Resolved Issues
The following issues have been fixed in 7.2.6. To inquire about a particular bug, please contact Customer Service & Support.
AP Manager
| Bug ID | Description |
|---|---|
| 955558 | FortiManager unsets the Protected Management Frame (PMF) setting when the SSID security mode is configured to OWE-enabled in the AP Manager. |
| 1010485 | Under the AP Manager, WiFi map view cannot load the AP Information. |
| 1032319 | Importing AP profiles for FortiWiFi models will cause "Unable to assign template" error. |
Device Manager
| Bug ID | Description |
|---|---|
| 895994 | When using the 'where used' feature in Phase 2 quick mode selector, objects do not appear, and they can be removed. |
| 959702 | When creating or importing an SD-WAN template and assigning it to a device, the SD-WAN monitor dashboard may fail to load data and continuously displays the loading icon. |
| 960363 | Traffic Shaping widgets keep loading on Dashboard page of the Device Manager. |
| 960538 |
FortiZTP AutoLink Device Discoverymay get stuck at 10% during the autolink process (updating device) and subsequently fail. |
| 961508 | SD-WAN monitor table-view does not load. |
| 963025 | When using the static route template, the "SD-WAN Zone" does not appear under the Interface column. |
| 966546 | Unable to disable the "Create Address Object Matching Subnet" feature when the interfaces role is LAN. |
| 976887 | Unable to set non-HEX values for DHCP Option; it displays an error message: "...enter a valid Hexadecimal number...". |
| 980659 | When adding FortiGates (FWF-80F, FWF-80F-2R-3G4G-DSL, FWF-81F-2R-3G4G-DSL) as model devices, FortiManager may attempt to create a duplicate DHCP server. Consequently, this installation fails due to the duplicate configuration. |
| 981031 | Device Inventory widget shows wrong date for "last seen". |
| 993094 | Firmware image for Azure Fortigate (PAYGO) is not available from (Device Manager > Firmware upgrade). |
| 1000101 | FortiManager fails to retrieve certificates that were directly imported into the FortiGate. As a result, FortiManager repeatedly attempts to push a CSR, leading to installation status conflicts. |
| 1000686 | HA autolink failure occurs when LAN interfaces do not exist. |
| 1002289 | Unable to delete default wireless-controller vap configuration with pre-run CLI templates. |
| 1004389 | Unable to remove or delete unused FortiGate certificate from FortiManager's GUI. |
| 1006838 | "Admin User" settings get modified if username is more than 37 characters. |
| 1011744 | Autoupdate will not update the Device DB with FortiGate's ssh local-key details |
| 1015064 | Disabling the "auto-firmware-update" in FortiManager device db does not disable it
on the FortiGate.
Please review the "FortiManager & FortiGate: handling of
auto-firmware-upgrade setting" under Special Notices in the FortiManager 7.2.5 Release Notes. |
| 1016654 |
FortiManager fails to add FortiAnalyzer as a managed device. |
| 1016987 |
FGFM's tunnel went down after upgrade because the device's SN doesn't match the expected certificate. |
| 1021087 |
The out-of-sync notification is missing in FortiManager after upgrading to version 7.2.5. |
| 1021693 | Incorrect time displays on the SDWAN monitor health check status. |
| 1026955 | Configuring BGP communities encounters errors due to improper format on the FortiManager. |
| 1029746 | There are "carriage return characters" in the downloaded config files from the Device Manager. |
FortiSwitch Manager
|
Bug ID |
Description |
|---|---|
| 995984 | Cannot create MC-LAG in FortiSwitch Manager. |
|
1040428 |
FortiSwitch diagnostics tools do not display the cable test diagnose results, device information on Ports, and update Registration status. |
Global ADOM
|
Bug ID |
Description |
|---|---|
| 999500 | Unable to configure EMS settings in the Global ADOM. |
| 1005177 | When creating a script to rename the policies on global db policy block by taking their IDs, the error, "[Policy id space out of range]", can be seen. |
Others
|
Bug ID |
Description |
|---|---|
| 954564 | FortiManager attempts to change FortiExtender serial number and returns an installation error. |
| 967214 | Unable to set up metadata variables using CSV file when Workspace mode is enabled on ALL ADOMs. |
| 968647 |
On the Log View (when FortiAnalyzer is added to FortiManager) changing time filters,first request always fails but second one is successful. |
| 983359 | The "40F-3G-4G LTE" modem is not listed on the FortiManager's Extender Manager. |
| 986753 |
Policy installation may stuck on the validation due to recurrent Segmentation Fault errorson thewebevent /webworkerprocesses. |
| 988422 | The installation fails to FortiProxys when FortiManager attempts to set the firewall address object with the associated-interface value of "any". FortiProxy does not support the "any" value key. |
| 988477 | There is not detail output information when executing "diagnose cdb
check policy-packages". |
| 991052 | FortiManager AWS is not able to form GeoRedundant Cluster as VRRP HA fails to sync. |
| 995459 | Not able to fix and delete the "duplicate ADOM root node"
objects after running the "cdb upgrade" command. |
| 1003261 |
FortiManager displays the Vulnerability notification alert but the device list is blank. |
| 1015415 | When FortiAnalyzer is added as a managed device to FortiManager, filtered logs will not be displayed under Log View. |
| 1015890 | Unable to upgrade ADOM from v6.4 to v7.0 due to "switch-controller traffic-policy" error. |
| 1022997 | When devices are vulnerable, the table view freezes, resulting in the section not loading properly and the GUI continuously spinning. |
| 1023512 | FortiManager fails to install policies to FortiProxy if number of local users are more than 1000. |
| 1025097 | The GUI crashes with "Uncaught TypeError: Cannot read properties..." as
soon as the first dot of an IP address is entered in the generic search of
the Firewall Addresses table. This occurs when there is an address object
with a <NULL> subnet. |
| 1032350 |
FortiManager fails to download Install preview log because the button is grayed out (for both policy package and device setting and device setting only installations). |
| 1034511 |
Unable to upgrade ADOM from v7.2 to v7.4 due to a crash occurring with the assigned FortiSwitch template. |
| 1050556 | Unable to fix "adom-integrity"
error using "diagnose cdb upgrade" command. |
Policy and Objects
|
Bug ID |
Description |
|---|---|
| 843716 | FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server. |
| 852603 | Per-device mapping feature is not available for EMS connector under the Policy & Objects on the FortiManager. |
| 883064 | If any admin makes changes to "Object Selection Pane", either setting it to "Dock to Right", "Dock to Bottom", or "Classic Dual Pane", it will affect all other admin's GUI preferences. |
| 897470 | When running the "Policy Check", FortiManager occasionally incorrectly marks policies as shadowed. |
| 902315 | Multicast firewall policies are not visible in GUI when both interfaces are in VWP (virtual wire pair). |
| 958206 | Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server. |
| 959877 | The timestamps displayed for "First/Last Used" under the Hit Count for Firewall Policies within the Policy & Objects section are invalid. |
| 970056 | The policy installation fails when FortiManager attempts to apply changes related to the "management address" on the interface of the FortiGates. |
|
971610 |
FortiManager does not able to import the Central SNAT, DNAT, DOS, local-in, and traffic shaping policies. |
| 993263 | Filters in Policy Packages do not function correctly. |
| 997752 |
Install preview randomly hangs and doesn't return any data on next screen. |
| 998238 | Unable to delete some Object Addresses due to the invalid policy nodes and references. |
| 998850 |
Modification to Policy with install target does not update the policy package status. |
| 1001027 |
If using Static Route template, FortiManager may become unresponsive when trying to install multiple devices simultaneously. |
| 1001165 | Installation failure while installing the Fortinet_GUI_Server Certificate. |
| 1002787 | User external-identity-provider can't be created in the User Definition or CLI configuration under the Policy & Objects. |
| 1002794 |
FortiManager attempts to remove the
existing external-resource when " |
| 1003295 | "Install On" field in FortiManager does not exist anymore. |
| 1003309 |
When an address object is cloned it is not automatically included in the original address group. |
| 1004056 | The installation may encounter an error
related to Syntax support for the "ssh-enc-algo" command. |
| 1008413 | FortiManager fails to load IPS signatures in the profile. This may only occur when the number of signatures listed in the profile is larger than 80. |
| 1008729 | EMS tags fail to import upon clicking Apply and Refresh. |
| 1009296 | "Fork error (out of memory?)" message has been observed when installing Policy Package on multiple targets simultaneously. |
| 1012389 | "Negate Source" and "Negate Destination" options are missing. |
| 1012400 |
The policy package installation is hanging due to a crash in the "securityconsole" application. This is more likely to happen when installing to more than five devices. |
| 1012413 |
Searching for an address object by its IP address does not display the related address groups, instead it only shows the address object. |
| 1012435 |
When editing an address group in a firewall policy, the members do not display correctly. |
| 1013434 | Unable to add VIP/VIP group in the destination address field of policies, as they are not visible when trying to add them in ADOM 6.4. |
| 1013459 | FortiManager fails to Load address object in SSL/SSH inspection. |
| 1013948 | After upgrading to FortiManager versions 7.2.5 or 7.4.3, the installation preview may hang. However, the installation process itself can be completed successfully. |
| 1013990 |
There are no commands available for installing source or destination interfaces when adding them to a firewall policy or SNAT rule. |
| 1014499 | FortiManager Azure SDN connector is unable to pull K8s label from AKS. |
| 1020917 | When
"partial-install" feature is enabled, clicking on "Install
Objects" can sometimes freeze the GUI, preventing any modifications
until it refreshes and also installation may not completed. |
| 1027238 | Unable to install when using vlan interfaces within a Virtual Wire Pair Policy. |
| 1040160 | When installing policy to a FortiGate that uses FortiSandbox inline scanning on an AV profile, FortiManager unsets the configuration on install. |
Revision History
|
Bug ID |
Description |
|---|---|
| 801614 |
FortiManager might display an error message "Failed to create a new revision." for some FortiGates when retrieving their configurations. |
Script
|
Bug ID |
Description |
|---|---|
| 1008268 | The FortiManager script installation process hangs and does not complete. |
| 1011730 | FortiManager does not load scripts instantly; it takes a noticeable number of seconds for each script to open. |
| 1012336 | Pre-installation from CLI Template fails with the error message "Attribute source-IP check error for RADIUS users." |
| 1020938 | After the image upgrade, users may encounter a "Temporarily Unavailable" page message. This problem specifically occurs when special characters, like "$(...)", are used within a TCL script in an ADOM. The Meta variable parsing function incorrectly identifies these characters as meta variable delimiters. |
|
1030938 |
Unable to install IPS signature created through script from FortiManager. |
System Settings
| Bug ID | Description |
|---|---|
| 987173 | The "ext-auth-group-match" feature doesn't work for SAML SSO users. |
| 988343 |
SSO users are unable to switch between ADOMs. |
| 1034076 | Admin Profile with no access to provisioning template can view provisioning templates by using direct URLs. |
| 1040130 | GMT+6 is not visible on the System Settings. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
|
1003799 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1018398 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1018399 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1019450 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1019451 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1020805 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1021287 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1023945 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1023953 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1023958 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1027360 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1027835 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1028284 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1028868 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1029379 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1034018 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1034881 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1040286 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|
|
1051914 |
FortiManager 7.2.6 is no longer vulnerable to the following CVE Reference:
|