Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known Issues

The following issues have been identified in 7.0.1. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

673020 Creating SSID interface with central AP Manager automatically generates normalized interface name that has no default mapping configuration.

Device Manager

Bug ID Description
545239 After adding FortiAnalyzer fabric ADOM to FortiManager, Device Manager's Log Status, Log Rate, or Device Storage column cannot get data from FortiAnalyzer.
554241 FortiManager cannot delete and reassign ports to VDOM when split VDOM is enabled.
563690 Device Manager fails to add a FortiAnalyzer which contains a FortiGate HA device with the error: serial number does not match database.
596711 FortiManager CLI Configuration shows incorrect default wildcard value for router access-list.
610568 FortiManager may not follow the order in CLI Script template.
636638 Fabric View may stall at loading.
651560 SD-WAN monitor may get stuck loading when the admin user belongs to device group.
660491 Device Manager system interface should not allow a duplicate secondary IP address.
665207 FortiManager needs IPv6 support on Syslog server setting.

670577

When creating an API admin from a CLI Configuration, the Trusted Host section is missing.

673548 FortiManager may not be able to make any change to the FortiGate interface settings when the interface type is Software Switch.
674904 FortiManager may not be able to import policy with interface binding contradiction on srcintf error.
689721 When changing FortiGuard related settings via CLI Configuration, FortiManager shows changes are reverted back, and it also shows the message: Successfully updated.
696730 FortiManager is unable to promote Secondary FortiGate as Primary in a HA Cluster.
710570 The Any statement is not accepted by FortiManager in the perfix-list configuration.

713714

Legacy device and group schedule firmware upgrade will be ignored. FortiGates are upgraded immediately.

728687 Policy package status may change to Modified on all FortiGate devices when a dynamic address group changes.
729301 A managed FortiGate with assigned CLI template remains in Modified state following a successful device configure installation.
729606 FortiManager should show where a Device Zone is used under Device Manager.

FortiSwitch Manager

Bug ID Description
674539 FortiManager may fail to upgrade two FortiSwitch devices at the same time.

Global ADOM

Bug ID Description
667197 User should not be able to delete a Global object when the ADOM is not locked.

Others

Bug ID

Description

510508 FortiManager cannot assign multiple ADOMs to an admin user via JSON API.
657997 Assigning a device to a system template may not work via JSON when FortiManager is in Workspace mode.
677304 the diagnose command cannot filer download objects by objid.
697361 FortiExtender status may not display correctly.

732144

A CA certificate may be missing from some older FortiManager platforms causing failure to login with FortiCloud SSO.

744766

Unable to retrieve Group/IP address for NSX-T v3.1.2.

 

Policy & Objects

Bug ID Description
538057 The OR" button in column filter may not work.
584288 FortiManager may not be able to load configuration of virtual server on the policy page.
585177 FortiManager is unable to create VIPv6 virtual server objects.
644822 Imported SDN Connector Objects may change to random names.
646329 Policy Check may claim that different IPS profiles are duplicate.
652753 Wen an obsolete internet service is selected, FortiManager may show entries IDs instead of names.
655601 FortiManager may be slow to add or remove a URL entry on Web Filter with a large list.
656991 FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address.
659296 FortiManager may take a lot of time to update Web Filter URL filter list.
666258 A user should not be able to create a firewall policy with an Internet Service with Destination direction in Source using drag and drop.

670061

FortiManager does not report error when an unsupported FQDN address format is created.

682356 FortiManager may not be able to map normalized interface.
688586 Exporting Policy Package to CSV shows certificate-inspection in the ssl-ssh-profile column even when the profile is not in use.
713692 Web Filter Profile install may fail when using pre-defined URL filter.
716114 FortiManager should push changes in ssl-ssh-profile with Untrusted SSL Certificates setting reverted from Block to Allow.
719774 IP reputation for the policies are not working without Source or Destination.
725024 Proxy Policy page shows empty when the View Mode is selected as Interface Pair View.
725427 Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPSEC policy.
731053 FortiManager may miss some Internet Service entries.

Revision History

Bug ID Description
618305 FortiManager changes configuration system csf settings.
635957 Install fails for subnet overlap IP between two interfaces.
672609 After import, FortiManager may prompt a password error to administrator during install.
674094 FortiManager may unset explicit proxy's HTTPS and PAC ports and change the value to 0 instead.
724447 When managing a dual chassis SLBC cluster, install may fail when private data encryption is enabled and cluster was previously failed-over.
728117 After upgrade, install may fail due to set pri-type-max 1000000.
729587 FortiManager may create an already deleted admin account on FortiGate when installing changes for a new VDOM.

Script

Bug ID

Description

630016 A FortiGate user can see scripts from all ADOMs.
679313 Meta variables used in CLI template should work with both Device and Device VDOM types.
729571 TCL script commands run on device no longer show in the script log.

Services

Bug ID Description
725118 FortiManager may not logging FortiGuard connectivity failures.

System Settings

Bug ID Description
616703 GUI CLI Console may not respond.
617601 Sort by Time Used in task monitor may not be correct.
652417 FortiManager HA may go out of synchronization periodically based on the logs.
690926 FortiManager is removing SD-WAN field description upon ADOM upgrading from 6.2 to 6.4.
723447 After ADOM upgrade, install may fail due to wildcard FQDN type firewall address for Microsoft update.
726007 Admin User systematically gets access to Root ADOM in case of RADIUS authentication and "Fortinet-Vdom-Name" VSA not set.
729280 Admin User with no access to management ADOM or VDOM can create a new VDOM from non-management ADOM > VDOM.

VPN Manager

Bug ID

Description

615890 IPSec VPN Authusergrp option Inherit from Policy is missing when setting xauthtype as auto server.
699759 When installing a policy package, per device mapped objects used in SSL VPN cannot be installed.
712633 VPN Manager pushes default dpd-retrycount and dpd-retryinterval, but it cannot display them.
721783 Applying Authentication or Portal Mapping changes may take several minutes.
722924 FortiManager may not be able to edit skip-check-for-unsupported-os enable under SSL portal profile.

Known Issues

The following issues have been identified in 7.0.1. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

673020 Creating SSID interface with central AP Manager automatically generates normalized interface name that has no default mapping configuration.

Device Manager

Bug ID Description
545239 After adding FortiAnalyzer fabric ADOM to FortiManager, Device Manager's Log Status, Log Rate, or Device Storage column cannot get data from FortiAnalyzer.
554241 FortiManager cannot delete and reassign ports to VDOM when split VDOM is enabled.
563690 Device Manager fails to add a FortiAnalyzer which contains a FortiGate HA device with the error: serial number does not match database.
596711 FortiManager CLI Configuration shows incorrect default wildcard value for router access-list.
610568 FortiManager may not follow the order in CLI Script template.
636638 Fabric View may stall at loading.
651560 SD-WAN monitor may get stuck loading when the admin user belongs to device group.
660491 Device Manager system interface should not allow a duplicate secondary IP address.
665207 FortiManager needs IPv6 support on Syslog server setting.

670577

When creating an API admin from a CLI Configuration, the Trusted Host section is missing.

673548 FortiManager may not be able to make any change to the FortiGate interface settings when the interface type is Software Switch.
674904 FortiManager may not be able to import policy with interface binding contradiction on srcintf error.
689721 When changing FortiGuard related settings via CLI Configuration, FortiManager shows changes are reverted back, and it also shows the message: Successfully updated.
696730 FortiManager is unable to promote Secondary FortiGate as Primary in a HA Cluster.
710570 The Any statement is not accepted by FortiManager in the perfix-list configuration.

713714

Legacy device and group schedule firmware upgrade will be ignored. FortiGates are upgraded immediately.

728687 Policy package status may change to Modified on all FortiGate devices when a dynamic address group changes.
729301 A managed FortiGate with assigned CLI template remains in Modified state following a successful device configure installation.
729606 FortiManager should show where a Device Zone is used under Device Manager.

FortiSwitch Manager

Bug ID Description
674539 FortiManager may fail to upgrade two FortiSwitch devices at the same time.

Global ADOM

Bug ID Description
667197 User should not be able to delete a Global object when the ADOM is not locked.

Others

Bug ID

Description

510508 FortiManager cannot assign multiple ADOMs to an admin user via JSON API.
657997 Assigning a device to a system template may not work via JSON when FortiManager is in Workspace mode.
677304 the diagnose command cannot filer download objects by objid.
697361 FortiExtender status may not display correctly.

732144

A CA certificate may be missing from some older FortiManager platforms causing failure to login with FortiCloud SSO.

744766

Unable to retrieve Group/IP address for NSX-T v3.1.2.

 

Policy & Objects

Bug ID Description
538057 The OR" button in column filter may not work.
584288 FortiManager may not be able to load configuration of virtual server on the policy page.
585177 FortiManager is unable to create VIPv6 virtual server objects.
644822 Imported SDN Connector Objects may change to random names.
646329 Policy Check may claim that different IPS profiles are duplicate.
652753 Wen an obsolete internet service is selected, FortiManager may show entries IDs instead of names.
655601 FortiManager may be slow to add or remove a URL entry on Web Filter with a large list.
656991 FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address.
659296 FortiManager may take a lot of time to update Web Filter URL filter list.
666258 A user should not be able to create a firewall policy with an Internet Service with Destination direction in Source using drag and drop.

670061

FortiManager does not report error when an unsupported FQDN address format is created.

682356 FortiManager may not be able to map normalized interface.
688586 Exporting Policy Package to CSV shows certificate-inspection in the ssl-ssh-profile column even when the profile is not in use.
713692 Web Filter Profile install may fail when using pre-defined URL filter.
716114 FortiManager should push changes in ssl-ssh-profile with Untrusted SSL Certificates setting reverted from Block to Allow.
719774 IP reputation for the policies are not working without Source or Destination.
725024 Proxy Policy page shows empty when the View Mode is selected as Interface Pair View.
725427 Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPSEC policy.
731053 FortiManager may miss some Internet Service entries.

Revision History

Bug ID Description
618305 FortiManager changes configuration system csf settings.
635957 Install fails for subnet overlap IP between two interfaces.
672609 After import, FortiManager may prompt a password error to administrator during install.
674094 FortiManager may unset explicit proxy's HTTPS and PAC ports and change the value to 0 instead.
724447 When managing a dual chassis SLBC cluster, install may fail when private data encryption is enabled and cluster was previously failed-over.
728117 After upgrade, install may fail due to set pri-type-max 1000000.
729587 FortiManager may create an already deleted admin account on FortiGate when installing changes for a new VDOM.

Script

Bug ID

Description

630016 A FortiGate user can see scripts from all ADOMs.
679313 Meta variables used in CLI template should work with both Device and Device VDOM types.
729571 TCL script commands run on device no longer show in the script log.

Services

Bug ID Description
725118 FortiManager may not logging FortiGuard connectivity failures.

System Settings

Bug ID Description
616703 GUI CLI Console may not respond.
617601 Sort by Time Used in task monitor may not be correct.
652417 FortiManager HA may go out of synchronization periodically based on the logs.
690926 FortiManager is removing SD-WAN field description upon ADOM upgrading from 6.2 to 6.4.
723447 After ADOM upgrade, install may fail due to wildcard FQDN type firewall address for Microsoft update.
726007 Admin User systematically gets access to Root ADOM in case of RADIUS authentication and "Fortinet-Vdom-Name" VSA not set.
729280 Admin User with no access to management ADOM or VDOM can create a new VDOM from non-management ADOM > VDOM.

VPN Manager

Bug ID

Description

615890 IPSec VPN Authusergrp option Inherit from Policy is missing when setting xauthtype as auto server.
699759 When installing a policy package, per device mapped objects used in SSL VPN cannot be installed.
712633 VPN Manager pushes default dpd-retrycount and dpd-retryinterval, but it cannot display them.
721783 Applying Authentication or Portal Mapping changes may take several minutes.
722924 FortiManager may not be able to edit skip-check-for-unsupported-os enable under SSL portal profile.