Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.6
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiManager 7.4.6 Release Notes
    7.4.6
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3

    Resolved issues

    Resolved issues

    The following issues have been fixed in 7.4.6. To inquire about a particular bug, please contact Customer Service & Support.

    AP Manager

    Bug ID Description
    1076200

    Policy install fails due to FortiManager installs unexpected changes related to "<wifi_intf> address".

    1081136

    FortiManager is trying to delete and create ssid interface subnet address after upgrade.

    Device Manager

    Bug ID

    Description
    952422

    IPsec templates created by SDWAN Overlay does not create tunnels for all the underlay interfaces.

    1039591

    The Link Status entries are blank under the Interfaces >>> Network.
    1041440

    Some FortiGate platforms (FGT-40F & FGT-60F) do not support the "ip-managed-by-fortiipam" and FortiGate refuses to take the configuration from FortiManager; hence users will be experiencing the install error.

    1053194

    If the "system interface speed" attribute is changed from the FortiManager, it may potentially cause an installation failure. Modifying the "system interface speed" is not currently supported on the FortiManager and must be done on the FortiGate side.
    1063635

    FortiManager does not support the "FortiWiFi-80F-2R-3G4G-DSL".

    1063835

    FortiManager ZTP installation to FortiGate versions 7.2.8 and lower may fail due to differing default "ssh-kex-algo" settings between FortiManager and FortiGate.

    1074717 An error might be observed when the SD-WAN template health check name contains a space, displaying the following message: "Bad health check name...".
    1075052

    Occasionally, installations may fail on FortiGates in HA mode due to a "Serial number does NOT match" error. This can happen if the HA device's serial number on FortiManager does not immediately update after a failover.

    1075281

    Unable to add FortiAnalyzer to FortiManager when "fgfm-peercert-withoutsn" is enabled.

    1075747 SD-WAN Monitor does not display the members under the SD-WAN Rules (Map View or Table View). This issue is most likely to occur when "priority-zone" is configured.
    1080414

    CSV import fails to set metadata variables due to old header format ("name").

    1081105

    The "system interface speed" attribute is incorrectly configured on the FortiManager, which may cause the installation to the FortiGate to fail.

    Workaround:

    Change the interface speed using CLI script and run directly on the FortiGate using the syntax "set speed auto".
    1099824 FortiManager may push the ICAP and WAF profile configurations to low-end FortiGate models that do not support these features, potentially causing installation failures.

    FortiSwitch Manager

    Bug ID

    Description
    1075021

    Users with the "admin profile" rights cannot access the FortiSwitch Manager.

    Others

    Bug ID

    Description
    998198

    When upgrading ADOM, the upgrade process fails with the following error: "invalid value - can not find import template 'XYZ' ".

    1003711

    During the FortiGate HA upgrade, both the primary and secondary FortiGates may reboot simultaneously, which can disrupt the network. This issue is more likely to occur in FortiGates that require disk checks, leading to longer boot times.
    1058185 FortiProxy policies not imported if the policies have either internet service or IPv6 used in the source or destination.

    1071646

    Formatted Event logs do not display the correct timestamp.

    1075449

    Intermittent connection issues have been reported randomly when the FortiManager manages 1000+ FortiGates.
    1078947

    Repeatedly testing the URL rating on FortiManager (diagnose fmupdate test fgd-url-rating...) may cause the "fgdsvr daemon" to crash.

    Policy and Objects

    Bug ID

    Description
    978136

    Occasionally, installation may fail due to an error message, "Waiting for another session", which prevents policies from being installed from FortiManager. During this issue, the following message may also appear: "Blocked by session id(XYZ) username(n/a)". This issue may be caused by a signal loss between the child and parent security console processes, leading the parent process to continue waiting for a copy result.

    986256

    When creating the application list on the FortiManager, if the Category ID is set to 33 or 34, the installation does not display any errors. However, these invalid categories cannot be set on the FortiGate. Consequently, the assigned application list entry will be created without a specific category and will default to the "block" action. This behavior may cause network interruptions.

    991720

    FortiManager still has an option to enable the "match-vip" through the policy package for "allow" policies. However, this is not supported anymore on the FortiGates.

    1029921 Under the "Web Application Firewall" security profiles, users are unable to disable the signatures through the GUI.
    1071226 Policy Lookup is not showing result as highlighted when the sections are not expended.
    1074686

    FortiManager fails to import NAC policies.

    1076659

    When policy package configured with policy block, installation to multiple devices may have copy fail errors if combined length of the Policy Block name and Policy name is greater than 35 characters and if the total number of such policies exceeds 1000.
    1077964

    After ZTNA server real server address type changes from FQDN to IP, the policy installation may fail; FortiManager pushes ZTNA server config with wrong order.

    1079678

    FortiManager does not provide any warning when there is a "deny all" policy in the middle of a Policy Package. This can be still seen on the "task monitor".

    1082548

    Address type FQDN is missing DNS resolve domain name function feature.

    1093173

    Web-filter rating service returns unrated when the URL does not have 'scheme' part.

    Script

    Bug ID

    Description
    976873 Running "exe fmpolicy print-adom-package-assignment Global 1" command terminates the CLI/SSH session.

    System Settings

    Bug ID Description
    1047252

    Incorrect warning message displayed in FortiManager GUI during upgrade from Feature build to Mature build.
    1063040

    Unable to import a local certificate into FortiManager. This issue may occur if the certificate is encrypted with a newer OpenSSL version that FortiManager does not yet support.

    Common Vulnerabilities and Exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID CVE references

    1020280

    FortiManager 7.4.6 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-33504

    1055002

    FortiManager 7.4.6 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-3596

    1093573

    FortiManager 7.4.6 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-52962

    1093599

    FortiManager 7.4.6 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-50571

    1099266

    FortiManager 7.4.6 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-52964
    Previous
    Next

    Resolved issues

    Resolved issues

    The following issues have been fixed in 7.4.6. To inquire about a particular bug, please contact Customer Service & Support.

    AP Manager

    Bug ID Description
    1076200

    Policy install fails due to FortiManager installs unexpected changes related to "<wifi_intf> address".

    1081136

    FortiManager is trying to delete and create ssid interface subnet address after upgrade.

    Device Manager

    Bug ID

    Description
    952422

    IPsec templates created by SDWAN Overlay does not create tunnels for all the underlay interfaces.

    1039591

    The Link Status entries are blank under the Interfaces >>> Network.
    1041440

    Some FortiGate platforms (FGT-40F & FGT-60F) do not support the "ip-managed-by-fortiipam" and FortiGate refuses to take the configuration from FortiManager; hence users will be experiencing the install error.

    1053194

    If the "system interface speed" attribute is changed from the FortiManager, it may potentially cause an installation failure. Modifying the "system interface speed" is not currently supported on the FortiManager and must be done on the FortiGate side.
    1063635

    FortiManager does not support the "FortiWiFi-80F-2R-3G4G-DSL".

    1063835

    FortiManager ZTP installation to FortiGate versions 7.2.8 and lower may fail due to differing default "ssh-kex-algo" settings between FortiManager and FortiGate.

    1074717 An error might be observed when the SD-WAN template health check name contains a space, displaying the following message: "Bad health check name...".
    1075052

    Occasionally, installations may fail on FortiGates in HA mode due to a "Serial number does NOT match" error. This can happen if the HA device's serial number on FortiManager does not immediately update after a failover.

    1075281

    Unable to add FortiAnalyzer to FortiManager when "fgfm-peercert-withoutsn" is enabled.

    1075747 SD-WAN Monitor does not display the members under the SD-WAN Rules (Map View or Table View). This issue is most likely to occur when "priority-zone" is configured.
    1080414

    CSV import fails to set metadata variables due to old header format ("name").

    1081105

    The "system interface speed" attribute is incorrectly configured on the FortiManager, which may cause the installation to the FortiGate to fail.

    Workaround:

    Change the interface speed using CLI script and run directly on the FortiGate using the syntax "set speed auto".
    1099824 FortiManager may push the ICAP and WAF profile configurations to low-end FortiGate models that do not support these features, potentially causing installation failures.

    FortiSwitch Manager

    Bug ID

    Description
    1075021

    Users with the "admin profile" rights cannot access the FortiSwitch Manager.

    Others

    Bug ID

    Description
    998198

    When upgrading ADOM, the upgrade process fails with the following error: "invalid value - can not find import template 'XYZ' ".

    1003711

    During the FortiGate HA upgrade, both the primary and secondary FortiGates may reboot simultaneously, which can disrupt the network. This issue is more likely to occur in FortiGates that require disk checks, leading to longer boot times.
    1058185 FortiProxy policies not imported if the policies have either internet service or IPv6 used in the source or destination.

    1071646

    Formatted Event logs do not display the correct timestamp.

    1075449

    Intermittent connection issues have been reported randomly when the FortiManager manages 1000+ FortiGates.
    1078947

    Repeatedly testing the URL rating on FortiManager (diagnose fmupdate test fgd-url-rating...) may cause the "fgdsvr daemon" to crash.

    Policy and Objects

    Bug ID

    Description
    978136

    Occasionally, installation may fail due to an error message, "Waiting for another session", which prevents policies from being installed from FortiManager. During this issue, the following message may also appear: "Blocked by session id(XYZ) username(n/a)". This issue may be caused by a signal loss between the child and parent security console processes, leading the parent process to continue waiting for a copy result.

    986256

    When creating the application list on the FortiManager, if the Category ID is set to 33 or 34, the installation does not display any errors. However, these invalid categories cannot be set on the FortiGate. Consequently, the assigned application list entry will be created without a specific category and will default to the "block" action. This behavior may cause network interruptions.

    991720

    FortiManager still has an option to enable the "match-vip" through the policy package for "allow" policies. However, this is not supported anymore on the FortiGates.

    1029921 Under the "Web Application Firewall" security profiles, users are unable to disable the signatures through the GUI.
    1071226 Policy Lookup is not showing result as highlighted when the sections are not expended.
    1074686

    FortiManager fails to import NAC policies.

    1076659

    When policy package configured with policy block, installation to multiple devices may have copy fail errors if combined length of the Policy Block name and Policy name is greater than 35 characters and if the total number of such policies exceeds 1000.
    1077964

    After ZTNA server real server address type changes from FQDN to IP, the policy installation may fail; FortiManager pushes ZTNA server config with wrong order.

    1079678

    FortiManager does not provide any warning when there is a "deny all" policy in the middle of a Policy Package. This can be still seen on the "task monitor".

    1082548

    Address type FQDN is missing DNS resolve domain name function feature.

    1093173

    Web-filter rating service returns unrated when the URL does not have 'scheme' part.

    Script

    Bug ID

    Description
    976873 Running "exe fmpolicy print-adom-package-assignment Global 1" command terminates the CLI/SSH session.

    System Settings

    Bug ID Description
    1047252

    Incorrect warning message displayed in FortiManager GUI during upgrade from Feature build to Mature build.
    1063040

    Unable to import a local certificate into FortiManager. This issue may occur if the certificate is encrypted with a newer OpenSSL version that FortiManager does not yet support.

    Common Vulnerabilities and Exposures

    Visit https://fortiguard.com/psirt for more information.

    Bug ID CVE references

    1020280

    FortiManager 7.4.6 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-33504

    1055002

    FortiManager 7.4.6 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-3596

    1093573

    FortiManager 7.4.6 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-52962

    1093599

    FortiManager 7.4.6 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-50571

    1099266

    FortiManager 7.4.6 is no longer vulnerable to the following CVE Reference:

    • CVE-2024-52964
    Previous
    Next