Known Issues
The following issues have been identified in 7.2.4. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.
AP Manager
|
Bug ID |
Description |
|---|---|
| 884233 | FortiManager displays the AP critical security vulnerability info even after FortiAPs are being upgraded. |
|
906061 |
It takes a significant amount of time to assign a profile to each FortiAPs. |
|
982548 |
FortiGate configuration install may fail with a reason, "Need to unset channel list in radio-1 first." |
| 987111 | Unable to save the SSID configuration changes under the AP Manager. |
| 1002043 | AP Manager view does not show SSIDs and Radio Channels. |
Device Manager
|
Bug ID |
Description |
|---|---|
| 723720 | 'strong-crypto' feature change under the CLI configuration cannot be installed to Fortigate. |
| 751612 | After upgrading to 7.2.4 version, Read/Write Access level profile for SD-WAN and provisioning template is not properly set. |
|
811104 |
Import policy package fails after installing web-proxy through CLI configurations. |
| 880934 | FortiManager reverts Syslog mode settings on local FortiGates (when FortiGates are in FIPS mode). |
| 894948 | FortiManager fails to push the FortiAnalyzer override settings to the FortiGate. |
| 902577 | The status of the FortiLink split-interface radio button under FortiManager's Device Manager does not match the configuration in FortiGates. |
| 920394 | Installation failed due to the incorrect install order during ZTP. |
| 923808 | Even with the "set
dhcp-relay-request-all-server enable" option enabled, FortiManager does not keep
the DHCP server & relay configurations on the same interface. |
| 935586 | When managed devices go down/appear offline, not all fgfm tunnels are automatically recovered by FortiManager. |
| 936168 | Unable to assign Device Group to the Firmware Template. |
| 939804 |
Creating/Modifying the IPSEC
Phase1 Interface Mode might trigger the following error message: "The
string contains XSS vulnerability characters." This ONLY occurs when
Workaround:
Manually removing the value |
| 939921 | The firmware upgrade in ADOM mode backup is not allowed. |
| 949546 | When zones have identical names except for case, only 1 of the zones may be visible in Device Manager. |
| 950391 | FortiManager attempts to unset the
"peervd" parameter under the system "cluster-sync",
resulting in installation failure. |
| 952404 | FortiManager cannot install the Static Route config under the Provisioning Template due to a static route template error after upgrading to FortiManager 7.2.4/7.4.1. |
|
956567 |
Not able to edit/delete Logging Devices Group. |
| 956920 | Monitor Health Check graphs return incomplete or no value. |
|
960315 |
Unable to create/edit "ssh-public-key1" with "sh-ed25519" for admin users from FortiManager's Device Manager; it displays an "invalid value" error message. |
| 960315 | Unable to create/edit
"ssh-public-key1" with "sh-ed25519" for admin users from
FortiManager's Device Manager; it displays an
"invalid value" error message. |
| 961447 |
After upgrading FortiManager (VMs & FortiManager Cloud) to versions 7.2.4 or 7.4.1, devices may not be able to be retrieved or refreshed. Workarounds: A) Reduce the license use (delete one device). B) Request/purchase a license upgrade. C) On the already managed FortiGates that need to be retrieved, run: diag fdsm cfg-upload <comment> D) When adding a new FortiGate to the last license seat, it will initially fail on the retrieve step, but the device is added to DVM. Within about 120 seconds, an auto-retrieve is triggered and the first revision of the new device is created normally. |
|
966118 |
FortiManager tries to purge all entries under table "system global split-port-mode" for its System template. |
| 967611 | Device Manager interface link status is blank for various Interface type (Tunnel, Aggregate, VDOM Link, Software Switch). |
| 969542 | Sometimes IPsec Tunnel Template displays "Response with errors" message when editing the template. |
| 969698 | FortiManager allows the creation of an empty service value for Internet Service routes. |
| 973064 | Installation to FortiGate with NP7
Acceleration feature enabled might fail when FortiManager attempted to modify the QoS
settings. Changing the "default-qos-type" to values other than its default
may result in a FortiGate reboot (FOS Behavior). |
| 975310 | Unable to unset interface IP for a VLAN interface in Device Manager. |
| 981031 | Device Inventory widget shows wrong date for "last seen". |
|
984868 |
Device Manager page turns blank after right-clicking on a device. |
| 986466 | When modifying the BGP template with a new route map rule, a failure error message may be displayed. |
| 988964 | FortiManager tries to push switch-controller command to devices that do not have this command. |
| 1000686 | HA autolink failure occurs when LAN interfaces do not exist. |
| 1006838 | "Admin User" settings get modified if username is more than 37 characters. |
| 1009883 |
Unable to set the Radius-Server addresses as FQDN. Workaround: Run the script directly on the FortiGate and then retrieve config back to the FortiManager. |
FortiSwitch Manager
|
Bug ID |
Description |
|---|---|
| 940419 | When adding FortiSwitch on FortiManager, the error message, "Import error - invalid port number" is displayed. |
|
967213 |
While attempting to deploy a FortiSwitch template to a model device, FortiManager generates the following error message: "VLAN interface does not match FortiLink." |
Others
|
Bug ID |
Description |
|---|---|
| 583349 | FortiManager does not provide support for image upgrades on "ONDEMAND" devices. |
| 703585 | FortiManager may return 'Connection aborted' error with JSON API request. |
| 777831 | When FortiAnalyzer is added as a managed device to FortiManager, "Incident & Events" tile will be displayed instead of "FortiSoC". |
| 796858 | Subject Key Identifier extension is missing on FortiManager ADOM CA certificate. |
|
862651 |
Even after enabling all MEAs, the warning to enable the application is displayed. |
| 875584 |
FortiManager cannot upgrade ADOMs to 7.2 due to the following error: "copy system replacemsg spam.smtp-spam-emailblock". Workaround:
Delete replacement message " |
| 922957 | The "fmgd" process may crash while loading the ADOM when multiple Policy Packages are locked. |
|
924201 |
Jinja templates do not identify new variables automatically when a new variable is added. |
| 930305 | Firmware template upgrade preview shows incorrect versions for the upgrade. |
| 935430 | When FortiAnalyzer is managed by FortiManager and FortiManager's local logs are being sent to FortiAnalyzer, installing PP to FortiGates may display the following message: "Confirm Deletion FortiManager is going to sync the following device deletion to FortiAnalyzer,...". |
| 941203 | FortiManager does not support the use of Certificate Templates to create certificates with a "range=global" setting for FortiGates operating in multi-vdom mode. |
| 949994 | When the FortiAnalyzer feature is activated on the FortiManager, attempting to download FortiGate logs/log files from the FortiManager results in an error message. |
| 954564 | FortiManager attempts to change FortiExtender serial number and returns an installation error. |
| 956335 | Unable to upgrade root ADOM from v6.4 to v7.0 with "med-location-service" object error |
| 957433 | When creating the FortiManager/FortiAnalyzer docker instances, UUID is missing under the "diagnose debug
vminfo". |
| 961155 |
Event Logs cannot be downloaded via GUI. Workaround: To export the local event logs, you may use the following command: diagnose system export umlog ftp locallog <(s)ftp server> <username> <password> <directory(/folder)> <filename(elogs-fmg.tgz)> |
|
961249 |
Significant CPU utilization has been detected in the miglogd process upon enabling the locallog FortiAnalyzer feature. |
| 963490 | Installation fails as FortiManager attempts to "set role primary" feature for the "lan-extension backhaul" under the "extender-controller". |
| 963744 | FortiManager's HA status becomes
unsynchronized when the "private-data-encryption" feature is
enabled. |
| 971122 | FortiManager does not support all authentication types that are supported by FortiOS, leading to a certificate error in the FortiClient EMS connector. |
| 976448 | Unable to login FortiManager Cloud. |
| 982564 | When upgrading the root ADOM, the process might fail with the following error message: "...The string contains XSS vulnerability characters...". |
| 991052 | FortiManager AWS is not able to form GeoRedundant Cluster as VRRP HA fails to sync. |
Policy & Objects
|
Bug ID |
Description |
|---|---|
| 630648 | A FortiManager instance running on Microsoft Azure is unable to import the SDN connector for a dynamic firewall address and is displaying an error message stating "wrong input parameter." |
| 751443 |
FortiManager displays policy installation copy failures error when ipsec template gets unassigned. Workaround: Ensure a fresh FMG's backup is created prior to any changes. Instead of unassigning IPSec template, modify IPSec template and replace the reference to IPSec tunnel interface with another interface. |
| 843716 | FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server |
| 845022 | SDN Connector failed to import objects from VMware VSphere. |
| 854359 | An installation error occurs
when FortiManager attempts to install wildcard FQDN addresses 'mzstatic-apple' and
'cdn-apple' within the 'custom-deep-inspection' SSL-SSH profile. |
| 855073 |
The "where used" feature (under the Source & Destination objects) incorrectly displays "No Record Found" even when these objects are in use. Workaround: Run the following command: diagnose cdb upgrade force-retry add-missing-ref |
| 875103 | Local categories gets purged if used in Profile Mode Security Profiles. |
| 888798 | Changing deep inspection
ssl-ssh-profile to "inspect all ports" may cause installation
error. |
| 899226 | Unable to create Central SNAT explicit port translations on FortiManager. |
| 900229 | In policy-based policy packaged, application IDs are displayed instead of their names. |
| 904751 | WebRating overrides can't be deployed or deleted via FortiManager. |
|
905377 |
Threat Feeds with name starting with 'g-' are not installed to FortiGates without VDOM enabled. |
| 907925 | IPS profile/Signature tab is not visible for admins with non-default admin profile. |
| 908353 | When ISDB name changed, FortiManager is not automatically updating the new ISDB object name. |
| 908445 | FortiManager does not display correct edit page for virtual server VIP when edit object in policy table. |
| 917225 | FortiManager is unable to install policy packages to multiple devices due to "securityconsole" crashes. |
| 920983 | The policy blocks using a group object do not get updated when the objects within the group are modified. |
| 938019 | Policy Package Status not changed on modification of nested group used in policy block. |
|
942659 |
Syncing EMS tags from FortiManager fails when the EMS Connector is configured in multi-site mode. |
| 945632 | Modifying the Policy Installation Target does not trigger a status change in the Policy Package when adding an "install on" to a single policy. |
| 945853 | FortiManager doesn't sync previously deleted EMS tags. |
| 949515 | Security Policy Installation
Verification fails because the internet-service-negate feature gets enabled
every time after modifying the policy. |
| 955010 | Comments on policies may be cleared when a blank area within the text field is clicked. |
| 957225 | ADOM admin users not able to view the managed FortiGate in the policy push wizard. |
| 958206 | Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server. |
| 958923 | Installing policy packages that utilize an SSL/SSH Inspection profile may fail with the error message: "Server certificate replace mode cannot support category exempt." |
|
959116 959877 |
The timestamps displayed for 'First/Last Used' under the Hit Count for Firewall Policies within the Policy & Objects section are invalid. |
| 959890 | Per-device mapping search for VDOMs is not possible for users. |
| 960660 | The Clone Reverse feature is not functioning when the firewall policy includes an internet service address object. |
| 960778 | Installation failed because FortiManager attempts to remove a static entry, "QuarantinedDevices." |
|
963008 |
Impossible to merge duplicate objects. |
|
963536 |
The policy package feature "Export to Excel" is not functioning. |
| 965719 | FortiManager is unable to enable the log setting for implicit deny rule under the policy package. |
| 970056 | The policy installation fails when FortiManager attempts to apply changes related to the "management address" on the interface of the FortiGates. |
| 972392 | Users do not receive a proper warning when creating a firewall address with the IP address "0.0.0.0/0." |
| 978814 | When attempting to use the "Export to Excel" feature under the Firewall Policy with extensive rules, GUI may slow down and become unresponsive for some time. |
| 979554 | EMS connectors are randomly getting disabled on FortiManager, despite no changes being made to EMS settings on either FortiManager or FortiGate. |
| 982638 | Invalid IPS signature breaks the GUI when users are trying to edit the IPS profile in the FortiManager. |
| 984935 | The "view mode" and "Routing Object" options are not displayed on the GUI. |
| 986262 | EMS Cloud tags are not updated on FortiManager. |
| 989423 | FortiManager SD-WAN interfaces are not available as Normalized interfaces. |
| 997752 | Install preview randomly hangs and doesn't return any data on next screen. |
| 1003309 | When an address object is cloned it is not automatically included in the original address group. |
| 1008413 | FortiManager Fails to Load IPS Signatures in the Profile. |
| 1012400 | The policy package installation is hanging due to a crash in the 'securityconsole' application. |
Revision History
|
Bug ID |
Description |
|---|---|
|
513317 |
FortiManager may fail to install policy after FortiGate failover on Azure. |
| 801614 | FortiManager might display an error message, "Failed to create a new revision." for some FortiGates when retrieving their configurations. |
|
894523 |
Object revision timestamp is taken from previous revision. |
Script
|
Bug ID |
Description |
|---|---|
| 937528 | Unable to send DHCP options "set value" using CLI template and using Script . |
|
1020938 |
After the image upgrade, users may encounter a "Temporarily Unavailable" page message. This problem specifically occurs when special characters, like " |
Services
|
Bug ID |
Description |
|---|---|
| 863094 | The query status is not functioning correctly, and the "top 10 unrated sites" section actually displays ratings. |
|
938365 |
FortiManager's GUI does not display an option under FortiGuard Settings to support the 7.2 version for FortiClient and FortiMail. |
|
980334 |
"Download to Excel" option on Licensing Status under the FortiGuard does not work. |
|
985074 |
Changing the FortiGuard Server Location under the license info widget results in a blank page popup. |
System Settings
|
Bug ID |
Description |
|---|---|
| 825319 | FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary. |
| 853429 | Creating FortiManager's configuration backup via scp cannot be done. |
|
881309 |
In SSO configuration, whether the settings for " |
| 930449 | Testing the syslog server displays the message, "Failed to send a test log to syslog server". |
|
936694 |
After removing a device, FortiManager generates repeated 'sync dvmdb to faz' tasks for all logged-in administrative users. |
| 941082 | A password prompt is consistently requested with each new login attempt when applying password policies to a local account linked to FortiToken Cloud Mobile for multi-factor authentication (MFA). |
| 966148 | RADIUS remote users are unable to successfully install changes to FortiGates. |
VPN Manager
|
Bug ID |
Description |
|---|---|
|
678319 |
Once " |
| 784385 |
If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager. Workaround: It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to the workaround. Perform the following command to check & repair the FortiManager's configuration database: diagnose cdb check policy-packages <adom> After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces. |
|
897574 |
Address Objects with Meta Variables do not function correctly when creating Static routes using the VPN Manager. |
| 906097 | VPN Manager IPsec community
Phase 2 encryption setting can't be changed to AES256GCM from the GUI. |
|
942222 |
The configuration settings for the "peergroup" are not being retained properly. |