Fortinet black logo

Known Issues

Known Issues

The following issues have been identified in 7.0.6. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

822525 FortiManager does not take the per device mapping authentication config for SSID under the Wifi Profiles.
824032 Some of the FAPs Radio configuration settings under the AP's profile are missing.

Device Manager

Bug ID Description
752443 Vertical scroll bar is missing in SD-WAN configuration.
789249 FortiManager does not have Logging Options after enabling One-Arm Sniffer under Interface.
789544 Status of the "Firmware Template" has been changed to "Unknown" after upgrade.
794764 FortiGate Modem Interface is not visible under Device Manager.
800191 During the ZTP deployment, "set hostname" command does not push to FortiGate.
801547 When removing an entry in the static route template, static route entries are shifted and the installation fails.
807771 FortiManager unsets the gateway settings in SDWAN template after upgrading ADOM from v6.4 to v7.0.
810936 After Upgrade, managed FortiAnalyzer on FortiManager does not display the Traffic logs under the Log View for HA devices.
815901 The router static entries created by IPSEC template are deleted and re-created after upgrade.
817346 Editing interface with normalized interface mapping displays some unnecessary messages for mapping change.
818905 FortiManager unsets the certificate for "endpoint-control fctems" setting during the installation.
828897 SD-WAN Monitor map doesn't load all devices.
829404 SD-WAN Widget does not display any data for "Bandwidth Overview" and "Traffic Growth" under the Managed Devices' dashboard.
835106 FortiManager cannot sync its devices with FortiAnalyzer when adding it to the Device Manager; it displays the error message "Serial number already in use".
837213

Browser may crash when clicking "view diff" to compare with current device config. This might happen due to the network slowness.

Workaround: Use "show diff only" from Revision History instead of checking it form "Out of Sync" devices list."

839334 FortiManager does not allow empty value for "Interface Preference" as SD-WAN Rules under the SD-WAN Templates.

850471

FortiManager is attempting to modify replacement messages after upgrade, which leads to installation failure.

853810 Failed to edit the managed devices to modify the location.
855032 FortiManager displays the total devices/VDOMs count incorrectly when split VDOM enabled on FortiGates.

859638

860071

FortiManager's SD-WAN monitor does not display the Health Check status correctly.
861220 Leaving the SD-WAN member empty when configuring the SD-WAN using the template fails due to the syntax differences between FortiGate and FortiManager.
861238 SD-WAN Monitor, under Device Manager's Monitors, displays an Unknown status (a grey question mark) icon for HA devices under the Map View.

866243

The SD-WAN Monitor info for specific devices are not consistent with the map view SD-WAN interface status (based on performance SLA).

866247 Unable to change the static route "Description" section in the Device Manager without editing the static route.

870848

SD-WAN Monitor under Device Manager's Monitors tab does not display any FortiGate devices which are running in 6.2 version.

872865

FortiManager attempts to set a default value like "system cluster-sync" on FortiGate, and this causes installation failure.

874831 FortiManager attempts to install unknown and undesired static route when modifying or adding some new static routes.

FortiSwitch Manager

Bug ID Description
818842 FortiManager displays "Failed loading data" for "Security Policy", "LLDP Profile", and "QoS Policy" features when editing ports in Per-device mode FortiSwitch Management.
868949 Installation fails as FortiSwitch Manager creates an alias name longer than the total limit 25 characters.

872802

FortiManager automatically sets "default" as dnsfilter-profile under dns-server for fortilink interface.

Global ADOM

Bug ID Description

826522

Unable to remove global object from Global Database in workspace mode.

Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs.

868212

Assigning global policies to ADOMs by admins with access to specific ADOMs fails.

870944

Global Policy Assignment displays the following error (Double global assignment exists).

Others

Bug ID Description

713714

The schedule for firmware upgrade for FortiGates does not work if the upgrade request is issued from the CLI; instead, firmware upgrade starts immediately.

Workaround: Use firmware upgrade templates in the GUI.

745958 Unable to config ipsec tunnel using the ipsec tunnel template.
777028 FortiManager does not support the FortiCarrier-7121F.
777831 When FortiAnalyzer is added as a managed device to FortiManager, the "Incident & Event" tile will be displayed instead of the "FortiSoC" tile.
814425 Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.
816936 FortiManager does not support the FGT/FGC 7KE/7KF syntax.
820921 FortiManager displays incorrect device firmware versions for FortiSandbox and FortiMail.
822263 Service Status under FortiGuard does not display the secondary Service status of the FortiGate's cluster correctly.
832351 FortiManager does not allow users to enter to the root ADOM; it displays the "ADOM license was expired..." message.
839586 FortiManager does not save applying the configuration of "Enable AntiVirus and IPS service for FortiDeceptor" under FortiGuard settings pane.
850377 In Workflow Mode, when new session is created, the Policies disappear.
857659 FortiManager did not download the "AI Malware Engine" Package from FortiGuard Server.
865200 Users encountered unsatisfactory performance of FortiManager due to several crashes on the "Application fmgd" process.

870893

Unable to install pp to FortiGates after FortiManager's DB got restored.

871608 Unable to retrieve routing information from FortiGate via FortiManager when there is a large routing table.
874369 Upgrading FortiManager fails due to some invalid data for managed FortiExtender's Objects.
876425 FortiManager does not display the output of the "execute dmserver showconfig".
891869 FortiManager wrongly recommends lower version for upgrade the FortiGates.

919088

GUI may not work properly in Google Chrome and Microsoft Edge version 114.

Policy & Objects

Bug ID Description
585177 FortiManager is unable to create VIPv6 virtual server objects.
698838 "Download Conflict File" does not display all of the firewall objects conflicts when importing policy packages from FortiGate to FortiManager.
738988 FortiManager does not detect the settings related to Web Cache Communication Protocol (WCCP) in SSLVPN Policies on the FortiGate.
741269 Unable to install configuration to FortiGates due to the error message "Resource temporarily unavailable".
751443

FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface. Please ensure a fresh FortiManager backup is created prior to any changes.

752993 VPN IPSEC installation fails as phase1 settings on FortiManager are not consistent with the ones on FortiOS.
774058 Rule list order may not be saved under File Filter Profile.
793240

FortiManager fails to retrieve FortiGate's configuration when external-resource objects include a "g-" prefix.

There are two workarounds; use the approach that works best for your environment. If it is possible, create a new backup of your FMG and FGT(s) before making any changes:

First workaround approach:

  1. Re-create all threat feeds locally in VDOM configuration and update policies and security profiles that reference them to the local threat feed vs. the global feed.

  2. Delete the global threat feed objects.

Second workaround approach:

  1. Perform policy reinstallation. FMG adds original threat feed objects within the VDOM configuration without the 'g' prefix.

  2. FMG reports 'install OK/verify FAIL' at the end of the policy installation.

  3. Run scripts to delete the global threat feed objects (objects with the 'g' prefix) from the FGT.

  4. Retrieve the FGT configuration from FMG.

  5. Perform another policy installation to update the configuration synchronization status between the FGT and FMG. No commands are pushed during this stage according to the install wizard.

795449 Unable to "Download Conflict File" to review the conflicts of firewall objects during import process.
803460 "User Definitions" entries under the "User & Authentication" cannot be removed from FortiManager.
810073 Fail to import the firewall policy due to the "interface mapping undefined" error message.
814364 FortiManager does not support the FCT EMS prefix; therefore, policies with ZTNA Tags cannot be installed properly to the FortiGates.
817220 FortiManager does not support the "userPrincipalName" as the common Name Identifier for LDAP Server configuration.
819847 FortiManager displays a false warning message "Duplicate Objects With Same Values" when creating the Firewall Objects' Service entries under the Policy & Objects.
824652 Under the "Advanced Options" for firewall policy, "session-ttl" feature cannot be set to "never".
827416

FortiManager does not display any copy failure errors when utilized objects do not have any default values or per-device mapping.

834806 Installation fails due to extra back slashes when installing the custom IPS signatures to the FortiGates.
835087 Policies cannot be edited as FortiManager displays a warning message, "Please select a SSL/SSH Inspection profile" in ADOM 6.2.
845022 SDN Connector failed to import objects from VMWare VSphere.
846634 GUI does not allow to edit the custom Application and Filter Overrides
847932 Hit count for a policy package does not always match the total count of all installation targets.
848666 "Install Device" task stuck without any progress when installing the templates and firewall policies to the FortiGates.
858183 After firmware's upgrade, virtual wire pair interfaces are missing in virtual wire pair interface policy.
859217 Rearranging the Destination NAT (DNAT) objects whose names contain special characters displays an error message "object does not exist".

862014

880359

FortiManager is purging 'replacement message group custom' configuration after install verification fails.
862727 Policy Package installation failed due to the error "native vlan must be set" message.
862839 Cloning the Policy Packages on FortiManager creates the duplicate UUIDs.
863882 'Last Modified Time' field is empty when exporting Policy Packages to Excel.
867809 During installation, FortiManager unsets status for the proxy policies.
870688 Editing the "Install On" changes the Policy status to "Modified" for all FortiGates existing on that rule.
875547 Policy & Package cannot be imported if the type of firewall address in FortiGate is "interface-subnet" and subnet's value is different with its value on FortiManager.
881857 Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used.
882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".

886911

FortiManager is attempting to modify replacement messages after upgrade, and this leads to installation failure.

889563

FortiManager, for ADOM version 6.4, does not support Creating, Importing, or Inserting Above and Below actions for a deny policy with a "Log Violation Traffic" disabled.

Workarounds:

  • To Insert, use copy & paste instead of the using Insert Above/Below.

  • To Create, either run script to create log disabled deny policy or enable log traffic first, and then edit the policy in order to disable and save it.

891106

ZTNA Tags cannot be downloaded by EMS Cloud connector.

Revision History

Bug ID

Description

801614 FortiManager might display an error message "Failed to create a new revision." for some FortiGates, when retrieving their configurations.

System Settings

Bug ID Description
753204 Admins of a specific ADOM are able to see tasks of others ADOMs.
825319 FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary.
850469 Radius group attribute filter does not work with Microsoft NFS.
851029 FortiManager's HA cluster breaks after upgrading the FortiManager.
853353 SDWAN Monitor Map does not show up when admin profile has been set to "None" for System Settings.
862814 Event logs did not log FortiManager admins and their actions on managed devices.
864041 SNMPv3 stopped working after upgrading the FortiManager.
864420 The presence of the default system admin information in the "sysconfdef" directory files may pose a potential security risk. Hence, it is advised to remove this potential security concern from these def files.
864931 Unable to login into FortiManager using TACACS and Radius credentials.
868706 SSO admin users do not have the same permissions as local users with the same assigned profiles.
873078 FortiManager HA cannot be configured as the initial sync never completes.

VPN Manager

Bug ID Description
762401 FortiManager is unable to preserve the Specify custom IP ranges option for SSL VPN Address range setting.
784385

If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.

Workaround:

It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to this workaround. Perform the following command to check & repair the FortiManager's configuration database:

diagnose cdb check policy-packages <adom>

After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.

Known Issues

The following issues have been identified in 7.0.6. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description

822525 FortiManager does not take the per device mapping authentication config for SSID under the Wifi Profiles.
824032 Some of the FAPs Radio configuration settings under the AP's profile are missing.

Device Manager

Bug ID Description
752443 Vertical scroll bar is missing in SD-WAN configuration.
789249 FortiManager does not have Logging Options after enabling One-Arm Sniffer under Interface.
789544 Status of the "Firmware Template" has been changed to "Unknown" after upgrade.
794764 FortiGate Modem Interface is not visible under Device Manager.
800191 During the ZTP deployment, "set hostname" command does not push to FortiGate.
801547 When removing an entry in the static route template, static route entries are shifted and the installation fails.
807771 FortiManager unsets the gateway settings in SDWAN template after upgrading ADOM from v6.4 to v7.0.
810936 After Upgrade, managed FortiAnalyzer on FortiManager does not display the Traffic logs under the Log View for HA devices.
815901 The router static entries created by IPSEC template are deleted and re-created after upgrade.
817346 Editing interface with normalized interface mapping displays some unnecessary messages for mapping change.
818905 FortiManager unsets the certificate for "endpoint-control fctems" setting during the installation.
828897 SD-WAN Monitor map doesn't load all devices.
829404 SD-WAN Widget does not display any data for "Bandwidth Overview" and "Traffic Growth" under the Managed Devices' dashboard.
835106 FortiManager cannot sync its devices with FortiAnalyzer when adding it to the Device Manager; it displays the error message "Serial number already in use".
837213

Browser may crash when clicking "view diff" to compare with current device config. This might happen due to the network slowness.

Workaround: Use "show diff only" from Revision History instead of checking it form "Out of Sync" devices list."

839334 FortiManager does not allow empty value for "Interface Preference" as SD-WAN Rules under the SD-WAN Templates.

850471

FortiManager is attempting to modify replacement messages after upgrade, which leads to installation failure.

853810 Failed to edit the managed devices to modify the location.
855032 FortiManager displays the total devices/VDOMs count incorrectly when split VDOM enabled on FortiGates.

859638

860071

FortiManager's SD-WAN monitor does not display the Health Check status correctly.
861220 Leaving the SD-WAN member empty when configuring the SD-WAN using the template fails due to the syntax differences between FortiGate and FortiManager.
861238 SD-WAN Monitor, under Device Manager's Monitors, displays an Unknown status (a grey question mark) icon for HA devices under the Map View.

866243

The SD-WAN Monitor info for specific devices are not consistent with the map view SD-WAN interface status (based on performance SLA).

866247 Unable to change the static route "Description" section in the Device Manager without editing the static route.

870848

SD-WAN Monitor under Device Manager's Monitors tab does not display any FortiGate devices which are running in 6.2 version.

872865

FortiManager attempts to set a default value like "system cluster-sync" on FortiGate, and this causes installation failure.

874831 FortiManager attempts to install unknown and undesired static route when modifying or adding some new static routes.

FortiSwitch Manager

Bug ID Description
818842 FortiManager displays "Failed loading data" for "Security Policy", "LLDP Profile", and "QoS Policy" features when editing ports in Per-device mode FortiSwitch Management.
868949 Installation fails as FortiSwitch Manager creates an alias name longer than the total limit 25 characters.

872802

FortiManager automatically sets "default" as dnsfilter-profile under dns-server for fortilink interface.

Global ADOM

Bug ID Description

826522

Unable to remove global object from Global Database in workspace mode.

Workaround: Unlock & lock the Global ADOM prior to deleting the Global Object and assigning changes to local ADOMs.

868212

Assigning global policies to ADOMs by admins with access to specific ADOMs fails.

870944

Global Policy Assignment displays the following error (Double global assignment exists).

Others

Bug ID Description

713714

The schedule for firmware upgrade for FortiGates does not work if the upgrade request is issued from the CLI; instead, firmware upgrade starts immediately.

Workaround: Use firmware upgrade templates in the GUI.

745958 Unable to config ipsec tunnel using the ipsec tunnel template.
777028 FortiManager does not support the FortiCarrier-7121F.
777831 When FortiAnalyzer is added as a managed device to FortiManager, the "Incident & Event" tile will be displayed instead of the "FortiSoC" tile.
814425 Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly.
816936 FortiManager does not support the FGT/FGC 7KE/7KF syntax.
820921 FortiManager displays incorrect device firmware versions for FortiSandbox and FortiMail.
822263 Service Status under FortiGuard does not display the secondary Service status of the FortiGate's cluster correctly.
832351 FortiManager does not allow users to enter to the root ADOM; it displays the "ADOM license was expired..." message.
839586 FortiManager does not save applying the configuration of "Enable AntiVirus and IPS service for FortiDeceptor" under FortiGuard settings pane.
850377 In Workflow Mode, when new session is created, the Policies disappear.
857659 FortiManager did not download the "AI Malware Engine" Package from FortiGuard Server.
865200 Users encountered unsatisfactory performance of FortiManager due to several crashes on the "Application fmgd" process.

870893

Unable to install pp to FortiGates after FortiManager's DB got restored.

871608 Unable to retrieve routing information from FortiGate via FortiManager when there is a large routing table.
874369 Upgrading FortiManager fails due to some invalid data for managed FortiExtender's Objects.
876425 FortiManager does not display the output of the "execute dmserver showconfig".
891869 FortiManager wrongly recommends lower version for upgrade the FortiGates.

919088

GUI may not work properly in Google Chrome and Microsoft Edge version 114.

Policy & Objects

Bug ID Description
585177 FortiManager is unable to create VIPv6 virtual server objects.
698838 "Download Conflict File" does not display all of the firewall objects conflicts when importing policy packages from FortiGate to FortiManager.
738988 FortiManager does not detect the settings related to Web Cache Communication Protocol (WCCP) in SSLVPN Policies on the FortiGate.
741269 Unable to install configuration to FortiGates due to the error message "Resource temporarily unavailable".
751443

FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface. Please ensure a fresh FortiManager backup is created prior to any changes.

752993 VPN IPSEC installation fails as phase1 settings on FortiManager are not consistent with the ones on FortiOS.
774058 Rule list order may not be saved under File Filter Profile.
793240

FortiManager fails to retrieve FortiGate's configuration when external-resource objects include a "g-" prefix.

There are two workarounds; use the approach that works best for your environment. If it is possible, create a new backup of your FMG and FGT(s) before making any changes:

First workaround approach:

  1. Re-create all threat feeds locally in VDOM configuration and update policies and security profiles that reference them to the local threat feed vs. the global feed.

  2. Delete the global threat feed objects.

Second workaround approach:

  1. Perform policy reinstallation. FMG adds original threat feed objects within the VDOM configuration without the 'g' prefix.

  2. FMG reports 'install OK/verify FAIL' at the end of the policy installation.

  3. Run scripts to delete the global threat feed objects (objects with the 'g' prefix) from the FGT.

  4. Retrieve the FGT configuration from FMG.

  5. Perform another policy installation to update the configuration synchronization status between the FGT and FMG. No commands are pushed during this stage according to the install wizard.

795449 Unable to "Download Conflict File" to review the conflicts of firewall objects during import process.
803460 "User Definitions" entries under the "User & Authentication" cannot be removed from FortiManager.
810073 Fail to import the firewall policy due to the "interface mapping undefined" error message.
814364 FortiManager does not support the FCT EMS prefix; therefore, policies with ZTNA Tags cannot be installed properly to the FortiGates.
817220 FortiManager does not support the "userPrincipalName" as the common Name Identifier for LDAP Server configuration.
819847 FortiManager displays a false warning message "Duplicate Objects With Same Values" when creating the Firewall Objects' Service entries under the Policy & Objects.
824652 Under the "Advanced Options" for firewall policy, "session-ttl" feature cannot be set to "never".
827416

FortiManager does not display any copy failure errors when utilized objects do not have any default values or per-device mapping.

834806 Installation fails due to extra back slashes when installing the custom IPS signatures to the FortiGates.
835087 Policies cannot be edited as FortiManager displays a warning message, "Please select a SSL/SSH Inspection profile" in ADOM 6.2.
845022 SDN Connector failed to import objects from VMWare VSphere.
846634 GUI does not allow to edit the custom Application and Filter Overrides
847932 Hit count for a policy package does not always match the total count of all installation targets.
848666 "Install Device" task stuck without any progress when installing the templates and firewall policies to the FortiGates.
858183 After firmware's upgrade, virtual wire pair interfaces are missing in virtual wire pair interface policy.
859217 Rearranging the Destination NAT (DNAT) objects whose names contain special characters displays an error message "object does not exist".

862014

880359

FortiManager is purging 'replacement message group custom' configuration after install verification fails.
862727 Policy Package installation failed due to the error "native vlan must be set" message.
862839 Cloning the Policy Packages on FortiManager creates the duplicate UUIDs.
863882 'Last Modified Time' field is empty when exporting Policy Packages to Excel.
867809 During installation, FortiManager unsets status for the proxy policies.
870688 Editing the "Install On" changes the Policy status to "Modified" for all FortiGates existing on that rule.
875547 Policy & Package cannot be imported if the type of firewall address in FortiGate is "interface-subnet" and subnet's value is different with its value on FortiManager.
881857 Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used.
882996 Unable to install to FortiGates when using null values for "local-gw6" and "remote-gw6".

886911

FortiManager is attempting to modify replacement messages after upgrade, and this leads to installation failure.

889563

FortiManager, for ADOM version 6.4, does not support Creating, Importing, or Inserting Above and Below actions for a deny policy with a "Log Violation Traffic" disabled.

Workarounds:

  • To Insert, use copy & paste instead of the using Insert Above/Below.

  • To Create, either run script to create log disabled deny policy or enable log traffic first, and then edit the policy in order to disable and save it.

891106

ZTNA Tags cannot be downloaded by EMS Cloud connector.

Revision History

Bug ID

Description

801614 FortiManager might display an error message "Failed to create a new revision." for some FortiGates, when retrieving their configurations.

System Settings

Bug ID Description
753204 Admins of a specific ADOM are able to see tasks of others ADOMs.
825319 FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary.
850469 Radius group attribute filter does not work with Microsoft NFS.
851029 FortiManager's HA cluster breaks after upgrading the FortiManager.
853353 SDWAN Monitor Map does not show up when admin profile has been set to "None" for System Settings.
862814 Event logs did not log FortiManager admins and their actions on managed devices.
864041 SNMPv3 stopped working after upgrading the FortiManager.
864420 The presence of the default system admin information in the "sysconfdef" directory files may pose a potential security risk. Hence, it is advised to remove this potential security concern from these def files.
864931 Unable to login into FortiManager using TACACS and Radius credentials.
868706 SSO admin users do not have the same permissions as local users with the same assigned profiles.
873078 FortiManager HA cannot be configured as the initial sync never completes.

VPN Manager

Bug ID Description
762401 FortiManager is unable to preserve the Specify custom IP ranges option for SSL VPN Address range setting.
784385

If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.

Workaround:

It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to this workaround. Perform the following command to check & repair the FortiManager's configuration database:

diagnose cdb check policy-packages <adom>

After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.