MEAs cannot be enabled from FortiManager's GUI.

Workaround:

Use the following CLI command to enable them (in this example, universalconnector)

config system docker

set status enable

set universalconnector enable

end

When enabling Fabric Management, the "csfd" process might not start immediately.

Workaround:

Reboot the Supervisor or Member FortiManager to initiate the "csfd" process.

The log insertion might be interrupted if FortiManager is upgraded directly from version (7.4.0/7.4.1) to 7.6.0. This will only occur if FortiAnalyzer Features are enabled on FortiManager.

Workaround:

To avoid this issue, upgrade the FortiManager to 7.4.2/7.4.3 first and then to 7.6.0.

For more details see Special Notices

Configuring the SSL/SSH inspection profile may result in the following error: "The server certificate replacement mode cannot support category exemptions."

Workaroud:

1. Modify the SSL/SSH inspection profiles.

2. Toggle from Protecting SSL Server to Multiple Clients Connecting to multiple Servers.

3. Remove the categories from the Exempt from SSL inspection list.

4. Toggle back to Protecting SSL Server and click OK.

5. Install.

FortiManager is generating false vulnerability reports for certain FortiAPs:

• U431F

• U231F

The 802.11ax-5g AP profile is missing for all FortiAPs that support WiFi 6. This issue has been observed in FortiManager 7.6.0 and ADOM 7.6.

Failed to reload the configuration due to the "datasrc invalid" error message.

Packet Capture feature for managed FortiGates does not work; it starts but immediately stops.

Setting up a FortiGate-HA with ZTP fails because the FortiLink is not deleted during the "HA config pushed to FGT" process.

If the "system interface speed" attribute is changed from the FortiManager, it may potentially cause an installation failure. Modifying the "system interface speed" is not currently supported on the FortiManager and must be done on the FortiGate side.

FortiManager ZTP installation to FortiGate versions 7.2.8 and lower may fail due to differing default "ssh-kex-algo" settings between FortiManager and FortiGate.

Unable to upgrade the devices using the Device Group Upgrade Firmware feature.

Workaround:

Upgrade devices individually by using the "Device Firmware Upgrade" feature or Create New Firmware Template for single devices or device groups and use the "Assign to Devices/Groups feature.

Unable to add FortiAnalyzer to FortiManager, when "fgfm-peercert-withoutsn" is enabled.

Workaround:

Set the "fgfm-peercert-withoutsn" to disable and then add FortiAnalyzer to FortiManager.

FortiSwitch diagnostics tools do not display the cable test diagnose results, device information on Ports, and update Registration status.

When upgrading ADOM, the upgrade process fails with the following error: "invalid value - can not find import template 'XYZ' ".

Workaround:

Locate the scripts, delete them, upgrade the ADOM and then import the scripts.

Unable to upgrade ADOM from 7.0 to 7.2, due to the error "Do not support urlfilter-table for global scope webfilter profile".

Workaround

Run the following script against the ADOM DB:

config webfilter profile

edit "g-default"

config web

unset urlfilter-table

end

next

end

Unable to upgrade the firmware version of the FortiGates in HA cluster by using the firmware template when HA is in-sync status. The failure to upgrade FortiGate HA cluster firmware is caused by a crash in "dmserver" daemon.

After upgrading to the latest available build, the FortiManager GUI displays the warning message: "A new firmware version is available".

FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server.

FortiManager is not able to import the Central SNAT, DNAT, DOS, local-in and traffic shaping policies.

FortiManager still has an option to enable the "match-vip" through the policy package for "allow" policies. However, this is not supported anymore on the FortiGates.

Workaround:

Disable the option under advance option in Firewall Rule.

The policy package status changes for all devices even when an address object is opened and saved without any modifications. This issue is particularly observed in objects utilizing the per-device mapping feature.

Under the "Web Application Firewall" security profiles, users are unable to disable the signatures through the GUI.

The Firewall Policy Lookup feature does not display the list of source interfaces for FortiGates.

FortiManager is attempting to install the "cli-cmd-audit" command on a FortiGate running version 7.2.8, which does not support this command, leading to an installation error.

Verification of the LDAP Server through the LDAP Browser may display an "Operation Error" message.

Workaround:

If an "Operation Error" occurs during LDAP Server Browser verification, re-enter the password and attempt the verification process again.

In certain cases (currently under investigation), the License Status on FortiManager may be incorrectly displayed as "Expired" despite the license being active in the account.

Workaround:

Restart the FortiManager when feasible.

Despite unchecking the backup strategy option and receiving the "Setup Complete" message, the "Setup Wizard" continues to display during future logins on the Secondary members.