Resolved issues
The following issues have been fixed in 7.4.4. To inquire about a particular bug, please contact Customer Service & Support.
AP Manager
| Bug ID | Description |
|---|---|
| 955558 | FortiManager unsets the Protected Management Frame (PMF) setting when the SSID security mode is configured to OWE-enabled in the AP Manager. |
| 1028657 | The captive-portal SSID and its configurations cannot be configured in the GUI. |
| 1029701 | Unsupported channel errors found when importing/creating AP profiles. |
| 1032319 | Importing AP profiles for FortiWiFi models will cause "Unable to assign template" error. |
| 1033105 | When importing the CSV file in the FortiSwitch and AP Manager, all columns show a green checkmark, but clicking "Next" to import is not possible. |
| 1034334 | Channels are not reflected properly for bands in AP Manager and there are missing bands in ADOM 7.4. |
| 1035299 | "Channel 1" under the "Radio-1" is not supported for ADOM 7.0 and 7.2. |
| 1036210 |
AP Manager does not display all supported bands for the FortiAP platform. Hence, FortiAP Bands cannot be set on AP Profiles. |
| 1040365 |
FortiManager is generating false vulnerability reports for certain FortiAPs:
|
|
1062154 |
Due to a syntax mismatch between FortiGates and FortiManager for FortiAPs, installation may fail. Currently, FortiManager v7.4.3 with ADOM 7.4 only supports the FortiAP syntax of the latest FortiGate version 7.4.4. |
Device Manager
| Bug ID | Description |
|---|---|
| 895994 | When using the "where used" feature in Phase 2 quick mode selector, objects do not appear, and they can be removed. |
| 960538 |
FortiZTP AutoLink Device Discovery may get stuck at 10% during the autoLink process (updating device) and subsequently fail. |
| 963025 | When using the static route template, the "SD-WAN Zone" does not appear under the Interface column. |
| 980659 | When adding FortiGates (FWF-80F, FWF-80F-2R-3G4G-DSL, FWF-81F-2R-3G4G-DSL) as model devices, FortiManager may attempt to create a duplicate DHCP server. Consequently, this installation fails due to the duplicate configuration. |
| 1000101 | FortiManager fails to retrieve certificates that were directly imported into the FortiGate. As a result, FortiManager repeatedly attempts to push a CSR, leading to installation status conflicts. |
| 1000686 | HA autolink failure occurs when LAN interfaces do not exist. |
| 1003899 | FortiManager generates a VPN certificate that is not accepted by the FIPS-enabled FortiGate devices. |
| 1019886 | The columns under Network and VPN may become distorted and unreadable after being created. |
|
1020257 |
Packet Capture feature for managed FortiGates does not work; it starts but immediately stops. |
| 1021693 | Incorrect time displays on the SDWAN monitor health check status. |
| 1024581 | Unable to create/remove the "DHCP Reservation" widget for managed FortiGates with a configured DHCP server setting. |
| 1026955 | Configuring BGP communities encounters errors due to improper format on the FortiManager. |
| 1029689 | When configuring/modifying BGP settings in the Provisioning Templates, an error message is displayed. |
| 1029746 | There are "carriage return characters" in the downloaded config files from the Device Manager. |
|
1030685 |
Unable to export metadata variables if the metadata's per-device-mapping value is empty. |
| 1030959 |
Unable to install SD-WAN Rule's hash-mode config changes to managed FortiGates. |
| 1033653 |
FortiManager is trying to install and configure " Affected FGTs: Some low-end FGTs have encountered this issue.
|
| 1034355 | When assigning a provisioning template with Admin Settings configuration, FortiManager changes the hostname of the device. |
| 1036235 | Domain field is missing from the advanced options in DHCP. |
|
1038133 |
Prefix list under BGP template does not allow to add "Greater than" or "Less than" value. |
| 1039014 |
The following error has been observed while doing configuration changes in the FortiGate Global system settings. This issue has been reported after upgrading the FortiManager from 7.2.5 to 7.4.3. "Error : datasrc invalid. object: firewall ssh setting.:caname. detail: Fortinet_SSH_CA. solution: datasrc invalid". This issue is mostly observed when the multi-vdom feature is enabled on the FortiGates. |
| 1040782 |
[Specific to Azure FGT HA Clusters] Installation from FortiManager rewrites the interface IPs on the primary node to match those of the secondary node in an Azure FortiGate A/P HA cluster. |
| 1041440 |
Some FortiGates platform (FGT-40F and FGT-60F) do not support the
" |
| 1050126 |
Setting up a FortiGate-HA with ZTP fails because the FortiLink is not deleted during the "HA config pushed to FGT" process. |
| 1063835 | FortiManager ZTP installation to FortiGate versions 7.2.8 and lower may fail due to
differing default "ssh-kex-algo" settings between FortiManager and FortiGate. |
FortiSwitch Manager
|
Bug ID |
Description |
|---|---|
|
1040428 |
FortiSwitch diagnostics tools do not display the cable test diagnose results, device information on Ports, and update Registration status. |
|
1053220 |
Unable to delete FortiSwitches when central management is enabled for FortiSwitch. Workaround: Removing the FortiSwitch on FortiGate and retrieve on the FortiManager. |
Global ADOM
|
Bug ID |
Description |
|---|---|
| 999500 | Unable to configure EMS settings in the Global ADOM. |
| 1005177 | When creating a script to rename the policies on global db policy block by taking their IDs, the error "[Policy id space out of range]" can be seen. |
Others
|
Bug ID |
Description |
|---|---|
| 983359 | The "40F-3G-4G LTE" modem is not listed on the FortiManager's Extender Manager. |
| 988422 | The installation fails to FortiProxys when FortiManager attempts to set the firewall address object with the associated-interface value of "any". FortiProxy does not support the "any" value key. |
| 993924 | "Application fmgd" keeps crashing when accessing SDWAN monitor page. |
| 995459 | Not able to fix and delete the "duplicate ADOM root node"
objects after running the "cdb upgrade" command. |
| 1001748 | FortiManager does not display data usage for the FortiExtenders under the Extender Manager. |
| 1015890 | Unable to upgrade ADOM from v6.4 to v7.0 due to "switch-controller traffic-policy" error. |
| 1020787 | ZTP Enforce firmware version does not upgrade the secondary cluster member. |
| 1032350 |
FortiManager fails to download Install preview log because the button is greyed out (for both policy package and device setting & device setting only installations). |
| 1034511 |
Unable to upgrade ADOM from v7.2 to v7.4 due to a crash occurring with the assigned FortiSwitch template. |
| 1035552 | FortiManager's GUI may crash when users are navigating through DHCP Monitor (Device Manager > Managed Fortigate > Dashboard: Network Monitors). |
| 1036901 | The "Export" button does not function when attempting to export the Security Rating Report under Fabric View. |
|
1043193 |
When performing an FortiGate HA upgrade via FortiManager by enabling the "Let Device Download Firmware from FortiGuard" feature, each member was upgraded twice. |
| 1047184 | When the "Allow FortiToken Mobile push notification" policy is enabled in the FortiAuthenticator, the "Token Code" field is not displayed on the FortiManager's GUI login page for manual insertion of the token. It should be noted, the token is received on the phone, and the login completes successfully. |
| 1050556 | Unable to fix "adom-integrity"
error using "diagnose cdb upgrade" command. |
| 1055036 | Using Firmware Templates for scheduled upgrades may cause the "fwmsvrd" application daemon to crash. |
| 1055417 |
Unable to upgrade the firmware version of the FortiGates in HA cluster by using the firmware template when HA is in-sync status. The failure to upgrade FortiGate HA cluster firmware is caused by a crash in "dmserver" daemon. |
| 1062128 |
After upgrading to the latest available build, the FortiManager GUI displays the warning message: "A new firmware version is available". |
| 1071064 | Unable to upgrade the ADOMs. |
Policy and Objects
|
Bug ID |
Description |
|---|---|
| 843716 | FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server. |
| 897470 | When running the "Policy Check", FortiManager occasionally incorrectly marks policies as shadowed. |
| 963536 | The policy package feature "Export to Excel" is not functioning. |
| 970056 | The policy installation fails when FortiManager attempts to apply changes related to the "management address" on the interface of the FortiGates. |
| 971610 | FortiManager does not able to import the Central SNAT, DNAT, DOS, local-in and traffic shaping policies. |
| 981694 | When "NAC Policy" rules are created and the "Install On" option is set to specific FortiGates, the rules are still pushed to all FortiGates listed under "Installation Targets". This results in policy installation failures on other devices, as some FortiGates might not support NAC Policy settings. |
| 998238 | Unable to delete some Object Addresses due to the invalid policy nodes and references. |
| 998850 |
Modification to Policy with install target does not update the policy package status. |
| 1001027 |
If using Static Route template, FortiManager may become unresponsive when trying to install multiple devices simultaneously. |
| 1004056 |
The installation may encounter an error related to Syntax support for the " |
| 1004929 |
FortiManager removes the Web Filter Profile from the Profile Group for Policy-Based FortiGates. |
| 1005161 | The policy package status changes for all devices even when an address object is opened and saved without any modifications. This issue is particularly observed in objects utilizing the per-device mapping feature. |
| 1013434 | Unable to add VIP/VIP group in the destination address field of policies, as they are not visible when trying to add them in ADOM 6.4. |
| 1013948 | After upgrading to FortiManager versions 7.2.5 or 7.4.3, the installation preview may hang. However, the installation process itself can be completed successfully. |
| 1013990 |
There are no commands available for installing source or destination interfaces when adding them to a firewall policy or SNAT rule. |
| 1014035 | Video filter profile config is not getting pushed completely from FortiManager to FortiGate. |
| 1026986 | Firewall address show inconsistency result or not displaying correct objects on different GUI page |
| 1029787 | The Firewall Policy pane in the FortiManager GUI may occasionally display both "Standard Security Profiles" (SSL no-inspection and protocol default profiles) and "Security Profile Groups" simultaneously. |
| 1033126 |
When " |
| 1034754 |
Policy installation might fail for v7.4.4 FortiGates when the " |
| 1037357 | FortiManager displays error when viewing policy consistency check results. |
| 1039766 | The Firewall Policy Lookup feature does not display the list of source interfaces for FortiGates. |
| 1040107 |
Unable to install the Type of Service (ToS) and ToS-mask configuration from FortiManager to FortiGates. |
| 1040160 | When installing policy to a FortiGate that uses FortiSandbox inline scanning on an AV profile, FortiManager unsets the configuration on install. |
| 1046002 | Policy Package status does not display "unknown" status immediately following retrieve. |
|
1055795 |
During device import via multiple CSV files at same time, some devices were imported successfully, while others encountered errors and had missing metadata variables. Additionally, FortiManager forced the admin to log out. When attempting to log back in, the following error message appeared: "ADOM not found". |
| 1066617 |
Unable to create the IP address object type wildcard, the following error message is displayed: "Invalid IP netmask". |
| 1068736 | Best Quality SDWAN rules installation may fail with the following error message: "Commit failed: Bad health check name". |
| 1070800 |
FortiManager is attempting to install the " |
Revision History
|
Bug ID |
Description |
|---|---|
| 801614 |
FortiManager might display an error message "Failed to create a new revision." for some FortiGates, when retrieving their configurations. |
System Settings
| Bug ID | Description |
|---|---|
| 1005098 |
Verification of the LDAP Server through LDAP Browser may display an "Operation Error" message. |
|
1027547 |
In certain cases (currently under investigation), the License Status on FortiManager may be incorrectly displayed as "Expired" despite the license being active in the account. |
| 1034021 | FortiManager does notredirect to SSO login page when "Default Login Page" in SAML SSO is set to "Single-Sign-On". |
| 1034076 | Admin Profile with no access to provisioning template can view provisioning templates by using direct URLs. |
| 1036112 | The "Time Used", "Start Time", and "End Time" data displayed in the Task Monitor do not match. |
| 1040130 | GMT+6 is not visible on the System Settings. |
| 1040377 | Despite unchecking the backup strategy option and receiving the "Setup Complete" message, the "Setup Wizard" continues to display during future logins on the secondary members. |
| 1043581 | Unable to access SD-WAN Widget with only SD-WAN permissions. |
VPN Manager
|
Bug ID |
Description |
|---|---|
|
1042701 |
The traffic view page for the full mesh does not display the FortiGate and the external gateway. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
|
773006 |
FortiManager 7.4.4 is no longer vulnerable to the following CVE Reference:
|
|
1021287 |
FortiManager 7.4.4 is no longer vulnerable to the following CVE Reference:
|
|
1034018 |
FortiManager 7.4.4 is no longer vulnerable to the following CVE Reference:
|
|
1034881 |
FortiManager 7.4.4 is no longer vulnerable to the following CVE Reference:
|
|
1040286 |
FortiManager 7.4.4 is no longer vulnerable to the following CVE Reference:
|
|
1046429 |
FortiManager 7.4.4 is no longer vulnerable to the following CVE Reference:
|
|
1046430 |
FortiManager 7.4.4 is no longer vulnerable to the following CVE Reference:
|
|
1051914 |
FortiManager 7.4.4 is no longer vulnerable to the following CVE Reference:
|
|
1060887 |
FortiManager 7.4.4 is no longer vulnerable to the following CVE Reference:
|
|
1060908 |
FortiManager 7.4.4 is no longer vulnerable to the following CVE Reference:
|