Fortinet black logo

Release Notes

Home FortiManager 7.0.8 Release Notes
7.0.8
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3

Known Issues

Known Issues

The following issues have been identified in 7.0.8. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description
889811 Under WIFI and switch controller for Managed FortiAPs, there is not any LLDP info found.
892773 Assigning AP Profile returns invalid value.

Device Manager

Bug ID Description
752443 Vertical scroll bar is missing in SD-WAN configuration.
768289 There is a discrepancy in the usage of quotation marks ("") when configuring DHCP relay from FortiManager or retrieving it from FortiGate.
887903 System template interface table gets purged when trying to create VLAN type with name length greater than 15.

895001

The "gui-ztna" configuration is displayed as enabled on the FortiManager even though this setting is disabled on the FortiGate.
896127 When attempting to create a VLAN type with a name longer than 15 characters, FortiManager displays an error message.
899350 Promote button is missing for FortiGate-80F Clusters.
899541 An error message, 'upgrade image failed', is shown even though the upgrade has been completed successfully.
910391 When FortiManager operates in a non-default workspace mode, it may attempt to purge the configuration of the FortiGate devices due to database corruption.
925546 Assigned Devices on Provisioning Template/CLI Template shows incorrect VDOM.

FortiSwitch Manager

Bug ID Description
881766 Event logs or task manager do not show which user authorized a Fortiswitch .

Others

Bug ID Description

777831

When FortiAnalyzer is added as a managed device to FortiManager, "Incident & Event" Tile will be displayed instead of the "FortiSoC".
895081 Some FortiGates were unable to be upgraded from FortiManager due to firmware ID discrepancies between FortiManager and FortiGuard.
910175 When provisioning the FortiExtender via CLI template, FortiManager displays the "mismatch interface" error message.
914027 FortiManager does not display/use the latest ISDB version for all of its ADOMs.
916254 Some FortiGates were unable to be upgraded from FortiManager due to firmware ID discrepancies between FortiManager and FortiGuard.
916463 The approval emails are not being sent to the "Email Notification" admins when a new session is created and submitted for approval.

Policy & Objects

Bug ID Description
751443

FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface. Please ensure a fresh FortiManager backup is created prior to any changes.
793240

FortiManager fails to retrieve FortiGate's configuration when external-resource objects include a "g-" prefix.

There are two workarounds; use the approach that works best for your environment. If it is possible, create a new backup of your FMG and FGT(s) before making any changes:

First workaround approach:

  1. Re-create all threat feeds locally in VDOM configuration and update policies and security profiles that reference them to the local threat feed vs. the global feed.

  2. Delete the global threat feed objects.

Second workaround approach:

  1. Perform policy reinstallation. FMG adds original threat feed objects within the VDOM configuration without the 'g' prefix.

  2. FMG reports 'install OK/verify FAIL' at the end of the policy installation.

  3. Run scripts to delete the global threat feed objects (objects with the 'g' prefix) from the FGT.

  4. Retrieve the FGT configuration from FMG.

  5. Perform another policy installation to update the configuration synchronization status between the FGT and FMG. No commands are pushed during this stage according to the install wizard.
845022 SDN Connector failed to import objects from VMware VSphere.

851331

Cloning Firewall Addresses under the Firewall Objects does not clone the "Add To Groups" entries.
855073 The "where used" feature does not function properly.
863819 Unable to delete unused objects.
883064 If any admin makes changes to the "Object Selection Pane", whether setting it to "Dock to Right", "Dock to Bottom" or "Classic Dual Pane", it will affect all other admin's GUI preferences.
896461 FortiManager disables ip6-send-adv after opening and closing interface configuration.
898883 Exported firewall policies do not contain firewall address values IP, netmask and other details.
902298 FortiManager does not generate error messages when invalid or obsolete application IDs are used in the policy. Instead, it allows installation and sets the category to 'pass' or 'monitor'.
911632 When retrieving the configuration from the FortiGate, the FortiManager shows the new cert; however, those cannot be assigned to the FCT EMS connector.
912114 FortiManager is unable to import OpenStack SDN connector and the following error message is displayed: "send_sdn_connector_openstack_cmd: Failed to get openstack token".
920983 The policy blocks using a group object do not get updated when the objects within the group are modified.
922648 FortiManager unable to push WiFi SSID to FortiGates.
924680 Policy packages containing geo-based ISDB objects may not be successfully installed to the FortiGates.
925076 FortiManager tries to install different preconnection-id under VPN SSL WEB Portal > Profile > Bookmark-Group > Gui-Bookmark > Book.

Revision History

Bug ID

Description

904710

Restoring a revision of a policy removes the information of all the SD-WAN rules.

Script

Bug ID

Description
913360 Device script is trying to add additional configuration; therefore, installation gets failed.

System Settings

Bug ID Description
825319 FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary.
853429 Creating FortiManager's configuration backup via scp cannot be done.

861997

Unable to delete a particular non-default empty ADOM.

VPN Manager

Bug ID Description

513317

FortiManager may fail to install policy after FortiGate failover on Azure.
784385

If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.

Workaround: It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to the workaround. Perform the following command to check & repair the FortiManager's configuration database.

diagnose cdb check policy-packages <adom>

After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.

847479

Despite being configured for 'SHA-256,' FortiManager is installing 'SHA-1' certificates on FortiGates.
Previous
Next

Known Issues

The following issues have been identified in 7.0.8. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description
889811 Under WIFI and switch controller for Managed FortiAPs, there is not any LLDP info found.
892773 Assigning AP Profile returns invalid value.

Device Manager

Bug ID Description
752443 Vertical scroll bar is missing in SD-WAN configuration.
768289 There is a discrepancy in the usage of quotation marks ("") when configuring DHCP relay from FortiManager or retrieving it from FortiGate.
887903 System template interface table gets purged when trying to create VLAN type with name length greater than 15.

895001

The "gui-ztna" configuration is displayed as enabled on the FortiManager even though this setting is disabled on the FortiGate.
896127 When attempting to create a VLAN type with a name longer than 15 characters, FortiManager displays an error message.
899350 Promote button is missing for FortiGate-80F Clusters.
899541 An error message, 'upgrade image failed', is shown even though the upgrade has been completed successfully.
910391 When FortiManager operates in a non-default workspace mode, it may attempt to purge the configuration of the FortiGate devices due to database corruption.
925546 Assigned Devices on Provisioning Template/CLI Template shows incorrect VDOM.

FortiSwitch Manager

Bug ID Description
881766 Event logs or task manager do not show which user authorized a Fortiswitch .

Others

Bug ID Description

777831

When FortiAnalyzer is added as a managed device to FortiManager, "Incident & Event" Tile will be displayed instead of the "FortiSoC".
895081 Some FortiGates were unable to be upgraded from FortiManager due to firmware ID discrepancies between FortiManager and FortiGuard.
910175 When provisioning the FortiExtender via CLI template, FortiManager displays the "mismatch interface" error message.
914027 FortiManager does not display/use the latest ISDB version for all of its ADOMs.
916254 Some FortiGates were unable to be upgraded from FortiManager due to firmware ID discrepancies between FortiManager and FortiGuard.
916463 The approval emails are not being sent to the "Email Notification" admins when a new session is created and submitted for approval.

Policy & Objects

Bug ID Description
751443

FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

Workaround: Instead of unassigning IPSec template, modify IPSec template, replace the reference to IPSec tunnel interface with another interface. Please ensure a fresh FortiManager backup is created prior to any changes.
793240

FortiManager fails to retrieve FortiGate's configuration when external-resource objects include a "g-" prefix.

There are two workarounds; use the approach that works best for your environment. If it is possible, create a new backup of your FMG and FGT(s) before making any changes:

First workaround approach:

  1. Re-create all threat feeds locally in VDOM configuration and update policies and security profiles that reference them to the local threat feed vs. the global feed.

  2. Delete the global threat feed objects.

Second workaround approach:

  1. Perform policy reinstallation. FMG adds original threat feed objects within the VDOM configuration without the 'g' prefix.

  2. FMG reports 'install OK/verify FAIL' at the end of the policy installation.

  3. Run scripts to delete the global threat feed objects (objects with the 'g' prefix) from the FGT.

  4. Retrieve the FGT configuration from FMG.

  5. Perform another policy installation to update the configuration synchronization status between the FGT and FMG. No commands are pushed during this stage according to the install wizard.
845022 SDN Connector failed to import objects from VMware VSphere.

851331

Cloning Firewall Addresses under the Firewall Objects does not clone the "Add To Groups" entries.
855073 The "where used" feature does not function properly.
863819 Unable to delete unused objects.
883064 If any admin makes changes to the "Object Selection Pane", whether setting it to "Dock to Right", "Dock to Bottom" or "Classic Dual Pane", it will affect all other admin's GUI preferences.
896461 FortiManager disables ip6-send-adv after opening and closing interface configuration.
898883 Exported firewall policies do not contain firewall address values IP, netmask and other details.
902298 FortiManager does not generate error messages when invalid or obsolete application IDs are used in the policy. Instead, it allows installation and sets the category to 'pass' or 'monitor'.
911632 When retrieving the configuration from the FortiGate, the FortiManager shows the new cert; however, those cannot be assigned to the FCT EMS connector.
912114 FortiManager is unable to import OpenStack SDN connector and the following error message is displayed: "send_sdn_connector_openstack_cmd: Failed to get openstack token".
920983 The policy blocks using a group object do not get updated when the objects within the group are modified.
922648 FortiManager unable to push WiFi SSID to FortiGates.
924680 Policy packages containing geo-based ISDB objects may not be successfully installed to the FortiGates.
925076 FortiManager tries to install different preconnection-id under VPN SSL WEB Portal > Profile > Bookmark-Group > Gui-Bookmark > Book.

Revision History

Bug ID

Description

904710

Restoring a revision of a policy removes the information of all the SD-WAN rules.

Script

Bug ID

Description
913360 Device script is trying to add additional configuration; therefore, installation gets failed.

System Settings

Bug ID Description
825319 FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary.
853429 Creating FortiManager's configuration backup via scp cannot be done.

861997

Unable to delete a particular non-default empty ADOM.

VPN Manager

Bug ID Description

513317

FortiManager may fail to install policy after FortiGate failover on Azure.
784385

If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.

Workaround: It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to the workaround. Perform the following command to check & repair the FortiManager's configuration database.

diagnose cdb check policy-packages <adom>

After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.

847479

Despite being configured for 'SHA-256,' FortiManager is installing 'SHA-1' certificates on FortiGates.
Previous
Next