Resolved Issues
The following issues have been fixed in 7.2.3. To inquire about a particular bug, please contact Customer Service & Support.
AP Manager
| Bug ID | Description |
|---|---|
| 781561 | User may not be able to access AP Manager with custom read only admin profile. |
| 861941 | FortiManager attempts to install
"arrp-profile" even if "darrp" is disabled. |
|
871334 |
Installation to FortiGate with NP7 Acceleration feature enabled might fail when FortiManager attempted to modify the QoS settings. Changing the " |
| 881548 | Unable to install successfully when creating a SSID using its default value. |
| 889811 | Under WIFI and switch controller for Managed FortiAPs, there is not any LLDP info found. |
|
910182 |
AP Manager doesn't load if admin profile permission is Read-Only. |
Device Manager
| Bug ID | Description |
|---|---|
| 777693 | Provisioning templates change meta data's values. |
| 801886 | FortiManager does not assign the correct VDOM name when configuring a new inter-vdom link interface. |
| 803425 | Installation failed due to the
some of the "os-check-list" items, which are not supported by the
FortiGates anymore. |
| 817346 | Editing interface with normalized interface mapping displays some unnecessary messages for mapping change. |
| 831874 | FortiManager's GUI keeps refreshing when clicking on the devices under the Managed Devices. |
| 836933 | Changes on the External-Resource settings from ADOMs for specific VDOMs/FortiGates alter the External-Resource settings for other ADOMs and VDOMs. |
| 837213 |
Browser may crash when clicking "view diff" to compare with current device config. This might happen due to the network slowness. |
| 838462 | Adding device using "Add Model HA Cluster" feature failed as FortiManager does not allow "virtual switch interfaces" being used as "heartbeat interfaces". |
| 839334 | FortiManager does not allow empty value for "Interface Preference" as SD-WAN Rules under the SD-WAN Templates. |
| 876040 | Status of Certificates is displayed as "pending" under the System's Certificates. |
| 879833 | Adding a model device with variable to FortiManager displays an error message: "a[i].replace is not a function". |
| 881148 |
SAML user - retrieve/refresh/install and device authorization fail from GUI post upgrade. |
| 881308 | The default value of the
"router.static.vrf" leads to installation failure when attempting
to install blackhole routes to FortiGates. |
| 885454 | After upgrading FortiManager, certificates for FGT 1100E's are missing from the Device Manager. |
|
886917 888930 |
FortiManager's ipsec templates remove the sdwan member and bgp neighbor attached to an ipsec interface. This causes the sdwan member to be removed even when it's used. |
|
887903 |
System template interface table gets purged when trying to create VLAN type with name length greater than 15. |
| 888658 | Editing DHCP Settings of a FortiGate interface displays the following error message: "You have no permission to access this device/vdom". |
| 891216 | Unable to edit/save interface with DHCP relay enabled. |
| 891341 | Installation fails due to the Copy failure error; system template created with some empty string values which are assigned to devices. |
| 891967 | When management VDOM is non-root and has been assigned to a different ADOM, FortiManager displays the error; "Can not access device global setting if management VDOM is not in current ADOM". |
| 893592 | Exporting the Device List to CSV and Excel file doesn't include the FortiAPs and FortiSwitches info. |
| 896998 | Unable to get access to the Certificates via Device Manager > DEVICE_NAME > VDOM_NAME > System. |
| 897863 | After deselecting the
'allow-dns' feature under the application control list, the changes cannot be
saved. |
|
898814 |
FortiManager keeps changing the |
| 899903 | FortiManager GUI does not list all NTP interfaces. |
|
909867 |
FortiManager attempts to configure unsupported syntax for " |
| 912833 | Adding FortiGates with Open Authentication (OAuth) Method, Fortinet Security Fabric dialog box does not display the FortiManager's related info. |
FortiSwitch Manager
|
Bug ID |
Description |
|---|---|
| 872802 | FortiManager automatically
sets "default" as dnsfilter-profile under dns-server for fortilink
interface. |
| 890205 | Selecting multiple ports to "Edit" is not possible as it is greyed out. |
Global ADOM
|
Bug ID |
Description |
|---|---|
|
826522 |
Unable to remove global object from Global Database in workspace mode. |
|
870944 |
Global Policy Assignment displays the following error: "Double global assignment exists". |
| 906058 | Firewall address cannot be deleted from Global ADOM; it displays an error message indicating that the object is being used in ADOM root. |
Others
|
Bug ID |
Description |
|---|---|
| 713714 |
The schedule for firmware upgrade for FortiGates does not work if the upgrade request is issued from the CLI; instead, firmware upgrade starts immediately. |
| 788006 | FortiManager consumes license count for the Admin Type VDOMs. |
| 802922 | The application
"newcli" process crashes when the "diagnose cdb upgrade check
+all" command runs. |
| 804987 | License Status, under the FortiGuard tile, does not display the unregistered FortiGates license. |
| 814425 | Sorting FortiExtenders by Network, RSSI, RSRP, RSRQ, and SINR does not work properly. |
| 829046 | After the upgrade, some of the metadata variables are missing. |
| 832351 | FortiManager does not allow users to enter to the "root" ADOM; it displays the "ADOM license was expired..." message. |
| 838638 | FortiGates are upgraded successfully via FortiManager's Group Firmware upgrade feature; however, the task monitor displays "Image upgrade failed" for some of the FortiGates. |
| 851586 | FortiManager displays "invalid
scope" errors when running the "diagnose cdb check
policy-packages" command. |
| 869955 | BGP Template route map option does not support Meta Variables. |
| 871608 | Unable to retrieve routing information from FortiGate via FortiManager when there is a large routing table. |
|
873110 |
FortiManager displays "expired" instead of "not licensed" for non-purchased FortiGuard services. |
| 875006 | When clicking on the warning message, which indicates critical security vulnerabilities, a list of all types of security vulnerabilities is displayed. |
| 883548 | FMG/FAZ is forcing its users to upgrade the Firmware version upon login. |
|
889917 |
During the upgrade process, a non-critical error message, "Duplicate root nodes found in ADOM." has been observed. This error is harmless and does not impact the functionality of the FortiManager/FortiAnalyzer. |
| 891869 | FortiManager wrongly recommends lower version for upgrade the FortiGates. |
| 895081 | Some FortiGates were unable to be upgraded from FortiManager due to firmware ID discrepancies between FortiManager and FortiGuard. |
| 899570 | Unable to add the "FortiGateRugged-60F" FGT to the FortiManager. |
| 899750 | ADOM upgrade makes the Policy Packages status modified. |
| 906533 | Group options, when creating/editing the workflow approval group, displays wrong info. |
|
919088 |
GUI may not work properly in Google Chrome and Microsoft Edge version 114. |
Policy and Objects
|
Bug ID |
Description |
|---|---|
| 656991 | FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address. |
| 739489 |
It's not possible to enable NAT with Outgoing Interface Address by directly right-clicking on the NAT section of a firewall policy. |
| 774058 | Rule list order may not be saved under File Filter Profile. |
| 777017 | FortiManager purges the
"arrp-profile" when installing the v6.2 policy packages to v6.4 FortiGates. |
| 798955 | Traffic shaping policy changes does not trigger any changes/updates on the Policy Packages status. |
| 803460 | "User Definitions" entries under the "User & Authentication" cannot be removed from FortiManager. |
|
804160 |
FortiManager does not remove "Radius Server" on the FortiGate when it becomes unused. |
| 806378 | Searching policies on FortiManager does not work properly. |
| 814468 | FortiManager purges 'gcp-project-list'
and unsets several values from GCP sdn-connector. |
| 821114 | EMS ZTNA Tags in FortiManager and FortiGate are using different naming convention; therefore, installing the policies with those tags to FortiGates do not work. |
| 824652 | Under the "Advanced
Options" for firewall policy, "session-ttl" feature cannot be
set to "never". |
| 827416 | FortiManager does not display any copy failure errors when utilized objects do not have any default values or per-device mapping. |
| 846634 | GUI does not allow to edit the custom Application and Filter Overrides |
| 853347 | ZTNA tags name/format from EMS/FGTs don't match with the ones from FortiManager's DB. |
|
862014 880359 |
FortiManager is purging 'replacement message group custom' configuration after install verification fails. |
| 866724 | Copy Failed errorhas been observed with the error message, "Virtual server limit reached!"; this limit is 50 for FGT AWS ONDEMAND. |
| 866826 | Failed to modify Virtual Server addresses in Firewall Polices with Deny Action. |
| 867809 | During installation, FortiManager unsets status for the proxy policies. |
| 870800 | Even though each interface is mapped to be used in specific vdoms, the already mapped interface still can be selected for other VDOMs. |
| 873006 | Firewall Address entries cannot be modified and GUI displays an error message, "Objects already exists." |
| 877477 | Domain Name Threat Feeds are not available in DNS Filter > Remote Categories. |
| 880431 | Unable to define Exempt IP in IPS Sensor. |
| 880575 | When using the "reinstall policy" option to install to devices with different policy packages, the corresponding event log shows the same policy package pushed to all devices. |
| 881634 | When multiple VDOMs are selected for installation using the Re-install Policy feature, FortiManager only applies "re-install policy" for one VDOM from each devices. |
| 881857 | Multiple security console Application crashes have been observed during the Policy Package installation when static router template and router static entry in device db are used. |
| 882477 | Error Message, "Object already exists", is displayed when editing per device mapping for Address Group. |
| 882996 | Unable to install to FortiGates when
using null values for "local-gw6" and "remote-gw6". |
| 883527 | Install Preview does not display any info during the installation when using device groups in PP Installation Targets. |
| 884275 | Not able to move policy blocks properly. |
| 885827 | FortiManager does not save and keep the selected "collapse all" mode for the policy package. |
| 885992 | Duplicate section names are created for policy package when View Mode interface pair View is selected. |
| 886370 | FortiManager doesn't sort by interface per view results correctly; the results are not displayed in alphabetical order. |
| 886906 | When scrolling the policy page down/up, the policy page appeared to be blank. |
| 887278 | Installation failed due to the
limit on max entry for "endpoint-control fctems". |
|
888483 |
The "automation email" under the "Replacement Message Group" is blank. |
| 889068 | Unable to push policies when VDOMs are in different ADOMs. |
| 889563 |
FortiManager, for ADOM version 6.4, does not support Creating, Importing, and Inserting Above or Below actions for a deny policy with a "Log Violation Traffic" disabled. |
| 891832 | The install preview for policy package being used by multiple FortiGates is taking some time to load. |
| 891996 | "Find and Replace" feature does not display the entries correctly and it does not allow any changes. |
| 892293 | Unable to Import Virtual Servers/VIPs in Central DNAT Mode. |
| 894052 | Unable to remove per-device mapping entry via GUI in dynamic address groups. |
| 895979 | FortiManager attempts setting the Zone as the interface for firewall policy, during the installation. |
|
896491 |
Installation fails with unclear error message, "vdom copy failed". |
| 899339 | FortiManager does not seek for confirmation when deleting an object from firewall policy. |
| 911146 | Under the Policy & Objects, GUI does not display the Address Object list. |
| 911632 | When retrieving the configuration from the FortiGate, the FortiManager shows the new cert; however, those can't be assigned to the FCT EMS connector. |
| 912732 | The installation fails when the IPS signature contains CVE references. |
Revision History
|
Bug ID |
Description |
|---|---|
| 672609 | After import, FortiManager may prompt password error on administrator during install. |
Script
|
Bug ID |
Description |
|---|---|
| 876917 | "Capture Diff to a Script" does not work properly. It does not display the changes. |
System Settings
| Bug ID | Description |
|---|---|
| 873078 | FortiManagers HA cannot be configured as the initial sync never completes. |
| 884168 | FortiManager suggests wrong versions to upgrade FortiGates in order to resolve the PSIRT Vulnerability. |
| 884396 | The firmware upgrade notification on the FMG and FAZ keeps appearing continuously after each login. |
|
884848 |
FortiManager/FortiAnalyzer HA is not syncing after upgrade as the synchronization between the cluster units never completes. |
|
888374 |
Admin user's ADOM setting cannot be synced to secondary when |
| 894366 | Any changes related to "lan" interface on FGT 40F, where the role is defined as "LAN", FortiManager tries installing firewall address "lan address" with type interface-subnet linked to interface "lan". The Install Verification fails for "lan address" as "entry not found in database". |
VPN Manager
|
Bug ID |
Description |
|---|---|
| 798995 | It's not possible to delete an SSL VPN portal profile from FortiManager GUI if the profile has been already installed. |
| 857051 | Installing a policy package with IPSec VPN to FortiGates fail with the following error: "TCL error(The remote gateway is a duplicate of another IPsec gateway entry)". |
| 888272 | Single entry of SSLVPN settings cannot be selected under VPN Manager. |
|
894705 |
FortiManager's GUI becomes unresponsive after any changes on the Advanced SSL Profiles in VPN Manager. |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
|
841029 |
FortiManager 7.2.3 is no longer vulnerable to the following CVE Reference:
|
|
850883 |
FortiManager 7.2.3 is no longer vulnerable to the following CVE Reference:
|
|
889979 |
FortiManager 7.2.3 is no longer vulnerable to the following CVE Reference:
|