Known Issues
The following issues have been identified in 7.0.3. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.
AP Manager
Bug ID |
Description |
---|---|
708100 |
AP Manager cannot show Channels when 160 MHz channel width is set. |
749820 |
AP Manager > SSID > Advanced Options may not list objects under the settings "address-group". |
770234 |
5GHz DFS channels on AP Profile were not supported for FAP U231F. |
772213 |
FortiManager may try to delete default wtp 11ac-only profile on FortiWiFi-60F causing install to fail. |
781561 |
User may not be able to access AP Manager with custom read only admin profile. |
785471 |
FortiManager was deleting wireless-controller wtp and the objects referenced by wtp during the first installation after the upgrade. |
Device Manager
Bug ID |
Description |
---|---|
545239 |
After added FortiAnalzyer fabric ADOM to FortiManager, Device Manager's log status, Log Rate, or Device Storage column cannot get data from FortiAnalyzer. |
587404 |
FortiManager sets incorrect captive-portal-port value when installing v6.0 PolicyPackage to v6.2 devices. |
651560 |
SD-WAN monitor may stuck loading when admin user belongs to device group. |
677836 |
The Client Address Range setting should allow users to configure assign-IPs from firewall address or group. |
704106 |
Certificate Enrollment fails using SCEP on Microsoft server with sub-ca certificate chains. |
705212 |
When editing device in HA cluster, admin password change is not applied to secondary unit. |
725334 |
Importing policy package shows ngfw-mode policy-based with the inspection-mode set to proxy. |
729413 |
FortiManager is missing peer options with dial up user configuration with VPN IPSec Phase 1. |
743102 |
Device & Groups > VPN Phase1/Phase2 does not show the proposal column when using FGT-VM type "FGVMIB". |
748578 |
Retrieve FortiGate configuration may fail due to FSSO connector. |
751427 |
Provisioning Template with empty name cannot be deleted or edited. |
752443 |
Vertical scroll bar is missing in SD-WAN configuration. |
759255 |
User may not be able to click on the check box to import configuration with 6.2 ADOM. |
759708 |
The provisioning template 's status on Summary Dashboard always displays "Modified". |
763907 |
Certificates CN information may be invalid when FortiGate is registered by Zero-Touch-Provisioning. |
764369 |
FortiManager tries to install Security Fabric trusted list to all downstream FGs when a new one is added. |
764841 |
FortiManager is unable to use secondary IP as source IP in DNS database. |
765762 |
FortiManager is unable to install the Switch controller > VLAN interface configuration during the ZTP process. |
767185 |
Unable to create route map rule using 'match-interface' when using the BGP Templates under the Provisioning Templates. |
770567 |
When a device uses IPsec Tunnel Provisioning template with enable value for aggregate member, FortiManager may create a new system interface with the same name which is not expected behavior. |
770600 |
Comma between IP address and subnet causes saving problem on Prefix List Rule under BGP Templates. |
773336 |
FortiToken provision button is greyed out in Device Manager while it is enabled on FortiGate with the same token. |
776605 |
Editing provisioning CLI template without any modification may cause device status changed to Modified. |
779836 |
FortiManager cannot install TCP-connect using Random port for SD-WAN. |
779900 |
Administrative user GUI-dashboard information should be deleted upon VDOM deletion. |
780833 |
FortiManager cannot use space to set location under SNMP configuration. |
783517 |
Input-Device under CLI Configuration > System > SD-WAN > Service displays loading forever. |
791117 |
Unable to create simultaneous static routes with named address objects. |
791274 |
When optional meta fields are being used users cannot edit the devices. |
793941 |
Unable to install VPN psk with special characters through CLI template. |
794368 |
Removing the objects from Device Level DB did not delete the objects' reference from ADOM Level DB. |
795913 |
Error Probe Failure has been observed when adding FortiAnalyzer to FortiManager. |
799259 |
Duplicate CSF groups for 7.0 FortiGates (7.0.2+) due to syntax returning upstream-ip instead of upstream. |
Global ADOM
Bug ID | Description |
---|---|
691562 |
Threat feeds global objects are not installed to destination ADOM when using the assign all object option. |
740942 |
"srcintf" selector in Traffic Shaping Header or Footer Policy may not work in Global ADOM. |
743734 |
Cannot remove objects from Global Database. |
752328 |
Global database may be locked when viewing Workflow Session Diff. |
795327 |
When adding an ADOM to Global Database, the message "Double global assignment exists" keeps showing up. |
Others
Bug ID |
Description |
---|---|
703585 |
FortiManager may return 'Connection aborted' error with JSON API request. |
707911 |
FortiManager should be able to assign VLAN interface to FortiExtender. |
729175 |
FortiManager should highlight device consisting of specific IP address under Fabric View. |
747716 |
JSON API does not return gateway for IPSec route. |
774872 |
FortiManager should support more than 88 characters for password when backing up all settings. |
775574 |
There is a Criteria Latency field which is different between FGT & FMG when creating the manual interface option for SDWAN rules. |
776342 |
System NPU values may be different between FortiManager and FortiGate-1801F. |
776413 |
FortiManager Lock/commit operation is very slow when FortiManager HA is enabled. |
781642 |
FortiManager displays "failed to copy BRANCH_BGP_Recommended" error when performing the "check adom-integrity" test. |
781831 |
FortiManager should be able to retrieve EMS tags using hostname of FortiClient EMS Server if its able to resolve the hostname. |
783226 |
Fabric View may keep loading. |
786281 |
During the installation, FortiManager displays Policy Consistency Check failure without any clear reason. |
792887 |
Verification fail for default dnsfilter profile due to wrongly install "set category 0". |
Policy & Objects
Bug ID |
Description |
---|---|
701750 |
The App Control set to Monitor in FortiManager causes the App to disappear from FortiGate. |
713692 |
Web Filter Profile install may fail when using pre-defined URL filter. |
725427 |
Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPSEC policy. |
731037 |
There may be File Filter file type mismatch between FortiGate and FortiManager. |
751767 |
Export to excel when filters are applied for a policy package does not work. |
758494 |
Searching members inside an address group does not work. |
758680 |
Unable to complete the Cisco pxGrid fabric connector's configuration on FortiManager. |
767255 |
FortiManager fails to install the custom signature because it is too long. |
770210 |
Where used may not reporting used objects properly. |
770256 |
FortiManager displays error when using "push to install" for objects utilized by policy blocks. |
771165 |
Removing the objects from Device Level DB did not delete the object's reference from ADOM Level DB. |
771941 |
FortiManager is unable to import or create virtual server with real servers using the same IP but different "http-host". |
773249 |
FortiManager may not display the correct number of firewall address objects while adding the objects to DoS policy. |
773333 |
For User, the configurations for two-factor-authentication and two-factor-notification should not lead to installation failure. |
773403 |
FortiManager may now differentiate between the ISDB objects "Predefined Internet Services" and "IP Reputation Database". |
774058 |
Rule list order may not be saved under File Filter Profile. |
774111 |
FortiManager does not support Dynamic firewall address with sub-type Switch Controller NAC Policy TAG. |
774435 |
Right-click menu to add object may return an error: "cgn-resource-quote:out of range". |
775128 |
Unable to create more than 20 SAML users in policy package object. |
776361 |
Policy lookup may not work if the managed devices are in Transparent mode. |
777017 |
FortiManager purges the "arrp-profile" when installing the v6.2 policy packages to v6.4 FortiGates. |
777554 |
There may be slowness when using Find Duplicate Objects with Merge tools. |
777879 |
Copy fail error due to external-resource used in webfilter profile. |
778111 |
Removing the objects from Device Level DB did not delete the object's reference from ADOM Level DB. |
779853 |
When creating a Central DNAT policy in FortiManager, more services may not be added to policy with error: can't assign to property "from" on NaN: not an object. |
779947 |
Address group changes for per-device mapping does not apply to FortiGate when Address group is used in policy route. |
779965 |
Users may not be able to export firewall Header and Footer policies to Excel. |
781118 |
6.4 version ADOM policy package failed to enable policy NAT from GUI |
781118 |
ADOM version 6.4 policy package failed to enable policy NAT from GUI. |
782435 |
Moving a policy by dragging may not work properly. |
783899 |
There may not be empty lines in "IPS Signature and Filters". |
785341 |
Consolidated policy NAT is always disabled on the GUI. |
786684 |
Installation fails because the virtual-wan-link did not exist. |
786740 |
FortiManager displays Install failure due to adding "g-" prefix to the external-resource objects. |
789957 |
Created time doesn't indicate AM or PM on the Tools > Find Unused Policies. |
792980 |
Installation fails when trying to install SAML user configuration. |
793240 |
FortiManager fails to retrieve FortiGate's configuration when external-resource objects include a "g-" prefix. There are two workarounds; use the approach that works best for your environment. If it is possible, create a new backup of your FMG and FGT(s) before making any changes: First workaround approach:
Second workaround approach:
|
797091 |
"Synchronize Firewall Addresses" under the FortiClient EMS Connector does not automatically create and synchronize addresses for all EMS tags. |
801876 |
Installation failed due to "Copy global shared objects" failure. |
805783 |
After the 6.0 ADOM upgrade, installing the same v6.0 policy package got "unset webfilter-profile" in wanopt proxy policy. |
Revision History
Bug ID | Description |
---|---|
496870 |
Fabric SDN connector is installed on FortiGate, even if it is not in use. |
729148 |
Install fails when new transparent mode VDOM is added directly via FortiGate CLI and imported into FortiManager. |
774115 |
After upgrade, install may fail for FSSO password when private-data-encryption is enabled. |
775577 |
AutoUpdate may purge firewall shaping-profile. |
Script
Bug ID |
Description |
---|---|
766019 |
Failed to run the Post-Run CLI Template due to the "datasrc invalid" error. |
767577 | Installing a script to device database fails if switch-interface member contains VXLAN interface. |
780604 |
When creating a new phase1 interface, dpd=on-idle settings may not be saved. |
787113 |
TCL scripts fails to run if the admin's password is longer than 36 characters. |
793407 |
Installation fails if one of the BGP network prefix entry is a supernet. |
Services
Bug ID | Description |
---|---|
798979 |
FortiManager cannot download the latest IPS DB. |
System Settings
Bug ID | Description |
---|---|
728972 |
"fmDeviceEntSupportState" OID returns incorrect value for some devices. |
752916 |
FortiManager should be able to set desired permissions for Extender Manager in administrator profile settings. |
753690 |
SNMPv3 security option configuration has discrepancy between GUI and CLI. |
762663 |
FortiManager should have the CA Identifier as configurable for SCEP server request. |
768636 |
Password cannot be longer than 63 characters for configuration auto backup. |
768682 |
Setting a Cluster ID for a model HA cluster results in an invalid group ID under config system HA. |
775091 |
Two factor authentication fails when special characters are used in CN. |
777726 |
FortiManager may not generate event logs for meta field changes. |
778405 |
Script Groups should be copied with their members when cloning an ADOM. |
782345 |
FortiManager may not be able to upgrade ADOM from 6.2 to 6.4: err=-2,Policy ippool (ippool6) name cannot be empty. |
783066 |
The number of FortiGate devices registered is in the upper limit of the license count may causes HA becomes asynchronized. |
787588 |
Webfiltering HTTPS 8888 is not working after FMG upgraded from 6.4.7 to 7.0.4. |
790409 |
idle_timeout under admin's setting is not converted properly after performing the upgrade. |
VPN Manager
Bug ID | Description |
---|---|
615890 |
IPSec VPN Authusergrp option "Inherit from Policy" is missing when setting xauthtype as auto server. |
699759 |
When installing a policy package, per device mapped objects used in SSL VPN cannot be installed. |
773710 |
When editing an existing SSL VPN settings, the Banned-cipher and cipersuite may be keep changing. |
774040 |
Keyboard-layout configuration in VPN SSL web portal predefined RDP bookmark generates incorrect commands. |
779498 |
VPN monitor may not display correct information when FortiManager is in advanced ADOM mode. |
780154 |
Policy package should be pushed to VPN hubs without error, "interface IP is 0". |