Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 7.0.0. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
590098 When adding a new WTP profile, FortiManager tries to set a default handoff-sta-thresh and unset radio bands, which do not match the defaults for many of the E-series APs.
593168 DFS channel list in WiFi template is inconsistent between FortiManager and FortiGate.

635643

5G channels be mismatch between FortiManager and FortiGate for radio-1 and radio-2 with FAP-231E.

648812

DHCP server is created incorrectly for Bridge SSID.

667215 FortiManager should be able to classify Rogue FortiAPs.
669906 FortiManager may not be able to install mpsk-key from AP Manager.
679115 An available interface cannot be selected when authorizing FortiExtender.
692911 FortiManager may not be able to display correct information for wireless radio in wireless profile for FortiWiFi-80F-2R.

Device Manager

Bug ID

Description

485037 Monitor > map view may fail if proxy is enabled.
594211 FortiManager should be able to create new VLAN interface on fabric interface and install to FortiGate.
604855 CLI Template should not prevent the lan interface from being deleted once all the dependencies have been removed.
609744 Device Manager > System > Interface may not be able to delete SSID interface.
610134 FortiManager may not be able to save the admin setting page.
610585 Device Manager cannot save DHCP for Unknown MAC address with action sets to block.
616387 Device configuration dashboard cannot update hostname or VDOM.
624325 Creating or editing transparent VDOM to disable may stall at 20%.
627664 FortiManager cannot cooperate with socket-size 0 and changes it to 1 automatically.
636012 Importing a policy may report conflict for the default SSH CA certificates.
643845 After auto link, FortiGate HA cluster members have the same hostname.
645086 Policy Lookup shows an error even though the device is in sync.
646421 FortiManager may not be able to configure VDOM property resources setting.
649785 SD-WAN > Monitor may hang for an ADOM with 1500 devices.
649821 Installation may fail for FortiGate-600D.
654611 Under Advanced mode and within a VDOM, clicking "Device Manager" on the top menu returns the no permission error.
655264 VDOM count is not correct when vdom-mode split-vdom is configured on FortiGate with VM0xV license.
656433 FortiManager device delete process may hang .
657988 FortiManager may lose connection and fail to install after FortiGate HA switching roll.
659387 FortiManager should be able to provision CLI-template, SD-WAN-template, and Policy Package together to the model device.
662243 FortiManager is unable to clone SNMP Community under System Templates.
662656 When importing polices that contain policy block or global policy,the import wizard should provide a warning that those polices will not be imported.
665344 Users with full R/W DVM privileges should be allowed to see and modify the System Provisioning Templates.
666833 GUI returns no warning when 4-byte AS or invalid community is configured on Standard community.
667826 Device Manager may show "No entry found" with rtmmond and the security console crashes.
669129 FortiManager does not create dynamic mapping for an address group causing import failure.
669155 SD-WAN monitor hangs at loading when the admin profile is set to Read-Only for SD-WAN.
669704 FortiManager does not allow user to configure FortiGate admin password longer than 32 characters.
670535 Install fails when creating a new DHCP reservation due to missing MAC address.
670839 FortiManager should be able to configure IPSec Phase2 selector using the same IP range.
671348 FortiManager should allow more than ten incoming source interfaces for policy routing decision.
672319 View Config, View Install Log , and Revision Diff in Workspace mode should not be greyed out when the ADOM is unlocked.
672338 FortiManager may unset interface weight in SD-WAN when installing within 6.0 ADOM.
673008 SD-WAN Rules order changes to the default when creating a rule and moving it to the top.
673641 When creating a policy, all the vwpare names are shown and not only the names from the installation target.
674282 FortiManager sends unset entry-id if the FortiGate implements NAC access-mode at FortiSwitch switchport level.
674938 FortiManager should add support for set use-shortcut-sla option in SD-WAN rules.
676002 FortiManager is not allowing to re-install policy when user selects all devices with VDOMs from Device Manager.
677241 Interface speed is set incorrectly on the port group due to missing aggregate membership verification.
678066 Install may fail when changing FortiGate admin password from FortiManager.
680516 Host Name is truncated when the name has more than 31 characters.
681627 FortiManager is accepting DNS source IP even though it is not part of the available interfaces.
684372 When using VDOMs, the Policy Package status remains in modified status after using Push to device.
684462 FortiManager truncates the device configuration when downloading from View configuration option.
688541 FortiManager should not unset dynamic-vlan of wireless-controller VAP and gateway of router settings after import.
689014 FortiManager may return an error when changing FortiGate device log configuration from FortiManager with management VDOM moved to another VDOM.
689920 FortiWeb serial number may not be correctly recognized and firmware version is not available in the Add device wizard.
690012 Changing the value of a meta-data field for a device should trigger the change with configuration status.
690241 FortiManager may fail to auto-link with FortiGate with the error: Failed to update device management data 'invalid value - devmgmtdatafailed|invalid value.
690566 Changes to the Disclaimer Page may not be saved and displays an error.
692669 Browser may display a message, A webpage is slowing down your browser, while checking revision difference.
693622 There may be inconsistent behavior between FortiGate and FortiManager when changing port speeds for FortiGate-3600E or FortiGate-3601E.
696136 Auto-link may fail due to the input device in SD-WAN.
696496 Auto-link may fail when Workspace is enabled.
696848 Users may not be able to retrieve configuration or import policy from managed devices and dvmcore crashes frequently.
697098 Retrieving HA configuration may fail when adding FortiGate.
697535 Device Manager should not allow user to add ssl.root to a zone.
697746 FortiManager needs to support adding FortiAnalyzer devices with serial numbers that have a prefix of FAVMXX.
697924 When there are many devices, all managed FortiGates may show connection down state.
698625 FortiManager may not be able to view, add, or edit software switch members.
698709 When importing policies, firewall policies may not be loaded.
699182 FortiManager may fail to add FortiGate-101F as model device.
699450 The SDWAN monitor is showing historical traffic for an interface when it is Down in the defined time period.
701446 SD-WAN monitor may take several minutes to display a map if the device tunnel is flapping.
702555 FortiManager may lose device admin user and geo-location information during the onboard process for a model device.
702590 The System template may stop being displayed on the Devices & Groups page.
704197 FortiManager may fail to create a FortiSwitch in a 6.0 ADOM.
704789 SD-WAN monitor is missing Health Check Status information and probes.
705547 Route monitor may shows incorrect interface information.
710616 FortiManager may not be able to set a HTTPS or SHH Port to value higher than 63335 under Provisioning Templates.
711034 There may be to displaying Meta Fields data when creating or editing a Device Group.

Fabric View

Bug ID Description
554251 A user may not be able to see the fabric topology of devices in the user's assigned ADOM.

FortiSwitch Manager

Bug ID Description
650453 FortiSwitch template and VLAN shall appear for firewall policy creation.
667703 After adding a FortiSwitch, running a script to provision may fail.
678804 FortiSwitch template is not working as expected in switchport NAC access-mode.

690995

FortiSwitch Manager should not install the auto-detected setting to FortiGate.

700023 Install may fail with switch-controller managed-switch:poe-pre-standard-detection after upgrade.
700136 In FortiSwitch Manager, the Map to Normalized interface menu always displays none when editing a VLAN.
706953 A maximum of one device entry can be found in Device Information column under FortiSwitch port.
707909 Template may be removed, and FortiLink interface and Comments fields may be empty.
708901 The assigned FortiSwitch template name that has more than sixteen characters may fail ADOM integrity check.

Global ADOM

Bug ID

Description

632400 When installing a global policy, FortiManager may delete policy routes and settings on an ADOM.

662216

Searching for Where Used in a Global ADOM may not show object usage in an ADOM.

667423 Assigned header policy from the global ADOM shows up on excluded policy package.
670280 Promoting the Profile Group object should not promote the default Protocol option.

689965

Replacement message type UTM is not being pushed from global ADOM to local ADOM.

Others

Bug ID Description
649399 After upgrade, install may fail if a FortiGate was assigned to a system template.
656956 There may be crashes with rtmmond when FortiWLM is enabled.
659916 FortiManager may consume high memory usage by the svc sys daemon.
661069 ADOM restricted access user is able to pull Device Manager information from ADOMs via JSON API.
665617 FortiManager may consume high CPU resource when locking ADOM or loading policy.
667421 FortiManager may report repeated miglogd crashes which causes lost logs.
667442 FortiManager may not be able to connect to FortiGate CLI via SSH widget or execute TCL scripts.
670479 FortiManager configuration file size may be large due to a bulk of resync files.
671444 FortiManager may fail to check-in configuration revision with the HA secondary unit.
673210 When checking unused policy, implicit policy information is not included.
681707 The diagnose cdb upgrade check +all command may unset defmap-intf.

682404

The rtmmond process memory usage may constantly increasing.

683841

FortiManager databases may randomly lose integrity.

686460 ADOM integrity check may run slowly and it takes several minutes to response for each ADOM.

687155

FortiManager should improve the error message for running CLI Template.

690969 The dmworker process may consume high memory and CPU resources with failures due to busy handler.
691568 FortiManager GUI may randomly becomes non responsive.
695549 The _created timestamp is missing in the REST API return data for Policy.

695782

Connection to FortiGate may fail with multiple fgfmsd crashes.

697132 In some circumstances, FortiManager is not accessible unless the device is rebooted every couple of days.

Policy and Objects

Bug ID

Description

494367 Users cannot search for an address in a policy where the address is a part of a nested group.
523350 FortiManager does not show the default certificate under SSL/SSH Inspection within policy.
547052 FortiManager GUI should not allow creating Security Profiles without any SSL/SSH Inspection Profile defined.
565301 Exporting policy package to Excel may not work.
587634 FortiManager may not be able to create new wildcard FQDN type address to FortiGate 6.2.
601229 FortiManager is missing device-type option for custom device dynamic mapping.
608268 Users may not be able to edit firewall policy due to session-ttl:out of range in v5.6 or v6.0 ADOM.
612317 FortiManager shows incorrect country code for Cyprus under User definition.
615936 FortiManager is missing the SSH protocol in DLP filter.
617894 FortiManager is missing IPV6 none values after modifying policy.
630431 Some application and filter overrides are not displayed in the GUI.
633727 FortiManager is unable to display summary of policy package diff for a VDOM with a long name.
647189 FortiManager dynamic object filter generator is adding an "s" at the end of the tag preventing the object from working.
651991 After adding and removing Security Profile, the policy Security Profile changes from no-inspection to empty.
657026 GUI hangs during loading when applying changes made to Anti Virus profile.
658528 The URL remote category, FortiGuard Threat Feed, is not available in the dropdown menu for Proxy Address.
660483 IPS signatures may not match between FortiGate and FortiManager.
661590 FortiManager should fail the install with a proper error message without selecting security profile group on proxy policy.
667414 FortiManager may freeze when editing the Comment field in a policy package with many policies.
668649 Install may hang at 75% when no VLAN interface is configured for fsp managed-switch.
669389 Install may fail due to web filter profile in flow mode with setting changes available in proxy mode only.
670019 There is no Decrypted Traffic Mirror option in policy when only one port mapping is enabled in Full SSL/SSH Inspection.
670833 Search box for address may not always work.
671265 Global object assignment may not work.
671693 Internet Service Group should show an error or a warning when the direction setting is not the same.
671985 Decrypted Traffic Mirror setting is not being removed from policy after it is changed in the SSL Inspection method.
671988 FortiManager is not able to push dynamic objects to FortiGate after receiving the configurations from NSXT connector.
673305 Policy package install may hang and fail due to high memory usage.
673311 Full SSL/SSH Inspection profile's Invalid SSL Certificates setting does not take effect when Inspect All Ports is selected.
673554 FortiManager should not allow a policy to set the destination address with a Virtual Server when inspection-mode is set as flow.
673554 FortiManager should not allow a policy to set the destination address with a Virtual Server when inspection-mode is set as flow.
674899 FortiManager may not be able to edit proxy addresses objects.
675199 Local web category override is not installed if web filter is part of policy block package.
675501 Policy check may show negative values.
675509 FortiManager may randomly set IPv4 IP Pool object to overload.
675541 Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile.
675587 Firewall VIP hover-over popup should not show ports when port forwarding is disabled.
677385 IPS profile may not load.
678439 FortiManager may always configure empty application parameter values.
681342 Devices are evicted from Installation target after authorizing a new device.
682370 Having changed an IPS profile on security profile, the change is not visible when editing the policy again.
686591 FortiManager may not be able to add individual VWP interface members to multicast policy.
688589 Setting the Local Webfilter Category action to Allow should not disable the action when installed on FortiGate.
690509 FortiManager may fail to install ACI-Direct connector to FortiGate due to server-list command.
692114 Where Used returns no record found when IPS Custom Signature is being used.
693763 Saving address object may return error: firewall/address/organization : The data is invalid for selected url.
694605 FortiManager may not be able to push the entire Azure SDN Connector configuration.
696072 FortiManager GUI should allow users to configure HTTPS health check monitor including fields such as http-match and http-get in the monitor.
700743 Viewing Policy and Objects may be slower after upgrade.
701290 FortiManager should not allow users to create a wildcard FQDN address object with non-wildcard FQDN.
702138 NGFW security policy Application category Unknown applications is missing on FortiManager while it is present on FortiGate.
703639 Installing policy package for a device using CLI template may stall.

Revision History

Bug ID

Description

579286 Installation may fail for FortiGate 6.2 within ADOM 6.0 due to configuration changes with virtual-wan-link member weight and volume-ratio, and internet-service-ctrl.
637465 Installation fails when installing global v6.2 IPv4 policy to v6.4 FortiGate.
642075 Install may fail with delete metadata-server error.
657344 Installing from 6.0 ADOM may try to "unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2.

657344

Installing from 6.0 ADOM may try to unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2.

660525 Installing from FortiManager, may unset comment, organization, and subnet-name during install.
662438 FortiManager may try to purge all web rating override entries.
662661 Default value of global: system npu ip-reassembly:max-timeout NPU setting in ADOM 6.0 for FortiGate-1800F should be changed to 10000 to avoid Conflict status.
667148 When a policy install is performed, Install preview shows a lot of firewall policies with metafield changes without any actual change being performed.
673101 When set cfg-save manual is configured, FortiManager may try to delete objects that do not exist in the FortiGate configuration.
673327 With traffic shaper in Mbps or Gbps, FortiManager should convert it to Kbps if installation target is non 64 bits FortiGate model.
677659 FortiManager may fail to retrieve device configuration on web category with log threat-weight.
679139 When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios.
683728 Installation fail due to VIP mapped IP range error when installing v6.2 policy package to v6.4 device.
686036 FortiManager may remove Allow Access configurations for secondary IP when a policy package is installed.

689270

The following attributes under configs vpn ssl setting may have an invalid range: login-attempt-limit, login-block-time, http-request-header-timeout, http-request-body-timeout and router bgp keep-alive-timer.

691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.

691835

FortiManager should be able to move one VLAN to a different zone without deleting many rules or zones.

693231 FortiManager tries to purge webfilter ftgd-local-rating when directly referenced in URL Category of a policy.
698350 Install may fail with error: [VPN manager ] failed to update vpn node with device info.
700495 FortiManager 6.2 ADOM may be sending set synproxy to FortiGate-1801F.
701870 Process may get stuck at 85% when pushing multiple policy packages from Global ADOM.
709456 FortiManager may be missing configuration revisions after performing HA failover.

688474

FortiManager may fail to retrieve FortiGate configuration when adding a device due to invalid data source with wtp-profile.

Script

Bug ID

Description

663820 The LDAP port value remains 636 on device database and FortiManager is not accepting custom port number via CLI script.
668947 Changes using CLI Script may not be applied to devices in the container or folder.

671998

TCL scripts may not work when ssh-kex-sha1 and ssh-mac-weak are not enabled on FortiGate.

702576

Objects may not be present on the corresponding device configuration after running a script to rename objects.

Services

Bug ID Description
644021 FortiManager should be able to use custom certificate for the update related services.
644173 FortiManager should improve FortiGuard disk space quota usage logging and inquiry.
671387 FortiManager installs the latest IPS and application control signatures on managed device despite that To Be Deployed Version is configured.
673307 FortiManager may return invalid license to FortiMail and cause AntiSpam license to expire.
674511 FortiManager should count FMG expired device number.
677875 Scheduling firmware upgrades may cause fds_svrd to consume 100% CPU resource.
691738 FortiManager may not be able to connect to FDS server via IPv6 proxy.
694903 There may be issues with some firmware upgrade paths.
699768 FortiManager should add 06002000NIDS02504 extend IPS database to default download list.
701341 FortiGuard Firmware Images may not show up-to-date FortiOS versions.
704584 FAP firmware may not be listed and cannot be imported.

System Settings

Bug ID

Description

553488 TACACS is unable to assign multiple ADOMs to admins.

598194

FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication.

623457 FortiManager prompts error while importing CA certificate.
631733 Changing trusted IP can be saved and installed.
642205 While FortiAnalyzer model is disabled, FortiManager may fail to create an ADOM due to over size with disk quota.
654370 Users may not be able to access Java console with an error message: Too many concurrent connections.
660226 HA may crash when upgrading.
662970 Firewall addresses may not be not visible on GUI after upgrading FortiManager.
667445 FortiManager may show errors on dynamic_mapping.local-int during upgrade.
674661 After upgrade, FortiGate VDOM that contains FortiToken user cannot be managed anymore and policy install generates an error.
677118 Upgrading ADOM from 6.2 to 6.4 may fail due to replacement message.
677461 FortiManager is not able to identify ADOMs that are locked by non super user administrators.
684907 Changing the FortiGuard Server Location in the License Information dashboard may not take any effect.
686569 Creating and deleting the static route may remove a specific connected route.
687223 Users may not be able to upgrade an ADOM because of profile-protocol-options.
688517 Upgrading an ADOM may fail due to a FortiExtender Object.
689917 If a policy is configured with a Proxy Options profile with HTTP Policy Redirect enabled, the ADOM upgrade should enable the related option set http-policy-redirect enable to preserve the HTTP redirect feature.
690400 System Admin User ssh-public-key cannot choose ed25519.
690921 Upgrading an ADOM from 6.0 to 6.2 should not add custom ssl-ssh-profile to policies which were not configured for SSL inspection.
695058 Radius response packets should not timeout with less of the remoteauthtimeout setting.
695360 ADOM upgrade may be slow and it may take several minutes to start.
699185 If Management Extension Applications (MEA) are enabled, all system settings may be lost after upgrading FortiManager.
699253 Admin profile should not need system level access to view list of time zones in Device Manager.
704504 License Information may keep loading for admin user with FortiGuard and System Settings with read-write permissions.
705762 Session can be approved twice by different users of the same approval group.

614127

FortiManager should show details in the fnbamd debug if login fails due to trusted hosts.

VPN Manager

Bug ID

Description

596953 Go to VPN manager > monitor and select a specific community from the tree menu to show only that community's tunnels and the monitor page displays a white screen.
608221 There is no XAUTH USER column in VPN Manager Monitor.
620801 SSLVPN > Edit SSLVPN Settings > IP Range, only shows configuration from ADOM database objects.
647394 VPN Manager with VPN zone feature disabled may trigger policy copy failure.
653328 FortiManager is unable to edit a SSL portal in VPN Manager containing "/" special character.
658221 The dns-suffix on SSL VPN portal is not installed if web-mode is disabled.

681110

VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate.

697308 VPN Manager is setting dst-name to All when using dst-name object group address in a protected subnet.
701772 AP may not show up in AP Manager after running CLI templates.

704614

FortiManager may not be able to push policy package due to VPN related error.

Resolved Issues

The following issues have been fixed in 7.0.0. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
590098 When adding a new WTP profile, FortiManager tries to set a default handoff-sta-thresh and unset radio bands, which do not match the defaults for many of the E-series APs.
593168 DFS channel list in WiFi template is inconsistent between FortiManager and FortiGate.

635643

5G channels be mismatch between FortiManager and FortiGate for radio-1 and radio-2 with FAP-231E.

648812

DHCP server is created incorrectly for Bridge SSID.

667215 FortiManager should be able to classify Rogue FortiAPs.
669906 FortiManager may not be able to install mpsk-key from AP Manager.
679115 An available interface cannot be selected when authorizing FortiExtender.
692911 FortiManager may not be able to display correct information for wireless radio in wireless profile for FortiWiFi-80F-2R.

Device Manager

Bug ID

Description

485037 Monitor > map view may fail if proxy is enabled.
594211 FortiManager should be able to create new VLAN interface on fabric interface and install to FortiGate.
604855 CLI Template should not prevent the lan interface from being deleted once all the dependencies have been removed.
609744 Device Manager > System > Interface may not be able to delete SSID interface.
610134 FortiManager may not be able to save the admin setting page.
610585 Device Manager cannot save DHCP for Unknown MAC address with action sets to block.
616387 Device configuration dashboard cannot update hostname or VDOM.
624325 Creating or editing transparent VDOM to disable may stall at 20%.
627664 FortiManager cannot cooperate with socket-size 0 and changes it to 1 automatically.
636012 Importing a policy may report conflict for the default SSH CA certificates.
643845 After auto link, FortiGate HA cluster members have the same hostname.
645086 Policy Lookup shows an error even though the device is in sync.
646421 FortiManager may not be able to configure VDOM property resources setting.
649785 SD-WAN > Monitor may hang for an ADOM with 1500 devices.
649821 Installation may fail for FortiGate-600D.
654611 Under Advanced mode and within a VDOM, clicking "Device Manager" on the top menu returns the no permission error.
655264 VDOM count is not correct when vdom-mode split-vdom is configured on FortiGate with VM0xV license.
656433 FortiManager device delete process may hang .
657988 FortiManager may lose connection and fail to install after FortiGate HA switching roll.
659387 FortiManager should be able to provision CLI-template, SD-WAN-template, and Policy Package together to the model device.
662243 FortiManager is unable to clone SNMP Community under System Templates.
662656 When importing polices that contain policy block or global policy,the import wizard should provide a warning that those polices will not be imported.
665344 Users with full R/W DVM privileges should be allowed to see and modify the System Provisioning Templates.
666833 GUI returns no warning when 4-byte AS or invalid community is configured on Standard community.
667826 Device Manager may show "No entry found" with rtmmond and the security console crashes.
669129 FortiManager does not create dynamic mapping for an address group causing import failure.
669155 SD-WAN monitor hangs at loading when the admin profile is set to Read-Only for SD-WAN.
669704 FortiManager does not allow user to configure FortiGate admin password longer than 32 characters.
670535 Install fails when creating a new DHCP reservation due to missing MAC address.
670839 FortiManager should be able to configure IPSec Phase2 selector using the same IP range.
671348 FortiManager should allow more than ten incoming source interfaces for policy routing decision.
672319 View Config, View Install Log , and Revision Diff in Workspace mode should not be greyed out when the ADOM is unlocked.
672338 FortiManager may unset interface weight in SD-WAN when installing within 6.0 ADOM.
673008 SD-WAN Rules order changes to the default when creating a rule and moving it to the top.
673641 When creating a policy, all the vwpare names are shown and not only the names from the installation target.
674282 FortiManager sends unset entry-id if the FortiGate implements NAC access-mode at FortiSwitch switchport level.
674938 FortiManager should add support for set use-shortcut-sla option in SD-WAN rules.
676002 FortiManager is not allowing to re-install policy when user selects all devices with VDOMs from Device Manager.
677241 Interface speed is set incorrectly on the port group due to missing aggregate membership verification.
678066 Install may fail when changing FortiGate admin password from FortiManager.
680516 Host Name is truncated when the name has more than 31 characters.
681627 FortiManager is accepting DNS source IP even though it is not part of the available interfaces.
684372 When using VDOMs, the Policy Package status remains in modified status after using Push to device.
684462 FortiManager truncates the device configuration when downloading from View configuration option.
688541 FortiManager should not unset dynamic-vlan of wireless-controller VAP and gateway of router settings after import.
689014 FortiManager may return an error when changing FortiGate device log configuration from FortiManager with management VDOM moved to another VDOM.
689920 FortiWeb serial number may not be correctly recognized and firmware version is not available in the Add device wizard.
690012 Changing the value of a meta-data field for a device should trigger the change with configuration status.
690241 FortiManager may fail to auto-link with FortiGate with the error: Failed to update device management data 'invalid value - devmgmtdatafailed|invalid value.
690566 Changes to the Disclaimer Page may not be saved and displays an error.
692669 Browser may display a message, A webpage is slowing down your browser, while checking revision difference.
693622 There may be inconsistent behavior between FortiGate and FortiManager when changing port speeds for FortiGate-3600E or FortiGate-3601E.
696136 Auto-link may fail due to the input device in SD-WAN.
696496 Auto-link may fail when Workspace is enabled.
696848 Users may not be able to retrieve configuration or import policy from managed devices and dvmcore crashes frequently.
697098 Retrieving HA configuration may fail when adding FortiGate.
697535 Device Manager should not allow user to add ssl.root to a zone.
697746 FortiManager needs to support adding FortiAnalyzer devices with serial numbers that have a prefix of FAVMXX.
697924 When there are many devices, all managed FortiGates may show connection down state.
698625 FortiManager may not be able to view, add, or edit software switch members.
698709 When importing policies, firewall policies may not be loaded.
699182 FortiManager may fail to add FortiGate-101F as model device.
699450 The SDWAN monitor is showing historical traffic for an interface when it is Down in the defined time period.
701446 SD-WAN monitor may take several minutes to display a map if the device tunnel is flapping.
702555 FortiManager may lose device admin user and geo-location information during the onboard process for a model device.
702590 The System template may stop being displayed on the Devices & Groups page.
704197 FortiManager may fail to create a FortiSwitch in a 6.0 ADOM.
704789 SD-WAN monitor is missing Health Check Status information and probes.
705547 Route monitor may shows incorrect interface information.
710616 FortiManager may not be able to set a HTTPS or SHH Port to value higher than 63335 under Provisioning Templates.
711034 There may be to displaying Meta Fields data when creating or editing a Device Group.

Fabric View

Bug ID Description
554251 A user may not be able to see the fabric topology of devices in the user's assigned ADOM.

FortiSwitch Manager

Bug ID Description
650453 FortiSwitch template and VLAN shall appear for firewall policy creation.
667703 After adding a FortiSwitch, running a script to provision may fail.
678804 FortiSwitch template is not working as expected in switchport NAC access-mode.

690995

FortiSwitch Manager should not install the auto-detected setting to FortiGate.

700023 Install may fail with switch-controller managed-switch:poe-pre-standard-detection after upgrade.
700136 In FortiSwitch Manager, the Map to Normalized interface menu always displays none when editing a VLAN.
706953 A maximum of one device entry can be found in Device Information column under FortiSwitch port.
707909 Template may be removed, and FortiLink interface and Comments fields may be empty.
708901 The assigned FortiSwitch template name that has more than sixteen characters may fail ADOM integrity check.

Global ADOM

Bug ID

Description

632400 When installing a global policy, FortiManager may delete policy routes and settings on an ADOM.

662216

Searching for Where Used in a Global ADOM may not show object usage in an ADOM.

667423 Assigned header policy from the global ADOM shows up on excluded policy package.
670280 Promoting the Profile Group object should not promote the default Protocol option.

689965

Replacement message type UTM is not being pushed from global ADOM to local ADOM.

Others

Bug ID Description
649399 After upgrade, install may fail if a FortiGate was assigned to a system template.
656956 There may be crashes with rtmmond when FortiWLM is enabled.
659916 FortiManager may consume high memory usage by the svc sys daemon.
661069 ADOM restricted access user is able to pull Device Manager information from ADOMs via JSON API.
665617 FortiManager may consume high CPU resource when locking ADOM or loading policy.
667421 FortiManager may report repeated miglogd crashes which causes lost logs.
667442 FortiManager may not be able to connect to FortiGate CLI via SSH widget or execute TCL scripts.
670479 FortiManager configuration file size may be large due to a bulk of resync files.
671444 FortiManager may fail to check-in configuration revision with the HA secondary unit.
673210 When checking unused policy, implicit policy information is not included.
681707 The diagnose cdb upgrade check +all command may unset defmap-intf.

682404

The rtmmond process memory usage may constantly increasing.

683841

FortiManager databases may randomly lose integrity.

686460 ADOM integrity check may run slowly and it takes several minutes to response for each ADOM.

687155

FortiManager should improve the error message for running CLI Template.

690969 The dmworker process may consume high memory and CPU resources with failures due to busy handler.
691568 FortiManager GUI may randomly becomes non responsive.
695549 The _created timestamp is missing in the REST API return data for Policy.

695782

Connection to FortiGate may fail with multiple fgfmsd crashes.

697132 In some circumstances, FortiManager is not accessible unless the device is rebooted every couple of days.

Policy and Objects

Bug ID

Description

494367 Users cannot search for an address in a policy where the address is a part of a nested group.
523350 FortiManager does not show the default certificate under SSL/SSH Inspection within policy.
547052 FortiManager GUI should not allow creating Security Profiles without any SSL/SSH Inspection Profile defined.
565301 Exporting policy package to Excel may not work.
587634 FortiManager may not be able to create new wildcard FQDN type address to FortiGate 6.2.
601229 FortiManager is missing device-type option for custom device dynamic mapping.
608268 Users may not be able to edit firewall policy due to session-ttl:out of range in v5.6 or v6.0 ADOM.
612317 FortiManager shows incorrect country code for Cyprus under User definition.
615936 FortiManager is missing the SSH protocol in DLP filter.
617894 FortiManager is missing IPV6 none values after modifying policy.
630431 Some application and filter overrides are not displayed in the GUI.
633727 FortiManager is unable to display summary of policy package diff for a VDOM with a long name.
647189 FortiManager dynamic object filter generator is adding an "s" at the end of the tag preventing the object from working.
651991 After adding and removing Security Profile, the policy Security Profile changes from no-inspection to empty.
657026 GUI hangs during loading when applying changes made to Anti Virus profile.
658528 The URL remote category, FortiGuard Threat Feed, is not available in the dropdown menu for Proxy Address.
660483 IPS signatures may not match between FortiGate and FortiManager.
661590 FortiManager should fail the install with a proper error message without selecting security profile group on proxy policy.
667414 FortiManager may freeze when editing the Comment field in a policy package with many policies.
668649 Install may hang at 75% when no VLAN interface is configured for fsp managed-switch.
669389 Install may fail due to web filter profile in flow mode with setting changes available in proxy mode only.
670019 There is no Decrypted Traffic Mirror option in policy when only one port mapping is enabled in Full SSL/SSH Inspection.
670833 Search box for address may not always work.
671265 Global object assignment may not work.
671693 Internet Service Group should show an error or a warning when the direction setting is not the same.
671985 Decrypted Traffic Mirror setting is not being removed from policy after it is changed in the SSL Inspection method.
671988 FortiManager is not able to push dynamic objects to FortiGate after receiving the configurations from NSXT connector.
673305 Policy package install may hang and fail due to high memory usage.
673311 Full SSL/SSH Inspection profile's Invalid SSL Certificates setting does not take effect when Inspect All Ports is selected.
673554 FortiManager should not allow a policy to set the destination address with a Virtual Server when inspection-mode is set as flow.
673554 FortiManager should not allow a policy to set the destination address with a Virtual Server when inspection-mode is set as flow.
674899 FortiManager may not be able to edit proxy addresses objects.
675199 Local web category override is not installed if web filter is part of policy block package.
675501 Policy check may show negative values.
675509 FortiManager may randomly set IPv4 IP Pool object to overload.
675541 Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile.
675587 Firewall VIP hover-over popup should not show ports when port forwarding is disabled.
677385 IPS profile may not load.
678439 FortiManager may always configure empty application parameter values.
681342 Devices are evicted from Installation target after authorizing a new device.
682370 Having changed an IPS profile on security profile, the change is not visible when editing the policy again.
686591 FortiManager may not be able to add individual VWP interface members to multicast policy.
688589 Setting the Local Webfilter Category action to Allow should not disable the action when installed on FortiGate.
690509 FortiManager may fail to install ACI-Direct connector to FortiGate due to server-list command.
692114 Where Used returns no record found when IPS Custom Signature is being used.
693763 Saving address object may return error: firewall/address/organization : The data is invalid for selected url.
694605 FortiManager may not be able to push the entire Azure SDN Connector configuration.
696072 FortiManager GUI should allow users to configure HTTPS health check monitor including fields such as http-match and http-get in the monitor.
700743 Viewing Policy and Objects may be slower after upgrade.
701290 FortiManager should not allow users to create a wildcard FQDN address object with non-wildcard FQDN.
702138 NGFW security policy Application category Unknown applications is missing on FortiManager while it is present on FortiGate.
703639 Installing policy package for a device using CLI template may stall.

Revision History

Bug ID

Description

579286 Installation may fail for FortiGate 6.2 within ADOM 6.0 due to configuration changes with virtual-wan-link member weight and volume-ratio, and internet-service-ctrl.
637465 Installation fails when installing global v6.2 IPv4 policy to v6.4 FortiGate.
642075 Install may fail with delete metadata-server error.
657344 Installing from 6.0 ADOM may try to "unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2.

657344

Installing from 6.0 ADOM may try to unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2.

660525 Installing from FortiManager, may unset comment, organization, and subnet-name during install.
662438 FortiManager may try to purge all web rating override entries.
662661 Default value of global: system npu ip-reassembly:max-timeout NPU setting in ADOM 6.0 for FortiGate-1800F should be changed to 10000 to avoid Conflict status.
667148 When a policy install is performed, Install preview shows a lot of firewall policies with metafield changes without any actual change being performed.
673101 When set cfg-save manual is configured, FortiManager may try to delete objects that do not exist in the FortiGate configuration.
673327 With traffic shaper in Mbps or Gbps, FortiManager should convert it to Kbps if installation target is non 64 bits FortiGate model.
677659 FortiManager may fail to retrieve device configuration on web category with log threat-weight.
679139 When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios.
683728 Installation fail due to VIP mapped IP range error when installing v6.2 policy package to v6.4 device.
686036 FortiManager may remove Allow Access configurations for secondary IP when a policy package is installed.

689270

The following attributes under configs vpn ssl setting may have an invalid range: login-attempt-limit, login-block-time, http-request-header-timeout, http-request-body-timeout and router bgp keep-alive-timer.

691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.

691835

FortiManager should be able to move one VLAN to a different zone without deleting many rules or zones.

693231 FortiManager tries to purge webfilter ftgd-local-rating when directly referenced in URL Category of a policy.
698350 Install may fail with error: [VPN manager ] failed to update vpn node with device info.
700495 FortiManager 6.2 ADOM may be sending set synproxy to FortiGate-1801F.
701870 Process may get stuck at 85% when pushing multiple policy packages from Global ADOM.
709456 FortiManager may be missing configuration revisions after performing HA failover.

688474

FortiManager may fail to retrieve FortiGate configuration when adding a device due to invalid data source with wtp-profile.

Script

Bug ID

Description

663820 The LDAP port value remains 636 on device database and FortiManager is not accepting custom port number via CLI script.
668947 Changes using CLI Script may not be applied to devices in the container or folder.

671998

TCL scripts may not work when ssh-kex-sha1 and ssh-mac-weak are not enabled on FortiGate.

702576

Objects may not be present on the corresponding device configuration after running a script to rename objects.

Services

Bug ID Description
644021 FortiManager should be able to use custom certificate for the update related services.
644173 FortiManager should improve FortiGuard disk space quota usage logging and inquiry.
671387 FortiManager installs the latest IPS and application control signatures on managed device despite that To Be Deployed Version is configured.
673307 FortiManager may return invalid license to FortiMail and cause AntiSpam license to expire.
674511 FortiManager should count FMG expired device number.
677875 Scheduling firmware upgrades may cause fds_svrd to consume 100% CPU resource.
691738 FortiManager may not be able to connect to FDS server via IPv6 proxy.
694903 There may be issues with some firmware upgrade paths.
699768 FortiManager should add 06002000NIDS02504 extend IPS database to default download list.
701341 FortiGuard Firmware Images may not show up-to-date FortiOS versions.
704584 FAP firmware may not be listed and cannot be imported.

System Settings

Bug ID

Description

553488 TACACS is unable to assign multiple ADOMs to admins.

598194

FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication.

623457 FortiManager prompts error while importing CA certificate.
631733 Changing trusted IP can be saved and installed.
642205 While FortiAnalyzer model is disabled, FortiManager may fail to create an ADOM due to over size with disk quota.
654370 Users may not be able to access Java console with an error message: Too many concurrent connections.
660226 HA may crash when upgrading.
662970 Firewall addresses may not be not visible on GUI after upgrading FortiManager.
667445 FortiManager may show errors on dynamic_mapping.local-int during upgrade.
674661 After upgrade, FortiGate VDOM that contains FortiToken user cannot be managed anymore and policy install generates an error.
677118 Upgrading ADOM from 6.2 to 6.4 may fail due to replacement message.
677461 FortiManager is not able to identify ADOMs that are locked by non super user administrators.
684907 Changing the FortiGuard Server Location in the License Information dashboard may not take any effect.
686569 Creating and deleting the static route may remove a specific connected route.
687223 Users may not be able to upgrade an ADOM because of profile-protocol-options.
688517 Upgrading an ADOM may fail due to a FortiExtender Object.
689917 If a policy is configured with a Proxy Options profile with HTTP Policy Redirect enabled, the ADOM upgrade should enable the related option set http-policy-redirect enable to preserve the HTTP redirect feature.
690400 System Admin User ssh-public-key cannot choose ed25519.
690921 Upgrading an ADOM from 6.0 to 6.2 should not add custom ssl-ssh-profile to policies which were not configured for SSL inspection.
695058 Radius response packets should not timeout with less of the remoteauthtimeout setting.
695360 ADOM upgrade may be slow and it may take several minutes to start.
699185 If Management Extension Applications (MEA) are enabled, all system settings may be lost after upgrading FortiManager.
699253 Admin profile should not need system level access to view list of time zones in Device Manager.
704504 License Information may keep loading for admin user with FortiGuard and System Settings with read-write permissions.
705762 Session can be approved twice by different users of the same approval group.

614127

FortiManager should show details in the fnbamd debug if login fails due to trusted hosts.

VPN Manager

Bug ID

Description

596953 Go to VPN manager > monitor and select a specific community from the tree menu to show only that community's tunnels and the monitor page displays a white screen.
608221 There is no XAUTH USER column in VPN Manager Monitor.
620801 SSLVPN > Edit SSLVPN Settings > IP Range, only shows configuration from ADOM database objects.
647394 VPN Manager with VPN zone feature disabled may trigger policy copy failure.
653328 FortiManager is unable to edit a SSL portal in VPN Manager containing "/" special character.
658221 The dns-suffix on SSL VPN portal is not installed if web-mode is disabled.

681110

VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate.

697308 VPN Manager is setting dst-name to All when using dst-name object group address in a protected subnet.
701772 AP may not show up in AP Manager after running CLI templates.

704614

FortiManager may not be able to push policy package due to VPN related error.