Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiManager 7.2.3 Release Notes
    7.2.3
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3

    Known Issues

    Known Issues

    The following issues have been identified in 7.2.3. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

    AP Manager

    Bug ID

    Description
    865486

    The FortiManager's AP Manager permits the use of invalid channels with a 40MHz channel width.
    884233 FortiManager displays the AP critical security vulnerability info even after FortiAPs are being upgraded.
    892773 Assigning AP Profile returns invalid value.

    Device Manager

    Bug ID

    Description
    768289 There is a discrepancy in the usage of quotation marks ("") when configuring DHCP relay from FortiManager or retrieving it from FortiGate.
    831624 SD-WAN Monitor under the Monitors displays time frame as "invalid date - invalid date".

    895001

    The "gui-ztna" configuration is displayed as enabled on the FortiManager even though this setting is disabled on the FortiGate.
    896127 When attempting to create a VLAN type with a name longer than 15 characters, FortiManager displays an error message.
    896367 The geographic coordination config of FortiGates on Device Manager is being reset to 0,0 after a certain period of time.
    899350 Promote button is missing for FortiGate 80F Clusters.
    899541 An error message, "upgrade image failed", is shown even though the upgrade has been completed successfully.

    902908

    Managed FortiAnalyzer is not listed under System Template.
    905367 An error message, "upgrade image failed" is shown, even though the upgrade has been completed successfully.
    905869 Invalid default value for VRF ID is observed when creating static route.
    910391 When FortiManager operates in a non-default workspace mode, it may attempt to purge the configuration of the FortiGate devices due to database corruption.
    911535 Adding a Model device with MetaVariables changes the status of other devices which using the MetaVariables to Modified/unknown.
    915361 FortiWiFi devices are displayed in FortiManager under the Vulnerable devices as FortiAP.
    917969 FortiManager is unable to search static routes via its interface name.
    919613 When using a space character in "psksecret", the FortiManager is unable to install the "psksecret" and displays an error message.

    921094

    In 6.2 or 6.4 ADOMs, problems might occur when attempting to add or modify static routes.

    Workarounds:

    Please create a fresh backup of your FMG and FGT, and then try either of the following:

    1. Configure static routes directly on the FortiGate and retrieve routes from FortiGates to FortiManager. The configuration will not be lost during the next installation.

    2. Run Scripts (static routes config) as target: Remote FortiGate Directly (via CLI) to FGT and auto-retrieve by a script manager or a manual retrieve if auto-update is disabled.
    922543 FortiManager attempts to unset authentication mode in ospf settings.
    925546 Assigned Devices on Provisioning Template/CLI Template shows incorrect VDOM.
    925684 Only a maximum of 10 devices can be previewed before installation using "install preview".

    925854

    FortiManager fails to load the security fabric data for FortiGates (Versions 7.0.5+ & 7.2.5).
    931736 Adding a new cli template script into existing cli template group changes order of cli templates to alphabetical order.
    936544 When importing CLI Templates, GUI displays a blank page.
    950391 FortiManager attempts to unset the "peervd" parameter under the system "cluster-sync", resulting in installation failure.

    FortiSwitch Manager

    Bug ID

    Description
    881766 Event logs or task manager do not show which user authorized a FortiSwitch.
    947651 Per-device under the FortiSwitch Manager cannot edit FortiSwitch name and GUI returns error "invalid value".

    Global ADOM

    Bug ID

    Description
    894714 FortiManager does not allow creating/modification or removing the per-device mapping in global objects in assigned ADOM.
    925188 The per-device mapping for any assigned global objects cannot be modified.

    Others

    Bug ID

    Description
    703585 FortiManager may return 'Connection aborted' error with JSON API request.
    777831 When FortiAnalyzer is added as a managed device to FortiManager, "Incident & Event" tile will be displayed instead of the "FortiSoC".
    880465 TCP ports 8902 & 8903 are opened and in listening mode after the upgrade.
    885665 Unable to specify type of objects in FortiProxy ADOM.
    894947 FortiManager fails to trigger the event handler for its local events after enabling the FortiAnalyzer features.
    895982 Admin with a super user profile is not able to create the Firmware Template when FortiManager is working in the Workflow mode.
    900512

    FortiManager ADOM Upgrade fails with the error message: "Peer type cannot be peer when authentication method is pre-share key".
    910175 When provisioning the FortiExtender via CLI template, FortiManager displays the "mismatch interface" error message.
    914027 FortiManager does not display/use the latest ISDB version for all of its ADOMs.
    916463 The approval emails are not being sent to the "Email Notification" admins when a new session is created and submitted for approval.
    918129 FortiManager does not support the AWS Security Token Service in AWS SDN connector.
    919981 Installation fails to Azure FortiGate standalone as FortiManager attempts to set the peervd to "root".
    921273 Unable to upgrade ADOMs due to the XSS vulnerability characters check on wireless-controller.

    925778

    FortiGates are displayed Offline and Inactive on FortiWLM MEA.

    928163

    Unable to export packages under FortiGuard.
    930425 When downloading the install preview, the file name does not include the timestamp.

    Policy & Objects

    Bug ID

    Description
    751443

    FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

    Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface. Please ensure a fresh FortiManager backup is created prior to any changes.
    780058 FortiManager's GUI does not support the "src-vendor-mac" objects in Firewall policy.
    843716 FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server.
    845022 SDN Connector failed to import objects from VMware VSphere.
    855073

    The "where used" feature (under the Source & Destination objects) incorrectly displays "No Record Found" even when these objects are in use.

    Workaround:

    Run the following command:

    diagnose cdb upgrade force-retry add-missing-ref
    863819 Unable to delete unused objects.
    873358 Installation fails as FortiManager tries to set "cgn-client-startip" and "cgn-client-endip" settings when ippool object has been modified.
    880418 The default values of the Application Control Profile entries cannot be changed.
    883064 If any admin makes changes to "Object Selection Pane", either setting it to "Dock to Right", "Dock to Bottom" or "Classic Dual Pane", it will affect all other Admin's GUI preferences.
    889586 Azure Service Tags not displayed correctly in FortiManager.
    896461 FortiManager disables ip6-send-adv after opening and closing interface configuration.
    898883 Exported firewall policies do not contain firewall address values IP, netmask, and other details.
    902298 FortiManager does not generate error messages when invalid or obsolete application IDs are used in the policy. Instead, it allows installation and sets the category to "pass" or "monitor".
    912114 FortiManager is unable to import OpenStack SDN connector and the following error message is displayed: "send_sdn_connector_openstack_cmd: Failed to get openstack token".
    914945 Unable to modify or clone the "SSL/SSH inspection profile" in the Policy & Object on the ADOM 7.0 version.
    914981 In Policy & Objects, local policy is not displayed if view mode "Interface pair view" is selected.
    916459 The option "Allow Websites When a Rating Error Occurs" is not being saved correctly in the default web filter.

    919415

    Unable to "Edit" and "Delete" Installation Target after enable classic dual pane mode.
    919681 The incoming and outgoing interfaces are not loading after creating a custom policy package in a 7.2 FortiGate ADOM.
    920740 Unable to create a per-device mapping for a virtual server.
    922648 FortiManager unable to push WiFi SSID to FortiGates.
    924680 Policy packages containing geo-based ISDB objects may not be successfully installed to the FortiGates.
    925058 "Web URL Filter" entries are not visible in the Web Filter Profile.
    925076 FortiManager tries to install different preconnection-id under VPN SSL WEB Portal > Profile > Bookmark-Group > Gui-Bookmark > Book.
    939979 After editing authentication-rule/portal mapping, FortiManager installs unexpected changes to these rules.

    954399

    Cloning Webfilter profiles does not save the FortiGuard Category Based Filter action.
    958206 Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server.

    Revision History

    Bug ID

    Description
    904710 Restoring a revision of a policy removes the information of all the SD-WAN rules.

    Script

    Bug ID

    Description
    801614 FortiManager might display an error message, "Failed to create a new revision." for some FortiGates, when retrieving their configurations.
    913360 Device script is trying to add additional configuration; therefore, installation fails.
    923966 When FortiManager is operating in Workspace mode, there are no options to save changes after executing a CLI script.
    931196 Scheduled Scripts created by the ldap users cannot be run and FortiManager displays "Data is not ready" error message.

    1020938

    After the image upgrade, users may encounter a "Temporarily Unavailable" page message. This problem specifically occurs when special characters, like "$(...)", are used within a TCL script in an ADOM. The Meta variable parsing function incorrectly identifies these characters as meta variable delimiters.

    System Settings

    Bug ID

    Description
    861997 Unable to delete a particular non-default empty ADOM.
    890956 SAML SSO Authentication only works with the default local certs.

    VPN Manager

    Bug ID

    Description
    784385

    If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.

    Workaround: It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to the workaround. Perform the following command to check & repair the FortiManager's configuration database.

    diagnose cdb check policy-packages <adom>

    After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.
    847479 Despite being configured for 'SHA-256,' FortiManager is installing 'SHA-1' certificates on FortiGates.
    863424 The "Latest Patch Level" should be available with action "Check-up-to-date" under the SSL VPN Portal.

    923221

    Provision Template - IPsec Tunnel: cannot Activate IPsec_Fortinet_Recommended. GUI returns error.
    931564 In VPN Manager, ipsec vpn map, topology view, and traffic view does not display map normally.
    Previous
    Next

    Known Issues

    Known Issues

    The following issues have been identified in 7.2.3. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

    AP Manager

    Bug ID

    Description
    865486

    The FortiManager's AP Manager permits the use of invalid channels with a 40MHz channel width.
    884233 FortiManager displays the AP critical security vulnerability info even after FortiAPs are being upgraded.
    892773 Assigning AP Profile returns invalid value.

    Device Manager

    Bug ID

    Description
    768289 There is a discrepancy in the usage of quotation marks ("") when configuring DHCP relay from FortiManager or retrieving it from FortiGate.
    831624 SD-WAN Monitor under the Monitors displays time frame as "invalid date - invalid date".

    895001

    The "gui-ztna" configuration is displayed as enabled on the FortiManager even though this setting is disabled on the FortiGate.
    896127 When attempting to create a VLAN type with a name longer than 15 characters, FortiManager displays an error message.
    896367 The geographic coordination config of FortiGates on Device Manager is being reset to 0,0 after a certain period of time.
    899350 Promote button is missing for FortiGate 80F Clusters.
    899541 An error message, "upgrade image failed", is shown even though the upgrade has been completed successfully.

    902908

    Managed FortiAnalyzer is not listed under System Template.
    905367 An error message, "upgrade image failed" is shown, even though the upgrade has been completed successfully.
    905869 Invalid default value for VRF ID is observed when creating static route.
    910391 When FortiManager operates in a non-default workspace mode, it may attempt to purge the configuration of the FortiGate devices due to database corruption.
    911535 Adding a Model device with MetaVariables changes the status of other devices which using the MetaVariables to Modified/unknown.
    915361 FortiWiFi devices are displayed in FortiManager under the Vulnerable devices as FortiAP.
    917969 FortiManager is unable to search static routes via its interface name.
    919613 When using a space character in "psksecret", the FortiManager is unable to install the "psksecret" and displays an error message.

    921094

    In 6.2 or 6.4 ADOMs, problems might occur when attempting to add or modify static routes.

    Workarounds:

    Please create a fresh backup of your FMG and FGT, and then try either of the following:

    1. Configure static routes directly on the FortiGate and retrieve routes from FortiGates to FortiManager. The configuration will not be lost during the next installation.

    2. Run Scripts (static routes config) as target: Remote FortiGate Directly (via CLI) to FGT and auto-retrieve by a script manager or a manual retrieve if auto-update is disabled.
    922543 FortiManager attempts to unset authentication mode in ospf settings.
    925546 Assigned Devices on Provisioning Template/CLI Template shows incorrect VDOM.
    925684 Only a maximum of 10 devices can be previewed before installation using "install preview".

    925854

    FortiManager fails to load the security fabric data for FortiGates (Versions 7.0.5+ & 7.2.5).
    931736 Adding a new cli template script into existing cli template group changes order of cli templates to alphabetical order.
    936544 When importing CLI Templates, GUI displays a blank page.
    950391 FortiManager attempts to unset the "peervd" parameter under the system "cluster-sync", resulting in installation failure.

    FortiSwitch Manager

    Bug ID

    Description
    881766 Event logs or task manager do not show which user authorized a FortiSwitch.
    947651 Per-device under the FortiSwitch Manager cannot edit FortiSwitch name and GUI returns error "invalid value".

    Global ADOM

    Bug ID

    Description
    894714 FortiManager does not allow creating/modification or removing the per-device mapping in global objects in assigned ADOM.
    925188 The per-device mapping for any assigned global objects cannot be modified.

    Others

    Bug ID

    Description
    703585 FortiManager may return 'Connection aborted' error with JSON API request.
    777831 When FortiAnalyzer is added as a managed device to FortiManager, "Incident & Event" tile will be displayed instead of the "FortiSoC".
    880465 TCP ports 8902 & 8903 are opened and in listening mode after the upgrade.
    885665 Unable to specify type of objects in FortiProxy ADOM.
    894947 FortiManager fails to trigger the event handler for its local events after enabling the FortiAnalyzer features.
    895982 Admin with a super user profile is not able to create the Firmware Template when FortiManager is working in the Workflow mode.
    900512

    FortiManager ADOM Upgrade fails with the error message: "Peer type cannot be peer when authentication method is pre-share key".
    910175 When provisioning the FortiExtender via CLI template, FortiManager displays the "mismatch interface" error message.
    914027 FortiManager does not display/use the latest ISDB version for all of its ADOMs.
    916463 The approval emails are not being sent to the "Email Notification" admins when a new session is created and submitted for approval.
    918129 FortiManager does not support the AWS Security Token Service in AWS SDN connector.
    919981 Installation fails to Azure FortiGate standalone as FortiManager attempts to set the peervd to "root".
    921273 Unable to upgrade ADOMs due to the XSS vulnerability characters check on wireless-controller.

    925778

    FortiGates are displayed Offline and Inactive on FortiWLM MEA.

    928163

    Unable to export packages under FortiGuard.
    930425 When downloading the install preview, the file name does not include the timestamp.

    Policy & Objects

    Bug ID

    Description
    751443

    FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

    Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface. Please ensure a fresh FortiManager backup is created prior to any changes.
    780058 FortiManager's GUI does not support the "src-vendor-mac" objects in Firewall policy.
    843716 FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server.
    845022 SDN Connector failed to import objects from VMware VSphere.
    855073

    The "where used" feature (under the Source & Destination objects) incorrectly displays "No Record Found" even when these objects are in use.

    Workaround:

    Run the following command:

    diagnose cdb upgrade force-retry add-missing-ref
    863819 Unable to delete unused objects.
    873358 Installation fails as FortiManager tries to set "cgn-client-startip" and "cgn-client-endip" settings when ippool object has been modified.
    880418 The default values of the Application Control Profile entries cannot be changed.
    883064 If any admin makes changes to "Object Selection Pane", either setting it to "Dock to Right", "Dock to Bottom" or "Classic Dual Pane", it will affect all other Admin's GUI preferences.
    889586 Azure Service Tags not displayed correctly in FortiManager.
    896461 FortiManager disables ip6-send-adv after opening and closing interface configuration.
    898883 Exported firewall policies do not contain firewall address values IP, netmask, and other details.
    902298 FortiManager does not generate error messages when invalid or obsolete application IDs are used in the policy. Instead, it allows installation and sets the category to "pass" or "monitor".
    912114 FortiManager is unable to import OpenStack SDN connector and the following error message is displayed: "send_sdn_connector_openstack_cmd: Failed to get openstack token".
    914945 Unable to modify or clone the "SSL/SSH inspection profile" in the Policy & Object on the ADOM 7.0 version.
    914981 In Policy & Objects, local policy is not displayed if view mode "Interface pair view" is selected.
    916459 The option "Allow Websites When a Rating Error Occurs" is not being saved correctly in the default web filter.

    919415

    Unable to "Edit" and "Delete" Installation Target after enable classic dual pane mode.
    919681 The incoming and outgoing interfaces are not loading after creating a custom policy package in a 7.2 FortiGate ADOM.
    920740 Unable to create a per-device mapping for a virtual server.
    922648 FortiManager unable to push WiFi SSID to FortiGates.
    924680 Policy packages containing geo-based ISDB objects may not be successfully installed to the FortiGates.
    925058 "Web URL Filter" entries are not visible in the Web Filter Profile.
    925076 FortiManager tries to install different preconnection-id under VPN SSL WEB Portal > Profile > Bookmark-Group > Gui-Bookmark > Book.
    939979 After editing authentication-rule/portal mapping, FortiManager installs unexpected changes to these rules.

    954399

    Cloning Webfilter profiles does not save the FortiGuard Category Based Filter action.
    958206 Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server.

    Revision History

    Bug ID

    Description
    904710 Restoring a revision of a policy removes the information of all the SD-WAN rules.

    Script

    Bug ID

    Description
    801614 FortiManager might display an error message, "Failed to create a new revision." for some FortiGates, when retrieving their configurations.
    913360 Device script is trying to add additional configuration; therefore, installation fails.
    923966 When FortiManager is operating in Workspace mode, there are no options to save changes after executing a CLI script.
    931196 Scheduled Scripts created by the ldap users cannot be run and FortiManager displays "Data is not ready" error message.

    1020938

    After the image upgrade, users may encounter a "Temporarily Unavailable" page message. This problem specifically occurs when special characters, like "$(...)", are used within a TCL script in an ADOM. The Meta variable parsing function incorrectly identifies these characters as meta variable delimiters.

    System Settings

    Bug ID

    Description
    861997 Unable to delete a particular non-default empty ADOM.
    890956 SAML SSO Authentication only works with the default local certs.

    VPN Manager

    Bug ID

    Description
    784385

    If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.

    Workaround: It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to the workaround. Perform the following command to check & repair the FortiManager's configuration database.

    diagnose cdb check policy-packages <adom>

    After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.
    847479 Despite being configured for 'SHA-256,' FortiManager is installing 'SHA-1' certificates on FortiGates.
    863424 The "Latest Patch Level" should be available with action "Check-up-to-date" under the SSL VPN Portal.

    923221

    Provision Template - IPsec Tunnel: cannot Activate IPsec_Fortinet_Recommended. GUI returns error.
    931564 In VPN Manager, ipsec vpn map, topology view, and traffic view does not display map normally.
    Previous
    Next