to read VLANs on Ruijie S5310 switch.

890015 Unexpected error encountered when attempting to modify or create a

Syslog file under System > Settings > System communication > Syslog
Files.

890929 Unable to restart server after uploading new license key through UI (Setup
Progress > Enter License Key).

891332 HTTP 500 error when installing license key using Modify License button in
License Management view.

892486 Secondary server in a High Availability configuration does not reflect the
correct concurrent count in License Management.

892856 Communication between FortiNAC Manager and managed FortiNAC

servers enhanced for security. Important: Requires additional configuration.
See Upgrade Requirements for details.

893582 Changing default credentials in Config Wizard logs an error.

894157 Guest > View > Send SMS button returns error.

895085 RADIUS Performance problems on rogue host record creation.

896471 Licensetool not correctly displaying the subscription level from the FortiNAC
Manager.

0896100 , 0896556 Error adding/removing Switch Ports to Port Group from Groups view.

883378, 882567 HA>UI hangs when re-running config HA when connected to the shared
address.

FortiNAC 9.4.4 Release Notes 24

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

884322, 855084 Type column would not render correctly for Device Profiling Rule.

888616, 893561 System > Scheduler GUI error encountered after upgrade from an older
FortiNAC version.

None Device support for Dlink DGS-1210-10 Ports-Firmware 6.11.B028.

Version 9.4.2

Ticket # Description

835782 Config Wizard: Entering Application Server license is showing error (500 -
Unable to compile class for JSP)

802335 Getting a JSON string error when setting registered or logged user role on
host view page.

832313 SSH keyboard-interactive authentication fails, preventing SSH

communication to some devices.

683842 Adapter media type is set to wireless for devices that connect to wired ports
on a Fortigate.

705823 Editing or creating a groupunder NCM > Policy & Objects > Roles > Create
groups opens a new window instead of an overlay on top of the same view.

758623 The status spinner does not complete and page does not refresh when an
"in use" role is deleted.

778575 grabDeviceDebug script for more efficient log collection for device
integration issues.

792657 Deleting a currently applied shared filter in the Administration UI results in

browser console errors.

796969 FortiNAC counts FortiSwitch ports as error ports even though they are UP
and operating.

796972 Virtual port connection state displays as "not connected" even though there
are multiple hosts using that VLAN interface.

800255 DPC IP Range wildcards don't include the full range of IPs that should be
valid.

803386 Local RADIUS port can default to 0, should default to 1645.

808088 Alarms stop generating notifications.

814476 HP Switch aggregated uplink ports are not properly displayed in Ports view.

814845 Navigation Panel:Some views do not hide the navigation panel correctly.

814926 Policy & Objects > Roles: "unexpected error occurred" message when

FortiNAC 9.4.4 Release Notes 25

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

configuring the role.

815626 Upload Certificate: Long file name in Certificates field is not rendered
correctly.

816472 NCM: Logical Networks view not accessible.

820160 Roles view not available with Base license.

821112 Admins without Audit permissions see context menu.

821392 Column Filters: performing an Exact Match filter with an empty string has
inconsistent results.

821902 Search option for Firewall Groups does not display search results when
editing a Logical Network in a VDOM.

823079 Host Import: Clicking Cancel in Browse dialog removes previously selected
file.

826517 Edit Task: Title has Create Background Task as title (Create instead of
Edit).

826913 Unable to create a Network Device Role for Direct Configuration.

827870 Syslog listener addresses for FortiGate add/delete/move messages are not
updated.

828128 Unable to add allowed domains containing underscores.

829009 VLANs not being properly managed in Aruba CX series switch.

829019 NCM High Availability Resume button not working from dashboard.

829290 Context menus now have a menu separator similar to User/Host Profiles.

829361 If captive portal is not configured, High Availability system fails over due to
DHCP server not running.

829379 Unable to upgrade to version F7.2 from Administration UI. If attempted from
CLI, prompts for downgrade.

830159 Unable to Add Roles without specifying groups.

830534 SQL syntax error displayed when configuring High Availability .

830581 IP Phones in a host group fail to match policy.

830902 High Availability configurations may fail with a DHCP related error when
appliances do not have eth1 interfaces configured.

830932 Unable to configure "Entitlement Polling Success" event to alarm mapping.

831061 Unable to resume control in a High Availability system using the Admin UI.

832730 Unable to set groups for a role.Settings are not saved during create or edit.

FortiNAC 9.4.4 Release Notes 26

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

833270 Device Profiler is not matching rules.

833302 Unable to create a user on the FortiNAC appliance where the same userID
exists on the Manager (NCM).

833327 Static Routes no longer present after reboot/FortiNAC service restart.

833752 Unregistered hosts in EMS are marked as "Managed By MDM" in FortiNAC.

834041 High Availability Configuraiton page now has text indicating only the Shared
IP is GUI is accessible (when configured).

834044 Create/Modify Administrator User Generates Error But Still Performs

Action.

834461 FortiNAC is not sending required CoA attributes to Ruckus controller.

834772 Exception and 'forever loading' when importing invalid Device Profiling
Rules file.

835143 MSIntune returns partial results during MDM poll causing some host
records to be removed if "Remove Hosts Deleted from MDM Server" option
is enabled.

835405 UI is inaccessible after running the Config Wizard due to an unrecognized

keystore. The browser displays "Connection refused".

835551 Upgrade to version F7.2 from previous version gives message that
downgrading is not supported.

835838 S5735-L24P4X-A1 andAR129CGVW-L have duplicate mappings.

836136 Guest passwords not read correctly out of the database.

836137 No Results Found on RADIUS > Winbind view if results are sorted by
Joined column.

836146 radius.log file can grow too large if debug is left enabled.

836470 Manager (NCM) receives 500 error when running Config Wizard.

836606 Polling GSuite server results in a timeout, but is shown as successful.

836831 L2 poll not working in HPE Walljack.

837023 Exception unmarshalling REST Ping message.

837229 Nmap parsing fails.

837938 Edit User view will not allow for user settings to be changed.

838561 Roles: Entering angle brackets for Name and Notes converts to &lt and &gt.

838610 ConfigWizard is reporting "Unknown operation dnsmasq".

838963 Entering a script as a quick search filter name will execute the script on
create and edit.

FortiNAC 9.4.4 Release Notes 27

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

839045 RADIUS does not return the port default VLAN ID when the request does
not match any policy or enforcement group.

839399 Rest > Google Domain client POST does not allow empty values.

839417 REST > RadiusAttrGroupService does not allow ID of 0.

839888 Rest API documentation: Edit item - specifying ID which does not exist
creates new record with new ID.

839892 Rest API documentation: Typos ('an User' should be 'a User').

840218 No records found in FortiNAC "Ports" tab for CISCO ASA interfaces.

840693 Changing time zone in Config Wizard doesn't apply.

840788 RADIUS/Winbind Status not showing enabled when service is running.

840796 Host lookups in MS InTune MDM are now done based on MAC address first
and Serial number as last resort.

841405 Users & Hosts - Locate Hosts: Clicking icon in Views column leads to view
with 'Login failed for: root' message.

841540 "Enable Application Updating" option has been removed from the following
MDM Servers configuration as they do not apply: Google GSuite, MS
InTune, and Fortinet EMS.

841770 Host - Policy Details - Edit Test: performing test does not run.

841781 Allowing duplicate forwarding entries on Fortigate during L2 poll.Prevents

FortiNAC from sending RADIUS CoA packets to the FortiGate consistently.

841851 Manager (NCM) Dashboard:System Summary Missing Summary Data.

841874 Named root.hint files are missing.

841907 Slow display response in Manager (NCM) UI when pulling in Clients on

managed FortiNAC appliances.

842122 Incorrect license use percentage on dashboard.

842181 RADIUS Change of Authorization (CoA) with custom attribute Fortinet-

Host-Port-AVPair for FortiSwitch. See KB article 242393 for details.

842274 Additional routes view in Config Wizard won't load.

842280 Self-Registered guest: Checkboxes have been added to specify whether

separate emails, or, conversely, a single combined e-mail, are to be used
for providing the username and password to the user.

842370 "Local" Radius Mode is ignored in the SSID configuration if Model

Configuration is set to use Proxy.

842546 Unable to install upgrade on CentOS via GUI.

842569 Modify Group: Clicking the In Use link does not work.

FortiNAC 9.4.4 Release Notes 28

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

842607 Portal SSL changes not saved.

843049 Add Host: incorrect role being used.

843410 Exceptions in log when creating new Winbind instances under Network >
RADIUS > Windbind.

843414 URLs are not validated before being set/used under System > Settings >
User Host Management > DeviceProfiler.

843509 Corrected mapping for Dell Networking X1026 1Gb Switch.The incorrect
mapping prevented FortiNAC from accessing the switch CLI via SSH.

843897 Exceptions in the nessus log running certain DPC rules types.

844417 Under Policy & Objects > Endpoint Compliance: Scans, running a
scheduled task for a scan generates an exception in the logs.

844982 "Cannot read properties of undefined (reading 'element')" after selecting

Portal > Portal Configuration.

845035 Palo Alto VPN integration is dropping syslog messages.

845049 Users & Hosts - Hosts - Adapter Properties: Enabling Adapter is causing
browser console error.

845120 Creating a radius attribute of "<img src=x onerror=alert(Z)>" causes

RADIUS process to fail.

845175 Attempting to export an empty dataset can cause a log exception.

845454 Remote backup fails to copy files to remote server.

845792 CommonMib.snmpGet returned v1 error - OID 1.3.6.1.2.1.17.7.1.4.5.1.1

845894 Display Public SSH Keys not returning key data.

845930 Error in Manager (NCM) UI when synchronizing with a POD that has been
re-added to the Server List.

845935 UI turns gray and does not allow input when scanning a host.

846212 Network - RADIUS: toolbar buttons not in consistent order.

846257 HTTP 415 error occurs when generating a guest password.

846286 License Management view does not display information accurately.

846668 FortiNAC can't process the Mac Notification traps from FortiSwitch running
7.2.1.

846680 Administrator login RADIUS authentication failure on FortiNAC Manager

(NCM) due to duplicate FortiNAC model.

846782 Unable to read complete network configuration from Aruba IAP because of
# symbol.

FortiNAC 9.4.4 Release Notes 29

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

847955 404 errors when accessing System > Settings.

848243 Invalid data c in attribute identifier causes Radius to terminate.

848274 Create Service Connector view is empty.

848285 ApresiaPlugin debug output was enabled unnecessarily, causing

extraneous log entries.

848374 Cryptic error message displayed when setting threat override for an
application as a user who has permissions for only "Users" and "Hosts".

848620 Appliances do not start after configuring L2 High Availability with a shared
IP.

848732 Administrators - Users - Copy: Password field populated, but the user is told
to enter a valid password.

848776 Permissions - Dashboard: Unable to edit task in Pending Tasks dashboard

widget or in Alerts menu.

848954 New GUI > Users > Dialog maps Allowed Hosts to the wrong data.

849088 Permissions - Dashboard: Logical Network Host Access - panel does not
load.

849114 Recent Hosts panel does not load.

849140 Control Manager API ping of Secondary Server returns the wrong serial
number, causing ping to fail.

849244 Policy & Objects - Remediation Configuration: Remove causes exception.

849437 Unable to reset guest account password.

849455 Role view Last Modified By/Date column sorting/filtering does not work.

849459 Network Device Roles - Column Filtering: Access column filter applies filter
opposite of what is specified.

849469 User with custom permissions to only view own Self Registration requests
can see all requests.

849472 An exception occurs when a user with only "Reporting" permissions

performs actions within the Logs > Reports pages.

849483 Passive Agent - search for Passive Agent fails.

849497 FreeRADIUS service restarted whenever a new device is modeled even if

local RADIUS is not enabled.

849506 Permissions - Portal Configuration: Exception and view hangs uploading

image.

849514 FortiNAC SNMP Agent is throwing IllegalArgumentException in

output.master.

FortiNAC 9.4.4 Release Notes 30

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

849556 Cannot filter request processing rules by last modified by/date.

849871 802.1x EAP fails authentication after Quarantine VLAN is defined in Model
Configuration.

850085 Added support for non-default API domains in Juniper Mist

integrations.Previously, only api.mist.com was supported.

850163 Create new Device Profiling Rule fails on "type" field.

850913 High Availability:Manager (NCM) not in control displays HTTP Status code
500 when Admin UI is accessed.

850940 Stuck on spinner on Manager (NCM) when adding endpoint compliance

policy & configuration.

851010 FortiSwitches in FortiLink mode and VDOMs get corrupted and deleted
during a resync when a VDOM is given a NAS-IP address matching a
FortiSwitch.

851427 Adapters view - Status tooltip values - Media / Access Value fields are
swapped.

852533 Synchronization fails to delete multiple Device Profiling rules.

852636 System Performance dashboard tile can display a max of 101%.

852705 Cannot save "Confirm Rule on Interval" setting within Device Proifling rule.

852946 System Management settings cannot be saved due to error (HTTP 500).

853007 Excessive number of API requests sent to Meraki API Cloud, causingL2
Poll to fail.

853025 Nested port groups are not sychronized from Manager (NCM) to managed
FortiNAC appliance.

853446 API - Authentication Configuration - POST: Unable to create/edit an entry

with just name and note.

853499 API - Authentication Policy - POST: Unable to create an entry without

specifying ENABLED.

853507 API - Authentication Policy - POST: Unable to edit an entry without

specifying RANK.

853833 API - Portal Policy - POST: Unable to create an entry without specifying
ENABLED.

853840 API Documentation - PortalPolicy: "an portal" should be "a portal".

853894 Exceptions in logs after adding devices to L3 polling with create rogues
enabled.

853970 API - AccessConfiguration - POST:able to create/edit entry with no logical

network (which is a required field).

FortiNAC 9.4.4 Release Notes 31

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

854205 API - Network Access Policy - POST: Unable to edit an entry without
specifying RANK.

854228 nac sudoers file needs journalctl entries with no unit param passed.

854236 Errors on scheduler view on Manager (NCM) due to obsolete tasks.

854270 API - Supplicant EasyConnect Policy - POST: Unable to create an entry

without specifying ENABLED.

854659 Pop-up error when selecting the Agent Packages view.

854675 Removed API call for usage of an Endpoint Compliance Policy. There is no
"Used By" option in the UI for Policies.

854753 API requests to endpoint-compliance/scan do not require a Scan Name and

default to scriptType 0 resulting in a non-visible scan in the Scans view.

854782 API - Endpoint Compliance - Scans - POST: Result for "copy" differs when
run from API versus UI.

854800 API - Endpoint Compliance - Scans - POST: Editing a scan with bad ID
results in inconsistent error.

855065 API - Endpoint Compliance - Scan - GET: Issuing request for /product is not
returning results.

855072 API - Endpoint Compliance Policy - POST: Unable to create an entry

without specifying ENABLED.

855104 Added support for Meraki Cloud v1 API.

855192 API - Endpoint Compliance Actions - POST: Unable to create/edit event

action - required Activity cannot be specified.

855199 Config Wizard apply script not completing.

855891 FSSO failing to send to FortiGate for hosts with Persistent Agent due to lack
of IP address.

855897 Added CLI Configuration in Model Configuration view for Huawei Switch
S5731-H48P4XC.

856217 Hosts discovered by certain MDMs are incorrectly marked as having a PA.

856350 Unable to Admin Up a port via port properties in Adapter view.Incorrect port
is shown.

856362 Upgrade from 8.x to 9.2.6 GA changes Conference account password.

857035 FortiNAC cannot read the MAC-Address table for Extreme Networks
Controller.

857093 grab-log-snapshot stacktrace files are empty.

857360 Duplicate instances of the same IP address under Settings > Log Receivers
could (incorrectly) be created.

FortiNAC 9.4.4 Release Notes 32

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

858210 CoA not working for FortiAP connections.

858213 Under Users & Hosts > Device Profiling Rules, warnings are generated in
the logs when importing an exported device profile rules XML file.

858667 High Availability: Unable to download Secondary Server logs via

"Download Logs" menu in the Primary Server Admin UI.

858669 Dashboard widget "Logical Network Host Access" does not show correct
name, and does not update if logical network name changes.

858839 REST > settings/device/device-type/create-from-archive supplying invalid

image name reports success.

859149 VLAN IDs not available under Model Configuration for APs managed by
Extreme WLC .

859473 Getting NumberFormatException when processing Mac Notification traps

from FortiSwitch in FortiLink Mode.

859702 Enhanced Palo Alto SSO REST API to allow for bulk messaging.

860206 Polling threads get locked when communications are terminated

unexpectedly from the Manager (NCM).

860493 Hosts that have disconnected from Westermo switch continue to display as
"connected" in FortiNAC.

860501 Adding LDAP user populates undefined values in the fields.

860546 Added L3 polling for Extreme Campus Controllers ( XCC ).

861633 Switch doesnt have ability to add CLI config for our VOIP VLAN.

861985 Run FortiGuard IoT Scan from the Adapter View results in an error.

861989 Inventory > Events > Note is displaying the escaped text.

863439 Google Auth service connector displays escaped values.

863831 Passive Agent Configuration allows angle brackets in the name, resulting in
extra characters added to the name.

863840 Network Access Policies with angle brackets in the name cause additional
characters to be added on modification.

863859 User Host Profiles created with angle brackets in the name show up with a
blank name in the view.

863872 Angle brackets are no longer allowed to be used in the name when creating
roles.

865088 Group > Show Members renders HTML.

865110 Guest > Name column shows escaped values.

865136 User/Host Profile - Who/What Attrs - HTML values not rendering in modify

FortiNAC 9.4.4 Release Notes 33

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

dialog.

865138 The host profiles displayed in Portal Policy Add/Modify dialog could fail to
appear.

865165 Creating Host with Custom Device Type, when using a name that contains
angle brackets, results in a broken image.

865169 Hosts - Adapter Info: Adapter Description is empty if entered with angle
brackets.

865202 Network Access - Configuration - In Use - Unescaped name shown.

865268 The Policy Details dialog for a host is converting angle brackets for
user/host profiles, policies, and configurations.

866419 No landing page set for Config Wizard only users under Users & Hosts >
Administrators > Profiles > Permissions.

866432 Admin users with only System Settings permissions receive an error when
accessing the Allowed Domains page.

866507 Modify Schedule Rescan of Agents - brackets in name not displaying.

866535 Profile Device User >  Profiled Devices > Select Notes receives an error.

866966 Unable to download Agent packages from Administration UI.

867285 Device Type changes do not appear in audit log.

867293 Remote SSH backup reports "SSH keys are not configured properly" when
"Test Connection" is clicked.

867366 Configuring IPv6 address in Basic Network Config Wizard page results in
exception. Page goes blank.

868340 Reset doesn't restore Additional Routes in Config Wizard.

868651 ConfigWizard cannot be accessed after resetting FortiNAC appliance to

factory defaults.

869948 Cannot enable/disable Network Access Policies from the Network Access
Policy View.

870920 Unable to authenticate using MS-CHAP-v2 and Local RADIUS.

871268 New Android DHCP fingerprints have been added.

0834094, 0834089, 0845505, Global objects may not synchronize correctly (including Device profiling
0845493 rules, groups and group members) between the Manager (NCM) and
managed appliances.

0856192 , 0864253 FNAC FSSO does not send required groups to FortiGate.

835551, 836475 Upgrade from previous version gives message that downgrading is not
supported.

FortiNAC 9.4.4 Release Notes 34

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

848301, 770091 Network Events table not populating RADIUS events.

845163 In a High Availability environment, if no isolation networks are configured,

the dhcpd service will fail to start resulting in a failover.

Version 9.4.1

Ticket # Description

701822 Fully Qualified Host Name info Bubble is misleading.

734571 Clicking import and apply without selecting a file imports the last imported
file.

769019 Post install keytool exception in log,

773088 VLAN read failure for Adtran NetVanta 1638.

775679 Hosts are incorrectly enabled after an LDAP sync.

784543 Portal policy permission set is required to send guest email details from
Guests and Contractors view.Otherwise, 403 error is thrown.

785791 Fortigate cluster not modeled completely.

786651 MICROSENS G6 Micro-Switch not switching VLANs.

787687 Inventory > Firewall Session Polling defaults to a frequency of 0.

789654 Clients shown offline in Ruckus controller v6.0.

789840 Users & Hosts > Guests & Contractors : The description in the popup
window for Send SMS are not correct.

789970 FortiNAC does not send SSO messaging to all slots in FortiGate 6000 &
7000 chassis.

790393 In RADIUS view, able to delete TLS Service Configuration which results in
invalid state and browser error.

790864 UI allows a License key with non-matching MAC/UUID to be

installed.Installation and configuration tasks consequently fail.

791405 "Request unsuccessful with no errors reported" message opening Model

Configuration tab for HPE Walljack.

791751 In some cases, importing hosts with siblings (Adapters that are on the same
host) can result in "null" error.

791889 Audit Logs do not report the Adds from a Host Import.

795932 Radius auth fails when primary LDAP directory is down

796965 Inconsistency with device count & results returned from clicked for more

FortiNAC 9.4.4 Release Notes 35

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

details in Network Devices dashboard tile

797009 Registration Requests: Browser Console Error - logicalNetworkPanel is not

defined

799401 SNMP MAC-Notification trap support for Dell EMC Networking N3248P-
ON.

799439 Notification of failure to import expired hosts is not present

800422 exception when modify endpoint compliance policy

801717 AdminProfileMapping doesnt change the admin profiles of the groups

802114 Juniper EX9253 and qfx5120-48y-8c, Type is "Unknown" and Version is

null in the Inventory.

802908 RADIUS default server config not created on first startup

802969 Account Requests view has incorrect or missing sort keys.

803314 ConfigWizard does not correctly update hostname in /etc/hosts.

803382 Audit Log service does not use the Audit Log permissions.

803692 Non-alphanumeric characters in group names do not get created in UI

correctly.

804759 In Users & Hosts > User Accounts, clearing a value in the search box and
clicking enter results in several empty rows.

804910 Alarms: Inconsistency between "Clear" and "Delete" terminology.

804913 When clicking the count of hosts in the Logical Network Host Access tile,the
list of MAC addresses used to query the hosts is not clearing.

805426 Null pointer exception in dynamic connection host API call.

805799 NullPointerException in output.master when there is no default gateway.

806106 Juniper Change of Authorization (CoA) Fails.

806616 RADIUS Change of Auth (COA) does not complete when hosts are
deleted.Consequently, VLAN switching does not occur and host is not
isolated.

806666 Duplicate label in both overlays within the Network Events view.

806936 Importing Mist APs with CLI import tool does not add the AP models to the
L2 Wireless nor Device Interface Status groups.

807311 After NAC services restart: MAB RADIUS session times out due to
FortiNAC being busy in SSH communication with the switch.

807396 Logical Network Host Access dashboard tile not displaying accurate
counts.

FortiNAC 9.4.4 Release Notes 36

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

807689 For endpoints managed in SSO integrations, FortiNAC no longer performs

L3 polls for Rogue hosts. They are not neccessary.

808084 Send SMS in Guestserver is using user record to send the sms when it
should be using the guest record.

809462 Several NullPointerExceptions in output.master when polling FortiSwitch.

809492 Exception in OVA deploy of 9.4.0.0717: FileNotFoundException

(ScanPolicyList).

809493 Exception in OVA deploy of 9.4.0.0717: CertMgmtException.

809538 High Availability Database synchronization failure.

809857 Network > Service connectors > REST SMS gateway : password is set to
null after upgrade.

810167 iOS fingerprints misclassified as macOS.

810197 Local RADIUS panel does not prevent the configuration of an

authentication port already in use by Proxy RADIUS.

810209 SSIDs are not complete in UI for Aruba controller VIP.

811447 Upgrade failed due to: Operation CREATE USER failed for nac@localhost.

811479 High Availability: RADIUS service can start/run on primary when secondary
is in control.

811775 Performance improvements with client lookups.

812169 Virtual Winbind service management queries periodically fail.

812581 Duplicate user ID exceptions during RADIUS auth when userID does not
match the name in an email address.

812674 RADIUS Change of Auth (CoA) is not being sent to Huawei wireless after
host has registered.Prevents changing VLANs.

812908 /var/log/messages is not rotating,generating large files and high disk usage.

812930 SSO tags not being sent in 9.4.0 without group option being set.

812933 L2 poll not working for HP NJ5000-5G-PoE+ Walljack.

813564 FortiNAC fails to find API port from FortiSwitch.

813654 Added support for FortiSwitch MAC Notification traps.

813681 Missing resource exception: SSOManager in output.master.

814082 Average Requests/Min value in RADIUS dashboard now shows a fractional

value when the requests/minutes value is < 1.Previously, values < 1
displayed as 0.

814493 Restarting admin GUI may result in loss of access to GUI until server
restarted.

FortiNAC 9.4.4 Release Notes 37

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

814631 Ports not properly configured using Aruba CLI scripts.FortiNAC reads Port
ID for the port variable instead of port number.

815352 Logical network configuration mappings can return the wrong value when
host is connected via more than one interface.

815732 Obsolete RADIUS support message has been removed from generic
SNMP device Model Configuration view.

816028 RADIUS Activity view is presenting access-accept value when no activities

is recorded per snapshot.

816031 FSSO tag information is not sent to FortiGate.

816407 FortiGate L3 polling doesn't update the client IP.

816451 Importing DHCP Scopes - Wizard shows blank scope data.

816799 Fix TaskFilterSpecification startId and maxRows.

816828 Polling of entitlements for subscription licenses fail.

816871 System Update settings do not update on the Secondary Server in High
Availability environments.

816877 Host icon does not match the icon assigned by Device Profiling Rule

817022 Hosts View - Rogue record Host Name is not updated from DHCP.

817473 FortiNAC is installing two versions of the ecj jar file.

817563 In certain cases, the Network Events view does not load and Network tab
displays HTTP errors.

817767 CLI failure on Alaxala switch with enable password bypass configured.

817845 L2 Polling queue backed up, excessive polling completion times.

819384 Added DHCP fingerprint for Fortinet IP Phone.

819470 Fingerprints that can match Windows 2012 do not indicate Windows 2012.

819753 FSSO Tag assignment is not triggered before the next L3 poll.

820375 Meraki ( and possibly other ) devices incorrected managed with Generic
Radius plugin.Symptoms include the Change of Auth (CoA) packet being
sent over the wrong port.

820569 Policy - User Permissions: No Group Access causes Who/What Groups

and Where Locations Select Entries panels to hang.

821244 Device Profiler failing to match Fortiguard method when Fortiguard polling
returns confidence values over 127.

821399 FortiGuard IoT Scan doesn't work as expected.

821473 RADIUS Activity Dashboard- Show Rejected Hosts View - Changed

EAP/Outer EAP type columns to EAP/Inner EAP for consistency.

FortiNAC 9.4.4 Release Notes 38

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

821527 RADIUS does not start after upgrade from 9.4.0.0717 GA to 10.0.0.0013.

821656 Help tips added in the Settings panel for the RADIUS Widget in dashboard.

823908 Aruba switch device failed to connect using valid CLI credentials.

823955 Wireless clients connected to FortiAP show up in FNAC on wrong interface.

825436 IP addresses appended to network device names during discovery are

truncated. This can result in duplicate device and port names.

825467 WinRM Device Profiling Method doesnt handle multiple credentials

properly.

825766 Adapters View - Status tooltip clips if it contains more than 2 rows of data.

825770 DOC API - FortiNAC_REST_Schema_9.2.pdf - "deviceID" required for -

policy/logical-network-configuration/element/properties.

825920 Ruckus SZ Controller:When NAS ID = Controller IP and the Source IP =

Access Point IP, RADIUS CoA fails unexpectedly.

826155 Updated OUIs.

826648 Wireless hosts are not displayed correctly in Meraki AP device port/adapter
view.

826924 Fixed integration for DGS-1510-28X Gigabit Ethernet SmartPro Switch.

828242 Ruckus Switch Non-Default VRF Arp entries no longer contained at

ipNetToMediaPhysAddress.

828500 Unable to add domains to zones.common via GUI (Allowed Domains).

828912 MDM poll fails for MaaS360.

832965 COA Disconnect not working on Juniper EX.

833332 When an Admin user changes their own password, and error message
appears and they are immediately logged out.

833351 Guests: Cannot modify Guest - Invalid Password error.

833429 Config Wizard: Clicking Next or Back on any non-Basic Network page
returns user to Basic Network page.

833445 Config Wizard - Add/Modify Scope: Clicking Help opens page with 9.4
version loaded by default.

833700 RADIUS server fails to enable when upgrading from build 0721 to 0722.

834302 Updating NTP generates "Failed to save Time Config".

834479 When creating a new user via the REST API (and thus GUI), the password
was not hashed properly.

0810167, 0810180 Fixed fingerprints for iOS, FortiGate and FortiSwitch.Previously, they could
match the wrong devices.

FortiNAC 9.4.4 Release Notes 39

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

751468, 811479, 770730 RADIUS/Winbind services need manual startup to handle system reboot.

Version 9.4.0

Ticket # Description

643817 Added L2 Polling to Palo Alto

692446 Added Preserve Port Names option to update port names when changed at
the switch. Option can be modified at the switch and global level. See
Device properties and Network device in the administration Guide for more
information.

699487 Kerberos support  

699857 User Organizational Unit OU LDAP mapping to use it in User/Host Profile

709286 New UI menu to download log files for troubleshooting. See Download logs
in the 9.4 Administration Guide.

726333 Entitlements (such as concurrent licenses) for Subscription Licenses are

not accurately reflected in the Administration UI License Management view
and only show Base licenses.

733943 Changing password in bulk using Set Model Configuration sets the same
username for all selected devices.

747921 Portal renaming does not rename the associated CSS files.

750248 Unable to access the secondary server's Configuration Wizard in a High

Availability configuration.

752941 GUI option to select the RADIUS MAC delimiter for Juniper Switches

755328 Embed Tomcat into yams

756167 RADIUS view sort by Winbind column fails, shows empty table.

756499 MicroSoft InTune MDM integration does not support latest API.

759018 Admin user with admin user profile permissions to Access, Add/Modify and
delete "Users" is unable to create a new regular user.

762071 Radius Auth/EAP Type columns empty in Network > Device > Ports >
Adapters table.

762081 bsc-rename-ethers service fails on virtual machines.

770208 Juniper switches fail to change VLAN on ports that are RADIUS enabled.

770930 High L3 Polling frequency in environments with no SSO management

configured.

FortiNAC 9.4.4 Release Notes 40

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

770974 Event Lifetime alarm trigger rule is not being honored when configured.

773426 Continued work on wired generic RADIUS integration

773828 Not polling L2 information from PNetworks switches with latest firmware.

774724 Unable to filter Hosts and Adapters by status through API.

776171 Rewrite Host/User/Adapter dialogs

777400 Syncing "Role Based Access" may delete sub-groups

778157 L2 Polling issues with Cisco 9800 WLC firmware 17.3.

778520 Added SQL query for GroupManager.getGroupsMembershipIDs() when

determining group membership in order to improve performance.

778940 AV Product to detect Windows Security Center-detected products

779414 Client filter for User Accounts, Hosts, and Adapters not functioning properly
rewrite of OmniSources.

779873 FortiNAC processes taking unusually long to startup due to delays

resuming FirewallSessionMgr.

779901 Vulnerabilties in mysql versions less than 5.6.42.

780282 FortiNAC Events using old vendor name "Bradford Networks".

780626 Huawei Wireless controller imports nameless APs.

780755 Alarms view used the legacy Dashboard actions.

780790 CLI Failing to Alcatel Omni 6860-P48.

781520 RADIUS COA failing for FortiAP when hosts are deleted.

782374 L2 polling not parsing correctly for Motorola 7.X devices.

782418 Hide Accepted Requests Enabled and click on Expand Widget - Widget
shows Accept Requests

782433 Fix Integration for D-Link DGS-3130-30TS.

782438 InvalidYamsUserException seen during UI logout.

782740 Unable to read default and current vlans for Ruijie switches.

782744 Script install-winbind-virtual contains spaces around = assignments -

invalid.

782760 Huawei S7706 switch is not reflecting the interface port number correctly in
the Label column.

782884 Green theme has similar colors for charts.

783227 Check that freeradius gpg key is imported.

FortiNAC 9.4.4 Release Notes 41

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

783536 Portal Auth - FAC VSA Fortinet-Group-Name is not created in FNAC.

783544 Fortigate FG-200F improperly labeled as FG-201E.

783552 NAC service not running at startup when no IP address is configured for
eth0. This causes "Processes Down" to display in UI.

783587 AirWatch MDM roles are overwritten by user roles.

783621 Host import related Memory issues.

783944 Exception reading VLANs on Meru 4100 with firmware 5.1-93.

784045 Memory leak in stacked-area-chart.Symptom includes Dashboard

becoming unresponsive if left open for long periods of time.

784346 RADIUS Reject doughnut is not centered if filter does not include any reject
counts.

784517 Location filtering not working on Connections view.

784601 Group membership lookup causing high CPU utilization.

784618 RADIUS Failures after upgrading from 8.5 to 8.8 due to bad secret.

784957 Not polling L2 information from Cisco ME-3400E-24TS-M router.

785367 RADIUS GroupName - Group Members list does not show all members.

785403 Unable to add user to user group containing * in name.

785438 A None/Use Default option has been added to Users Dialog > Mobile
Providers.

786277 RADIUS Group - Exception when user group already exists with Type non-
User.

786401 Remote Scan -> Linux x86_64 -> 500 Error

786434 Allow changing CLI Passwords from Secondary and FNAC-A systems.

786670 Exception thrown when loading Logical Network Host Access tile.

786744 User Accounts view > create user is not passing password as encoded, and
will not match auth requests.

786751 Distinguished Name (DN) can now be used in User view filters.

786785 Not able to add ciphers under RADIUS > TLS config page.

787271 Certificate Management View - Server Certs & Trusted Certs views both
showing results from both views.

787562 MDM sources can't override the host icon.

787563 Fix null pointer exception during SNMP read of Meraki L2.

787584 Logical Network Host Access host info slider not displaying info.

FortiNAC 9.4.4 Release Notes 42

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

787585 DHCP fingerprints are not matching DHCP message type.

787909 Portal configuration changes don't take effect without restart.

787957 Self-Registered Guest Login,: Failed to retrieve SMS Providers - null

788066 Server startup delayed by incorrect thread start logic on Network Session
Event updater.

788089 RADIUS service will not start after upgrade to 9.2 if winbind is not fully
configured.

788119 Network Events table does not show totals for Event Type column.

788138 Network Events has no option to filter child records.

788729 Randomly RADIUS 802.1x proxy stops working.

788825 DHCP fingerprint additions, changes or improvements to the following:

"Camera","D-Link"
"Camera","TRENDnet"
"HVAC","Honeywell"
"Mobile","Samsung SmartWatch"
"Gaming","Nintendo"
"Network","Router/Netgear"
"Network","Router/D-Link"
"Network","Router/Trendnet"
"Network","Apple TV" -> "internet_tv","Apple TV"
"Network","Amazon Fire TV" -> "internet_tv","Amazon Fire TV"
"Network","Chromecast" -> "internet_tv","Chromecast"
"Network","DIRECTV" -> "internet_tv","DIRECTV"
"Network","DVR/TiVo" -> "internet_tv","DVR/TiVo"
"Network","Roku Media Player" -> "internet_tv","Roku Media Player"

788849 New dashboard tiles relating to Connections were incorrectly not masking
the background.

789018 Service Connectors > REST SMS Gateway > The required fields should be
the same in create and edit page

789061 Service Connectors > REST SMS Gateway > HTTPs Toggle is not working
expectedly when API URL is specified with https.

789228 Modifying adapter allows Physical Address to be left blank.

789309 Filtering on the column Type does not work on Network Events.

789316 Deleting multiple User Accounts in a row does not delete all user in table.

789396 Service Connectors > REST SMS Gateway > Overview: Cant tell which
REST SMS Gateway is set as default.

FortiNAC 9.4.4 Release Notes 43

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

789440 SMS sending would stop after the first user.

789763 When changing the date via the Settings tile, Recent Hosts tile date range
not updating properly.

789785 Not able to add groups to the Roles.

789865 Network > Service Connectors > REST SMS Gateway: The default
gateway is not working when the mobile provider is None.

790010 Two tiles without settings still show Settings.

790403 Fix ClassCastException in AirespaceSwitch during WAP read.

790580 Network > Service Connectors > REST SMS Gateway: Security Incidents
of a host doesn't trigger the corresponding SMS.

790747 FGT interface with VLANs does not show device connections to VLAN sub
interfaces for traps.

790854 Failure to properly read Cisco trunk ports results in undesired VLAN
switching.

790904 Creating new user as non-admin hangs retrieving Role dropdown values.

791273 Non Admin User Can Edit Admin User.

791276 Clicking EULA Link When Logging In As New User Goes To Broken Link.

791304 Admin Profile > Uncheck All removes General permissions.

791327 FortiNAC is changing WAP Uplink ports Current VLAN to match the Default
VLAN.

791342 Manually Registered IP Phones get incorrect device type assigned.

791401 Dashboard > Scans > By Day grouping is incorrect.

791841 Edit Host Dialog > Device Type is not reading/writing the correct value.

792452 NetworkSessionEventUpdater is throwing an exception on startup.

792514 A remote unauthorized user can gain the version of the Tomcat used by
FortiNAC by sending an HTTP GET request.

792516 Vulnerable scripts

792522 Fix Database auth changes for initial install.

792986 Device Types, Role, User ID drop down is not ordered.

793169 Messaging Gateways > Change how passwords are transmitted.

793920 Default Admin Profiles Have No Permissions.

794036 User Record values must be populated automatically if the user exists in an
Active Directory or an NCM.

794067 Not pulling L2 information from Aruba 8.X firmware.

FortiNAC 9.4.4 Release Notes 44

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

794362 System Update not reliably trusting fnac-updates.fortinet.net.

794381 Fortigate forwarding class does not work with tlsv1.3.

794774 Landing Page does not work for all choices.

794783 Typo in a CLI Password error message.

794791 Admin user is brought to the last-viewed page when logging in to UI instead
of designated Landing page.

794937 The Recent Hosts widget is not displaying addtional host info when clicking
counts.

795243 Portal - Request Processing Rules: Text at edge of window for Auto
Configure and Publish.

795260 Local RADIUS Server not returning proxy-state attribute in Access Accept
for Motorola/Extreme Networks WiNG VX 9000.

795260 Motorola controllers proxying AP auth requests send Proxy-State attr and
expect it unchanged in response. RADIUS (local) does not send it back.

795623 Log output from Windows Profile method when parsing fails.

796048 An error is getting thrown during NetworkSessionEvent archive & purge.

796065 Unable to set device profiling to Host to Logged in User (if Present) on
NCM.

796105 Device Type incorrectly changing for registered devices.

796145 Guest and Contractors > Select one and View > send SMS throws a null
pointer exception.

796259 In Pending Tasks page, tasks are allowed to be completed, even if their
parent task is incomplete.

796515 UnsupportedOperationException trying to autoclose FileSystem in process

manager.

796522 TelnetServer not handling SocketTimeoutException.

796533 Support for Physical Ethernet MAC for Apple TV in Jamf.

796623 MicroSoft Intune API only returns ethernetMacAddress per device.

796659 Host information does not display when clicking "Total Count" on Persistent
Agent Summary widget.

796663 Setting option for Persistent Agent System Page is not allowing to toggle
between visualizations.

796908 Clicking the number in the Logical Network Host Access tile does not open
the hosts slide.

796965 Network Device Summary widget not showing complete switches and

FortiNAC 9.4.4 Release Notes 45

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

Wireless AP counts.

797369 Added Minutes/Hours/Days control to Logical Network Host Access tile.

797439 Host > Edit Host > Cannot change the Role or manually Register as Device.

797465 Nested group memberships not detected.

797542 Dashboard > Scan > Group by Hour adjusts timezone.

797708 Force 10 switches sometimes modeled incorrectly.

797723 Local RADIUS mode:RADIUS fails for endpoints connecting to a

FortiSwitch that has been renamed.

797778 AdminProfileManager has a null reference on Startup.

797834 Unable to properly expand details of "Network Events".

797919 Network > Service Connector > REST SMS: All of the SMS sent out using
the default SMS Gateway even when the mobile provider is set.

798181 RADIUS Service Host MAC filter does not print debug if supplicant does not
use colon mac delimiter.

798234 Rejected Hosts view in RADIUS Activity tab doesn't properly filter table
results to exclude a specific reject cause.

798234 RADIUS dashboard tile - rejected hosts slide opens empty.

798511 Upgrading from 0159 to 0160 results in error: Access denied for user
nac@localhost (using password: NO).

798651 Can not access RADIUS Activity view if user has "Activity" but not "Local
Service" RADIUS view permissions.

798665 REST SMS Gateway: In Captive network > Guest Self Registratiion page,
when Mobile Provider=None, the SMS is not sent.

799804 TLSv1 and TLSv1.1 is now disabled in portal by default.

800323 Policy name in Admin Profile > Permissions are not consistent with policy
name in Policy & Object.

800408 API query for FLink FSW data deprecated in FOS 7.2+.Prevents
FortiSwitches in Link mode from being added to Inventory when the
managing FortiGate is discovered.

800811 User with permission for access users is also able to delete user.

801221 SQL Exception thrown in NetworkSessionEventUpdater if DYNAMICLOG

table is missing from database.

801252 RADIUS not mapping to correct AD server when kerberos and netbios
names differ for a single winbind instance.

801623 Phone numbers formatted to E.164 before sending to gateway.

FortiNAC 9.4.4 Release Notes 46

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

801661 GUI - URI navigation drops query params, losing tab indicator, prevents
direct links to secondary views.

801666 Host summary tile total values don't apply filter.

801971 Groups view doesn't automatically reload.

802343 The message template under Notify User Via Email is not editable in Self
Registration Login Portal Configuration.

802372 Vulnerability Scan Status on Host view page displays as "-1" instead of
passed, failed or not scanned.

802913 Clicking Cancel in Create User view results in browser console errors.

802923 ClassCastException when creating/deleting trigger.

802942 Parsing issue with Mobile Iron Cloud integration.

803033 FortiNAC Agent version 9.4.0.93 is included with this release.

803061 Multicast IPv6 addresses can now be excluded using the MAC address
Exclusion view. See MAC address exclusion in the 9.4 Administration
Guide for details. Note: After upgrade, toggle the option off and on in order
for the function to take effect.

803645 output.nessus - several java.io.FileNotFoundException errors

803651 Model Config of VDOM reports 404 error and exception in output.master.

803745 Top Host Activity Widget - maps Device Type to User&Hosts > Hosts >
Operating Systems Column instead of Device Type.

803745 The Top Host Activity tile was using getTypeLabel instead of getIconType
to populate the Device Type column

804512 A null reference exception is thrown sometimes when expanding/scrolling

the Network Events datatable.

804518 Local Radius leaves out Tunnel-Private-Group-ID and Filter-ID when

Quarantine enforcement is set to "bypass".

804913 Logical Network Host Access total count slide out shows all hosts for the
Logical Network instead of only hosts for the specificed time sample.

805725 Historic Network Event data is incorrectly setting Disconnect time.

805866 Scheduled Shared Filter Reports result in error event.

806122 Roles not being assigned properly to Registered Hosts.

806141 Network > NetworkEvents - upgrade from 9.x to 9.4Type, LogicalNetwork

and NetID is not showing expected data.

806141 Network > NetworkEvents Type, LogicalNetwork and NetID is not showing
expected data.

FortiNAC 9.4.4 Release Notes 47

Fortinet Inc.
Enhancements and Addressed Issues

Ticket # Description

806282 When a user attempts to complete a task via the notification bell, and it has
a parent task that is still open, it incorrectly displays a "Changes Saved"
message.

806567 known_hosts file has duplicate host entries.

807062 On upgrade, FortiNAC loses it eth0 IP Address.

807383 The POST method to add a new HostRecord has changed in this
version.POST attempts using the old API call fails.

586499 SMS Gateway Support

765212

725235 Debug logging enhancements

756818

751403 RADIUS Activity Monitoring - Additional Misc Fixes.

782386

782391 RADIUS health activity- Current last 90 min does not match Timeline Chart
782386 Time Span for 90 min

784737 Location and IPRange method match failure prevent matching lower rank
785526 rules.

801948 Fresh Deployed server will not start: java.sql.SQLException: Connections

803681 could not be acquired from the underlying database.

750209 Enhancement made to detect unrecognized devices that support standard

based RADIUS management via CoA/Disconnect.

759481 FortiNAC detects AV engine status on windows

FortiNAC 9.4.4 Release Notes 48

Fortinet Inc.
Known Issues Version 9.4.4

Known Issues Version 9.4.4

Ticket # Description

924690 Using a single dot as the Scan name should be restricted by the API, as it
causes filesystem issues.

936086 7.4OS FortiLink FSWs are not deleted with their associated FGT.

935588 The Device Discovery range reports more devices scanned than IP
addresses defined in the range.

934127 In Endpoint Compliance - Custom Scan - Add: an invalid scan name/label

produces an error message that needs updating.

932546 In [9.4.4] on NCM, 'Server Responses' appear duplicated when distributing

firmware.

931804 The System Performance Widget does not load data when added. It waits
for user input.

931698 L3 Device Identification displays errors in logs when attempting to initiate

Device Identification on Fortiswitch.

924236 In [9.4.4], many 'cert chain was null' entries appear in output.master when
adding endpoint compliance scans to NCM via script.

914909 The GUI reports that the HA CA system is licensed without certificates after
a failover.

914409 There is an error retrieving the log snapshot in the GUI when attempting to
download logs from both HA NCM & HA CA simultaneously.

905476 The count of Conference User Registered Attendees does not increase.

899383 In 0752 - User&Hosts>Hosts>Import: when importing a file with errors, the

view needs expanding to read the import file error.

833437 Config Wizard: Entering an invalid character results in empty UI and

browser console error.

930027 Portal SSL setting is disabled after a fail over to Secondary Server or
resume control to Primary Server in a High Availability configuration.
Workaround: Re-enable the Portal SSL setting.

889609 Switch port is not dynamically changed to uplink when v-edge router is
directly connected to Cisco switch port.
Workaround: Add v-edge router to L2 Wired Device group.

913616 No error message or feedback when configuring Winbind with a local

netbios name that exceeds 15 characters.

922114 Modifying nested group membership is not logged in admin auditing.

FortiNAC 9.4.4 Release Notes 49

Fortinet Inc.
Known Issues Version 9.4.4

Ticket # Description

932917 Mechanism to automate the generation of SSH keys when

MultiKnownHostEntries is set.

932578 Unable to L2 poll FortiLink switches on FOS 7.4.

841488 Adapters: Go To Host(s) action not working correctly - loads all hosts.

928827 Host aging is not applied to IP Phone device type.

924474 Unable to select SSIDs when creating/modifying a port group under System
> Groups. Workaround: Under SSID tab, right click SSID, select Group
Membership & select the desired group.

925603 FortiNAC currently supports one VLAN instance per FortiLink port per
VDOM.

886554 Radius Proxy is not forwarded to external radius server when SSID Server
Definitions are Inherited from Device.
Workaround: Define Primary RADIUS server and Secondary RADIUS
server in SSID configuration

889986 Unable to save changes in Require Connected Adapter.

910226 Default principal process threads thresholds are low and cause warnings or
alarms immediately after update.

910817 404 errors not being handled gracefully when requesting physical MAC for
specific host.

899821 Password Display/Generation Behavior Needs Updating in Admin Guide

due to changes in 9.2. For details see KB article 256200.

889618 Guest & Contractors View Accounts Print and Print Badge buttons print all
badges and not the one selected.

912115 Guest Self Registration Error "The input is required".

912128 FortiNAC is not sending CoA to Meraki MS switch on host state change.

901236 Radius Authentication rejecting with network access policy setup with
Direct configuration.

910706 Cannot create Guest account with REST v2 results in errors 400 and 500.

836136 Guest passwords not read correctly out of the database.

909839 Repetitive Periodic FSSO logon and logoffs due to null user information

908861 Custom filter is not applied in host or adapter view.

908343 Address objects added in the model configuration to manage VPN do not
take effect until a resync of the device.

905865 Cannot enable "Enable Quarantine VLAN Switching" option in GUI.

FortiNAC 9.4.4 Release Notes 50

Fortinet Inc.
Known Issues Version 9.4.4

Ticket # Description

890988 We are not allowing a user to view the device data with "Network Devices
>Access " only permissions for admin profile.

868999 Host status "pending at risk" is not honored if host status "safe" is ranked
higher in policy where profile is applicable.

800326 Cisco chassis switch with a Cisco WLC connected via port channel shows
as a rogue.

904541 FirmwareVersion value missing from Meraki AP's on upgrade to 9.4.

Workaround: https://community.fortinet.com/t5/tkb/workflowpage/tkb-
id/TKB23/article-id/1072

904535 3Com 4800G unable to read MAC Addresses from MAC Address Table.

894661 When Admin UI is left unattended, and admin session times out, previous
active page is still visible in the background.

896002 Error creating guest accounts with duration greater than 20 days.

903393 Unable to Remove High Availability Configuration with Control and

Application server pair.

780312 FortiNAC does not integrate with Azure Active Directory due to SAML
connection requirements.

902533 Modifying port name value via port properties that include "&" generates
"amp;" in port name.

811404 807309 Admin UI showing error "You do not have permission to access this page".
Workaround: Restart tomcat-admin service.

686910 714219 Control Manager (NCM) communication issues when the NAC systems are
connected through the WAN.For details see related KB
article https://community.fortinet.com/t5/FortiNAC/Technical-Note-NCM-
communication-issues-with-systems-across-WAN/ta-p/192434.

894165 Test Device Profiling Rule results in "Rule Does Not Match" if rule name
contains a double space.

891890 Windows 11 hosts detected as Windows 10 hosts when using Dissolvable

agent.

891530 Unable to set Admin Profile using "Set Admin Profile".

890893, 907482 Global objects synchronization not completing between manager and
appliances.
Workaround: Reboot of the CA server

889575 Cannot filter using Custom Filters.

887478 Links in the Persistent Agent Summary panel produce redundant results.

887470 Domain with single character between dots in multiple dot domains results
in error when adding to allowed domains.

FortiNAC 9.4.4 Release Notes 51

Fortinet Inc.
Known Issues Version 9.4.4

Ticket # Description

884414 Unable to switch VLANs manually in Port Properties for Aruba CX switch.

884077 Guests & Contractors | Modifying a Guest account with "Can view
passwords:" permission disabled generates error.

881837 Hosts with spaces in the hostname throws an exception when trying to
make an edit to the host where hostname contains whitespace.

878059 Using Location that specifies a device will not work if that device is a
FortiLinked FortiSwitch

874037 GUI > Users & Hosts > Host View > Quick Search - Unable to locate host by
hyphen or no delimiter.

872245 The migration procedure to move existing FortiNAC servers from CentOS
to FortiNAC-OS is currently not supported.

870875 Address Group Object "In Use" button does not display accurate results.

866378 Custom Login using a Guest Self Registration account fails with error
Registered Client Not Found.

863826 License Management view in the UI always displays "Base" for the License
Name when using subscription licenses. Workaround: Use the License
Information Dashboard Widget.

861201 Windows 11 Domain Check.

860996 Unable to read VLANs or L2 data for Huawei S6720-30C-EI-24S-AC.

858138 FSSO Tags are not sent to Wired and Wireless FortiGates after
reconnecting the LAN port on FGT1101E.

857083 After Self Registration, FortiNAC doesn't sent Disconnect-Request to

Huawei Controller.

856192 FortiNAC FSSO does not send required groups to FortiGate.

854239 Radius CoA is not working as expected - ClassNotFoundException for

CambiumAP in 9.2 release.

853870 Kaspersky Endpoint Protection 11.10 is not supported by FortiNAC.

852670 AP showing up as learned uplink not WAP Uplink.

852560 Custom Guest Account Password e-mail template is not used for Self
Registration Self Registered Guest.

847630 Newly deployed NAC via OVA was incomplete requiring various manual
workarounds to get completed.

846822 FortiNAC failed the NMAP scan due to old IP reported from the arptool.

845412 When a sync is performed on the Network Control Manager, modified group
names are not synchronized to the managed pod.

845008 Grab-log-snapshot should collect more master log files than the two

FortiNAC 9.4.4 Release Notes 52

Fortinet Inc.
Known Issues Version 9.4.4

Ticket # Description

collected.

845003 Unable to register hosts to usernames in format of an email address. An

“Error – Failed to Save Host – null” message appears.

845000 Unable to add a new LDAP or local user account when the username is in
the format of an email address. A “Failed to modify User” message appears.

843401 Wrong portal selected despite matching specific portal policy.

842134 Blank section to Captive Portal page for mobile devices added after
upgrade.

841825 Guest Self-Registration fails if using SMS.

838525 Configuring Remote Backup results in a "HTTP Status 500 – Internal

Server" error.

836435 Unable to read VLANs on Huawei 6508 WLC.

835782 Config Wizard: Entering Application Server license is showing error (500 -
Unable to compile class for JSP)

834094 When a sync is performed on the Network Control Manager, if an IO error

occurs, global device profiling rules may be removed from the managed
pod due to returning an empty list.

834089 When a sync is performed on the Network Control Manager, if an IO error

occurs, global port group membership may be removed from the managed
pod due to returning an empty list.

833735 Host icons in the Inventory view are not updated until a Layer 2 poll occurs.

833324 FortiNAC unexpectedly disabling Juniper EX interfaces when host is

deleted in "Host View".

833305 Guest account password is unmasked when printing badge even though
admin user does not have password viewing permissions.

832313 SSH keyboard-interactive is disabled by default starting with versions 9.2.7,

9.4.2 and F7.2. This may affect FortiNAC's CLI access to a limited number
of devices (like Arista switches). For details and workaround, see KB article
https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-SSH-
login-fails-due-to-SSH-keyboard/ta-p/244979

829702 FortiGate wireless clients cannot connect after a FortiNAC software

upgrade if the FortiGate device model's RADIUS secret is not populated.
This is true even though the VDOM radius secret is populated.

828499 HTTPD failed state after 9.2.5 upgrade requiring cleaning up semaphores.

827283 Roaming Guest Logical Network missing from FortiGate Model

Configuration and possibly other vendors.

826924 Issue with automatic VLAN assignment to ports on switch.

FortiNAC 9.4.4 Release Notes 53

Fortinet Inc.
Known Issues Version 9.4.4

Ticket # Description

826653 FortiNAC supplied Dynamic Addresses on the FortiGate can become

orphaned in FortiNAC High Availability environments. This can cause
unintended network access.

824088 Unable to update existing Registered Host records using Legacy View >
Hosts > Import.

818504 Linux Persistent Agent fails to install using the .deb package.

817040 FortiNAC Manager fails to connect to pods configured for L2 High

Availabilty with a virtual IP. Manager is querying eth0 IP instead of Virtual
IP.

816828 Wrong License Displayed (Base instead of Plus). Polling of entitlements is

failing.

814183 Unable to view all Certificate Details in the Certificate Management view.

813652 Security Alarms are not generating from Security Events.

812908 /var/log/messages is not rotating generating large files and high disk usage
issues.

811783 Links in the Persistent Agent Summary panel produce redundant results.

810574 "Unable to scan" message when using Dissolvable agent if scan

configuration label contains non US-ASCII characters.

809769 HTML is not supported when using "Guest Account Details" message type
template.

808523 Delete User: Admin User without Admin User Permissions is able to delete
another Admin User.

804519 Network Events and other Views - Filtering based on content entered in the
filter field does not produce results. Workaround: Leave filter field blank and
select an object in the drop-down instead.

800870 Packet from a secondary that is not the secondary in the configuration will
prevent the primary from starting.

800325 Cisco Port Channel Link Resolution.

795411 Not able to click the "In Use" number of Concurrent Licenses Widget.

793634 MDM Server Last Polled and Last Successful Poll information removed in
9.x.

792968 Legacy View for Users & Hosts > Hosts does not display items in tables.
Workaround: Enter “*” (asterisk) in search field.

791739 Google Authentication: Google Identity Services Library is currently not

supported.

791442 Able to delete a Portal Configuration which is in use by a Portal Policy.

Removal is done without warning the user.

FortiNAC 9.4.4 Release Notes 54

Fortinet Inc.
Known Issues Version 9.4.4

Ticket # Description

784642 Norton Antivirus Plus (Norton 360) installed from app store not detected in
endpoint compliance scan.

783304 DHCP responds with unexpected addresses in the DHCP-Server-Identifier

attribute.This causes release/renew to fail. Affects appliances configured
for seperate isolation networks (Registration, Remediation, DeadEnd, etc).

776077 Local Radius to Winbind connection cannot be secured at this time.

774048 L2 HA + VIP Pairing Process Failing. Configuration completes but leaves

both appliances in a "processes down" state. Workaround: Reboot
appliances.

773733 Enhance DeviceInterface debug dumpSSOTargets output.

770974 Event to Alarm mappings failing for Clear on Event criteria.

770091 Port changes/VLAN assignments made using Local RADIUS are not being
logged as port changes.

768717 FortiNAC not consistently sending SSO logon messages to FortiGate.

767548 Register Game system with Host Inventory success page is not working.

765172 Configuration Wizard does not check whether user input subnet masks are
valid.

762704 After clicking the 'restart services' button when applying SSL certificates to
the Admin UI Certificate Target, the prompt does not clear and there is no
confirmation dialogue (even though it was successful). Clicking the 'restart
services' button again generates an error.

761745 Mist AP - Port Connection State NOT WAP Uplink.

754346 Selecting Port Changes under the Ports tab of a specific device in Network
> Inventory does not display expected results. For details and workaround,
see KB article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-
Default-filter-for-Port-Changes-does-not-populate/ta-p/209297.

752538 When in the Users & Hosts > Applications view, selecting an application
and clicking the Show Hosts option displays a page that does not provide
accurately filtered results. Workaround: Navigate Users & Hosts > Hosts
and create a custom filter to list hosts associated to an application.

739990 Android Mobile Agent prompts for server name.

730221 Stacked Meraki switches currently not supported.

710583 L2 Polling Mist APs can result in more API requests than Mist allows per
hour.

708936 FortiNAC will log off SSO for sessions that remain connected to a managed
FortiGate IPSec VPN tunnel after 12 hours.

708720 Policy evaluation may not be triggered after a host status update in

FortiNAC 9.4.4 Release Notes 55

Fortinet Inc.
Known Issues Version 9.4.4

Ticket # Description

Microsoft InTune. This can prevent the host from being moved to the proper
network. For details and workaround see related KB
article https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Policy-
evaluation-not-triggered-after-Microsoft/ta-p/203843.

699106 After a reboot, FortiNAC may change the Native VLAN on a wired switch
port following a layer 2 poll. This may cause issues for ip phones, should
they connect to a port where the native/default VLAN isn't the correct VLAN.

695435 FortiEDR is currently not supported. If required, contact sales or open a

support ticket to submit a New Feature Request (NFR).

694407 Linux hosts running CrowdStrike Falcon sensor 6.11 and later are not being
detected by the agent. This causes hosts running CrowdStrike Falcon to
incorrectly fail scans. For details and workaround, see related KB
article https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-
Linux-hosts-running-CrowdStrike-Falcon/ta-p/202694.

682438 Page Unresponsive' error when exporting hosts. For details and
workaround see related KB
article https://community.fortinet.com/t5/FortiNAC/Technical-Note-Page-
Unresponsive-error-when-exporting-hosts/ta-p/193878.

674438 Processes Scan Type option is not available when creating custom scans
for macOS systems.

631115 Only 50000 records display in Adapter and Host Views. Example: Adapters
- Displayed: 50000. Total: 57500

Not all models of all network devices can be configured to perform Physical
MAC Address Filtering even though the Admin UI indicates that the
configuration can be set. Resolution: Hosts can be disabled by
implementing a Dead-end VLAN.

For Portal v2 configurations, web pages that are stored in the site directory
to be used for Scan Configurations will not be included when you do an
Export of the Portal v2 configuration. Resolution: The files in the site
directory are backed up with the Remote Backup feature, but otherwise
keep a copy of these files in a safe place.

Removing a device from the L2 Wired Devices or L2 Wireless Devices

Group does not disable L2 (Hosts) Polling under the Polling tab in
Topology.

The "Set all hosts 'Risk State' to 'Safe'" button changes the status of all
hosts marked At-Risk to Safe. However, the status of the individual scans
for each host remain unchanged.

In a Layer 3 High Availability (HA) environment, configWizard must have a

DHCP scope defined. Running configWizard without a DHCP scope can
cause a failover.

FortiNAC 9.4.4 Release Notes 56

Fortinet Inc.
Known Issues Version 9.4.4

Ticket # Description

On FortiNAC appliances with CentOS 7, duplicate log messages may

appear in dhcpd.log for each sub interface (eth1, eth1:1, eth1:2, etc).

System > Settings > Updates > Operating System will only record and
display dates of OS updates that are completed through the Administrative
UI. If Operating System updates are run via command line using the "yum"
tool, the update is not recorded. Resolution: Execute Operating System
Updates through the Administrative UI in order to maintain update history.

Only English versions of AV/AS and their corresponding definitions are

supported.

Anti-Virus product Iolo technologies System Mechanic Professional is

currently not supported.

FortiNAC 9.4.4 Release Notes 57

Fortinet Inc.
Device Support Considerations

Device Support Considerations

Ticket # Description

897151 Device mapping for Cisco C9800-AP's adds AP's as a Cisco 9800 Wireless
controller. Cisco C9800-AP Software is not currently supported.

548902 Management of wired ports on Aerohive AP-150W controlled by

AerohiveNG is currently unsupported.

679230 Aruba 9012-US currently not supported. If required, contact sales or

support to submit a New Feature Request (NFR).

7680531 Ubiquiti Gen2 Unifi switches (example: USW-16-POE) are currently not
supported. If required, contact sales or support to submit a New Feature
Request (NFR).

At this time, integration with Juniper MAG6610 VPN Gateway is not

supported. This includes Pulse Connect Secure ASA.

At this time, integration with Cisco 1852i Controller is not supported due to
the device's limited CLI and SNMP capability. For details, see related KB
article 189545.

At this time, Fortinet does not support wired port management for the Cisco
702W. The access point does not provide the management capabilities
required.

At this time, Fortinet is not able to support the Linksys LAPN600 Wireless-
N600 Dual Band Access Point.

Ports on Avaya Networks 4850GTS-PWR+ switches sometimes show "Not

Connected" even though the port is active. This is due to multiple ports on
the switch using the same MAC Address. This prevents NAC from correctly
discerning which are "Connected" versus "Not Connected". There is no
workaround.

Device models for Avaya 4800 switches (and potentially other related
models) only support SSH. Device models for Avaya Ethernet Routing
Switches only support Telnet. Contact Support if the alternate protocol is
required.

FortiNAC 9.4.4 Release Notes 58

Fortinet Inc.
Device Support

Device Support

These changes have been made in FortiNAC Version 9.4.4. These are in addition to the device support added
in previous releases.

Version 9.4.4

Ticket # Vendor

906953 Several models of Ubiquiti UniFi switches are identified as Ubiquiti APs.

901235 Added support for RAD PowerFlow switches.

897601 Extreme SLX9540 switches Layer 2 support

898891 Cisco IOS Software [Bengaluru], c8000be Software (X86_64_LINUX_

IOSD-UNIVERSALK9-M), Version 17.6.5, RELEASE SOFTWARE (fc2)
Hirschmann RSR
Cisco IOS Software, ir800 Software (ir800-UNIVERSALK9-M), Version
15.9(3)M5, RELEASE SOFTWARE (fc1)
Cisco IOS Software [Cupertino], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9_IOT-M), Version 17.9.1, RELEASE SOFTWARE (fc8)

897151 Removed invalid device mapping for C9800-AP Software.

905491 Cisco Adaptive Security Appliance Version 9.13(1)2

Cisco IOS Software [Amsterdam], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9-M), Version 17.3.4a, RELEASE SOFTWARE (fc3)
Brocade Communications Systems, Inc. Stacking System FCX648S-
HPOE-PREM, IronWare Version 08.0.30qT7F2 labeled as FCXR08030q
Ruckus Wireless, Inc. ICX7650-48Z-HPOE, IronWare Version
08.0.70dT231 Compiled on Nov 28 2018 at 10:47:15 labeled as
TNS08070d
S5720-28X-PWR-LI-AC Huawei Versatile Routing Platform Software VRP
(R) software,Version 5.170 (S5720 V200R011C10SPC600)
Aruba R0X25A 6410 Chassis FL.10.09.1010
Juniper Networks, Inc. ex4400-48p Ethernet Switch, kernel JUNOS
21.2R3.8
Dell Networking X1052 1-10Gb Switch
Dell EMC Networking OS Operating System Version: 2.0 Application
Software Version: 9.14(2.10) Series: S3124F
Juniper Networks, Inc. ex4100-48mp Ethernet Switch, kernel JUNOS
22.3R1.12
Arista 7148S-F

FortiNAC 9.4.4 Release Notes 59

Fortinet Inc.
Device Support

Ticket # Vendor

CBS350-16FP-2G 16-Port Gigabit PoE Managed Switch

909011 Added device support for Netonix WS-12-250-AC.

906953 Updated the element type and used CommonSNMP to read Ports.

911439 Added device support for MICROSENS G6 Switch.

911123 Computer Services

NUSTCY3140
Alcatel-Lucent Enterprise OS6560-P24Z24 8.4.1.229.R02 GA, September
01, 2017.
Alcatel-Lucent Enterprise OS6900-T20 8.5.255.R02 GA, August 29, 2018.
Aruba JL678A 6100 24G 4SFP+ Swch PL.10.08.1040
Cisco Adaptive Security Appliance Version 9.8(4)35
HPE Comware Platform Software, Software Version 7.1.070, Release 6330
HPE 5140 8G 2SFP 2GT EI Sw Copyright (c) 2010-2021 Hewlett Packard
Enterprise Development LP

914193 Encountered issues with Brocade switch - not all VLANs are visible,
affecting VLAN settings in the model.

906953 Introduced a property allowing the use of CLI to read VLANs from Unifi
Switches.

915803 FG600F_India
ExtremeXOS (X465-24MU-24W) version 32.3.1.11 32.3.1.11 by release-
manager on Fri 16 Dec 2022 11:30:47 AM UTC
NetVanta 1234 PoE, Version: R13.10.2, Date: Tue Aug 31 13:29:02 2021
SF350-48P 48-Port 10/100 PoE Managed Switch
48-port 10/100/1000 Ethernet Switch with PoE
24-port 10/100/1000 Ethernet Switch with PoE

920357 Huawei YunShan OS Version 1.22.0.1 (S5700 V600R022C01SPC500)

Copyright (C) 2021-2022 Huawei Technologies Co., Ltd. HUAWEI
CloudEngine S5735-S-V2
Aruba R8N89A 6000 12G CL4 2SFP 139W Swch PL.10.08.1010
Ruckus Wireless, Inc. ICX8200-C08PF-POE, IronWare Version
10.0.00T253 Compiled on Nov 1 2022 at 00:46:53 labeled as RDR10000
Alcatel-Lucent OS6860E-U28 8.2.1.258.R01 Service Release, November
18, 2015.
Huawei AR151-S2 Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (AR150 V200R010C10SPC700) Copyright (C)
2011-2020 Huawei Technologies Co., Ltd
S5720-28TP-PWR-LI-AC Huawei Versatile Routing Platform Software VRP
(R) software,Version 5.170 (S5720 V200R019C10SPC500) Copyright (C)
2007 Huawei Technologies Co., Ltd.

FortiNAC 9.4.4 Release Notes 60

Fortinet Inc.
Device Support

Ticket # Vendor

S5720-52P-PWR-LI-AC Huawei Versatile Routing Platform Software VRP

(R) software,Version 5.170 (S5720 V200R011C10SPC600) Copyright (C)
2007 Huawei Technologies Co., Ltd.
ArubaOS (MODEL: Aruba9004), Version 8.7.0.0-2.3.0.7 (83952)

918683 Added device support for TPLink TL-SG2428 switches.

924265 Huawei Versatile Routing Platform Software VRP (R) software, Version
8.100 (CE5855EI V100R005C10SPC200) Copyright (C) 2012-2015
Huawei Technologies Co., Ltd. HUAWEI CE5855-24T4S2Q-EI
Cambium cnPilot E400 Access Point
Quidway S7712 Huawei Versatile Routing Platform Software VRP (R)
Software, Version 5.170 (S7700 V200R010C00SPC600) Copyright (c)
2000-2016 Huawei Technologies Co., Ltd
Aruba Instant On 1830 24G 12p Class4 PoE 2SFP 195W Switch JL813A,
InstantOn_1830_2.5.0.0 (48), Linux 4.4.120, U-Boot 2013.01 (V1.0.0.17)
S5710-28C-EI Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.110 (S5710 V200R001C00SPC300) Copyright (C)
2007 Huawei Technologies Co., Ltd.
Huawei AR2220 Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.120 (AR2220 V200R003C01SPC900) Copyright (C)
2011-2013 Huawei Technologies Co., Ltd

918683 Changed the end-of-line value to a carriage return for TP-Link switches.

871657 Pnetworks switches with newer firmware are identified as generic firewalls.

Version 9.4.3

Ticket # Vendor

875730 S5720-28X-SI-24S-AC Huawei Versatile Routing Platform Software VRP

S1720-52GWR-PWR-4P-E Huawei Versatile Routing Platform Software
VRP
S5735-S32ST4X Huawei Versatile Routing Platform Software VRP
AC6805 Huawei Versatile Routing Platform Software VRP
Alcatel-Lucent Enterprise AOS-W Version 6.4.2.6-4.1.1.13
Cisco CBS250-8PP-D 8-Port Gigabit PoE Smart Switch
Cisco CBS350-8T-E-2G 8-Port Gigabit Managed Switch
Cisco SX350X-24F 24-Port 10G SFP+ Stackable Managed Switch
Cisco IOS Software, C1700 Software (AP3G2-K9W7-M), Version 15.3
(3)JD

868451 Forcepoint NGFW Firewall

FortiNAC 9.4.4 Release Notes 61

Fortinet Inc.
Device Support

Ticket # Vendor

878013 Meraki CW9166I Cloud Managed AP

Meraki MX105 Cloud Managed Security Appliance
Juniper Networks, Inc. ex4100-48p Ethernet Switch, kernel JUNOS
22.3R1.12
Cisco SF350-08 8-Port 10/100 Managed Switch

884423 Cisco IOS Software [Bengaluru], IE3x00 Switch Software (IE3x00-

UNIVERSALK9-M), Version 17.6.4
S5735-L48T4X-A1 Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S5735 V200R020C10SPC500)
S5720S-12TP-PWR-LI-AC Huawei Versatile Routing Platform Software
VRP (R) software,Version 5.170 (S5720 V200R019C10SPC500)
Dell Networking N3224T-ON, 6.8.1.0, Linux 4.15.18-2e794c6e
Ruijie 10G Ethernet Switch (S5310-24GT4XS-P-E)
Cisco Sx220 Series Switch Software, Version 1.2.1.2
S6730-H24X6C Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S6730 V200R021C00SPC100)
SG350-20 20-Port Gigabit Managed Switch

889578 HPE Comware Platform Software, Software Version 7.1.070, Release

6530P02 HPE 5520 48G PoE+ 4SFP+ HI Swch R8M29A
Juniper Networks, Inc. ex4650-48y-8c Ethernet Switch, kernel JUNOS
21.4R3-S2.4
Aruba JL668A 6300F 24G 4SFP56
CBS350-24T-4G 24-Port Gigabit Managed Switch
Aruba JL264A 2930F-48G-PoE+-4SFP+-TAA Switch, revision
WC.16.08.0016, ROM WC.16.01.0006
HP J9855A 2530-48G-2SFP+ Switch, revision YA.16.02.0014, ROM
YA.15.19
FG400F-HYAC-01 - Routing
Cisco IOS Software, S5400 Software (S5400-UNIVERSALK9-M), Version
15.2(8)E
Extreme Networks Switch Engine (5320-48T-8XE-SwitchEngine) version
32.3.1.11 32.3.1.11

891820 Aruba JL817A 4100i 12G CL4/6 POE 2SFP+ DIN Sw RL.10.10.1040
Huawei S1720-10GW-PWR-2P-E
Cisco IOS Software [Gibraltar], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9_IAS-M), Version 16.10.1b
Aruba 6000 48G 4SFP Switch

894124 Cisco 48-Port Gigabit Smart Switch

Cisco IOS Software [Cupertino], Catalyst L3 Switch Software (CAT9K_
LITE_IOSXE), Version 17.9.1

FortiNAC 9.4.4 Release Notes 62

Fortinet Inc.
Device Support

Version 9.4.2

Ticket # Vendor

793480 Cambium Networks cnPilot E410

Cambium Networks cnPilot E600

672701 Cambium XV(XV3-8, XV2-2T0)

cnPilot(E500, E430, E700) series APs

831482 Aruba JL727A 6200F 48G CL4 4SFP+370W Swch

S5735-L12P4S-A Huawei Versatile Routing Platform Software
PowerConnect 7024, 5.1.17.1, VxWorks 6.6
OAW-AP1201 4.0.2
S5732-H24S6Q Huawei Versatile Routing Platform Software
AP7522 Access Point, Version 7.7.0.0-018R MIB=01a
Fortinet FortiGate
Meraki MR36H Cloud Managed AP

836420 Juniper eqfx5120-48t-6c switch

Managed Hardened PoE+ Switch, (8) 10/100/1000Base-T PoE+ Ports + (4)
100/1000Base-X SFP
Palo Alto Networks PA-400 series firewall
Dell EMC Networking OS10 Enterprise S5296F-ON

838902 Cisco IOS Software, C2960SM Software (C2960SM-LANBASEK9-M),

Version 12.2(52)EX1
Huawei AirEngine9700-M1 Huawei Versatile Routing Platform Software
VRP
Meraki MR57 Cloud Managed Indoor AP

840205 Westermo L210-F2G Rugged Compact Switches

842976 Cisco IOS Software, C800 Software

DGS-1510-52X Gigabit Ethernet SmartPro Switch
Aruba Wired Switch R8N88A

844425 Allied Telesis 510L-52GT & 550-18XSQ switches

845410 CBS350-24P-4X 24-Port Gigabit PoE Stackable Managed Switch with 10G
Uplinks
S6720-30C-EI-24S-AC Huawei Versatile Routing Platform Software VRP
S6730-H48X6C Huawei Versatile Routing Platform Software VRP
S5735-L8P4X-IA1 Huawei Versatile Routing Platform Software VRP

847082 Huawei NE40E-X3

Extreme SLX9540 Switch/Router
Baseline Switch 2250-SFP Plus
WS6-DGS-1210-10P/F1 6.20.007

FortiNAC 9.4.4 Release Notes 63

Fortinet Inc.
Device Support

Ticket # Vendor

849478 Cisco IOS Software [Gibraltar]

DGS-1210-28P/C1 4.10.004

851405 Fortinet FortiGate

Alcatel-Lucent Enterprise OS6360-P24X 8.8.56.R02 GA
Meraki MX75
Aruba JL667A 6300F 48G 4SFP56 Sw
ArubaOS (MODEL: 635)

852981 Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.5.0-2.10

854248 S1720-28GWR-PWR-4P Huawei Versatile Routing Platform Software VRP

S1730S-S24P4S-A Huawei Versatile Routing Platform Software VRP
Extreme Networks Switch Engine (Stack)
Extreme Networks Switch Engine (5320-16P-4XE-SwitchEngine)

856760 Cisco IOS Software, IE2000 Software (IE2000-UNIVERSALK9-M)

SG350-28MP 28-Port Gigabit PoE Managed Switch
Cisco IOS Software, C900 Software (C900-UNIVERSALK9-M)
Aruba Instant On 1930 24G Class4 PoE 4SFP/SFP+ 370W Switch JL684A
S5735-L48P4S-A1 Huawei Versatile Routing Platform Software

859465 Brocade Communications Systems, Inc. ICX7450-48, IronWare

Brocade Communications Systems, Inc. FWS624G-POE-PREM, IronWare
Brocade Communications Systems, Inc. FWS624G-PREM, IronWare
Brocade Communications Systems, Inc. FWS648G-PREM, IronWare
Brocade Communications Systems, Inc. FWS648, IronWare
Cisco Controller
SG550X-24 24-Port Gigabit Stackable Managed Switch

859816 Allied Telesis X510-28-GTX switches

863408 CBS350-8P-2G 8-Port Gigabit PoE Managed Switch

Cisco IOS Software, ASR900 Software (PPC_LINUX_IOSD-
UNIVERSALK9_NPE-M)
Cisco IOS Software, IE2000U Software (IE2000U-LANBASEK9-M),
Version 15.2(5)E
S5735-S24P4X Huawei Versatile Routing Platform Software VRP
Cisco IOS Software [Cupertino], IE3x00 Switch Software (IE3x00-
UNIVERSALK9-M)
Symbol AP410C
SG550XG-8F8T 16-Port 10G Stackable Managed Switch
Symbol AP310-1
Symbol AP7532 Access Point

FortiNAC 9.4.4 Release Notes 64

Fortinet Inc.
Device Support

Ticket # Vendor

Cisco CBS350-48T-4X 48-Port Gigabit Stackable Managed Switch with

10G Uplinks
Avaya Networks Ethernet Routing Switch 3526T-PWR+

871270 Huawei S5720-36C-PWR-EI-AC

Cisco IOS Software, IE2000 Software (IE2000-UNIVERSALK9-M)
Huawei S5335-L24P4X-A
Aruba JL663A 6300M 48G 4SFP56 Swch
Aruba JL719C 8360-48Y6C v2 Switch
ExtremeXOS 5320-48P-8XE-EXOS
Avaya Networks Ethernet Routing Switch 3524GT
Accton Technology SG 2404 PoE L2+ Gigabit Ethernet Switch
Huawei S5735S-L48T4S-A
Juniper SRX345

Version 9.4.1

Ticket # Vendor

805669 Extreme VSP-7400-48Y-8C (8.1.6.0)

806646 S5735-L24T4X-A1 Huawei Versatile Routing Platform Software VRP

FGT85F
S5731-H24T4XC Huawei Versatile Routing Platform Software
FGTVM641000C
S5732-H48UM2CC Huawei Versatile Routing Platform Software
FGT50A
JL581A Aruba 8320 48p
Juniper Networks, Inc. ex3400-48t Ethernet Switch

814620 Cisco IOS Software, c6848x Software (c6848x-ADVENTERPRISEK9-M)

Palo Alto Networks PA-3200 series firewall
S5735-L24P4X-A1 Huawei Versatile Routing Platform Software
S5735-L24P4S-A1 Huawei Versatile Routing Platform Software
Extreme Networks Switch Engine (5420F-24P-4XE-SwitchEngine)
PowerConnect 7024, 5.1.18.1, VxWorks 6.6
Aruba JL658A 6300M 24SFP+ 4SFP56 Swch FL.10.09.1000
Datacenter Switch
Cisco IOS Software [Bengaluru],c8000be Software(X86_64_LINUX_IOSD-
UNIVERSALK9-M)

820169 Ruckus Wireless, Inc. ICX7850-48F, IronWare Version 08.0.95fT233

FortiNAC 9.4.4 Release Notes 65

Fortinet Inc.
Device Support

Ticket # Vendor

820969 HP A5120-24G SI Switch Software Version 5.20, Release 1513P13

S5720-52P-PWR-LI-AC Huawei Versatile Routing Platform Software VRP
(R) software,Version 5.170 (S5720 V200R011C10SPC600)
S5735-L8T4S-A1 Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S5735 V200R020C10SPC500)
SG500X-24 24-Port Gigabit with 4-Port 10-Gigabit Stackable Managed
Switch

824676 Dell EMC Networking OS10 Enterprise.

Palo Alto Networks PA-400 series firewall
FGT-SG-SSL
U6-Lite 6.0.19.13671
Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.5.1-2.4
CBS350-8FP-2G 8-Port Gigabit PoE Managed Switch

825863 Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.4.9-0.2

827842 Alcatel-Lucent Enterprise OS6560-P48Z16 8.7.98.R03 GA, July 05, 2021.

Allied Telesis router/switch, Software (AlliedWare Plus) Version 5.5.1-2.4
Cisco IOS Software, IE2000 Software (IE2000-UNIVERSALK9-M), Version
15.0(1)EY
Meraki MR44 Cloud Managed AP
Cisco IOS Software, cgr1000 Software (cgr1000-UNIVERSALK9-M),
Version 15.7(3)M1
S5731-S24T4X Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (S5731 V200R021C00SPC100)
PowerConnect 7024P, 5.1.18.1, VxWorks 6.6

830112 Dell EMC Networking N3224P-ON, 6.6.3.14, Linux 4.15.18-2ac8b3ec

Huawei AP5030DN Huawei Versatile Routing Platform Software VRP (R)
software,Version 5.170 (AP5030DN V200R010C00SPCd00) Dell EMC
Networking OS10 Enterprise.

833731 Huawei AR129CGVW-L Huawei Versatile Routing Platform Software VRP

S6720-56C-PWH-SI-AC Huawei Versatile Routing Platform Software VRP
Dell Networking N1524P
S5735-L24P4X-A1 Huawei Versatile Routing Platform Software VRP

Version 9.4.0

Ticket # Vendor

765568 Add support for Huawei AR550E router/switch

FortiNAC 9.4.4 Release Notes 66

Fortinet Inc.
Device Support

Ticket # Vendor

765569 Add support for DIGI cellular routers

779607 Add Device support from set mapping emails (2 models)

781634 Add Device support from set mapping emails (Huawei S5700-52P-LI-AC)

787686 S5735-L48T4S-A1 Huawei Versatile Routing Platform Software VRP (R)

software
CBS350-48P-4X 48-Port Gigabit PoE Stackable Managed Switch with 10G
Uplinks
CBS350-48P-4G 48-Port Gigabit PoE Managed Switch
CBS350-8P-E-2G 8-Port Gigabit PoE Managed Switch
CBS350-24T-4X 24-Port Gigabit Stackable Managed Switch with 10G
Uplinks
Linux Lethe 2.6.18-92cpx86_64 1 SMP Mon Oct 8 10:34:42 IDT 2018 x86_
64
Juniper Networks, Inc. srx380-poe-ac internet router, kernel JUNOS
20.4R3-S1.3
S5735-L8P4S-A1 Huawei Versatile Routing Platform Software VRP (R)
software
Fortigate fwf51E
Quidway S9712 Huawei Versatile Routing Platform Software VRP (R)
Software
Brocade Communications Systems, Inc. FastIron SX 1600
CCB 1st Sessions Court FS108F Meraki MR36H Cloud Managed AP

789282 Add support for Extreme Campus Controller WLC

792686 Huawei AR129CGVW-L Huawei Versatile Routing Platform Software VRP

(R) software
Cisco NX-OS(tm) nxos.9.3.7.bin, Software (nxos)
Juniper Networks, Inc. ex4400-24p Ethernet Switch, kernel JUNOS
21.1R1.11
Aruba R8N85A 6000 48G CL4 4SFP Swch PL.10.09.1000
Aruba Instant On 1930 8G 2SFP Switch JL680A, InstantOn_1930_1.0.5.0
(139)
IE1000 Industrial Ethernet Switch, Version: 1.7.0#2018-05-
02T18:19:37+00:00

796633 fortigate
Cisco IOS Software, C1000 Software (C1000-UNIVERSALK9-M), Version
15.2(7)E4
Aruba R8N87A 6000 24G CL4 4SFP Swch PL.10.08.1010
Meraki MS355-48X2 Cloud Managed Switch
Dell EMC Networking OS10 Enterprise.S5224F-ON

FortiNAC 9.4.4 Release Notes 67

Fortinet Inc.
Device Support

Ticket # Vendor

801676 HPE Comware Platform Software, Software Version 7.1.070, Release 6327
SG350XG-24F 24-Port 10G SFP+ Stackable Managed Switch
SG300-28SFP 28-Port Gigabit Managed SFP Switch
Linux PA-Mac-Ops-BCKPF-S 4.14.76-release-1.3.0 1 SMP
Aruba JL725A 6200F 24G CL4 4SFP+370W Swch ML.10.09.1000
Cisco IOS Software [Cupertino], ISR Software (ARMV8EL_LINUX_IOSD-
UNIVERSALK9-M), Version 17.7.1a
Cisco Sx220 Series Switch Software, Version 1.1.3.1
CBS350-24P-4G 24-Port Gigabit PoE Managed Switch
Firewall OCI Unimedsc
Palo Alto Networks VM-Series firewall
Canton-Firewall

783982 S5720-12TP-LI-AC
S5720-36PC-EI-AC
S5720S-52P-SI-AC
S5700-10P-PWR-LI-AC

786422 ArubaOS (MODEL: 565), Version 8.7.1.8-8.7.1.8

790006 Netgear S4300 and S3300 Switches

792592 FortiFone X80

566257 Support for Huawei AC6605 wireless controller

System Update Settings

Field Definition

Host Set to fnac-updates.fortinet.net

Auto-Definition Directory Keep the current value.

Product Distribution Set to Version_9_4

Directory

Agent Distribution Keep the current value.

Directory

User Set to updates (in lowercase)

Password Keep the current value.

Protocol Set to desired protocol (FTP, PFTP, HTTP, HTTPS)

FortiNAC 9.4.4 Release Notes 68

Fortinet Inc.
Device Support

Field Definition

Note: SFTP has been deprecated and connections will fail using this option.
SFTP will be removed from the drop down menu in a later release.

FortiNAC 9.4.4 Release Notes 69

Fortinet Inc.
End of Support/End of Life

End of Support/End of Life

Fortinet is committed to providing periodic maintenance releases for the current generally available version of
FortiNAC. From time to time, Fortinet may find it necessary to discontinue products and services for a number of
reasons, including product line enhancements and upgrades. When a product approaches its end of support
(EOS) or end of life (EOL), we are committed to communicating that information to our customers as soon as
possible

End of Support

Agent

Versions 2.x and below of the Fortinet Agent will no longer be supported. FortiNAC may allow the agent to
communicate but functionality will be disabled in future versions. Please upgrade to either the Safe Harbor or
latest release of the Fortinet Agent at your earliest convenience.
Fortinet Mobile Agent for iOS will no longer be supported. It will be completely removed in a future version.
EasyConnect features are not affected as they do not require an agent on iOS.

Software

When a code series has been announced End of Support, no further maintenance releases are planned.
Customer specific fixes will still be done.

Hardware

Physical appliance hardware reaches end-of-support when the maintenance contract is non-renewed, or at the
end of year 4 (48 months beyond purchase date), whichever is first.

Appliance Operating System

Fortinet relies on the CentOS organization to publish periodic bug fixes and security updates for the CentOS
Distribution.

CentOS 5

Effective March 31, 2017, CentOS will no longer provide updates for CentOS 5. Any vulnerabilities found with
CentOS 5 after March 31st will not be addressed. FortiNAC software releases will continue to be supported on
CentOS 5 through December 31, 2018.

FortiNAC 9.4.4 Release Notes 70

Fortinet Inc.
End of Support/End of Life

As of 2016 Fortinet’s appliances are based on the CentOS 7 Linux distribution. New appliance migration options
are available for customers with CentOS 5 appliances who require operating system vulnerability patches,
maintenance updates and new features available on CentOS 7.

CentOS 7

Effective June 30 2024, CentOS will no longer provide updates for CentOS 7. Any vulnerabilities found with
CentOS 7 after June 30th will not be addressed.
FortiNAC and Analytics software releases will continue to be supported on CentOS 7 through December 31
2026 or end of product life (whichever comes first). See Product Life Cycle chart for details.
(https://support.fortinet.com/Information/ProductLifeCycle.aspx)

End of Life

Software

When a code series has been announced End of Life, no further maintenance releases are planned. In addition,
customer specific fixes will not be done. If experiencing problems with a version of FortiNAC in the code series,
you would be required to update before any issues can be addressed.
With the release of FortiNAC Version 8.5.0, Fortinet announced the End-Of-Life for FortiNAC 8.1. Existing
customers under maintenance are strongly encouraged to upgrade to the current Safe Harbor release.
Considerations are as follows:
l FortiNAC Versions 7.0 and higher are not supported on appliances running firm‐ ware Version 2.X (SUSE)
because of the limitations of this operating system and the hard‐ware on which it is installed. Please
contact your sales representative for hardware upgrade options.
l If you attempt to install FortiNAC Versions 7.0 and higher on an unsupported Operating System and
hardware combination, the install process displays the following message: “This release is not supported
on 1U SUSE‐Linux appliances (firmware 2.x). The install process will exit now. Please contact Fortinet at:
+1 866.990.3799 or +1 603.228.5300”
l On July 13, 2010 Microsoft ended support for Windows 2000 and Windows 2000 Server. These Operating
Systems will be removed from the list of options in the Scan Policy Configuration screens in a future
release.

FortiNAC 9.4.4 Release Notes 71

Fortinet Inc.
Numbering Conventions

Numbering Conventions

Fortinet is using the following version number format:

<First Number>.<Second Number>.<Third Number>.<Fourth Number>
Example: 8.0.6.15
l First Number = major version
l Second Number = minor version
l Third Number = maintenance version
l Fourth Number = build version

l Release Notes pertain to a certain version of the product. Release Notes are revised as needed. The Rev
letter increments accordingly. For example, updating the Release Notes from Rev C to Rev D indicates
changes in the Release notes only -- no changes were made to the product.
l The next number represents the version in which a Known Anomaly was added to the release notes (for
example, V8.0).

FortiNAC 9.4.4 Release Notes 72

Fortinet Inc.
Copyright© 2023 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the
U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be
trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and
other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding
commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s
General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such
event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be
limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or
development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and
guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable.