Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 7.0.4. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description

755815

"local-standalone" and "local-authentication" features are inconsistent with FortiOS/FortiGate.

810804

FortiManager does not support configuration for wireless-controller nac-profile.

Device Manager

Bug ID

Description

676415

SAML account with remote certificate not getting imported to FortiManager-Cloud.

704106

Certificate enrollment fails using SCEP on Microsoft server with sub-ca certificate chains.

736990

System Template cannot be assigned to a device as a member of a device group when the required meta-fields are used.

739746

When VDOM is enabled, FortiManager shows multiple firmware templates on Device Manager with different status.

753548

Error message peer must be set can be seen when configuring the IPSec Tunnel Templates.

764491

Unable to configure more than one IP addresses for "vrdst" under the "interface vrrp" setting.

767185

Unable to create route map rule using 'match-interface' when using the BGP Templates under the Provisioning Templates.

770699

Speedtest and speedtest-bypass-routing under SD-WAN templates configuration cannot be set on FortiManager.

773147

Installation fails due to the unexpected system interface config changes for "pvc" related settings.

775552

The view device revision under Revision History does not display the full and complete device's configuration.

777925

Several unregistered FortiGates consume FortiManager's resources thus FortiManager becomes very slow and unresponsive.

782752

FortiManager does not update its Fortigate's IP address in case the IP gets modified on the FortiGate.

791117

Unable to create simultaneous static routes with named address objects.

792553

Removing VLANs from zones and adding a new VLAN to the same zone deletes that Zone.

793021

Creating the interface type Software Switch throws an error when adding a VLAN interface as a member.

793495

It is not possible to select all objects filtered by the search under Device Manager.

793510

Special characters in Meta fields are displayed in HTML Numeric Code.

793941

Unable to install VPN psk with special characters through CLI template.

796842

Failed to reload the configuration due to the "datasrc invalid" error message.

796920

"OPEN" mode is missing from the System Template's WIFI SSID.

799259

Duplicate CSF groups for 7.0 FGTs (7.0.2+) due to syntax returning upstream-ip instead of upstream.

800773

FortiManager doesn't show the filter configuration for syslogd correctly.

803683

Installation filed due to the config wireless-controller SNMP settings.

804237

Unable to modify the firmware templates under the Device &  Groups.

Global ADOM

Bug ID

Description

743734 Cannot remove objects from Global Database.

768527

After upgrading the global ADOM, installation failed due to the custom ssl-ssh-profile config.

794206

Policy installation fails due to Global Object adding prefix g- in threat feed.

Others

Bug ID

Description

763635

Unable to upgrade an ADOM from 6.2 to 6.4.

766874

FortiManager holds the wrong value for AP limit of the FG-80F.

780548 "Push Update" does not work for pending device under the FortiGuard > License Status.

781530

FortiManager does not sent the proper response for SNMP request to the fmDeviceEntSupportState query.

784034

HA Configuration in Zero-touch provisioning (ZTP) does not synchronize to the secondary FortiGate.

785797

diag cdb upgrade force-retry del-invalid-ref never stops.

792296

ADOM upgrade fails due to the virtual wire pair policy.

794256

Unable to export update manager log files for the sftp fdssvrd.

794304

"Interface Bandwidth" widget is displayed in ADOM 6.2 in 6.4 FortiManager's version.

794633

FortiManager configured in closed network was unable to fetch the FGD DBs which was previously manually saved on another closed network FortiManager.

795111

Unable to add/modify a FPX 'Explicit Proxy' policy from a FortiProxy ADOM in FortiManager.

796200

Extremely slow performance when fetching all the devices from DVM via JSON API.

796506

Upgrading HA cluster via FortiManager stays members into a restart loop.

797165

FortiManager has some unsupported commands for the fortitoken user definition.

804244

ADOMs created by XML API cannot be locked or unlocked.

805226

ADOM upgrade uses too much memory and this makes the upgrade process too slow.

Policy and Objects

Bug ID

Description

701750

The App Control set to Monitor in FortiManager causes the app to disappear from FortiGate.

705302

Remote VPN certificate installation failed and cert disappeared from FortiManager however on the FortiGate the certificate installed successfully.

706809

Policy Check export does not have the last hit count details anymore.

714375

There is not any warning messages when assigning already in used normalized interface.

721253

FortiManager may not import all the roles and address groups from ClearPass.

724154

Installation fails when Any has been set as incoming interface and VIP is being used on the IPV4 firewall policy.

725132

When modifying the IP address of the default VPN interface of a spoke in Device Manager, hub remote gateway should be modified to reflect that change.

725427

Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPSEC policy.

737424

Policy package import fails due to the 'Device mapping::"query failed."' error.

755891

Copy procedure fails without any proper and clear error messages.

758494

Searching members inside an address group does not work.

758680

Unable to complete the Cisco pxGrid fabric connector's configuration on FortiManager.

760918

Unable to change the action field for the default IPS profile and their clones.

767255

FortiManager fails to install the custom signature because it is too long.

773403

FortiManager may now differentiate between the ISDB objects "Predefined Internet Services" and "IP Reputation Database".

775128

Unable to create more than 20 SAML users in policy package object.

775806

In workspace mode, locking and unlocking ADOMs displays a blank page when classic dual pane is enabled.

777017

FortiManager purges the "arrp-profile" when installing the v6.2 policy packages to v6.4 FortiGates.

781118

6.4 version ADOM policy package failed to enable policy NAT from GUI.

791357

Installation failed when using custom-deep-inspection.

791797

Installation failed after upgrading ADOM from 6.2 to 6.4.

792980

Installation fails when trying to install SAML user configuration.

794731

The Policy package counter field does not display the number of modified policy packages.

796505

Modifying the "Sections" under the Policy&Objects leads to some unexpected changes/behavior.

796512

Wrong direction definition has been displayed for "Tor-Relay.Node" ISDB object.

797091

"Synchronize Firewall Addresses" under the FortiClient EMS Connector does not automatically create and synchronize addresses for all EMS tags.

798094

Re-assignment of tokens in FortiManager policy and objects, deletes and re-adds the firewall policies that are used those objects.

798958

Policy Consistency Check fails due to the firewall service's name.

799538

The export policy feature displays limited numbers of the group objects.

801876

Installation failed due to "Copy global shared objects" failure.

802072

Auto-asic-offload cannot be disabled for the first time in the policy.

802934

FortiManager's Policy Package diff displays policy objects change even though there is not any changes.

805211

Installation failed due to the wrong FortiSwitch VLAN type for the default NAC and nac_segment VLANs.

805783

After the 6.0 ADOM upgrade, installing the same v6.0 policy package got "unset webfilter-profile" in wanopt proxy policy.

805966

Verification fails due to the "resource-limits.proxy".

811450

Installation preparation step for installing the PP to the FortiGate takes very long time.

Revision History

Bug ID

Description

496870 Fabric SDN Connector is installed on FortiGate even if it is not in use.

691240

FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.

Script

Bug ID Description

766019

Failed to run the Post-Run CLI Template due to the "datasrc invalid" error.

793407 Installation fails if one of the BGP network prefix entry is a supernet.

800149

FortiManager reorders the <ID>s with ascending order for BGP and static settings.

Services

Bug ID

Description

752849

FortiManager doesn't have the proper version string of FortiGate's IPGeo information.

796345

FortiManager does not recognize the entitlement file for some FortiGates.

798979

FortiManager cannot download the latest IPS DB.

808121 FortiManager ignores add_no_service setting for the Unauthorized Devices.

System Settings

Bug ID

Description

728972

"fmDeviceEntSupportState" OID returns incorrect value for some devices.

732949

FortiManager displays wrong admin name under task monitor for firmware upgrade task.

752916

FortiManager should be able to set desired permissions for Extender Manager in administrator profile settings.

753690

SNMPv3 security option configuration has discrepancy between GUI and CLI.

784978

The Mode option is not always available for root ADOM in all GUI-based root ADOM properties editing methods.

787588

Webfiltering HTTPS 8888 is not working after FortiManager upgraded from 6.4.7 to 7.0.4.

795655

FortiManager loads the "Administrator" list under the System Setting very slowly.

799619

When Advanced ADOM Mode is enabled, FortiManager under the Device Inventory displays all devices from all VDOMs.

803200

FortiManager does not synchronize with NTP server.

807788

Not able to disable the trusted hosts from the GUI.

811633

Restricted Administrators using the API requests have full Read-Write access.

VPN Manager

Bug ID

Description

615890

IPSec VPN Authusergrp option "Inherit from Policy" is missing when setting xauthtype as auto server.

774040 keyboard-layout configuration in VPN SSL web portal predefined RDP bookmark generates incorrect commands.

791421

Bookmark setting under the SSLVPN portal has some missing screen/color configuration.

794168

Installation becomes very slow when FortiManager acts as CA server.

796104

FortiManager deletes and re-creates VPN routes with different ID's on every install.

Resolved Issues

The following issues have been fixed in 7.0.4. For inquires about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description

755815

"local-standalone" and "local-authentication" features are inconsistent with FortiOS/FortiGate.

810804

FortiManager does not support configuration for wireless-controller nac-profile.

Device Manager

Bug ID

Description

676415

SAML account with remote certificate not getting imported to FortiManager-Cloud.

704106

Certificate enrollment fails using SCEP on Microsoft server with sub-ca certificate chains.

736990

System Template cannot be assigned to a device as a member of a device group when the required meta-fields are used.

739746

When VDOM is enabled, FortiManager shows multiple firmware templates on Device Manager with different status.

753548

Error message peer must be set can be seen when configuring the IPSec Tunnel Templates.

764491

Unable to configure more than one IP addresses for "vrdst" under the "interface vrrp" setting.

767185

Unable to create route map rule using 'match-interface' when using the BGP Templates under the Provisioning Templates.

770699

Speedtest and speedtest-bypass-routing under SD-WAN templates configuration cannot be set on FortiManager.

773147

Installation fails due to the unexpected system interface config changes for "pvc" related settings.

775552

The view device revision under Revision History does not display the full and complete device's configuration.

777925

Several unregistered FortiGates consume FortiManager's resources thus FortiManager becomes very slow and unresponsive.

782752

FortiManager does not update its Fortigate's IP address in case the IP gets modified on the FortiGate.

791117

Unable to create simultaneous static routes with named address objects.

792553

Removing VLANs from zones and adding a new VLAN to the same zone deletes that Zone.

793021

Creating the interface type Software Switch throws an error when adding a VLAN interface as a member.

793495

It is not possible to select all objects filtered by the search under Device Manager.

793510

Special characters in Meta fields are displayed in HTML Numeric Code.

793941

Unable to install VPN psk with special characters through CLI template.

796842

Failed to reload the configuration due to the "datasrc invalid" error message.

796920

"OPEN" mode is missing from the System Template's WIFI SSID.

799259

Duplicate CSF groups for 7.0 FGTs (7.0.2+) due to syntax returning upstream-ip instead of upstream.

800773

FortiManager doesn't show the filter configuration for syslogd correctly.

803683

Installation filed due to the config wireless-controller SNMP settings.

804237

Unable to modify the firmware templates under the Device &  Groups.

Global ADOM

Bug ID

Description

743734 Cannot remove objects from Global Database.

768527

After upgrading the global ADOM, installation failed due to the custom ssl-ssh-profile config.

794206

Policy installation fails due to Global Object adding prefix g- in threat feed.

Others

Bug ID

Description

763635

Unable to upgrade an ADOM from 6.2 to 6.4.

766874

FortiManager holds the wrong value for AP limit of the FG-80F.

780548 "Push Update" does not work for pending device under the FortiGuard > License Status.

781530

FortiManager does not sent the proper response for SNMP request to the fmDeviceEntSupportState query.

784034

HA Configuration in Zero-touch provisioning (ZTP) does not synchronize to the secondary FortiGate.

785797

diag cdb upgrade force-retry del-invalid-ref never stops.

792296

ADOM upgrade fails due to the virtual wire pair policy.

794256

Unable to export update manager log files for the sftp fdssvrd.

794304

"Interface Bandwidth" widget is displayed in ADOM 6.2 in 6.4 FortiManager's version.

794633

FortiManager configured in closed network was unable to fetch the FGD DBs which was previously manually saved on another closed network FortiManager.

795111

Unable to add/modify a FPX 'Explicit Proxy' policy from a FortiProxy ADOM in FortiManager.

796200

Extremely slow performance when fetching all the devices from DVM via JSON API.

796506

Upgrading HA cluster via FortiManager stays members into a restart loop.

797165

FortiManager has some unsupported commands for the fortitoken user definition.

804244

ADOMs created by XML API cannot be locked or unlocked.

805226

ADOM upgrade uses too much memory and this makes the upgrade process too slow.

Policy and Objects

Bug ID

Description

701750

The App Control set to Monitor in FortiManager causes the app to disappear from FortiGate.

705302

Remote VPN certificate installation failed and cert disappeared from FortiManager however on the FortiGate the certificate installed successfully.

706809

Policy Check export does not have the last hit count details anymore.

714375

There is not any warning messages when assigning already in used normalized interface.

721253

FortiManager may not import all the roles and address groups from ClearPass.

724154

Installation fails when Any has been set as incoming interface and VIP is being used on the IPV4 firewall policy.

725132

When modifying the IP address of the default VPN interface of a spoke in Device Manager, hub remote gateway should be modified to reflect that change.

725427

Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPSEC policy.

737424

Policy package import fails due to the 'Device mapping::"query failed."' error.

755891

Copy procedure fails without any proper and clear error messages.

758494

Searching members inside an address group does not work.

758680

Unable to complete the Cisco pxGrid fabric connector's configuration on FortiManager.

760918

Unable to change the action field for the default IPS profile and their clones.

767255

FortiManager fails to install the custom signature because it is too long.

773403

FortiManager may now differentiate between the ISDB objects "Predefined Internet Services" and "IP Reputation Database".

775128

Unable to create more than 20 SAML users in policy package object.

775806

In workspace mode, locking and unlocking ADOMs displays a blank page when classic dual pane is enabled.

777017

FortiManager purges the "arrp-profile" when installing the v6.2 policy packages to v6.4 FortiGates.

781118

6.4 version ADOM policy package failed to enable policy NAT from GUI.

791357

Installation failed when using custom-deep-inspection.

791797

Installation failed after upgrading ADOM from 6.2 to 6.4.

792980

Installation fails when trying to install SAML user configuration.

794731

The Policy package counter field does not display the number of modified policy packages.

796505

Modifying the "Sections" under the Policy&Objects leads to some unexpected changes/behavior.

796512

Wrong direction definition has been displayed for "Tor-Relay.Node" ISDB object.

797091

"Synchronize Firewall Addresses" under the FortiClient EMS Connector does not automatically create and synchronize addresses for all EMS tags.

798094

Re-assignment of tokens in FortiManager policy and objects, deletes and re-adds the firewall policies that are used those objects.

798958

Policy Consistency Check fails due to the firewall service's name.

799538

The export policy feature displays limited numbers of the group objects.

801876

Installation failed due to "Copy global shared objects" failure.

802072

Auto-asic-offload cannot be disabled for the first time in the policy.

802934

FortiManager's Policy Package diff displays policy objects change even though there is not any changes.

805211

Installation failed due to the wrong FortiSwitch VLAN type for the default NAC and nac_segment VLANs.

805783

After the 6.0 ADOM upgrade, installing the same v6.0 policy package got "unset webfilter-profile" in wanopt proxy policy.

805966

Verification fails due to the "resource-limits.proxy".

811450

Installation preparation step for installing the PP to the FortiGate takes very long time.

Revision History

Bug ID

Description

496870 Fabric SDN Connector is installed on FortiGate even if it is not in use.

691240

FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.

Script

Bug ID Description

766019

Failed to run the Post-Run CLI Template due to the "datasrc invalid" error.

793407 Installation fails if one of the BGP network prefix entry is a supernet.

800149

FortiManager reorders the <ID>s with ascending order for BGP and static settings.

Services

Bug ID

Description

752849

FortiManager doesn't have the proper version string of FortiGate's IPGeo information.

796345

FortiManager does not recognize the entitlement file for some FortiGates.

798979

FortiManager cannot download the latest IPS DB.

808121 FortiManager ignores add_no_service setting for the Unauthorized Devices.

System Settings

Bug ID

Description

728972

"fmDeviceEntSupportState" OID returns incorrect value for some devices.

732949

FortiManager displays wrong admin name under task monitor for firmware upgrade task.

752916

FortiManager should be able to set desired permissions for Extender Manager in administrator profile settings.

753690

SNMPv3 security option configuration has discrepancy between GUI and CLI.

784978

The Mode option is not always available for root ADOM in all GUI-based root ADOM properties editing methods.

787588

Webfiltering HTTPS 8888 is not working after FortiManager upgraded from 6.4.7 to 7.0.4.

795655

FortiManager loads the "Administrator" list under the System Setting very slowly.

799619

When Advanced ADOM Mode is enabled, FortiManager under the Device Inventory displays all devices from all VDOMs.

803200

FortiManager does not synchronize with NTP server.

807788

Not able to disable the trusted hosts from the GUI.

811633

Restricted Administrators using the API requests have full Read-Write access.

VPN Manager

Bug ID

Description

615890

IPSec VPN Authusergrp option "Inherit from Policy" is missing when setting xauthtype as auto server.

774040 keyboard-layout configuration in VPN SSL web portal predefined RDP bookmark generates incorrect commands.

791421

Bookmark setting under the SSLVPN portal has some missing screen/color configuration.

794168

Installation becomes very slow when FortiManager acts as CA server.

796104

FortiManager deletes and re-creates VPN routes with different ID's on every install.