Fortinet black logo

Release Notes

Resolved Issues

Resolved Issues

The following issues have been fixed in 7.2.2. To inquire about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
661938 FortiManager displays an error when trying to edit and save managed APs.
819137 Installation failed if Distributed Automatic Radio Resource Provisioning (DARRP) is disabled on AP Profile.

822525

FortiManager does not take the per-device mapping authentication config for SSID under the WiFi Profiles.

824032

Some of the FAPs Radio configuration settings under the AP's profile are missing.

853345 The clients are connected to the Wireless Access Point, however, "clients" section under the diagnostics & tools of AP does not display any info.

861579

Unable to add the AP to the AP Manager due to the error "Parent object does not exist" message.

Device Manager

Bug ID Description
472443 FortiManager does not retrieve any of the profiles and addresses in the format of "g-XXX" from FortiGates when VDOMs are enabled.

657988

FortiManager may lose connection and fail to install after FortiGate HA switching roll.

723006 FortiManager does not support creating the "DHCP Reservation" under the "Network Monitors Widget".
738276 FortiManager's GUI does not display the "Routing Objects" under "Router".
745122 FortiManager unsets the ipv6 configuration during the installation to the FortiGate.
745586 Local firmware images are duplicated under the Device Manager.
748579 CLI configurations for SD WAN template is not working properly.

761066

FortiManager does not display the VLAN's protocols on GUI for FortiGates.

763036 Physical Interface Members are not displayed for the "Hardware Switch" type on FortiManager when FortiGates are added using Model Device method to the FortiManager.
773338 Unable to save the Virtual Router Redundancy Protocol (VRRP) settings for FortiGate's interfaces.
786264 Unable to delete default "wireless-controller" "vap" configuration from the device DB.
788923 SD-WAN template does not change the value of "service-sla-tie-break" for a SDWAN Zone.
789249 FortiManager does not have Logging Options after enabling One-Arm Sniffer under Interface.
789544 Status of the "Firmware Template" has been changed to "Unknown" after upgrade.
794764 FortiGate Modem Interface is not visible under Device Manager.
797404 After successfully running all the Assigned Templates to FortiGates, the status is displayed as Modified.
800191 During the ZTP deployment, "set hostname " command does not push to FortiGate.
801415 FortiManager adds quotations to IP addresses when configuring trusted hosts for "switch-controller snmp-community" under the GUI's CLI Configuration.
801547 When removing an entry in the static route template, static route entries are shifted and the installation fails.
804142 Creating the "EMACVLAN" type Interface on FortiManager displays an error: "VLAN ID is required".
804502 Installation fails due to pushing the previous password expiration date to FortiGates.
804523 After creating SDWAN, IPSec, BGP & CLI template, the installation failed.
807771 FortiManager unsets the gateway settings in SDWAN template after upgrading ADOM from v6.4 to v7.0.
810936 After Upgrade, managed FortiAnalyzer on FortiManager does not display the Traffic logs under the Log View for HA devices.
811067 When creating/editing a blueprint, the Firmware Enforcement value is different from the default Enforce Firmware Version value.
812213 Default factory setting on FortiGate does not match with its default factory setting on FortiManager's DB. This causes status conflict if FortiGate added to the FortiManager using the "Add Model Device" method.
815901 The router static entries created by IPSEC template are deleted and re-created after upgrade.
818905 FortiManager unsets the certificate for "endpoint-control fctems" setting during the installation.
819710 FortiManager does not display the VDOMs opmode correctly.
820436 FortiManager displays an error "Failed to update device management data.", when adding a model device based on ZTP approach.
821866 For FortiGates with FGSP (FortiGate Session Life Support Protocol) configuration, "ipsec-tunnel-sync" feature under the cluster-sync cannot be disabled.
823092 Not able to add multiple OU (Organization Unit) fields in the Certificate Templates.
823281 Changing Time/Schedule for scripts under the Device Manager makes the "OK" button grayed out.
824318 The Description column for interfaces displays wrong info (Up or Down).
826141 VLan interface cannot be created and mapped to a hardware switch interface on the FortiManager.
828122 "Device Detection" gets enabled by FortiManager during the installation.
828897 SD-WAN Monitor map doesn't load all devices.
829240 "Import CLI Script" feature is part of the "More" button entries under the Device Manager's Scripts.
829404 SD-WAN Widget does not display any data for "Bandwidth Overview" and "Traffic Growth" under the Managed Devices' dashboard.
830085 FortiManager's GUI does not display the "Replacement Messages" Under System for its Managed Devices after visualizing it via "Feature Visibility".
830727 FortiManager-DOCKER platform does not support adding the FortiAnalyzer-DOCKER device.
831290 Failed to delete template group with "/" in their names.
831733 Unable to create any new entries for any of the sub tables of the BGP Router like Neighbors, Neighbor Groups, and etc. due to "datasrc invalid." error message.
831874 FortiManager's GUI keeps refreshing when clicking on the devices under the Managed Devices.
832321 Configuration changes on the AP/Switch/Extender settings do not apply on the device DB when these changes are created from the system template.
832599 When installing the "config system snmp community" settings to FortiGates, some of the entries are deleted.
832753 FortiManager does not install configurations from CLI Template group to FortiGates.
834947 "Resource-limits" proxy default value is missing under the Device Manager's CLI Configurations.
835106 FortiManager cannot sync its devices with FortiAnalyzer when adding it to the Device Manager; it displays the error message "Serial number already in use".
835451 Editing SD-WAN/IPSec template with no actual changes removes all assigned devices.

836933

Changes on the External-Resource settings from ADOMs for specific VDOMs/FortiGates alter the External-Resource settings for other ADOMs and VDOMs.

838285 The DHCP server config under the FortiGate's interfaces does not work properly; it shows the DHCP status as OFF and once fixed creates another identical entry under the DHCP Server.
838334 Unable to modify, install, or add members to Zone under the System Template.
839243 "Assigned to Device/Group" under the "System Templates" does not keep its config after FortiManager's upgrade.
839334 FortiManager does not allow empty value for Interface Preference as SD-WAN Rules under the SD-WAN Templates.
842923 Auto-update fails to sync FortiManager's device DB when interfaces are modified directly in the root VDOM of the FortiGates.
844979 Multiple issues under log settings for upload-time, FortiAnalyzer Cloud store-and-upload have been observed.
845552 FortiManager's GUI freezes after clicking "Upgrade Preview" and "Upgrade History" under Device Manager > Firmware Templates.
845656 When BGP is enabled and no IP address is defined for set-ip-nexthop under the route-map config, FortiManager tries to set the IP to 0.0.0.0, and this may break the BGP network.
847631 Failed to reload the FortiGate's configuration.
848485 "Enable FortiGuard DDNS" feature, under the DNS settings of each managed devices, cannot be unset.

850471

FortiManager is attempting to modify replacement messages after upgrade, which leads to installation failure.

850941 "Upgrade Now" page under the Firmware Templates does not show up when multiple devices are selected.
853061 Installation fails as FortiManager attempts configuring "allowas-in6" on neighbor when configuring router bgp via BGP template.
853810 Failed to edit the managed devices to modify the location.
854401 Unable to access to the FortiGates via SSH and GUI Console Widget once the FIPS mode is enabled from FortiManager.
855032 FortiManager displays the total devices/VDOMs count wrongly when split VDOM enabled on FortiGates.
855425 System Template and CLI Template config did not install to all model device FortiGates.
857039 After modifying the SSH Administrative Access for FortiGate's interface on Device Manager, FortiManager attempts to install the PPPOE's password again to the FortiGate.
858591 Editing the interfaces for any of the managed devices displays an error message.
859249 After upgrade, Firmware Templates under the Device Manager is blank. Even new entries cannot be created.

859638

860071

FortiManager's SD-WAN monitor does not display the Health Check status correctly.
860208 FortiManager's GUI does not save the http port number when configuring the "Explicit Web Proxy" under the Device Manager.
861220 Leaving the SD-WAN member empty when configuring the SD-WAN using the template fails due to the syntax differences between FortiGate and FortiManager.
861238 SD-WAN Monitor, under Device Manager's Monitors, displays an Unknown status icon (a grey question mark) for HA devices under the Map View.
863062 Modifying the SDWAN Overlay Template removes the corresponding BGP template network config.
863417 Proper IP configuration did not apply to FortiGates when provisioned via ZTP.

864588

Firmware Template under the Device Manager does not work properly. It might display "No Device".

865583 "replacemsg-override-group" under the system's interface of managed devices is blank.
866243 The SD-WAN Monitor info for specific devices are not consistent with the map view SD-WAN interface status (based on performance SLA).
866920 System switch-interface member (internal) can not be used and provisioning template CLI scripts execute out of order.
870848 SD-WAN Monitor under Device Manager > Monitors does not display any FortiGate devices which are running in 6.2 version.

872865

FortiManager attempts to set a default value like "system cluster-sync" on FortiGate, and this causes installation failure.

874811 FortiManager tries to set the "set-ip-nexthop" to "0.0.0.0" during the installation.
874831 FortiManager attempts to install unknown and undesired static route when modifying or adding some new static routes.

FortiSwitch Manager

Bug ID

Description

818842

FortiManager displays "Failed loading data" for "Security Policy", "LLDP Profile", and "QoS Policy" features when editing ports in per-device mode FortiSwitch Management.

820167 Refreshing the FortiSwitch changes the status to Unknown.
820182 Using the Export to Excel feature for managed switches in FortiSwitch Manager exports a corrupted file.
829700 FortiManager shows errors while installing FortiSwitch configuration.
830099 FortiSwitch Manager displays the "Missing Switch ID or Platform Info" error.
833262 FortiSwitch Manager does not display the list of firmware images for the FSW 108F-FPOE model.

847846

FortiSwitch Manager does not display the correct switches and switchport status info.

868949

Installation fails as FortiSwitch Manager creates an alias name longer than the total limit 25 characters.

Global ADOM

Bug ID

Description

789164

Unable to delete the web rating override entries from ADOM Global Database.

835172 Global ADOM Assignment fails when assigning some profile groups.
835439 Global Policy assignment is not completed successfully due to some missing objects on Global ADOM.
838174 FortiManager does not provide a clear error message when Global IPS Header/Footer profile assignment fails.
842934 Global address group cannot be modified from FortiManager GUI.
847533 Unassigned Policy Package cannot be removed from Global ADOM.

868212

Assigning global policies to ADOMs by admins with access to specific ADOMs fails.

Others

Bug ID

Description

671471 In ADOM backup mode, when address objects are modified on FortiGates, modified objects are not imported into FortiManager.
707911 FortiManager should be able to assign VLAN interface to FortiExtender.

711100

FortiManager does not handle RMA and replaced FortiGates efficiently when ZTP has been used.

739219 FortiManager's timeout parameters cannot be set by users as it is hardcoded.
742819 Promote to global feature should not be possible since GLOBAL ADOM are not accessible in FortiManager Cloud.
745958 Unable to config ipsec tunnel using the ipsec tunnel template.
746516 Preferred Version cannot be saved for Managed Devices under the Firmware Images of FortiGuard Pane.
750242 FortiManager's DB in HA clusters are not properly synced together.
757524 FortiManager displays many "duplicate license for [FortiGate device's SN Number] copy AVDB to AVEN" error messages.
777028 FortiManager does not support the FortiCarrier-7121F.

782000

Unable to upgrade ADOM from v6.2 to v6.4 due to invalid value in CLI template.

788006 FortiManager consumes license count for the Admin Type VDOMs.
793085 Sub Type Filter on Event Log search does not show any results, even if logs are present.
795624 FortiManager does not let users copy the contents of the "View Progress Report".
799378 FortiManager's admins are not able to run FortiManager's CLI scripts/commands from remote stations.
806522 Application websocket crashes and makes FortiManager's GUI unresponsive.
811018 FortiManager does not support copying objects from the Policy Packages and pasting them to the search field.

811798

Policy Package status not updated on the GUI after a successful installation.

816936 FortiManager does not support the FGT/FGC 7KE/7KF syntax.

818513

FortiManager does not support the FortiProxy v7.2.

820071 Upgrading the FortiOS/FortiGate firmware version via FortiManager did not complete successfully.
820248 Cloning same ADOM multiple times fails with error "Unknown DVM error".
820578 The "svc authd" process is consuming 100% of CPU.
820921 FortiManager displays incorrect device firmware versions for FortiSandbox and FortiMail.
821940 Static Route cannot be created under the Device Manager when FortiManager works in Workflow mode.
822642 FortiManager JSON API Documentation does not provide an accurate definition for the 'pkg' variable under the "/pm/config/adom/{adom}/pkg/{pkg}/" path.
823547 In Advanced ADOM mode, it is not possible to create a new VDOM in a new ADOM via JSON API request.
823872 FortiManager lost its access to GUI, if a same IP makes more than 250 connections to https admin port.
824316 FortiManager displays an error when "adom-integrity" is performed.
826881 FortiManager attempts to apply some changes to voice, video and interface configurations.
829726 Already existing CLI Templates cannot be modified after the upgrade.
830881 ADOM upgrade fails due to the ID of the sdwan applications; they are larger than the initial defined values.
831453 FortiManager shows an error message when multiple FortiGates are selected to be upgraded to the new version.

831616

FortiManager cannot install policy package when using Provisioning Templates as tasks got stuck.

833162 FortiManager does not support the FortiProxy 7.0.6.
833623 Estimated Bandwidth for Upstream & Downstream under the interfaces and Upload & Download values under the SD-WAN Monitor's table-view are displayed differently.
835313 FortiManager displays many "duplicate license" messages for "copy AVDB to AVEN".
835748 FortiManager's GUI takes very noticeable time to load properly when navigating to Policy & Objects tab.
836489 Firmware Images under the FortiGuard for "All" or "Managed" devices display same list.
838949 Using the 'refresh' feature in the FortiExtender GUI does not refresh the stats of (RSSI, RSRP, etc.) of the associated devices.
839035 "Check License" under the FortiGuard's Licensing Status does not Keep the changes.
839586 FortiManager does not save applying the configuration of "Enable AntiVirus and IPS service for FortiDeceptor" under FortiGuard settings pane.
840068 Unable to export device stored FortiGuard signatures through tftp protocol.
840395 FortiManager does not support the FortiGate/FortiOS 6.4.11 Syntax.
841187 FortiManager does not support the FortiGate/FortiOS 7.0.8 Syntax.
841436 The execute fmpolicy copy-adom-object command does not support the device group feature.
845753 IPSec installation fails on Google Cloud Platform (GCP) ONDEMAND FortiGate.
850377 In Workflow Mode, when new session is created, the Policies disappear.
850467 Unprivileged Users might be able to disclose unauthorized information via API.
855840 'allowaccess' on interfaces completely removed on GCP ONDEMAND FortiGate.

857659

FortiManager did not download the "AI Malware Engine" Package from FortiGuard Server.

860817 In Workspace mode locking the ADOMs for cloning the ADOM objects is not required.

865200

Users encountered unsatisfactory performance of FortiManager due to several crashes on the "Application fmgd" process.

870893 Unable to install pp to FortiGates, after FortiManager's DB got restored.
874369 Upgrading FortiManager fails due to some invalid data for managed FortiExtender's Objects.
876425 FortiManager does not display the output of "execute dmserver showconfig".

Policy and Objects

Bug ID

Description

468776

FortiManager does not support FortiGate/FortiOS global scope (g-) objects.

585177 FortiManager is unable to create VIPv6 virtual server objects.
686150 FortiManager cannot import NSXT dynamic IP when VPN Objects are presented in NSXT Manager.
688586 Exporting Policy Package to "CSV" shows "certificate-inspection" in the "ssl-ssh-profile" column even when the profile is not in use.
698838 "Download Conflict File" does not display all of the firewall objects conflicts when importing policy packages from FortiGate to FortiManager.
703408 FortiManager does not display the interface type Geneve for interface mapping.
704354 "Blocked Certificates" and "Server certificate SNI check" features cannot be configured on SSL/SSH profile.
707481 Deleting DNS filter profile does not delete the associated Domain filter.
711202 FortiManager does not support managing SAML user objects from Policy and Objects.
716892 Exporting to "Excel/CSV" does not include the value for fields "Log & Last Modified By".
724011 FortiManager needs to support multiple server certificate list in ssl/ssh profile.
731961 When FortiManager is working in the workspace mode, the installation for those FortiManagers with larger DB may take longer time to be completed.
738988 FortiManager does not detect the settings related to Web Cache Communication Protocol (WCCP) in SSLVPN Policies on the FortiGate.
741269 Unable to install configuration to FortiGates due to the error message "Resource temporarily unavailable".
742293 FortiManager, via ADOM 6.0, is not able to install "set logtraffic all" to proxy-policy with action deny.
747340 FortiManager does not support variables for source IP field under the Advanced Options of the Fabric Connectors' Threat Feeds.
752993 VPN IPSEC installation fails as phase1 settings on FortiManager are not consistent with the ones on FortiOS.
762392 The rating lookups does not return the correct category for the URL when it ends with "/" character.
765487 Install Wizard for Policy Package with no changes displays "No record found." which is not a clear message.
783195 FortiManager changes the "cert-validation-timeout" value to block when installing to the FortiGates.
787195 FortiManager skips the zone interface policy without displaying copy fail error message.
793240 FortiManager fails to retrieve FortiGate's configuration when external-resource objects include a "g-" prefix.
805211 Installation failed due to the wrong fsw vlan type for the default nac and nac_segment vlans.
810073 Fail to import the firewall policy due to the "interface mapping undefined" error message.
811715 FSSO dynamic addresses were visible on two address groups.
812886 On FortiManager, an internet-service-custom objects without protocol number or port-range can be configured on firewall proxy-policy; however, FortiGate/FortiOS does not support this.
812909 FortiManager unsets the "bypass-watchdog" setting on FGT400E-Bypass.

814364

FortiManager does not support the FCT EMS prefix; therefore, policies with ZTNA Tags cannot be installed properly to the FortiGates.

814970 EMS Connector is not able to import Tags when Multi-Site enabled on EMS Server.
815281 SDN Dynamic Address object filter does not display the list properly.
815812 Installation failed because FortiManager tried removing the credentials for Amazon Web Services (AWS) type SDN Connector and enabling the "use-metadata-iam" feature.
816108 The "group-poll-interval" value for FSSO fabric connector cannot configured properly.
817220 FortiManager does not support the "userPrincipalName" as the common Name Identifier for LDAP Server configuration.

819847

FortiManager displays a false warning message "Duplicate Objects With Same Values" when creating the Firewall Objects' Service entries under Policy & Objects.

822843 FortiManager displays an error when using the access-proxy type VIP and normal VIP in firewall policies as they are both using the same external IP.

824770

FortiManager displays an error message when creating custom EMS Connector entries under the Fabric Connectors' Endpoint/Identity.

825411 Installation fails when an application group with category 32 (unknown applications) is configured on FortiManager, even though this category is accepted on the FortiGate.
825530 Explicit web proxy policy does not allow selecting any source address objects.
825873 FortiManager does not support FortiGate/FortiOS global scope (g-) objects.
826928 During the installation, FortiManager attempts to remove the physical ports which are members of the virtual-switch config.
826946 FortiManager does not show anything to install on FortiGates even though the Policy Package has been modified.
827242 For Policies under the Advanced Options, "custom-log-field" uses Names instead of IDs.
827815 Removing "FortiClient EMS" entries under the "Endpoint/Identity" of "Fabric Connectors" displays error messages.
830043 Creating the Custom IPv6 service where icmp code is not configured causes the Policy Package to get into a conflict state.
830502 FortiManager fails to create the CSV for Policy Package.
831225 Cloning a policy with VIP referencing SDWAN member causes subsequent installs to fail.
831273 FortiManager does not allow deleting the entries for "server-info" under the log "npu-server".
831407 NSX-T connector configuration does not display "VM16" and "VMUL" types.
831484 FortiManager was not able to connect to the "NSX-T Connector" and several "Application connector" failures have been observed.
832962 If Firmware Template status is "Unknown", FortiManager allows installing the Policy & Packages repeatedly to the FortiGates.
834102 Editing Fortinet Single Sign-On Agent entry under the Endpoint/Identity removes FSSO user groups from the Firewall Policy.
834401 Upgrading ADOMs do not complete if there are some empty values for "profile-type" and "utm-status".
834447 Objects are not visible in the 'Addresses' tab when per-device mapping feature is enabled.
834558 Installing tunnel interfaces which are created by ipsec template fails.
834806 Installation fails due to extra back slashes when installing the custom IPS signatures to the FortiGates.
835079 Detail of the "Firewall Security Policy" when running the Policy Package Diff does not display data for all fields.
836103 FortiManager pushes old internet-service-names "Facebook" instead of "Meta".
836783 FortiManager changes the "use-metadata-iam" value for the SDN connectors.
837555 Connector's Service Name, after FortiManager's upgrade, does not display the correct name.
838533 SASE zone cannot be removed from SDWAN Template.

838648

"Rename objects to import" inconsistency with "datasrc duplicate" error.

841492 FortiManager unsets the system HA settings after pushing an unsuccessful installation Policy Package to FortiGates.
843765 FortiManager does not display the proxy address members under the proxy address group.
844985 Per-device mapping is not supported for Virtual Server with "IP" type.
845638 "ztna-ems-tag"s created on FortiGates are not same as ZTNA Tags created on FortiManager; hence, the installed tags from FortiManager to FortiGates, used in firewall does not police the traffic properly.
847932 Hit count for a policy package does not always match the total count of all installation targets.
848666 "Install Device" task stuck without any progress when installing the templates and firewall policies to the FortiGates.
849470 When creating a new firewall policy via API Request the "global-label" option is skipped.
850204 Installing an AWS connector with Metadata IAM enabled displays an error message.
851331 Cloning Firewall Addresses under the Firewall Objects does not clone the "Add To Groups" entries.
853815 New created LDAP users are displayed based on the <CN> attributes and not the <sAMAccountName> attributes or User ID parameters.
853851 FortiManager displays all the FortiTokens for the FortiToken settings under the User Definition even though some of them are already assigned.
858183 After firmware's upgrade, virtual wire pair interfaces are missing in virtual wire pair interface policy.
859217 Rearranging the Destination NAT (DNAT) objects whose names contain special characters displays an error message: "object does not exist".

862727

Policy Package installation failed due to the error "native vlan must be set" message.

862839 Cloning the Policy Packages on FortiManager creates the duplicate UUIDs.
863882 'Last Modified Time' field is empty when exporting Policy Packages to Excel.
866826 Failed to modify Virtual Server addresses in Firewall Polices with Deny Action.
870688 Editing the "Install On" changes the Policy status to "Modified" for all FortiGates existing on that rule.

873006

Firewall Address entries cannot be modified and GUI displays an error message: "Objects already exists."

873896 Unable to remove "(null)" objects under "endpoint-control".

874188

Installation fails due to FortiManager's attempts to remove the "endpoint-control fctems" entries.

875980 FortiManager unsets EMS connector Serial Number and the tenant-id during the installation.

Revision History

Bug ID

Description

513317

FortiManager may fail to install policy after FortiGate failover on Azure.

722332 For AP Profile change, installation preview may show No Entry.
738376 Config revision diff check may highlight the differences in config even though both revisions are exactly the same.
809191 Configuration change of HA-logs setting is not reflected in the revision history.

Script

Bug ID

Description

795639 Any commands after the "set secret" command in the "switch-controller custom-command" configuration is displayed in a form of encrypted strings.
808398 "View script executing history" displays scripts related to other ADOMs.
817172 Running scripts to add static route has been failed due to the "duplicate of static route" error.
821778 Using scripts do not create the ssl-ssh-profile with certificate inspection mode; instead, it sets the value to deep-inspection mode.
829918 Scripts containing meta variables do not work after upgrade.

833285

Installation failed when executing multiple Jinja scripts.

Services

Bug ID Description
779997 When upgrading the multiple FortiGates at the same time from the "Firmware Upgrade" feature, it does not let users to click "OK".

783422

FortiManagers configured in closed network do not support keeping the multiple entitlement copies in FortiManager's Database.

820400

In closed network scenario, when FortiManager loses connection to Local FortiGuard, eventually, licenses become invalid.

827982 Downstream FortiManagers cannot get all the FDS/FGD packages from upstream FortiManagers in cascade mode network design.
837942 In cascade mode, FortiManager as local FortiGaurd Server does not download IPS signature for extended database.

System Settings

Bug ID Description

753204

Admins of a specific ADOM are able to see tasks of others ADOMs.

777153 FortiManager displays an error when setting up a "Remote Authentication Server" with "No Certificate" option.

801580

Fail to use the Online Help as it does not use the proxy config setting which has been set for FortiManager/FortiAnalyzer.

815728 FortiManager takes very long hours to rebuild the HA Cluster back to synchronization status.
822776 Query Distinguished Name does not display the LDAP users in FortiManager when Secure connection is enabled.
823898 FortiManager does not use all of the configured "ssl-cipher-suites" under its "system global" settings.
825078 New admins with ADOM only access cannot see the previously assigned header and footer policies on that ADOM.
829751 Installation tasks got stuck at 0% and failed to start any new installation tasks.
830242 FortiManager in Advanced Mode does not show the number of allowed VDOMs correctly.

833989

Cannot set/change the service access settings on the interfaces when the language is not set to English/French.

841782 In Workflow mode, admins are not able to click on the "Approve this request" received from the emails as it displays "Unable to complete action" or "Invalid adom name" error messages.
841931 When FortiManager works in Workspace Mode, users are able to disable "Per-Device Mapping" without locking the ADOMs.

843520

After firmware upgrade, FortiManager/FortiAnalyzer's HA Cluster is broken and Access to the Secondary fails.

848934

SNMPv3 does not work properly on FortiManager and FortiAnalyzer.

850469

Radius group attribute filter does not work with Microsoft NFS.

851029

FortiManager's HA cluster breaks after upgrading the FortiManager.

853353

SDWAN Monitor Map does not show up when admin profile has been set to "None" for System Settings.

862592 Upgrading FortiManager did not finish and GUI displays the "Temporarily Unavailable" message.
862814 Event logs did not log FortiManager admins and their actions on managed devices.
864041 SNMPv3 stopped working after upgrading the FortiManager.

864420

The presence of the default system admin information in the "sysconfdef" directory files may pose a potential security risk. Hence, it is advised to remove this potential security concern from these def files.

864931 Unable to login into FortiManager using TACACS and Radius credentials.

VPN Manager

Bug ID

Description

762401

FortiManager is unable to preserve the Specify custom IP ranges option for SSL VPN Address range setting.

831076

Static Route (Protected Subnet of the HUB) is not installed to Spoke during install with HUB and Spoke Dial-up VPN setup.

866248

Configuring a new mesh VPN using VPN Manager failed due to the extra character in the encryption method for Phase2.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

866168

FortiManager 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-25609

872711

FortiManager 7.2.2 is no longer vulnerable to the following CVE-Reference:

  • CVE-2023-22642

Resolved Issues

The following issues have been fixed in 7.2.2. To inquire about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description
661938 FortiManager displays an error when trying to edit and save managed APs.
819137 Installation failed if Distributed Automatic Radio Resource Provisioning (DARRP) is disabled on AP Profile.

822525

FortiManager does not take the per-device mapping authentication config for SSID under the WiFi Profiles.

824032

Some of the FAPs Radio configuration settings under the AP's profile are missing.

853345 The clients are connected to the Wireless Access Point, however, "clients" section under the diagnostics & tools of AP does not display any info.

861579

Unable to add the AP to the AP Manager due to the error "Parent object does not exist" message.

Device Manager

Bug ID Description
472443 FortiManager does not retrieve any of the profiles and addresses in the format of "g-XXX" from FortiGates when VDOMs are enabled.

657988

FortiManager may lose connection and fail to install after FortiGate HA switching roll.

723006 FortiManager does not support creating the "DHCP Reservation" under the "Network Monitors Widget".
738276 FortiManager's GUI does not display the "Routing Objects" under "Router".
745122 FortiManager unsets the ipv6 configuration during the installation to the FortiGate.
745586 Local firmware images are duplicated under the Device Manager.
748579 CLI configurations for SD WAN template is not working properly.

761066

FortiManager does not display the VLAN's protocols on GUI for FortiGates.

763036 Physical Interface Members are not displayed for the "Hardware Switch" type on FortiManager when FortiGates are added using Model Device method to the FortiManager.
773338 Unable to save the Virtual Router Redundancy Protocol (VRRP) settings for FortiGate's interfaces.
786264 Unable to delete default "wireless-controller" "vap" configuration from the device DB.
788923 SD-WAN template does not change the value of "service-sla-tie-break" for a SDWAN Zone.
789249 FortiManager does not have Logging Options after enabling One-Arm Sniffer under Interface.
789544 Status of the "Firmware Template" has been changed to "Unknown" after upgrade.
794764 FortiGate Modem Interface is not visible under Device Manager.
797404 After successfully running all the Assigned Templates to FortiGates, the status is displayed as Modified.
800191 During the ZTP deployment, "set hostname " command does not push to FortiGate.
801415 FortiManager adds quotations to IP addresses when configuring trusted hosts for "switch-controller snmp-community" under the GUI's CLI Configuration.
801547 When removing an entry in the static route template, static route entries are shifted and the installation fails.
804142 Creating the "EMACVLAN" type Interface on FortiManager displays an error: "VLAN ID is required".
804502 Installation fails due to pushing the previous password expiration date to FortiGates.
804523 After creating SDWAN, IPSec, BGP & CLI template, the installation failed.
807771 FortiManager unsets the gateway settings in SDWAN template after upgrading ADOM from v6.4 to v7.0.
810936 After Upgrade, managed FortiAnalyzer on FortiManager does not display the Traffic logs under the Log View for HA devices.
811067 When creating/editing a blueprint, the Firmware Enforcement value is different from the default Enforce Firmware Version value.
812213 Default factory setting on FortiGate does not match with its default factory setting on FortiManager's DB. This causes status conflict if FortiGate added to the FortiManager using the "Add Model Device" method.
815901 The router static entries created by IPSEC template are deleted and re-created after upgrade.
818905 FortiManager unsets the certificate for "endpoint-control fctems" setting during the installation.
819710 FortiManager does not display the VDOMs opmode correctly.
820436 FortiManager displays an error "Failed to update device management data.", when adding a model device based on ZTP approach.
821866 For FortiGates with FGSP (FortiGate Session Life Support Protocol) configuration, "ipsec-tunnel-sync" feature under the cluster-sync cannot be disabled.
823092 Not able to add multiple OU (Organization Unit) fields in the Certificate Templates.
823281 Changing Time/Schedule for scripts under the Device Manager makes the "OK" button grayed out.
824318 The Description column for interfaces displays wrong info (Up or Down).
826141 VLan interface cannot be created and mapped to a hardware switch interface on the FortiManager.
828122 "Device Detection" gets enabled by FortiManager during the installation.
828897 SD-WAN Monitor map doesn't load all devices.
829240 "Import CLI Script" feature is part of the "More" button entries under the Device Manager's Scripts.
829404 SD-WAN Widget does not display any data for "Bandwidth Overview" and "Traffic Growth" under the Managed Devices' dashboard.
830085 FortiManager's GUI does not display the "Replacement Messages" Under System for its Managed Devices after visualizing it via "Feature Visibility".
830727 FortiManager-DOCKER platform does not support adding the FortiAnalyzer-DOCKER device.
831290 Failed to delete template group with "/" in their names.
831733 Unable to create any new entries for any of the sub tables of the BGP Router like Neighbors, Neighbor Groups, and etc. due to "datasrc invalid." error message.
831874 FortiManager's GUI keeps refreshing when clicking on the devices under the Managed Devices.
832321 Configuration changes on the AP/Switch/Extender settings do not apply on the device DB when these changes are created from the system template.
832599 When installing the "config system snmp community" settings to FortiGates, some of the entries are deleted.
832753 FortiManager does not install configurations from CLI Template group to FortiGates.
834947 "Resource-limits" proxy default value is missing under the Device Manager's CLI Configurations.
835106 FortiManager cannot sync its devices with FortiAnalyzer when adding it to the Device Manager; it displays the error message "Serial number already in use".
835451 Editing SD-WAN/IPSec template with no actual changes removes all assigned devices.

836933

Changes on the External-Resource settings from ADOMs for specific VDOMs/FortiGates alter the External-Resource settings for other ADOMs and VDOMs.

838285 The DHCP server config under the FortiGate's interfaces does not work properly; it shows the DHCP status as OFF and once fixed creates another identical entry under the DHCP Server.
838334 Unable to modify, install, or add members to Zone under the System Template.
839243 "Assigned to Device/Group" under the "System Templates" does not keep its config after FortiManager's upgrade.
839334 FortiManager does not allow empty value for Interface Preference as SD-WAN Rules under the SD-WAN Templates.
842923 Auto-update fails to sync FortiManager's device DB when interfaces are modified directly in the root VDOM of the FortiGates.
844979 Multiple issues under log settings for upload-time, FortiAnalyzer Cloud store-and-upload have been observed.
845552 FortiManager's GUI freezes after clicking "Upgrade Preview" and "Upgrade History" under Device Manager > Firmware Templates.
845656 When BGP is enabled and no IP address is defined for set-ip-nexthop under the route-map config, FortiManager tries to set the IP to 0.0.0.0, and this may break the BGP network.
847631 Failed to reload the FortiGate's configuration.
848485 "Enable FortiGuard DDNS" feature, under the DNS settings of each managed devices, cannot be unset.

850471

FortiManager is attempting to modify replacement messages after upgrade, which leads to installation failure.

850941 "Upgrade Now" page under the Firmware Templates does not show up when multiple devices are selected.
853061 Installation fails as FortiManager attempts configuring "allowas-in6" on neighbor when configuring router bgp via BGP template.
853810 Failed to edit the managed devices to modify the location.
854401 Unable to access to the FortiGates via SSH and GUI Console Widget once the FIPS mode is enabled from FortiManager.
855032 FortiManager displays the total devices/VDOMs count wrongly when split VDOM enabled on FortiGates.
855425 System Template and CLI Template config did not install to all model device FortiGates.
857039 After modifying the SSH Administrative Access for FortiGate's interface on Device Manager, FortiManager attempts to install the PPPOE's password again to the FortiGate.
858591 Editing the interfaces for any of the managed devices displays an error message.
859249 After upgrade, Firmware Templates under the Device Manager is blank. Even new entries cannot be created.

859638

860071

FortiManager's SD-WAN monitor does not display the Health Check status correctly.
860208 FortiManager's GUI does not save the http port number when configuring the "Explicit Web Proxy" under the Device Manager.
861220 Leaving the SD-WAN member empty when configuring the SD-WAN using the template fails due to the syntax differences between FortiGate and FortiManager.
861238 SD-WAN Monitor, under Device Manager's Monitors, displays an Unknown status icon (a grey question mark) for HA devices under the Map View.
863062 Modifying the SDWAN Overlay Template removes the corresponding BGP template network config.
863417 Proper IP configuration did not apply to FortiGates when provisioned via ZTP.

864588

Firmware Template under the Device Manager does not work properly. It might display "No Device".

865583 "replacemsg-override-group" under the system's interface of managed devices is blank.
866243 The SD-WAN Monitor info for specific devices are not consistent with the map view SD-WAN interface status (based on performance SLA).
866920 System switch-interface member (internal) can not be used and provisioning template CLI scripts execute out of order.
870848 SD-WAN Monitor under Device Manager > Monitors does not display any FortiGate devices which are running in 6.2 version.

872865

FortiManager attempts to set a default value like "system cluster-sync" on FortiGate, and this causes installation failure.

874811 FortiManager tries to set the "set-ip-nexthop" to "0.0.0.0" during the installation.
874831 FortiManager attempts to install unknown and undesired static route when modifying or adding some new static routes.

FortiSwitch Manager

Bug ID

Description

818842

FortiManager displays "Failed loading data" for "Security Policy", "LLDP Profile", and "QoS Policy" features when editing ports in per-device mode FortiSwitch Management.

820167 Refreshing the FortiSwitch changes the status to Unknown.
820182 Using the Export to Excel feature for managed switches in FortiSwitch Manager exports a corrupted file.
829700 FortiManager shows errors while installing FortiSwitch configuration.
830099 FortiSwitch Manager displays the "Missing Switch ID or Platform Info" error.
833262 FortiSwitch Manager does not display the list of firmware images for the FSW 108F-FPOE model.

847846

FortiSwitch Manager does not display the correct switches and switchport status info.

868949

Installation fails as FortiSwitch Manager creates an alias name longer than the total limit 25 characters.

Global ADOM

Bug ID

Description

789164

Unable to delete the web rating override entries from ADOM Global Database.

835172 Global ADOM Assignment fails when assigning some profile groups.
835439 Global Policy assignment is not completed successfully due to some missing objects on Global ADOM.
838174 FortiManager does not provide a clear error message when Global IPS Header/Footer profile assignment fails.
842934 Global address group cannot be modified from FortiManager GUI.
847533 Unassigned Policy Package cannot be removed from Global ADOM.

868212

Assigning global policies to ADOMs by admins with access to specific ADOMs fails.

Others

Bug ID

Description

671471 In ADOM backup mode, when address objects are modified on FortiGates, modified objects are not imported into FortiManager.
707911 FortiManager should be able to assign VLAN interface to FortiExtender.

711100

FortiManager does not handle RMA and replaced FortiGates efficiently when ZTP has been used.

739219 FortiManager's timeout parameters cannot be set by users as it is hardcoded.
742819 Promote to global feature should not be possible since GLOBAL ADOM are not accessible in FortiManager Cloud.
745958 Unable to config ipsec tunnel using the ipsec tunnel template.
746516 Preferred Version cannot be saved for Managed Devices under the Firmware Images of FortiGuard Pane.
750242 FortiManager's DB in HA clusters are not properly synced together.
757524 FortiManager displays many "duplicate license for [FortiGate device's SN Number] copy AVDB to AVEN" error messages.
777028 FortiManager does not support the FortiCarrier-7121F.

782000

Unable to upgrade ADOM from v6.2 to v6.4 due to invalid value in CLI template.

788006 FortiManager consumes license count for the Admin Type VDOMs.
793085 Sub Type Filter on Event Log search does not show any results, even if logs are present.
795624 FortiManager does not let users copy the contents of the "View Progress Report".
799378 FortiManager's admins are not able to run FortiManager's CLI scripts/commands from remote stations.
806522 Application websocket crashes and makes FortiManager's GUI unresponsive.
811018 FortiManager does not support copying objects from the Policy Packages and pasting them to the search field.

811798

Policy Package status not updated on the GUI after a successful installation.

816936 FortiManager does not support the FGT/FGC 7KE/7KF syntax.

818513

FortiManager does not support the FortiProxy v7.2.

820071 Upgrading the FortiOS/FortiGate firmware version via FortiManager did not complete successfully.
820248 Cloning same ADOM multiple times fails with error "Unknown DVM error".
820578 The "svc authd" process is consuming 100% of CPU.
820921 FortiManager displays incorrect device firmware versions for FortiSandbox and FortiMail.
821940 Static Route cannot be created under the Device Manager when FortiManager works in Workflow mode.
822642 FortiManager JSON API Documentation does not provide an accurate definition for the 'pkg' variable under the "/pm/config/adom/{adom}/pkg/{pkg}/" path.
823547 In Advanced ADOM mode, it is not possible to create a new VDOM in a new ADOM via JSON API request.
823872 FortiManager lost its access to GUI, if a same IP makes more than 250 connections to https admin port.
824316 FortiManager displays an error when "adom-integrity" is performed.
826881 FortiManager attempts to apply some changes to voice, video and interface configurations.
829726 Already existing CLI Templates cannot be modified after the upgrade.
830881 ADOM upgrade fails due to the ID of the sdwan applications; they are larger than the initial defined values.
831453 FortiManager shows an error message when multiple FortiGates are selected to be upgraded to the new version.

831616

FortiManager cannot install policy package when using Provisioning Templates as tasks got stuck.

833162 FortiManager does not support the FortiProxy 7.0.6.
833623 Estimated Bandwidth for Upstream & Downstream under the interfaces and Upload & Download values under the SD-WAN Monitor's table-view are displayed differently.
835313 FortiManager displays many "duplicate license" messages for "copy AVDB to AVEN".
835748 FortiManager's GUI takes very noticeable time to load properly when navigating to Policy & Objects tab.
836489 Firmware Images under the FortiGuard for "All" or "Managed" devices display same list.
838949 Using the 'refresh' feature in the FortiExtender GUI does not refresh the stats of (RSSI, RSRP, etc.) of the associated devices.
839035 "Check License" under the FortiGuard's Licensing Status does not Keep the changes.
839586 FortiManager does not save applying the configuration of "Enable AntiVirus and IPS service for FortiDeceptor" under FortiGuard settings pane.
840068 Unable to export device stored FortiGuard signatures through tftp protocol.
840395 FortiManager does not support the FortiGate/FortiOS 6.4.11 Syntax.
841187 FortiManager does not support the FortiGate/FortiOS 7.0.8 Syntax.
841436 The execute fmpolicy copy-adom-object command does not support the device group feature.
845753 IPSec installation fails on Google Cloud Platform (GCP) ONDEMAND FortiGate.
850377 In Workflow Mode, when new session is created, the Policies disappear.
850467 Unprivileged Users might be able to disclose unauthorized information via API.
855840 'allowaccess' on interfaces completely removed on GCP ONDEMAND FortiGate.

857659

FortiManager did not download the "AI Malware Engine" Package from FortiGuard Server.

860817 In Workspace mode locking the ADOMs for cloning the ADOM objects is not required.

865200

Users encountered unsatisfactory performance of FortiManager due to several crashes on the "Application fmgd" process.

870893 Unable to install pp to FortiGates, after FortiManager's DB got restored.
874369 Upgrading FortiManager fails due to some invalid data for managed FortiExtender's Objects.
876425 FortiManager does not display the output of "execute dmserver showconfig".

Policy and Objects

Bug ID

Description

468776

FortiManager does not support FortiGate/FortiOS global scope (g-) objects.

585177 FortiManager is unable to create VIPv6 virtual server objects.
686150 FortiManager cannot import NSXT dynamic IP when VPN Objects are presented in NSXT Manager.
688586 Exporting Policy Package to "CSV" shows "certificate-inspection" in the "ssl-ssh-profile" column even when the profile is not in use.
698838 "Download Conflict File" does not display all of the firewall objects conflicts when importing policy packages from FortiGate to FortiManager.
703408 FortiManager does not display the interface type Geneve for interface mapping.
704354 "Blocked Certificates" and "Server certificate SNI check" features cannot be configured on SSL/SSH profile.
707481 Deleting DNS filter profile does not delete the associated Domain filter.
711202 FortiManager does not support managing SAML user objects from Policy and Objects.
716892 Exporting to "Excel/CSV" does not include the value for fields "Log & Last Modified By".
724011 FortiManager needs to support multiple server certificate list in ssl/ssh profile.
731961 When FortiManager is working in the workspace mode, the installation for those FortiManagers with larger DB may take longer time to be completed.
738988 FortiManager does not detect the settings related to Web Cache Communication Protocol (WCCP) in SSLVPN Policies on the FortiGate.
741269 Unable to install configuration to FortiGates due to the error message "Resource temporarily unavailable".
742293 FortiManager, via ADOM 6.0, is not able to install "set logtraffic all" to proxy-policy with action deny.
747340 FortiManager does not support variables for source IP field under the Advanced Options of the Fabric Connectors' Threat Feeds.
752993 VPN IPSEC installation fails as phase1 settings on FortiManager are not consistent with the ones on FortiOS.
762392 The rating lookups does not return the correct category for the URL when it ends with "/" character.
765487 Install Wizard for Policy Package with no changes displays "No record found." which is not a clear message.
783195 FortiManager changes the "cert-validation-timeout" value to block when installing to the FortiGates.
787195 FortiManager skips the zone interface policy without displaying copy fail error message.
793240 FortiManager fails to retrieve FortiGate's configuration when external-resource objects include a "g-" prefix.
805211 Installation failed due to the wrong fsw vlan type for the default nac and nac_segment vlans.
810073 Fail to import the firewall policy due to the "interface mapping undefined" error message.
811715 FSSO dynamic addresses were visible on two address groups.
812886 On FortiManager, an internet-service-custom objects without protocol number or port-range can be configured on firewall proxy-policy; however, FortiGate/FortiOS does not support this.
812909 FortiManager unsets the "bypass-watchdog" setting on FGT400E-Bypass.

814364

FortiManager does not support the FCT EMS prefix; therefore, policies with ZTNA Tags cannot be installed properly to the FortiGates.

814970 EMS Connector is not able to import Tags when Multi-Site enabled on EMS Server.
815281 SDN Dynamic Address object filter does not display the list properly.
815812 Installation failed because FortiManager tried removing the credentials for Amazon Web Services (AWS) type SDN Connector and enabling the "use-metadata-iam" feature.
816108 The "group-poll-interval" value for FSSO fabric connector cannot configured properly.
817220 FortiManager does not support the "userPrincipalName" as the common Name Identifier for LDAP Server configuration.

819847

FortiManager displays a false warning message "Duplicate Objects With Same Values" when creating the Firewall Objects' Service entries under Policy & Objects.

822843 FortiManager displays an error when using the access-proxy type VIP and normal VIP in firewall policies as they are both using the same external IP.

824770

FortiManager displays an error message when creating custom EMS Connector entries under the Fabric Connectors' Endpoint/Identity.

825411 Installation fails when an application group with category 32 (unknown applications) is configured on FortiManager, even though this category is accepted on the FortiGate.
825530 Explicit web proxy policy does not allow selecting any source address objects.
825873 FortiManager does not support FortiGate/FortiOS global scope (g-) objects.
826928 During the installation, FortiManager attempts to remove the physical ports which are members of the virtual-switch config.
826946 FortiManager does not show anything to install on FortiGates even though the Policy Package has been modified.
827242 For Policies under the Advanced Options, "custom-log-field" uses Names instead of IDs.
827815 Removing "FortiClient EMS" entries under the "Endpoint/Identity" of "Fabric Connectors" displays error messages.
830043 Creating the Custom IPv6 service where icmp code is not configured causes the Policy Package to get into a conflict state.
830502 FortiManager fails to create the CSV for Policy Package.
831225 Cloning a policy with VIP referencing SDWAN member causes subsequent installs to fail.
831273 FortiManager does not allow deleting the entries for "server-info" under the log "npu-server".
831407 NSX-T connector configuration does not display "VM16" and "VMUL" types.
831484 FortiManager was not able to connect to the "NSX-T Connector" and several "Application connector" failures have been observed.
832962 If Firmware Template status is "Unknown", FortiManager allows installing the Policy & Packages repeatedly to the FortiGates.
834102 Editing Fortinet Single Sign-On Agent entry under the Endpoint/Identity removes FSSO user groups from the Firewall Policy.
834401 Upgrading ADOMs do not complete if there are some empty values for "profile-type" and "utm-status".
834447 Objects are not visible in the 'Addresses' tab when per-device mapping feature is enabled.
834558 Installing tunnel interfaces which are created by ipsec template fails.
834806 Installation fails due to extra back slashes when installing the custom IPS signatures to the FortiGates.
835079 Detail of the "Firewall Security Policy" when running the Policy Package Diff does not display data for all fields.
836103 FortiManager pushes old internet-service-names "Facebook" instead of "Meta".
836783 FortiManager changes the "use-metadata-iam" value for the SDN connectors.
837555 Connector's Service Name, after FortiManager's upgrade, does not display the correct name.
838533 SASE zone cannot be removed from SDWAN Template.

838648

"Rename objects to import" inconsistency with "datasrc duplicate" error.

841492 FortiManager unsets the system HA settings after pushing an unsuccessful installation Policy Package to FortiGates.
843765 FortiManager does not display the proxy address members under the proxy address group.
844985 Per-device mapping is not supported for Virtual Server with "IP" type.
845638 "ztna-ems-tag"s created on FortiGates are not same as ZTNA Tags created on FortiManager; hence, the installed tags from FortiManager to FortiGates, used in firewall does not police the traffic properly.
847932 Hit count for a policy package does not always match the total count of all installation targets.
848666 "Install Device" task stuck without any progress when installing the templates and firewall policies to the FortiGates.
849470 When creating a new firewall policy via API Request the "global-label" option is skipped.
850204 Installing an AWS connector with Metadata IAM enabled displays an error message.
851331 Cloning Firewall Addresses under the Firewall Objects does not clone the "Add To Groups" entries.
853815 New created LDAP users are displayed based on the <CN> attributes and not the <sAMAccountName> attributes or User ID parameters.
853851 FortiManager displays all the FortiTokens for the FortiToken settings under the User Definition even though some of them are already assigned.
858183 After firmware's upgrade, virtual wire pair interfaces are missing in virtual wire pair interface policy.
859217 Rearranging the Destination NAT (DNAT) objects whose names contain special characters displays an error message: "object does not exist".

862727

Policy Package installation failed due to the error "native vlan must be set" message.

862839 Cloning the Policy Packages on FortiManager creates the duplicate UUIDs.
863882 'Last Modified Time' field is empty when exporting Policy Packages to Excel.
866826 Failed to modify Virtual Server addresses in Firewall Polices with Deny Action.
870688 Editing the "Install On" changes the Policy status to "Modified" for all FortiGates existing on that rule.

873006

Firewall Address entries cannot be modified and GUI displays an error message: "Objects already exists."

873896 Unable to remove "(null)" objects under "endpoint-control".

874188

Installation fails due to FortiManager's attempts to remove the "endpoint-control fctems" entries.

875980 FortiManager unsets EMS connector Serial Number and the tenant-id during the installation.

Revision History

Bug ID

Description

513317

FortiManager may fail to install policy after FortiGate failover on Azure.

722332 For AP Profile change, installation preview may show No Entry.
738376 Config revision diff check may highlight the differences in config even though both revisions are exactly the same.
809191 Configuration change of HA-logs setting is not reflected in the revision history.

Script

Bug ID

Description

795639 Any commands after the "set secret" command in the "switch-controller custom-command" configuration is displayed in a form of encrypted strings.
808398 "View script executing history" displays scripts related to other ADOMs.
817172 Running scripts to add static route has been failed due to the "duplicate of static route" error.
821778 Using scripts do not create the ssl-ssh-profile with certificate inspection mode; instead, it sets the value to deep-inspection mode.
829918 Scripts containing meta variables do not work after upgrade.

833285

Installation failed when executing multiple Jinja scripts.

Services

Bug ID Description
779997 When upgrading the multiple FortiGates at the same time from the "Firmware Upgrade" feature, it does not let users to click "OK".

783422

FortiManagers configured in closed network do not support keeping the multiple entitlement copies in FortiManager's Database.

820400

In closed network scenario, when FortiManager loses connection to Local FortiGuard, eventually, licenses become invalid.

827982 Downstream FortiManagers cannot get all the FDS/FGD packages from upstream FortiManagers in cascade mode network design.
837942 In cascade mode, FortiManager as local FortiGaurd Server does not download IPS signature for extended database.

System Settings

Bug ID Description

753204

Admins of a specific ADOM are able to see tasks of others ADOMs.

777153 FortiManager displays an error when setting up a "Remote Authentication Server" with "No Certificate" option.

801580

Fail to use the Online Help as it does not use the proxy config setting which has been set for FortiManager/FortiAnalyzer.

815728 FortiManager takes very long hours to rebuild the HA Cluster back to synchronization status.
822776 Query Distinguished Name does not display the LDAP users in FortiManager when Secure connection is enabled.
823898 FortiManager does not use all of the configured "ssl-cipher-suites" under its "system global" settings.
825078 New admins with ADOM only access cannot see the previously assigned header and footer policies on that ADOM.
829751 Installation tasks got stuck at 0% and failed to start any new installation tasks.
830242 FortiManager in Advanced Mode does not show the number of allowed VDOMs correctly.

833989

Cannot set/change the service access settings on the interfaces when the language is not set to English/French.

841782 In Workflow mode, admins are not able to click on the "Approve this request" received from the emails as it displays "Unable to complete action" or "Invalid adom name" error messages.
841931 When FortiManager works in Workspace Mode, users are able to disable "Per-Device Mapping" without locking the ADOMs.

843520

After firmware upgrade, FortiManager/FortiAnalyzer's HA Cluster is broken and Access to the Secondary fails.

848934

SNMPv3 does not work properly on FortiManager and FortiAnalyzer.

850469

Radius group attribute filter does not work with Microsoft NFS.

851029

FortiManager's HA cluster breaks after upgrading the FortiManager.

853353

SDWAN Monitor Map does not show up when admin profile has been set to "None" for System Settings.

862592 Upgrading FortiManager did not finish and GUI displays the "Temporarily Unavailable" message.
862814 Event logs did not log FortiManager admins and their actions on managed devices.
864041 SNMPv3 stopped working after upgrading the FortiManager.

864420

The presence of the default system admin information in the "sysconfdef" directory files may pose a potential security risk. Hence, it is advised to remove this potential security concern from these def files.

864931 Unable to login into FortiManager using TACACS and Radius credentials.

VPN Manager

Bug ID

Description

762401

FortiManager is unable to preserve the Specify custom IP ranges option for SSL VPN Address range setting.

831076

Static Route (Protected Subnet of the HUB) is not installed to Spoke during install with HUB and Spoke Dial-up VPN setup.

866248

Configuring a new mesh VPN using VPN Manager failed due to the extra character in the encryption method for Phase2.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

866168

FortiManager 7.2.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-25609

872711

FortiManager 7.2.2 is no longer vulnerable to the following CVE-Reference:

  • CVE-2023-22642