Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiManager 7.2.5 Release Notes
    7.2.5
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3

    Known Issues

    Known Issues

    The following issues have been identified in 7.2.5. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

    AP Manager

    Bug ID

    Description

    977726

    SSID config changes cannot be installed when SSID mode selected as Tunnel under AP.
    1010485 Under the AP Manger, WiFi map view cannot load the AP Information.
    1010632 Floor Map shows wrong AP status and does not show the rest of APs when adding a new AP.

    Device Manager

    Bug ID

    Description
    894948 FortiManager fails to push the FortiAnalyzer override settings to the FortiGate.
    895994 When using the 'where used' feature in Phase 2 quick mode selector, objects do not appear, and they can be removed.
    955058 Changes on Address groups only referenced in phase2 selectors are not installed

    960363

    Traffic Shaping widgets keep loading on Dashboard page of the Device Manager.
    961508 SD-WAN Monitor table-view does not load.
    966546 Unable to disable the "Create Address Object Matching Subnet" feature when the interfaces role is LAN.

    976887

    Unable to set non-HEX values for DHCP Option; it displays an error message: "...enter a valid Hexadecimal number...".
    980362 The Firmware Version column in Device Manager incorrectly shows "Upgrading FortiGate from V1 to V2" even after a successful upgrade has been completed.
    980659 When adding FortiGates (FWF-80F, FWF-80F-2R-3G4G-DSL, FWF-81F-2R-3G4G-DSL) as model devices, FortiManager may attempt to create a duplicate DHCP server. Consequently, this installation fails due to the duplicate configuration.
    981031 Device Inventory widget shows wrong date for "last seen".
    993094 Firmware image for Azure FortiGate (PAYGO) is not available from (Device Manager > Firmware upgrade).
    997344 FortiManager is missing the "set members 0" feature when creating SDWAN Performance SLA.
    1000686 HA autolink failure occurs when LAN interfaces do not exist.
    1002289 Unable to delete default wireless-controller vap configuration with pre-run CLI templates.
    1006838 "Admin User" settings get modified if username is more than 37 characters.
    1011744 Autoupdate will not update the Device DB with FortiGate's ssh local-key details.
    1015064 Disabling the "auto-firmware-update" in FortiManager device db does not disable it on the FortiGate. Please review "FortiManager & FortiGate: handling of auto-firmware-upgrade setting" in Special Notices.

    1016654

    FortiManager fails to add FortiAnalyzer as a managed device.

    Workaround:

    Configure the following on the FortiManager to allow FortiAnalyzer to connect:

    config system global

    set fgfm-peercert-withoutsn enable

    end
    1016987

    FGFM's tunnel went down after upgrade because the device's SN doesn't match the expected certificate.

    Workaround:

    This check can be manually disabled globally on FortiManager side by the following CLI:

    config system global

    set fgfm-peercert-withoutsn enable

    end

    1021087

    The out-of-sync notification is missing in FortiManager after upgrading to version 7.2.5.

    Workaround:

    • Reboot the FortiManager, or

    • Find the process IDs (PIDs) of "webworker","websocket", and "webevent", then terminate them using the following command: diag sys process kill 11 <pid>

    1063635

    FortiManager does not support the "FortiWiFi-80F-2R-3G4G-DSL".

    FortiSwitch Manager

    Bug ID

    Description
    995984 Cannot create MC-LAG in FortiSwitch Manager.

    Others

    Bug ID

    Description
    703585 FortiManager may return "Connection aborted" error with JSON API request.
    777831 When FortiAnalyzer is added as a managed device to FortiManager, the "Incident & Event" tile will display instead of the "FortiSoC" tile.
    894219 The log filter does not function correctly when filtering by FortiGate HA cluster ID instead of the device ID for individual FortiGate units.
    954564 FortiManager attempts to change FEX serial number and returns an installation error.
    967214 Unable to set up metadata variables using CSV file when Workspace mode is enabled on ALL ADOMs.
    968647

    On the Log View (when FortiAnalyzer is added to FortiManager) changing time filters, first request always fails but second one is successful.

    Workaround:

    Use FortiAnalyzer's Log View to view logs.
    983359 The "40F-3G-4G LTE" modem is not listed on the FortiManager's Extender Manager.
    986753

    Policy installation may stuck on the validation due to recurrent Segmentation Fault errors on the webevent / webworker processes.

    Workaround:

    FortiManager may be rebooted.
    988422 The installation fails to FortiProxys when FortiManager attempts to set the firewall address object with the associated-interface value of "any". FortiProxy does not support the "any" value key.
    991052 FortiManager AWS is not able to form geo-redundant cluster as VRRP HA fails to sync.
    1003261 FortiManager displays the Vulnerability notification alert but the device list is blank.
    1015415 When FortiAnalyzer is added as a managed device to FortiManager, filtered logs will not be displayed under Log View.
    1019261

    Unable to upgrade ADOM from 7.0 to 7.2, due to the error "Do not support urlfilter-table for global scope webfilter profile".

    Workaround:

    Run the following script against the ADOM DB:

    config webfilter profile

    edit "g-default"

    config web

    unset urlfilter-table

    end

    next

    end
    1022997 When devices are vulnerable, the table view freezes, resulting in the section not loading properly and the GUI continuously spinning.
    1023512 FortiManager fails to install policies to FortiProxy if number of local users are more than 1000.

    1025097

    The GUI crashes with "Uncaught TypeError: Cannot read properties..." as soon as the first dot of an IP address is entered in the generic search of the Firewall Addresses table. This occurs when there is an address object with a <NULL> subnet.
    1034511

    Unable to upgrade ADOM from v7.2 to v7.4 due to a crash occurring with the assigned FortiSwitch template.

    Workaround:

    Unassign all FortiSwitch templates and upgrade the ADOM, then create a new model switch.

    Policy & Objects

    Bug ID

    Description
    843716 FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server.
    845022 SDN Connector failed to import objects from VMware VSphere.
    852603 Per device mapping feature is not available for EMS connector under the Policy & Objects on the FortiManager.
    925609 Unused firewall shaping-profile is copied to device db and will be installed to devices.
    958206 Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server.
    967271 Installation failed when trying to remove firewall internet-service-name objects.

    970056

    The policy installation fails when FortiManager attempts to apply changes related to the "management address" on the interface of the FortiGates.
    976795 When attempting to utilize the "Unused Policies" tool in FortiManager (Find Unused Policies), FortiManager fails to present the policies and instead shows an empty window.
    993263 Filters in Policy Packages do not function correctly.
    997752

    Install preview randomly hangs and doesn't return any data on next screen.

    Workaround:

    Close the install preview window and re-run the install.

    998850

    Modification to Policy with install target does not update the policy package status.

    Workaround:

    Remove the Installation Target and re-add to the policy, which will trigger Policy Package Modification and the install preview will also show the changes made.
    1001027

    If using Static Route template, FortiManager may become unresponsive when trying to install multiple devices simultaneously.

    Workaround:

    Disassociate device from static route template.
    1001165 Installation failure while installing the Fortinet_GUI_Server Certificate.
    1002787 User external-identity-provider can't be created in the User Definition or CLI configuration under the Policy & Objects.
    1002794

    FortiManager attempts to remove the existing external-resource when "set external-blocklist-enable-all enable" in AV profile.

    Workaround: Use "set external-blocklist <external-profile-name> <external-profile-name2>".
    1003295 "Install On" field in FortiManager does not exist anymore.
    1003309

    When an address object is cloned, it is not automatically included in the original address group.

    Workaround:

    Manually add the cloned address to the original address group after cloning.
    1004056 The installation may encounter an error related to Syntax support for the "ssh-enc-algo" command.
    1004929

    FortiManager removes the Web Filter Profile from the Profile Group for Policy-Based FortiGates.

    Workaround:

    Use individual profiles in the policy instead of the profile group.
    1008413 FortiManager fails to load IPS signatures in the profile. This may only occur when the number of signatures listed in the profile is larger than 80.
    1008729 EMS tags fail to import upon clicking Apply & Refresh.
    1009296 "Fork error (out of memory?)" message has been observed when installing Policy Package on multiple targets simultaneously.
    1012389 "Negate Source" and "Negate Destination" options are missing.
    1012400

    The policy package installation is hanging due to a crash in the "securityconsole" application. This is more likely to happen when installing to more than 5 devices.

    Workaround:

    Avoid using static route templates OR template groups.

    1012413

    Searching for an address object by its IP address does not display the related address groups; instead, it only shows the address object.
    1012435

    When editing an address group in a firewall policy, the members do not display correctly.

    Workaround:

    First edit the policy, and then edit the address group.

    1013434

    Unable to add VIP/VIP group in the destination address field of policies, as they are not visible when trying to add them in ADOM 6.4.
    1013459 FortiManager fails to load address object in SSL/SSH inspection.
    1013948 After upgrading to FortiManager versions 7.2.5 or 7.4.3, the installation preview may hang. However, the installation process itself can be completed successfully.
    1013990 There are no commands available for installing source or destination interfaces when adding them to a firewall policy or SNAT rule.
    1014499 FortiManager Azure SDN connector is unable to pull K8s label from AKS.
    1020917 When "partial-install" feature is enabled, clicking on "Install Objects" can sometimes freeze the GUI, preventing any modifications until it refreshes and also installation may not completed.

    1024070

    Policy package might not be installed due to the following error message:

    "unassign template object vpn ipsec phase1-interface <...> fail: Do not delete fortitoken during ADOM to device copy."

    This case is still under investigation for the root cause analysis (RCA).
    1027238 Unable to install when using vlan interfaces within a Virtual Wire Pair Policy

    Revision History

    Bug ID

    Description

    801614

    FortiManager might display an error message "Failed to create a new revision." for some FortiGates when retrieving their configurations.

    Script

    Bug ID

    Description
    1008268 The FortiManager script installation process hangs and does not complete.
    1011730 FortiManager does not load scripts instantly; it takes a noticeable number of seconds for each script to open.

    1012336

    Pre-installation from CLI Template fails with the error message "Attribute source-IP check error for RADIUS users."

    1020938

    After the image upgrade, users may encounter a "Temporarily Unavailable" page message. This problem specifically occurs when special characters, like "$(...)", are used within a TCL script in an ADOM. The Meta variable parsing function incorrectly identifies these characters as meta variable delimiters.

    System Settings

    Bug ID

    Description

    987173

    The "ext-auth-group-match" feature doesn't work for SAML SSO users.

    1034076

    Admin Profile with no access to provisioning template can view provisioning templates by using direct URLs.

    VPN Manager

    Bug ID

    Description
    784385

    If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.

    Workaround:

    It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to the workaround. Perform the following command to check & repair the FortiManager's configuration database.

    diagnose cdb check policy-packages <adom>

    After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.
    Previous
    Next

    Known Issues

    Known Issues

    The following issues have been identified in 7.2.5. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

    AP Manager

    Bug ID

    Description

    977726

    SSID config changes cannot be installed when SSID mode selected as Tunnel under AP.
    1010485 Under the AP Manger, WiFi map view cannot load the AP Information.
    1010632 Floor Map shows wrong AP status and does not show the rest of APs when adding a new AP.

    Device Manager

    Bug ID

    Description
    894948 FortiManager fails to push the FortiAnalyzer override settings to the FortiGate.
    895994 When using the 'where used' feature in Phase 2 quick mode selector, objects do not appear, and they can be removed.
    955058 Changes on Address groups only referenced in phase2 selectors are not installed

    960363

    Traffic Shaping widgets keep loading on Dashboard page of the Device Manager.
    961508 SD-WAN Monitor table-view does not load.
    966546 Unable to disable the "Create Address Object Matching Subnet" feature when the interfaces role is LAN.

    976887

    Unable to set non-HEX values for DHCP Option; it displays an error message: "...enter a valid Hexadecimal number...".
    980362 The Firmware Version column in Device Manager incorrectly shows "Upgrading FortiGate from V1 to V2" even after a successful upgrade has been completed.
    980659 When adding FortiGates (FWF-80F, FWF-80F-2R-3G4G-DSL, FWF-81F-2R-3G4G-DSL) as model devices, FortiManager may attempt to create a duplicate DHCP server. Consequently, this installation fails due to the duplicate configuration.
    981031 Device Inventory widget shows wrong date for "last seen".
    993094 Firmware image for Azure FortiGate (PAYGO) is not available from (Device Manager > Firmware upgrade).
    997344 FortiManager is missing the "set members 0" feature when creating SDWAN Performance SLA.
    1000686 HA autolink failure occurs when LAN interfaces do not exist.
    1002289 Unable to delete default wireless-controller vap configuration with pre-run CLI templates.
    1006838 "Admin User" settings get modified if username is more than 37 characters.
    1011744 Autoupdate will not update the Device DB with FortiGate's ssh local-key details.
    1015064 Disabling the "auto-firmware-update" in FortiManager device db does not disable it on the FortiGate. Please review "FortiManager & FortiGate: handling of auto-firmware-upgrade setting" in Special Notices.

    1016654

    FortiManager fails to add FortiAnalyzer as a managed device.

    Workaround:

    Configure the following on the FortiManager to allow FortiAnalyzer to connect:

    config system global

    set fgfm-peercert-withoutsn enable

    end
    1016987

    FGFM's tunnel went down after upgrade because the device's SN doesn't match the expected certificate.

    Workaround:

    This check can be manually disabled globally on FortiManager side by the following CLI:

    config system global

    set fgfm-peercert-withoutsn enable

    end

    1021087

    The out-of-sync notification is missing in FortiManager after upgrading to version 7.2.5.

    Workaround:

    • Reboot the FortiManager, or

    • Find the process IDs (PIDs) of "webworker","websocket", and "webevent", then terminate them using the following command: diag sys process kill 11 <pid>

    1063635

    FortiManager does not support the "FortiWiFi-80F-2R-3G4G-DSL".

    FortiSwitch Manager

    Bug ID

    Description
    995984 Cannot create MC-LAG in FortiSwitch Manager.

    Others

    Bug ID

    Description
    703585 FortiManager may return "Connection aborted" error with JSON API request.
    777831 When FortiAnalyzer is added as a managed device to FortiManager, the "Incident & Event" tile will display instead of the "FortiSoC" tile.
    894219 The log filter does not function correctly when filtering by FortiGate HA cluster ID instead of the device ID for individual FortiGate units.
    954564 FortiManager attempts to change FEX serial number and returns an installation error.
    967214 Unable to set up metadata variables using CSV file when Workspace mode is enabled on ALL ADOMs.
    968647

    On the Log View (when FortiAnalyzer is added to FortiManager) changing time filters, first request always fails but second one is successful.

    Workaround:

    Use FortiAnalyzer's Log View to view logs.
    983359 The "40F-3G-4G LTE" modem is not listed on the FortiManager's Extender Manager.
    986753

    Policy installation may stuck on the validation due to recurrent Segmentation Fault errors on the webevent / webworker processes.

    Workaround:

    FortiManager may be rebooted.
    988422 The installation fails to FortiProxys when FortiManager attempts to set the firewall address object with the associated-interface value of "any". FortiProxy does not support the "any" value key.
    991052 FortiManager AWS is not able to form geo-redundant cluster as VRRP HA fails to sync.
    1003261 FortiManager displays the Vulnerability notification alert but the device list is blank.
    1015415 When FortiAnalyzer is added as a managed device to FortiManager, filtered logs will not be displayed under Log View.
    1019261

    Unable to upgrade ADOM from 7.0 to 7.2, due to the error "Do not support urlfilter-table for global scope webfilter profile".

    Workaround:

    Run the following script against the ADOM DB:

    config webfilter profile

    edit "g-default"

    config web

    unset urlfilter-table

    end

    next

    end
    1022997 When devices are vulnerable, the table view freezes, resulting in the section not loading properly and the GUI continuously spinning.
    1023512 FortiManager fails to install policies to FortiProxy if number of local users are more than 1000.

    1025097

    The GUI crashes with "Uncaught TypeError: Cannot read properties..." as soon as the first dot of an IP address is entered in the generic search of the Firewall Addresses table. This occurs when there is an address object with a <NULL> subnet.
    1034511

    Unable to upgrade ADOM from v7.2 to v7.4 due to a crash occurring with the assigned FortiSwitch template.

    Workaround:

    Unassign all FortiSwitch templates and upgrade the ADOM, then create a new model switch.

    Policy & Objects

    Bug ID

    Description
    843716 FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server.
    845022 SDN Connector failed to import objects from VMware VSphere.
    852603 Per device mapping feature is not available for EMS connector under the Policy & Objects on the FortiManager.
    925609 Unused firewall shaping-profile is copied to device db and will be installed to devices.
    958206 Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server.
    967271 Installation failed when trying to remove firewall internet-service-name objects.

    970056

    The policy installation fails when FortiManager attempts to apply changes related to the "management address" on the interface of the FortiGates.
    976795 When attempting to utilize the "Unused Policies" tool in FortiManager (Find Unused Policies), FortiManager fails to present the policies and instead shows an empty window.
    993263 Filters in Policy Packages do not function correctly.
    997752

    Install preview randomly hangs and doesn't return any data on next screen.

    Workaround:

    Close the install preview window and re-run the install.

    998850

    Modification to Policy with install target does not update the policy package status.

    Workaround:

    Remove the Installation Target and re-add to the policy, which will trigger Policy Package Modification and the install preview will also show the changes made.
    1001027

    If using Static Route template, FortiManager may become unresponsive when trying to install multiple devices simultaneously.

    Workaround:

    Disassociate device from static route template.
    1001165 Installation failure while installing the Fortinet_GUI_Server Certificate.
    1002787 User external-identity-provider can't be created in the User Definition or CLI configuration under the Policy & Objects.
    1002794

    FortiManager attempts to remove the existing external-resource when "set external-blocklist-enable-all enable" in AV profile.

    Workaround: Use "set external-blocklist <external-profile-name> <external-profile-name2>".
    1003295 "Install On" field in FortiManager does not exist anymore.
    1003309

    When an address object is cloned, it is not automatically included in the original address group.

    Workaround:

    Manually add the cloned address to the original address group after cloning.
    1004056 The installation may encounter an error related to Syntax support for the "ssh-enc-algo" command.
    1004929

    FortiManager removes the Web Filter Profile from the Profile Group for Policy-Based FortiGates.

    Workaround:

    Use individual profiles in the policy instead of the profile group.
    1008413 FortiManager fails to load IPS signatures in the profile. This may only occur when the number of signatures listed in the profile is larger than 80.
    1008729 EMS tags fail to import upon clicking Apply & Refresh.
    1009296 "Fork error (out of memory?)" message has been observed when installing Policy Package on multiple targets simultaneously.
    1012389 "Negate Source" and "Negate Destination" options are missing.
    1012400

    The policy package installation is hanging due to a crash in the "securityconsole" application. This is more likely to happen when installing to more than 5 devices.

    Workaround:

    Avoid using static route templates OR template groups.

    1012413

    Searching for an address object by its IP address does not display the related address groups; instead, it only shows the address object.
    1012435

    When editing an address group in a firewall policy, the members do not display correctly.

    Workaround:

    First edit the policy, and then edit the address group.

    1013434

    Unable to add VIP/VIP group in the destination address field of policies, as they are not visible when trying to add them in ADOM 6.4.
    1013459 FortiManager fails to load address object in SSL/SSH inspection.
    1013948 After upgrading to FortiManager versions 7.2.5 or 7.4.3, the installation preview may hang. However, the installation process itself can be completed successfully.
    1013990 There are no commands available for installing source or destination interfaces when adding them to a firewall policy or SNAT rule.
    1014499 FortiManager Azure SDN connector is unable to pull K8s label from AKS.
    1020917 When "partial-install" feature is enabled, clicking on "Install Objects" can sometimes freeze the GUI, preventing any modifications until it refreshes and also installation may not completed.

    1024070

    Policy package might not be installed due to the following error message:

    "unassign template object vpn ipsec phase1-interface <...> fail: Do not delete fortitoken during ADOM to device copy."

    This case is still under investigation for the root cause analysis (RCA).
    1027238 Unable to install when using vlan interfaces within a Virtual Wire Pair Policy

    Revision History

    Bug ID

    Description

    801614

    FortiManager might display an error message "Failed to create a new revision." for some FortiGates when retrieving their configurations.

    Script

    Bug ID

    Description
    1008268 The FortiManager script installation process hangs and does not complete.
    1011730 FortiManager does not load scripts instantly; it takes a noticeable number of seconds for each script to open.

    1012336

    Pre-installation from CLI Template fails with the error message "Attribute source-IP check error for RADIUS users."

    1020938

    After the image upgrade, users may encounter a "Temporarily Unavailable" page message. This problem specifically occurs when special characters, like "$(...)", are used within a TCL script in an ADOM. The Meta variable parsing function incorrectly identifies these characters as meta variable delimiters.

    System Settings

    Bug ID

    Description

    987173

    The "ext-auth-group-match" feature doesn't work for SAML SSO users.

    1034076

    Admin Profile with no access to provisioning template can view provisioning templates by using direct URLs.

    VPN Manager

    Bug ID

    Description
    784385

    If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.

    Workaround:

    It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to the workaround. Perform the following command to check & repair the FortiManager's configuration database.

    diagnose cdb check policy-packages <adom>

    After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.
    Previous
    Next