Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiManager 7.2.10 Release Notes
    7.2.10
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3

    Resolved Issues

    Resolved Issues

    The following issues have been fixed in FortiManager version 7.2.10. To inquire about a particular bug, please contact Customer Service & Support.

    AP Manager

    Bug ID Description
    1040365

    FortiManager is generating false vulnerability reports for certain FortiAPs:

    • U431F

    • U231F

    1076200

    Policy install fails due to FortiManager installs unexpected changes related to "<wifi_intf> address".

    Device Manager

    Bug ID Description
    973365

    FortiManager does not display the IP addresses of FortiGate interfaces configured with DHCP addressing mode.

    1015138 Unable to edit interface with dhcp reservation.
    1030539 Managed FortiAnalyzer shown as managed FortiGate in Device Manager.
    1030685 Unable to export metadata variables if the metadata's per-device-mapping value is empty.
    1050126

    Setting up a FortiGate-HA with ZTP fails because the FortiLink is not deleted during the "HA config pushed to FGT" process.

    1051889 When downloading the FortiGate config through Device Manager > Managed Devices > Device Configuration DB, the downloaded file contains line breaks in middle of commands, which prevents it to be installed on FortiGate.
    1053194

    If the "system interface speed" attribute is changed from the FortiManager, it may potentially cause an installation failure. Modifying the "system interface speed" is not currently supported on the FortiManager and must be done on the FortiGate side.

    1063635

    FortiManager does not support the "FortiWiFi-80F-2R-3G4G-DSL".

    1063835

    FortiManager ZTP installation to FortiGate versions 7.2.8 and lower may fail due to differing default "ssh-kex-algo" settings between FortiManager and FortiGate.

    1063850 FortiManager is attempting to install a "PRIVATE KEY" with every installation, even after retrieving the config.
    1067706

    Metadata variables cannot be used in the firewall address objects.

    1070943

    Unable to upgrade the devices via Device Group Upgrade Firmware feature.

    1074717 An error might be observed when the SD-WAN template health check name contains a space, displaying the following message: "Bad health check name...".
    1075052

    Occasionally, installations may fail on FortiGates in HA mode due to a "Serial number does NOT match" error. This can happen if the HA device's serial number on FortiManager does not immediately update after a failover.

    1075281

    Unable to add FortiAnalyzer to FortiManager, when "fgfm-peercert-withoutsn" is enabled.

    1099270

    Unable to upgrade of FortiGate HA devices via Firmware Templates.

    FortiSwitch Manager

    Bug ID

    Description
    1061315 Device DB FortiLink config changes when authorizing or deauthorizing FortiSwitch from either FortiSwitch Manager or local FortiGate.

    Others

    Bug ID

    Description
    998198

    When upgrading ADOM, the upgrade process fails with the following error: "invalid value - can not find import template 'XYZ' ".

    1003711

    During the FortiGate HA upgrade, both the primary and secondary FortiGates may reboot simultaneously, which can disrupt the network. This issue is more likely to occur in FortiGates that require disk checks, leading to longer boot times.

    1020787 ZTP Enforce firmware Version doesn't upgrade the secondary cluster member.
    1058185 FortiProxy policies not imported if the policies have either internet service or IPv6 used in the source or destination.
    1078947

    Repeatedly testing the URL rating on FortiManager (diagnose fmupdate test fgd-url-rating...) may cause the "fgdsvr daemon" to crash.

    1081941

    When UTM-Profile gets added to a FortiProxy policy FortiManager generates invalid config.

    Policy and Objects

    Bug ID

    Description
    958923 Installing policy packages that utilize an SSL/SSH Inspection profile may fail with the error message "Server certificate replace mode cannot support category exempt."
    978136

    Occasionally, installation may fail due to an error message, "Waiting for another session", which prevents policies from being installed from FortiManager. During this issue, the following message may also appear: "Blocked by session id(XYZ) username(n/a)". This issue may be caused by a signal loss between the child and parent security console processes, leading the parent process to continue waiting for a copy result.

    983591 In the Firewall section, when attempting to add a note to the policy, the comment window shifts towards the left corner.
    991720

    FortiManager still has an option to enable the "match-vip" through the policy package for "allow" policies. However, this is not supported anymore on the FortiGates.

    1004929

    FortiManager removes the Web Filter Profile from the Profile Group for Policy-Based FortiGates.

    1005161

    The policy package status changes for all devices even when an address object is opened and saved without any modifications. This issue is particularly observed in objects utilizing the per-device mapping feature.

    1008413 FortiManager fails to load IPS signatures in the profile. This may only occur when the number of signatures listed in the profile is larger than 80.

    1014025

    1087922

    While attempting to access the Application Signatures list on FortiManager, an error message: "a.foreach is not a function" might be displayed.

    1029787 The Firewall Policy pane in the FortiManager GUI may occasionally display both "Standard Security Profiles" (SSL no-inspection and protocol default profiles) and "Security Profile Groups" simultaneously.
    1046002 Policy Package status does not display "unknown" status immediately following retrieve.
    1055795 During device import via multiple CSV files at same time, some devices were imported successfully, while others encountered errors and had missing metadata variables. Additionally, FortiManager forced the admin to log out. When attempting to log back in, the following error message appeared: "ADOM not found".
    1068736 Best Quality SDWAN rules installation may fail with the following error message: "Commit failed: Bad health check name".
    1069285 Using TAB button while creating firewall address object creates error Invalid IP address.

    1070800

    FortiManager is attempting to install the "cli-cmd-audit" command on a FortiGate running version 7.2.8, which does not support this command, leading to an installation error.
    1071226 Policy Lookup is not showing result as highlighted when the sections are not expended.
    1076659

    When policy package configured with policy block, installation to multiple devices may have copy fail errors if combined length of the Policy Block name and Policy name is greater than 35 characters and if the total number of such policies exceeds 1000.

    - <OLD>There is not any Workaround for now.
    1079037 The "internet-service-id" attribute is configurable in the FortiManager, whereas this attribute cannot be modified on the FortiGate.
    1079128 ZTNA Server Per-Device Mapping may display a copy error failure if a new per-device mapping is created without specifying the object interface.
    1082548 Address type FQDN is missing DNS resolve domain name function feature.

    1109061

    FortiManager tries to set the inspection mode for the deny policies.

    Script

    Bug ID

    Description
    931088

    Unable to delete VDOMs using the FortiManager script. Interfaces remain in the device database, causing the installation to fail.

    1085374

    FortiManager does not support exporting the TCL scripts via CLI.

    Services

    Bug ID Description
    1034102

    Unable to upgrade FortiGates from FortiManager due to a "no valid FMWR license" error, despite the FortiGates being licensed. This issue is reported when the "FMG Authorization table" on the FDS server is empty.

    1060509

    When updating query service packages from the global anycast server (globalupdate.fortinet.net), larger-sized IoTS packages may encounter checksum errors. These errors can prevent the proper updating of SPAM and URL databases, potentially impacting the FortiManager's FortiGuard Services.

    System Settings

    Bug ID Description
    1081463 The encrypted backup file cannot be easily correlated with the backup details, as the date and time are not included.

    VPN Manager

    Bug ID

    Description
    1084434 Unable to rename the address objects (either source and/or destination) used in Phase2 quick selectors in IPSec VPN without an installation error.

    Common Vulnerabilities and Exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID CVE references

    1020280

    FortiManager 7.2.10 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-33504

    1055002

    FortiManager 7.2.10 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-3596
    Previous
    Next

    Resolved Issues

    Resolved Issues

    The following issues have been fixed in FortiManager version 7.2.10. To inquire about a particular bug, please contact Customer Service & Support.

    AP Manager

    Bug ID Description
    1040365

    FortiManager is generating false vulnerability reports for certain FortiAPs:

    • U431F

    • U231F

    1076200

    Policy install fails due to FortiManager installs unexpected changes related to "<wifi_intf> address".

    Device Manager

    Bug ID Description
    973365

    FortiManager does not display the IP addresses of FortiGate interfaces configured with DHCP addressing mode.

    1015138 Unable to edit interface with dhcp reservation.
    1030539 Managed FortiAnalyzer shown as managed FortiGate in Device Manager.
    1030685 Unable to export metadata variables if the metadata's per-device-mapping value is empty.
    1050126

    Setting up a FortiGate-HA with ZTP fails because the FortiLink is not deleted during the "HA config pushed to FGT" process.

    1051889 When downloading the FortiGate config through Device Manager > Managed Devices > Device Configuration DB, the downloaded file contains line breaks in middle of commands, which prevents it to be installed on FortiGate.
    1053194

    If the "system interface speed" attribute is changed from the FortiManager, it may potentially cause an installation failure. Modifying the "system interface speed" is not currently supported on the FortiManager and must be done on the FortiGate side.

    1063635

    FortiManager does not support the "FortiWiFi-80F-2R-3G4G-DSL".

    1063835

    FortiManager ZTP installation to FortiGate versions 7.2.8 and lower may fail due to differing default "ssh-kex-algo" settings between FortiManager and FortiGate.

    1063850 FortiManager is attempting to install a "PRIVATE KEY" with every installation, even after retrieving the config.
    1067706

    Metadata variables cannot be used in the firewall address objects.

    1070943

    Unable to upgrade the devices via Device Group Upgrade Firmware feature.

    1074717 An error might be observed when the SD-WAN template health check name contains a space, displaying the following message: "Bad health check name...".
    1075052

    Occasionally, installations may fail on FortiGates in HA mode due to a "Serial number does NOT match" error. This can happen if the HA device's serial number on FortiManager does not immediately update after a failover.

    1075281

    Unable to add FortiAnalyzer to FortiManager, when "fgfm-peercert-withoutsn" is enabled.

    1099270

    Unable to upgrade of FortiGate HA devices via Firmware Templates.

    FortiSwitch Manager

    Bug ID

    Description
    1061315 Device DB FortiLink config changes when authorizing or deauthorizing FortiSwitch from either FortiSwitch Manager or local FortiGate.

    Others

    Bug ID

    Description
    998198

    When upgrading ADOM, the upgrade process fails with the following error: "invalid value - can not find import template 'XYZ' ".

    1003711

    During the FortiGate HA upgrade, both the primary and secondary FortiGates may reboot simultaneously, which can disrupt the network. This issue is more likely to occur in FortiGates that require disk checks, leading to longer boot times.

    1020787 ZTP Enforce firmware Version doesn't upgrade the secondary cluster member.
    1058185 FortiProxy policies not imported if the policies have either internet service or IPv6 used in the source or destination.
    1078947

    Repeatedly testing the URL rating on FortiManager (diagnose fmupdate test fgd-url-rating...) may cause the "fgdsvr daemon" to crash.

    1081941

    When UTM-Profile gets added to a FortiProxy policy FortiManager generates invalid config.

    Policy and Objects

    Bug ID

    Description
    958923 Installing policy packages that utilize an SSL/SSH Inspection profile may fail with the error message "Server certificate replace mode cannot support category exempt."
    978136

    Occasionally, installation may fail due to an error message, "Waiting for another session", which prevents policies from being installed from FortiManager. During this issue, the following message may also appear: "Blocked by session id(XYZ) username(n/a)". This issue may be caused by a signal loss between the child and parent security console processes, leading the parent process to continue waiting for a copy result.

    983591 In the Firewall section, when attempting to add a note to the policy, the comment window shifts towards the left corner.
    991720

    FortiManager still has an option to enable the "match-vip" through the policy package for "allow" policies. However, this is not supported anymore on the FortiGates.

    1004929

    FortiManager removes the Web Filter Profile from the Profile Group for Policy-Based FortiGates.

    1005161

    The policy package status changes for all devices even when an address object is opened and saved without any modifications. This issue is particularly observed in objects utilizing the per-device mapping feature.

    1008413 FortiManager fails to load IPS signatures in the profile. This may only occur when the number of signatures listed in the profile is larger than 80.

    1014025

    1087922

    While attempting to access the Application Signatures list on FortiManager, an error message: "a.foreach is not a function" might be displayed.

    1029787 The Firewall Policy pane in the FortiManager GUI may occasionally display both "Standard Security Profiles" (SSL no-inspection and protocol default profiles) and "Security Profile Groups" simultaneously.
    1046002 Policy Package status does not display "unknown" status immediately following retrieve.
    1055795 During device import via multiple CSV files at same time, some devices were imported successfully, while others encountered errors and had missing metadata variables. Additionally, FortiManager forced the admin to log out. When attempting to log back in, the following error message appeared: "ADOM not found".
    1068736 Best Quality SDWAN rules installation may fail with the following error message: "Commit failed: Bad health check name".
    1069285 Using TAB button while creating firewall address object creates error Invalid IP address.

    1070800

    FortiManager is attempting to install the "cli-cmd-audit" command on a FortiGate running version 7.2.8, which does not support this command, leading to an installation error.
    1071226 Policy Lookup is not showing result as highlighted when the sections are not expended.
    1076659

    When policy package configured with policy block, installation to multiple devices may have copy fail errors if combined length of the Policy Block name and Policy name is greater than 35 characters and if the total number of such policies exceeds 1000.

    - <OLD>There is not any Workaround for now.
    1079037 The "internet-service-id" attribute is configurable in the FortiManager, whereas this attribute cannot be modified on the FortiGate.
    1079128 ZTNA Server Per-Device Mapping may display a copy error failure if a new per-device mapping is created without specifying the object interface.
    1082548 Address type FQDN is missing DNS resolve domain name function feature.

    1109061

    FortiManager tries to set the inspection mode for the deny policies.

    Script

    Bug ID

    Description
    931088

    Unable to delete VDOMs using the FortiManager script. Interfaces remain in the device database, causing the installation to fail.

    1085374

    FortiManager does not support exporting the TCL scripts via CLI.

    Services

    Bug ID Description
    1034102

    Unable to upgrade FortiGates from FortiManager due to a "no valid FMWR license" error, despite the FortiGates being licensed. This issue is reported when the "FMG Authorization table" on the FDS server is empty.

    1060509

    When updating query service packages from the global anycast server (globalupdate.fortinet.net), larger-sized IoTS packages may encounter checksum errors. These errors can prevent the proper updating of SPAM and URL databases, potentially impacting the FortiManager's FortiGuard Services.

    System Settings

    Bug ID Description
    1081463 The encrypted backup file cannot be easily correlated with the backup details, as the date and time are not included.

    VPN Manager

    Bug ID

    Description
    1084434 Unable to rename the address objects (either source and/or destination) used in Phase2 quick selectors in IPSec VPN without an installation error.

    Common Vulnerabilities and Exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID CVE references

    1020280

    FortiManager 7.2.10 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-33504

    1055002

    FortiManager 7.2.10 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-3596
    Previous
    Next