Resolved issues
The following issues have been fixed in 7.2.5. For inquires about a particular bug, please contact Customer Service & Support.
AP Manager
| Bug ID | Description |
|---|---|
| 736930 | FortiManager Cloud is unable to efficiently display rogue AP lists for FortiGates with a high volume of rogue APs. |
| 861941 | FortiManager Cloud attempts to install
"arrp-profile" even if "darrp" is disabled. |
| 906061 | It takes a significant amount of time to assign a profile to each FortiAPs. |
| 974444 | DNS server for SSIDs gets resets after Importing AP Profile. |
| 982548 | FortiGate configuration install may fail with a reason "Need to unset channel list in radio-1 first." |
|
1002043 |
AP Manager view does not show SSIDs and Radio Channels. |
Device Manager
| Bug ID | Description |
|---|---|
| 723720 | The "strong-crypto" feature change
under the CLI configuration cannot be installed to FortiGate. |
| 777693 |
Provisioning templates change meta data's values. |
| 778131 | FortiManager Cloud did not support the per device mapping for user SAML configurations. |
| 811104 | Import policy package fails after installing web-proxy through CLI configurations |
| 838462 | Adding device using "Add Model HA Cluster" feature failed as FortiManager Cloud does not allow "virtual switch interfaces" being used as "heartbeat interfaces". |
|
871334 973064 |
Installation to FortiGate with NP7
Acceleration feature enabled might fail when FortiManager Cloud attempted to modify the QoS
settings. Changing the "default-qos-type" to values other than its default
may result in a FortiGate reboot (FOS Behavior). |
| 880934 | FortiManager Cloud reverts Syslog mode settings on local FortiGates (when FortiGates are in FIPS mode). |
| 902577 | The status of the FortiLink split-interface radio button under FortiManager Cloud's Device Manager does not match the configuration in FortiGates. |
| 920394 | Installation failed due to the incorrect install order during ZTP. |
| 923808 | Even with the "set
dhcp-relay-request-all-server enable" option enabled, FortiManager Cloud does not keep
the DHCP server & relay configurations on the same interface. |
| 935586 | When managed devices go down/appear offline, not all FGFM tunnels are automatically recovered by FortiManager Cloud. |
| 936168 | Unable to assign Device Group to the Firmware Template. |
| 936544 | When importing CLI Templates, GUI displays a blank page. |
| 939804 |
Creating/Modifying the IPSEC Phase1 Interface Mode might trigger the following error message: "The string contains XSS vulnerability characters." This ONLY occurs when Workaround:
Manually removing the value |
| 949546 | When zones have identical names except for case, only 1 of the zones may be visible in Device Manager. |
| 949612 | The SD-WAN monitor table-view takes too long to load/display information. |
| 952404 | FortiManager Cloud cannot install the Static Route config under the Provisioning Template due to a static route template error after upgrading to FortiManager Cloud 7.2.4/7.4.1. |
| 954610 | FortiManager Cloud does not show objects under the "named address" options in IPsec VPN Phase 2 definitions. |
| 956920 | Monitor Health Check graphs return incomplete or no value. |
| 961447 |
After upgrading FortiManager Cloud (VMs & FortiManager Cloud Cloud) to versions 7.2.4 or 7.4.1, devices may not be able to be retrieved or refreshed. Workarounds: A) Reduce the license use (delete one device). B) Request/purchase a license upgrade. C) On the already managed FortiGates that need to be retrieved, run:
D) When adding a new FortiGate to the last license seat, it will initially fail on the retrieve step, but the device is added to DVM and within about 120 seconds an auto-retrieve is triggered and the first revision of the new device is created normally. |
| 966118 | FortiManager Cloud tries to purge all entries
under table "system global split-port-mode" for its System Template . |
| 967611 | Device Manager interface link status is blank for various Interface type (Tunnel, Aggregate, VDOM Link, Software Switch). |
| 969542 | Sometimes IPsec Tunnel Template displaying "Response with errors" message when editing the template. |
| 969698 | FortiManager Cloud allows the creation of an empty service value for Internet Service routes. |
| 975310 | Unable to unset interface IP for a VLAN interface in Device Manager. |
| 1009883 |
Unable to set the Radius-Server addresses as FQDN. Workaround: Run the script directly on the FortiGate and then retrieve config back to the FortiManager Cloud. |
FortiSwitch Manager
|
Bug ID |
Description |
|---|---|
| 940419 | When adding FortiSwitch on FortiManager Cloud Error message, "Import error - invalid port number" is displayed. |
| 947651 | Per Device under the FortiSwitch Manager cannot edit FortiSwitch name and GUI returns error "invalid value". |
| 967213 | While attempting to deploy a FortiSwitch template to a model device, FortiManager Cloud generates the following error message: "VLAN interface does not match FortiLink." |
| 925188 | The per-device mapping for any assigned global objects cannot be modified. |
| 969182 | Under the Global ADOM, the assignment of specific policy packages does not function properly. |
Others
|
Bug ID |
Description |
|---|---|
| 583349 | FortiManager Cloud does not provide support for image upgrades on "ONDEMAND" devices. |
| 796858 | Subject Key Identifier extension is missing on FortiManager ADOM CA certificate. |
| 874052 |
After upgrade ADOM from v7.0
to v7.2, when installing a policy package to FGT-v7.2 device, FortiManager Cloud tries to
change " |
| 875584 |
FortiManager Cloud cannot upgrade ADOMs to 7.2 due to error, "copy system replacemsg spam.smtp-spam-emailblock". Workaround: Delete replacement message "smtp-spam-emailblock" from System Templates. |
| 891253 | The firmware upgrade is successful; however, the task line does not get updated for the retrieve action when device names exceed the predefined character limit. |
| 897157 | Unexpected changes in existing static routes, created by static route template after upgrade to 7.0.7, 7.2.2, 7.4.0. |
| 900512 | FortiManager Cloud ADOM Upgrade fails with the error message, "Peer type cannot be peer when authentication method is pre-share key". |
| 922957 | The "fmgd" process
may crash while loading the ADOM when multiple Policy Packages are locked. |
| 924201 | Jinja templates does not identify new variables automatically when a new variable is added. |
| 930305 | Firmware template upgrade preview shows incorrect versions for the upgrade. |
| 941203 | FortiManager Cloud does not support the use
of Certificate Templates to create certificates with a "range=global" setting
for FortiGates operating in multi-vdom mode. |
| 957433 | When creating the FortiManager/FortiAnalyzer docker instances, UUID is missing under the "diagnose debug
vminfo". |
| 960796 | FortiExtenders are not displayed under the FortiExtender Manager for all FortiGates. |
| 961155 |
Event Logs cannot be downloaded via GUI. |
| 963490 | Installation fails as FortiManager Cloud attempts to "set role primary" feature for the "lan-extension
backhaul" under the "extender-controller" |
| 971122 | FortiManager Cloud does not support all authentication types that are supported by FortiOS, leading to a certificate error in the FortiClient EMS connector. |
| 982564 | When upgrading the root ADOM, the process might fail with the following error message: "...The string contains XSS vulnerability characters...". |
Policy and Objects
|
Bug ID |
Description |
|---|---|
| 630648 | A FortiManager Cloud instance running on Microsoft Azure is unable to import the SDN connector for a dynamic firewall address and is displaying an error message stating, "wrong input parameter." |
| 696367 | Hit count, first used, and last used may not get updated on FortiManager Cloud. |
| 725427 | Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPSEC policy. |
| 751443 |
FortiManager Cloud displays policy installation copy failures error when IPsec template gets unassigned. |
| 804160 | FortiManager Cloud does not remove "Radius Server" on the FortiGate when it becomes unused. |
| 817289 | FortiManager Cloud only accepts IPv6 Compressed Notation format for the Policy & Objects. |
| 830640 | "Send files to FortiSandbox for inspection" option is being enabled when creating an antivirus profile. |
| 854359 | An installation error occurs
when FortiManager Cloud attempts to install wildcard FQDN addresses "mzstatic-apple" and
"cdn-apple" within the "custom-deep-inspection" SSL-SSH profile. |
| 855073 |
The "where used" feature (under the Source & Destination objects) incorrectly displays "No Record Found" even when these objects are in use. |
| 875103 | Local categories gets purged if used in Profile Mode Security Profiles. |
| 888798 | Changing deep inspection
ssl-ssh-profile to "inspect all ports" may cause installation
error. |
| 894597 | Default value for
"unsupported-ssl-version" in ssl-ssh-profile gets modified during
the installation. |
| 899226 | Unable to create Central SNAT explicit port translations on FortiManager Cloud. |
| 900229 | In policy-based policy packaged, application IDs are displayed instead of their names. |
| 901324 | Change entries in FortiGuard Category Based Filter table from "Monitor" to "Allow" cannot be saved. |
| 904751 | WebRating overrides can't be deployed or deleted via FortiManager Cloud. |
| 905377 | Threat Feeds with name
starting with "g-" do not get installed to
FortiGates without VDOM enabled. |
| 907925 | IPS profile/Signature tab is not visible for admins with non-default admin profile. |
| 908353 | When ISDB name changed, FortiManager Cloud is not automatically updating the new ISDB object name. |
| 908445 | FortiManager Cloud does not display correct edit page for virtual server VIP when edit object in policy table. |
| 917225 | FortiManager Cloud is unable to install policy packages to multiple devices due to "security console" crashes. |
| 920983 | The policy blocks using a group object do not get updated when the objects within the group are modified. |
| 924680 | Policy packages containing geo-based ISDB objects may not be successfully installed to the FortiGates. |
| 924900 | Wrong date format is displayed for "first used" and "last used" column. |
| 938019 | Policy Package Status not changed on modification of nested group used in policy block. |
| 939979 | After editing authentication-rule/portal mapping, FortiManager Cloud installs unexpected changes to these rules. |
| 942659 | Syncing EMS tags from FortiManager Cloud fails when the EMS Connector is configured in multi-site mode. |
| 945632 | Modifying the Policy Installation Target does not trigger a status change in the Policy Package when adding an "install on" to a single policy. |
| 945853 | FortiManager Cloud doesn't sync previously deleted EMS tags. |
| 948559 | Policy blocks doesn't load properly. |
| 949515 | Security Policy Installation
Verification fails because the "internet-service-negate" feature gets enabled
every time after modifying the policy. |
| 954399 | Cloning Webfilter profiles does not save the FortiGuard Category Based Filter action. |
| 955010 | Comments on policies may be cleared when a blank area within the text field is clicked. |
| 957225 | ADOM admin users not able to view the managed FortiGate in the policy push wizard |
| 958923 | Installing policy packages that utilize an SSL/SSH Inspection profile may fail with the error message, "Server certificate replace mode cannot support category exempt." |
| 959116 | The timestamps displayed for 'First/Last Used' under the Hit Count for Firewall Policies within the Policy & Objects section are invalid. |
| 959166 | Export to Excel does not work. |
| 959877 | The timestamps displayed for "First/Last Used" under the Hit Count for Firewall Policies within the Policy & Objects section are invalid. |
| 959890 | Per-device mapping search for VDOMs is not possible for users. |
| 960660 | The Clone Reverse feature is not functioning when the firewall policy includes an Internet service address object. |
| 960778 | Installation failed because FortiManager Cloud attempts to remove a static entry, "QuarantinedDevices." |
| 963008 | Impossible to merge duplicate objects. |
| 963536 | The policy package feature "Export to Excel" is not functioning. |
| 965670 | Creating a new interface type
"vlan"; changing VDOM results in the removal of the selected interface. |
| 965719 | FortiManager Cloud is unable to enable the log setting for implicit deny rule under the policy package. |
| 972392 | Users do not receive a proper
warning when creating a firewall address with the IP address "0.0.0.0/0." |
| 978814 | When attempting to use the "Export to Excel" feature under the Firewall Policy with extensive rules, GUI may slow down and become unresponsive for some time. |
| 986262 | EMS Cloud tags are not updated on FortiManager Cloud. |
| 1002551 | FortiManager Cloud is pushing the web-proxy profile configuration without space between domains. |
Revision History
|
Bug ID |
Description |
|---|---|
| 513317 |
FortiManager Cloud may fail to install policy after FortiGate failover on Azure. |
| 894523 | Object revision timestamp is taken from previous revision. |
| 904710 | Restoring a revision of a policy removes the information of all the SD-WAN rules. |
Script
|
Bug ID |
Description |
|---|---|
| 923966 | When FortiManager Cloud is operating in Workspace mode, there are no options to save changes after executing a CLI script. |
| 937528 | Unable to send DHCP options
"set value" using CLI template and using Script. |
| Bug ID | Description |
|---|---|
| 938365 | FortiManager Cloud's GUI does not display an option under FortiGuard Settings to support the 7.2 version for FortiClient and FortiMail. |
| 980334 | "Download to Excel" option on Licensing Status under the FortiGuard does not work. |
System Settings
| Bug ID | Description |
|---|---|
| 853429 | Creating FortiManager Cloud's configuration backup via scp cannot be done. |
| 930200 | Unable to change the time and timezone from the GUI. |
| 930449 | Testing the syslog server displays the message, "Failed to send a test log to syslog server". |
| 941082 | A password prompt is consistently requested with each new login attempt when applying password policies to a local account linked to FortiToken Cloud Mobile for multi-factor authentication (MFA). |
VPN Manager
|
Bug ID |
Description |
|---|---|
| 678319 | Once "os-check"
option is enabled, "os-check-list" table is not loaded. |
| 897574 | Address Objects with Meta Variables do not function correctly when creating Static routes using the VPN Manager. |
| 906097 | VPN Manager IPsec community Phase 2 encryption setting can't be changed to AES256GCM from the GUI. |
| 923221 | Provision Template - IPsec Tunnel: cannot Activate IPsec_Fortinet_Recommended; GUI returns error. |
| 942222 | The configuration settings for
the "peergroup" are not being retained properly. |