Fortinet white logo
Fortinet white logo

Release Notes

Known Issues

Known Issues

The following issues have been identified in 7.2.2. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

881548

Unable to install successfully when creating a SSID using its default value.

884233 FortiManager may display FortiAP critical security vulnerability information even after FortiAPs have been upgraded. This could be because the FortiAP does not provide their patch numbers to the FortiGate, and therefore this information is not transferred to the FortiManager for proper vulnerability checking.

906930

FortiManager displays an error for Subnets overlap for a Bridge SSID.

910182

AP Manager doesn't load if admin profile permission is Read-Only.

Device Manager

Bug ID

Description

817346 Editing interface with normalized interface mapping displays some unnecessary messages for mapping change.

837213

Browser may crash when clicking "view diff" to compare with current device config. This might happen due to a slow network.

Workaround: Use "show diff only" from Revision History instead of checking it from "Out of Sync" devices list.

838462

Adding device using "Add Model HA Cluster" feature failed as FortiManager does not allow "virtual switch interfaces" being used as "heartbeat interfaces".

886917

888930

FortiManager's ipsec templates remove the sdwan member and bgp neighbor attached to an ipsec interface. This causes the sdwan member to be removed even when it's used.
876040 Status of Certificates is displayed as "pending" under the System's Certificates.
879833 Adding a model device with variable to FortiManager displays an error message: "a[i].replace is not a function".

881148

SAML user - retrieve/refresh/install and device authorization fail from GUI post upgrade.

Workaround: Set rpc-permit to read-write for SSO user on SP FortiManager.

881308 The default value of the "router.static.vrf" leads to installation failure when attempting to install blackhole routes to FortiGates.
885454 After upgrading FortiManager, certificates for FGT 1100E's are missing from the Device Manager.
887903 System template interface table gets purged when trying to create vlan type with name length greater than 15.
888658 Editing DHCP Settings of a FortiGate interface displays the following error message: "You have no permission to access this device/vdom".
891216 Unable to edit/save interface with DHCP relay enabled.
891341 Installation fails due to the Copy failure error; system template created with some empty string values which are assigned to devices.

891967

When management VDOM is non-root and has been assigned to a different ADOM, FortiManager displays the error, "Can not access device global setting if management VDOM is not in current ADOM".

893592

Exporting the Device List to CSV and Excel file doesn't include the FortiAPs and FortiSwitches info.

894948 FortiManager fails to push the FortiAnalyzer override settings to the FortiGate.
896998 Unable to get access to the Certificates via Device Manager > DEVICE_NAME > VDOM_NAME > System.
897863 After deselecting the "allow-dns" feature under the application control list, the changes cannot be saved.
898814 FortiManager keeps changing the "cert-id-validation" value to its default value during the installation.

909867

FortiManager attempts to configure unsupported syntax for "sdwan health-check".

912833 Adding FortiGates with Open Authentication (OAuth) Method, Fortinet Security Fabric dialog box does not display the FortiManager's related info.

FortiSwitch Manager

Bug ID

Description

872802 FortiManager automatically sets "default" as dnsfilter-profile under dns-server for fortilink interface.
890205 Selecting multiple ports to "Edit" is not possible as it is greyed out.

Global ADOM

Bug ID

Description

826522

Unable to remove global object from Global Database in workspace mode.

Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs.

870944

Global Policy Assignment displays the following error (Double global assignment exists).

906058

Firewall address cannot be deleted from Global ADOM; it displays an error message indicating that the object is being used in ADOM root.

Others

Bug ID

Description

703585

FortiManager may return 'Connection aborted' error with JSON API request.

713714

The schedule for firmware upgrade for FGTs does not work if the upgrade request is issued from the CLI, instead firmware upgrade starts immediately.

Workaround: Use firmware upgrade templates in the GUI.

777831 When FortiAnalyzer is added as a managed device to FortiManager, Incident & Event Tile will be displayed instead of the FortiSoC.
802922 The application "newcli" process crashes when the "diagnose cdb upgrade check +all" command runs.
804987 License Status, under the FortiGuard tile, does not display the unregistered FortiGate's license.

814425

Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.

829046 After the upgrade, some of the metadata variables are missing.
832351 FortiManager does not allow users to enter to the root ADOM; it displays the "ADOM license was expired..." message.

838638

FortiGates are upgraded successfully via FortiManager's Group Firmware upgrade feature; however, the task monitor displays "Image upgrade failed" for some of the FortiGates.

851586 FortiManager displays "invalid scope" errors when running the "diagnose cdb check policy-packages" command.
869955 BGP Template route map option does not support Meta Variables.
871608 Unable to retrieve routing information from FortiGate via FortiManager when there is a large routing table.
873110 FortiManager displays "expired" instead of "not licensed" for non-purchased FortiGuard services.
875006 When clicking on the warning message, which indicates critical security vulnerabilities, a list of all types of security vulnerabilities is displayed.
883548 FMG/FAZ is forcing its users to upgrade the Firmware version upon login.
889917 During the upgrade process, a non-critical error message "Duplicate root nodes found in ADOM." has been observed. This error is harmless and does not impact the functionality of the FortiManager/FortiAnalyzer.
891869 FortiManager wrongly recommends lower version for upgrade the FortiGates.
895081 Some FGTs were unable to be upgraded from FMG due to firmware ID discrepancies between FMG and FortiGuard.
895982 Admin with a Super User profile is not able to create the Firmware Template when FortiManager is working in the Workflow mode.

899570

Unable to add the "FortiGateRugged-60F" FGT to the FortiManager.

899750 ADOM upgrade makes the Policy Packages status modified.
906533 Group options, when creating/editing the workflow approval group, displays wrong info.

919088

GUI may not work properly in Google Chrome and Microsoft Edge version 114.

Policy & Objects

Bug ID

Description

739489

It's not possible to enable NAT with Outgoing Interface Address by directly right-clicking on the NAT section of a firewall policy.

Workaround: Configure NAT by editing the firewall policy.

751443

FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface.

Please ensure a fresh FortiManager's backup is created prior to any changes.

774058 Rule list order may not be saved under File Filter Profile.
803460 "User Definitions" entries under the "User & Authentication" cannot be removed from FortiManager.
806378 Searching policies on FortiManager does not work properly.
821114 EMS ZTNA Tags in FortiManager and FortiGate are using different naming convention; therefore, installing the policies with those tags to FortiGates do not work.
824652 Under the "Advanced Options" for firewall policy, "session-ttl" feature cannot be set to "never".
827416 FortiManager does not display any copy failure errors when utilized objects do not have any default values or per-device mapping.
843716 FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server.
845022 SDN Connector failed to import objects from VMware VSphere.
846634 GUI does not allow to edit the custom Application and Filter Overrides.
862014 FortiManager is purging 'replacement message group custom' configuration after install verification fails.
866724 Copy Failed error has been observed with the error message "Virtual server limit reached!"; this limit is 50 for FGT AWS ONDEMAND.
867809 During installation, FortiManager unsets status for the proxy policies.
875547 Policy & Package cannot be imported, if the type of firewall address in FortiGate is "interface-subnet" and subnet's value is different with its value on FortiManager.
877477 Domain Name Threat Feeds are not available in DNS Filter > Remote Categories.
880359 FortiManager is purging 'replacement message group custom' configuration after install verification fails.
880431 Unable to define Exempt IP in IPS Sensor.
880575 When using the "reinstall policy" option to install to devices with different policy packages, the corresponding event log shows the same policy package pushed to all devices.
881634 When multiple VDOMs are selected for installation using the Re-install Policy feature, FortiManager only applies "re-install policy" for one VDOM from each devices.
881857 Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used.
882477 Error Message "Object already exists" is displayed when editing per device mapping for Address Group.
882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".
883527 Install Preview does not display any info during the installation when using device groups in PP Installation Targets.
885827 FortiManager does not save and keep the selected "collapse all" mode for the policy package.
885992 Duplicate section names are created for policy package when ViewMode interface pair View is selected.
886370 FortiManager does not sort by interface per view results correctly; the results are not displayed in alphabetical order.
887278 Installation failed due to the limit on max entery for "endpoint-control fctems".

888483

The "automation email" under the "Replacement Message Group" is blank.

889068

Unable to push policies when VDOMs are in different ADOMs.

889563

FortiManager, for ADOM version 6.4, does not support Creating, Importing, or Inserting Above and Below actions for a deny policy with a "Log Violation Traffic" disabled.

Workarounds:

  • To Insert, use copy & paste instead of the using Insert Above/Below.

  • To Create, either run script to create log disabled deny policy or enable log traffic first, and then edit the policy in order to disable and save it.

891832 The install preview for policy package being used by multiple FortiGates is taking some time to load.
891996 "Find and Replace" feature does not display the entries correctly and it does not allow any changes.
892293 Unable to Import Virtual Servers/VIPs in Central DNAT Mode.
894052 Unable to remove per-device mapping entry via GUI in dynamic address groups.

895979

FortiManager attempts setting the Zone as the interface for firewall policy during the installation.

896491 Installation fails with unclear error message: "vdom copy failed".
899339 FortiManager does not seek for confirmation when deleting an object from firewall policy.
911146 Under the Policy & Objects, GUI does not display the Address Object list.
912732 The installation fails when the IPS signature contains CVE references.
958206 Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server.

Script

Bug ID

Description

876917 "Capture Diff to a Script" does not work properly. It does not display the changes.

System Settings

Bug ID

Description

825319 FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary.
873078 FortiManagers HA cannot be configured as the initial sync never completes.
884168 FortiManager suggests wrong versions to upgrade FortiGates in order to resolve the PSIRT Vulnerability.
884396 The firmware upgrade notification on the FortiManager and FortiAnalyzer keeps appearing continuously after each login.
884848 FortiManager HA is not syncing after upgrade as the synchronization between the cluster units never completes.

888374

Admin user's ADOM setting cannot be synced to secondary when adom-access is set to specify.

894366 Any changes related to "lan" interface on FGT 40F, where the role is defined as "LAN", FortiManager tries installing firewall address "lan address" with type interface-subnet linked to interface "lan". The Install Verification fails for "lan address" as "entry not found in database".

VPN Manager

Bug ID

Description

784385

If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN manager.

Workaround:

It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to this workaround. Perform the following command to check & repair the FortiManager's configuration database:

diagnose cdb check policy-packages <adom>

After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.

798995 It's not possible to delete an SSL VPN portal profile from FortiManager GUI if the profile has been already installed.
857051 Installing a policy package with IPSec VPN to FortiGates fail with the following error: "TCL error (The remote gateway is a duplicate of another IPsec gateway entry)".
888272 Single entry of SSLVPN settings cannot be selected under VPN Manager.

894705

FortiManager's GUI becomes unresponsive after any changes on the Advanced SSL Profiles in VPN Manager.

Known Issues

Known Issues

The following issues have been identified in 7.2.2. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

881548

Unable to install successfully when creating a SSID using its default value.

884233 FortiManager may display FortiAP critical security vulnerability information even after FortiAPs have been upgraded. This could be because the FortiAP does not provide their patch numbers to the FortiGate, and therefore this information is not transferred to the FortiManager for proper vulnerability checking.

906930

FortiManager displays an error for Subnets overlap for a Bridge SSID.

910182

AP Manager doesn't load if admin profile permission is Read-Only.

Device Manager

Bug ID

Description

817346 Editing interface with normalized interface mapping displays some unnecessary messages for mapping change.

837213

Browser may crash when clicking "view diff" to compare with current device config. This might happen due to a slow network.

Workaround: Use "show diff only" from Revision History instead of checking it from "Out of Sync" devices list.

838462

Adding device using "Add Model HA Cluster" feature failed as FortiManager does not allow "virtual switch interfaces" being used as "heartbeat interfaces".

886917

888930

FortiManager's ipsec templates remove the sdwan member and bgp neighbor attached to an ipsec interface. This causes the sdwan member to be removed even when it's used.
876040 Status of Certificates is displayed as "pending" under the System's Certificates.
879833 Adding a model device with variable to FortiManager displays an error message: "a[i].replace is not a function".

881148

SAML user - retrieve/refresh/install and device authorization fail from GUI post upgrade.

Workaround: Set rpc-permit to read-write for SSO user on SP FortiManager.

881308 The default value of the "router.static.vrf" leads to installation failure when attempting to install blackhole routes to FortiGates.
885454 After upgrading FortiManager, certificates for FGT 1100E's are missing from the Device Manager.
887903 System template interface table gets purged when trying to create vlan type with name length greater than 15.
888658 Editing DHCP Settings of a FortiGate interface displays the following error message: "You have no permission to access this device/vdom".
891216 Unable to edit/save interface with DHCP relay enabled.
891341 Installation fails due to the Copy failure error; system template created with some empty string values which are assigned to devices.

891967

When management VDOM is non-root and has been assigned to a different ADOM, FortiManager displays the error, "Can not access device global setting if management VDOM is not in current ADOM".

893592

Exporting the Device List to CSV and Excel file doesn't include the FortiAPs and FortiSwitches info.

894948 FortiManager fails to push the FortiAnalyzer override settings to the FortiGate.
896998 Unable to get access to the Certificates via Device Manager > DEVICE_NAME > VDOM_NAME > System.
897863 After deselecting the "allow-dns" feature under the application control list, the changes cannot be saved.
898814 FortiManager keeps changing the "cert-id-validation" value to its default value during the installation.

909867

FortiManager attempts to configure unsupported syntax for "sdwan health-check".

912833 Adding FortiGates with Open Authentication (OAuth) Method, Fortinet Security Fabric dialog box does not display the FortiManager's related info.

FortiSwitch Manager

Bug ID

Description

872802 FortiManager automatically sets "default" as dnsfilter-profile under dns-server for fortilink interface.
890205 Selecting multiple ports to "Edit" is not possible as it is greyed out.

Global ADOM

Bug ID

Description

826522

Unable to remove global object from Global Database in workspace mode.

Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs.

870944

Global Policy Assignment displays the following error (Double global assignment exists).

906058

Firewall address cannot be deleted from Global ADOM; it displays an error message indicating that the object is being used in ADOM root.

Others

Bug ID

Description

703585

FortiManager may return 'Connection aborted' error with JSON API request.

713714

The schedule for firmware upgrade for FGTs does not work if the upgrade request is issued from the CLI, instead firmware upgrade starts immediately.

Workaround: Use firmware upgrade templates in the GUI.

777831 When FortiAnalyzer is added as a managed device to FortiManager, Incident & Event Tile will be displayed instead of the FortiSoC.
802922 The application "newcli" process crashes when the "diagnose cdb upgrade check +all" command runs.
804987 License Status, under the FortiGuard tile, does not display the unregistered FortiGate's license.

814425

Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.

829046 After the upgrade, some of the metadata variables are missing.
832351 FortiManager does not allow users to enter to the root ADOM; it displays the "ADOM license was expired..." message.

838638

FortiGates are upgraded successfully via FortiManager's Group Firmware upgrade feature; however, the task monitor displays "Image upgrade failed" for some of the FortiGates.

851586 FortiManager displays "invalid scope" errors when running the "diagnose cdb check policy-packages" command.
869955 BGP Template route map option does not support Meta Variables.
871608 Unable to retrieve routing information from FortiGate via FortiManager when there is a large routing table.
873110 FortiManager displays "expired" instead of "not licensed" for non-purchased FortiGuard services.
875006 When clicking on the warning message, which indicates critical security vulnerabilities, a list of all types of security vulnerabilities is displayed.
883548 FMG/FAZ is forcing its users to upgrade the Firmware version upon login.
889917 During the upgrade process, a non-critical error message "Duplicate root nodes found in ADOM." has been observed. This error is harmless and does not impact the functionality of the FortiManager/FortiAnalyzer.
891869 FortiManager wrongly recommends lower version for upgrade the FortiGates.
895081 Some FGTs were unable to be upgraded from FMG due to firmware ID discrepancies between FMG and FortiGuard.
895982 Admin with a Super User profile is not able to create the Firmware Template when FortiManager is working in the Workflow mode.

899570

Unable to add the "FortiGateRugged-60F" FGT to the FortiManager.

899750 ADOM upgrade makes the Policy Packages status modified.
906533 Group options, when creating/editing the workflow approval group, displays wrong info.

919088

GUI may not work properly in Google Chrome and Microsoft Edge version 114.

Policy & Objects

Bug ID

Description

739489

It's not possible to enable NAT with Outgoing Interface Address by directly right-clicking on the NAT section of a firewall policy.

Workaround: Configure NAT by editing the firewall policy.

751443

FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface.

Please ensure a fresh FortiManager's backup is created prior to any changes.

774058 Rule list order may not be saved under File Filter Profile.
803460 "User Definitions" entries under the "User & Authentication" cannot be removed from FortiManager.
806378 Searching policies on FortiManager does not work properly.
821114 EMS ZTNA Tags in FortiManager and FortiGate are using different naming convention; therefore, installing the policies with those tags to FortiGates do not work.
824652 Under the "Advanced Options" for firewall policy, "session-ttl" feature cannot be set to "never".
827416 FortiManager does not display any copy failure errors when utilized objects do not have any default values or per-device mapping.
843716 FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server.
845022 SDN Connector failed to import objects from VMware VSphere.
846634 GUI does not allow to edit the custom Application and Filter Overrides.
862014 FortiManager is purging 'replacement message group custom' configuration after install verification fails.
866724 Copy Failed error has been observed with the error message "Virtual server limit reached!"; this limit is 50 for FGT AWS ONDEMAND.
867809 During installation, FortiManager unsets status for the proxy policies.
875547 Policy & Package cannot be imported, if the type of firewall address in FortiGate is "interface-subnet" and subnet's value is different with its value on FortiManager.
877477 Domain Name Threat Feeds are not available in DNS Filter > Remote Categories.
880359 FortiManager is purging 'replacement message group custom' configuration after install verification fails.
880431 Unable to define Exempt IP in IPS Sensor.
880575 When using the "reinstall policy" option to install to devices with different policy packages, the corresponding event log shows the same policy package pushed to all devices.
881634 When multiple VDOMs are selected for installation using the Re-install Policy feature, FortiManager only applies "re-install policy" for one VDOM from each devices.
881857 Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used.
882477 Error Message "Object already exists" is displayed when editing per device mapping for Address Group.
882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".
883527 Install Preview does not display any info during the installation when using device groups in PP Installation Targets.
885827 FortiManager does not save and keep the selected "collapse all" mode for the policy package.
885992 Duplicate section names are created for policy package when ViewMode interface pair View is selected.
886370 FortiManager does not sort by interface per view results correctly; the results are not displayed in alphabetical order.
887278 Installation failed due to the limit on max entery for "endpoint-control fctems".

888483

The "automation email" under the "Replacement Message Group" is blank.

889068

Unable to push policies when VDOMs are in different ADOMs.

889563

FortiManager, for ADOM version 6.4, does not support Creating, Importing, or Inserting Above and Below actions for a deny policy with a "Log Violation Traffic" disabled.

Workarounds:

  • To Insert, use copy & paste instead of the using Insert Above/Below.

  • To Create, either run script to create log disabled deny policy or enable log traffic first, and then edit the policy in order to disable and save it.

891832 The install preview for policy package being used by multiple FortiGates is taking some time to load.
891996 "Find and Replace" feature does not display the entries correctly and it does not allow any changes.
892293 Unable to Import Virtual Servers/VIPs in Central DNAT Mode.
894052 Unable to remove per-device mapping entry via GUI in dynamic address groups.

895979

FortiManager attempts setting the Zone as the interface for firewall policy during the installation.

896491 Installation fails with unclear error message: "vdom copy failed".
899339 FortiManager does not seek for confirmation when deleting an object from firewall policy.
911146 Under the Policy & Objects, GUI does not display the Address Object list.
912732 The installation fails when the IPS signature contains CVE references.
958206 Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server.

Script

Bug ID

Description

876917 "Capture Diff to a Script" does not work properly. It does not display the changes.

System Settings

Bug ID

Description

825319 FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary.
873078 FortiManagers HA cannot be configured as the initial sync never completes.
884168 FortiManager suggests wrong versions to upgrade FortiGates in order to resolve the PSIRT Vulnerability.
884396 The firmware upgrade notification on the FortiManager and FortiAnalyzer keeps appearing continuously after each login.
884848 FortiManager HA is not syncing after upgrade as the synchronization between the cluster units never completes.

888374

Admin user's ADOM setting cannot be synced to secondary when adom-access is set to specify.

894366 Any changes related to "lan" interface on FGT 40F, where the role is defined as "LAN", FortiManager tries installing firewall address "lan address" with type interface-subnet linked to interface "lan". The Install Verification fails for "lan address" as "entry not found in database".

VPN Manager

Bug ID

Description

784385

If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN manager.

Workaround:

It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to this workaround. Perform the following command to check & repair the FortiManager's configuration database:

diagnose cdb check policy-packages <adom>

After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.

798995 It's not possible to delete an SSL VPN portal profile from FortiManager GUI if the profile has been already installed.
857051 Installing a policy package with IPSec VPN to FortiGates fail with the following error: "TCL error (The remote gateway is a duplicate of another IPsec gateway entry)".
888272 Single entry of SSLVPN settings cannot be selected under VPN Manager.

894705

FortiManager's GUI becomes unresponsive after any changes on the Advanced SSL Profiles in VPN Manager.