Resolved Issues
The following issues have been fixed in 7.0.2. For inquires about a particular bug, please contact Customer Service & Support.
AP Manager
Bug ID | Description |
---|---|
673020 |
Creating SSID interface with central AP Manager automatically generates normalized interface name that has no default mapping configuration. |
702114 |
FortiManager is unable to see 5Ghz Clients in Health Monitor. |
728372 |
Importing SSID with optional VLAN ID set creates incorrect per-device mapping. |
Device Manager
Bug ID |
Description |
---|---|
563690 | Device Manager fails to add FortiAnalyzer that contains a FortiGate HA device with error: serial number does not match database. |
609859 | When installing device settings, the default name for downloaded preview file should be more identifiable for a device. |
637388 | System Dashboard's time zones are not sorted within the dropdown list. |
638750 | Where Used may not work for IPsec Phase 2 allowing users to delete used objects. |
662095 | FortiManager may take too much time to send SLA updates to over thousands of FortiGate devices. |
665207 | FortiManager needs IPv6 support on Syslog server setting. |
691611 | FortiManager does
auto-retrieve and causes all policy package statuses to become unknown after a new VDOM is created on FortiGate. |
696330 | FortiManager may change all devices to Managed FortiGate when hiding all unauthorized devices, and it cannot be switched back. |
696524 | Promote button task does not work and hangs, if FortiManager cannot SSH access to HA cluster. |
696730 | FortiManager is unable to promote Secondary FortiGate as Primary in a HA Cluster. |
698388 | FortiManager cannot edit or create a static route with SD-WAN returning an error. |
705448 | Device connection status may remain up after shutting down device port and updating device status. |
713833 | It may not be possible to rename device zone. |
714611 | Creating interface from VDOM may return No Match Found error. |
718184 | AutoUpdate with unset options and unset post-lang may cause device database and policy package status to display as OUT-OF-SYNC. |
719968 | SD-WAN Monitor should properly show the Map View of all devices. |
724600 |
FortiManager may not be able to install static default route for SD-WAN from Static route Template. |
725570 | FortiManager may return device can not be empty error when creating or editing a static route on SD-WAN interface. |
726167 | Installing static route template may fail because interface is in another VDOM. |
727123 | Meta Field is not translating values with spaces into correct scripts. |
728655 | Configuration status may not be shown as Synchronized after installation. |
728687 | Policy package status may change to Modified on all FortiGate devices when a dynamic address group changes. |
729301 | A managed FortiGate with assigned CLI template remains in Modified state following a successful device configure installation. |
729606 | FortiManager should show where a Device Zone is used under Device Manager. |
730482 | CLI Template cannot add system
DNS database entries if set domain contains the underscore
character (_ ). |
731204 | FortiManager may incorrectly display Object already exists message while creating a new Hardware Switch interface. |
731551 | FortiManager may return error, Failed to synchronize FortiAnalyzer with current ADOM data.Fail(errno=-3):Object does not exist, when adding FortiAnalyzer devices. |
732246 | Clock format option no longer works to format date in TCL scripts. |
733076 | Model device links to real device may not work. |
733080 | Device status is shown as Up on GUI, even though there is no activity for the session between FortiManager and FortiGate. |
733934 | During zero-touch provisioning with Enforce Firmware Version enabled, upgrade task may hang if the connection is reset during the image transfer. |
734487 | Device's hardware switch interface > physical interface member may not save. |
735106 | Delete is spelled incorrectly when attempting to delete invalid host cluster device. |
735402 | When creating a new CLI Group Template and trying to add members to it, it does not allow users to select other CLI Group Templates that were already created. |
737025 | SD-WAN Monitor widget may not be loaded when multiple performance SLAs are added. |
737173 | FortiManager should not unset l2tp and encapsulation with VPN phase2 interface. |
739369 | When revision history is very large, FortiManager may not be able to retrieve configuration. |
739624 | FortiManager should support FortiTester version 4. |
FortiSwitch Manager
Bug ID | Description |
---|---|
684371 |
Clicking OK to import FortiSwitch Template results in no response. |
714174 |
FortiSwitch manager DHCP reservation configuration may not synchronize correctly with FortiGate. |
740936 |
FortiSwitch VLAN template creates unknown interface platform mapping. |
Global ADOM
Bug ID |
Description |
---|---|
667197 | User should not be able to delete global object when ADOM is unlocked. |
725763 | Automatic install to ADOM devices may fail from Global ADOM. |
728803 | Copying global firewall policy may fail due to duplicate IPS sensors. |
736541 | NAT may stay as disabled on Global ADOM. |
737381 | FortiManager should not allow users to delete the default reserved address object starting with g-. |
745772 |
FortiManager may randomly delete FortiManager IPv4 policies when assigning from the Global ADOM. |
Others
Bug ID |
Description |
---|---|
505795 | FortiManager should allow users to configure the list of allowed TLS cipher suites. |
510508 | FortiManager cannot assign multiple ADOMs to an admin user via JSON API. |
697361 | FortiExtender status may not be correctly displayed. |
718251 | Web Service with port 8080 disabled may still be in listening state. |
731574 | FortiManager may not be able to change web filter category action via JSON API. |
732144 | A CA certificate may be missing from some older FortiManager platforms causing failure to login with FortiCloud SSO. |
733078 | FortiManager may show multiple fmgd crashes with signal 11 segmentation fault. |
733208 | Users may not be able to login from GUI after restored database with changed HTTP or HTTPS port number. |
736229 | API may fail to promote unauthorized devices to a different ADOM. |
738918 | After upgrade, FortiManager may
set firewall-address 100000 on VDOM enabled FortiGate. |
740523 | Retrieve task may fail due to auto-update file already having been deleted by FGFM tunnel. |
741118 | Install policy package may hang at 50% with security console crash. |
742137 | FortiManager may return an error when running an Ansible script to configure network interfaces, zones, and policies. |
744736 | FGFM tunnel may go up and down with multiple fgfmsd crashes. |
746311 | fgdsvr process may crash when
URL length is longer than 1024 characters. |
Policy and Objects
Bug ID |
Description |
---|---|
503978 | Thread Feeds should be Threat Feeds on Fabric Connector. |
549492 | Load-balance type VIP cannot be displayed and saved correctly. |
623346 | In NGFW-policy policy package, FortiManager does not show Security Virtual Wire Pair Policy or Virtual Wire Pair SSL Inspection & Authentication. |
644822 | Imported SDN Connector objects may change to random names. |
648970 | If a profile group enables WAF or ICAP profile, the group should be hidden in flow-based policy. |
657534 | SSH and MAPI should not be supported in file filter profile protocol under flow mode. |
666258 | User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop. |
690231 | Where-used may fail to display references to certificate-inspection that were added to firewall policies in previous versions. |
690295 | FortiManager may be slow when multiple users access GUI at the same time. |
699975 | Multiple filters are missing for Azure SDN Connector. |
709908 | When checking the status on AntiVirus profile, it may not show the correct inspection mode in list view when status stays in flow-based (Full Scan). |
710676 | System replacement message
group, replacemsg-group auth-intf-quarantine , does not exist. |
710736 | Classic Dual Pane mode cannot change left-panel size of object configuration. |
714975 | Imported groups or labels may not be available for direct use with policy. |
716114 | FortiManager should push changes in ssl-ssh-profile with Untrusted SSL Certificates setting reverted from Block to Allow. |
719698 | Performance for policy install may be slightly degraded after upgrading from 6.4.5 to 6.4.6. |
720896 | SSO admin with Restricted Admin profile should be able to view Web Filter, Application Control, or IPS objects. |
722087 | Edit user group with remote
members on FortiManager GUI may cause unexpected change in set group-name . |
724718 | When FortiManager's NSX-T connector is executing an API request, it should not be limited to 50 records. |
725024 | Proxy Policy page shows empty when the View Mode is selected as Interface Pair View. |
725132 | When modifying IP address of Default VPN Interface of spoke in Device Manager, hub remote gateway should be modified to reflect that change. |
725681 | Under dual pane, scrolling may be available to move panels out of viewable area. |
726077 | Authentication Rules may run incorrect validation that prevents submission and results in an error: The IP versions in source and destination addresses or Internet Services do not match. |
726548 | User-info-server
option is not available under dynamic mapping in CLI under user FSSO. |
728689 | FortiManager does not show warning or error while selecting no-inspection with UTM profile, which does not match FortiGate behavior. |
728985 | FortiManager may show signatures that have been deleted by FortiGuard. |
729289 | FortiManager should have an
option to set fortitoken/email/sms to unset or
blank . |
729705 | Installing policy requires Interface Validation for interfaces that are not being used in policy package. |
730523 | Unused policies tool may always generate a PDF containing all policies. |
731053 | FortiManager may miss some Internet Service entries. |
732138 | Non-full admin users should be able to export Policy Check and Unused Policy results. |
734556 | FQDN type firewall address object can be created with an unsupported format. |
735083 | Policy packages' folders may not be displayed in alphabetical order. |
735397 | Cloned object's revision history information may not be related to the clone task. |
735432 | Users with ADOM-specified admin privilege may not be able to view policy package. |
735738 | When creating a VIP object with port forwarding filter, FortiManager may show an error. |
735743 | In classic dual pane, column settings are hidden by the object configuration pane. |
738109 | FortiManager may not install
auth-cert from policy package to device. |
738231 | Creating VIP with IPv4 external IP mapped to IPv6 may trigger an error, a.mappedip is undefined. |
738595 | FortiManager may not correctly push AWS connector credentials. |
738745 | When an object is renamed, the new name must be used on all policies. |
739205 | FortiManager may thrown error Cannot delete the only package or folder, when deleting policy block. |
740331 | IP Pool details may be missing in ADOM v6.2. |
740944 | Custom IPS Signature script may fail to run on policy package or ADOM database. |
742257 | NPU log servers for hyperscale does not show up in policy package. |
744591 | Installing or importing IPS custom signature may fail when a signature's name contains a space character. |
746273 | Column filter may be extremely slow with large policy packages. |
747330 | FortiManager cannot assign or replace VIP with SD-WAN as source interface. |
748523 | After creating a VIP, FortiManager may not be able to choose the VIP on a policy. |
748524 | VIP is not visible in the policy, if the external interface is not the same as policy SD-WAN source interface. |
749519 | IPv4 policies in policy block may hidden on FortiManager's GUI. |
750160 | custom-url-list may not be
correctly parsed when URLs contain space characters. |
751550 |
In |
Revision History
Bug ID |
Description |
---|---|
640714 | FortiManager cannot correctly retrieve and import interface subnet type address showing 0.0.0.0 for IP. |
642878 | FortiManager should return a clear copy fail log for dynamic interface check error. |
643101 | Copy may fail due to VIP overlapping when installing policy package. |
674094 | FortiManager may unset explicit
proxy's HTTPS and PAC ports, and change the value to 0 instead. |
674196 | Installation may fail after
editing or creating a firewall policy if reputation-minimum is set. |
680549 | Restricted user's Quick Install is not working correctly for Rating Overrides. |
683728 | Installation fails due to VIP mapped IP range error when installing v6.2 policy package to v6.4 device. |
711314 | VDOM specific Disclaimer Page configuration is purged from default replacemsg-group during Policy Package installation. |
713552 | If VIP address's source-filter list is too long, installation may fail. |
722332 | For AP Profile change, installation preview may show No Entry. |
724340 | FortiManager may unset
forward-error-correction from FortiGate 7060E devices. |
724647 | After upgrading to 6.4, retrieval from a chassis may take a long time. |
725252 | When customer is trying to push policy package to a device group, installation window may not show any progress, but with a red cross. |
725557 | Install always try to delete hardware switch member interface causing installation failure. |
725717 | After upgrade, installation may
fail due to mcast-session-counting . |
728117 | After upgrade, install may fail
due to set pri-type-max 1000000 . |
728918 | FortiManager should install changes applied on Global policy package and not indicate warnings like no installing devices/no changes on package. |
729587 | FortiManager may create an already deleted admin account on FortiGate when installing changes for a new VDOM. |
733518 | FortiManager may incorrectly move DNAT objects. |
735455 | FortiManager may try to delete thousands of policies during install. |
735988 | Switch and AP names may be reverted by controller status update from FortiGate. |
740858 |
GCP project name must be set during install. |
741543 | Install may fail with unset MAC address on EMAC VLAN. |
742242 | Install fails after upgrade due
to set server-identity-check enable on LDAP server configuration. |
742806 | When modifying a configuration and installing Device Settings only, FortiManager may not display the device's configuration change. |
743313 |
After retrieving configuration from FortiGate, FortiManager changes an interface with type Hardware Switch to Physical. |
744966 |
After upgrading FortiManager, policy install verification may fail with Config status changes to Conflict due to invalid default value for log memory filter. |
745715 | FortiManager may not be able to install policy package with firewall rule using VIP group due to zone binding. |
747837 | FortiManager may try to delete
interfaces lan1, lan2, and lan3, which are used by virtual-switch.sw0 on
FortiGate-40F. |
749587 |
If a device revision is corrupted, FortiManager may be able to remove or create any revision. |
Script
Bug ID | Description |
---|---|
729571 | TCL script commands run on device no longer show in the script log. |
734942 |
Script includes static route with SD-WAN enabled may report error. |
744030 |
FortiManager should not allow running script against device database with incorrect command. |
Services
Bug ID |
Description |
---|---|
685678 | When FortiMail FIPS mode is enabled, FortiManager should be able to validate its license. |
714127 | Backup ADOM does not support firmware template upgrade. |
725118 | FortiManager may not log FortiGuard connectivity failures. |
725721 | FortiManager may not be able to recognize all FortiGate units within HA cluster, and it may not be able to provide update services to all units. |
730877 | The upgrade matrix file may be missing, and FortiManager is unable to calculate upgrade paths without the upgrade matrix file. |
733174 | FortiManager may not be able to recognize the object id 06002000NIDS02604 as IPS Signature Database(Extended). |
733873 | FortiManager may not get FortiGate HA cluster's contract information when Device Manager shows the secondary device's SN. |
739625 | FortiManager may not display licensing information for FortiTester. |
741846 | AP upgrade task may hang at 45%. |
System Settings
Bug ID |
Description |
---|---|
617601 | Sort by Time Used in Task Monitor may not be correct. |
663185 | Search may not work for event logs in text mode. |
690926 | FortiManager removes SD-WAN field description upon ADOM upgrading from 6.2 to 6.4. |
696554 | FortiManager may generate a lot of cdb event log for object changed event logs. |
700608 | The variable from meta data that is shown is not case sensitive, whereas the variable is case sensitive when using in a CLI template. |
705145 | Username is truncated to 49 characters in the notification Emails sent by FortiManager for workflow approvals. |
711686 | Workflow approval does not work when admin name has more than 49 characters. |
722320 | The NOT search in advanced/text mode search is not working for system event logs. |
726007 | Admin User systematically gets access to root ADOM in case of RADIUS authentication and Fortinet-Vdom-Name VSA is not set. |
727233 | ADOM license count should not count root ADOM. |
728942 | FortiManager may gray out some devices' tasks with error, which cannot be grouped together. |
728991 | Nested group search fails with Bad search filter if the user DN contains characters like "," and "()". |
729280 | Admin User with no access to management ADOM or VDOM can create a new VDOM from non-management ADOM > VDOM. |
731084 |
FortiManager upgrade should not have warning when there is no upgrade path. |
735067 | When creating a local account with the Force this administrator to change password upon next log on option checked, the setting should be applied for the first login. |
736205 | FortiManager may get stuck during upgrade. |
738395 | FortiManager tasks' time used should not be increased by timezone. |
738622 | ADOM upgrade from 6.0 to 6.2 may fail due to FortiExtender object. |
743411 |
FortiManager should show more than five local certificates. |
VPN Manager
Bug ID |
Description |
---|---|
712633 | VPN Manager pushes default
dpd-retrycount and dpd-retryinterval , but it cannot
display them. |
712861 | Policy Package Status stays Synchronized despite SSL-VPN Portal configuration being changed by using VPN Manager. |
721783 | Applying Authentication or Portal Mapping changes may take several minutes. |
722924 | FortiManager may not be able to
edit skip-check-for-unsupported-os enable under SSL portal
profile. |
Visit https://fortiguard.com/psirt for more information.
Bug ID | CVE references |
---|---|
630016 |
FortiManager 7.0.2 is no longer vulnerable to the following CVE-Reference:
|
729527 |
FortiManager 7.0.2 is no longer vulnerable to the following CVE-Reference:
|