Resolved issues
The following issues have been fixed in 7.4.7. To inquire about a particular bug, please contact Customer Service & Support.
AP Manager
| Bug ID | Description |
|---|---|
| 1041445 | The AP attributes do not automatically update in the AP Manager. |
| 1050466 | The 802.11ax-5g AP profile is missing for all FortiAPs that support WiFi 6. |
| 1083224 | FortiManager Cloud attempts to install 'port1-mode > bridge-to-wan' when 'Override LAN Port' is enabled and 'LAN Port Bridge' is set to 'Bridge to LAN'. |
Device Manager
| Bug ID | Description |
|---|---|
| 932579 | Assigning a BGP template is purging the previously existing BGP config from the target FortiGates |
| 992550 | Unable to remove the trusted host for a FortiGate admins under the Device DB from the FortiManager Cloud's GUI. |
| 995919 | Cannot config system password-policy expire-day for FortiGates. |
| 1000101 | FortiManager Cloud fails to retrieve certificates that were directly imported into the FortiGate. As a result, FortiManager Cloudrepeatedly attempts to push a CSR, leading to installation status conflicts. |
| 1004220 | The SD-WAN Overlay template creates route-map names that exceed the 35-character limit. |
| 1021789 | The FortiManager Cloud SD-WAN widget's health check status is not functioning as expected. |
| 1039127 | Unable to edit the Logs settings under the device management. |
| 1041265 | While using a Device Blueprint to apply a pre-run cli template and creating model devices via CSV import, the pre-run does not show applied in Device Manager. |
| 1041440 |
Some FortiGate platform (FGT-40F & FGT-60F) does not support the
|
| 1053194 |
If the |
| 1063635 |
FortiManager Cloud does not support the FortiWiFi-80F-2R-3G4G-DSL. |
| 1063835 |
FortiManager Cloud ZTP installation to FortiGate versions 7.2.8 and lower may fail due to
differing default |
| 1063850 | FortiManager Cloud is attempting to install a "PRIVATE KEY" with every installation, even after retrieving the config. |
| 1071249 | Under Device Manager > Monitors > SD-WAN Monitor, there are some missing data on widgets Bandwidth Overview and Traffic Growth. |
| 1073479 | Install preview does not function properly. |
| 1075052 |
Occasionally, installations may fail on FortiGates in HA mode due to a "Serial number does NOT match" error. This can happen if the HA device's serial number on FortiManager Cloud does not immediately update after a failover. |
| 1079654 | Firewall address entries are incorrectly generated when creating a bridge/mesh-type SSID. |
| 1080414 |
CSV import fails to set metadata variables due to old header format ("name"). |
| 1080940 | In an IPSEC tunnel template, deleting an IPSEC tunnel that is not the last one in the template causes the configuration of the last remaining tunnel to disappear when you revisit the template. |
| 1085385 | Importing SD-WAN configuration previously completed on a FortiGate as a provisioning template in FortiManager Cloud returns "Response format error" message |
| 1086303 |
An installation error may occur when binding and installing the created
VLAN interface to the software switch due to |
| 1089102 | Metadata variable value cannot be emptied (value deleted) after a value has been set via Edit Variable Mapping for a model device. |
| 1090340 | Deleting at least 1 VPN IPSec tunnel from the IPSEC Templates purging other vpn phase2-interfaces which are using the same template |
| 1094451 | If the Timezone field in the System Template is left blank, FortiManager Cloud may apply its default timezone and overwrite the existing timezone on the FortiGates. |
| 1099270 | Unable to upgrade of FortiGate HA devices via Firmware Templates. |
| 1103166 | Installation wizard might stuck at 50% if the device has Jinja CLI template assigned. |
| 1103304 | OSPF passive interface settings cannot be set via Device settings > Router > OSPF. |
| 1110780 |
FortiManager Cloud does not allow creating the local-in policy with SD-WAN zone. |
| 1111432 | In a BGP template Neighbor Range, set max-neighbor-num 0 is not accepted
by the GUI. |
| 1115014 | FortiManager Cloud fails to install SSID configuration in FortiGate when captive portal is enabled with error "Must set selected-usergroups" |
| 1119280 | Firmware Template assignment does not work properly. |
| 1122481 |
When an FortiGate HA failover occurs, making any changes to the SD-WAN configuration on the FortiGate HA may cause FortiManager Cloud to attempt to purge the firewall policies on the device during the installation (Install Device Settings (only)). |
| 1124171 |
FortiManager Cloud retrieves the device configuration from the ZTP FortiGate after the image upgrade is performed, due to the 'Enforce Firmware' feature. This action erases all settings in the device database on the FortiManager Cloud side, and as a result, AutoLink installation will not be completed successfully. |
| 1124431 | Installation failure due to 'sslvpn os check' syntax error. |
| 1126321 | When creating a VLAN with "LAN" Role, an object is created even if "Create Address Object Matching Subnet" is disabled. |
| 1128094 | After upgrading to v7.2.10, the entries under Network Monitor > Routing (Static & Dynamic) no longer appear. |
| 1129574 | Unable to restrict Firmware upgrade via Admin Profile. |
| 1136080 |
Starting from version 7.2.11, FortiGate devices use a different password type for the administrator's password field. FortiManager Cloud versions released before this change cannot verify the administrator password when installing to an FortiGate, which may result in an installation failure. |
| 1148864 |
During provisioning, if multiple scripts attempt to modify the aggregate interface, the database installation fails with the following error: [attribute "vdom" check error - runtime error -2: Virtual domain must be same as virtual domain () for all aggregate/redundant interfaces] This issue occurs only with aggregate interfaces. |
| 1152564 | Unable to edit route-map due to the following error "rule/2/set-priority is out of range (property: set-priority)". |
| 1153376 |
If devices are added to FortiManager Cloud after SD-WAN is enabled, then Traffic Shaping/SD-WAN may display No Data or No Records Found. If the user enables SD-WAN after the device is already managed by FortiManager Cloud, there should be no issue. |
FortiSwitch Manager
| Bug ID | Description |
|---|---|
| 1026433 | When navigating to FortiSwitch Manager > FSW VLAN > "BUILD-VLAN" and enabling the DHCP Server, the Advanced options are missing the filename field. |
| 1077058 | IPv4 allow access for VLAN interface over Per-Device Mapping cannot be set. |
| 1089719 |
FortiSwitch 110G is not supported. |
| 1097467 | There is a mismatch in the per-VDOM limit between the Managed FortiSwitch on the FortiManager Cloud and the actual FortiGate, causing a copy failure error when installing the configuration. So far, this issue has been observed on the FGT-90G. |
| 1110598 |
Unable to add per device mapping config for FortiSwitch VLAN. |
|
1153287 |
The maximum number of managed FortiSwitches on FortiManager Cloud does not match with the maximum number of managed FortiSwitches by FortiGate, resulting in a copy failure error during installation to FortiGates. |
Others
| Bug ID | Description |
|---|---|
| 1003711 |
During the FortiGate HA upgrade, both the primary and secondary FortiGates may reboot simultaneously, which can disrupt the network. This issue is more likely to occur in FortiGates that require disk checks, leading to longer boot times. |
| 1009848 |
Support ISE distributed deployment: PAN/MnT Nodes up to 2, Pxgrid Nodes up to 4. |
| 1025366 | FortiManager Cloud does not support the FortiExtender SSID |
| 1052341 | Not able to select Address type MAC in SD-WAN rule source address. |
| 1065593 | Not able upgrade ADOM. |
| 1075449 |
Intermittent connection issues have been reported randomly when the FortiManager Cloud manages 1000+ FortiGates. |
| 1081941 | When UTM-Profile gets added to a FortiProxy policy, FortiManager Cloud generates invalid config. |
|
1089725 |
Progressively slower GUI performance caused by increasing memory usage of the "init" daemon. |
| 1091375 | When the install is waiting for a session, it neither updates nor completes the task. |
| 1111686 | FortiManager Cloud's GUI may crash with the error "Oops! Sorry, an unexpected error has occurred." when downloading a backup or accessing the Last Script Run option under Device Database. |
| 1113799 | Unable to upgrade the FortiAP or FortiSwitch from FortiManager Cloud. |
| 1114809 |
After upgrading the FortiManager Cloud using the "Upgrade Image via FortiGuard" feature, the FortiManager Cloud JSON API login may fail, leading to service disruptions. This issue is important for FortiPortal and other FortiManager Cloud API clients. |
| 1117603 |
Some compatibility issues have been encountered with FortiOS 7.4.7, please review the FortiManager Cloud 7.4.6 Release Notes. |
| 1119279 | Event log for object is generating thousands of Wifi Events. |
| 1124007 | 'Ok' button does not save the settings; Navigate to Device Manager > Device & Groups > Right click on FortiGate > Firmware upgrade > Schedule > Custom > Define time > Press OK. |
| 1125382 | When EMS is added as a Fabric Connector to these FortiGates from FortiManager Cloud, all devices appear under FortiManager Cloud-managed devices, but only the primary FortiGates serial number is displayed. |
| 1136765 | The PxGrid connector should support Fully Qualified Domain Names (FQDN). |
| 1142559 | When attempting to upload the firmware image from FortiGuard, FortiManager Cloud returns the following error "Code: -1, Invalid image". This issue has primarily been observed on FortiGate hardware platforms running special build firmware versions, where the image contains an encrypted MBR such as on the FortiGateRugged-70G-5G-Dual, FortiGateRugged-70G, FortiGateRugged-50G-5G, FortiWiFi-70G models. |
| 1147636 | Universal connector card on Fabric View page is missing under Fabric View > Endpoint/Identity connectors. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 706809 | Policy Checkexport does not have thelast hit count details anymore. |
| 968149 | Unable to export policy package to CSV. |
| 969923 | The View Mode button, which is used to check the interface in Pair View, is missing in the Firewall Policy under Policy Packages. |
| 991720 |
FortiManager Cloud still has an option to enable the |
| 1011220 | FortiManager Cloud constantly changes the UUID of some objects. |
| 1025012 |
Configuring the SSL/SSH inspection profile may result in the following error: "The server certificate replacement mode cannot support category exemptions." |
| 1030914 | Copy and paste function in GUI removes name of the policy rule and adds unwanted default security profiles (SSL-SSH no-inspection and default PROTOCOL OPTIONS). |
| 1047850 | Error occurs when modifying any route maps: "Cannot save route maps: rule/[id]/set-priority: out of range...". |
| 1054707 | FortiManager Cloud try to install "unset qos-policy" and installation fails. |
| 1057228 |
Importing the SDN Objects, with multiple tags, will addmultiple entries listed as SDN objects; when clients add anything into the filters section, browser immediately redirects to an error page showing: "Oops! Sorry, an unexpected error has occurred". |
| 1070800 |
FortiManager Cloud is attempting to install the |
| 1073463 | Installation is failed with error "VIP entry cannot be moved when central-nat is disabled." |
| 1076659 |
When policy package configured with policy block, installationto multiple devices may have copy fail errors if combined length of the Policy Block name and Policy name is greater than 35 characters and if the total number of such policies exceeds 1000. |
| 1077964 |
After ZTNA server real server address type changes from FQDN to IP, the policy installation may fail; FortiManager Cloud pushes ZTNA server config with wrong order. |
| 1078598 | Unable to import policy due to issues related to the protocol-options feature. |
| 1079037 | The internet-service-id attribute is configurable in the FortiManager Cloud,
whereas this attribute cannot be modified on the FortiGate. |
| 1079128 | ZTNA Server Per-Device Mapping may display a copy error failure if a new per-device mapping is created without specifying the object interface. |
| 1079678 |
FortiManager Cloud does not provide any warning when there is a "deny all" policy in the middle of a Policy Package. This can be still seen on the "task monitor". |
| 1082548 | Address type FQDN is missing DNS resolve domain name function feature. |
| 1086603 | Unable to create local-in policy with ISDB objects. |
| 1086705 | Multicast policy table Log column shows wrong info and right click update does not work properly. |
| 1092581 | FortiManager Cloud cannot modify rat-timeout-profile in Policy Packages. |
| 1097885 | Action column is missing in policy package for security policy when NGFW Mode set to policy-based. |
| 1101436 | The sni-server-cert-check cannot be disabled on SSL-SSH
inspection profile for "ftps", "pop3s", and
"smtps". |
| 1101919 | Changes to a Virtual IP global settings are not applied when a per-device mapping exists. |
| 1106646 |
When attempting to configure a local-in policy on FortiManager Cloud using ISDB objects as the source, the following error is encountered: "Attribute 'srcaddr' MUST be set when internet-service-src-name is set" |
| 1108159 | IP address list for an ISDB object differ between FortiManager Cloud and managed FortiGate while both devices have installed the same ISDB definitions. |
| 1109061 | FortiManager Cloud tries to set the inspection mode for the deny policies. |
| 1112011 |
When a policy package contains a globally assigned policy, installing a local ADOM policy package (with the "Install On" feature enabled for a specific device) may not function properly. The policy could be installed on all devices instead of the intended one. |
| 1112917 | Unable to set or update a security profile group on a policy directly in the firewall or proxy policy view. |
| 1113129 | FortiManager Cloud is treating implicit-deny local-in policy incorrectly,
denying any traffic. |
| 1114832 |
Any addition/modification in Application and Filter Overrides for Application profile doesn't show up in the install preview. |
| 1116489 | The revision history time stamps for custom profiles are all showing the same. |
| 1119299 | Installation fails due to syntax compatibility issues between FortiManager Cloud and FortiGate version 7.2.10. Specifically, the issue occurs when FortiManager Cloud attempts to unset the
servercert in the vpn ssl settings. |
| 1130475 | FortiManager Cloud starts appending an ID to the global-label associated with policies. This can cause a problem if global labels are being used to group policies together. |
| 1131552 | Import fails due to an invalid remote certificate, even though the certificate is available on the FortiGate. |
| 1133553 | Unused policy tool showing No hit count report for this policy package message when policy block is added to policy package. |
| 1134276 | Installation of "config system ddns" configuration fails. |
| 1139220 | FortiManager Cloud does not prevent users to mix ISDB and destination addresses. |
Script
| Bug ID | Description |
|---|---|
| 931088 |
Unable to delete VDOMs using the FortiManager Cloud script. Interfaces remain in the device database, causing the installation to fail. |
| 1085374 |
FortiManager Cloud does not support exporting the TCL scripts via CLI. |
Services
| Bug ID | Description |
|---|---|
| 1108706 |
When updating query service packages from the global anycast server (globalupdate.fortinet.net), medium-sized IoTS packages may encounter checksum errors. These errors can prevent the proper updating of SPAM and URL databases, potentially impacting the FortiManager Cloud's FortiGuard Services. |
| 1116120 |
When the FortiGuard Web Filter and Email Filter services are enabled, the usage of the root filesystem ("rootfs") gradually increases until it reaches 100%. This may affect the performance of other functions on the FortiManager Cloud, and it will be more noticeable when the FortiManager Cloud is operating with a smaller memory size. |
| 1138715 | FortiManager Cloud does not auto-download the FortiClient signature from FortiGuard. |
System Settings
|
Bug ID |
Description |
|---|---|
| 1047252 |
Incorrect warning message displayed in FortiManager Cloud GUI during upgrade from Feature build to Mature build. |
| 1081463 | The encrypted backup file cannot be easily correlated with the backup details, as the date and time are not included. |
|
1088248 |
When users perform any task, such as installing a policy, the task monitor icon that appears at the top-right of the GUI continuously shows a loading state, and users are unable to view the task progress. |
| 1108205 | ADOM lock override does not work
even though lock-preempt has been enabled. |
| 1121608 | Under the Dashboard > Sessions widget, the number of current sessions presented in FortiManager Cloud does not match the number of sessions in the FortiGate. |
VPN Manager
|
Bug ID |
Description |
|---|---|
| 1084434 | Unable to rename theaddress objects (either source and/or destination) used in Phase2 quick selectors in IPSec VPN without an installation error. |
| 1084696 |
If users reopen the IPsec Tunnel template and close it without making any changes, FortiManager Cloud might still display the following error message in the install log: "Error: VPN IPsec phase1-interface psksecret...Minimum psksecret length is 6..." . |
| 1090636 | Unable to edit VPN community due to the following error message: "vpnmgr/vpntable/: cannot be edited". |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
|
1086927 |
FortiManager Cloud7.4.7 is no longer vulnerable to the following CVE Reference:
|