Known Issues
The following issues have been identified in 7.2.2. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.
AP Manager
|
Bug ID |
Description |
|---|---|
| 861941 | FortiManager attempts to install
"arrp-profile" even if "darrp" is disabled. |
|
881548 |
Unable to install successfully when creating a SSID using its default value. |
| 884233 | FortiManager displays the AP critical security vulnerability info even after FortiAPs are being upgraded. |
|
889811 |
Under WIFI and switch controller for Managed FortiAPs, there is not any LLDP info found. |
|
910182 |
AP Manager doesn't load if admin profile permission is Read-Only. |
Device Manager
|
Bug ID |
Description |
|---|---|
| 817346 | Editing interface with normalized interface mapping displays some unnecessary messages for mapping change. |
|
837213 |
Browser may crash when clicking "view diff" to compare with current device config. This might happen due to a slow network. Workaround: Use "show diff only" from Revision History instead of checking it from "Out of Sync" devices list. |
|
838462 |
Adding device using "Add Model HA Cluster" feature failed as FortiManager does not allow "virtual switch interfaces" being used as "heartbeat interfaces". |
| 876040 | Status of Certificates is displayed as "pending" under the System's Certificates. |
| 879833 | Adding a model device with variable to FortiManager displays an error message: "a[i].replace is not a function". |
|
881148 |
SAML user - retrieve/refresh/install and device authorization fail from GUI after upgrading FortiManager to 7.2.2. Workaround: Set |
| 881308 | The default value of the
"router.static.vrf" leads to installation failure when attempting
to install blackhole routes to FortiGates. |
| 885454 | After upgrading FortiManager, certificates for FGT 1100E's are missing from the Device Manager. |
|
886917 888930 |
FortiManager's ipsec templates remove the sdwan member and bgp neighbor attached to an ipsec interface. This causes the sdwan member to be removed even when it's used. |
| 888658 | Editing DHCP Settings of a FortiGate interface displays the following error message: "You have no permission to access this device/vdom". |
| 889566 | "View Config" in Device Manager > Revision History does not display full configuration of the managed device. |
| 891216 | Unable to edit/save interface with DHCP relay enabled. |
| 891341 | Installation fails due to the Copy failure error; system template created with some empty string values which are assigned to devices. |
|
891967 |
When management VDOM is non-root and has been assigned to a different ADOM, FortiManager displays the error, "Can not access device global setting if management VDOM is not in current ADOM". |
|
893592 |
Exporting the Device List to CSV and Excel file doesn't include the FortiAPs and FortiSwitches info. |
| 896998 | Unable to get access to the Certificates via Device Manager > DEVICE_NAME > VDOM_NAME > System. |
| 897863 | After deselecting the "allow-dns" feature under the application control list, the changes cannot be
saved. |
| 899903 | FortiManager GUI does not list all NTP interfaces. |
|
909867 |
FortiManager attempts to configure unsupported syntax for " |
| 912833 | Adding FortiGates with Open Authentication (OAuth) Method, Fortinet Security Fabric dialog box does not display the FortiManager's related info. |
FortiSwitch Manager
|
Bug ID |
Description |
|---|---|
| 872802 | FortiManager automatically
sets "default" as dnsfilter-profile under dns-server for fortilink
interface. |
| 890205 | Selecting multiple ports to "Edit" is not possible as it is greyed out. |
Global ADOM
|
Bug ID |
Description |
|---|---|
| 826522 |
Unable to remove global object from Global Database in workspace mode. Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs. |
|
870944 |
Global Policy Assignment displays the following error (Double global assignment exists). |
|
906058 |
Firewall address cannot be deleted from Global ADOM; it displays an error message indicating that the object is being used in ADOM root. |
Others
|
Bug ID |
Description |
|---|---|
|
703585 |
FortiManager may return 'Connection aborted' error with JSON API request. |
|
713714 |
The schedule for firmware upgrade for FGTs does not work if the upgrade request is issued from the CLI, instead firmware upgrade starts immediately. Workaround: Use firmware upgrade templates in the GUI. |
| 777831 | When FortiAnalyzer is added as a managed device to FortiManager, Incident & Event Tile will be displayed instead of the FortiSoC. |
| 802922 | The application
"newcli" process crashes when the "diagnose cdb upgrade check
+all" command runs. |
| 804987 | License Status, under the FortiGuard tile, does not display the unregistered FortiGate's license. |
|
814425 |
Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly. |
| 829046 | After the upgrade, some of the metadata variables are missing. |
| 832351 | FortiManager does not allow users to enter to the root ADOM; it displays the "ADOM license was expired..." message. |
|
838638 |
FortiGates are upgraded successfully via FortiManager's Group Firmware upgrade feature; however, the task monitor displays "Image upgrade failed" for some of the FortiGates. |
| 851586 | FortiManager displays "invalid
scope" errors when running the "diagnose cdb check
policy-packages" command. |
| 869955 | BGP Template route map option does not support Meta Variables. |
| 871608 | Unable to retrieve routing information from FortiGate via FortiManager when there is a large routing table. |
| 875006 | When clicking on the warning message, which indicates critical security vulnerabilities, a list of all types of security vulnerabilities is displayed. |
| 883548 | FMG/FAZ is forcing its users to upgrade the Firmware version upon login. |
| 891869 | FortiManager wrongly recommends lower version for upgrade the FortiGates. |
| 895982 | Admin with a Super User profile is not able to create the Firmware Template when FortiManager is working in the Workflow mode. |
| 897157 | Unexpected changes in existing static routes, created by static route template after upgrade to 7.0.7, 7.2.2, 7.4.0. |
|
899570 |
Unable to add the "FortiGateRugged-60F" FGT to the FortiManager. |
| 899750 | ADOM upgrade makes the Policy Packages status modified. |
| 906533 | Group options, when creating/editing the workflow approval group, displays wrong info. |
|
919088 |
GUI may not work properly in Google Chrome and Microsoft Edge version 114. |
Policy & Objects
|
Bug ID |
Description |
|---|---|
| 739489 |
It's not possible to enable NAT with Outgoing Interface Address by directly right-clicking on the NAT section of a firewall policy. Workaround: Configure NAT by editing the firewall policy. |
| 751443 |
FortiManager displays policy installation copy failures error when ipsec template gets unassigned. Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface. Please ensure a fresh FortiManager's backup is created prior to any changes. |
| 774058 | Rule list order may not be saved under File Filter Profile. |
| 803460 | "User Definitions" entries under the "User & Authentication" cannot be removed from FortiManager. |
| 806378 | Searching policies on FortiManager does not work properly. |
| 821114 | EMS ZTNA Tags in FortiManager and FortiGate are using different naming convention; therefore, installing the policies with those tags to FortiGates do not work. |
| 824652 | Under the "Advanced
Options" for firewall policy, "session-ttl" feature cannot be
set to "never". |
| 827416 | FortiManager does not display any copy failure errors when utilized objects do not have any default values or per-device mapping. |
| 845022 | SDN Connector failed to import objects from VMware VSphere. |
| 846634 | GUI does not allow to edit the custom Application and Filter Overrides. |
| 862014 | FortiManager is purging 'replacement message group custom' configuration after install verification fails. |
| 866724 | Copy Failed error has been observed with the error message "Virtual server limit reached!"; this limit is 50 for FGT AWS ONDEMAND. |
| 867809 | During installation, FortiManager unsets status for the proxy policies. |
| 875547 | Policy & Package cannot be
imported, if the type of firewall address in FortiGate is
"interface-subnet" and subnet's value is different with its value
on FortiManager. |
| 877477 | Domain Name Threat Feeds are not available in DNS Filter > Remote Categories. |
| 880359 | FortiManager is purging 'replacement message group custom' configuration after install verification fails. |
| 880431 | Unable to define Exempt IP in IPS Sensor. |
| 880575 | When using the "reinstall policy" option to install to devices with different policy packages, the corresponding event log shows the same policy package pushed to all devices. |
| 881634 | When multiple VDOMs are
selected for installation using the Re-install Policy feature, FortiManager only
applies "re-install policy" for one VDOM from each devices. |
| 881857 | Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used. |
| 882477 | Error Message "Object already exists" is displayed when editing per device mapping for Address Group. |
| 882996 | Unable to install to FortiGates when
using null values for "local-gw6" and "remote-gw6". |
| 883527 | Install Preview does not display any info during the installation when using device groups in PP Installation Targets. |
| 885827 | FortiManager does not save and keep the selected "collapse all" mode for the policy package. |
| 885992 | Duplicate section names are created for policy package when ViewMode interface pair View is selected. |
| 886370 | FortiManager does not sort by interface per view results correctly; the results are not displayed in alphabetical order. |
| 887278 | Installation failed due to the
limit on max entery for "endpoint-control fctems". |
|
888483 |
The "automation email" under the "Replacement Message Group" is blank. |
|
889068 |
Unable to push policies when VDOMs are in different ADOMs. |
|
889563 |
FortiManager, for ADOM version 6.4, does not support Creating, Importing, or Inserting Above and Below actions for a deny policy with a "Log Violation Traffic" disabled. Workarounds:
|
| 891832 | The install preview for policy package being used by multiple FortiGates is taking some time to load. |
| 891996 | "Find and Replace" feature does not display the entries correctly and it does not allow any changes. |
| 892293 | Unable to Import Virtual Servers/VIPs in Central DNAT Mode. |
| 894052 | Unable to remove per-device mapping entry via GUI in dynamic address groups. |
|
895979 |
FortiManager attempts setting the Zone as the interface for firewall policy during the installation. |
| 896491 | Installation fails with unclear error message: "vdom copy failed". |
| 899339 | FortiManager does not seek for confirmation when deleting an object from firewall policy. |
| 911146 | Under the Policy & Objects, GUI does not display the Address Object list. |
| 912732 | The installation fails when the IPS signature contains CVE references. |
Script
|
Bug ID |
Description |
|---|---|
| 876917 | "Capture Diff to a Script" does not work properly. It does not display the changes. |
System Settings
|
Bug ID |
Description |
|---|---|
| 825319 | FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary. |
| 873078 | FortiManagers HA cannot be configured as the initial sync never completes. |
| 884168 | FortiManager suggests wrong versions to upgrade FortiGates in order to resolve the PSIRT Vulnerability. |
| 884396 | The firmware upgrade notification on the FortiManager and FortiAnalyzer keeps appearing continuously after each login. |
| 884848 | FortiManager HA is not syncing after upgrade as the synchronization between the cluster units never completes. |
|
888374 |
Admin user's ADOM setting cannot be synced to secondary when |
| 894366 | Any changes related to "lan" interface on FGT 40F, where the role is defined as "LAN", FortiManager tries installing firewall address "lan address" with type interface-subnet linked to interface "lan". The Install Verification fails for "lan address" as "entry not found in database". |
VPN Manager
|
Bug ID |
Description |
|---|---|
| 784385 |
If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN manager. Workaround: It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to this workaround. Perform the following command to check & repair the FortiManager's configuration database: diagnose cdb check policy-packages <adom> After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces. |
| 798995 | It's not possible to delete an SSL VPN portal profile from FortiManager GUI if the profile has been already installed. |
| 857051 | Installing a policy package with IPSec VPN to FortiGates fail with the following error: "TCL error (The remote gateway is a duplicate of another IPsec gateway entry)". |
| 888272 | Single entry of SSLVPN settings cannot be selected under VPN Manager. |
|
894705 |
FortiManager's GUI becomes unresponsive after any changes on the Advanced SSL Profiles in VPN Manager. |