Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 7.0.2. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description

673020

Creating SSID interface with central AP Manager automatically generates normalized interface name that has no default mapping configuration.

702114

FortiManager is unable to see 5Ghz Clients in Health Monitor.

728372

Importing SSID with optional VLAN ID set creates incorrect per-device mapping.

Device Manager

Bug ID

Description

563690 Device Manager fails to add FortiAnalyzer that contains a FortiGate HA device with error: serial number does not match database.
609859 When installing device settings, the default name for downloaded preview file should be more identifiable for a device.
637388 System Dashboard's time zones are not sorted within the dropdown list.
638750 Where Used may not work for IPsec Phase 2 allowing users to delete used objects.
662095 FortiManager may take too much time to send SLA updates to over thousands of FortiGate devices.
665207 FortiManager needs IPv6 support on Syslog server setting.
691611 FortiManager does auto-retrieve and causes all policy package statuses to become unknown after a new VDOM is created on FortiGate.
696330 FortiManager may change all devices to Managed FortiGate when hiding all unauthorized devices, and it cannot be switched back.
696524 Promote button task does not work and hangs, if FortiManager cannot SSH access to HA cluster.
696730 FortiManager is unable to promote Secondary FortiGate as Primary in a HA Cluster.
698388 FortiManager cannot edit or create a static route with SD-WAN returning an error.
705448 Device connection status may remain up after shutting down device port and updating device status.
713833 It may not be possible to rename device zone.
714611 Creating interface from VDOM may return No Match Found error.
718184 AutoUpdate with unset options and unset post-lang may cause device database and policy package status to display as OUT-OF-SYNC.
719968 SD-WAN Monitor should properly show the Map View of all devices.

724600

FortiManager may not be able to install static default route for SD-WAN from Static route Template.

725570 FortiManager may return device can not be empty error when creating or editing a static route on SD-WAN interface.
726167 Installing static route template may fail because interface is in another VDOM.
727123 Meta Field is not translating values with spaces into correct scripts.
728655 Configuration status may not be shown as Synchronized after installation.
728687 Policy package status may change to Modified on all FortiGate devices when a dynamic address group changes.
729301 A managed FortiGate with assigned CLI template remains in Modified state following a successful device configure installation.
729606 FortiManager should show where a Device Zone is used under Device Manager.
730482 CLI Template cannot add system DNS database entries if set domain contains the underscore character (_).
731204 FortiManager may incorrectly display Object already exists message while creating a new Hardware Switch interface.
731551 FortiManager may return error, Failed to synchronize FortiAnalyzer with current ADOM data.Fail(errno=-3):Object does not exist, when adding FortiAnalyzer devices.
732246 Clock format option no longer works to format date in TCL scripts.
733076 Model device links to real device may not work.
733080 Device status is shown as Up on GUI, even though there is no activity for the session between FortiManager and FortiGate.
733934 During zero-touch provisioning with Enforce Firmware Version enabled, upgrade task may hang if the connection is reset during the image transfer.
734487 Device's hardware switch interface > physical interface member may not save.
735106 Delete is spelled incorrectly when attempting to delete invalid host cluster device.
735402 When creating a new CLI Group Template and trying to add members to it, it does not allow users to select other CLI Group Templates that were already created.
737025 SD-WAN Monitor widget may not be loaded when multiple performance SLAs are added.
737173 FortiManager should not unset l2tp and encapsulation with VPN phase2 interface.
739369 When revision history is very large, FortiManager may not be able to retrieve configuration.
739624 FortiManager should support FortiTester version 4.

FortiSwitch Manager

Bug ID Description

684371

Clicking OK to import FortiSwitch Template results in no response.

714174

FortiSwitch manager DHCP reservation configuration may not synchronize correctly with FortiGate.

740936

FortiSwitch VLAN template creates unknown interface platform mapping.

Global ADOM

Bug ID

Description

667197 User should not be able to delete global object when ADOM is unlocked.
725763 Automatic install to ADOM devices may fail from Global ADOM.
728803 Copying global firewall policy may fail due to duplicate IPS sensors.
736541 NAT may stay as disabled on Global ADOM.
737381 FortiManager should not allow users to delete the default reserved address object starting with g-.

745772

FortiManager may randomly delete FortiManager IPv4 policies when assigning from the Global ADOM.

Others

Bug ID

Description

505795 FortiManager should allow users to configure the list of allowed TLS cipher suites.
510508 FortiManager cannot assign multiple ADOMs to an admin user via JSON API.
697361 FortiExtender status may not be correctly displayed.
718251 Web Service with port 8080 disabled may still be in listening state.
731574 FortiManager may not be able to change web filter category action via JSON API.
732144 A CA certificate may be missing from some older FortiManager platforms causing failure to login with FortiCloud SSO.
733078 FortiManager may show multiple fmgd crashes with signal 11 segmentation fault.
733208 Users may not be able to login from GUI after restored database with changed HTTP or HTTPS port number.
736229 API may fail to promote unauthorized devices to a different ADOM.
738918 After upgrade, FortiManager may set firewall-address 100000 on VDOM enabled FortiGate.
740523 Retrieve task may fail due to auto-update file already having been deleted by FGFM tunnel.
741118 Install policy package may hang at 50% with security console crash.
742137 FortiManager may return an error when running an Ansible script to configure network interfaces, zones, and policies.
744736 FGFM tunnel may go up and down with multiple fgfmsd crashes.
746311 fgdsvr process may crash when URL length is longer than 1024 characters.

Policy and Objects

Bug ID

Description

503978 Thread Feeds should be Threat Feeds on Fabric Connector.
549492 Load-balance type VIP cannot be displayed and saved correctly.
623346 In NGFW-policy policy package, FortiManager does not show Security Virtual Wire Pair Policy or Virtual Wire Pair SSL Inspection & Authentication.
644822 Imported SDN Connector objects may change to random names.
648970 If a profile group enables WAF or ICAP profile, the group should be hidden in flow-based policy.
657534 SSH and MAPI should not be supported in file filter profile protocol under flow mode.
666258 User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop.
690231 Where-used may fail to display references to certificate-inspection that were added to firewall policies in previous versions.
690295 FortiManager may be slow when multiple users access GUI at the same time.
699975 Multiple filters are missing for Azure SDN Connector.
709908 When checking the status on AntiVirus profile, it may not show the correct inspection mode in list view when status stays in flow-based (Full Scan).
710676 System replacement message group, replacemsg-group auth-intf-quarantine, does not exist.
710736 Classic Dual Pane mode cannot change left-panel size of object configuration.
714975 Imported groups or labels may not be available for direct use with policy.
716114 FortiManager should push changes in ssl-ssh-profile with Untrusted SSL Certificates setting reverted from Block to Allow.
719698 Performance for policy install may be slightly degraded after upgrading from 6.4.5 to 6.4.6.
720896 SSO admin with Restricted Admin profile should be able to view Web Filter, Application Control, or IPS objects.
722087 Edit user group with remote members on FortiManager GUI may cause unexpected change in set group-name.
724718 When FortiManager's NSX-T connector is executing an API request, it should not be limited to 50 records.
725024 Proxy Policy page shows empty when the View Mode is selected as Interface Pair View.
725132 When modifying IP address of Default VPN Interface of spoke in Device Manager, hub remote gateway should be modified to reflect that change.
725681 Under dual pane, scrolling may be available to move panels out of viewable area.
726077 Authentication Rules may run incorrect validation that prevents submission and results in an error: The IP versions in source and destination addresses or Internet Services do not match.
726548 User-info-server option is not available under dynamic mapping in CLI under user FSSO.
728689 FortiManager does not show warning or error while selecting no-inspection with UTM profile, which does not match FortiGate behavior.
728985 FortiManager may show signatures that have been deleted by FortiGuard.
729289 FortiManager should have an option to set fortitoken/email/sms to unset or blank.
729705 Installing policy requires Interface Validation for interfaces that are not being used in policy package.
730523 Unused policies tool may always generate a PDF containing all policies.
731053 FortiManager may miss some Internet Service entries.
732138 Non-full admin users should be able to export Policy Check and Unused Policy results.
734556 FQDN type firewall address object can be created with an unsupported format.
735083 Policy packages' folders may not be displayed in alphabetical order.
735397 Cloned object's revision history information may not be related to the clone task.
735432 Users with ADOM-specified admin privilege may not be able to view policy package.
735738 When creating a VIP object with port forwarding filter, FortiManager may show an error.
735743 In classic dual pane, column settings are hidden by the object configuration pane.
738109 FortiManager may not install auth-cert from policy package to device.
738231 Creating VIP with IPv4 external IP mapped to IPv6 may trigger an error, a.mappedip is undefined.
738595 FortiManager may not correctly push AWS connector credentials.
738745 When an object is renamed, the new name must be used on all policies.
739205 FortiManager may thrown error Cannot delete the only package or folder, when deleting policy block.
740331 IP Pool details may be missing in ADOM v6.2.
740944 Custom IPS Signature script may fail to run on policy package or ADOM database.
742257 NPU log servers for hyperscale does not show up in policy package.
744591 Installing or importing IPS custom signature may fail when a signature's name contains a space character.
746273 Column filter may be extremely slow with large policy packages.
747330 FortiManager cannot assign or replace VIP with SD-WAN as source interface.
748523 After creating a VIP, FortiManager may not be able to choose the VIP on a policy.
748524 VIP is not visible in the policy, if the external interface is not the same as policy SD-WAN source interface.
749519 IPv4 policies in policy block may hidden on FortiManager's GUI.
750160 custom-url-list may not be correctly parsed when URLs contain space characters.

751550

In ZTNA-tag policy, ztna-status and related attributes are changed to skip after upgrade.

Revision History

Bug ID

Description

640714 FortiManager cannot correctly retrieve and import interface subnet type address showing 0.0.0.0 for IP.
642878 FortiManager should return a clear copy fail log for dynamic interface check error.
643101 Copy may fail due to VIP overlapping when installing policy package.
674094 FortiManager may unset explicit proxy's HTTPS and PAC ports, and change the value to 0 instead.
674196 Installation may fail after editing or creating a firewall policy if reputation-minimum is set.
680549 Restricted user's Quick Install is not working correctly for Rating Overrides.
683728 Installation fails due to VIP mapped IP range error when installing v6.2 policy package to v6.4 device.
711314 VDOM specific Disclaimer Page configuration is purged from default replacemsg-group during Policy Package installation.
713552 If VIP address's source-filter list is too long, installation may fail.
722332 For AP Profile change, installation preview may show No Entry.
724340 FortiManager may unset forward-error-correction from FortiGate 7060E devices.
724647 After upgrading to 6.4, retrieval from a chassis may take a long time.
725252 When customer is trying to push policy package to a device group, installation window may not show any progress, but with a red cross.
725557 Install always try to delete hardware switch member interface causing installation failure.
725717 After upgrade, installation may fail due to mcast-session-counting.
728117 After upgrade, install may fail due to set pri-type-max 1000000.
728918 FortiManager should install changes applied on Global policy package and not indicate warnings like no installing devices/no changes on package.
729587 FortiManager may create an already deleted admin account on FortiGate when installing changes for a new VDOM.
733518 FortiManager may incorrectly move DNAT objects.
735455 FortiManager may try to delete thousands of policies during install.
735988 Switch and AP names may be reverted by controller status update from FortiGate.

740858

GCP project name must be set during install.

741543 Install may fail with unset MAC address on EMAC VLAN.
742242 Install fails after upgrade due to set server-identity-check enable on LDAP server configuration.
742806 When modifying a configuration and installing Device Settings only, FortiManager may not display the device's configuration change.

743313

After retrieving configuration from FortiGate, FortiManager changes an interface with type Hardware Switch to Physical.

744966

After upgrading FortiManager, policy install verification may fail with Config status changes to Conflict due to invalid default value for log memory filter.

745715 FortiManager may not be able to install policy package with firewall rule using VIP group due to zone binding.
747837 FortiManager may try to delete interfaces lan1, lan2, and lan3, which are used by virtual-switch.sw0 on FortiGate-40F.

749587

If a device revision is corrupted, FortiManager may be able to remove or create any revision.

Script

Bug ID Description
729571 TCL script commands run on device no longer show in the script log.

734942

Script includes static route with SD-WAN enabled may report error.

744030

FortiManager should not allow running script against device database with incorrect command.

Services

Bug ID

Description

685678 When FortiMail FIPS mode is enabled, FortiManager should be able to validate its license.
714127 Backup ADOM does not support firmware template upgrade.
725118 FortiManager may not log FortiGuard connectivity failures.
725721 FortiManager may not be able to recognize all FortiGate units within HA cluster, and it may not be able to provide update services to all units.
730877 The upgrade matrix file may be missing, and FortiManager is unable to calculate upgrade paths without the upgrade matrix file.
733174 FortiManager may not be able to recognize the object id 06002000NIDS02604 as IPS Signature Database(Extended).
733873 FortiManager may not get FortiGate HA cluster's contract information when Device Manager shows the secondary device's SN.
739625 FortiManager may not display licensing information for FortiTester.
741846 AP upgrade task may hang at 45%.

System Settings

Bug ID

Description

617601 Sort by Time Used in Task Monitor may not be correct.
663185 Search may not work for event logs in text mode.
690926 FortiManager removes SD-WAN field description upon ADOM upgrading from 6.2 to 6.4.
696554 FortiManager may generate a lot of cdb event log for object changed event logs.
700608 The variable from meta data that is shown is not case sensitive, whereas the variable is case sensitive when using in a CLI template.
705145 Username is truncated to 49 characters in the notification Emails sent by FortiManager for workflow approvals.
711686 Workflow approval does not work when admin name has more than 49 characters.
722320 The NOT search in advanced/text mode search is not working for system event logs.
726007 Admin User systematically gets access to root ADOM in case of RADIUS authentication and Fortinet-Vdom-Name VSA is not set.
727233 ADOM license count should not count root ADOM.
728942 FortiManager may gray out some devices' tasks with error, which cannot be grouped together.
728991 Nested group search fails with Bad search filter if the user DN contains characters like "," and "()".
729280 Admin User with no access to management ADOM or VDOM can create a new VDOM from non-management ADOM > VDOM.

731084

FortiManager upgrade should not have warning when there is no upgrade path.

735067 When creating a local account with the Force this administrator to change password upon next log on option checked, the setting should be applied for the first login.
736205 FortiManager may get stuck during upgrade.
738395 FortiManager tasks' time used should not be increased by timezone.
738622 ADOM upgrade from 6.0 to 6.2 may fail due to FortiExtender object.

743411

FortiManager should show more than five local certificates.

VPN Manager

Bug ID

Description

712633 VPN Manager pushes default dpd-retrycount and dpd-retryinterval, but it cannot display them.
712861 Policy Package Status stays Synchronized despite SSL-VPN Portal configuration being changed by using VPN Manager.
721783 Applying Authentication or Portal Mapping changes may take several minutes.
722924 FortiManager may not be able to edit skip-check-for-unsupported-os enable under SSL portal profile.

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

630016

FortiManager 7.0.2 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-36192

729527

FortiManager 7.0.2 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-36192

Resolved Issues

The following issues have been fixed in 7.0.2. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description

673020

Creating SSID interface with central AP Manager automatically generates normalized interface name that has no default mapping configuration.

702114

FortiManager is unable to see 5Ghz Clients in Health Monitor.

728372

Importing SSID with optional VLAN ID set creates incorrect per-device mapping.

Device Manager

Bug ID

Description

563690 Device Manager fails to add FortiAnalyzer that contains a FortiGate HA device with error: serial number does not match database.
609859 When installing device settings, the default name for downloaded preview file should be more identifiable for a device.
637388 System Dashboard's time zones are not sorted within the dropdown list.
638750 Where Used may not work for IPsec Phase 2 allowing users to delete used objects.
662095 FortiManager may take too much time to send SLA updates to over thousands of FortiGate devices.
665207 FortiManager needs IPv6 support on Syslog server setting.
691611 FortiManager does auto-retrieve and causes all policy package statuses to become unknown after a new VDOM is created on FortiGate.
696330 FortiManager may change all devices to Managed FortiGate when hiding all unauthorized devices, and it cannot be switched back.
696524 Promote button task does not work and hangs, if FortiManager cannot SSH access to HA cluster.
696730 FortiManager is unable to promote Secondary FortiGate as Primary in a HA Cluster.
698388 FortiManager cannot edit or create a static route with SD-WAN returning an error.
705448 Device connection status may remain up after shutting down device port and updating device status.
713833 It may not be possible to rename device zone.
714611 Creating interface from VDOM may return No Match Found error.
718184 AutoUpdate with unset options and unset post-lang may cause device database and policy package status to display as OUT-OF-SYNC.
719968 SD-WAN Monitor should properly show the Map View of all devices.

724600

FortiManager may not be able to install static default route for SD-WAN from Static route Template.

725570 FortiManager may return device can not be empty error when creating or editing a static route on SD-WAN interface.
726167 Installing static route template may fail because interface is in another VDOM.
727123 Meta Field is not translating values with spaces into correct scripts.
728655 Configuration status may not be shown as Synchronized after installation.
728687 Policy package status may change to Modified on all FortiGate devices when a dynamic address group changes.
729301 A managed FortiGate with assigned CLI template remains in Modified state following a successful device configure installation.
729606 FortiManager should show where a Device Zone is used under Device Manager.
730482 CLI Template cannot add system DNS database entries if set domain contains the underscore character (_).
731204 FortiManager may incorrectly display Object already exists message while creating a new Hardware Switch interface.
731551 FortiManager may return error, Failed to synchronize FortiAnalyzer with current ADOM data.Fail(errno=-3):Object does not exist, when adding FortiAnalyzer devices.
732246 Clock format option no longer works to format date in TCL scripts.
733076 Model device links to real device may not work.
733080 Device status is shown as Up on GUI, even though there is no activity for the session between FortiManager and FortiGate.
733934 During zero-touch provisioning with Enforce Firmware Version enabled, upgrade task may hang if the connection is reset during the image transfer.
734487 Device's hardware switch interface > physical interface member may not save.
735106 Delete is spelled incorrectly when attempting to delete invalid host cluster device.
735402 When creating a new CLI Group Template and trying to add members to it, it does not allow users to select other CLI Group Templates that were already created.
737025 SD-WAN Monitor widget may not be loaded when multiple performance SLAs are added.
737173 FortiManager should not unset l2tp and encapsulation with VPN phase2 interface.
739369 When revision history is very large, FortiManager may not be able to retrieve configuration.
739624 FortiManager should support FortiTester version 4.

FortiSwitch Manager

Bug ID Description

684371

Clicking OK to import FortiSwitch Template results in no response.

714174

FortiSwitch manager DHCP reservation configuration may not synchronize correctly with FortiGate.

740936

FortiSwitch VLAN template creates unknown interface platform mapping.

Global ADOM

Bug ID

Description

667197 User should not be able to delete global object when ADOM is unlocked.
725763 Automatic install to ADOM devices may fail from Global ADOM.
728803 Copying global firewall policy may fail due to duplicate IPS sensors.
736541 NAT may stay as disabled on Global ADOM.
737381 FortiManager should not allow users to delete the default reserved address object starting with g-.

745772

FortiManager may randomly delete FortiManager IPv4 policies when assigning from the Global ADOM.

Others

Bug ID

Description

505795 FortiManager should allow users to configure the list of allowed TLS cipher suites.
510508 FortiManager cannot assign multiple ADOMs to an admin user via JSON API.
697361 FortiExtender status may not be correctly displayed.
718251 Web Service with port 8080 disabled may still be in listening state.
731574 FortiManager may not be able to change web filter category action via JSON API.
732144 A CA certificate may be missing from some older FortiManager platforms causing failure to login with FortiCloud SSO.
733078 FortiManager may show multiple fmgd crashes with signal 11 segmentation fault.
733208 Users may not be able to login from GUI after restored database with changed HTTP or HTTPS port number.
736229 API may fail to promote unauthorized devices to a different ADOM.
738918 After upgrade, FortiManager may set firewall-address 100000 on VDOM enabled FortiGate.
740523 Retrieve task may fail due to auto-update file already having been deleted by FGFM tunnel.
741118 Install policy package may hang at 50% with security console crash.
742137 FortiManager may return an error when running an Ansible script to configure network interfaces, zones, and policies.
744736 FGFM tunnel may go up and down with multiple fgfmsd crashes.
746311 fgdsvr process may crash when URL length is longer than 1024 characters.

Policy and Objects

Bug ID

Description

503978 Thread Feeds should be Threat Feeds on Fabric Connector.
549492 Load-balance type VIP cannot be displayed and saved correctly.
623346 In NGFW-policy policy package, FortiManager does not show Security Virtual Wire Pair Policy or Virtual Wire Pair SSL Inspection & Authentication.
644822 Imported SDN Connector objects may change to random names.
648970 If a profile group enables WAF or ICAP profile, the group should be hidden in flow-based policy.
657534 SSH and MAPI should not be supported in file filter profile protocol under flow mode.
666258 User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop.
690231 Where-used may fail to display references to certificate-inspection that were added to firewall policies in previous versions.
690295 FortiManager may be slow when multiple users access GUI at the same time.
699975 Multiple filters are missing for Azure SDN Connector.
709908 When checking the status on AntiVirus profile, it may not show the correct inspection mode in list view when status stays in flow-based (Full Scan).
710676 System replacement message group, replacemsg-group auth-intf-quarantine, does not exist.
710736 Classic Dual Pane mode cannot change left-panel size of object configuration.
714975 Imported groups or labels may not be available for direct use with policy.
716114 FortiManager should push changes in ssl-ssh-profile with Untrusted SSL Certificates setting reverted from Block to Allow.
719698 Performance for policy install may be slightly degraded after upgrading from 6.4.5 to 6.4.6.
720896 SSO admin with Restricted Admin profile should be able to view Web Filter, Application Control, or IPS objects.
722087 Edit user group with remote members on FortiManager GUI may cause unexpected change in set group-name.
724718 When FortiManager's NSX-T connector is executing an API request, it should not be limited to 50 records.
725024 Proxy Policy page shows empty when the View Mode is selected as Interface Pair View.
725132 When modifying IP address of Default VPN Interface of spoke in Device Manager, hub remote gateway should be modified to reflect that change.
725681 Under dual pane, scrolling may be available to move panels out of viewable area.
726077 Authentication Rules may run incorrect validation that prevents submission and results in an error: The IP versions in source and destination addresses or Internet Services do not match.
726548 User-info-server option is not available under dynamic mapping in CLI under user FSSO.
728689 FortiManager does not show warning or error while selecting no-inspection with UTM profile, which does not match FortiGate behavior.
728985 FortiManager may show signatures that have been deleted by FortiGuard.
729289 FortiManager should have an option to set fortitoken/email/sms to unset or blank.
729705 Installing policy requires Interface Validation for interfaces that are not being used in policy package.
730523 Unused policies tool may always generate a PDF containing all policies.
731053 FortiManager may miss some Internet Service entries.
732138 Non-full admin users should be able to export Policy Check and Unused Policy results.
734556 FQDN type firewall address object can be created with an unsupported format.
735083 Policy packages' folders may not be displayed in alphabetical order.
735397 Cloned object's revision history information may not be related to the clone task.
735432 Users with ADOM-specified admin privilege may not be able to view policy package.
735738 When creating a VIP object with port forwarding filter, FortiManager may show an error.
735743 In classic dual pane, column settings are hidden by the object configuration pane.
738109 FortiManager may not install auth-cert from policy package to device.
738231 Creating VIP with IPv4 external IP mapped to IPv6 may trigger an error, a.mappedip is undefined.
738595 FortiManager may not correctly push AWS connector credentials.
738745 When an object is renamed, the new name must be used on all policies.
739205 FortiManager may thrown error Cannot delete the only package or folder, when deleting policy block.
740331 IP Pool details may be missing in ADOM v6.2.
740944 Custom IPS Signature script may fail to run on policy package or ADOM database.
742257 NPU log servers for hyperscale does not show up in policy package.
744591 Installing or importing IPS custom signature may fail when a signature's name contains a space character.
746273 Column filter may be extremely slow with large policy packages.
747330 FortiManager cannot assign or replace VIP with SD-WAN as source interface.
748523 After creating a VIP, FortiManager may not be able to choose the VIP on a policy.
748524 VIP is not visible in the policy, if the external interface is not the same as policy SD-WAN source interface.
749519 IPv4 policies in policy block may hidden on FortiManager's GUI.
750160 custom-url-list may not be correctly parsed when URLs contain space characters.

751550

In ZTNA-tag policy, ztna-status and related attributes are changed to skip after upgrade.

Revision History

Bug ID

Description

640714 FortiManager cannot correctly retrieve and import interface subnet type address showing 0.0.0.0 for IP.
642878 FortiManager should return a clear copy fail log for dynamic interface check error.
643101 Copy may fail due to VIP overlapping when installing policy package.
674094 FortiManager may unset explicit proxy's HTTPS and PAC ports, and change the value to 0 instead.
674196 Installation may fail after editing or creating a firewall policy if reputation-minimum is set.
680549 Restricted user's Quick Install is not working correctly for Rating Overrides.
683728 Installation fails due to VIP mapped IP range error when installing v6.2 policy package to v6.4 device.
711314 VDOM specific Disclaimer Page configuration is purged from default replacemsg-group during Policy Package installation.
713552 If VIP address's source-filter list is too long, installation may fail.
722332 For AP Profile change, installation preview may show No Entry.
724340 FortiManager may unset forward-error-correction from FortiGate 7060E devices.
724647 After upgrading to 6.4, retrieval from a chassis may take a long time.
725252 When customer is trying to push policy package to a device group, installation window may not show any progress, but with a red cross.
725557 Install always try to delete hardware switch member interface causing installation failure.
725717 After upgrade, installation may fail due to mcast-session-counting.
728117 After upgrade, install may fail due to set pri-type-max 1000000.
728918 FortiManager should install changes applied on Global policy package and not indicate warnings like no installing devices/no changes on package.
729587 FortiManager may create an already deleted admin account on FortiGate when installing changes for a new VDOM.
733518 FortiManager may incorrectly move DNAT objects.
735455 FortiManager may try to delete thousands of policies during install.
735988 Switch and AP names may be reverted by controller status update from FortiGate.

740858

GCP project name must be set during install.

741543 Install may fail with unset MAC address on EMAC VLAN.
742242 Install fails after upgrade due to set server-identity-check enable on LDAP server configuration.
742806 When modifying a configuration and installing Device Settings only, FortiManager may not display the device's configuration change.

743313

After retrieving configuration from FortiGate, FortiManager changes an interface with type Hardware Switch to Physical.

744966

After upgrading FortiManager, policy install verification may fail with Config status changes to Conflict due to invalid default value for log memory filter.

745715 FortiManager may not be able to install policy package with firewall rule using VIP group due to zone binding.
747837 FortiManager may try to delete interfaces lan1, lan2, and lan3, which are used by virtual-switch.sw0 on FortiGate-40F.

749587

If a device revision is corrupted, FortiManager may be able to remove or create any revision.

Script

Bug ID Description
729571 TCL script commands run on device no longer show in the script log.

734942

Script includes static route with SD-WAN enabled may report error.

744030

FortiManager should not allow running script against device database with incorrect command.

Services

Bug ID

Description

685678 When FortiMail FIPS mode is enabled, FortiManager should be able to validate its license.
714127 Backup ADOM does not support firmware template upgrade.
725118 FortiManager may not log FortiGuard connectivity failures.
725721 FortiManager may not be able to recognize all FortiGate units within HA cluster, and it may not be able to provide update services to all units.
730877 The upgrade matrix file may be missing, and FortiManager is unable to calculate upgrade paths without the upgrade matrix file.
733174 FortiManager may not be able to recognize the object id 06002000NIDS02604 as IPS Signature Database(Extended).
733873 FortiManager may not get FortiGate HA cluster's contract information when Device Manager shows the secondary device's SN.
739625 FortiManager may not display licensing information for FortiTester.
741846 AP upgrade task may hang at 45%.

System Settings

Bug ID

Description

617601 Sort by Time Used in Task Monitor may not be correct.
663185 Search may not work for event logs in text mode.
690926 FortiManager removes SD-WAN field description upon ADOM upgrading from 6.2 to 6.4.
696554 FortiManager may generate a lot of cdb event log for object changed event logs.
700608 The variable from meta data that is shown is not case sensitive, whereas the variable is case sensitive when using in a CLI template.
705145 Username is truncated to 49 characters in the notification Emails sent by FortiManager for workflow approvals.
711686 Workflow approval does not work when admin name has more than 49 characters.
722320 The NOT search in advanced/text mode search is not working for system event logs.
726007 Admin User systematically gets access to root ADOM in case of RADIUS authentication and Fortinet-Vdom-Name VSA is not set.
727233 ADOM license count should not count root ADOM.
728942 FortiManager may gray out some devices' tasks with error, which cannot be grouped together.
728991 Nested group search fails with Bad search filter if the user DN contains characters like "," and "()".
729280 Admin User with no access to management ADOM or VDOM can create a new VDOM from non-management ADOM > VDOM.

731084

FortiManager upgrade should not have warning when there is no upgrade path.

735067 When creating a local account with the Force this administrator to change password upon next log on option checked, the setting should be applied for the first login.
736205 FortiManager may get stuck during upgrade.
738395 FortiManager tasks' time used should not be increased by timezone.
738622 ADOM upgrade from 6.0 to 6.2 may fail due to FortiExtender object.

743411

FortiManager should show more than five local certificates.

VPN Manager

Bug ID

Description

712633 VPN Manager pushes default dpd-retrycount and dpd-retryinterval, but it cannot display them.
712861 Policy Package Status stays Synchronized despite SSL-VPN Portal configuration being changed by using VPN Manager.
721783 Applying Authentication or Portal Mapping changes may take several minutes.
722924 FortiManager may not be able to edit skip-check-for-unsupported-os enable under SSL portal profile.

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

630016

FortiManager 7.0.2 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-36192

729527

FortiManager 7.0.2 is no longer vulnerable to the following CVE-Reference:

  • CVE-2021-36192