This section highlights some of the operational changes that administrators should be aware of in 6.0.9.
Starting in FortiManager 6.0.7 and 6.2.1, multicast policies in ADOMs with version 5.6 or earlier cannot reference zones or zone members. Either upgrade the ADOM to 6.0 or later, or remove references to zones or zone members.
FortiManager managing FortiGates with global, shared g-xx profiles in VDOMs and running FortiOS 6.0.0 or later is unable to import global, shared g-xx profiles from FortiGate devices.
Before adding the FortiGate units to FortiManager, perform the following steps to unset the global ADOM objects. After the default configurations are unset, you can successfully add the FortiGate units to FortiManager.
- On the Fortigate for each VDOM, unset the following global ADOM objects by using the CLI:
config wireless-controller utm-profile edit "wifi-default" set comment "Default configuration for offloading WiFi traffic." next edit "g-wifi-default" set comment "Default configuration for offloading WiFi traffic." set ips-sensor "g-wifi-default" set application-list "g-wifi-default" set antivirus-profile "g-wifi-default" set webfilter-profile "g-wifi-default" set firewall-profile-protocol-options "g-wifi-default" set firewall-ssl-ssh-profile "g-wifi-default" next end FGVMULCV30310000 (utm-profile) # ed g-wifi-default FGVMULCV30310000 (g-wifi-default) # sh config wireless-controller utm-profile edit "g-wifi-default" set comment "Default configuration for offloading WiFi traffic." next end
- After the global ADOM objects are unset, you can add the FortiGate unit to FortiManager.
Please note that FortiManager does not support IOC related features even when FortiAnalyzer mode is enabled.
FortiManager 6.0.2 treats the
status field of firewall policies as a mandatory field, and it is set to
enable by default. FortiOS 6.0.3 has reverted this change. As a result, FortiManager may report verification failures on installations. The verification report shows that the policy
status field has to be installed with the
"---> generating verification report
(vdom root: firewall policy 1:status)
to be installed: enable
<--- done generating verification report
The SD-WAN module has been fully redesigned in FortiManager v6.0 to provide granular monitor and control. Upgrading SD-WAN settings from 5.6 to 6.0 is not supported. Please reconfigure SD-WAN after upgraded to v6.0.
FortiOS 5.4.4 introduces new VM license types to support additional vCPUs. FortiManager 5.6.0 supports these new licenses with the prefixes of FGVM16, FGVM32, and FGVMUL.
A Hyper-V FMG-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.
FortiManager 5.4.2 introduces a new VM license (VM-10K-UG) that supports 10,000 devices. It is recommended to upgrade to FortiManager 5.4.2 or later before applying the new license to avoid benign GUI issues.
After upgrading to FortiManager 6.0.3, recreate the guest list for the Guest user group in ADOM Policy Object before installing device settings to FortiGate devices. For more information, see Bug ID 499568 in Resolved Issues.
With the enhancement in password encryption, FortiManager 5.4.2 and later no longer supports FortiOS 5.4.0. Please upgrade FortiGate to 5.4.2 or later.
The following ADOM versions are not affected: 5.0 and 5.2.
Due to known vulnerabilities in the SSLv3 protocol, FortiManager-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:
config system global
set ssl-protocol t1sv1