Resolved Issues
The following issues have been fixed in 7.2.1. To inquire about a particular bug, please contact Customer Service & Support.
AP Manager
Bug ID | Description |
---|---|
697444 |
SSID with MPSK may not pass verification during an install. |
755815 |
The local-standalone
and local-authentication features are inconsistent with FOS/FGT. |
767774 |
The |
794836 |
Protected Management Frames (PMF) feature always gets disabled when security mode is set to WPA2 (Enterprise or Personal). |
810804 |
FortiManager does not support configuration for wireless-controller nac-profile. |
Device Manager
Bug ID | Description |
---|---|
587404 |
FortiManager sets incorrect |
676415 | SAML account with remote certificate not imported to FortiManager Cloud. |
704106 | Certificate Enrollment fails using SCEP on Microsoft server with sub-ca certificate chains. |
721242 |
FMG displays error record internal is reserved when creating a software switch named internal. |
739746 | When VDOM is enabled, FortiManager shows multiple firmware templates on Device Manager with different statuses. |
743112 |
Interface Bandwidth widget on FortiManager under Device Manager does not display any data for FGTs. |
746697 |
Cannot delete the |
753548 | Error message peer must be set is displayed when configuring IPSec Tunnel Templates. |
757045 | Installation failed with invalid ip address error when configuring multiple IP addresses for system dns-database's forwarder as the meta field. |
759264 |
Applied system template does not apply properly on Install Wizard mode after modifying config on device level. |
763234 |
Installation failed due to the syntax difference between FGT and FMG in setting |
764491 | Unable to configure more than
one IP addresses for vrdst under the interface vrrp
setting. |
770600 |
Comma between IP address and subnet causes problems when saving Prefix List Rule under BGP Templates. |
773147 | Installation fails due to the
unexpected system interface config changes for settings related to pvc . |
775552 | The View device revision under Revision History does not display the full and complete device configuration. |
777391 |
Non-root Admins with access to only one ADOMs cannot properly build the HA Clusters in FortiManager. |
778131 |
FMG did not support the per-device mapping for user SAML configurations. |
784602 |
Max values for Link status under the Performance SLA for SDWAN template have been set wrongly. |
785373 |
Configuration for |
787205 | Interface member field under the System Templates does not display any members. |
787905 | PM/AM feature for AV&IPS Scheduled Updates under the FortiGuard's Device Manager cannot be set correctly. |
791117 | Unable to create simultaneous static routes with named address objects. |
792553 | Removing VLANs from zone and adding a new VLAN to the same zone deletes that zone. |
793021 |
Creating the interface type software switch throws an error when adding a VLAN interface as a member. |
793495 | Cannot select all objects filtered by the search under Device Manager. |
793510 | Special characters in meta fields are displayed in HTML numeric code. |
793941 | Unable to install VPN psk with special characters through CLI template. |
795913 |
Error Probe Failure has been observed when adding FortiAnalyzer to FortiManager. |
796447 |
FortiManager shows CLI Provisioning templates, even after removing association of provisioning template. |
796842 | Failed to reload the configuration due to the datasrc invalid error message. |
796920 | The OPEN mode is missing from the System Template WiFi SSID. |
799259 | Duplicate CSF groups for 7.0
FGTs (7.0.2+) due to syntax returning upstream-ip instead of upstream . |
800773 | FortiManager doesn't show the filter configuration for syslogd correctly. |
801022 |
Config status gets modified even though the installation preview is empty. |
803683 | Installation failed due to the
config wireless-controller snmp settings. |
804237 | Unable to modify the firmware templates under the Device & Groups. |
804523 |
After creating SD-WAN, IPsec, BGP, and CLI templates, the installation failed. |
806622 | Installation failed after configuring the link-monitor. |
807404 | Installation failed because of different values for
monitoring npu-hpe between FortiManager and FGT-4201F. |
809793 | Unable to create VDOM link with vcluster. |
811460 |
No option to set |
811487 |
Static Route template does not have option for SD-WAN configurations. |
812335 |
BGP template does not have the option to enable |
812687 | Unable to add FortiGate WiFi-80F-2R to FMG when Trusted Platform Module (TPM) is enabled. |
813339 |
First install after adding a FGT to the FMG failed due to FMG's attempt to install a new SSID passphrase for the virtual access point (VAP). |
814190 |
FMG's export or import template feature is not working properly. |
816443 |
SNMPv3 IPv4 notification host does not exist on the FMG's GUI anymore. |
820990 |
IPsec VPN deployment by using ZTP creates some issues on the FGT routing. |
822644 |
Creating a New Action for Interface under Provisioning Templates > System Templates makes FMG's GUI unresponsive. |
829404 | SD-WAN Widget does not display any data for "Bandwidth Overview" and "Traffic Growth" under the Managed Devices' dashboard. |
830105 |
FMG attempts to install 1.0.0.0 as the |
FortiSwitch Manager
Bug ID |
Description |
---|---|
772396 | Dynamic Port Policy feature was not supported under the FortiSwitch Manager section of FortiManager. |
786283 | IP Address Assignment Rules cannot be removed under the VLAN per device mapping. |
803175 |
FortiSwitch template does not enable all the PoE interfaces. |
817436 |
LLDP profile cannot be changed when Access Mode is set to NAC in FortiSwitch template. |
Global ADOM
Bug ID |
Description |
---|---|
767325 |
Failed to assign global ADOM v6.2 policy to local ADOM v6.4 due to policy IPv6 changed duplicate object. |
768527 | After upgrading the global ADOM, installation failed due to the custom ssl-ssh-profile configuration. |
794206 | Policy installation fails due
to Global Object adding prefix g- in threat feed. |
811660 |
Global Database object assignment to ADOMs fails. |
815130 |
Global Policy Assignment in FMG displays the TCL error - dstintf in policy cannot be empty error. |
Others
Bug ID | Description |
---|---|
575863 |
Failed to upgrade ADOMs as FortiManager forces users to upgrade unregistered devices first. |
671516 |
FMG/FAZ cannot accept more than 100 concurrent admin sessions (using JSON APIs). |
741767 |
FGT's firmware upgrade API is missed from the documentation. |
747648 |
FMG does not support some of the FEX models and versions under FEX profiles. |
759333 | After upgrading ADOM 6.2 to 6.4, status of all policy packages changes to Modified. |
764388 |
FortiManager's GUI does not support ACI FortiSDNConnector and Nuage configurations. |
766485 | FortiManager and FortiAnalyzer frequently generate error logs with message "service:geoip, fgd server 'gip.fortinet.net' was unreachable.". |
770040 | FortiManager's web interface
and especially API calls are very slow if object-revision-status feature is
enabled. |
781831 |
FortiManager should be able to retrieve EMS tags using hostname of FortiClient EMS, if it can resolve the hostname. |
782139 | FortiManager GUI does not display any of the proxy settings and webcache for FortProxy devices. |
783226 |
Fabric View may keep loading. |
784034 | HA Configuration in Zero-touch provisioning (ZTP) does not synchronize to the secondary FortiGate. |
784037 |
FortiManager offers low encryption cipher suite in TLS 1.2. |
786281 |
During the installation, FortiManager displays Policy Consistency Check failure without any clear reason. |
786786 | New API deployment on FortiManager to support the NSXT API integration does not send any notification from the NSXTService Manager to FortiManager. |
788006 | FortiManager consumes license count for the Admin Type VDOMs. |
792296 | ADOM upgrade fails due to the virtual wire pair policy. |
792887 |
Verification fail for default dnsfilter profile due to wrongly installed |
794256 | Unable to export update manager
log files for the sftp fdssvrd . |
794304 |
Interface Bandwidth widget is displayed in ADOM 6.2 in FortiManager version 6.4. |
795111 | Unable to add or modify a FPX Explicit Proxy' policy from a FortiProxy ADOM in FortiManager. |
797165 | FortiManager has some unsupported commands for the FortiToken user definition. |
798220 |
FortiExtender status is always offline. |
799835 |
A significant and continuous increase in memory usage by "rtmmond" has been observed. |
799835 | A significant and continuous increase in memory usage by "rtmmond" has been observed. |
804244 | ADOMs created by XML API cannot be locked or unlocked. |
805226 | ADOM upgrade uses too much memory, and this makes the upgrade process too slow. |
806109 |
After ADOM upgrade, |
811114 | On the FortiProxy ADOM,
interface for configuring the web-proxy explicit-proxy cannot be
selected from the dropdown menu list. |
813443 |
FortiManager does not support the FGT-GCP different IP addresses on interfaces and different source DNS IP addresses. |
815875 |
After upgrading FortiManager, device-level status has been modified and Install preview shows that pdf-report and FortiView features will be enabled on the FGTs, even if these are already enabled on the FGTs. |
816444 |
Extender manager doesn't display RSSI/RSRP/RSRQ/SINR info. |
816834 |
FMG does not support FortiWeb and activate its license. |
817667 |
FMG cannot upgrade the ADOM to v7.0 due to several cdb crashes during the upgrade. |
819495 |
FortiManager JSON API |
820656 |
FGT 7.2.1 failed to fetch the FortiGuard rating from FortiManager without raw database flags. |
820862 |
Extenders are not displayed on FortiManager. |
822263 |
FortiGuard > Service Status does not correctly display the secondary service status of the FortiGate's cluster. |
823111 |
After upgrading to 7.0.4, FMG removes the |
823278 |
Unable to manually import Query Category FortiGuard package. |
823294 |
SSH connection between FortiGate and FortiAnalyzer/FortiManager v7.0.4/7.2.1 or later fails due to |
825052 |
Not able to add the FortiProxy to the FortiProxy ADOM. |
826718 |
Failed to delete the hanging task from task monitor. |
828808 |
EMS Connector unable to connect to FortiClient EMS Cloud. |
Policy and Objects
Bug ID | Description |
---|---|
620680 |
FMG does not support the geographic fields data for firewall internet-service objects. |
705302 | Remote VPN Certificate installation failed, and certificate disappeared from FortiManager; however, on the FortiGate the certificate installed successfully. |
706809 | Policy Check export does not have the last hit-count details anymore. |
714375 | No warning messages when assigning a normalized interface that is already in use. |
721253 | FortiManager may not import all the roles and address groups from ClearPass. |
725132 | When modifying IP address of Default VPN Interface of spoke in Device Manager, hub remote gateway should be modified to reflect that change. |
725427 | Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPsec policy. |
731037 |
There may be File Filter file type mismatch between FortiGate and FortiManager. |
737424 | Policy package import fails due to the Device mapping::"query failed." error. |
751767 |
Export to Excel when filters are applied for a policy package does not work. |
758680 | Unable to complete the Cisco pxGrid fabric connector's configuration on FortiManager. |
760918 | Unable to change the action field for the default IPS profile and their clones. |
765154 | Installation fails when trying to disable the safe search on existing DNS filter from FortiManager. |
767255 | FortiManager fails to install the custom signature because it is too long. |
768125 | Default configurations of the Potentially Liable category under the Webfilter are different from their corresponding ones on FortiGate. |
773333 |
The configurations for two-factor-authentication and two-factor-notification should not lead to installation failure. |
773403 | FortiManager may now differentiate between the ISDB objects Predefined Internet Services and IP Reputation Database. |
775128 | Unable to create more than 20 SAML users in policy package object. |
777017 | FortiManager purges the
arrp-profile when installing the v6.2 policy packages to v6.4 FGTs. |
778171 |
After the upgrade, FortiManager is changing the config antivirus quarantine setting, causing the installation to fail. |
789238 | Installation error occurs when configuring a VIP with per-device mapping and setting an External IP Range to an IPv4 Range. |
791357 | Installation failed when using
custom-deep-inspection . |
792980 | Installation fails when trying to install SAML user configuration. |
793603 | Registering a service under the connector configuration displays an error "Failed to run script.". |
796505 | Modifying the Sections under Policy & Objects leads to some unexpected changes or behavior. |
796512 | Wrong direction definition has
been displayed for Tor-Relay.Node ISDB object. |
798094 | Re-assignment of tokens in FMG policy and objects, deletes and re-adds the firewall policies that are used those objects. |
798955 | Traffic shaping policy changes do not trigger any changes or updates on the policy packages status. |
798958 | Policy Consistency Check fails due to the firewall service's name. |
799538 | The export policy feature displays limited numbers of the group objects. |
801876 | Installation failed due to "Copy global shared objects" failure. |
802072 | "Auto-asic-offload" cannot be disabled for the first time in the policy. |
802934 | FortiManager'sPolicy Package Diff displays policy objects change even though there is not any changes. |
805178 |
Installation failed due to the unnecessary setting changes of logtraffic feature in proxy policy. |
805211 | Installation failed due to the wrong fsw vlan type for the default nac and nac_segment vlans. |
805642 | New policies created in policy
package do not inherit the global-label section. |
805649 |
Any modification to the peer group object within the VPN Manager pane, changes the policy status to Modified for all devices, even though spoke devices have different policy packages than hub devices. |
805966 | Verification fails due to the "resource-limits.proxy". |
808900 | Incorrect error message is displayed when re-installing the same policy to FortiGate immediately after the first installation. |
809276 | Cloning administrators doesn't copy the specified ADOMs for the cloned administrator and wrongly displays All ADOMs. |
809888 |
Replacement Message Group under Security profiles gets removed by FMG during the installation. |
811503 |
Installation failure due to the extender-controller |
811715 |
FSSO dynamic addresses were visible on two address groups. |
813237 |
View Mode feature does not work properly when workspace mode is enabled on FMG. |
814090 |
Export to Excel does not work if the policy package has policies other than default Implicit Deny. |
814468 |
FMG purges |
815812 | Installation failed because FortiManager tried to remove the credentials for Amazon Web Services (AWS) type of SDN
Connector and enabled the use-metadata-iam feature. |
816347 |
Objects field search under the Add Object(s) feature does not properly locate any firewall object addresses for source and destination. |
818512 | In WorkFlow Mode, adding a single policy removes and re-adds the entire policies. |
819665 |
Installation Preview does not display the DNS-Filter configuration changes. |
819713 | FortiManager in task manager does not show the specific admin name who refreshes the hit-count. |
820939 |
Firewall Users does not populate the user authenticated through explicit proxy authentication method. |
821412 | The Policy Block's name cannot be edited if "/" character is being used. |
827602 | Unable to import EMS Tags from EMS Server. |
827607 | The enable/disable status feature for the EMS Connector is not available on FortiManager. |
828492 |
Policy installation fails when using |
Revision History
Bug ID |
Description |
---|---|
496870 | Fabric SDN Connector is installed on FortiGate, even when not in use. |
691240 | FortiManager should not unset
the value forward-error-correction with certain FortiGate platforms. |
Script
Bug ID |
Description |
---|---|
793407 | Installation fails if one of
the BGP network prefix entries is a supernet . |
800149 | FortiManager reorders the <ID>s in ascending order for BGP and static settings. |
Services
Bug ID | Description |
---|---|
704584 |
FAP firmware may not be listed and cannot be imported. |
752849 | FortiManager doesn't have the proper version string of FGT's IPGeo Info. |
796345 | FortiManager does not recognize the entitlement file for some FGTs. |
798979 | FortiManager cannot download the latest IPS DB. |
808121 | FortiManager ignores
add_no_service setting for the Unauthorized Devices. |
System Settings
Bug ID |
Description |
---|---|
687223 | Users may be unable to
upgrade ADOM because of profile-protocol-options . |
753690 | SNMPv3 security option configuration has discrepancy between GUI and CLI. |
780245 |
Install Wizard shows all devices are selected, even though Default Device Selection for Install is set to Deselect All. |
794461 |
In Workflow mode, admins are not able to approve or reject sessions by emails. |
795655 | FortiManager loads the Administrator list under System Setting very slowly. |
796058 |
Search box in the Edit Meta Fields page under System Settings does not work. |
799519 | If Management Extension Applications (MEA) are enabled, all system settings may be lost after upgrading FortiManager. |
799619 | When Advanced ADOM Mode is enabled, FortiManager under the Device Inventory displays all devices from all VDOMs. |
803200 | FortiManager does not synchronize with NTP server. |
807788 | Unable to disable the trusted hosts from the GUI. |
807983 |
FortiManager doesn't display NTP daemon change time event log when it synchronizes with the NTP server at booting. |
811633 | Restricted Administrators using the API requests have full read-write access. |
817244 |
Sorting function feature does not work properly based on the Device column in the Meta Fields under System Settings. |
818969 |
Unable to poll SNMP with SNMP engine ID. |
819383 |
FortiManager disk usage rises to 100% when |
821221 |
Enabling the debug by remote users with Super_User admin profiles disconnects them from the FMG's GUI and CLI. |
827854 |
Installation target disappears in workflow mode if session is approved through email. |
VPN Manager
Bug ID |
Description |
---|---|
615890 |
IPsec VPN authusergrp option Inherit from Policy is missing when setting xauthtype as auto server. |
794168 | Installation becomes very slow when FortiManager acts as CA server. |
796104 | FortiManager deletes and re-creates VPN routes with different IDs on every install. |
807063 |
Unable to delete any of the new Authentication or Portal Mapping entries under SSL VPN Settings. |
810027 |
FortiManager spoke IP setting for VPN configuration sets properly, but the policy package does not change on the hub phase1. |