Fortinet black logo

Version:

7.4.0
7.2.3
7.2.2

Version:

7.2.1
7.2.0
7.0.8

Version:

7.0.7
7.0.6
7.0.5

Version:

7.0.4
7.0.3
7.0.2

Version:

7.0.1
7.0.0
6.4.12

Version:

6.4.11
6.4.10
6.4.9

Version:

6.4.8
6.4.7
6.4.6

Version:

6.4.5
6.4.4
6.4.3

Version:

6.4.2
6.4.1
6.4.0

Version:

6.2.11
6.2.10
6.2.9

Version:

6.2.8
6.2.7
6.2.6

Version:

6.2.5
6.2.3
6.2.2

Version:

6.2.1
6.2.0
6.0.12

Version:

6.0.11
6.0.10
6.0.9

Version:

6.0.8
6.0.7
6.0.6

Version:

6.0.5
6.0.4
6.0.3

Version:

6.0.2
6.0.1
6.0.0

Version:

5.6.11
5.6.10
5.6.9

Version:

5.6.8
5.6.7
5.6.6

Version:

5.6.5
5.6.4
5.6.3

Version:

5.6.2
5.6.1
5.6.0

Version:

5.6.0
5.4.7
5.4.6

Version:

5.4.5
5.4.4
5.4.3

Version:

5.4.2
5.4.1
5.4.0

Version:

5.2.10
5.2.9
5.2.7

Version:

5.2.6
5.2.4
5.2.3

Version:

5.2.2
5.2.1
5.2.0

Version:

5.0.12
5.0.11
5.0.10

Version:

5.0.9
5.0.8
5.0.7

Version:

5.0.6
5.0.5
5.0.4

Version:

5.0.3

Table of Contents

Release Notes

7.2.2
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
Download PDF
Copy Link

Known Issues

The following issues have been identified in 7.2.2. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description
861941 FortiManager attempts to install "arrp-profile" even if "darrp" is disabled.

881548

Unable to install successfully when creating a SSID using its default value.
884233 FortiManager displays the AP critical security vulnerability info even after FortiAPs are being upgraded.

889811

Under WIFI and switch controller for Managed FortiAPs, there is not any LLDP info found.

Device Manager

Bug ID

Description
817346 Editing interface with normalized interface mapping displays some unnecessary messages for mapping change.

837213

Browser may crash when clicking "view diff" to compare with current device config. This might happen due to a slow network.

Workaround: Use "show diff only" from Revision History instead of checking it from "Out of Sync" devices list.
876040 Status of Certificates is displayed as "pending" under the System's Certificates.
879833 Adding a model device with variable to FortiManager displays an error message: "a[i].replace is not a function".

881148

SAML user - retrieve/refresh/install and device authorization fail from GUI after upgrading FortiManager to 7.2.2.

Workaround: Set rpc-permit to read-write for SSO user on SP FortiManager.
881308 The default value of the "router.static.vrf" leads to installation failure when attempting to install blackhole routes to FortiGates.
885454 After upgrading FortiManager, certificates for FGT 1100E's are missing from the Device Manager.

886917

888930

 FortiManager's ipsec templates remove the sdwan member and bgp neighbor attached to an ipsec interface. This causes the sdwan member to be removed even when it's used.
888658 Editing DHCP Settings of a FortiGate interface displays the following error message: "You have no permission to access this device/vdom".
889566 "View Config" in Device Manager > Revision History does not display full configuration of the managed device.
891216 Unable to edit/save interface with DHCP relay enabled.
891341 Installation fails due to the Copy failure error; system template created with some empty string values which are assigned to devices.

891967

When management VDOM is non-root and has been assigned to a different ADOM, FortiManager displays the error, "Can not access device global setting if management VDOM is not in current ADOM".

893592

Exporting the Device List to CSV and Excel file doesn't include the FortiAPs and FortiSwitches info.
896998 Unable to get access to the Certificates via Device Manager > DEVICE_NAME > VDOM_NAME > System.
897863 After deselecting the "allow-dns" feature under the application control list, the changes cannot be saved.
899903 FortiManager GUI does not list all NTP interfaces.
912833 Adding FortiGates with Open Authentication (OAuth) Method, Fortinet Security Fabric dialog box does not display the FortiManager's related info.

FortiSwitch Manager

Bug ID

Description
872802 FortiManager automatically sets "default" as dnsfilter-profile under dns-server for fortilink interface.
890205 Selecting multiple ports to "Edit" is not possible as it is greyed out.

Global ADOM

Bug ID

Description
826522

Unable to remove global object from Global Database in workspace mode.

Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs.

Others

Bug ID

Description

703585

FortiManager may return 'Connection aborted' error with JSON API request.

713714

The schedule for firmware upgrade for FGTs does not work if the upgrade request is issued from the CLI, instead firmware upgrade starts immediately.

Workaround: Use firmware upgrade templates in the GUI.
777831 When FortiAnalyzer is added as a managed device to FortiManager, Incident & Event Tile will be displayed instead of the FortiSoC.
802922 The application "newcli" process crashes when the "diagnose cdb upgrade check +all" command runs.

814425

Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.
829046 After the upgrade, some of the metadata variables are missing.

838638

FortiGates are upgraded successfully via FortiManager's Group Firmware upgrade feature; however, the task monitor displays "Image upgrade failed" for some of the FortiGates.
851586 FortiManager displays "invalid scope" errors when running the "diagnose cdb check policy-packages" command.
869955 BGP Template route map option does not support Meta Variables.
871608 Unable to retrieve routing information from FortiGate via FortiManager when there is a large routing table.
875006 When clicking on the warning message, which indicates critical security vulnerabilities, a list of all types of security vulnerabilities is displayed.
883548 FMG/FAZ is forcing its users to upgrade the Firmware version upon login.
891869 FortiManager wrongly recommends lower version for upgrade the FortiGates.
895982 Admin with a Super User profile is not able to create the Firmware Template when FortiManager is working in the Workflow mode.

899570

Unable to add the "FortiGateRugged-60F" FGT to the FortiManager.
899750 ADOM upgrade makes the Policy Packages status modified.
906533 Group options, when creating/editing the workflow approval group, displays wrong info.

919088

GUI may not work properly in Google Chrome and Microsoft Edge version 114.

Policy & Objects

Bug ID

Description
739489

It's not possible to enable NAT with Outgoing Interface Address by directly right-clicking on the NAT section of a firewall policy.

Workaround: Configure NAT by editing the firewall policy.
751443

FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface.

Please ensure a fresh FortiManager's backup is created prior to any changes.
774058 Rule list order may not be saved under File Filter Profile.
803460 "User Definitions" entries under the "User & Authentication" cannot be removed from FortiManager.
821114 EMS ZTNA Tags in FortiManager and FortiGate are using different naming convention; therefore, installing the policies with those tags to FortiGates do not work.
827416 FortiManager does not display any copy failure errors when utilized objects do not have any default values or per-device mapping.
845022 SDN Connector failed to import objects from VMware VSphere.
846634 GUI does not allow to edit the custom Application and Filter Overrides.
862014 FortiManager is purging 'replacement message group custom' configuration after install verification fails.
866724 Copy Failed error has been observed with the error message "Virtual server limit reached!"; this limit is 50 for FGT AWS ONDEMAND.
867809 During installation, FortiManager unsets status for the proxy policies.
875547 Policy & Package cannot be imported, if the type of firewall address in FortiGate is "interface-subnet" and subnet's value is different with its value on FortiManager.
877477 Domain Name Threat Feeds are not available in DNS Filter > Remote Categories.
880359 FortiManager is purging 'replacement message group custom' configuration after install verification fails.
880431 Unable to define Exempt IP in IPS Sensor.
880575 When using the "reinstall policy" option to install to devices with different policy packages, the corresponding event log shows the same policy package pushed to all devices.
881634 When multiple VDOMs are selected for installation using the Re-install Policy feature, FortiManager only applies "re-install policy" for one VDOM from each devices.
881857 Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used.
882477 Error Message "Object already exists" is displayed when editing per device mapping for Address Group.
882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".
883527 Install Preview does not display any info during the installation when using device groups in PP Installation Targets.
885827 FortiManager does not save and keep the selected "collapse all" mode for the policy package.
885992 Duplicate section names are created for policy package when ViewMode interface pair View is selected.
886370 FortiManager does not sort by interface per view results correctly; the results are not displayed in alphabetical order.
886911 FortiManager is attempting to modify replacement messages after upgrade, and this leads to installation failure.
887278 Installation failed due to the limit on max entery for "endpoint-control fctems".

889563

FortiManager, for ADOM version 6.4, does not support Creating, Importing, or Inserting Above and Below actions for a deny policy with a "Log Violation Traffic" disabled.

Workarounds:

  • To Insert, use copy & paste instead of the using Insert Above/Below.

  • To Create, either run script to create log disabled deny policy or enable log traffic first, and then edit the policy in order to disable and save it.
891832 The install preview for policy package being used by multiple FortiGates is taking some time to load.
891996 "Find and Replace" feature does not display the entries correctly and it does not allow any changes.

895979

FortiManager attempts setting the Zone as the interface for firewall policy during the installation.
899339 FortiManager does not seek for confirmation when deleting an object from firewall policy.

889068

Unable to push policies when VDOMs are in different ADOMs.

Script

Bug ID

Description
876917 "Capture Diff to a Script" does not work properly. It does not display the changes.

System Settings

Bug ID

Description
825319 FortiManager fails to promote a FortiGate HA Slave member to the Primary.
873078 FortiManagers HA cannot be configured as the initial sync never completes.
884168 FortiManager suggests wrong versions to upgrade FortiGates in order to resolve the PSIRT Vulnerability.
884396 The firmware upgrade notification on the FortiManager and FortiAnalyzer keeps appearing continuously after each login.
884848 FortiManager HA is not syncing after upgrade as the synchronization between the cluster units never completes.

888374

Admin user's ADOM setting cannot be synced to secondary when adom-access is set to specify.
894366 Any changes related to "lan" interface on FGT 40F, where the role is defined as "LAN", FortiManager tries installing firewall address "lan address" with type interface-subnet linked to interface "lan". The Install Verification fails for "lan address" as "entry not found in database".

VPN Manager

Bug ID

Description
784385

If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN manager.

Workaround:

It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to this workaround. Perform the following command to check & repair the FortiManager's configuration database:

diagnose cdb check policy-packages <adom>

After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.
798995 It's not possible to delete an SSL VPN portal profile from FortiManager GUI if the profile has been already installed.
857051 Installing a policy package with IPSec VPN to FortiGates fail with the following error: "TCL error (The remote gateway is a duplicate of another IPsec gateway entry)".
888272 Single entry of SSLVPN settings cannot be selected under VPN Manager.
Previous
Next

Known Issues

The following issues have been identified in 7.2.2. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description
861941 FortiManager attempts to install "arrp-profile" even if "darrp" is disabled.

881548

Unable to install successfully when creating a SSID using its default value.
884233 FortiManager displays the AP critical security vulnerability info even after FortiAPs are being upgraded.

889811

Under WIFI and switch controller for Managed FortiAPs, there is not any LLDP info found.

Device Manager

Bug ID

Description
817346 Editing interface with normalized interface mapping displays some unnecessary messages for mapping change.

837213

Browser may crash when clicking "view diff" to compare with current device config. This might happen due to a slow network.

Workaround: Use "show diff only" from Revision History instead of checking it from "Out of Sync" devices list.
876040 Status of Certificates is displayed as "pending" under the System's Certificates.
879833 Adding a model device with variable to FortiManager displays an error message: "a[i].replace is not a function".

881148

SAML user - retrieve/refresh/install and device authorization fail from GUI after upgrading FortiManager to 7.2.2.

Workaround: Set rpc-permit to read-write for SSO user on SP FortiManager.
881308 The default value of the "router.static.vrf" leads to installation failure when attempting to install blackhole routes to FortiGates.
885454 After upgrading FortiManager, certificates for FGT 1100E's are missing from the Device Manager.

886917

888930

 FortiManager's ipsec templates remove the sdwan member and bgp neighbor attached to an ipsec interface. This causes the sdwan member to be removed even when it's used.
888658 Editing DHCP Settings of a FortiGate interface displays the following error message: "You have no permission to access this device/vdom".
889566 "View Config" in Device Manager > Revision History does not display full configuration of the managed device.
891216 Unable to edit/save interface with DHCP relay enabled.
891341 Installation fails due to the Copy failure error; system template created with some empty string values which are assigned to devices.

891967

When management VDOM is non-root and has been assigned to a different ADOM, FortiManager displays the error, "Can not access device global setting if management VDOM is not in current ADOM".

893592

Exporting the Device List to CSV and Excel file doesn't include the FortiAPs and FortiSwitches info.
896998 Unable to get access to the Certificates via Device Manager > DEVICE_NAME > VDOM_NAME > System.
897863 After deselecting the "allow-dns" feature under the application control list, the changes cannot be saved.
899903 FortiManager GUI does not list all NTP interfaces.
912833 Adding FortiGates with Open Authentication (OAuth) Method, Fortinet Security Fabric dialog box does not display the FortiManager's related info.

FortiSwitch Manager

Bug ID

Description
872802 FortiManager automatically sets "default" as dnsfilter-profile under dns-server for fortilink interface.
890205 Selecting multiple ports to "Edit" is not possible as it is greyed out.

Global ADOM

Bug ID

Description
826522

Unable to remove global object from Global Database in workspace mode.

Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs.

Others

Bug ID

Description

703585

FortiManager may return 'Connection aborted' error with JSON API request.

713714

The schedule for firmware upgrade for FGTs does not work if the upgrade request is issued from the CLI, instead firmware upgrade starts immediately.

Workaround: Use firmware upgrade templates in the GUI.
777831 When FortiAnalyzer is added as a managed device to FortiManager, Incident & Event Tile will be displayed instead of the FortiSoC.
802922 The application "newcli" process crashes when the "diagnose cdb upgrade check +all" command runs.

814425

Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.
829046 After the upgrade, some of the metadata variables are missing.

838638

FortiGates are upgraded successfully via FortiManager's Group Firmware upgrade feature; however, the task monitor displays "Image upgrade failed" for some of the FortiGates.
851586 FortiManager displays "invalid scope" errors when running the "diagnose cdb check policy-packages" command.
869955 BGP Template route map option does not support Meta Variables.
871608 Unable to retrieve routing information from FortiGate via FortiManager when there is a large routing table.
875006 When clicking on the warning message, which indicates critical security vulnerabilities, a list of all types of security vulnerabilities is displayed.
883548 FMG/FAZ is forcing its users to upgrade the Firmware version upon login.
891869 FortiManager wrongly recommends lower version for upgrade the FortiGates.
895982 Admin with a Super User profile is not able to create the Firmware Template when FortiManager is working in the Workflow mode.

899570

Unable to add the "FortiGateRugged-60F" FGT to the FortiManager.
899750 ADOM upgrade makes the Policy Packages status modified.
906533 Group options, when creating/editing the workflow approval group, displays wrong info.

919088

GUI may not work properly in Google Chrome and Microsoft Edge version 114.

Policy & Objects

Bug ID

Description
739489

It's not possible to enable NAT with Outgoing Interface Address by directly right-clicking on the NAT section of a firewall policy.

Workaround: Configure NAT by editing the firewall policy.
751443

FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface.

Please ensure a fresh FortiManager's backup is created prior to any changes.
774058 Rule list order may not be saved under File Filter Profile.
803460 "User Definitions" entries under the "User & Authentication" cannot be removed from FortiManager.
821114 EMS ZTNA Tags in FortiManager and FortiGate are using different naming convention; therefore, installing the policies with those tags to FortiGates do not work.
827416 FortiManager does not display any copy failure errors when utilized objects do not have any default values or per-device mapping.
845022 SDN Connector failed to import objects from VMware VSphere.
846634 GUI does not allow to edit the custom Application and Filter Overrides.
862014 FortiManager is purging 'replacement message group custom' configuration after install verification fails.
866724 Copy Failed error has been observed with the error message "Virtual server limit reached!"; this limit is 50 for FGT AWS ONDEMAND.
867809 During installation, FortiManager unsets status for the proxy policies.
875547 Policy & Package cannot be imported, if the type of firewall address in FortiGate is "interface-subnet" and subnet's value is different with its value on FortiManager.
877477 Domain Name Threat Feeds are not available in DNS Filter > Remote Categories.
880359 FortiManager is purging 'replacement message group custom' configuration after install verification fails.
880431 Unable to define Exempt IP in IPS Sensor.
880575 When using the "reinstall policy" option to install to devices with different policy packages, the corresponding event log shows the same policy package pushed to all devices.
881634 When multiple VDOMs are selected for installation using the Re-install Policy feature, FortiManager only applies "re-install policy" for one VDOM from each devices.
881857 Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used.
882477 Error Message "Object already exists" is displayed when editing per device mapping for Address Group.
882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".
883527 Install Preview does not display any info during the installation when using device groups in PP Installation Targets.
885827 FortiManager does not save and keep the selected "collapse all" mode for the policy package.
885992 Duplicate section names are created for policy package when ViewMode interface pair View is selected.
886370 FortiManager does not sort by interface per view results correctly; the results are not displayed in alphabetical order.
886911 FortiManager is attempting to modify replacement messages after upgrade, and this leads to installation failure.
887278 Installation failed due to the limit on max entery for "endpoint-control fctems".

889563

FortiManager, for ADOM version 6.4, does not support Creating, Importing, or Inserting Above and Below actions for a deny policy with a "Log Violation Traffic" disabled.

Workarounds:

  • To Insert, use copy & paste instead of the using Insert Above/Below.

  • To Create, either run script to create log disabled deny policy or enable log traffic first, and then edit the policy in order to disable and save it.
891832 The install preview for policy package being used by multiple FortiGates is taking some time to load.
891996 "Find and Replace" feature does not display the entries correctly and it does not allow any changes.

895979

FortiManager attempts setting the Zone as the interface for firewall policy during the installation.
899339 FortiManager does not seek for confirmation when deleting an object from firewall policy.

889068

Unable to push policies when VDOMs are in different ADOMs.

Script

Bug ID

Description
876917 "Capture Diff to a Script" does not work properly. It does not display the changes.

System Settings

Bug ID

Description
825319 FortiManager fails to promote a FortiGate HA Slave member to the Primary.
873078 FortiManagers HA cannot be configured as the initial sync never completes.
884168 FortiManager suggests wrong versions to upgrade FortiGates in order to resolve the PSIRT Vulnerability.
884396 The firmware upgrade notification on the FortiManager and FortiAnalyzer keeps appearing continuously after each login.
884848 FortiManager HA is not syncing after upgrade as the synchronization between the cluster units never completes.

888374

Admin user's ADOM setting cannot be synced to secondary when adom-access is set to specify.
894366 Any changes related to "lan" interface on FGT 40F, where the role is defined as "LAN", FortiManager tries installing firewall address "lan address" with type interface-subnet linked to interface "lan". The Install Verification fails for "lan address" as "entry not found in database".

VPN Manager

Bug ID

Description
784385

If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN manager.

Workaround:

It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to this workaround. Perform the following command to check & repair the FortiManager's configuration database:

diagnose cdb check policy-packages <adom>

After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.
798995 It's not possible to delete an SSL VPN portal profile from FortiManager GUI if the profile has been already installed.
857051 Installing a policy package with IPSec VPN to FortiGates fail with the following error: "TCL error (The remote gateway is a duplicate of another IPsec gateway entry)".
888272 Single entry of SSLVPN settings cannot be selected under VPN Manager.
Previous
Next