Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 7.0.1. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
513324 Users should be able to delete multiple APs in AP Manager.
674636 SSID may be empty in the AP Manager> WiFi Profiles> SSID column.

677419

FortiManager may show installation error on dual-5G radio band while pushing wireless-controller configuration.

689325

FortiManager may not be able to configure Channel 13 for Germany AP profile.

698004 When installing to a 6.4 FortiGate device from a 6.2 ADOM, there may be issue with set vap-all manual within the AP Profile.
706233 FortiManager may not detect changes in AP Manager > SSID > Pre-shared Key Password and display the message No record found.
712669 FortiManager may set darrp as enable when the Radio mode is set to monitor causing the installation to fail.
716135 There may be verification error when trying to install FortiAP with 2.4GHZ Radio 1 channel disabled.

Device Manager

Bug ID Description
521976 Users may not be able to enable CSV format within a system template.
603820 FortiManager fails to import a policy when reputation-minimum and reputation-direction are set.
615044 Configuration status may be shown modified after adding FortiGate to FortiManager.
640907 FortiManager is unable to configure FortiSwitch port mirroring.
649260 Device Manager may return an error when deleting VPN phase1.
664120 When FortiGate HA secondary unit is down, action is displayed as promote in Device Manager.
672344 If a managed FortiAnalyzer is in HA, setting Send Logs to "Managed FortiAnalyzer" in the system template may cause an install error.
690493 License check setting may not be saved.
692200 FortiManager may return conflict after a zero-touch-provisioning cluster deployment.
694713 When Workspace mode is enabled, the SD-WAN template may sporadically disappear.
696576 The available Explicit FTP proxy certificates are not consistent with the ones available in the FortiGate.
697596 Advanced Options is not displayed when creating a new interface.
701348 Once VRPP instance is created, the user should be able to edit or delete it.
702906 DHCP Relay Service may not be deleted when it is configured on VLAN interface.
708937 FortiManager may randomly update the geographical coordinates of a FortiGate device.
709214 System template should allow source interface to be selected when Specify is activated as interface-select-method.
709302 SD-WAN monitor search function on the table view does not actually search but highlight.
711005 Under backup ADOM, FortiManager should hide the selection for Provisioning Templates and Policy Packages in add device wizard, device dashboard, and device edit page.
711713 DHCP relay is displayed as DHCP server when Workspace is unlocked.
711888 FortiManager is not retrieving and saving the vdom-exception configuration.
713267 Searching for FortiGate name when editing a device group should display FortiGate device name with all the VDOMs.
714036 SD-WAN widget cannot be loaded when a rule uses a specific SLA target.
714208 Device Manager may not be able to save scan-botnet-connections option in interface settings page.
714710 Secondary interface configuration may not show on Device Manager.
719028 FortiManager may not update FortiGate's VDOM license information when it is changed.
719568 There should be Has Log Disk in editing device page.
726990 When an administrator has access to a specified device group, FortiManager may remove devices that do not belong to the group when synchronizing device list to FortiAnalyzer.

FortiSwitch Manager

Bug ID Description
700023 Install may fail with switch-controller managed-switch:poe-pre-standard-detection after upgrade.
713492 In the per-device mapping of the VLANs in FortiSwitch Manager, the Specify option for the gateway is not saved in the database.
713553 FortiSwitch Template sflow counter interval value variance between 6.0 and 6.2 ADOMs.

Global ADOM

Bug ID

Description

680798

FortiManager may return an error, Could not read zone validation results, when assigning global ADOM changes with Automatically Install Policies to ADOM Devices.

693510 Display Options for Object Config will reset to default after some time.
710963 FortiManager may show unclear error message when trying to promote an object from an ADOM to Global database in Workspace or Workflow mode.
722562 Users may not be able to filter when assigning global policy.
724229 Global ADOM display options may be reset to default after reboot.

Others

Bug ID

Description

669191 The fdssvd daemon may randomly crash.
704545 FortiManager may stop responding when there is a lot of Workflow sessions and users try to disable the Workflow mode with the GUI.
706516 Securityconsole may crash when there are quotes around group name.
715601 Under some conditions, disk usage may reach 100% after a few days.
728375 JSON API may return runtime error 0: invalid value error when getting dynamic mapping with the fields attribute.

724470

The dmworker may crash on device retrieve or revision import.

Policy and Objects

Bug ID Description
487186 FortiManager may install a different local category ID to FortiGate causing a conflict with custom URL rating list.
569446 Interface subnet address object may show any as interface instead of the selected interface.
580880 FortiManager is unable to see dynamic mapping for Local Certificate if a Workflow session is created.
636537 CLI Only Objects > user > peergrp is not able to delete peergrp.
642708 View Mode may unexpectedly change from Interface Pair View to By Sequence mode.
654172 There may be webfilter local category ID mismatch between FortiManager and FortiGate causing incorrect action when using Custom URL List.
659543 FortiManager is not allowing reorder between Policy Blocks.
663109 FortiManager should not allow the user to select a profile group in a flow-based policy that uses a proxy-based feature.
666091 After cloning a policy package, the cloned policy package loses the installation targets.
672035 There may be an error when importing AWS credential from FortiGate to FortiManager.
675501 Policy check may show negative values.
679282 Editing a global object in an ADOM is not possible generating error, Undefined is not iterable.
684728 FortiManager and FortiGate should have equivalent filter list entries.
696367 Hit count, First used, and Last used may not get updated on FortiManager.
696489 The URL Filter in a Web Filter profile may not be enabled properly.
701526 There may be issue when scrolling down to view policy consistency results.
702621 When adding a remote usergroup when the LDAP service is unreachable, the Manually specify option is only available after a timeout.
704148 FortiManager is missing some IPS signatures while they are available on FortiGate.
704637

FortiManager allows VIP to be configured without default value or dynamic mapping.

705025 Find Unused Policies may report incorrect session data for security policy.
707953 IPS sensor may incorrectly set the action to pass instead block when quarantine is set.
708877 FortiManager 6.0 ADOM should not allow users to set ISDB objects that are not supported on FortiOS 6.0.
709435 FortiManager may not be able to import existing Azure SDN Connector from FortiGate.
711121 Enabling FortiGuard Outbreak Prevention database does not match FortiGate's behavior.
712150 The Search function in Address may not work after upgrading FortiManager to 6.4.5.
712213 Users may not be able to filter a policy using the Inspection Mode field.
712900 When new folders are created and the default policy package is deleted, then the new policy package cannot be created.
713216 When the policy package is large, it is slow to load the policy package, install the policy package, or view sessions revision diff in Workflow mode.
713682 FortiManager changes the Web URL Filter name on its own when saving a Web Filter Profile.
715275 FortiManager may not be able to show specific signature.
715722 Users may not be able to delete global object.
719700 FortiManager may have incorrect IPS default action entries in the database.
719981 The Where Used function may return no result for Internet Service objects.
725274 GUI may be slow when filtering many entries with DNS filter.
726424 IPS signature list may be empty after upgrade.
727329 FortiManager may fail to identify case sensitivity with interface having similar name for the Normalized Interfac" settings.
729287 User may not be able to edit DNAT.

Revision History

Bug ID Description
638060 Installing an existing revision or renaming a revision should be allowed in backup ADOM.
685509 FortiManager may unset authmethod-remote causing the install to fail.
691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.
693225 FortiManager may install unset inspection-mode to FortiGate 6.2 device in 6.0 ADOM.
694380 Installation may fail when set whitelist enable in ssl-ssh-profile is pushed to FortiGate 6.2 from a in 6.0 ADOM.
697642 Connecting unauthorized FortiSwitch to a managed FortiGate may cause issues on FortiManager when auto-update is disabled.
708913 FortiManager may try to set sflow-counter-interval and unset trunk-member resulting in installation failure.
715313 FortiManager may not enable the option FortiGuard Category Based Filter after FortiManager is synchronized with FortiGate.
724976 In a Zero Touch Provisioning deployment, the device database may get wiped by an AutoRetreive task.
728422 Policy validation may fail due to dynamic mapping for global object that is for FortiGate 6.2 device but it is in 6.0 ADOM.

728447

Installation may fail due to VIP's mapped IP as a range with two identical IP addresses.

Script

Bug ID Description
645684 Users may not be able to run TCL script in Workflow mode.
668876 Using CLI script to create SD-WAN with auto-numbering, edit 0, may not work.
689775 Users may not be able to edit an empty CLI Script Group.
701777 Application ID is not being configured after policy script execution.
707952 Copying a CLI Script Group from one ADOM to another ADOM may not work.
715305 When changing the system setting opmode from nat to transparent via a script, FortiManager may return failure to commit to database stating that there is no interface.
715623 Running a script on the device database may not update the Save status.
715632 Script configuring AntiVirus quarantine may fail.
721740 FortiManager may fail to run CLI script on Device DB after dmworker rash.

Services

Bug ID

Description

567664 HA secondary unit does not update FortiMeter license.
673302 FDS updates may fail with TLS v1.3.
688498 FortiSwitch version shown in the FortiGuard package page is not seen on FortiGate.
695685 FortiGate HA firmware upgrade may fail when both HA units need disk check.
712062 FortiSwitch and FortiAP upgrades may fail with Response with errors by using FortiGuard image.
714596 For web filter query, FortiManager should support category 9 mapping data.
714787 FortiManager should have a diagnose command to force web filtering database merge.

System Settings

Bug ID Description
598194 FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication.
625683 Changes made by ADOM upgrade may not update Last Modified date/time and user admin.
637377 If Manage Device Configurations is set to none in the admin profile, the user may not be able to see interface in policy.
667284 FortiManager should have a better log message when aborting device upgrade.
687171 Users may not be able to assign devices to the ADOMs which they have full access to.
687968 FortiManager should not change to ipv6-autoconf to disablewhen management access is changed to the ipv6-autoconf enable state.
697082 Schedule SCP backup may fail due to incorrect default port number.
700142 FortiManager should allow the user to configure more than eight hosts per SNMP community.
702165 Wildcard search may not work for Event logs.
705185 ADOM upgrade may cause per device mapping of VLANs in FortiSwitch Manager change to 0.
708939 Dashboard is showing incorrect GB per day and Device Quota information when FortiManager is enabled.
709873 Global task assignment time may not be accurate.
711446 Copy may fail due to invalid protocol options when both FortiGate and ADOM are upgraded to v6.2.
713233 FortiManager may fail to upgrade firmware resulting in cdbupgrade task error on console and process crashes.
714210 LDAP admin group search should be done with the service or administrator bind account.
714635 FortiManager backup file size may increase gradually when the IPS package is updated.
723117 Admin user may not be able to see who has locked an ADOM.
726138 After upgrade, FortiSwitch Template setting poe-pre-standard-detection may cause the installation to fail.
727458 FortiManager may not allow users to access all the VDOMs within an ADOM.

VPN Manager

Bug ID

Description

695879 Edit community may not be able to set VPN zone to Off via the GUI.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references
716350

FortiManager 7.0.1 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-32589

Resolved Issues

The following issues have been fixed in 7.0.1. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
513324 Users should be able to delete multiple APs in AP Manager.
674636 SSID may be empty in the AP Manager> WiFi Profiles> SSID column.

677419

FortiManager may show installation error on dual-5G radio band while pushing wireless-controller configuration.

689325

FortiManager may not be able to configure Channel 13 for Germany AP profile.

698004 When installing to a 6.4 FortiGate device from a 6.2 ADOM, there may be issue with set vap-all manual within the AP Profile.
706233 FortiManager may not detect changes in AP Manager > SSID > Pre-shared Key Password and display the message No record found.
712669 FortiManager may set darrp as enable when the Radio mode is set to monitor causing the installation to fail.
716135 There may be verification error when trying to install FortiAP with 2.4GHZ Radio 1 channel disabled.

Device Manager

Bug ID Description
521976 Users may not be able to enable CSV format within a system template.
603820 FortiManager fails to import a policy when reputation-minimum and reputation-direction are set.
615044 Configuration status may be shown modified after adding FortiGate to FortiManager.
640907 FortiManager is unable to configure FortiSwitch port mirroring.
649260 Device Manager may return an error when deleting VPN phase1.
664120 When FortiGate HA secondary unit is down, action is displayed as promote in Device Manager.
672344 If a managed FortiAnalyzer is in HA, setting Send Logs to "Managed FortiAnalyzer" in the system template may cause an install error.
690493 License check setting may not be saved.
692200 FortiManager may return conflict after a zero-touch-provisioning cluster deployment.
694713 When Workspace mode is enabled, the SD-WAN template may sporadically disappear.
696576 The available Explicit FTP proxy certificates are not consistent with the ones available in the FortiGate.
697596 Advanced Options is not displayed when creating a new interface.
701348 Once VRPP instance is created, the user should be able to edit or delete it.
702906 DHCP Relay Service may not be deleted when it is configured on VLAN interface.
708937 FortiManager may randomly update the geographical coordinates of a FortiGate device.
709214 System template should allow source interface to be selected when Specify is activated as interface-select-method.
709302 SD-WAN monitor search function on the table view does not actually search but highlight.
711005 Under backup ADOM, FortiManager should hide the selection for Provisioning Templates and Policy Packages in add device wizard, device dashboard, and device edit page.
711713 DHCP relay is displayed as DHCP server when Workspace is unlocked.
711888 FortiManager is not retrieving and saving the vdom-exception configuration.
713267 Searching for FortiGate name when editing a device group should display FortiGate device name with all the VDOMs.
714036 SD-WAN widget cannot be loaded when a rule uses a specific SLA target.
714208 Device Manager may not be able to save scan-botnet-connections option in interface settings page.
714710 Secondary interface configuration may not show on Device Manager.
719028 FortiManager may not update FortiGate's VDOM license information when it is changed.
719568 There should be Has Log Disk in editing device page.
726990 When an administrator has access to a specified device group, FortiManager may remove devices that do not belong to the group when synchronizing device list to FortiAnalyzer.

FortiSwitch Manager

Bug ID Description
700023 Install may fail with switch-controller managed-switch:poe-pre-standard-detection after upgrade.
713492 In the per-device mapping of the VLANs in FortiSwitch Manager, the Specify option for the gateway is not saved in the database.
713553 FortiSwitch Template sflow counter interval value variance between 6.0 and 6.2 ADOMs.

Global ADOM

Bug ID

Description

680798

FortiManager may return an error, Could not read zone validation results, when assigning global ADOM changes with Automatically Install Policies to ADOM Devices.

693510 Display Options for Object Config will reset to default after some time.
710963 FortiManager may show unclear error message when trying to promote an object from an ADOM to Global database in Workspace or Workflow mode.
722562 Users may not be able to filter when assigning global policy.
724229 Global ADOM display options may be reset to default after reboot.

Others

Bug ID

Description

669191 The fdssvd daemon may randomly crash.
704545 FortiManager may stop responding when there is a lot of Workflow sessions and users try to disable the Workflow mode with the GUI.
706516 Securityconsole may crash when there are quotes around group name.
715601 Under some conditions, disk usage may reach 100% after a few days.
728375 JSON API may return runtime error 0: invalid value error when getting dynamic mapping with the fields attribute.

724470

The dmworker may crash on device retrieve or revision import.

Policy and Objects

Bug ID Description
487186 FortiManager may install a different local category ID to FortiGate causing a conflict with custom URL rating list.
569446 Interface subnet address object may show any as interface instead of the selected interface.
580880 FortiManager is unable to see dynamic mapping for Local Certificate if a Workflow session is created.
636537 CLI Only Objects > user > peergrp is not able to delete peergrp.
642708 View Mode may unexpectedly change from Interface Pair View to By Sequence mode.
654172 There may be webfilter local category ID mismatch between FortiManager and FortiGate causing incorrect action when using Custom URL List.
659543 FortiManager is not allowing reorder between Policy Blocks.
663109 FortiManager should not allow the user to select a profile group in a flow-based policy that uses a proxy-based feature.
666091 After cloning a policy package, the cloned policy package loses the installation targets.
672035 There may be an error when importing AWS credential from FortiGate to FortiManager.
675501 Policy check may show negative values.
679282 Editing a global object in an ADOM is not possible generating error, Undefined is not iterable.
684728 FortiManager and FortiGate should have equivalent filter list entries.
696367 Hit count, First used, and Last used may not get updated on FortiManager.
696489 The URL Filter in a Web Filter profile may not be enabled properly.
701526 There may be issue when scrolling down to view policy consistency results.
702621 When adding a remote usergroup when the LDAP service is unreachable, the Manually specify option is only available after a timeout.
704148 FortiManager is missing some IPS signatures while they are available on FortiGate.
704637

FortiManager allows VIP to be configured without default value or dynamic mapping.

705025 Find Unused Policies may report incorrect session data for security policy.
707953 IPS sensor may incorrectly set the action to pass instead block when quarantine is set.
708877 FortiManager 6.0 ADOM should not allow users to set ISDB objects that are not supported on FortiOS 6.0.
709435 FortiManager may not be able to import existing Azure SDN Connector from FortiGate.
711121 Enabling FortiGuard Outbreak Prevention database does not match FortiGate's behavior.
712150 The Search function in Address may not work after upgrading FortiManager to 6.4.5.
712213 Users may not be able to filter a policy using the Inspection Mode field.
712900 When new folders are created and the default policy package is deleted, then the new policy package cannot be created.
713216 When the policy package is large, it is slow to load the policy package, install the policy package, or view sessions revision diff in Workflow mode.
713682 FortiManager changes the Web URL Filter name on its own when saving a Web Filter Profile.
715275 FortiManager may not be able to show specific signature.
715722 Users may not be able to delete global object.
719700 FortiManager may have incorrect IPS default action entries in the database.
719981 The Where Used function may return no result for Internet Service objects.
725274 GUI may be slow when filtering many entries with DNS filter.
726424 IPS signature list may be empty after upgrade.
727329 FortiManager may fail to identify case sensitivity with interface having similar name for the Normalized Interfac" settings.
729287 User may not be able to edit DNAT.

Revision History

Bug ID Description
638060 Installing an existing revision or renaming a revision should be allowed in backup ADOM.
685509 FortiManager may unset authmethod-remote causing the install to fail.
691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.
693225 FortiManager may install unset inspection-mode to FortiGate 6.2 device in 6.0 ADOM.
694380 Installation may fail when set whitelist enable in ssl-ssh-profile is pushed to FortiGate 6.2 from a in 6.0 ADOM.
697642 Connecting unauthorized FortiSwitch to a managed FortiGate may cause issues on FortiManager when auto-update is disabled.
708913 FortiManager may try to set sflow-counter-interval and unset trunk-member resulting in installation failure.
715313 FortiManager may not enable the option FortiGuard Category Based Filter after FortiManager is synchronized with FortiGate.
724976 In a Zero Touch Provisioning deployment, the device database may get wiped by an AutoRetreive task.
728422 Policy validation may fail due to dynamic mapping for global object that is for FortiGate 6.2 device but it is in 6.0 ADOM.

728447

Installation may fail due to VIP's mapped IP as a range with two identical IP addresses.

Script

Bug ID Description
645684 Users may not be able to run TCL script in Workflow mode.
668876 Using CLI script to create SD-WAN with auto-numbering, edit 0, may not work.
689775 Users may not be able to edit an empty CLI Script Group.
701777 Application ID is not being configured after policy script execution.
707952 Copying a CLI Script Group from one ADOM to another ADOM may not work.
715305 When changing the system setting opmode from nat to transparent via a script, FortiManager may return failure to commit to database stating that there is no interface.
715623 Running a script on the device database may not update the Save status.
715632 Script configuring AntiVirus quarantine may fail.
721740 FortiManager may fail to run CLI script on Device DB after dmworker rash.

Services

Bug ID

Description

567664 HA secondary unit does not update FortiMeter license.
673302 FDS updates may fail with TLS v1.3.
688498 FortiSwitch version shown in the FortiGuard package page is not seen on FortiGate.
695685 FortiGate HA firmware upgrade may fail when both HA units need disk check.
712062 FortiSwitch and FortiAP upgrades may fail with Response with errors by using FortiGuard image.
714596 For web filter query, FortiManager should support category 9 mapping data.
714787 FortiManager should have a diagnose command to force web filtering database merge.

System Settings

Bug ID Description
598194 FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication.
625683 Changes made by ADOM upgrade may not update Last Modified date/time and user admin.
637377 If Manage Device Configurations is set to none in the admin profile, the user may not be able to see interface in policy.
667284 FortiManager should have a better log message when aborting device upgrade.
687171 Users may not be able to assign devices to the ADOMs which they have full access to.
687968 FortiManager should not change to ipv6-autoconf to disablewhen management access is changed to the ipv6-autoconf enable state.
697082 Schedule SCP backup may fail due to incorrect default port number.
700142 FortiManager should allow the user to configure more than eight hosts per SNMP community.
702165 Wildcard search may not work for Event logs.
705185 ADOM upgrade may cause per device mapping of VLANs in FortiSwitch Manager change to 0.
708939 Dashboard is showing incorrect GB per day and Device Quota information when FortiManager is enabled.
709873 Global task assignment time may not be accurate.
711446 Copy may fail due to invalid protocol options when both FortiGate and ADOM are upgraded to v6.2.
713233 FortiManager may fail to upgrade firmware resulting in cdbupgrade task error on console and process crashes.
714210 LDAP admin group search should be done with the service or administrator bind account.
714635 FortiManager backup file size may increase gradually when the IPS package is updated.
723117 Admin user may not be able to see who has locked an ADOM.
726138 After upgrade, FortiSwitch Template setting poe-pre-standard-detection may cause the installation to fail.
727458 FortiManager may not allow users to access all the VDOMs within an ADOM.

VPN Manager

Bug ID

Description

695879 Edit community may not be able to set VPN zone to Off via the GUI.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references
716350

FortiManager 7.0.1 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-32589