Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGuard
- FortiGuest
- FortiGate Cloud
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDRCloud
- FortiNDR (on-premise)
- FortiPhish
- FortiPAM
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiTester
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiVoice
- FortiWAN
- FortiToken
- FortiWeb
- Wireless Controller
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- FAC 2.2.0
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FAC 2.2.0
When will the release notes be released ?
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
looking for the same.
i' d like to get rid off my interim build.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
what are your experience with FAC?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Overall good,
But there are still room for improvements, like setting up backup connections to more than one Domain Controller.
Then there is nasty bug with Tokens, after a while the FAC will loose the connection to FortiGuard servers, and this will fill the log and you cant activate tokens or change them, a reboot is required and then its good for a few more hours.
They said it should be fixed in the next release, thats why I like to have a look at the release notes.
Whats your experience ?
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
it does it' s job for a challenging price
i already saw a lot of improvements from 2.0 to 2.1 (with 2.0 i was not able to implement some scenarios i had). 2.1 works for me, but has some bugs
It does not handle special characters well:
-à éöÜ etc break for example the LDAP sync.
-User login fails when the first character in a password is a space.
GUI Display does not show all fields in IE when accessing the box by IP or Hostname. Only with FQDN everything is displayed.
with Chrome and FF all fields are visible.
A design flaw: You cannot directly mix " remote" users with FAC " local" users in a group. (However there is a workaround syncing the Local user from localhost into the remote ldap group).
Change management: They do not mention majorchanges in the release notes.
The local LDAP Server has changed from 2.1 to my interim build that breaked the sync. (I wasn' t able to sync from localhost, I had to use the public IP afterwards, plus a BIND user (with localhost anonymous bind was possible).
difficult troubleshooting: The log messages say not much about the real reason.
for example:
" Message Failed to sync remote users with “AD-Server†(yy.xx.zzz.abc:qqq): value too long for type character varying(25)"
well, what is to long? Group Name? Number of users? User name?
with the interim i have sudden reboots... well, it' s an interim :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see, thanks for sharing.
I also noticed that usernames are case-sensitives :(
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The release notes are ready, I am looking into why they were not uploaded to the support site with the release. In the mean time....
The following is a list of enhancements in FortiAuthenticator v2.0 MR2:
• Remote user authentication for MSCHAP2 PEAP in Active Directory environments
Support wireless user authentication via PEAP using MSCHAP2 when the user is a remote (LDAP) user account. FortiAuthenticator is now able to bind to the AD domain in order to validate the MSCHAP2 password hash.
• Import tokens from FortiGate configuration
Once activated, the FortiToken seed is removed from the FortiGuard Database. In order to simplify migration from FortiGate installations, FortiAuthenticator can import the FortiToken serial number and seed information from a FortiGate configuration backup.
• Export configuration data
Export user details to a CSV file for import into a second FortiAuthenticator system.
• Adjust token drifts for time change
New feature to simplify recovery following an out of scope system time change. For example, when the system and tokens have been initialized prior to setting the NTP server.
• Strip realm information from the RADIUS account
Added the ability to remove realm information from RADIUS accounting packets.
• Remote LDAP admin authentication
Added remote LDAP user support for FortiAuthenticator administration.
• Manual FSSO users logout
Enable users to be manually de-authenticated via Monitor > SSO > SSO Users.
The issues resolved in this release includes (but is not limited to):
191806 LDAP user synchronization repeats on each attempt when the DN contains
non-ascii characters.
196094 Administrative users can edit/disable super_admin user accounts regardless of the admin level.
196728 Authenticating users in Active Directory via DN breaks on OU change.
199427, 199069 Issues importing and synchronizing users if the user DN contains extended character sets.
202036, 202167 Socket error triggers an unable to resolve server domain name:
directregistration.fortinet.com error log yet DNS functions correctly.
203662 Username is not included in the raw log download.
167779 Case sensitive usernames
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Carl !
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Carl.
thinking about Carl' s response, I become aware that also the Fortinet TAC was very responsive to our requests. we got the interim in a very short time.
the FAC seems to have some priorities inside Fortinet. (or they already knew about the bug and were coding earlier :))
another point from the release notes catched my attention:
Remote user authentication for MSCHAP2 PEAP in Active Directory environments
Support wireless user authentication via PEAP using MSCHAP2 when the user is a remote (LDAP) user account. FortiAuthenticator is now able to bind to the AD domain in order to validate the MSCHAP2 password hash.
-> i was trying to 802.1x authenticate WLAN clients against AD. this might be a missing piece:
my problem was that I' ve been able to authenticate " user" accounts before, but not " computer" accounts.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just upgraded from 2.0.0 to 2.2.0 and the upgrade went smooth, however after a few minutes I received this in the log, any importance ?
82556 Fri Apr 26 12:15:07 2013 error Event System 30906 Failed to send registration update (code = -11)
82555 Fri Apr 26 12:15:07 2013 error Event System 30907 FGD SMS: unable to connect to server
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
9,086 -
FortiClient
1,834 -
5.2
801 -
FortiManager
781 -
5.4
639 -
FortiAnalyzer
583 -
FortiSwitch
497 -
FortiAP
488 -
FortiClient EMS
455 -
6.0
416 -
5.6
362 -
FortiMail
328 -
SSL-VPN
268 -
6.2
251 -
IPsec
240 -
FortiAuthenticator v5.5
234 -
FortiWeb
218 -
FortiNAC
210 -
5.0
196 -
FortiGuard
145 -
SD-WAN
129 -
6.4
128 -
FortiAuthenticator
122 -
FortiGateCloud
103 -
FortiCloud Products
101 -
FortiSIEM
99 -
FortiToken
93 -
Firewall policy
93 -
Wireless Controller
82 -
Customer Service
81 -
FortiProxy
69 -
High Availability
66 -
4.0MR3
64 -
Fortivoice
59 -
FortiEDR
57 -
FortiADC
55 -
VLAN
54 -
ZTNA
53 -
Routing
51 -
DNS
51 -
FortiSandbox
46 -
FortiExtender
46 -
BGP
45 -
LDAP
45 -
SAML
43 -
FortiDNS
42 -
RADIUS
42 -
Authentication
41 -
SSO
41 -
NAT
41 -
Certificate
38 -
FortiGate v5.4
35 -
FortiGate-VM
34 -
FortiSwitch v6.4
34 -
VDOM
33 -
FortiConnect
32 -
Interface
32 -
FortiLink
32 -
Application control
32 -
Virtual IP
28 -
FortiWAN
27 -
Logging
27 -
Web profile
27 -
FortiConverter
26 -
FortiGate v5.2
24 -
FortiPAM
23 -
SSL SSH inspection
23 -
FortiPortal
21 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
Traffic shaping
19 -
FortiMonitor
18 -
SSID
18 -
snmp
17 -
Automation
17 -
Static route
17 -
OSPF
16 -
WAN optimization
16 -
FortiDDoS
15 -
System settings
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
FortiCASB
14 -
Security profile
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
Admin
13 -
Proxy policy
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
IPS signature
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
Traffic shaping policy
10 -
FortiAP profile
10 -
Intrusion prevention
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Port policy
9 -
FortiDeceptor
8 -
FortiCache
8 -
Explicit proxy
8 -
RMA Information and Announcements
8 -
DNS filter
8 -
Fortinet Engage Partner Program
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
API
7 -
trunk
7 -
Antivirus profile
7 -
Traffic shaping profile
7 -
Fabric connector
7 -
Web rating
7 -
FortiToken Cloud
6 -
Packet capture
6 -
Users
6 -
FortiCarrier
5 -
FortiScan
5 -
FortiTester
5 -
Application signature
5 -
Authentication rule and scheme
5 -
Email filter profile
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
NAC policy
4 -
DLP sensor
4 -
Netflow
4 -
Protocol option
4 -
TACACS
4 -
Replacement messages
4 -
Service
4 -
Multicast routing
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
SDN connector
3 -
VoIP profile
3 -
Multicast policy
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Zone
2 -
Vulnerability Management
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1828 | |
| 1126 | |
| 769 | |
| 447 | |
| 243 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.