Fortinet black logo

Release Notes

Home FortiManager 7.4.0 Release Notes
7.4.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3

Resolved Issues

Resolved Issues

The following issues have been fixed in 7.4.0. To inquire about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
781561 User may not be able to access AP Manager with custom read only admin profile.
881548 Unable to install successfully when creating a SSID using its default value.
889811 Under WIFI and switch controller for Managed FortiAPs, there is not any LLDP info found.

910182

AP Manager doesn't load if admin profile permission is Read-Only.

Device Manager

Bug ID Description
801886 FortiManager does not assign the correct VDOM name when configuring a new inter-vdom link interface.
803425 Installation failed due to the some of the "os-check-list" items which are not supported by the FortiGates anymore.
817346 Editing interface with normalized interface mapping displays some unnecessary messages for mapping change.

831874

FortiManager's GUI is keep refreshing when clicking on the devices under the Managed Devices.
836933 Changes on the External-Resource settings from ADOMs for specific VDOMs/FortiGates alter the External-Resource settings for other ADOMs and VDOMs.
876040 Status of Certificates is displayed as "pending" under the System's Certificates.

879833

Adding a model device with variable to FortiManager displays an error message "a[i].replace is not a function".
881308 The default value of the "router.static.vrf" leads to installation failure when attempting to install blackhole routes to FortiGates.

885454

After upgrading FortiManager, certificates for FGT-1100E's are missing from the Device Manager.

886917

888930

 FortiManager's ipsec templates remove the sdwan member and bgp neighbor attached to an ipsec interface. This causes the sdwan member to be removed even when it's used.
887903 System template interface table gets purged when trying to create VLAN type with name length greater than 15.
888658 Editing DHCP Settings of a FortiGate interface displays the following error message: "You have no permission to access this device/vdom".
891216 Unable to edit/save interface with DHCP relay enabled.
891341 Installation fails due to the Copy failure error; system template created with some empty string values which are assigned to devices.

891967

When management VDOM is non-root and has been assigned to a different ADOM, FortiManager displays the error, "Can not access device global setting if management VDOM is not in current ADOM".

893592

Exporting the Device List to CSV and Excel file doesn't include the FortiAPs and FortiSwitches info.
896127 When attempting to create a VLAN type with a name longer than 15 characters, FortiManager displays an error message.
896998 Unable to get access to the Certificates via Device Manager > DEVICE_NAME > VDOM_NAME > System.
897863 After de-selecting the 'allow-dns' feature under the application control list, the changes cannot be saved.

898814

FortiManager keeps changing the cert-id-validation's value to its default value during the installation.
899541 An error message "upgrade image failed" is shown, even though the upgrade has been completed successfully.
899903 FortiManager GUI does not list all NTP interfaces.

FortiSwitch Manager

Bug ID

Description

872802

FortiManager automatically sets "default" as dnsfilter-profile under dns-server for fortilink interface.

890205

Selecting multiple ports to "Edit" is not possible as it is greyed out.

Others

Bug ID

Description
788006 FortiManager consumes license count for the Admin Type VDOMs.
802922 The application "newcli" process crashes when the "diagnose cdb upgrade check +all" command runs.
814425 Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.
829046 After the upgrade, some of the metadata variables are missing.
832351 FortiManager does not allow users to enter to the root ADOM; it displays the "ADOM license was expired..." message.
851586 FortiManager displays "invalid scope" errors when running the "diagnose cdb check policy-packages" command.
869955 BGP Template route map option does not support Meta Variables.
871608 Unable to retrieve routing information from FortiGate via FortiManager when there is a large routing table.

873110

FortiManager displays "expired" instead of "not licensed" for non-purchased FortiGuard services.
875006 When clicking on the warning message, which indicates critical security vulnerabilities, a list of all types of security vulnerabilities is displayed.

883548

FortiManager/FortiAnalyzer is forcing its users to upgrade the Firmware version upon login.

891869

FortiManager wrongly recommends lower version for upgrade the FortiGates.
895081 Some FortiGates were unable to be upgraded from FortiManager due to firmware ID discrepancies between FortiManager and FortiGuard.
899570 Unable to add the "FortiGateRugged-60F" FGT to the FortiManager.
899750 ADOM upgrade makes the Policy Packages status modified.
906533 Group options, when creating/editing the workflow approval group, displays wrong info.

Policy and Objects

Bug ID

Description

656991

FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address.
739489 It's not possible to enable NAT with Outgoing Interface Address by directly right-clicking on the NAT section of a firewall policy.
774058 Rule list order may not be saved under File Filter Profile.
803460 User Definitions entries under the User & Authentication cannot be removed from FortiManager.
814468 FortiManager purges gcp-project-list and unsets several values from GCP sdn-connector.
821114 EMS ZTNA Tags in FortiManager and FortiGate are using different naming convention; therefore, installing the policies with those tags to FortiGates do not work.
827416 FortiManager does not display any copy failure errors when utilized objects do not have any default values or per-device mapping.

862014

880359

 FortiManager is purging 'replacement message group custom' configuration after install verification fails.
866724 Copy Failed error has been observed with the error message "Virtual server limit reached!"; this limit is 50 for FGT AWS ONDEMAND.
866826 Failed to modify Virtual Server addresses in Firewall Polices with Deny Action.
867809 During installation, FortiManager unsets status for the proxy policies.
870800 Even though each interface is mapped to be used in specific vdoms, the already mapped interface still can be selected for other VDOMs.
873006 Firewall Address entries cannot be modified and GUI displays an error message, "Object already exists."

875547

Policy & Package cannot be imported if the type of firewall address in FortiGates are "interface-subnet" and subnet's value is different from its value on FortiManager.
877477 Domain Name Threat Feeds are not available in DNS Filter > Remote Categories.
880431 Unable to define Exempt IP in IPS Sensor.
880575 When using the "reinstall policy" option to install to devices with different policy packages, the corresponding event log shows the same policy package pushed to all devices.
881634 When multiple VDOMs are selected for installation using the Re-install Policy feature, FortiManager only applies "re-install policy" for one VDOM from each devices.
881857 Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used.
882477 Error Message "Object already exists" is displayed when editing per device mapping for Address Group.
882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".
883527 Install Preview does not display any info during the installation when using device groups in PP Installation Targets.
884275 Not able to move policy blocks properly.
885827 FortiManager does not save and keep the selected "collapse all" mode for the policy package.
885992 Duplicate section names are created for policy package when ViewMode interface pair View is selected.
886370 FortiManager doesn't sort by interface per view results correctly; the results are not displayed in alphabetical order.
886906 When scrolling the policy page down/up the policy page appeared to be blank.
887278 Installation failed due to the limit on max entery for "endpoint-control fctems".

888483

The "automation email" under the "Replacement Message Group" is blank.
889068 Unable to push policies when VDOMs are in different ADOMs.
889563

FortiManager, for ADOM version 6.4, does not support Creating, Importing, and Inserting Above or Below actions for a deny policy with a "Log Violation Traffic" disabled.

891832 The install preview for policy package being used by multiple FortiGates is taking some time to load.
891996 "Find and Replace" feature does not displaythe entries correctly and it does not allow any changes.
895979 FortiManager attempts setting the Zone as the interface for firewall policy during the installation.
899339 FortiManager does not seek for confirmation when deleting an object from firewall policy.
912635 FortiManager attempts to purge the DLP objects that were downloaded from FortiGuard by the FortiGates.
912670 FortiManager attempts to install "set global-label" which creates some error message logs but does not cause any installation failure.
912732 The installation fails when the IPS signature contains CVE references.

Revision History

Bug ID

Description
513317 FortiManager may fail to install policy after FortiGate failover on Azure.
672609 After import, FortiManager may prompt password error on administrator during install.

801614

FortiManager might display an error message, "Failed to create a new revision." for some FortiGates when retrieving their configurations.

Script

Bug ID

Description
876917 "Capture Diff to a Script" does not work properly. It does not display the changes.

System Settings

Bug ID Description

853429

Creating FortiManager's configuration backup via scp cannot be done.
873078 FortiManagers HA cannot be configured as the initial sync never completes.
884168 FortiManager suggests wrong versions to upgrade FortiGates in order to resolve the PSIRT Vulnerability.

884396

The firmware upgrade notification on the FortiManager and FortiAnalyzer keeps appearing continuously after each login.
884848 FortiManager HA is not syncing after upgrade as the synchronization between the cluster units never completes.
894366 Any changes related to "lan" interface on FGT-40F, where the role is defined as "LAN", FortiManager tries installing firewall address "lan address" with type interface-subnet linked to interface "lan". The Install Verification fails for "lan address" as "entry not found in database".

VPN Manager

Bug ID

Description

798995

It's not possible to delete an SSL VPN portal profile from FortiManager GUI if the profile has been already installed.
857051 Installing a policy package with IPSec VPN to FortiGates fail with the following error: "TCL error (The remote gateway is a duplicate of another IPsec gateway entry)".
888272 Single entry of SSLVPN settings cannot be selected under VPN Manager.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

841029

FortiManager 7.4.0 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-25607

850883

FortiManager 7.4.0 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-36638

889979

FortiManager 7.4.0 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-41679
Previous
Next

Resolved Issues

The following issues have been fixed in 7.4.0. To inquire about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
781561 User may not be able to access AP Manager with custom read only admin profile.
881548 Unable to install successfully when creating a SSID using its default value.
889811 Under WIFI and switch controller for Managed FortiAPs, there is not any LLDP info found.

910182

AP Manager doesn't load if admin profile permission is Read-Only.

Device Manager

Bug ID Description
801886 FortiManager does not assign the correct VDOM name when configuring a new inter-vdom link interface.
803425 Installation failed due to the some of the "os-check-list" items which are not supported by the FortiGates anymore.
817346 Editing interface with normalized interface mapping displays some unnecessary messages for mapping change.

831874

FortiManager's GUI is keep refreshing when clicking on the devices under the Managed Devices.
836933 Changes on the External-Resource settings from ADOMs for specific VDOMs/FortiGates alter the External-Resource settings for other ADOMs and VDOMs.
876040 Status of Certificates is displayed as "pending" under the System's Certificates.

879833

Adding a model device with variable to FortiManager displays an error message "a[i].replace is not a function".
881308 The default value of the "router.static.vrf" leads to installation failure when attempting to install blackhole routes to FortiGates.

885454

After upgrading FortiManager, certificates for FGT-1100E's are missing from the Device Manager.

886917

888930

 FortiManager's ipsec templates remove the sdwan member and bgp neighbor attached to an ipsec interface. This causes the sdwan member to be removed even when it's used.
887903 System template interface table gets purged when trying to create VLAN type with name length greater than 15.
888658 Editing DHCP Settings of a FortiGate interface displays the following error message: "You have no permission to access this device/vdom".
891216 Unable to edit/save interface with DHCP relay enabled.
891341 Installation fails due to the Copy failure error; system template created with some empty string values which are assigned to devices.

891967

When management VDOM is non-root and has been assigned to a different ADOM, FortiManager displays the error, "Can not access device global setting if management VDOM is not in current ADOM".

893592

Exporting the Device List to CSV and Excel file doesn't include the FortiAPs and FortiSwitches info.
896127 When attempting to create a VLAN type with a name longer than 15 characters, FortiManager displays an error message.
896998 Unable to get access to the Certificates via Device Manager > DEVICE_NAME > VDOM_NAME > System.
897863 After de-selecting the 'allow-dns' feature under the application control list, the changes cannot be saved.

898814

FortiManager keeps changing the cert-id-validation's value to its default value during the installation.
899541 An error message "upgrade image failed" is shown, even though the upgrade has been completed successfully.
899903 FortiManager GUI does not list all NTP interfaces.

FortiSwitch Manager

Bug ID

Description

872802

FortiManager automatically sets "default" as dnsfilter-profile under dns-server for fortilink interface.

890205

Selecting multiple ports to "Edit" is not possible as it is greyed out.

Others

Bug ID

Description
788006 FortiManager consumes license count for the Admin Type VDOMs.
802922 The application "newcli" process crashes when the "diagnose cdb upgrade check +all" command runs.
814425 Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.
829046 After the upgrade, some of the metadata variables are missing.
832351 FortiManager does not allow users to enter to the root ADOM; it displays the "ADOM license was expired..." message.
851586 FortiManager displays "invalid scope" errors when running the "diagnose cdb check policy-packages" command.
869955 BGP Template route map option does not support Meta Variables.
871608 Unable to retrieve routing information from FortiGate via FortiManager when there is a large routing table.

873110

FortiManager displays "expired" instead of "not licensed" for non-purchased FortiGuard services.
875006 When clicking on the warning message, which indicates critical security vulnerabilities, a list of all types of security vulnerabilities is displayed.

883548

FortiManager/FortiAnalyzer is forcing its users to upgrade the Firmware version upon login.

891869

FortiManager wrongly recommends lower version for upgrade the FortiGates.
895081 Some FortiGates were unable to be upgraded from FortiManager due to firmware ID discrepancies between FortiManager and FortiGuard.
899570 Unable to add the "FortiGateRugged-60F" FGT to the FortiManager.
899750 ADOM upgrade makes the Policy Packages status modified.
906533 Group options, when creating/editing the workflow approval group, displays wrong info.

Policy and Objects

Bug ID

Description

656991

FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address.
739489 It's not possible to enable NAT with Outgoing Interface Address by directly right-clicking on the NAT section of a firewall policy.
774058 Rule list order may not be saved under File Filter Profile.
803460 User Definitions entries under the User & Authentication cannot be removed from FortiManager.
814468 FortiManager purges gcp-project-list and unsets several values from GCP sdn-connector.
821114 EMS ZTNA Tags in FortiManager and FortiGate are using different naming convention; therefore, installing the policies with those tags to FortiGates do not work.
827416 FortiManager does not display any copy failure errors when utilized objects do not have any default values or per-device mapping.

862014

880359

 FortiManager is purging 'replacement message group custom' configuration after install verification fails.
866724 Copy Failed error has been observed with the error message "Virtual server limit reached!"; this limit is 50 for FGT AWS ONDEMAND.
866826 Failed to modify Virtual Server addresses in Firewall Polices with Deny Action.
867809 During installation, FortiManager unsets status for the proxy policies.
870800 Even though each interface is mapped to be used in specific vdoms, the already mapped interface still can be selected for other VDOMs.
873006 Firewall Address entries cannot be modified and GUI displays an error message, "Object already exists."

875547

Policy & Package cannot be imported if the type of firewall address in FortiGates are "interface-subnet" and subnet's value is different from its value on FortiManager.
877477 Domain Name Threat Feeds are not available in DNS Filter > Remote Categories.
880431 Unable to define Exempt IP in IPS Sensor.
880575 When using the "reinstall policy" option to install to devices with different policy packages, the corresponding event log shows the same policy package pushed to all devices.
881634 When multiple VDOMs are selected for installation using the Re-install Policy feature, FortiManager only applies "re-install policy" for one VDOM from each devices.
881857 Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used.
882477 Error Message "Object already exists" is displayed when editing per device mapping for Address Group.
882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".
883527 Install Preview does not display any info during the installation when using device groups in PP Installation Targets.
884275 Not able to move policy blocks properly.
885827 FortiManager does not save and keep the selected "collapse all" mode for the policy package.
885992 Duplicate section names are created for policy package when ViewMode interface pair View is selected.
886370 FortiManager doesn't sort by interface per view results correctly; the results are not displayed in alphabetical order.
886906 When scrolling the policy page down/up the policy page appeared to be blank.
887278 Installation failed due to the limit on max entery for "endpoint-control fctems".

888483

The "automation email" under the "Replacement Message Group" is blank.
889068 Unable to push policies when VDOMs are in different ADOMs.
889563

FortiManager, for ADOM version 6.4, does not support Creating, Importing, and Inserting Above or Below actions for a deny policy with a "Log Violation Traffic" disabled.

891832 The install preview for policy package being used by multiple FortiGates is taking some time to load.
891996 "Find and Replace" feature does not displaythe entries correctly and it does not allow any changes.
895979 FortiManager attempts setting the Zone as the interface for firewall policy during the installation.
899339 FortiManager does not seek for confirmation when deleting an object from firewall policy.
912635 FortiManager attempts to purge the DLP objects that were downloaded from FortiGuard by the FortiGates.
912670 FortiManager attempts to install "set global-label" which creates some error message logs but does not cause any installation failure.
912732 The installation fails when the IPS signature contains CVE references.

Revision History

Bug ID

Description
513317 FortiManager may fail to install policy after FortiGate failover on Azure.
672609 After import, FortiManager may prompt password error on administrator during install.

801614

FortiManager might display an error message, "Failed to create a new revision." for some FortiGates when retrieving their configurations.

Script

Bug ID

Description
876917 "Capture Diff to a Script" does not work properly. It does not display the changes.

System Settings

Bug ID Description

853429

Creating FortiManager's configuration backup via scp cannot be done.
873078 FortiManagers HA cannot be configured as the initial sync never completes.
884168 FortiManager suggests wrong versions to upgrade FortiGates in order to resolve the PSIRT Vulnerability.

884396

The firmware upgrade notification on the FortiManager and FortiAnalyzer keeps appearing continuously after each login.
884848 FortiManager HA is not syncing after upgrade as the synchronization between the cluster units never completes.
894366 Any changes related to "lan" interface on FGT-40F, where the role is defined as "LAN", FortiManager tries installing firewall address "lan address" with type interface-subnet linked to interface "lan". The Install Verification fails for "lan address" as "entry not found in database".

VPN Manager

Bug ID

Description

798995

It's not possible to delete an SSL VPN portal profile from FortiManager GUI if the profile has been already installed.
857051 Installing a policy package with IPSec VPN to FortiGates fail with the following error: "TCL error (The remote gateway is a duplicate of another IPsec gateway entry)".
888272 Single entry of SSLVPN settings cannot be selected under VPN Manager.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

841029

FortiManager 7.4.0 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-25607

850883

FortiManager 7.4.0 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-36638

889979

FortiManager 7.4.0 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-41679
Previous
Next