FortiManager Cloud unsets the Protected Management Frame (PMF) setting when the SSID security mode is configured to OWE-enabled in the AP Manager.

FortiManager Cloud is generating false vulnerability reports for certain FortiAPs:

• U431F

• U231F

The 802.11ax-5g AP profile is missing for all FAPs that support WiFi 6.

FortiManager Cloud is attempting to unset the FortiAP's name.

Failed to reload the configuration due to the "datasrc invalid" error message.

IPsec templates created by SDWAN Overlay does not create tunnels for all the underlay interfaces.

When using the static route template, the "SD-WAN Zone" does not appear under the Interface column.

FortiManager Cloud generates a VPN certificate that is not accepted by the FIPS-enabled FortiGate devices.

Packet Capture feature for managed FortiGates does not work; it starts but immediately stops.

When assigning a provisioning template with Admin Settings configuration, FortiManager Cloud changes the hostname of the device.

The Link Status entries are blank under the Interfaces >>> Network.

Some FortiGtate platforms (FGT-40F and FGT-60F) does not support the "ip-managed-by-fortiipam" and FortiGate refuses to take the configuration from FortiManager Cloud; hence users will be experiencing the install error.

Setting up a FortiGate-HA with ZTP fails because the FortiLink is not deleted during the "HA config pushed to FGT" process.

If the "system interface speed" attribute is changed from the FortiManager Cloud, it may potentially cause an installation failure. Modifying the "system interface speed" is not currently supported on the FortiManager Cloud and must be done on the FortiGate side.

FortiManager Cloud ZTP installation to FortiGate versions 7.2.8 and lower may fail due to differing default "ssh-kex-algo" settings between FortiManager Cloud and FortiGate.

An error might be observed when the SD-WAN template health check name contains a space, displaying the following message: "Bad health check name...".

Occasionally, installations may fail on FortiGates in HA mode due to a "Serial number does NOT match" error. This can happen if the HA device's serial number on FortiManager Cloud does not immediately update after a failover.

SD-WAN Monitor does not display the members under the SD-WAN Rules (Map View or Table View). This issue is most likely to occur when "priority-zone" is configured.

CSV import fails to set metadata variables due to old header format ("name").

FortiSwitch diagnostics tools do not display thecable test diagnose results, device information on Ports, and update Registration status.

Unable to delete FortiSwitches when central management is enabled for FortiSwitch.

Unable to change the FortiSwitch name from the FortiSwitch Manager.

When upgrading ADOM, the upgrade process fails with the following error: "invalid value - can not find import template 'XYZ'".

During the FortiGate HA upgrade, both the primary and secondary FortiGates may reboot simultaneously, which can disrupt the network. This issue is more likely to occur in FortiGates that require disk checks, leading to longer boot times.

Unable to upgrade ADOM from v6.4 to v7.0 due to "switch-controller traffic-policy" error.

Unable to upgrade the firmware version of the FortiGates in HA cluster by using the firmware template when HA is in-sync status. The failure to upgrade FortiGate HA cluster firmware is caused by a crash in "dmserver" daemon.

After upgrading to the latest available build, the FortiManager Cloud GUI displays the warning message: "A new firmware version is available".

FortiManager Cloud tries to unset url-map for TCP forwarding ZTNA virtual server.

The policy package feature "Export to Excel" is not functioning.

FortiManager Cloud does not able to import the Central SNAT, DNAT, DOS, local-in, and traffic shaping policies.

Occasionally, installation may fail due to an error message, "Waiting for another session", which prevents policies from being installed from FortiManager Cloud. During this issue, the following message may also appear: "Blocked by session id(XYZ) username(n/a)". This issue may be caused by a signal loss between the child and parent security console processes, leading the parent process to continue waiting for a copy result.

When creating the application list on the FortiManager Cloud, if the Category ID is set to 33 or 34, the installation does not display any errors. However, these invalid categories cannot be set on the FortiGate. Consequently, the assigned application list entry will be created without a specific category and will default to the "block" action. This behavior may cause network interruptions.

FortiManager Cloud still has an option to enable the "match-vip" through the policy package for "allow" policies. However, this is not supported anymore on the FortiGates.

The installation may encounter an error related to Syntax support for the "ssh-enc-algo" command.

The policy package status changes for all devices even when an address object is opened and saved without any modifications. This issue is particularly observed in objects utilizing the per-device mapping feature.

After upgrading to FortiManager Cloud versions 7.2.5 or 7.4.3, the installation preview may hang. However, the installation process itself can be completed successfully.

Video filter profile config is not getting pushed completely from FortiManager Cloud to FortiGate.

Configuring the SSL/SSH inspection profile may result in the following error: "The server certificate replacement mode cannot support category exemptions."

The Firewall Policy pane in the FortiManager Cloud GUI may occasionally display both "Standard Security Profiles" (SSL no-inspection and protocol default profiles) and "Security Profile Groups" simultaneously.

Under the "Web Application Firewall" security profiles, users are unable to disable the signatures through the GUI.

The Firewall Policy Lookup feature does not display the list of source interfaces for FortiGates.

When installing policy to a FortiGate that uses FortiSandbox inline scanning on an AV profile, FortiManager Cloud unsets the configuration on install.

Importing the SDN Objects, with multiple tags, will addmultiple entries listed as SDN objects; when clients add anything into the filters section ,browser immediately redirects to an error page showing: " Oops! Sorry, an unexpected error has occurred "

Unable to create the IP address object type wildcard, the following error message is displayed: "Invalid IP netmask".

In 7.4 ADOM, installation to 7.6 FortiGates may unset firewall service tcp-portrange (if a firewall policy references a firewall service).

Best Quality SDWAN rules installation may fail with the following error message: "Commit failed: Bad health check name".

FortiManager Cloud is attempting to install the "cli-cmd-audit" command on a FortiGate (FortiGate-101E and FortiGate-2000E) running version 7.2.8, which does not support this command, leading to an installation error.

Policy Lookup is not showing result as highlighted when the sections are not expended.

FortiManager Cloud may attempt to install "ssl-ssh-profile" settings to "quic" objects. However, this syntax might not be supported on smaller FortiGate hardware platforms, particularly those with 2GB of RAM, such as the 60F/61F models.

When policy package configured with policy block, installation to multiple devices may have copy fail errors if combined length of the Policy Block name and Policy name is greater than 35 characters and if the total number of such policies exceeds 1000.

FortiManager Cloud does not provide any warning when there is a "deny all" policy in the middle of a Policy Package. This can be still seen on the "task monitor".

Verification of the LDAP Server through the LDAP Browser may display an "Operation Error" message.

In certain cases, the License Status on FortiManager Cloud may be incorrectly displayed as "Expired" despite the license being active in the account.

Incorrect warning message displayed in FortiManager Cloud GUI during upgrade from Feature build to Mature build.

FortiManager Cloud7.6.2 is no longer vulnerable to the following CVE Reference:

• CVE-2024-50566