Fortinet black logo

Known Issues

Known Issues

The following issues have been identified in 7.4.2. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

884233 FortiManager displays the AP critical security vulnerability info even after FortiAPs are being upgraded.

974444

DNS server for SSIDs gets resets after Importing AP Profile.

982548 FortiGate configuration install may fail with the reason, "Need to unset channel list in radio-1 first".

987111

Unable to save the SSID configuration changes under the AP Manager.

1002043

AP Manager view does not show SSIDs and Radio Channels.

Device Manager

Bug ID

Description

751612 After upgrading to 7.2.4 version, Read/Write Access level profile for SD-WAN and provisioning template is not properly set.
796842 Failed to reload the configuration due to the "datasrc invalid" error message.
956920 Monitor Health Check graphs return incomplete or no value.
960363 Traffic Shaping widgets keep loading on Dashboard page of the Device Manager.
961508 SD-WAN monitor table-view does not load.
966546 Unable to disable the "Create Address Object Matching Subnet" feature when the interfaces role is LAN.
973064 Installation to FortiGate with NP7 Acceleration feature enabled might fail when FortiManager attempted to modify the QoS settings. Changing the "default-qos-type" to values other than its default may result in a FortiGate reboot (FOS Behavior).
975310 Unable to unset interface IP for a VLAN interface in Device Manager.
976887 Unable to set non-HEX values for DHCP Option; it displays an error message, "...enter a valid Hexadecimal number...".

976887

Unable to set non-HEX values for DHCP Option; it displays an error message: "...enter a valid Hexadecimal number...".

979531 System Template does not save the auto-firmware-upgrade settings.
986466 When modifying the BGP template with a new route map rule, a failure error message may be displayed.
988964 FortiManager tries to push switch-controller command to devices that do not have this command.
991337 When ADOM Advanced Mode is enabled, FortiManager is unable to edit interfaces for non-root VDOM in different ADOM.
991464 Asset Identity List cannot be exported to CSV.
993094 Firmware image for Azure FortiGate (PAYGO) is not available from (Device Manager > Firmware upgrade).
995919 Cannot config system password-policy expire-day for FortiGate.
1001699 System Templates and Template Groups cannot be assigned to FortiProxy devices.
1002289 Unable to delete default wireless-controller vap configuration with pre-run CLI templates.
1006838 "Admin User" settings get modified if username is more than 37 characters.
1009883

Unable to set the Radius-Server addresses as FQDN.

Workaround: Run the script directly on the FortiGate and then retrieve config back to the FortiManager.

1011744 Autoupdate will not update the Device DB with FortiGate's ssh local-key details.
1016654

FortiManager fails to add FortiAnalyzer as a managed device.

Workaround:

Configure the following on the FortiManager to allow FortiAnalyzer to connect:

config system global

set fgfm-peercert-withoutsn enable

end

1016987

FGFM's tunnel went down after upgrade because the device's SN doesn't match the expected certificate.

Workaround:

This check can be manually disabled globally on FortiManager side by the following CLI:

config system global

set fgfm-peercert-withoutsn enable

end

FortiSwitch Manager

Bug ID

Description

966726

988757

When viewing switch ports through the FortiSwitch Manager, the port status was displayed as Down.

995984 Cannot create MC-LAG in FortiSwitch Manager.

Others

Bug ID

Description

874052

After upgrade ADOM from v7.0 to v7.2, when installing a policy package to FGT-v7.2 device, FortiManager tries to change 'match-vip' from 'disabled' to 'enabled'

876125 Unable to assign provisioning templates to template groups in FortiProxy ADOMs.
935430 When FortiAnalyzer is managed by FortiManager and FortiManager's local logs are being sent to FortiAnalyzer, installing PP to FortiGates may display the following message: "Confirm Deletion FortiManager is going to sync the following device deletion to FortiAnalyzer,...".
949994 When the FortiAnalyzer feature is activated on the FortiManager, attempting to download FortiGate logs/log files from the FortiManager results in an error message.
954564 FortiManager attempts to change FortiExtender serial number and returns an installation error.
956335 Unable to upgrade root ADOM from v6.4 to v7.0 with "med-location-service" object error.
963744 FortiManager's HA status becomes unsynchronized when the "private-data-encryption" feature is enabled.
967214 Unable to set up metadata variables using CSV file when Workspace mode is enabled on ALL ADOMs.
976448 Unable to login FortiManager Cloud.
982564 When upgrading the root ADOM, the process might fail with the following error message, "...The string contains XSS vulnerability characters...".
986753

Policy installation may stuck on the validation due to recurrent Segmentation Fault errors on the webevent/webworker processes.

Workaround: FortiManager may be rebooted.

991052 FortiManager AWS is not able to form GeoRedundant Cluster as VRRP HA fails to sync.
993924 "Application fmgd" keeps crashing when accessing SDWAN monitor page.
1008642 Unable to mount disk and create lvm when deploying using AZURE D-Series v5 Instance Type.
1015415 When FortiAnalyzer is added as a managed device to FortiManager, filtered logs will not be displayed under Log View.
1019784 ADOM Upgrade from 7.0 to 7.2 fails with the "'Fail(errno=0):invalid value'" error message.

1025097

The GUI crashes with "Uncaught TypeError: Cannot read properties..." as soon as the first dot of an IP address is entered in the generic search of the Firewall Addresses table. This occurs when there is an address object with a <NULL> subnet.

Policy & Objects

Bug ID

Description

817289

FortiManager only accepts IPv6 Compressed Notation format for the Policy & Objects.

845022 SDN Connector failed to import objects from VMware VSphere.
888798 Changing deep inspection ssl-ssh-profile to "inspect all ports" may cause installation error.

908353

When ISDB name is changed, FortiManager does not automatically update the new ISDB object name.

917225 FortiManager is unable to install policy packages to multiple devices due to "security console" crashes.
938019 Policy Package Status not changed on modification of nested group used in policy block.
958206 Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server.
972392 Users do not receive a proper warning when creating a firewall address with the IP address "0.0.0.0/0."
979554 EMS connectors are randomly getting disabled on FortiManager, despite no changes being made to EMS settings on either FortiManager or FortiGate.
982638 Invalid IPS signature breaks the GUI when users are trying to edit the IPS profile in the FortiManager.
983219 FortiManager attempts to delete the "edm-keyword" when configuring DLP data types on the FortiGate.
984935 The "view mode" and "Routing Object" options are not displayed on the GUI.
986262 EMS Cloud tags are not updated on FortiManager.
989423 FortiManager SD-WAN interfaces are not available as Normalized interfaces.
989953 GUI cannot load replacemsg-group in Web Filter profile advanced option.
991351 When ADOM Advanced Mode is enabled, FortiManager is unable to edit interfaces for non-root VDOM in different ADOM.
993263 Filters in Policy Packages do not function correctly.
993355 Importing policy creates a dynamic mapping with 0.0.0.0.
995766 "Find and Replace" feature does not display "replace with" table result for some columns.
997752 Install preview randomly hangs and doesn't return any data on next screen.

998850

Modification to Policy with install target does not update the policy package status.

Workaround:

Remove the Installation Target and re-add to the policy, which will trigger Policy Package Modification and the install preview will also show the changes made.

999710

The installation process hangs at "Installation Preparation" stage.

Workaround:

Repair task database with using the "diagnose dvm task repair" command.

1001027 When trying to install multiple devices simultaneously, FortiManager may become unresponsive.
1001165 Installation failure while installing the Fortinet_GUI_Server Certificate.
1002060 Using unmapped interfaces under Policy Blocks does not give an installation error.
1002787 User external-identity-provider can't be created in the User Definition or CLI configuration under the Policy & Objects.
1002794

FortiManager attempts to remove the existing external-resource when "set external-blocklist-enable-all enable" in AV profile.

Workaround: Use "set external-blocklist <external-profile-name> <external-profile-name2>".

1003309 When an address object is cloned it is not automatically included in the original address group.
1004056 The installation may encounter an error related to Syntax support for the "ssh-enc-algo" command.
1008729 EMS tags fail to import upon clicking Apply & Refresh.
1009296 "Fork error (out of memory?)" message has been observed when installing Policy Package on multiple targets simultaneously.
1012389 "Negate Source" and "Negate Destination" options are missing.
1012400 The policy package installation is hanging due to a crash in the "securityconsole" application.
1012435 When editing an address group in a firewall policy, the members do not display correctly.
1020917 When "partial-install" feature is enabled, clicking on "Install Objects" can sometimes freeze the GUI, preventing any modifications until it refreshes and also installation may not completed.

Revision History

Bug ID

Description

801614 FortiManager might display an error message, "Failed to create a new revision.", for some FortiGates when retrieving their configurations.

Script

Bug ID

Description

1008268 The FortiManager script installation process hangs and does not complete.
1011730 FortiManager does not load scripts instantly; it takes a noticeable number of seconds for each script to open.
1020938 After the image upgrade, users may encounter a "Temporarily Unavailable" page message. This problem specifically occurs when special characters, like "$(...)", are used within a TCL script in an ADOM. The Meta variable parsing function incorrectly identifies these characters as meta variable delimiters.

Services

Bug ID

Description

980334 "Download to Excel" option on Licensing Status under the FortiGuard does not work.

985074

Changing the FortiGuard Server Location under the license info widget results in a blank page popup.

System Settings

Bug ID

Description

825319 FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary.
881309 In SSO configuration, whether the settings for "ext-auth-accprofile-override" and "ext-auth-adom-override" are enabled or disabled, the users are granted an adom/accprofile override, if the IdP sends valid ADOMs and "profilename" attributes.

962476

Restricted Admin users cannot Install Web Filter, IPS, and Application Control profile to FortiGates.

984986 Unable to upgrade ADOMs after updating the FortiManager to version 7.4.2 due to the following error message: "Fail (errno=0): invalid value".
987173 The "ext-auth-group-match" feature doesn't work for SAML SSO users.
988343

SSO users are unable to switch between ADOMs.

Workaround: As a workaround, users can access the GUI using browsers in private mode, preventing the storage of any browsing history, cookies, or session data (for example, Chrome's incognito mode and Firefox's private mode).

995755 Workspace lock override doesn't work for whole ADOM or policy package.

VPN Manager

Bug ID

Description

678319

Once "os-check" option is enabled, "os-check-list" table is not loaded.

Known Issues

The following issues have been identified in 7.4.2. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

884233 FortiManager displays the AP critical security vulnerability info even after FortiAPs are being upgraded.

974444

DNS server for SSIDs gets resets after Importing AP Profile.

982548 FortiGate configuration install may fail with the reason, "Need to unset channel list in radio-1 first".

987111

Unable to save the SSID configuration changes under the AP Manager.

1002043

AP Manager view does not show SSIDs and Radio Channels.

Device Manager

Bug ID

Description

751612 After upgrading to 7.2.4 version, Read/Write Access level profile for SD-WAN and provisioning template is not properly set.
796842 Failed to reload the configuration due to the "datasrc invalid" error message.
956920 Monitor Health Check graphs return incomplete or no value.
960363 Traffic Shaping widgets keep loading on Dashboard page of the Device Manager.
961508 SD-WAN monitor table-view does not load.
966546 Unable to disable the "Create Address Object Matching Subnet" feature when the interfaces role is LAN.
973064 Installation to FortiGate with NP7 Acceleration feature enabled might fail when FortiManager attempted to modify the QoS settings. Changing the "default-qos-type" to values other than its default may result in a FortiGate reboot (FOS Behavior).
975310 Unable to unset interface IP for a VLAN interface in Device Manager.
976887 Unable to set non-HEX values for DHCP Option; it displays an error message, "...enter a valid Hexadecimal number...".

976887

Unable to set non-HEX values for DHCP Option; it displays an error message: "...enter a valid Hexadecimal number...".

979531 System Template does not save the auto-firmware-upgrade settings.
986466 When modifying the BGP template with a new route map rule, a failure error message may be displayed.
988964 FortiManager tries to push switch-controller command to devices that do not have this command.
991337 When ADOM Advanced Mode is enabled, FortiManager is unable to edit interfaces for non-root VDOM in different ADOM.
991464 Asset Identity List cannot be exported to CSV.
993094 Firmware image for Azure FortiGate (PAYGO) is not available from (Device Manager > Firmware upgrade).
995919 Cannot config system password-policy expire-day for FortiGate.
1001699 System Templates and Template Groups cannot be assigned to FortiProxy devices.
1002289 Unable to delete default wireless-controller vap configuration with pre-run CLI templates.
1006838 "Admin User" settings get modified if username is more than 37 characters.
1009883

Unable to set the Radius-Server addresses as FQDN.

Workaround: Run the script directly on the FortiGate and then retrieve config back to the FortiManager.

1011744 Autoupdate will not update the Device DB with FortiGate's ssh local-key details.
1016654

FortiManager fails to add FortiAnalyzer as a managed device.

Workaround:

Configure the following on the FortiManager to allow FortiAnalyzer to connect:

config system global

set fgfm-peercert-withoutsn enable

end

1016987

FGFM's tunnel went down after upgrade because the device's SN doesn't match the expected certificate.

Workaround:

This check can be manually disabled globally on FortiManager side by the following CLI:

config system global

set fgfm-peercert-withoutsn enable

end

FortiSwitch Manager

Bug ID

Description

966726

988757

When viewing switch ports through the FortiSwitch Manager, the port status was displayed as Down.

995984 Cannot create MC-LAG in FortiSwitch Manager.

Others

Bug ID

Description

874052

After upgrade ADOM from v7.0 to v7.2, when installing a policy package to FGT-v7.2 device, FortiManager tries to change 'match-vip' from 'disabled' to 'enabled'

876125 Unable to assign provisioning templates to template groups in FortiProxy ADOMs.
935430 When FortiAnalyzer is managed by FortiManager and FortiManager's local logs are being sent to FortiAnalyzer, installing PP to FortiGates may display the following message: "Confirm Deletion FortiManager is going to sync the following device deletion to FortiAnalyzer,...".
949994 When the FortiAnalyzer feature is activated on the FortiManager, attempting to download FortiGate logs/log files from the FortiManager results in an error message.
954564 FortiManager attempts to change FortiExtender serial number and returns an installation error.
956335 Unable to upgrade root ADOM from v6.4 to v7.0 with "med-location-service" object error.
963744 FortiManager's HA status becomes unsynchronized when the "private-data-encryption" feature is enabled.
967214 Unable to set up metadata variables using CSV file when Workspace mode is enabled on ALL ADOMs.
976448 Unable to login FortiManager Cloud.
982564 When upgrading the root ADOM, the process might fail with the following error message, "...The string contains XSS vulnerability characters...".
986753

Policy installation may stuck on the validation due to recurrent Segmentation Fault errors on the webevent/webworker processes.

Workaround: FortiManager may be rebooted.

991052 FortiManager AWS is not able to form GeoRedundant Cluster as VRRP HA fails to sync.
993924 "Application fmgd" keeps crashing when accessing SDWAN monitor page.
1008642 Unable to mount disk and create lvm when deploying using AZURE D-Series v5 Instance Type.
1015415 When FortiAnalyzer is added as a managed device to FortiManager, filtered logs will not be displayed under Log View.
1019784 ADOM Upgrade from 7.0 to 7.2 fails with the "'Fail(errno=0):invalid value'" error message.

1025097

The GUI crashes with "Uncaught TypeError: Cannot read properties..." as soon as the first dot of an IP address is entered in the generic search of the Firewall Addresses table. This occurs when there is an address object with a <NULL> subnet.

Policy & Objects

Bug ID

Description

817289

FortiManager only accepts IPv6 Compressed Notation format for the Policy & Objects.

845022 SDN Connector failed to import objects from VMware VSphere.
888798 Changing deep inspection ssl-ssh-profile to "inspect all ports" may cause installation error.

908353

When ISDB name is changed, FortiManager does not automatically update the new ISDB object name.

917225 FortiManager is unable to install policy packages to multiple devices due to "security console" crashes.
938019 Policy Package Status not changed on modification of nested group used in policy block.
958206 Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server.
972392 Users do not receive a proper warning when creating a firewall address with the IP address "0.0.0.0/0."
979554 EMS connectors are randomly getting disabled on FortiManager, despite no changes being made to EMS settings on either FortiManager or FortiGate.
982638 Invalid IPS signature breaks the GUI when users are trying to edit the IPS profile in the FortiManager.
983219 FortiManager attempts to delete the "edm-keyword" when configuring DLP data types on the FortiGate.
984935 The "view mode" and "Routing Object" options are not displayed on the GUI.
986262 EMS Cloud tags are not updated on FortiManager.
989423 FortiManager SD-WAN interfaces are not available as Normalized interfaces.
989953 GUI cannot load replacemsg-group in Web Filter profile advanced option.
991351 When ADOM Advanced Mode is enabled, FortiManager is unable to edit interfaces for non-root VDOM in different ADOM.
993263 Filters in Policy Packages do not function correctly.
993355 Importing policy creates a dynamic mapping with 0.0.0.0.
995766 "Find and Replace" feature does not display "replace with" table result for some columns.
997752 Install preview randomly hangs and doesn't return any data on next screen.

998850

Modification to Policy with install target does not update the policy package status.

Workaround:

Remove the Installation Target and re-add to the policy, which will trigger Policy Package Modification and the install preview will also show the changes made.

999710

The installation process hangs at "Installation Preparation" stage.

Workaround:

Repair task database with using the "diagnose dvm task repair" command.

1001027 When trying to install multiple devices simultaneously, FortiManager may become unresponsive.
1001165 Installation failure while installing the Fortinet_GUI_Server Certificate.
1002060 Using unmapped interfaces under Policy Blocks does not give an installation error.
1002787 User external-identity-provider can't be created in the User Definition or CLI configuration under the Policy & Objects.
1002794

FortiManager attempts to remove the existing external-resource when "set external-blocklist-enable-all enable" in AV profile.

Workaround: Use "set external-blocklist <external-profile-name> <external-profile-name2>".

1003309 When an address object is cloned it is not automatically included in the original address group.
1004056 The installation may encounter an error related to Syntax support for the "ssh-enc-algo" command.
1008729 EMS tags fail to import upon clicking Apply & Refresh.
1009296 "Fork error (out of memory?)" message has been observed when installing Policy Package on multiple targets simultaneously.
1012389 "Negate Source" and "Negate Destination" options are missing.
1012400 The policy package installation is hanging due to a crash in the "securityconsole" application.
1012435 When editing an address group in a firewall policy, the members do not display correctly.
1020917 When "partial-install" feature is enabled, clicking on "Install Objects" can sometimes freeze the GUI, preventing any modifications until it refreshes and also installation may not completed.

Revision History

Bug ID

Description

801614 FortiManager might display an error message, "Failed to create a new revision.", for some FortiGates when retrieving their configurations.

Script

Bug ID

Description

1008268 The FortiManager script installation process hangs and does not complete.
1011730 FortiManager does not load scripts instantly; it takes a noticeable number of seconds for each script to open.
1020938 After the image upgrade, users may encounter a "Temporarily Unavailable" page message. This problem specifically occurs when special characters, like "$(...)", are used within a TCL script in an ADOM. The Meta variable parsing function incorrectly identifies these characters as meta variable delimiters.

Services

Bug ID

Description

980334 "Download to Excel" option on Licensing Status under the FortiGuard does not work.

985074

Changing the FortiGuard Server Location under the license info widget results in a blank page popup.

System Settings

Bug ID

Description

825319 FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary.
881309 In SSO configuration, whether the settings for "ext-auth-accprofile-override" and "ext-auth-adom-override" are enabled or disabled, the users are granted an adom/accprofile override, if the IdP sends valid ADOMs and "profilename" attributes.

962476

Restricted Admin users cannot Install Web Filter, IPS, and Application Control profile to FortiGates.

984986 Unable to upgrade ADOMs after updating the FortiManager to version 7.4.2 due to the following error message: "Fail (errno=0): invalid value".
987173 The "ext-auth-group-match" feature doesn't work for SAML SSO users.
988343

SSO users are unable to switch between ADOMs.

Workaround: As a workaround, users can access the GUI using browsers in private mode, preventing the storage of any browsing history, cookies, or session data (for example, Chrome's incognito mode and Firefox's private mode).

995755 Workspace lock override doesn't work for whole ADOM or policy package.

VPN Manager

Bug ID

Description

678319

Once "os-check" option is enabled, "os-check-list" table is not loaded.