Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 7.0.3. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description

691540

Where Used should indicate that an AP is still in used in one or more FortiGate devices.

697444

SSID with MPSK may not pass verification during an install.

726287

Deleting Floor Map may return a blank popup with error.

750255

FortiManager should enable DFS channels on WTP profiles for FAP234F and FAP231F with region N.

750458

AP Manager should not send local-authentication for VAP with wpa-enterprise and Radius to managed FortiGate.

755675

FortiManager may remove radius configuration from VAP when using "security wpa3-enterprise".

757706

FortiManager might downgrade FortiAP with enforce firmware version.

763233

AP profile may not contain SSID when AP Manager is in central management mode.

772194

FortiManager should not install the setting, set security-redirect-url, without making any such change.

Device Manager

Bug ID

Description

673008 SD-WAN Rules order changes to the default when creating a rule and moving it to the top.

699893

SD-WAN's priority-members is missing from CLI configuration page.

709214

System template should allow source interface to be selected when specify is activated as interface-select-method.

712578

FortiManager does not allow WiFi SSID with special characters.

726721

Unable to add multiple DNS domain names in provisioning template.

729301

A managed FortiGate with assigned CLI template remains in "modified" state following a successful device configure installation.

733379

FortiManager cannot edit global level configuration when management VDOM is not in the current ADOM.

735360

When editing a device group, search results do not show the device if VDOM name is matched by search keyword first.

740428

Device Manager is unable to display and download conflict URL filter firewall objects during import.

740893

Secondary IP may be purged when setting a description to VLAN interface.

742543

NTP server system template advance options may not be saved.

744628

After exported system template, importing the same configuration via CLI may fail.

744973

FortiManager GUI throws an error when switching from Policy & Objects to Device Manager.

747955

There may be performance issue when onboarding new SD-WAN devices.

748240

When FortiAnalyzer is managed via FortiManager, new devices that are registered to FortiManager should be synchronization under the corresponding ADOM on FortiAnalyzer.

749823

Named Address Static Route with SD-WAN cannot be selected on FortiManager.

749923

SD-WAN logs cannot be saved for some devices when sdwan-monitor-history is set as enabled.

750303

Under System > Interface, the data shown on this page may be incomplete.

750838

FortiManager may fail to import device list from another FortiManager due to the meta field containing prefix "_meta_".

752666

Provisioning System Templates page may stuck when an entry contains forward slash character.

753258

FortiManager may be unable to show SD-WAN monitor data when the rtmmond daemon is stuck.

754228

If a device group has been added as a group member, it should reside only as a group member and not as a root device group.

754465

FortiManager should also count promoted hidden devices.

754952

Deleting an interface referenced in the dashboard stops FortiManager auto-update.

755388

SD-WAN Monitor may not display any device when a device does not have any port monitor data.

755519

Zero-touch provisioning with script installation may fail due to duplicated snmp-index.

759905

When creating a device zone, device mapping may not be created when the zone is mapped to a normalized interface with the 'map as zone only' option.

760099

When creating EMAC VLAN from Device Manager, FortiManager should show VLAN ID field.

760132

Device Manager may not be able to delete FortiGate-7000E HA cluster members.

760579

FortiManager may not be able to install meta field variable used in SD-WAN profile to multiple FortiGate devices.

762082

When creating a Static Route, FortiManager may take a few seconds to display available "Named Address".

762365

When creating a static route, FortiManager may not be able to assign interface.

763797

Installation fails due to configuring forward-error-correction on FortiGate's interfaces.

767647

Map view may not show device status properly.

769303

FortiManager may not be able to delete Firmware Template with special characters.

770829

FortiManager may raise error when using the meta field SD-WAN template neighbor.

773147

Installation fails due to the unexpected system interface config changes for "pvc" related settings.

FortiSwitch Manager

Bug ID Description

748200

FortiSwitch monitor may show incorrect interface status for QSFP port.

756609

There may be issues to rename FortiSwitch template if it is imported using the import configuration option.

760538

Adding a new FortiSwitch template for FortiSwitch-108F may fail due to invalid data source for dsl-profile.

764258

FortiManager should not update trunk-member value as it is controlled by FortiGate.

770471

Importing FortiSwitch may fail due to NAC segment.

Global ADOM

Bug ID

Description

660852 FortiManager should not save invalid default value for ssl-ssh-profile in global database.

725763

Automatic install to ADOM devices may fail from Global ADOM.

741942

FortiManager should show clear error message for duplicated object assigned from Global ADOM.

755201

Policy package list is empty after created an admin and specific the access to Global ADOM.

758903

After upgraded FortiManager, all Global policies are still assigned as before but with Status "Pending changes".

760417

Internet Services may not be displayed in Global Database ADOM.

760804

FortiManager may return an error when adding address object to global policy.

Others

Bug ID

Description

605560 Flag is_model and linked_to_model are not working for add model device with JSON API.

622448

FortiManager should support the FortiClient EMS Fabric Connector.

732116

Setting of "FortiCloud Single Sign-On" is always displayed on login.

738639

Users should be able to obtain status of the fgfm reclain-dev-tunnel via API call.

740523

Retrieve task may fail due to autoupdate file already been deleted by fgfm.

744197

If an VDOM is created and then get the VDOM information from JSON API, the VDOM mode may be shown as NULL.

750419

Execution of integrity check may remove dynamic mappings.

756555

There should be a dignose command to reset or remove rating statistics database.

763669

FortiManager Pay-As-You-Go should support connect to FortiCare via proxy.

764674

Map should use the region defined by the coordinates in System Settings' Advanced Settings or the FortiManager's time zone.

766105

FortiManager may not be able to upgrade ADOM from 6.2 to 6.4 due to cdb crash.

Policy and Objects

Bug ID

Description

748467

FortiManager does not have the same profiles as on FortiGate with explicit proxy policy.

713886 FortiManagre returns an error, "method failure", when setting a shaping profile in normalized interface using per device mapping.

717031

FortiManager doesn't update the "Hit Count" number.

718223

Hyperscale firewall EIF shall not be enabled when IP pool with CGN overload configuration is used in a policy.

719104

FortiManager may not be able to select Internet Service group members when creating Internet Service group.

721253

FortiManager may not import all the roles and address groups from ClearPass.

726328

SSL-SSH profile may display incorrect options when using SSL Certificate Inspection.

729179

FortiManager may not be able to add Geography type address when interface mapping is enabled.

732199

FortiManager displays the group ID instead of display name with NSX-T Connector.

733602

FortiManager should support multiple GCP projects within a single SDN connector.

736115

FortiManager may not be able to create Web Forwarding Server Group.

737062

FortiManager may unset shaping profile with per-device mapping.

738114

FortiManager should return a proper message for error such as "get install scripts error(st=4,err=-8)".

738475

Special characters within policy's comment causes all policies missing on GUI.

744049

Proxy policy does not accept configuration with both ipv4 and ipv6 address objects.

744766

FortiManager may not be able to retrieve IP address for group with NSX-T v3.1.2.

744934

FortiManager may try to install undesirable changes to FortiGate-5001E, FortiGate-5001E1, and FortiGate-5001D.

745884

FortiManager GUI may not response when triggering policy package install wizard under Policy & Objects.

747537

Where Used should show the correct object references for newly cloned objects.

747558

FortiManager filters should work for HitCounters, First Session, and Last session.

748222

Cloning of a policy package is greyed out for admin users with restricted access to particular policy packager folder.

748235

Filtering by hit count may not work for policies.

748246

"Where Used" may result an empty top left frame for policy packages.

748498

There may be issue with Transparent Web Proxy when using interface pair view.

748556

FortiManager should not allow users to create Explicit proxy FTP with pool name.

749576

FortiManager may try to install hidden synproxy parameters for DOS policy to FortiGate.

750539

If FortiGate allows selecting LogMeIn app using specific filter override, FortiManager should also allow it.

750882

User may not be able to save changes in SSL/SSH inspection profile from GUI.

751137

There may be install performance issue when there is a huge number of dynamic mappings and there are many FortiAP or FortiSwitch devices.

751710

Editing a global user FSSO object's dynamic mapping is not possible.

752777

FortiManager should be able to manage valid authentication rules containing "User-Agent" proxy address.

752822

FortiManager may not response when adding a firewall address or group to a policy and changing the policy comment at the same time.

754225

Policy package status is out of sync without changes.

755072

Type mac address object without any mac addresses listed causes addresses table does not show entries.

755233

FortiManager should install the agent successfully for FSSO via FortiGate.

755252

Plus "+" sign should be added for SMS phone number when two-factor FortiToken Cloud is enabled.

755348

FortiManager should support more than one thousand traffic shapers.

757164

FortiManager database contains parameter webfilter-searchengine-Baidu-gb2312 that does not exist on FortiGate.

758021

After upgrading FortiManager, editing a policy with locking policy package duplicates the policy.

758526

FortiManager should be able to delete many per-device mappings quickly.

758534

Address objects which are MAC Address type may not be lost after upgrade.

758809

When policy package in policy-based NGFW mode, FortiManager may still set action to accept even when the policy is specified as deny.

760436

FortiManager may not be able to enable reputable website for SSL/SSH Inspection profile.

760869

Deleted objects may remain referenced in firewall policy.

761072

FortiManager may prompt "Cannot modify" error when using right-click menu to add object to policy.

765793

Adding custom signature with '_vdom-name' should not prevent pushing changes to numerous devices.

765812

Hyperscale policy packages do not show log server until you get into a policy.

767317

Policy Hit Count may not be updated for Read-Only admin.

768353

Commit action is taking too much time and it makes the FMG slow.

769997

Selection for user SAML as member under the user group may not take effect.

770678

Changing Action from Accept to Deny should ignore all UTM profiles within the firewall policy.

770700

FortiManager may install changes to a different device than the FortiGate selected.

Revision History

Bug ID

Description

618305 FortiManager changes configuration system csf settings.

657424

FortiManager may disable the "l2forward" and "stpforward" settings on virtual switch interface when installing policy package.

660525

When installing from FortiManager, it may unset comment, organization, and subnet-name during install.

691240

FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.

700495

FortiManager 6.2 ADOM may be sending set synproxy to FortiGate-1801F.

722604

After removed a member of user group that is used only in XAUTH, FortiManager is not deleting the unused local user on FortiGate.

740858

GCP project name must be set during install.

748350

Explicit proxy FTP ssl-ssh-profile application-list may not be installed.

748462

FortiManager should not set the HA interface IP under the central-management on FortiGate when the master unit fails.

750637

FortiGate-5001E, FortiGate-5001E1, and FortiGate-5001D may be mistakenly set to support switch-profile.

751771

Users may not be able to create hardware switch interface from FortiManager.

751776

Renaming IPSec Phase1 that is a member of a zone causes all zone related rules to be re-created.

752764

Install wizard may purge key-string for OSPF interface authentication.

753724

After imported and edited policy with NAT46, the subsequent install may fail due to NAT setting.

754081

Application Control signatures belong to Industrial Category are removed from FortiGate in split mode during policy install.

755059

After disabled NAT on hyperscale policy, there may be installation failure on unset action.

756508

FortiManager may unset chassis ID causing HA cluster lost.

757716

There may be install issue with Web Filter's "config ftgd-wf" which does not exist on NGFW policy mode on FortiGate.

761968

FortiManager may not be able to install resource limits to FortiGate.

764497

FortiManager should not create a new wildcard FQDN object while renaming it.

767824

FortiManager may unexpectedly delete custom signature when installing policy package.

Script

Bug ID Description
384139 Filter does not work on device group.

654700

Users need to open "View Script Execution History" to see that TCL script fails.

740938

Direct CLI script may fail when it contains an 'exec' command.

757156

When running CLI script remotely on 100+ firewalls, partial configuration is retrieved and it may cause routing to be removed from device database.

762611

Policy package status should not go out-of-sync when an automated script is triggered.

Services

Bug ID

Description

718256 FMG-VM64-AWSOnDemand may not retrieve the proper license when it is behind a proxy.

746680

FortiGate cannot update to latest patch due to image list not updated.

753871

FortiClient packages should not continue to be received once the service for that firmware version has been disabled.

System Settings

Bug ID

Description

687992

Backup that includes IPSec VPN cannot be restored.

553488 TACACS is unable to assign multiple ADOMs to admins.

634220

Event logs should record changes related to CLI Template.

640670

If a user specified ADOMs including global ADOM, workflow approval may not be able to find the same user.

697328

When trying to change Chassis ADOM status to disable, FortiManager may prompt "not defined" error.

706303

Template assignment or save may not generate clear Event logs.

734422

The "svc sys" daemon may have high memory usage when API is used to upgrade FortiGate devices.

737142

FortiManager should support using the special character "@" in SNMP community name.

738395

FortiManager tasks' time used should not be increased by timezone.

745288

Meta field variable does not works in System Templates for interface widget when action is set as DHCP Server.

745333

Remote authentication servers should not be synchronized among HA members.

745365

Event log may be truncated when the log contains many address objects.

745449

Link color is not clear to see when hovering over or selecting the link.

746568

FortiManager may continuously changing NTP synchronization server.

747181

Idle timeout may not work for SSO user.

748237

Users may not be able to disable ADOM via GUI or CLI.

748860

User may not be able to upgrade Backup ADOM.

751069

User may not be able to disable ADOM after upgrade.

758975

FortiManager may not be able to upgrade ADOM from v6.4 to v7.0 due to change with replacement message.

760427

FortiManager is not able to upload MIB files without any error message.

762708

LDAP may stuck for twenty seconds if LDAP is not responding.

VPN Manager

Bug ID

Description

735417 FortiManager may purge mac-addr-check-rule when installing to FortiGate.

748488

Cloned VPN Phase1 interface may have several different parameters than the original interface.

750227

Removing a spoke or hub from VPN community may result in partial configuration removal.

757734

FortiManager may unset peer if "peertype" is not set as "peer".

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

770575

FortiManager 7.0.3 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-22300

Resolved Issues

The following issues have been fixed in 7.0.3. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description

691540

Where Used should indicate that an AP is still in used in one or more FortiGate devices.

697444

SSID with MPSK may not pass verification during an install.

726287

Deleting Floor Map may return a blank popup with error.

750255

FortiManager should enable DFS channels on WTP profiles for FAP234F and FAP231F with region N.

750458

AP Manager should not send local-authentication for VAP with wpa-enterprise and Radius to managed FortiGate.

755675

FortiManager may remove radius configuration from VAP when using "security wpa3-enterprise".

757706

FortiManager might downgrade FortiAP with enforce firmware version.

763233

AP profile may not contain SSID when AP Manager is in central management mode.

772194

FortiManager should not install the setting, set security-redirect-url, without making any such change.

Device Manager

Bug ID

Description

673008 SD-WAN Rules order changes to the default when creating a rule and moving it to the top.

699893

SD-WAN's priority-members is missing from CLI configuration page.

709214

System template should allow source interface to be selected when specify is activated as interface-select-method.

712578

FortiManager does not allow WiFi SSID with special characters.

726721

Unable to add multiple DNS domain names in provisioning template.

729301

A managed FortiGate with assigned CLI template remains in "modified" state following a successful device configure installation.

733379

FortiManager cannot edit global level configuration when management VDOM is not in the current ADOM.

735360

When editing a device group, search results do not show the device if VDOM name is matched by search keyword first.

740428

Device Manager is unable to display and download conflict URL filter firewall objects during import.

740893

Secondary IP may be purged when setting a description to VLAN interface.

742543

NTP server system template advance options may not be saved.

744628

After exported system template, importing the same configuration via CLI may fail.

744973

FortiManager GUI throws an error when switching from Policy & Objects to Device Manager.

747955

There may be performance issue when onboarding new SD-WAN devices.

748240

When FortiAnalyzer is managed via FortiManager, new devices that are registered to FortiManager should be synchronization under the corresponding ADOM on FortiAnalyzer.

749823

Named Address Static Route with SD-WAN cannot be selected on FortiManager.

749923

SD-WAN logs cannot be saved for some devices when sdwan-monitor-history is set as enabled.

750303

Under System > Interface, the data shown on this page may be incomplete.

750838

FortiManager may fail to import device list from another FortiManager due to the meta field containing prefix "_meta_".

752666

Provisioning System Templates page may stuck when an entry contains forward slash character.

753258

FortiManager may be unable to show SD-WAN monitor data when the rtmmond daemon is stuck.

754228

If a device group has been added as a group member, it should reside only as a group member and not as a root device group.

754465

FortiManager should also count promoted hidden devices.

754952

Deleting an interface referenced in the dashboard stops FortiManager auto-update.

755388

SD-WAN Monitor may not display any device when a device does not have any port monitor data.

755519

Zero-touch provisioning with script installation may fail due to duplicated snmp-index.

759905

When creating a device zone, device mapping may not be created when the zone is mapped to a normalized interface with the 'map as zone only' option.

760099

When creating EMAC VLAN from Device Manager, FortiManager should show VLAN ID field.

760132

Device Manager may not be able to delete FortiGate-7000E HA cluster members.

760579

FortiManager may not be able to install meta field variable used in SD-WAN profile to multiple FortiGate devices.

762082

When creating a Static Route, FortiManager may take a few seconds to display available "Named Address".

762365

When creating a static route, FortiManager may not be able to assign interface.

763797

Installation fails due to configuring forward-error-correction on FortiGate's interfaces.

767647

Map view may not show device status properly.

769303

FortiManager may not be able to delete Firmware Template with special characters.

770829

FortiManager may raise error when using the meta field SD-WAN template neighbor.

773147

Installation fails due to the unexpected system interface config changes for "pvc" related settings.

FortiSwitch Manager

Bug ID Description

748200

FortiSwitch monitor may show incorrect interface status for QSFP port.

756609

There may be issues to rename FortiSwitch template if it is imported using the import configuration option.

760538

Adding a new FortiSwitch template for FortiSwitch-108F may fail due to invalid data source for dsl-profile.

764258

FortiManager should not update trunk-member value as it is controlled by FortiGate.

770471

Importing FortiSwitch may fail due to NAC segment.

Global ADOM

Bug ID

Description

660852 FortiManager should not save invalid default value for ssl-ssh-profile in global database.

725763

Automatic install to ADOM devices may fail from Global ADOM.

741942

FortiManager should show clear error message for duplicated object assigned from Global ADOM.

755201

Policy package list is empty after created an admin and specific the access to Global ADOM.

758903

After upgraded FortiManager, all Global policies are still assigned as before but with Status "Pending changes".

760417

Internet Services may not be displayed in Global Database ADOM.

760804

FortiManager may return an error when adding address object to global policy.

Others

Bug ID

Description

605560 Flag is_model and linked_to_model are not working for add model device with JSON API.

622448

FortiManager should support the FortiClient EMS Fabric Connector.

732116

Setting of "FortiCloud Single Sign-On" is always displayed on login.

738639

Users should be able to obtain status of the fgfm reclain-dev-tunnel via API call.

740523

Retrieve task may fail due to autoupdate file already been deleted by fgfm.

744197

If an VDOM is created and then get the VDOM information from JSON API, the VDOM mode may be shown as NULL.

750419

Execution of integrity check may remove dynamic mappings.

756555

There should be a dignose command to reset or remove rating statistics database.

763669

FortiManager Pay-As-You-Go should support connect to FortiCare via proxy.

764674

Map should use the region defined by the coordinates in System Settings' Advanced Settings or the FortiManager's time zone.

766105

FortiManager may not be able to upgrade ADOM from 6.2 to 6.4 due to cdb crash.

Policy and Objects

Bug ID

Description

748467

FortiManager does not have the same profiles as on FortiGate with explicit proxy policy.

713886 FortiManagre returns an error, "method failure", when setting a shaping profile in normalized interface using per device mapping.

717031

FortiManager doesn't update the "Hit Count" number.

718223

Hyperscale firewall EIF shall not be enabled when IP pool with CGN overload configuration is used in a policy.

719104

FortiManager may not be able to select Internet Service group members when creating Internet Service group.

721253

FortiManager may not import all the roles and address groups from ClearPass.

726328

SSL-SSH profile may display incorrect options when using SSL Certificate Inspection.

729179

FortiManager may not be able to add Geography type address when interface mapping is enabled.

732199

FortiManager displays the group ID instead of display name with NSX-T Connector.

733602

FortiManager should support multiple GCP projects within a single SDN connector.

736115

FortiManager may not be able to create Web Forwarding Server Group.

737062

FortiManager may unset shaping profile with per-device mapping.

738114

FortiManager should return a proper message for error such as "get install scripts error(st=4,err=-8)".

738475

Special characters within policy's comment causes all policies missing on GUI.

744049

Proxy policy does not accept configuration with both ipv4 and ipv6 address objects.

744766

FortiManager may not be able to retrieve IP address for group with NSX-T v3.1.2.

744934

FortiManager may try to install undesirable changes to FortiGate-5001E, FortiGate-5001E1, and FortiGate-5001D.

745884

FortiManager GUI may not response when triggering policy package install wizard under Policy & Objects.

747537

Where Used should show the correct object references for newly cloned objects.

747558

FortiManager filters should work for HitCounters, First Session, and Last session.

748222

Cloning of a policy package is greyed out for admin users with restricted access to particular policy packager folder.

748235

Filtering by hit count may not work for policies.

748246

"Where Used" may result an empty top left frame for policy packages.

748498

There may be issue with Transparent Web Proxy when using interface pair view.

748556

FortiManager should not allow users to create Explicit proxy FTP with pool name.

749576

FortiManager may try to install hidden synproxy parameters for DOS policy to FortiGate.

750539

If FortiGate allows selecting LogMeIn app using specific filter override, FortiManager should also allow it.

750882

User may not be able to save changes in SSL/SSH inspection profile from GUI.

751137

There may be install performance issue when there is a huge number of dynamic mappings and there are many FortiAP or FortiSwitch devices.

751710

Editing a global user FSSO object's dynamic mapping is not possible.

752777

FortiManager should be able to manage valid authentication rules containing "User-Agent" proxy address.

752822

FortiManager may not response when adding a firewall address or group to a policy and changing the policy comment at the same time.

754225

Policy package status is out of sync without changes.

755072

Type mac address object without any mac addresses listed causes addresses table does not show entries.

755233

FortiManager should install the agent successfully for FSSO via FortiGate.

755252

Plus "+" sign should be added for SMS phone number when two-factor FortiToken Cloud is enabled.

755348

FortiManager should support more than one thousand traffic shapers.

757164

FortiManager database contains parameter webfilter-searchengine-Baidu-gb2312 that does not exist on FortiGate.

758021

After upgrading FortiManager, editing a policy with locking policy package duplicates the policy.

758526

FortiManager should be able to delete many per-device mappings quickly.

758534

Address objects which are MAC Address type may not be lost after upgrade.

758809

When policy package in policy-based NGFW mode, FortiManager may still set action to accept even when the policy is specified as deny.

760436

FortiManager may not be able to enable reputable website for SSL/SSH Inspection profile.

760869

Deleted objects may remain referenced in firewall policy.

761072

FortiManager may prompt "Cannot modify" error when using right-click menu to add object to policy.

765793

Adding custom signature with '_vdom-name' should not prevent pushing changes to numerous devices.

765812

Hyperscale policy packages do not show log server until you get into a policy.

767317

Policy Hit Count may not be updated for Read-Only admin.

768353

Commit action is taking too much time and it makes the FMG slow.

769997

Selection for user SAML as member under the user group may not take effect.

770678

Changing Action from Accept to Deny should ignore all UTM profiles within the firewall policy.

770700

FortiManager may install changes to a different device than the FortiGate selected.

Revision History

Bug ID

Description

618305 FortiManager changes configuration system csf settings.

657424

FortiManager may disable the "l2forward" and "stpforward" settings on virtual switch interface when installing policy package.

660525

When installing from FortiManager, it may unset comment, organization, and subnet-name during install.

691240

FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.

700495

FortiManager 6.2 ADOM may be sending set synproxy to FortiGate-1801F.

722604

After removed a member of user group that is used only in XAUTH, FortiManager is not deleting the unused local user on FortiGate.

740858

GCP project name must be set during install.

748350

Explicit proxy FTP ssl-ssh-profile application-list may not be installed.

748462

FortiManager should not set the HA interface IP under the central-management on FortiGate when the master unit fails.

750637

FortiGate-5001E, FortiGate-5001E1, and FortiGate-5001D may be mistakenly set to support switch-profile.

751771

Users may not be able to create hardware switch interface from FortiManager.

751776

Renaming IPSec Phase1 that is a member of a zone causes all zone related rules to be re-created.

752764

Install wizard may purge key-string for OSPF interface authentication.

753724

After imported and edited policy with NAT46, the subsequent install may fail due to NAT setting.

754081

Application Control signatures belong to Industrial Category are removed from FortiGate in split mode during policy install.

755059

After disabled NAT on hyperscale policy, there may be installation failure on unset action.

756508

FortiManager may unset chassis ID causing HA cluster lost.

757716

There may be install issue with Web Filter's "config ftgd-wf" which does not exist on NGFW policy mode on FortiGate.

761968

FortiManager may not be able to install resource limits to FortiGate.

764497

FortiManager should not create a new wildcard FQDN object while renaming it.

767824

FortiManager may unexpectedly delete custom signature when installing policy package.

Script

Bug ID Description
384139 Filter does not work on device group.

654700

Users need to open "View Script Execution History" to see that TCL script fails.

740938

Direct CLI script may fail when it contains an 'exec' command.

757156

When running CLI script remotely on 100+ firewalls, partial configuration is retrieved and it may cause routing to be removed from device database.

762611

Policy package status should not go out-of-sync when an automated script is triggered.

Services

Bug ID

Description

718256 FMG-VM64-AWSOnDemand may not retrieve the proper license when it is behind a proxy.

746680

FortiGate cannot update to latest patch due to image list not updated.

753871

FortiClient packages should not continue to be received once the service for that firmware version has been disabled.

System Settings

Bug ID

Description

687992

Backup that includes IPSec VPN cannot be restored.

553488 TACACS is unable to assign multiple ADOMs to admins.

634220

Event logs should record changes related to CLI Template.

640670

If a user specified ADOMs including global ADOM, workflow approval may not be able to find the same user.

697328

When trying to change Chassis ADOM status to disable, FortiManager may prompt "not defined" error.

706303

Template assignment or save may not generate clear Event logs.

734422

The "svc sys" daemon may have high memory usage when API is used to upgrade FortiGate devices.

737142

FortiManager should support using the special character "@" in SNMP community name.

738395

FortiManager tasks' time used should not be increased by timezone.

745288

Meta field variable does not works in System Templates for interface widget when action is set as DHCP Server.

745333

Remote authentication servers should not be synchronized among HA members.

745365

Event log may be truncated when the log contains many address objects.

745449

Link color is not clear to see when hovering over or selecting the link.

746568

FortiManager may continuously changing NTP synchronization server.

747181

Idle timeout may not work for SSO user.

748237

Users may not be able to disable ADOM via GUI or CLI.

748860

User may not be able to upgrade Backup ADOM.

751069

User may not be able to disable ADOM after upgrade.

758975

FortiManager may not be able to upgrade ADOM from v6.4 to v7.0 due to change with replacement message.

760427

FortiManager is not able to upload MIB files without any error message.

762708

LDAP may stuck for twenty seconds if LDAP is not responding.

VPN Manager

Bug ID

Description

735417 FortiManager may purge mac-addr-check-rule when installing to FortiGate.

748488

Cloned VPN Phase1 interface may have several different parameters than the original interface.

750227

Removing a spoke or hub from VPN community may result in partial configuration removal.

757734

FortiManager may unset peer if "peertype" is not set as "peer".

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

770575

FortiManager 7.0.3 is no longer vulnerable to the following CVE Reference:

  • CVE-2022-22300