Resolved Issues
The following issues have been fixed in 7.0.2. For inquires about a particular bug, please contact Customer Service & Support.
AP Manager
| Bug ID | Description |
|---|---|
|
673020 |
Creating SSID interface with central AP Manager automatically generates normalized interface name that has no default mapping configuration. |
|
702114 |
FortiManager is unable to see 5Ghz Clients in Health Monitor. |
|
728372 |
Importing SSID with optional VLAN ID set creates incorrect per-device mapping. |
Device Manager
|
Bug ID |
Description |
|---|---|
| 563690 | Device Manager fails to add FortiAnalyzer that contains a FortiGate HA device with error: serial number does not match database. |
| 609859 | When installing device settings, the default name for downloaded preview file should be more identifiable for a device. |
| 637388 | System Dashboard's time zones are not sorted within the dropdown list. |
| 638750 | Where Used may not work for IPsec Phase 2 allowing users to delete used objects. |
| 662095 | FortiManager may take too much time to send SLA updates to over thousands of FortiGate devices. |
| 665207 | FortiManager needs IPv6 support on Syslog server setting. |
| 691611 | FortiManager does
auto-retrieve and causes all policy package statuses to become unknown after a new VDOM is created on FortiGate. |
| 696330 | FortiManager may change all devices to Managed FortiGate when hiding all unauthorized devices, and it cannot be switched back. |
| 696524 | Promote button task does not work and hangs, if FortiManager cannot SSH access to HA cluster. |
| 696730 | FortiManager is unable to promote Secondary FortiGate as Primary in a HA Cluster. |
| 698388 | FortiManager cannot edit or create a static route with SD-WAN returning an error. |
| 705448 | Device connection status may remain up after shutting down device port and updating device status. |
| 713833 | It may not be possible to rename device zone. |
| 714611 | Creating interface from VDOM may return No Match Found error. |
| 718184 | AutoUpdate with unset options and unset post-lang may cause device database and policy package status to display as OUT-OF-SYNC. |
| 719968 | SD-WAN Monitor should properly show the Map View of all devices. |
|
724600 |
FortiManager may not be able to install static default route for SD-WAN from Static route Template. |
| 725570 | FortiManager may return device can not be empty error when creating or editing a static route on SD-WAN interface. |
| 726167 | Installing static route template may fail because interface is in another VDOM. |
| 727123 | Meta Field is not translating values with spaces into correct scripts. |
| 728655 | Configuration status may not be shown as Synchronized after installation. |
| 728687 | Policy package status may change to Modified on all FortiGate devices when a dynamic address group changes. |
| 729301 | A managed FortiGate with assigned CLI template remains in Modified state following a successful device configure installation. |
| 729606 | FortiManager should show where a Device Zone is used under Device Manager. |
| 730482 | CLI Template cannot add system
DNS database entries if set domain contains the underscore
character (_). |
| 731204 | FortiManager may incorrectly display Object already exists message while creating a new Hardware Switch interface. |
| 731551 | FortiManager may return error, Failed to synchronize FortiAnalyzer with current ADOM data.Fail(errno=-3):Object does not exist, when adding FortiAnalyzer devices. |
| 732246 | Clock format option no longer works to format date in TCL scripts. |
| 733076 | Model device links to real device may not work. |
| 733080 | Device status is shown as Up on GUI, even though there is no activity for the session between FortiManager and FortiGate. |
| 733934 | During zero-touch provisioning with Enforce Firmware Version enabled, upgrade task may hang if the connection is reset during the image transfer. |
| 734487 | Device's hardware switch interface > physical interface member may not save. |
| 735106 | Delete is spelled incorrectly when attempting to delete invalid host cluster device. |
| 735402 | When creating a new CLI Group Template and trying to add members to it, it does not allow users to select other CLI Group Templates that were already created. |
| 737025 | SD-WAN Monitor widget may not be loaded when multiple performance SLAs are added. |
| 737173 | FortiManager should not unset l2tp and encapsulation with VPN phase2 interface. |
| 739369 | When revision history is very large, FortiManager may not be able to retrieve configuration. |
| 739624 | FortiManager should support FortiTester version 4. |
FortiSwitch Manager
| Bug ID | Description |
|---|---|
|
684371 |
Clicking OK to import FortiSwitch Template results in no response. |
|
714174 |
FortiSwitch manager DHCP reservation configuration may not synchronize correctly with FortiGate. |
|
740936 |
FortiSwitch VLAN template creates unknown interface platform mapping. |
Global ADOM
|
Bug ID |
Description |
|---|---|
| 667197 | User should not be able to delete global object when ADOM is unlocked. |
| 725763 | Automatic install to ADOM devices may fail from Global ADOM. |
| 728803 | Copying global firewall policy may fail due to duplicate IPS sensors. |
| 736541 | NAT may stay as disabled on Global ADOM. |
| 737381 | FortiManager should not allow users to delete the default reserved address object starting with g-. |
|
745772 |
FortiManager may randomly delete FortiManager IPv4 policies when assigning from the Global ADOM. |
Others
|
Bug ID |
Description |
|---|---|
| 505795 | FortiManager should allow users to configure the list of allowed TLS cipher suites. |
| 510508 | FortiManager cannot assign multiple ADOMs to an admin user via JSON API. |
| 697361 | FortiExtender status may not be correctly displayed. |
| 718251 | Web Service with port 8080 disabled may still be in listening state. |
| 731574 | FortiManager may not be able to change web filter category action via JSON API. |
| 732144 | A CA certificate may be missing from some older FortiManager platforms causing failure to login with FortiCloud SSO. |
| 733078 | FortiManager may show multiple fmgd crashes with signal 11 segmentation fault. |
| 733208 | Users may not be able to login from GUI after restored database with changed HTTP or HTTPS port number. |
| 736229 | API may fail to promote unauthorized devices to a different ADOM. |
| 738918 | After upgrade, FortiManager may
set firewall-address 100000 on VDOM enabled FortiGate. |
| 740523 | Retrieve task may fail due to auto-update file already having been deleted by FGFM tunnel. |
| 741118 | Install policy package may hang at 50% with security console crash. |
| 742137 | FortiManager may return an error when running an Ansible script to configure network interfaces, zones, and policies. |
| 744736 | FGFM tunnel may go up and down with multiple fgfmsd crashes. |
| 746311 | fgdsvr process may crash when
URL length is longer than 1024 characters. |
Policy and Objects
|
Bug ID |
Description |
|---|---|
| 503978 | Thread Feeds should be Threat Feeds on Fabric Connector. |
| 549492 | Load-balance type VIP cannot be displayed and saved correctly. |
| 623346 | In NGFW-policy policy package, FortiManager does not show Security Virtual Wire Pair Policy or Virtual Wire Pair SSL Inspection & Authentication. |
| 644822 | Imported SDN Connector objects may change to random names. |
| 648970 | If a profile group enables WAF or ICAP profile, the group should be hidden in flow-based policy. |
| 657534 | SSH and MAPI should not be supported in file filter profile protocol under flow mode. |
| 666258 | User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop. |
| 690231 | Where-used may fail to display references to certificate-inspection that were added to firewall policies in previous versions. |
| 690295 | FortiManager may be slow when multiple users access GUI at the same time. |
| 699975 | Multiple filters are missing for Azure SDN Connector. |
| 709908 | When checking the status on AntiVirus profile, it may not show the correct inspection mode in list view when status stays in flow-based (Full Scan). |
| 710676 | System replacement message
group, replacemsg-group auth-intf-quarantine, does not exist. |
| 710736 | Classic Dual Pane mode cannot change left-panel size of object configuration. |
| 714975 | Imported groups or labels may not be available for direct use with policy. |
| 716114 | FortiManager should push changes in ssl-ssh-profile with Untrusted SSL Certificates setting reverted from Block to Allow. |
| 719698 | Performance for policy install may be slightly degraded after upgrading from 6.4.5 to 6.4.6. |
| 720896 | SSO admin with Restricted Admin profile should be able to view Web Filter, Application Control, or IPS objects. |
| 722087 | Edit user group with remote
members on FortiManager GUI may cause unexpected change in set group-name. |
| 724718 | When FortiManager's NSX-T connector is executing an API request, it should not be limited to 50 records. |
| 725024 | Proxy Policy page shows empty when the View Mode is selected as Interface Pair View. |
| 725132 | When modifying IP address of Default VPN Interface of spoke in Device Manager, hub remote gateway should be modified to reflect that change. |
| 725681 | Under dual pane, scrolling may be available to move panels out of viewable area. |
| 726077 | Authentication Rules may run incorrect validation that prevents submission and results in an error: The IP versions in source and destination addresses or Internet Services do not match. |
| 726548 | User-info-server
option is not available under dynamic mapping in CLI under user FSSO. |
| 728689 | FortiManager does not show warning or error while selecting no-inspection with UTM profile, which does not match FortiGate behavior. |
| 728985 | FortiManager may show signatures that have been deleted by FortiGuard. |
| 729289 | FortiManager should have an
option to set fortitoken/email/sms to unset or
blank. |
| 729705 | Installing policy requires Interface Validation for interfaces that are not being used in policy package. |
| 730523 | Unused policies tool may always generate a PDF containing all policies. |
| 731053 | FortiManager may miss some Internet Service entries. |
| 732138 | Non-full admin users should be able to export Policy Check and Unused Policy results. |
| 734556 | FQDN type firewall address object can be created with an unsupported format. |
| 735083 | Policy packages' folders may not be displayed in alphabetical order. |
| 735397 | Cloned object's revision history information may not be related to the clone task. |
| 735432 | Users with ADOM-specified admin privilege may not be able to view policy package. |
| 735738 | When creating a VIP object with port forwarding filter, FortiManager may show an error. |
| 735743 | In classic dual pane, column settings are hidden by the object configuration pane. |
| 738109 | FortiManager may not install
auth-cert from policy package to device. |
| 738231 | Creating VIP with IPv4 external IP mapped to IPv6 may trigger an error, a.mappedip is undefined. |
| 738595 | FortiManager may not correctly push AWS connector credentials. |
| 738745 | When an object is renamed, the new name must be used on all policies. |
| 739205 | FortiManager may thrown error Cannot delete the only package or folder, when deleting policy block. |
| 740331 | IP Pool details may be missing in ADOM v6.2. |
| 740944 | Custom IPS Signature script may fail to run on policy package or ADOM database. |
| 742257 | NPU log servers for hyperscale does not show up in policy package. |
| 744591 | Installing or importing IPS custom signature may fail when a signature's name contains a space character. |
| 746273 | Column filter may be extremely slow with large policy packages. |
| 747330 | FortiManager cannot assign or replace VIP with SD-WAN as source interface. |
| 748523 | After creating a VIP, FortiManager may not be able to choose the VIP on a policy. |
| 748524 | VIP is not visible in the policy, if the external interface is not the same as policy SD-WAN source interface. |
| 749519 | IPv4 policies in policy block may hidden on FortiManager's GUI. |
| 750160 | custom-url-list may not be
correctly parsed when URLs contain space characters. |
|
751550 |
In |
Revision History
|
Bug ID |
Description |
|---|---|
| 640714 | FortiManager cannot correctly retrieve and import interface subnet type address showing 0.0.0.0 for IP. |
| 642878 | FortiManager should return a clear copy fail log for dynamic interface check error. |
| 643101 | Copy may fail due to VIP overlapping when installing policy package. |
| 674094 | FortiManager may unset explicit
proxy's HTTPS and PAC ports, and change the value to 0 instead. |
| 674196 | Installation may fail after
editing or creating a firewall policy if reputation-minimum is set. |
| 680549 | Restricted user's Quick Install is not working correctly for Rating Overrides. |
| 683728 | Installation fails due to VIP mapped IP range error when installing v6.2 policy package to v6.4 device. |
| 711314 | VDOM specific Disclaimer Page configuration is purged from default replacemsg-group during Policy Package installation. |
| 713552 | If VIP address's source-filter list is too long, installation may fail. |
| 722332 | For AP Profile change, installation preview may show No Entry. |
| 724340 | FortiManager may unset
forward-error-correction from FortiGate 7060E devices. |
| 724647 | After upgrading to 6.4, retrieval from a chassis may take a long time. |
| 725252 | When customer is trying to push policy package to a device group, installation window may not show any progress, but with a red cross. |
| 725557 | Install always try to delete hardware switch member interface causing installation failure. |
| 725717 | After upgrade, installation may
fail due to mcast-session-counting. |
| 728117 | After upgrade, install may fail
due to set pri-type-max 1000000. |
| 728918 | FortiManager should install changes applied on Global policy package and not indicate warnings like no installing devices/no changes on package. |
| 729587 | FortiManager may create an already deleted admin account on FortiGate when installing changes for a new VDOM. |
| 733518 | FortiManager may incorrectly move DNAT objects. |
| 735455 | FortiManager may try to delete thousands of policies during install. |
| 735988 | Switch and AP names may be reverted by controller status update from FortiGate. |
|
740858 |
GCP project name must be set during install. |
| 741543 | Install may fail with unset MAC address on EMAC VLAN. |
| 742242 | Install fails after upgrade due
to set server-identity-check enable on LDAP server configuration. |
| 742806 | When modifying a configuration and installing Device Settings only, FortiManager may not display the device's configuration change. |
|
743313 |
After retrieving configuration from FortiGate, FortiManager changes an interface with type Hardware Switch to Physical. |
|
744966 |
After upgrading FortiManager, policy install verification may fail with Config status changes to Conflict due to invalid default value for log memory filter. |
| 745715 | FortiManager may not be able to install policy package with firewall rule using VIP group due to zone binding. |
| 747837 | FortiManager may try to delete
interfaces lan1, lan2, and lan3, which are used by virtual-switch.sw0 on
FortiGate-40F. |
|
749587 |
If a device revision is corrupted, FortiManager may be able to remove or create any revision. |
Script
| Bug ID | Description |
|---|---|
| 729571 | TCL script commands run on device no longer show in the script log. |
|
734942 |
Script includes static route with SD-WAN enabled may report error. |
|
744030 |
FortiManager should not allow running script against device database with incorrect command. |
Services
|
Bug ID |
Description |
|---|---|
| 685678 | When FortiMail FIPS mode is enabled, FortiManager should be able to validate its license. |
| 714127 | Backup ADOM does not support firmware template upgrade. |
| 725118 | FortiManager may not log FortiGuard connectivity failures. |
| 725721 | FortiManager may not be able to recognize all FortiGate units within HA cluster, and it may not be able to provide update services to all units. |
| 730877 | The upgrade matrix file may be missing, and FortiManager is unable to calculate upgrade paths without the upgrade matrix file. |
| 733174 | FortiManager may not be able to recognize the object id 06002000NIDS02604 as IPS Signature Database(Extended). |
| 733873 | FortiManager may not get FortiGate HA cluster's contract information when Device Manager shows the secondary device's SN. |
| 739625 | FortiManager may not display licensing information for FortiTester. |
| 741846 | AP upgrade task may hang at 45%. |
System Settings
|
Bug ID |
Description |
|---|---|
| 617601 | Sort by Time Used in Task Monitor may not be correct. |
| 663185 | Search may not work for event logs in text mode. |
| 690926 | FortiManager removes SD-WAN field description upon ADOM upgrading from 6.2 to 6.4. |
| 696554 | FortiManager may generate a lot of cdb event log for object changed event logs. |
| 700608 | The variable from meta data that is shown is not case sensitive, whereas the variable is case sensitive when using in a CLI template. |
| 705145 | Username is truncated to 49 characters in the notification Emails sent by FortiManager for workflow approvals. |
| 711686 | Workflow approval does not work when admin name has more than 49 characters. |
| 722320 | The NOT search in advanced/text mode search is not working for system event logs. |
| 726007 | Admin User systematically gets access to root ADOM in case of RADIUS authentication and Fortinet-Vdom-Name VSA is not set. |
| 727233 | ADOM license count should not count root ADOM. |
| 728942 | FortiManager may gray out some devices' tasks with error, which cannot be grouped together. |
| 728991 | Nested group search fails with Bad search filter if the user DN contains characters like "," and "()". |
| 729280 | Admin User with no access to management ADOM or VDOM can create a new VDOM from non-management ADOM > VDOM. |
|
731084 |
FortiManager upgrade should not have warning when there is no upgrade path. |
| 735067 | When creating a local account with the Force this administrator to change password upon next log on option checked, the setting should be applied for the first login. |
| 736205 | FortiManager may get stuck during upgrade. |
| 738395 | FortiManager tasks' time used should not be increased by timezone. |
| 738622 | ADOM upgrade from 6.0 to 6.2 may fail due to FortiExtender object. |
|
743411 |
FortiManager should show more than five local certificates. |
VPN Manager
|
Bug ID |
Description |
|---|---|
| 712633 | VPN Manager pushes default
dpd-retrycount and dpd-retryinterval, but it cannot
display them. |
| 712861 | Policy Package Status stays Synchronized despite SSL-VPN Portal configuration being changed by using VPN Manager. |
| 721783 | Applying Authentication or Portal Mapping changes may take several minutes. |
| 722924 | FortiManager may not be able to
edit skip-check-for-unsupported-os enable under SSL portal
profile. |
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
|
630016 |
FortiManager 7.0.2 is no longer vulnerable to the following CVE-Reference:
|
|
729527 |
FortiManager 7.0.2 is no longer vulnerable to the following CVE-Reference:
|