Fortinet black logo

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved Issues

The following issues have been fixed in 7.2.1. To inquire about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description

697444

SSID with MPSK may not pass verification during an install.

755815

The local-standalone and local-authentication features are inconsistent with FOS/FGT.

767774

The power-level and power-value installation failed as FortiManager attempts to change power-level and power-value under the wireless-controller settings at the same time.

794836

Protected Management Frames (PMF) feature always gets disabled when security mode is set to WPA2 (Enterprise or Personal).

810804

FortiManager does not support configuration for wireless-controller nac-profile.

Device Manager

Bug ID Description

587404

FortiManager sets incorrect captive-portal-port value when installing version 6.0 policy package to version 6.2 devices.

676415 SAML account with remote certificate not imported to FortiManager Cloud.
704106 Certificate Enrollment fails using SCEP on Microsoft server with sub-ca certificate chains.

721242

FMG displays error record internal is reserved when creating a software switch named internal.

739746 When VDOM is enabled, FortiManager shows multiple firmware templates on Device Manager with different statuses.

743112

Interface Bandwidth widget on FortiManager under Device Manager does not display any data for FGTs.

746697

Cannot delete the phase2-interface within the IPSEC template.

753548 Error message peer must be set is displayed when configuring IPSec Tunnel Templates.
757045 Installation failed with invalid ip address error when configuring multiple IP addresses for system dns-database's forwarder as the meta field.

759264

Applied system template does not apply properly on Install Wizard mode after modifying config on device level.

763234

Installation failed due to the syntax difference between FGT and FMG in setting log-disk-quota for VDOMs.

764491 Unable to configure more than one IP addresses for vrdst under the interface vrrp setting.

770600

Comma between IP address and subnet causes problems when saving Prefix List Rule under BGP Templates.

773147 Installation fails due to the unexpected system interface config changes for settings related to pvc.
775552 The View device revision under Revision History does not display the full and complete device configuration.

777391

Non-root Admins with access to only one ADOMs cannot properly build the HA Clusters in FortiManager.

778131

FMG did not support the per-device mapping for user SAML configurations.

784602

Max values for Link status under the Performance SLA for SDWAN template have been set wrongly.

785373

Configuration for engine-count in IPS global cannot be set higher than 8.

787205 Interface member field under the System Templates does not display any members.
791117 Unable to create simultaneous static routes with named address objects.
792553 Removing VLANs from zone and adding a new VLAN to the same zone deletes that zone.

793021

Creating the interface type software switch throws an error when adding a VLAN interface as a member.

793495 Cannot select all objects filtered by the search under Device Manager.
793510 Special characters in meta fields are displayed in HTML numeric code.
793941 Unable to install VPN psk with special characters through CLI template.

795913

Error Probe Failure has been observed when adding FortiAnalyzer to FortiManager.

796447

FortiManager shows CLI Provisioning templates, even after removing association of provisioning template.

796842 Failed to reload the configuration due to the datasrc invalid error message.
796920 The OPEN mode is missing from the System Template WiFi SSID.
799259 Duplicate CSF groups for 7.0 FGTs (7.0.2+) due to syntax returning upstream-ip instead of upstream.
800773 FortiManager doesn't show the filter configuration for syslogd correctly.

801022

Config status gets modified even though the installation preview is empty.

803683 Installation failed due to the config wireless-controller snmp settings.
804237 Unable to modify the firmware templates under the Device & Groups.

804523

After creating SD-WAN, IPsec, BGP, and CLI templates, the installation failed.

806622 Installation failed after configuring the link-monitor.
807404 Installation failed because of different values for monitoring npu-hpe between FortiManager and FGT-4201F.
809793 Unable to create VDOM link with vcluster.

811487

Static Route template does not have option for SD-WAN configurations.

812335

BGP template does not have the option to enable ebgp-enforce-multihop feature.

812687 Unable to add FortiGate WiFi-80F-2R to FMG when Trusted Platform Module (TPM) is enabled.

813339

First install after adding a FGT to the FMG failed due to FMG's attempt to install a new SSID passphrase for the virtual access point (VAP).

814190

FMG's export or import template feature is not working properly.

816443

SNMPv3 IPv4 notification host does not exist on the FMG's GUI anymore.

820990

IPsec VPN deployment by using ZTP creates some issues on the FGT routing.

822644

Creating a New Action for Interface under Provisioning Templates > System Templates makes FMG's GUI unresponsive.

830105

FMG attempts to install 1.0.0.0 as the remote-gw IP address for all the phase1-interfaces when two or more IPsec phase1-interfaces have same remote-gw IP address.

FortiSwitch Manager

Bug ID

Description

772396 Dynamic Port Policy feature was not supported under the FortiSwitch Manager section of FortiManager.
786283 IP Address Assignment Rules cannot be removed under the VLAN per device mapping.

803175

FortiSwitch template does not enable all the PoE interfaces.

817436

LLDP profile cannot be changed when Access Mode is set to NAC in FortiSwitch template.

Global ADOM

Bug ID

Description

767325

Failed to assign global ADOM v6.2 policy to local ADOM v6.4 due to policy IPv6 changed duplicate object.

768527 After upgrading the global ADOM, installation failed due to the custom ssl-ssh-profile configuration.
794206 Policy installation fails due to Global Object adding prefix g- in threat feed.

811660

Global Database object assignment to ADOMs fails.

815130

Global Policy Assignment in FMG displays the TCL error - dstintf in policy cannot be empty error.

Others

Bug ID Description

575863

Failed to upgrade ADOMs as FortiManager forces users to upgrade unregistered devices first.

671516

FMG/FAZ cannot accept more than 100 concurrent admin sessions (using JSON APIs).

741767

FGT's firmware upgrade API is missed from the documentation.

747648

FMG does not support some of the FEX models and versions under FEX profiles.

759333 After upgrading ADOM 6.2 to 6.4, status of all policy packages changes to Modified.

764388

FortiManager's GUI does not support ACI FortiSDNConnector and Nuage configurations.

766485 FortiManager and FortiAnalyzer frequently generate error logs with message "service:geoip, fgd server 'gip.fortinet.net' was unreachable.".

781831

FortiManager should be able to retrieve EMS tags using hostname of FortiClient EMS, if it can resolve the hostname.

782139 FortiManager GUI does not display any of the proxy settings and webcache for FortProxy devices.

783226

Fabric View may keep loading.

784034 HA Configuration in Zero-touch provisioning (ZTP) does not synchronize to the secondary FortiGate.

784037

FortiManager offers low encryption cipher suite in TLS 1.2.

786281

During the installation, FortiManager displays Policy Consistency Check failure without any clear reason.

786786 New API deployment on FortiManager to support the NSXT API integration does not send any notification from the NSXTService Manager to FortiManager.
792296 ADOM upgrade fails due to the virtual wire pair policy.

792887

Verification fail for default dnsfilter profile due to wrongly installed set category 0.

794256 Unable to export update manager log files for the sftp fdssvrd.
794304

Interface Bandwidth widget is displayed in ADOM 6.2 in FortiManager version 6.4.

795111 Unable to add or modify a FPX Explicit Proxy' policy from a FortiProxy ADOM in FortiManager.
797165 FortiManager has some unsupported commands for the FortiToken user definition.

798220

FortiExtender status is always offline.

804244 ADOMs created by XML API cannot be locked or unlocked.
805226 ADOM upgrade uses too much memory, and this makes the upgrade process too slow.

806109

After ADOM upgrade, log-all is disabled for all protocols under Email Filter profile.

811114 On the FortiProxy ADOM, interface for configuring the web-proxy explicit-proxy cannot be selected from the dropdown menu list.

813443

FortiManager does not support the FGT-GCP different IP addresses on interfaces and different source DNS IP addresses.

815875

After upgrading FortiManager, device-level status has been modified and Install preview shows that pdf-report and FortiView features will be enabled on the FGTs, even if these are already enabled on the FGTs.

816444

Extender manager doesn't display RSSI/RSRP/RSRQ/SINR info.

816834

FMG does not support FortiWeb and activate its license.

817667

FMG cannot upgrade the ADOM to v7.0 due to several cdb crashes during the upgrade.

819495

FortiManager JSON API set and update work similarly for template and policy package scope member.

820656

FGT 7.2.1 failed to fetch the FortiGuard rating from FMG without raw database flags.

820862

Extenders are not displayed on FMG.

822263

FortiGuard > Service Status does not correctly display the secondary service status of the FGT's cluster.

823111

After upgrading to 7.0.4, FMG removes the dev-obj data upon rebooting.

823278

Unable to manually import Query Category FortiGuard package.

823294

SSH connection between FGT and FAZ/FMG v7.0.4/7.2.1 or later fails due to server_host_key_algorithms mismatch.

825052

Not able to add the FortiProxy to the FortiProxy ADOM.

826718

Failed to delete the hanging task from task monitor.

828808

EMS Connector unable to connect to FortiClient EMS Cloud.

Policy and Objects

Bug ID Description

620680

FMG does not support the geographic fields data for firewall internet-service objects.

705302 Remote VPN Certificate installation failed, and certificate disappeared from FortiManager; however, on the FortiGate the certificate installed successfully.
706809 Policy Check export does not have the last hit-count details anymore.
714375 No warning messages when assigning a normalized interface that is already in use.
721253 FortiManager may not import all the roles and address groups from ClearPass.
725132 When modifying IP address of Default VPN Interface of spoke in Device Manager, hub remote gateway should be modified to reflect that change.
725427 Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPsec policy.

731037

There may be File Filter file type mismatch between FortiGate and FortiManager.

737424 Policy package import fails due to the Device mapping::"query failed." error.

751767

Export to Excel when filters are applied for a policy package does not work.

758680 Unable to complete the Cisco pxGrid fabric connector's configuration on FortiManager.
760918 Unable to change the action field for the default IPS profile and their clones.
765154 Installation fails when trying to disable the safe search on existing DNS filter from FortiManager.
767255 FortiManager fails to install the custom signature because it is too long.

773333

The configurations for two-factor-authentication and two-factor-notification should not lead to installation failure.

773403 FortiManager may now differentiate between the ISDB objects Predefined Internet Services and IP Reputation Database.
775128 Unable to create more than 20 SAML users in policy package object.
777017 FortiManager purges the arrp-profile when installing the v6.2 policy packages to v6.4 FGTs.

778171

After the upgrade, FortiManager is changing the config antivirus quarantine setting, causing the installation to fail.

779965

Users may be unable to export firewall Header and Footer policies to Excel.

791357 Installation failed when using custom-deep-inspection.
792980 Installation fails when trying to install SAML user configuration.
796505 Modifying the Sections under Policy & Objects leads to some unexpected changes or behavior.
796512 Wrong direction definition has been displayed for Tor-Relay.Node ISDB object.
798094 Re-assignment of tokens in FMG policy and objects, deletes and re-adds the firewall policies that are used those objects.
798955 Traffic shaping policy changes do not trigger any changes or updates on the policy packages status.
798958 Policy Consistency Check fails due to the firewall service's name.
799538 The export policy feature displays limited numbers of the group objects.
801876 Installation failed due to "Copy global shared objects" failure.
802072 "Auto-asic-offload" cannot be disabled for the first time in the policy.
802934 FortiManager'sPolicy Package Diff displays policy objects change even though there is not any changes.

805178

Installation failed due to the unnecessary setting changes of logtraffic feature in proxy policy.

805211 Installation failed due to the wrong fsw vlan type for the default nac and nac_segment vlans.
805642 New policies created in policy package do not inherit the global-label section.

805649

Any modification to the peer group object within the VPN Manager pane, changes the policy status to Modified for all devices, even though spoke devices have different policy packages than hub devices.

805966 Verification fails due to the "resource-limits.proxy".
809276 Cloning administrators doesn't copy the specified ADOMs for the cloned administrator and wrongly displays All ADOMs.

809888

Replacement Message Group under Security profiles gets removed by FMG during the installation.

811503

Installation failure due to the extender-controller error 33 - duplicate.

811715

FSSO dynamic addresses were visible on two address groups.

813237

View Mode feature does not work properly when workspace mode is enabled on FMG.

814090

Export to Excel does not work if the policy package has policies other than default Implicit Deny.

814468

FMG purges gcp-project-list and unsets several values from GCP sdn-connector.

815812 Installation failed because FortiManager tried to remove the credentials for Amazon Web Services (AWS) type of SDN Connector and enabled the use-metadata-iam feature.

816347

Objects field search under the Add Object(s) feature does not properly locate any firewall object addresses for source and destination.

819665

Installation Preview does not display the DNS-Filter configuration changes.

820939

Firewall Users does not populate the user authenticated through explicit proxy authentication method.

828492

Policy installation fails when using sdn-addr-type all.

Revision History

Bug ID

Description

496870 Fabric SDN Connector is installed on FortiGate, even when not in use.
691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.

Script

Bug ID

Description

793407 Installation fails if one of the BGP network prefix entries is a supernet.
800149 FortiManager reorders the <ID>s in ascending order for BGP and static settings.

Services

Bug ID Description

704584

FAP firmware may not be listed and cannot be imported.

752849 FortiManager doesn't have the proper version string of FGT's IPGeo Info.
796345 FortiManager does not recognize the entitlement file for some FGTs.
798979 FortiManager cannot download the latest IPS DB.
808121 FortiManager ignores add_no_service setting for the Unauthorized Devices.

System Settings

Bug ID

Description

687223 Users may be unable to upgrade ADOM because of profile-protocol-options.
753690 SNMPv3 security option configuration has discrepancy between GUI and CLI.

780245

Install Wizard shows all devices are selected, even though Default Device Selection for Install is set to Deselect All.

794461

In Workflow mode, admins are not able to approve or reject sessions by emails.

795655 FortiManager loads the Administrator list under System Setting very slowly.

796058

Search box in the Edit Meta Fields page under System Settings does not work.

799519 If Management Extension Applications (MEA) are enabled, all system settings may be lost after upgrading FortiManager.
799619 When Advanced ADOM Mode is enabled, FortiManager under the Device Inventory displays all devices from all VDOMs.
803200 FortiManager does not synchronize with NTP server.
807788 Unable to disable the trusted hosts from the GUI.

807983

FortiManager doesn't display NTP daemon change time event log when it synchronizes with the NTP server at booting.

811633 Restricted Administrators using the API requests have full read-write access.

817244

Sorting function feature does not work properly based on the Device column in the Meta Fields under System Settings.

818969

Unable to poll SNMP with SNMP engine ID.

819383

FortiManager disk usage rises to 100% when traffic-shaping-history enabled.

821221

Enabling the debug by remote users with Super_User admin profiles disconnects them from the FMG's GUI and CLI.

827854

Installation target disappears in workflow mode if session is approved through email.

VPN Manager

Bug ID

Description

615890

IPsec VPN authusergrp option Inherit from Policy is missing when setting xauthtype as auto server.

794168 Installation becomes very slow when FortiManager acts as CA server.
796104 FortiManager deletes and re-creates VPN routes with different IDs on every install.

807063

Unable to delete any of the new Authentication or Portal Mapping entries under SSL VPN Settings.

810027

FortiManager spoke IP setting for VPN configuration sets properly, but the policy package does not change on the hub phase1.

Resolved Issues

The following issues have been fixed in 7.2.1. To inquire about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description

697444

SSID with MPSK may not pass verification during an install.

755815

The local-standalone and local-authentication features are inconsistent with FOS/FGT.

767774

The power-level and power-value installation failed as FortiManager attempts to change power-level and power-value under the wireless-controller settings at the same time.

794836

Protected Management Frames (PMF) feature always gets disabled when security mode is set to WPA2 (Enterprise or Personal).

810804

FortiManager does not support configuration for wireless-controller nac-profile.

Device Manager

Bug ID Description

587404

FortiManager sets incorrect captive-portal-port value when installing version 6.0 policy package to version 6.2 devices.

676415 SAML account with remote certificate not imported to FortiManager Cloud.
704106 Certificate Enrollment fails using SCEP on Microsoft server with sub-ca certificate chains.

721242

FMG displays error record internal is reserved when creating a software switch named internal.

739746 When VDOM is enabled, FortiManager shows multiple firmware templates on Device Manager with different statuses.

743112

Interface Bandwidth widget on FortiManager under Device Manager does not display any data for FGTs.

746697

Cannot delete the phase2-interface within the IPSEC template.

753548 Error message peer must be set is displayed when configuring IPSec Tunnel Templates.
757045 Installation failed with invalid ip address error when configuring multiple IP addresses for system dns-database's forwarder as the meta field.

759264

Applied system template does not apply properly on Install Wizard mode after modifying config on device level.

763234

Installation failed due to the syntax difference between FGT and FMG in setting log-disk-quota for VDOMs.

764491 Unable to configure more than one IP addresses for vrdst under the interface vrrp setting.

770600

Comma between IP address and subnet causes problems when saving Prefix List Rule under BGP Templates.

773147 Installation fails due to the unexpected system interface config changes for settings related to pvc.
775552 The View device revision under Revision History does not display the full and complete device configuration.

777391

Non-root Admins with access to only one ADOMs cannot properly build the HA Clusters in FortiManager.

778131

FMG did not support the per-device mapping for user SAML configurations.

784602

Max values for Link status under the Performance SLA for SDWAN template have been set wrongly.

785373

Configuration for engine-count in IPS global cannot be set higher than 8.

787205 Interface member field under the System Templates does not display any members.
791117 Unable to create simultaneous static routes with named address objects.
792553 Removing VLANs from zone and adding a new VLAN to the same zone deletes that zone.

793021

Creating the interface type software switch throws an error when adding a VLAN interface as a member.

793495 Cannot select all objects filtered by the search under Device Manager.
793510 Special characters in meta fields are displayed in HTML numeric code.
793941 Unable to install VPN psk with special characters through CLI template.

795913

Error Probe Failure has been observed when adding FortiAnalyzer to FortiManager.

796447

FortiManager shows CLI Provisioning templates, even after removing association of provisioning template.

796842 Failed to reload the configuration due to the datasrc invalid error message.
796920 The OPEN mode is missing from the System Template WiFi SSID.
799259 Duplicate CSF groups for 7.0 FGTs (7.0.2+) due to syntax returning upstream-ip instead of upstream.
800773 FortiManager doesn't show the filter configuration for syslogd correctly.

801022

Config status gets modified even though the installation preview is empty.

803683 Installation failed due to the config wireless-controller snmp settings.
804237 Unable to modify the firmware templates under the Device & Groups.

804523

After creating SD-WAN, IPsec, BGP, and CLI templates, the installation failed.

806622 Installation failed after configuring the link-monitor.
807404 Installation failed because of different values for monitoring npu-hpe between FortiManager and FGT-4201F.
809793 Unable to create VDOM link with vcluster.

811487

Static Route template does not have option for SD-WAN configurations.

812335

BGP template does not have the option to enable ebgp-enforce-multihop feature.

812687 Unable to add FortiGate WiFi-80F-2R to FMG when Trusted Platform Module (TPM) is enabled.

813339

First install after adding a FGT to the FMG failed due to FMG's attempt to install a new SSID passphrase for the virtual access point (VAP).

814190

FMG's export or import template feature is not working properly.

816443

SNMPv3 IPv4 notification host does not exist on the FMG's GUI anymore.

820990

IPsec VPN deployment by using ZTP creates some issues on the FGT routing.

822644

Creating a New Action for Interface under Provisioning Templates > System Templates makes FMG's GUI unresponsive.

830105

FMG attempts to install 1.0.0.0 as the remote-gw IP address for all the phase1-interfaces when two or more IPsec phase1-interfaces have same remote-gw IP address.

FortiSwitch Manager

Bug ID

Description

772396 Dynamic Port Policy feature was not supported under the FortiSwitch Manager section of FortiManager.
786283 IP Address Assignment Rules cannot be removed under the VLAN per device mapping.

803175

FortiSwitch template does not enable all the PoE interfaces.

817436

LLDP profile cannot be changed when Access Mode is set to NAC in FortiSwitch template.

Global ADOM

Bug ID

Description

767325

Failed to assign global ADOM v6.2 policy to local ADOM v6.4 due to policy IPv6 changed duplicate object.

768527 After upgrading the global ADOM, installation failed due to the custom ssl-ssh-profile configuration.
794206 Policy installation fails due to Global Object adding prefix g- in threat feed.

811660

Global Database object assignment to ADOMs fails.

815130

Global Policy Assignment in FMG displays the TCL error - dstintf in policy cannot be empty error.

Others

Bug ID Description

575863

Failed to upgrade ADOMs as FortiManager forces users to upgrade unregistered devices first.

671516

FMG/FAZ cannot accept more than 100 concurrent admin sessions (using JSON APIs).

741767

FGT's firmware upgrade API is missed from the documentation.

747648

FMG does not support some of the FEX models and versions under FEX profiles.

759333 After upgrading ADOM 6.2 to 6.4, status of all policy packages changes to Modified.

764388

FortiManager's GUI does not support ACI FortiSDNConnector and Nuage configurations.

766485 FortiManager and FortiAnalyzer frequently generate error logs with message "service:geoip, fgd server 'gip.fortinet.net' was unreachable.".

781831

FortiManager should be able to retrieve EMS tags using hostname of FortiClient EMS, if it can resolve the hostname.

782139 FortiManager GUI does not display any of the proxy settings and webcache for FortProxy devices.

783226

Fabric View may keep loading.

784034 HA Configuration in Zero-touch provisioning (ZTP) does not synchronize to the secondary FortiGate.

784037

FortiManager offers low encryption cipher suite in TLS 1.2.

786281

During the installation, FortiManager displays Policy Consistency Check failure without any clear reason.

786786 New API deployment on FortiManager to support the NSXT API integration does not send any notification from the NSXTService Manager to FortiManager.
792296 ADOM upgrade fails due to the virtual wire pair policy.

792887

Verification fail for default dnsfilter profile due to wrongly installed set category 0.

794256 Unable to export update manager log files for the sftp fdssvrd.
794304

Interface Bandwidth widget is displayed in ADOM 6.2 in FortiManager version 6.4.

795111 Unable to add or modify a FPX Explicit Proxy' policy from a FortiProxy ADOM in FortiManager.
797165 FortiManager has some unsupported commands for the FortiToken user definition.

798220

FortiExtender status is always offline.

804244 ADOMs created by XML API cannot be locked or unlocked.
805226 ADOM upgrade uses too much memory, and this makes the upgrade process too slow.

806109

After ADOM upgrade, log-all is disabled for all protocols under Email Filter profile.

811114 On the FortiProxy ADOM, interface for configuring the web-proxy explicit-proxy cannot be selected from the dropdown menu list.

813443

FortiManager does not support the FGT-GCP different IP addresses on interfaces and different source DNS IP addresses.

815875

After upgrading FortiManager, device-level status has been modified and Install preview shows that pdf-report and FortiView features will be enabled on the FGTs, even if these are already enabled on the FGTs.

816444

Extender manager doesn't display RSSI/RSRP/RSRQ/SINR info.

816834

FMG does not support FortiWeb and activate its license.

817667

FMG cannot upgrade the ADOM to v7.0 due to several cdb crashes during the upgrade.

819495

FortiManager JSON API set and update work similarly for template and policy package scope member.

820656

FGT 7.2.1 failed to fetch the FortiGuard rating from FMG without raw database flags.

820862

Extenders are not displayed on FMG.

822263

FortiGuard > Service Status does not correctly display the secondary service status of the FGT's cluster.

823111

After upgrading to 7.0.4, FMG removes the dev-obj data upon rebooting.

823278

Unable to manually import Query Category FortiGuard package.

823294

SSH connection between FGT and FAZ/FMG v7.0.4/7.2.1 or later fails due to server_host_key_algorithms mismatch.

825052

Not able to add the FortiProxy to the FortiProxy ADOM.

826718

Failed to delete the hanging task from task monitor.

828808

EMS Connector unable to connect to FortiClient EMS Cloud.

Policy and Objects

Bug ID Description

620680

FMG does not support the geographic fields data for firewall internet-service objects.

705302 Remote VPN Certificate installation failed, and certificate disappeared from FortiManager; however, on the FortiGate the certificate installed successfully.
706809 Policy Check export does not have the last hit-count details anymore.
714375 No warning messages when assigning a normalized interface that is already in use.
721253 FortiManager may not import all the roles and address groups from ClearPass.
725132 When modifying IP address of Default VPN Interface of spoke in Device Manager, hub remote gateway should be modified to reflect that change.
725427 Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPsec policy.

731037

There may be File Filter file type mismatch between FortiGate and FortiManager.

737424 Policy package import fails due to the Device mapping::"query failed." error.

751767

Export to Excel when filters are applied for a policy package does not work.

758680 Unable to complete the Cisco pxGrid fabric connector's configuration on FortiManager.
760918 Unable to change the action field for the default IPS profile and their clones.
765154 Installation fails when trying to disable the safe search on existing DNS filter from FortiManager.
767255 FortiManager fails to install the custom signature because it is too long.

773333

The configurations for two-factor-authentication and two-factor-notification should not lead to installation failure.

773403 FortiManager may now differentiate between the ISDB objects Predefined Internet Services and IP Reputation Database.
775128 Unable to create more than 20 SAML users in policy package object.
777017 FortiManager purges the arrp-profile when installing the v6.2 policy packages to v6.4 FGTs.

778171

After the upgrade, FortiManager is changing the config antivirus quarantine setting, causing the installation to fail.

779965

Users may be unable to export firewall Header and Footer policies to Excel.

791357 Installation failed when using custom-deep-inspection.
792980 Installation fails when trying to install SAML user configuration.
796505 Modifying the Sections under Policy & Objects leads to some unexpected changes or behavior.
796512 Wrong direction definition has been displayed for Tor-Relay.Node ISDB object.
798094 Re-assignment of tokens in FMG policy and objects, deletes and re-adds the firewall policies that are used those objects.
798955 Traffic shaping policy changes do not trigger any changes or updates on the policy packages status.
798958 Policy Consistency Check fails due to the firewall service's name.
799538 The export policy feature displays limited numbers of the group objects.
801876 Installation failed due to "Copy global shared objects" failure.
802072 "Auto-asic-offload" cannot be disabled for the first time in the policy.
802934 FortiManager'sPolicy Package Diff displays policy objects change even though there is not any changes.

805178

Installation failed due to the unnecessary setting changes of logtraffic feature in proxy policy.

805211 Installation failed due to the wrong fsw vlan type for the default nac and nac_segment vlans.
805642 New policies created in policy package do not inherit the global-label section.

805649

Any modification to the peer group object within the VPN Manager pane, changes the policy status to Modified for all devices, even though spoke devices have different policy packages than hub devices.

805966 Verification fails due to the "resource-limits.proxy".
809276 Cloning administrators doesn't copy the specified ADOMs for the cloned administrator and wrongly displays All ADOMs.

809888

Replacement Message Group under Security profiles gets removed by FMG during the installation.

811503

Installation failure due to the extender-controller error 33 - duplicate.

811715

FSSO dynamic addresses were visible on two address groups.

813237

View Mode feature does not work properly when workspace mode is enabled on FMG.

814090

Export to Excel does not work if the policy package has policies other than default Implicit Deny.

814468

FMG purges gcp-project-list and unsets several values from GCP sdn-connector.

815812 Installation failed because FortiManager tried to remove the credentials for Amazon Web Services (AWS) type of SDN Connector and enabled the use-metadata-iam feature.

816347

Objects field search under the Add Object(s) feature does not properly locate any firewall object addresses for source and destination.

819665

Installation Preview does not display the DNS-Filter configuration changes.

820939

Firewall Users does not populate the user authenticated through explicit proxy authentication method.

828492

Policy installation fails when using sdn-addr-type all.

Revision History

Bug ID

Description

496870 Fabric SDN Connector is installed on FortiGate, even when not in use.
691240 FortiManager should not unset the value forward-error-correction with certain FortiGate platforms.

Script

Bug ID

Description

793407 Installation fails if one of the BGP network prefix entries is a supernet.
800149 FortiManager reorders the <ID>s in ascending order for BGP and static settings.

Services

Bug ID Description

704584

FAP firmware may not be listed and cannot be imported.

752849 FortiManager doesn't have the proper version string of FGT's IPGeo Info.
796345 FortiManager does not recognize the entitlement file for some FGTs.
798979 FortiManager cannot download the latest IPS DB.
808121 FortiManager ignores add_no_service setting for the Unauthorized Devices.

System Settings

Bug ID

Description

687223 Users may be unable to upgrade ADOM because of profile-protocol-options.
753690 SNMPv3 security option configuration has discrepancy between GUI and CLI.

780245

Install Wizard shows all devices are selected, even though Default Device Selection for Install is set to Deselect All.

794461

In Workflow mode, admins are not able to approve or reject sessions by emails.

795655 FortiManager loads the Administrator list under System Setting very slowly.

796058

Search box in the Edit Meta Fields page under System Settings does not work.

799519 If Management Extension Applications (MEA) are enabled, all system settings may be lost after upgrading FortiManager.
799619 When Advanced ADOM Mode is enabled, FortiManager under the Device Inventory displays all devices from all VDOMs.
803200 FortiManager does not synchronize with NTP server.
807788 Unable to disable the trusted hosts from the GUI.

807983

FortiManager doesn't display NTP daemon change time event log when it synchronizes with the NTP server at booting.

811633 Restricted Administrators using the API requests have full read-write access.

817244

Sorting function feature does not work properly based on the Device column in the Meta Fields under System Settings.

818969

Unable to poll SNMP with SNMP engine ID.

819383

FortiManager disk usage rises to 100% when traffic-shaping-history enabled.

821221

Enabling the debug by remote users with Super_User admin profiles disconnects them from the FMG's GUI and CLI.

827854

Installation target disappears in workflow mode if session is approved through email.

VPN Manager

Bug ID

Description

615890

IPsec VPN authusergrp option Inherit from Policy is missing when setting xauthtype as auto server.

794168 Installation becomes very slow when FortiManager acts as CA server.
796104 FortiManager deletes and re-creates VPN routes with different IDs on every install.

807063

Unable to delete any of the new Authentication or Portal Mapping entries under SSL VPN Settings.

810027

FortiManager spoke IP setting for VPN configuration sets properly, but the policy package does not change on the hub phase1.