Resolved Issues
The following issues have been fixed in 7.0.0. For inquires about a particular bug, please contact Customer Service & Support.
AP Manager
Bug ID | Description |
---|---|
590098 | When adding a new WTP profile, FortiManager tries to set a default handoff-sta-thresh and unset radio bands, which do not match the defaults for many of the E-series APs. |
593168 | DFS channel list in WiFi template is inconsistent between FortiManager and FortiGate. |
635643 |
5G channels be mismatch between FortiManager and FortiGate for radio-1 and radio-2 with FAP-231E. |
648812 |
DHCP server is created incorrectly for Bridge SSID. |
667215 | FortiManager should be able to classify Rogue FortiAPs. |
669906 | FortiManager may not be able to install mpsk-key from AP Manager. |
679115 | An available interface cannot be selected when authorizing FortiExtender. |
692911 | FortiManager may not be able to display correct information for wireless radio in wireless profile for FortiWiFi-80F-2R. |
Device Manager
Bug ID |
Description |
---|---|
485037 | Monitor > map view may fail if proxy is enabled. |
594211 | FortiManager should be able to create new VLAN interface on fabric interface and install to FortiGate. |
604855 | CLI Template should not prevent
the lan interface from being deleted once all the dependencies
have been removed. |
609744 | Device Manager > System > Interface may not be able to delete SSID interface. |
610134 | FortiManager may not be able to save the admin setting page. |
610585 | Device Manager cannot save DHCP for Unknown MAC address with action sets to block. |
616387 | Device configuration dashboard cannot update hostname or VDOM. |
624325 | Creating or editing transparent VDOM to disable may stall at 20%. |
627664 | FortiManager cannot cooperate with socket-size 0 and changes it to 1 automatically. |
636012 | Importing a policy may report conflict for the default SSH CA certificates. |
643845 | After auto link, FortiGate HA cluster members have the same hostname. |
645086 | Policy Lookup shows an error even though the device is in sync. |
646421 | FortiManager may not be able to configure VDOM property resources setting. |
649785 | SD-WAN > Monitor may hang for an ADOM with 1500 devices. |
649821 | Installation may fail for FortiGate-600D. |
654611 | Under Advanced mode and within a VDOM, clicking "Device Manager" on the top menu returns the no permission error. |
655264 | VDOM count is not correct when vdom-mode split-vdom is configured on FortiGate with VM0xV license. |
656433 | FortiManager device delete process may hang . |
657988 | FortiManager may lose connection and fail to install after FortiGate HA switching roll. |
659387 | FortiManager should be able to provision CLI-template, SD-WAN-template, and Policy Package together to the model device. |
662243 | FortiManager is unable to clone SNMP Community under System Templates. |
662656 | When importing polices that contain policy block or global policy,the import wizard should provide a warning that those polices will not be imported. |
665344 | Users with full R/W DVM privileges should be allowed to see and modify the System Provisioning Templates. |
666833 | GUI returns no warning when 4-byte AS or invalid community is configured on Standard community. |
667826 | Device Manager may show "No entry found" with rtmmond and the security console crashes. |
669129 | FortiManager does not create dynamic mapping for an address group causing import failure. |
669155 | SD-WAN monitor hangs at loading when the admin profile is set to Read-Only for SD-WAN. |
669704 | FortiManager does not allow user to configure FortiGate admin password longer than 32 characters. |
670535 | Install fails when creating a new DHCP reservation due to missing MAC address. |
670839 | FortiManager should be able to configure IPSec Phase2 selector using the same IP range. |
671348 | FortiManager should allow more than ten incoming source interfaces for policy routing decision. |
672319 | View Config, View Install Log , and Revision Diff in Workspace mode should not be greyed out when the ADOM is unlocked. |
672338 | FortiManager may unset interface weight in SD-WAN when installing within 6.0 ADOM. |
673008 | SD-WAN Rules order changes to the default when creating a rule and moving it to the top. |
673641 | When creating a policy, all the vwpare names are shown and not only the names from the installation target. |
674282 | FortiManager sends unset entry-id if the FortiGate implements NAC access-mode at FortiSwitch switchport level. |
674938 | FortiManager should add support for set use-shortcut-sla option in SD-WAN rules. |
676002 | FortiManager is not allowing to re-install policy when user selects all devices with VDOMs from Device Manager. |
677241 | Interface speed is set incorrectly on the port group due to missing aggregate membership verification. |
678066 | Install may fail when changing FortiGate admin password from FortiManager. |
680516 | Host Name is truncated when the name has more than 31 characters. |
681627 | FortiManager is accepting DNS source IP even though it is not part of the available interfaces. |
684372 | When using VDOMs, the Policy Package status remains in modified status after using Push to device. |
684462 | FortiManager truncates the device configuration when downloading from View configuration option. |
688541 | FortiManager should not unset dynamic-vlan of wireless-controller VAP and gateway of router settings after import. |
689014 | FortiManager may return an error when changing FortiGate device log configuration from FortiManager with management VDOM moved to another VDOM. |
689920 | FortiWeb serial number may not be correctly recognized and firmware version is not available in the Add device wizard. |
690012 | Changing the value of a meta-data field for a device should trigger the change with configuration status. |
690241 | FortiManager may fail to auto-link with FortiGate with the error: Failed to update device management data 'invalid value - devmgmtdatafailed|invalid value. |
690566 | Changes to the Disclaimer Page may not be saved and displays an error. |
692669 | Browser may display a message, A webpage is slowing down your browser, while checking revision difference. |
693622 | There may be inconsistent behavior between FortiGate and FortiManager when changing port speeds for FortiGate-3600E or FortiGate-3601E. |
696136 | Auto-link may fail due to the input device in SD-WAN. |
696496 | Auto-link may fail when Workspace is enabled. |
696848 | Users may not be able to retrieve configuration or import policy from managed devices and dvmcore crashes frequently. |
697098 | Retrieving HA configuration may fail when adding FortiGate. |
697535 | Device Manager should not allow
user to add ssl.root to a zone. |
697746 | FortiManager needs to support adding FortiAnalyzer devices with serial numbers that have a prefix of FAVMXX. |
697924 | When there are many devices, all managed FortiGates may show connection down state. |
698625 | FortiManager may not be able to view, add, or edit software switch members. |
698709 | When importing policies, firewall policies may not be loaded. |
699182 | FortiManager may fail to add FortiGate-101F as model device. |
699450 | The SDWAN monitor is showing historical traffic for an interface when it is Down in the defined time period. |
701446 | SD-WAN monitor may take several minutes to display a map if the device tunnel is flapping. |
702555 | FortiManager may lose device admin user and geo-location information during the onboard process for a model device. |
702590 | The System template may stop being displayed on the Devices & Groups page. |
704197 | FortiManager may fail to create a FortiSwitch in a 6.0 ADOM. |
704789 | SD-WAN monitor is missing Health Check Status information and probes. |
705547 | Route monitor may shows incorrect interface information. |
710616 | FortiManager may not be able to set a HTTPS or SHH Port to value higher than 63335 under Provisioning Templates. |
711034 | There may be to displaying Meta Fields data when creating or editing a Device Group. |
Fabric View
Bug ID | Description |
---|---|
554251 | A user may not be able to see the fabric topology of devices in the user's assigned ADOM. |
FortiSwitch Manager
Bug ID | Description |
---|---|
650453 | FortiSwitch template and VLAN shall appear for firewall policy creation. |
667703 | After adding a FortiSwitch, running a script to provision may fail. |
678804 | FortiSwitch template is not working as expected in switchport NAC access-mode. |
690995 |
FortiSwitch Manager should not install the auto-detected setting to FortiGate. |
700023 | Install may fail with
switch-controller managed-switch:poe-pre-standard-detection after upgrade. |
700136 | In FortiSwitch Manager, the Map to Normalized interface menu always displays none when editing a VLAN. |
706953 | A maximum of one device entry can be found in Device Information column under FortiSwitch port. |
707909 | Template may be removed, and FortiLink interface and Comments fields may be empty. |
708901 | The assigned FortiSwitch template name that has more than sixteen characters may fail ADOM integrity check. |
Global ADOM
Bug ID |
Description |
---|---|
632400 | When installing a global policy, FortiManager may delete policy routes and settings on an ADOM. |
662216 |
Searching for Where Used in a Global ADOM may not show object usage in an ADOM. |
667423 | Assigned header policy from the global ADOM shows up on excluded policy package. |
670280 | Promoting the Profile Group object should not promote the default Protocol option. |
689965 |
Replacement message type UTM is not being pushed from global ADOM to local ADOM. |
Others
Bug ID | Description |
---|---|
649399 | After upgrade, install may fail if a FortiGate was assigned to a system template. |
656956 | There may be crashes with rtmmond when FortiWLM is enabled. |
659916 | FortiManager may consume high memory usage by the svc sys daemon. |
661069 | ADOM restricted access user is able to pull Device Manager information from ADOMs via JSON API. |
665617 | FortiManager may consume high CPU resource when locking ADOM or loading policy. |
667421 | FortiManager may report repeated miglogd crashes which causes lost logs. |
667442 | FortiManager may not be able to connect to FortiGate CLI via SSH widget or execute TCL scripts. |
670479 | FortiManager configuration file size may be large due to a bulk of resync files. |
671444 | FortiManager may fail to check-in configuration revision with the HA secondary unit. |
673210 | When checking unused policy, implicit policy information is not included. |
681707 | The diagnose cdb upgrade check +all command may unset defmap-intf. |
682404 |
The rtmmond process memory usage may constantly increasing. |
683841 |
FortiManager databases may randomly lose integrity. |
686460 | ADOM integrity check may run slowly and it takes several minutes to response for each ADOM. |
687155 |
FortiManager should improve the error message for running CLI Template. |
690969 | The dmworker process may consume high memory and CPU resources with failures due to busy handler. |
691568 | FortiManager GUI may randomly becomes non responsive. |
695549 | The _created timestamp is missing
in the REST API return data for Policy. |
695782 |
Connection to FortiGate may fail with multiple |
697132 | In some circumstances, FortiManager is not accessible unless the device is rebooted every couple of days. |
Policy and Objects
Bug ID |
Description |
---|---|
494367 | Users cannot search for an address in a policy where the address is a part of a nested group. |
523350 | FortiManager does not show the default certificate under SSL/SSH Inspection within policy. |
547052 | FortiManager GUI should not allow creating Security Profiles without any SSL/SSH Inspection Profile defined. |
565301 | Exporting policy package to Excel may not work. |
587634 | FortiManager may not be able to create new wildcard FQDN type address to FortiGate 6.2. |
601229 | FortiManager is missing device-type option for custom device dynamic mapping. |
608268 | Users may not be able to edit firewall policy due to session-ttl:out of range in v5.6 or v6.0 ADOM. |
612317 | FortiManager shows incorrect country code for Cyprus under User definition. |
615936 | FortiManager is missing the SSH protocol in DLP filter. |
617894 | FortiManager is missing IPV6 none values after modifying policy. |
630431 | Some application and filter overrides are not displayed in the GUI. |
633727 | FortiManager is unable to display summary of policy package diff for a VDOM with a long name. |
647189 | FortiManager dynamic object filter generator is adding an "s" at the end of the tag preventing the object from working. |
651991 | After adding and removing Security Profile, the policy Security Profile changes from no-inspection to empty. |
657026 | GUI hangs during loading when applying changes made to Anti Virus profile. |
658528 | The URL remote category, FortiGuard Threat Feed, is not available in the dropdown menu for Proxy Address. |
660483 | IPS signatures may not match between FortiGate and FortiManager. |
661590 | FortiManager should fail the install with a proper error message without selecting security profile group on proxy policy. |
667414 | FortiManager may freeze when editing the Comment field in a policy package with many policies. |
668649 | Install may hang at 75% when no VLAN interface is configured for fsp managed-switch. |
669389 | Install may fail due to web filter profile in flow mode with setting changes available in proxy mode only. |
670019 | There is no Decrypted Traffic Mirror option in policy when only one port mapping is enabled in Full SSL/SSH Inspection. |
670833 | Search box for address may not always work. |
671265 | Global object assignment may not work. |
671693 | Internet Service Group should show an error or a warning when the direction setting is not the same. |
671985 | Decrypted Traffic Mirror setting is not being removed from policy after it is changed in the SSL Inspection method. |
671988 | FortiManager is not able to push dynamic objects to FortiGate after receiving the configurations from NSXT connector. |
673305 | Policy package install may hang and fail due to high memory usage. |
673311 | Full SSL/SSH Inspection profile's Invalid SSL Certificates setting does not take effect when Inspect All Ports is selected. |
673554 | FortiManager should not allow a policy to set the destination address with a Virtual Server when inspection-mode is set as flow. |
673554 | FortiManager should not allow a policy to set the destination address with a Virtual Server when inspection-mode is set as flow. |
674899 | FortiManager may not be able to edit proxy addresses objects. |
675199 | Local web category override is not installed if web filter is part of policy block package. |
675501 | Policy check may show negative values. |
675509 | FortiManager may randomly set IPv4 IP Pool object to overload. |
675541 | Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile. |
675587 | Firewall VIP hover-over popup should not show ports when port forwarding is disabled. |
677385 | IPS profile may not load. |
678439 | FortiManager may always configure empty application parameter values. |
681342 | Devices are evicted from Installation target after authorizing a new device. |
682370 | Having changed an IPS profile on security profile, the change is not visible when editing the policy again. |
686591 | FortiManager may not be able to add individual VWP interface members to multicast policy. |
688589 | Setting the Local Webfilter Category action to Allow should not disable the action when installed on FortiGate. |
690509 | FortiManager may fail to install ACI-Direct connector to FortiGate due to server-list command. |
692114 | Where Used returns no record found when IPS Custom Signature is being used. |
693763 | Saving address object may return error: firewall/address/organization : The data is invalid for selected url. |
694605 | FortiManager may not be able to push the entire Azure SDN Connector configuration. |
696072 | FortiManager GUI should allow users to configure HTTPS health check monitor including fields such as http-match and http-get in the monitor. |
700743 | Viewing Policy and Objects may be slower after upgrade. |
701290 | FortiManager should not allow users to create a wildcard FQDN address object with non-wildcard FQDN. |
702138 | NGFW security policy Application category Unknown applications is missing on FortiManager while it is present on FortiGate. |
703639 | Installing policy package for a device using CLI template may stall. |
Revision History
Bug ID |
Description |
---|---|
579286 | Installation may fail for FortiGate 6.2 within ADOM 6.0 due to configuration changes with virtual-wan-link member weight and volume-ratio, and internet-service-ctrl. |
637465 | Installation fails when installing global v6.2 IPv4 policy to v6.4 FortiGate. |
642075 | Install may fail with delete metadata-server error. |
657344 | Installing from 6.0 ADOM may try to "unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2. |
657344 |
Installing from 6.0 ADOM may try to unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2. |
660525 | Installing from FortiManager, may unset comment, organization, and subnet-name during install. |
662438 | FortiManager may try to purge all web rating override entries. |
662661 | Default value of global: system npu ip-reassembly:max-timeout NPU setting in ADOM 6.0 for FortiGate-1800F should be changed to 10000 to avoid Conflict status. |
667148 | When a policy install is performed, Install preview shows a lot of firewall policies with metafield changes without any actual change being performed. |
673101 | When set cfg-save manual is configured, FortiManager may try to delete objects that do not exist in the FortiGate configuration. |
673327 | With traffic shaper in Mbps or Gbps, FortiManager should convert it to Kbps if installation target is non 64 bits FortiGate model. |
677659 | FortiManager may fail to retrieve device configuration on web category with log threat-weight. |
679139 | When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios. |
683728 | Installation fail due to VIP mapped IP range error when installing v6.2 policy package to v6.4 device. |
686036 | FortiManager may remove Allow Access configurations for secondary IP when a policy package is installed. |
689270 |
The following attributes under configs vpn ssl setting may have an invalid range: login-attempt-limit, login-block-time, http-request-header-timeout, http-request-body-timeout and router bgp keep-alive-timer. |
691240 | FortiManager should not unset the value forward-error-correction with certain FortiGate platforms. |
691835 |
FortiManager should be able to move one VLAN to a different zone without deleting many rules or zones. |
693231 | FortiManager tries to purge webfilter ftgd-local-rating when directly referenced in URL Category of a policy. |
698350 | Install may fail with error: [VPN manager ] failed to update vpn node with device info. |
700495 | FortiManager 6.2 ADOM may be
sending set synproxy to FortiGate-1801F. |
701870 | Process may get stuck at 85% when pushing multiple policy packages from Global ADOM. |
709456 | FortiManager may be missing configuration revisions after performing HA failover. |
688474 |
FortiManager may fail to retrieve FortiGate configuration when adding a device due to invalid data source with wtp-profile. |
Script
Bug ID |
Description |
---|---|
663820 | The LDAP port value remains 636 on device database and FortiManager is not accepting custom port number via CLI script. |
668947 | Changes using CLI Script may not be applied to devices in the container or folder. |
671998 |
TCL scripts may not work when ssh-kex-sha1 and ssh-mac-weak are not enabled on FortiGate. |
702576 |
Objects may not be present on the corresponding device configuration after running a script to rename objects. |
Services
Bug ID | Description |
---|---|
644021 | FortiManager should be able to use custom certificate for the update related services. |
644173 | FortiManager should improve FortiGuard disk space quota usage logging and inquiry. |
671387 | FortiManager installs the latest IPS and application control signatures on managed device despite that To Be Deployed Version is configured. |
673307 | FortiManager may return invalid license to FortiMail and cause AntiSpam license to expire. |
674511 | FortiManager should count FMG expired device number. |
677875 | Scheduling firmware upgrades may cause fds_svrd to consume 100% CPU resource. |
691738 | FortiManager may not be able to connect to FDS server via IPv6 proxy. |
694903 | There may be issues with some firmware upgrade paths. |
699768 | FortiManager should add 06002000NIDS02504 extend IPS database to default download list. |
701341 | FortiGuard Firmware Images may not show up-to-date FortiOS versions. |
704584 | FAP firmware may not be listed and cannot be imported. |
System Settings
Bug ID |
Description |
---|---|
553488 | TACACS is unable to assign multiple ADOMs to admins. |
598194 |
FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication. |
623457 | FortiManager prompts error while importing CA certificate. |
631733 | Changing trusted IP can be saved and installed. |
642205 | While FortiAnalyzer model is disabled, FortiManager may fail to create an ADOM due to over size with disk quota. |
654370 | Users may not be able to access Java console with an error message: Too many concurrent connections. |
660226 | HA may crash when upgrading. |
662970 | Firewall addresses may not be not visible on GUI after upgrading FortiManager. |
667445 | FortiManager may show errors on dynamic_mapping.local-int during upgrade. |
674661 | After upgrade, FortiGate VDOM that contains FortiToken user cannot be managed anymore and policy install generates an error. |
677118 | Upgrading ADOM from 6.2 to 6.4 may fail due to replacement message. |
677461 | FortiManager is not able to identify ADOMs that are locked by non super user administrators. |
684907 | Changing the FortiGuard Server Location in the License Information dashboard may not take any effect. |
686569 | Creating and deleting the static route may remove a specific connected route. |
687223 | Users may not be able to upgrade an ADOM because of profile-protocol-options. |
688517 | Upgrading an ADOM may fail due to a FortiExtender Object. |
689917 | If a policy is configured with a Proxy Options profile with HTTP Policy Redirect enabled, the ADOM upgrade should enable the related option set http-policy-redirect enable to preserve the HTTP redirect feature. |
690400 | System Admin User ssh-public-key cannot choose ed25519. |
690921 | Upgrading an ADOM from 6.0 to 6.2 should not add custom ssl-ssh-profile to policies which were not configured for SSL inspection. |
695058 | Radius response packets should
not timeout with less of the remoteauthtimeout setting. |
695360 | ADOM upgrade may be slow and it may take several minutes to start. |
699185 | If Management Extension Applications (MEA) are enabled, all system settings may be lost after upgrading FortiManager. |
699253 | Admin profile should not need system level access to view list of time zones in Device Manager. |
704504 | License Information may keep loading for admin user with FortiGuard and System Settings with read-write permissions. |
705762 | Session can be approved twice by different users of the same approval group. |
614127 |
FortiManager should show details in the |
VPN Manager
Bug ID |
Description |
---|---|
596953 | Go to VPN manager > monitor and select a specific community from the tree menu to show only that community's tunnels and the monitor page displays a white screen. |
608221 | There is no XAUTH USER column in VPN Manager Monitor. |
620801 | SSLVPN > Edit SSLVPN Settings > IP Range, only shows configuration from ADOM database objects. |
647394 | VPN Manager with VPN zone feature disabled may trigger policy copy failure. |
653328 | FortiManager is unable to edit a SSL portal in VPN Manager containing "/" special character. |
658221 | The dns-suffix on SSL VPN portal is not installed if web-mode is disabled. |
681110 |
VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate. |
697308 | VPN Manager is setting
dst-name to All when using dst-name object group address in a protected subnet. |
701772 | AP may not show up in AP Manager after running CLI templates. |
704614 |
FortiManager may not be able to push policy package due to VPN related error. |