Resolved Issues
The following issues have been fixed in FortiManager version 7.2.10. To inquire about a particular bug, please contact Customer Service & Support.
AP Manager
| Bug ID | Description |
|---|---|
| 1040365 |
FortiManager is generating false vulnerability reports for certain FortiAPs:
|
| 1076200 |
Policy install fails due to FortiManager installs unexpected changes related to "<wifi_intf> address". |
Device Manager
| Bug ID | Description |
|---|---|
| 973365 |
FortiManager does not display the IP addresses of FortiGate interfaces configured with DHCP addressing mode. |
| 1015138 | Unable to edit interface with dhcp reservation. |
| 1030539 | Managed FortiAnalyzer shown as managed FortiGate in Device Manager. |
| 1030685 | Unable to export metadata variables if the metadata's per-device-mapping value is empty. |
| 1050126 |
Setting up a FortiGate-HA with ZTP fails because the FortiLink is not deleted during the "HA config pushed to FGT" process. |
| 1051889 | When downloading the FortiGate config through Device Manager > Managed Devices > Device Configuration DB, the downloaded file contains line breaks in middle of commands, which prevents it to be installed on FortiGate. |
| 1053194 |
If the " |
| 1063635 |
FortiManager does not support the "FortiWiFi-80F-2R-3G4G-DSL". |
| 1063835 |
FortiManager ZTP installation to FortiGate versions 7.2.8 and lower may fail due to
differing default " |
| 1063850 | FortiManager is attempting to install a "PRIVATE KEY" with every installation, even after retrieving the config. |
| 1067706 |
Metadata variables cannot be used in the firewall address objects. |
| 1070943 |
Unable to upgrade the devices via Device Group Upgrade Firmware feature. |
| 1074717 | An error might be observed when the SD-WAN template health check name contains a space, displaying the following message: "Bad health check name...". |
| 1075052 |
Occasionally, installations may fail on FortiGates in HA mode due to a "Serial number does NOT match" error. This can happen if the HA device's serial number on FortiManager does not immediately update after a failover. |
| 1075281 |
Unable to add FortiAnalyzer to FortiManager, when " |
|
1099270 |
Unable to upgrade of FortiGate HA devices via Firmware Templates. |
FortiSwitch Manager
|
Bug ID |
Description |
|---|---|
| 1061315 | Device DB FortiLink config changes when authorizing or deauthorizing FortiSwitch from either FortiSwitch Manager or local FortiGate. |
Others
|
Bug ID |
Description |
|---|---|
| 998198 |
When upgrading ADOM, the upgrade process fails with the following error: "invalid value - can not find import template 'XYZ' ". |
| 1003711 |
During the FortiGate HA upgrade, both the primary and secondary FortiGates may reboot simultaneously, which can disrupt the network. This issue is more likely to occur in FortiGates that require disk checks, leading to longer boot times. |
| 1020787 | ZTP Enforce firmware Version doesn't upgrade the secondary cluster member. |
| 1058185 | FortiProxy policies not imported if the policies have either internet service or IPv6 used in the source or destination. |
| 1078947 |
Repeatedly testing the URL rating on FortiManager ( |
|
1081941 |
When UTM-Profile gets added to a FortiProxy policy FortiManager generates invalid config. |
Policy and Objects
|
Bug ID |
Description |
|---|---|
| 958923 | Installing policy packages that utilize an SSL/SSH Inspection profile may fail with the error message "Server certificate replace mode cannot support category exempt." |
| 978136 |
Occasionally, installation may fail due to an error message, "Waiting for another session", which prevents policies from being installed from FortiManager. During this issue, the following message may also appear: "Blocked by session id(XYZ) username(n/a)". This issue may be caused by a signal loss between the child and parent security console processes, leading the parent process to continue waiting for a copy result. |
| 983591 | In the Firewall section, when attempting to add a note to the policy, the comment window shifts towards the left corner. |
| 991720 |
FortiManager still has an option to enable the "match-vip" through the policy package for "allow" policies. However, this is not supported anymore on the FortiGates. |
| 1004929 |
FortiManager removes the Web Filter Profile from the Profile Group for Policy-Based FortiGates. |
| 1005161 |
The policy package status changes for all devices even when an address object is opened and saved without any modifications. This issue is particularly observed in objects utilizing the per-device mapping feature. |
| 1008413 | FortiManager fails to load IPS signatures in the profile. This may only occur when the number of signatures listed in the profile is larger than 80. |
|
1014025 1087922 |
While attempting to access the Application Signatures list on FortiManager, an error message: "a.foreach is not a function" might be displayed. |
| 1029787 | The Firewall Policy pane in the FortiManager GUI may occasionally display both "Standard Security Profiles" (SSL no-inspection and protocol default profiles) and "Security Profile Groups" simultaneously. |
| 1046002 | Policy Package status does not display "unknown" status immediately following retrieve. |
| 1055795 | During device import via multiple CSV files at same time, some devices were imported successfully, while others encountered errors and had missing metadata variables. Additionally, FortiManager forced the admin to log out. When attempting to log back in, the following error message appeared: "ADOM not found". |
| 1068736 | Best Quality SDWAN rules installation may fail with the following error message: "Commit failed: Bad health check name". |
| 1069285 | Using TAB button while creating firewall address object creates error Invalid IP address. |
|
1070800 |
FortiManager is attempting to install the " |
| 1071226 | Policy Lookup is not showing result as highlighted when the sections are not expended. |
| 1076659 |
When policy package configured with policy block, installation to multiple devices may have copy fail errors if combined length of the Policy Block name and Policy name is greater than 35 characters and if the total number of such policies exceeds 1000. - <OLD>There is not any Workaround for now. |
| 1079037 | The "internet-service-id" attribute is configurable in the FortiManager,
whereas this attribute cannot be modified on the FortiGate. |
| 1079128 | ZTNA Server Per-Device Mapping may display a copy error failure if a new per-device mapping is created without specifying the object interface. |
| 1082548 | Address type FQDN is missing DNS resolve domain name function feature. |
|
1109061 |
FortiManager tries to set the inspection mode for the deny policies. |
Script
|
Bug ID |
Description |
|---|---|
| 931088 |
Unable to delete VDOMs using the FortiManager script. Interfaces remain in the device database, causing the installation to fail. |
|
1085374 |
FortiManager does not support exporting the TCL scripts via CLI. |
Services
| Bug ID | Description |
|---|---|
| 1034102 |
Unable to upgrade FortiGates from FortiManager due to a "no valid FMWR license" error, despite the FortiGates being licensed. This issue is reported when the "FMG Authorization table" on the FDS server is empty. |
|
1060509 |
When updating query service packages from the global anycast server (globalupdate.fortinet.net), larger-sized IoTS packages may encounter checksum errors. These errors can prevent the proper updating of SPAM and URL databases, potentially impacting the FortiManager's FortiGuard Services. |
System Settings
| Bug ID | Description |
|---|---|
| 1081463 | The encrypted backup file cannot be easily correlated with the backup details, as the date and time are not included. |
VPN Manager
|
Bug ID |
Description |
|---|---|
| 1084434 | Unable to rename the address objects (either source and/or destination) used in Phase2 quick selectors in IPSec VPN without an installation error. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
|
1020280 |
FortiManager 7.2.10 is no longer vulnerable to the following CVE Reference:
|
|
1055002 |
FortiManager 7.2.10 is no longer vulnerable to the following CVE Reference:
|