Importing AP profiles for FortiWiFi models will cause "Unable to assign template" error.

AP Manager does not display all supported bands for the FortiAP platform. Hence, FortiAP Bands can't be set on AP Profiles.

Workaround:

Set the required 2.4 Ghz or 5 Ghz band config from Policy & Objects > Advanced > CLI Configurations > edit the profile and set the band, and then Install.

FortiManager is generating false vulnerability reports for certain FortiAPs:

• U431F

• U231F

FortiZTP AutoLink Device Discoverymay get stuck at 10% during the autoLink process (updating device) and subsequently fail.

Workaround:

Change the discover-timeout by using the following command:

config system dm

set discover-timeout 15

end

When adding FortiGates (FWF-80F, FWF-80F-2R-3G4G-DSL,FWF-81F-2R-3G4G-DSL) as model devices, FortiManager may attempt to create a duplicate DHCP server. Consequently, this installation fails due to the duplicate configuration.

FortiManager fails to retrieve certificates that were directly imported into the FortiGate. As a result, FortiManager repeatedly attempts to push a CSR, leading to installation status conflicts.

FortiManager is trying to install and configure "config web-proxy global" on the following FortiGates; this installation fails.

Affected FortiGates:

Some low-end FortiGates have encountered this issue.

• FortiWiFi-40F, FortiWiFi-40F-3G4G,

• FortiWiFi-60E, FortiWiFi-60E-DSL, FortiWiFi-60E-DSLJ,

• FortiWiFi-60F,

• FortiWiFi-61E,

• FortiWiFi-61F,

• Fortigate-40F, Fortigate-40F-3G4G,

• Fortigate-60E, Fortigate-60E-DSL, Fortigate-60E-DSLJ, Fortigate-60E-POE,

• Fortigate-60F,

• Fortigate-61E,

• Fortigate-61F,

• Fortigate-80E, Fortigate-80E-POE,

• Fortigate-81E, Fortigate-81E-POE,

• Fortigate-90E,

• Fortigate-91E,

• FortigateRugged-60F, FortigateRugged-60F-3G4G.

Prefix list under BGP template does not allow to add "Greater than" or "Less than" value.

The following error has been observed while doing configuration changes in the FortiGate Global system settings. This issue has been reported after upgrading the FortiManager from 7.2.5 to 7.4.3. "Error : datasrc invalid. object: firewall ssh setting.:caname. detail: Fortinet_SSH_CA. solution: datasrc invalid" This issue is mostly observed when the multi-vdom feature is enabled on the FortiGates.

Workaround:

Change system settings from CLI Configurations instead.

Some FortiGate platforms (FGT-40F and FGT-60F) do not support the "ip-managed-by-fortiipam" and FortiGate refuses to take the configuration from FortiManager; hence users will be experiencing the install error.

Workaround:

Use a script on device database on FortiManager to unset "ip-managed-by-fortiipam" under wan interface (every time before installation), and then install the configuration.

FortiSwitch diagnostics tools do not display the cable test diagnose results, device information on Ports, and update Registration status.

On the Log View (when FortiAnalyzer is added to FortiManager) changing time filters, first request always fails but second one is successful.

Workaround:

Use FortiAnalyzer's Log View to view logs.

The installation fails to FortiProxys when FortiManager attempts to set the firewall address object with the associated-interface value of "any". FortiProxy does not support the "any" value key.

FortiManager does not display data usage for the FortiExtenders under the Extender Manager.

Unable to upgrade ADOM from 7.0 to 7.2, due to the error "Do not support urlfilter-table for global scope webfilter profile".

Workaround:

Run the following script against the ADOM DB:

config webfilter profile

edit "g-default"

config web

unset urlfilter-table

end

next

end

FortiManager fails to download Install preview log because the button is greyed out (for both policy package and device setting & device setting only installations).

Workaround:

Copy the content of the preview.

Unable to upgrade ADOM from v7.2 to v7.4 due to a crash occurring with the assigned FortiSwitch template.

Workaround:

Unassign all FortiSwitch templates and upgrade the ADOM then create a new model switch.

FortiManager's GUI may crash when users are navigating through DHCP Monitor (Device Manager > Managed Fortigate > Dashboard: Network Monitors).

When the "Allow FortiToken Mobile push notification" policy is enabled in the FortiAuthenticator, the "Token Code" field is not displayed on the FortiManager's GUI login page for manual insertion of the token. It should be noted, the token is received on the phone, and the login completes successfully.

After upgrading to the latest available build, the FortiManager GUI displays the warning message: "A new firmware version is available".

FortiManager does not able to import the Central SNAT, DNAT, DOS, local-in and traffic shaping policies.

When "NAC Policy" rules are created and the "Install On" option is set to specific FortiGates, the rules are still pushed to all FortiGates listed under "Installation Targets". This results in policy installation failures on other devices, as some FortiGates might not support NAC Policy settings.

Modification to Policy with install target does not update the policy package status.

Workaround:

Remove the Installation Target and re-add to the policy which will trigger Policy Package Modification and the install preview will also show the changes made.

The installation may encounter an error related to Syntax support for the "ssh-enc-algo" command.

FortiManager removes the Web Filter Profile from the Profile Group for Policy-based FortiGates.

Workaround:

Use individual profiles in the policy instead of the profile group.

The policy package status changes for all devices even when an address object is opened and saved without any modifications. This issue is particularly observed in objects utilizing the per-device mapping feature.

When "private-data-encryption" is enabled globally on the FortiManager, the installation fails when attempting to change the local/LDAP/RADIUS passwords.

Workaround:

To disable the "private-data-encryption" on the FortiManager.

Policy installation might fail for v7.4.4 FortiGates when the "system interface" and "system router" configurations are applied via the CLI template and assigned to them.

Workaround:

1. Unassign device from cli template.

2. Install policy package so any pending changes are pushed.

3. Reassign cli template to device.

4. Install policy package again should not trigger error anymore.

Unable to install the Type of Service (ToS) and ToS-mask configuration from FortiManager to FortiGates.

Workaround:

Apply the ToS and ToS-mask configurations directly on the FortiGates.

Alternatively, run a CLI script "Remote FortiGate Directly" with tos and tos-mask from FortiManager.

When installing policy to a FortiGate that uses FortiSandbox inline scanning on an AV profile, FortiManager unsets the configuration on install.

Verification of the LDAP Server via LDAP Browser may display an "Operation Error" message.

Workaround:

If an "Operation Error" occurs during LDAP Server Browser verification, re-enter the password and attempt the verification process again.

In certain cases (currently under investigation), the License Status on FortiManager may be incorrectly displayed as "Expired" despite the license being active in the account.

Workaround:

Restart the FortiManager when feasible.

FortiManager does not redirect to SSO login page when "Default Login Page" in SAML SSO is set to "Single-Sign-On".

Admin Profile with no access to provisioning template can view provisioning templates by using direct URLs.