Resolved Issues
The following issues have been fixed in 7.4.2. To inquire about a particular bug, please contact Customer Service & Support.
AP Manager
| Bug ID | Description |
|---|---|
|
736930 |
FortiManager is unable to efficiently display rogue AP lists for FortiGates with a high volume of rogue APs. |
| 861941 | FortiManager attempts to install "arrp-profile" even if "darrp" is disabled.
|
| 884233 | FortiManager may display FortiAP critical security vulnerability information even after FortiAPs have been upgraded. This could be because the FortiAP does not provide their patch numbers to the FortiGate, and therefore this information is not transferred to the FortiManager for proper vulnerability checking. Please follow up with the FortiAP team for more information. |
|
906061 |
It takes a significant amount of time to assign a profile to each FortiAP. |
Device Manager
| Bug ID | Description |
|---|---|
| 723720 | "strong-crypto" feature change
under the CLI configuration cannot be installed to FortiGate. |
| 778131 | FortiManager did not support the per device mapping for user SAML configurations. |
| 811104 | Import policy package fails after installing web-proxy through CLI configurations. |
|
838462 |
Adding device using "Add Model HA Cluster" feature failed as FortiManager does not allow "virtual switch interfaces" being used as "heartbeat interfaces". |
| 880934 | FortiManager reverts Syslog mode settings on local FortiGates (when FortiGates are in FIPS mode). |
|
902577 |
The status of the FortiLink split-interface radio button under FortiManager's Device Manager does not match the configuration in FortiGates. |
|
920394 |
Installation failed due to the incorrect install order during ZTP. |
|
923808 |
Even with the "set dhcp-relay-request-all-server enable" option enabled, FortiManager does not keep the DHCP server & relay configurations on the same interface. |
| 935586 | When managed devices go down/appear offline, not all FGFM tunnels are automatically recovered by FortiManager. |
|
936168 |
Unable to assign Device Group to the Firmware Template. |
| 939921 | The firmware upgrade in ADOM mode backup is not allowed. |
|
947393 |
When adding a device via CSV file import, not all metadata values may be configured successfully if a variable is not used in any provisioning templates within the blueprint. |
| 948475 | "View Diff" function under the "Device Configuration DB" under Device Manager per device does not function properly. |
| 949546 | When zones have identical names except for case, only 1 of the zones may be visible in Device Manager. |
| 949612 | The SD-WAN monitor table-view takes too long to load/display information. |
| 950391 | FortiManager attempts to unset the
"peervd" parameter under the system "cluster-sync",
resulting in installation failure. |
| 952404 | FortiManager cannot install the Static Route config under the Provisioning Template due to a static route template error after upgrading to FortiManager 7.2.4/7.4.1. |
| 954610 | FortiManager does not show objects under the 'named address' options in Ipsec VPN Phase 2 definitions. |
| 956567 | Not able to edit/delete Logging Devices Group. |
| 960315 | Unable to create/edit
"ssh-public-key1" with "sh-ed25519" for admin users from
FortiManager's Device Manager; it displays an
"invalid value" error message. |
| 961447 |
After upgrading FortiManager (VMs & FortiManager Cloud) to versions 7.2.4 or 7.4.1, devices may not be able to be retrieved or refreshed. |
|
967611 |
Device Manager interface link status is blank for various Interface types (Tunnel, Aggregate, VDOM Link, Software Switch). |
|
969542 |
Sometimes IPsec Tunnel Template displays the "Response with errors" message when editing the template. |
|
969698 |
FortiManager allows the creation of an empty service value for Internet Service routes. |
FortiSwitch Manager
|
Bug ID |
Description |
|---|---|
|
940419 |
When adding FortiSwitch on FortiManager, error message "Import error - invalid port number" is displayed. |
|
958072 |
The "view ports" feature under the Managed FortiSwitches of the FortiSwitch manager does not display the ports. |
|
967213 |
While attempting to deploy a FortiSwitch template to a model device, FortiManager generates the following error message: "VLAN interface does not match FortiLink." |
Global ADOM
|
Bug ID |
Description |
|---|---|
| 906058 | Firewall address cannot be deleted from Global ADOM; it displays an error message indicating that the object is being used in ADOM root. |
|
969182 |
Under the Global ADOM, the assignment of specific policy packages does not function properly. |
Others
|
Bug ID |
Description |
|---|---|
|
583349 |
FortiManager does not provide support for image upgrades on "ONDEMAND" devices. |
|
796858 |
Subject Key Identifier extension is missing on FortiManager ADOM CA certificate. |
| 875584 |
FortiManager cannot upgrade ADOMs to 7.2 due to error "copy system replacemsg spam.smtp-spam-emailblock". |
| 891253 | The firmware upgrade is successful; however, the task line does not get updated for the retrieve action when device names exceed the predefined character limit. |
| 900512 | FortiManager ADOM Upgrade fails with the error message, "Peer type cannot be peer when authentication method is pre-share key". |
| 922957 | The "fmgd" process may crash while loading the ADOM when multiple Policy Packages are locked. |
| 937448 | Unable to change the time zone on ADOM when FortiAnalyzer feature is enabled on FortiManager. |
| 941203 | FortiManager does not support the use of Certificate Templates to create certificates with a "range=global" setting for FortiGates operating in multi-vdom mode. |
|
945048 |
Unable to edit/delete/clone extender controller for ADOM V7.0. |
| 957433 |
When creating the FortiManager/FortiAnalyzer
docker instances, UUID is missing under the " |
|
960796 |
FortiExtenders are not displayed under the FortiExtender Manager for all FortiGates. |
|
963490 |
Installation fails as FortiManager attempts to " |
|
971122 |
FortiManager does not support all authentication types that are supported by FortiOS, leading to a certificate error in the FortiClient EMS connector. |
Policy and Objects
|
Bug ID |
Description |
|---|---|
| 630648 | A FortiManager instance running on Microsoft Azure is unable to import the SDN connector for a dynamic firewall address and is displaying an error message stating "wrong input parameter." |
| 725427 | Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPSEC policy. |
| 751443 |
FortiManager displays policy installation copy failures error when ipsec template gets unassigned. |
| 830640 | "Send files to FortiSandbox for inspection" option is being enabled when creating an antivirus profile. |
| 854359 | An installation error occurs
when FortiManager attempts to install wildcard FQDN addresses 'mzstatic-apple' and
'cdn-apple' within the 'custom-deep-inspection' SSL-SSH profile. |
| 855073 |
The "where used" feature (under the Source & Destination objects) incorrectly displays "No Record Found" even when these objects are in use. |
| 875103 | Local categories gets purged if used in Profile Mode Security Profiles. |
| 894597 | Default value for
"unsupported-ssl-version" in ssl-ssh-profile gets modified during
the installation. |
| 899226 | Unable to create Central SNAT explicit port translations on FortiManager. |
| 900229 | In policy-based policy packaged, application IDs are displayed instead of their names. |
| 904751 | WebRating overrides can't be deployed or deleted via FortiManager. |
| 907925 | IPS profile/Signature tab is not visible for admins with non-default admin profile. |
| 939979 | After editing authentication-rule/portal mapping, FortiManager installs unexpected changes to these rules. |
| 942659 | Syncing EMS tags from FortiManager fails when the EMS Connector is configured in multi-site mode. |
| 943386 | The installation failed with the message: "auto-firmware-upgrade-day is overridden by auto-firmware-upgrade-delay for automatic patch-level firmware upgrades from FortiGuard." |
|
944931 |
Cannot install or import policy with |
| 945632 | Modifying the Policy Installation Target does not trigger a status change in the Policy Package when adding an "install on" to a single policy. |
|
945853 |
FortiManager doesn't sync previously deleted FortiClient EMS tags. |
| 948437 | When adding a filter under Application Control, it results in a display of apps with messy names and icons. |
|
948559 |
Policy blocks doesn't load properly. |
| 948980 | After creating a new v7.4 ADOM, clicking on the "Show Global Object Search" displays empty page. |
| 949515 |
Security Policy Installation
Verification fails because the " |
| 949972 | Filter isn't working when trying to add a device as a Installation target for an existing policy package. |
|
955010 |
Comments on policies may be cleared when a blank area within the text field is clicked. |
| 957225 | ADOM admin users not able to view the managed FortiGate in the policy push wizard |
| 958923 | Installing policy packages that utilize an SSL/SSH Inspection profile may fail with the error message, "Server certificate replace mode cannot support category exempt." |
|
959166 |
Export to Excel does not work. |
|
960660 |
The Clone Reverse feature is not functioning when the firewall policy includes an Internet service address object. |
| 960778 | Installation failed because FortiManager attempts to remove a static entry, "QuarantinedDevices." |
|
963270 |
When importing the policy package, FortiManager doesn't report any conflicts in device mapping of firewall address and firewall address group in "Object Interface Binding Conflict". |
| 963536 | The policy package feature 'Export to Excel' is not functioning. |
| 964464 | Policy Lookup feature does not function. |
|
965670 |
Creating a new interface type 'vlan'; changing VDOM results in the removal of the selected interface. |
|
978814 |
When attempting to use the Export to Excel feature under the Firewall Policy with extensive rules, GUI may slow down and become unresponsive for some time. |
Revision History
|
Bug ID |
Description |
|---|---|
| 513317 | FortiManager may fail to install policy after FortiGate failover on Azure. |
| 894523 | Object revision timestamp is taken from previous revision. |
Script
|
Bug ID |
Description |
|---|---|
| 937528 | Unable to send DHCP options "set value" using CLI template and using Script. |
Services
| Bug ID | Description |
|---|---|
| 863094 | The query status is not functioning correctly, and the 'top 10 unrated sites' section actually displays ratings. |
| 938365 | FortiManager's GUI does not display an option under FortiGuard Settings to support the 7.2 version for FortiClient and FortiMail. |
System Settings
| Bug ID | Description |
|---|---|
|
842732 |
FortiManager does not display the Secondary HA member's status correctly. |
|
853429 |
Creating FortiManager's configuration backup via scp cannot be done. |
|
871633 |
The configuration that is not synchronized among HA members cannot be modified on slave devices. |
| 930200 | Unable to change the time and timezone from the GUI. |
| 930449 | Testing the syslog server displays the message, "Failed to send a test log to syslog server". |
| 936694 | After removing a device, FortiManager generates repeated "sync dvmdb to faz" tasks for all logged-in administrative users. |
| 941082 | A password prompt is consistently requested with each new login attempt when applying password policies to a local account linked to FortiToken Cloud Mobile for multi-factor authentication (MFA). |
|
957308 |
After enabling FAZ feature the new Event Logs are not displayed in Event Log under the system settings. |
|
962476 |
Restricted Admin users cannot Install Web Filter, IPS, and Application Control profile to FortiGates. |
| 966148 | RADIUS remote users are unable to successfully install changes to FortiGates. |
|
967862 |
In the FortiManager dashboard, bandwidth is displayed in 'bps'. |
VPN Manager
|
Bug ID |
Description |
|---|---|
|
897574 |
Address Objects with Meta Variables do not function correctly when creating Static routes using the VPN Manager. |
|
906097 |
VPN Manager IPsec community Phase 2 encryption setting can't be changed to AES256GCM from the GUI. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
|
947396 |
FortiManager 7.4.2 is no longer vulnerable to the following CVE Reference:
|
|
949519 |
FortiManager 7.4.2 is no longer vulnerable to the following CVE Reference:
|
|
968793 |
FortiManager 7.4.2 is no longer vulnerable to the following CVE Reference:
|
|
977283 |
FortiManager 7.4.2 is no longer vulnerable to the following CVE Reference:
|