Known Issues
The following issues have been identified in 7.2.2. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.
AP Manager
Bug ID |
Description |
---|---|
881548 |
Unable to install successfully when creating a SSID using its default value. |
884233 | FortiManager may display FortiAP critical security vulnerability information even after FortiAPs have been upgraded. This could be because the FortiAP does not provide their patch numbers to the FortiGate, and therefore this information is not transferred to the FortiManager for proper vulnerability checking. |
906930 |
FortiManager displays an error for Subnets overlap for a Bridge SSID. |
910182 |
AP Manager doesn't load if admin profile permission is Read-Only. |
Device Manager
Bug ID |
Description |
---|---|
817346 | Editing interface with normalized interface mapping displays some unnecessary messages for mapping change. |
837213 |
Browser may crash when clicking "view diff" to compare with current device config. This might happen due to a slow network. Workaround: Use "show diff only" from Revision History instead of checking it from "Out of Sync" devices list. |
838462 |
Adding device using "Add Model HA Cluster" feature failed as FortiManager does not allow "virtual switch interfaces" being used as "heartbeat interfaces". |
886917 888930 |
FortiManager's ipsec templates remove the sdwan member and bgp neighbor attached to an ipsec interface. This causes the sdwan member to be removed even when it's used. |
876040 | Status of Certificates is displayed as "pending" under the System's Certificates. |
879833 | Adding a model device with variable to FortiManager displays an error message: "a[i].replace is not a function". |
881148 |
SAML user - retrieve/refresh/install and device authorization fail from GUI post upgrade. Workaround: Set |
881308 | The default value of the
"router.static.vrf " leads to installation failure when attempting
to install blackhole routes to FortiGates. |
885454 | After upgrading FortiManager, certificates for FGT 1100E's are missing from the Device Manager. |
887903 | System template interface table gets purged when trying to create vlan type with name length greater than 15. |
888658 | Editing DHCP Settings of a FortiGate interface displays the following error message: "You have no permission to access this device/vdom". |
891216 | Unable to edit/save interface with DHCP relay enabled. |
891341 | Installation fails due to the Copy failure error; system template created with some empty string values which are assigned to devices. |
891967 |
When management VDOM is non-root and has been assigned to a different ADOM, FortiManager displays the error, "Can not access device global setting if management VDOM is not in current ADOM". |
893592 |
Exporting the Device List to CSV and Excel file doesn't include the FortiAPs and FortiSwitches info. |
894948 | FortiManager fails to push the FortiAnalyzer override settings to the FortiGate. |
896998 | Unable to get access to the Certificates via Device Manager > DEVICE_NAME > VDOM_NAME > System. |
897863 | After deselecting the "allow-dns " feature under the application control list, the changes cannot be
saved. |
898814 | FortiManager keeps changing the
"cert-id-validation " value to its default value during the
installation. |
909867 |
FortiManager attempts to configure unsupported syntax for " |
912833 | Adding FortiGates with Open Authentication (OAuth) Method, Fortinet Security Fabric dialog box does not display the FortiManager's related info. |
FortiSwitch Manager
Bug ID |
Description |
---|---|
872802 | FortiManager automatically
sets "default " as dnsfilter-profile under dns-server for fortilink
interface. |
890205 | Selecting multiple ports to "Edit" is not possible as it is greyed out. |
Global ADOM
Bug ID |
Description |
---|---|
826522 |
Unable to remove global object from Global Database in workspace mode. Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs. |
870944 |
Global Policy Assignment displays the following error (Double global assignment exists). |
906058 |
Firewall address cannot be deleted from Global ADOM; it displays an error message indicating that the object is being used in ADOM root. |
Others
Bug ID |
Description |
---|---|
703585 |
FortiManager may return 'Connection aborted' error with JSON API request. |
713714 |
The schedule for firmware upgrade for FGTs does not work if the upgrade request is issued from the CLI, instead firmware upgrade starts immediately. Workaround: Use firmware upgrade templates in the GUI. |
777831 | When FortiAnalyzer is added as a managed device to FortiManager, Incident & Event Tile will be displayed instead of the FortiSoC. |
802922 | The application
"newcli " process crashes when the "diagnose cdb upgrade check
+all " command runs. |
804987 | License Status, under the FortiGuard tile, does not display the unregistered FortiGate's license. |
814425 |
Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly. |
829046 | After the upgrade, some of the metadata variables are missing. |
832351 | FortiManager does not allow users to enter to the root ADOM; it displays the "ADOM license was expired..." message. |
838638 |
FortiGates are upgraded successfully via FortiManager's Group Firmware upgrade feature; however, the task monitor displays "Image upgrade failed" for some of the FortiGates. |
851586 | FortiManager displays "invalid
scope" errors when running the "diagnose cdb check
policy-packages " command. |
869955 | BGP Template route map option does not support Meta Variables. |
871608 | Unable to retrieve routing information from FortiGate via FortiManager when there is a large routing table. |
873110 | FortiManager displays "expired" instead of "not licensed" for non-purchased FortiGuard services. |
875006 | When clicking on the warning message, which indicates critical security vulnerabilities, a list of all types of security vulnerabilities is displayed. |
883548 | FMG/FAZ is forcing its users to upgrade the Firmware version upon login. |
889917 | During the upgrade process, a non-critical error message "Duplicate root nodes found in ADOM." has been observed. This error is harmless and does not impact the functionality of the FortiManager/FortiAnalyzer. |
891869 | FortiManager wrongly recommends lower version for upgrade the FortiGates. |
895081 | Some FGTs were unable to be upgraded from FMG due to firmware ID discrepancies between FMG and FortiGuard. |
895982 | Admin with a Super User profile is not able to create the Firmware Template when FortiManager is working in the Workflow mode. |
899570 |
Unable to add the "FortiGateRugged-60F" FGT to the FortiManager. |
899750 | ADOM upgrade makes the Policy Packages status modified. |
906533 | Group options, when creating/editing the workflow approval group, displays wrong info. |
919088 |
GUI may not work properly in Google Chrome and Microsoft Edge version 114. |
Policy & Objects
Bug ID |
Description |
---|---|
739489 |
It's not possible to enable NAT with Outgoing Interface Address by directly right-clicking on the NAT section of a firewall policy. Workaround: Configure NAT by editing the firewall policy. |
751443 |
FortiManager displays policy installation copy failures error when ipsec template gets unassigned. Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface. Please ensure a fresh FortiManager's backup is created prior to any changes. |
774058 | Rule list order may not be saved under File Filter Profile. |
803460 | "User Definitions" entries under the "User & Authentication" cannot be removed from FortiManager. |
806378 | Searching policies on FortiManager does not work properly. |
821114 | EMS ZTNA Tags in FortiManager and FortiGate are using different naming convention; therefore, installing the policies with those tags to FortiGates do not work. |
824652 | Under the "Advanced
Options" for firewall policy, "session-ttl " feature cannot be
set to "never ". |
827416 | FortiManager does not display any copy failure errors when utilized objects do not have any default values or per-device mapping. |
843716 | FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server. |
845022 | SDN Connector failed to import objects from VMware VSphere. |
846634 | GUI does not allow to edit the custom Application and Filter Overrides. |
862014 | FortiManager is purging 'replacement message group custom' configuration after install verification fails. |
866724 | Copy Failed error has been observed with the error message "Virtual server limit reached!"; this limit is 50 for FGT AWS ONDEMAND. |
867809 | During installation, FortiManager unsets status for the proxy policies. |
875547 | Policy & Package cannot be
imported, if the type of firewall address in FortiGate is
"interface-subnet " and subnet's value is different with its value
on FortiManager. |
877477 | Domain Name Threat Feeds are not available in DNS Filter > Remote Categories. |
880359 | FortiManager is purging 'replacement message group custom' configuration after install verification fails. |
880431 | Unable to define Exempt IP in IPS Sensor. |
880575 | When using the "reinstall policy" option to install to devices with different policy packages, the corresponding event log shows the same policy package pushed to all devices. |
881634 | When multiple VDOMs are
selected for installation using the Re-install Policy feature, FortiManager only
applies "re-install policy " for one VDOM from each devices. |
881857 | Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used. |
882477 | Error Message "Object already exists" is displayed when editing per device mapping for Address Group. |
882996 | Unable to install to FortiGates when
using null values for "local-gw6 " and "remote-gw6 ". |
883527 | Install Preview does not display any info during the installation when using device groups in PP Installation Targets. |
885827 | FortiManager does not save and keep the selected "collapse all" mode for the policy package. |
885992 | Duplicate section names are created for policy package when ViewMode interface pair View is selected. |
886370 | FortiManager does not sort by interface per view results correctly; the results are not displayed in alphabetical order. |
887278 | Installation failed due to the
limit on max entery for "endpoint-control fctems ". |
888483 |
The "automation email" under the "Replacement Message Group" is blank. |
889068 |
Unable to push policies when VDOMs are in different ADOMs. |
889563 |
FortiManager, for ADOM version 6.4, does not support Creating, Importing, or Inserting Above and Below actions for a deny policy with a "Log Violation Traffic" disabled. Workarounds:
|
891832 | The install preview for policy package being used by multiple FortiGates is taking some time to load. |
891996 | "Find and Replace" feature does not display the entries correctly and it does not allow any changes. |
892293 | Unable to Import Virtual Servers/VIPs in Central DNAT Mode. |
894052 | Unable to remove per-device mapping entry via GUI in dynamic address groups. |
895979 |
FortiManager attempts setting the Zone as the interface for firewall policy during the installation. |
896491 | Installation fails with unclear error message: "vdom copy failed". |
899339 | FortiManager does not seek for confirmation when deleting an object from firewall policy. |
911146 | Under the Policy & Objects, GUI does not display the Address Object list. |
912732 | The installation fails when the IPS signature contains CVE references. |
958206 | Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server. |
Script
Bug ID |
Description |
---|---|
876917 | "Capture Diff to a Script" does not work properly. It does not display the changes. |
System Settings
Bug ID |
Description |
---|---|
825319 | FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary. |
873078 | FortiManagers HA cannot be configured as the initial sync never completes. |
884168 | FortiManager suggests wrong versions to upgrade FortiGates in order to resolve the PSIRT Vulnerability. |
884396 | The firmware upgrade notification on the FortiManager and FortiAnalyzer keeps appearing continuously after each login. |
884848 | FortiManager HA is not syncing after upgrade as the synchronization between the cluster units never completes. |
888374 |
Admin user's ADOM setting cannot be synced to secondary when |
894366 | Any changes related to "lan" interface on FGT 40F, where the role is defined as "LAN", FortiManager tries installing firewall address "lan address" with type interface-subnet linked to interface "lan". The Install Verification fails for "lan address" as "entry not found in database". |
VPN Manager
Bug ID |
Description |
---|---|
784385 |
If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN manager. Workaround: It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to this workaround. Perform the following command to check & repair the FortiManager's configuration database: diagnose cdb check policy-packages <adom> After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces. |
798995 | It's not possible to delete an SSL VPN portal profile from FortiManager GUI if the profile has been already installed. |
857051 | Installing a policy package with IPSec VPN to FortiGates fail with the following error: "TCL error (The remote gateway is a duplicate of another IPsec gateway entry)". |
888272 | Single entry of SSLVPN settings cannot be selected under VPN Manager. |
894705 |
FortiManager's GUI becomes unresponsive after any changes on the Advanced SSL Profiles in VPN Manager. |