Fortinet black logo

Release Notes

Home FortiManager 7.2.5 Release Notes
7.2.5
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3

Known Issues

Known Issues

The following issues have been identified in 7.2.5. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description
884233 FortiManager displays the AP critical security vulnerability info even after FortiAPs are being upgraded.

977726

SSID config changes cannot be installed when SSID mode selected as Tunnel under AP.
1010485 Under the AP Manger, WiFi map view cannot load the AP Information.
1010632 Floor Map shows wrong AP status and does not show the rest of APs when adding a new AP.

Device Manager

Bug ID

Description
895994 When using the 'where used' feature in Phase 2 quick mode selector, objects do not appear, and they can be removed.
955058 Changes on Address groups only referenced in phase2 selectors are not installed

960363

Traffic Shaping widgets keep loading on Dashboard page of the Device Manager.
961508 SD-WAN Monitor table-view does not load.
966546 Unable to disable the"Create Address Object Matching Subnet" feature when the interfaces role is LAN.

976887

Unable to set non-HEX values for DHCP Option; it displays an error message: "...enter a valid Hexadecimal number...".
981031 Device Inventory widget shows wrong date for "last seen".
993094 Firmware image for Azure Fortigate (PAYGO) is not available.
997344 FortiManager is missing the "set members 0" feature when creating SDWAN Performance SLA.
1000686 HA autolink failure occurs when LAN interfaces do not exist.
1002289 Unable to delete default wireless-controller vap configuration with pre-run CLI templates.
1006838 "Admin User" settings get modified if username is more than 37 characters.
1011744 Autoupdate will not update the Device DB with FortiGate's ssh local-key details.

1016654

FortiManager fails to add FortiAnalyzer as a managed device.

Workaround:

Configure the following on the FortiManager to allow FortiAnalyzer to connect:

config system global

set fgfm-peercert-withoutsn enable

end
1016987

FGFM's tunnel went down after upgrade because the device's SN doesn't match the expected certificate.

Workaround:

This check can be manually disabled globally on FortiManager side by the following CLI:

config system global

set fgfm-peercert-witoutsn enable

end

FortiSwitch Manager

Bug ID

Description
995984 Cannot create MC-LAG in FortiSwitch Manager.

Others

Bug ID

Description
703585 FortiManager may return "Connection aborted" error with JSON API request.
777831 When FortiAnalyzer is added as a managed device to FortiManager, the "Incident & Event" tile will display instead of the "FortiSoC" tile.
894219 The log filter does not function correctly when filtering by FortiGate HA cluster ID instead of the device ID for individual FortiGate units.
924164 The firmware template status changes to "unknown" after retrieve.
954564 FortiManager attempts to change FEX serial number and returns an installation error.
967214 Unable to set up metadata variables using CSV file when Workspace mode is enabled on ALL ADOMs.
986753 Application webevent & webworker processes consistently encounter Segmentation Fault errors.
991052 FortiManager AWS is not able to form geo-redundant cluster as VRRP HA fails to sync.
1015415 When FortiAnalyzer is added as a managed device to FortiManager, filtered logs will not be displayed under Log View.
1022997 When devices are vulnerable, the table view freezes, resulting in the section not loading properly and the GUI continuously spinning.

Policy & Objects

Bug ID

Description
779363 FortiManager fails to install analytics-wl-filetype in AV profile to FortiGates.
843716 FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server.
845022 SDN Connector failed to import objects from VMware VSphere.
852603 Per device mapping feature is not available for EMS connector under the Policy & Objects on the FortiManager.
958206 Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server.
967271 Installation failed when trying to remove firewall internet-service-name objects.
980649 "where used" feature disappears when ADOM is unlocked.
993263 Filters in Policy Packages do not function correctly.
997752 Install preview randomly hangs and doesn't return any data on next screen.
1001027 When trying to install multiple devices simultaneously, FortiManager may become unresponsive.
1001165 Installation failure while installing the Fortinet_GUI_Server Certificate.
1002787 User external-identity-provider can't be created in the User Definition or CLI configuration under the Policy & Objects.
1002794

FortiManager attempts to remove the existing external-resource when "set external-blocklist-enable-all enable" in AV profile.

Workaround: Use "set external-blocklist <external-profile-name> <external-profile-name2>".
1003295 "Install On" field in FortiManager does not exist anymore.
1003309 When cloning an address object which is member of a group, the cloned object is not a member of that group.
1004056 The installation may encounter an error related to Syntax support for the "ssh-enc-algo" command.
1008413 FortiManager fails to load IPS signatures in the profile.
1008729 EMS tags fail to import upon clicking Apply & Refresh.
1009296 "Fork error (out of memory?)" message has been observed when installing Policy Package on multiple targets simultaneously.

1012336

Pre-installation fails with the error message, "Attribute source-IP check error for RADIUS users."
1012389 "Negate Source" and "Negate Destination" options are missing.
1012400 The policy package installation is hanging due to a crash in the "securityconsole" application.
1012435 When editing an address group in a firewall policy, the members do not display correctly.
1013459 FortiManager fails to load address object in SSL/SSH inspection.
1013948 After upgrading to FortiManager versions 7.2.5 or 7.4.3, the installation preview may hang. However, the installation process itself can be completed successfully.
1013990 There are no commands available for installing source or destination interfaces when adding them to a firewall policy or SNAT rule.
1020917 When "partial-install" feature is enabled, clicking on "Install Objects" can sometimes freeze the GUI, preventing any modifications until it refreshes and also installation may not completed.

Revision History

Bug ID

Description

801614

FortiManager might display an error message "Failed to create a new revision." for some FortiGates when retrieving their configurations.

Script

Bug ID

Description
1008268 The FortiManager script installation process hangs and does not complete.
1011730 FortiManager does not load scripts instantly; it takes a noticeable number of seconds for each script to open.

1020938

After the image upgrade, users may encounter a "Temporarily Unavailable" page message. This problem specifically occurs when special characters, like "$(...)", are used within a TCL script in an ADOM. The Meta variable parsing function incorrectly identifies these characters as meta variable delimiters.

System Settings

Bug ID

Description
825319 FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary.

987173

The "ext-auth-group-match" feature doesn't work for SAML SSO users.

VPN Manager

Bug ID

Description
784385

If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.

Workaround:

It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to the workaround. Perform the following command to check & repair the FortiManager's configuration database.

diagnose cdb check policy-packages <adom>

After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.
Previous
Next

Known Issues

The following issues have been identified in 7.2.5. To inquire about a particular bug or to report a bug, please contact Customer Service & Support.

AP Manager

Bug ID

Description
884233 FortiManager displays the AP critical security vulnerability info even after FortiAPs are being upgraded.

977726

SSID config changes cannot be installed when SSID mode selected as Tunnel under AP.
1010485 Under the AP Manger, WiFi map view cannot load the AP Information.
1010632 Floor Map shows wrong AP status and does not show the rest of APs when adding a new AP.

Device Manager

Bug ID

Description
895994 When using the 'where used' feature in Phase 2 quick mode selector, objects do not appear, and they can be removed.
955058 Changes on Address groups only referenced in phase2 selectors are not installed

960363

Traffic Shaping widgets keep loading on Dashboard page of the Device Manager.
961508 SD-WAN Monitor table-view does not load.
966546 Unable to disable the"Create Address Object Matching Subnet" feature when the interfaces role is LAN.

976887

Unable to set non-HEX values for DHCP Option; it displays an error message: "...enter a valid Hexadecimal number...".
981031 Device Inventory widget shows wrong date for "last seen".
993094 Firmware image for Azure Fortigate (PAYGO) is not available.
997344 FortiManager is missing the "set members 0" feature when creating SDWAN Performance SLA.
1000686 HA autolink failure occurs when LAN interfaces do not exist.
1002289 Unable to delete default wireless-controller vap configuration with pre-run CLI templates.
1006838 "Admin User" settings get modified if username is more than 37 characters.
1011744 Autoupdate will not update the Device DB with FortiGate's ssh local-key details.

1016654

FortiManager fails to add FortiAnalyzer as a managed device.

Workaround:

Configure the following on the FortiManager to allow FortiAnalyzer to connect:

config system global

set fgfm-peercert-withoutsn enable

end
1016987

FGFM's tunnel went down after upgrade because the device's SN doesn't match the expected certificate.

Workaround:

This check can be manually disabled globally on FortiManager side by the following CLI:

config system global

set fgfm-peercert-witoutsn enable

end

FortiSwitch Manager

Bug ID

Description
995984 Cannot create MC-LAG in FortiSwitch Manager.

Others

Bug ID

Description
703585 FortiManager may return "Connection aborted" error with JSON API request.
777831 When FortiAnalyzer is added as a managed device to FortiManager, the "Incident & Event" tile will display instead of the "FortiSoC" tile.
894219 The log filter does not function correctly when filtering by FortiGate HA cluster ID instead of the device ID for individual FortiGate units.
924164 The firmware template status changes to "unknown" after retrieve.
954564 FortiManager attempts to change FEX serial number and returns an installation error.
967214 Unable to set up metadata variables using CSV file when Workspace mode is enabled on ALL ADOMs.
986753 Application webevent & webworker processes consistently encounter Segmentation Fault errors.
991052 FortiManager AWS is not able to form geo-redundant cluster as VRRP HA fails to sync.
1015415 When FortiAnalyzer is added as a managed device to FortiManager, filtered logs will not be displayed under Log View.
1022997 When devices are vulnerable, the table view freezes, resulting in the section not loading properly and the GUI continuously spinning.

Policy & Objects

Bug ID

Description
779363 FortiManager fails to install analytics-wl-filetype in AV profile to FortiGates.
843716 FortiManager tries to unset url-map for TCP forwarding ZTNA virtual server.
845022 SDN Connector failed to import objects from VMware VSphere.
852603 Per device mapping feature is not available for EMS connector under the Policy & Objects on the FortiManager.
958206 Policy package import fails due to a certificate error in the SSL VPN web realm configuration for the virtual host server.
967271 Installation failed when trying to remove firewall internet-service-name objects.
980649 "where used" feature disappears when ADOM is unlocked.
993263 Filters in Policy Packages do not function correctly.
997752 Install preview randomly hangs and doesn't return any data on next screen.
1001027 When trying to install multiple devices simultaneously, FortiManager may become unresponsive.
1001165 Installation failure while installing the Fortinet_GUI_Server Certificate.
1002787 User external-identity-provider can't be created in the User Definition or CLI configuration under the Policy & Objects.
1002794

FortiManager attempts to remove the existing external-resource when "set external-blocklist-enable-all enable" in AV profile.

Workaround: Use "set external-blocklist <external-profile-name> <external-profile-name2>".
1003295 "Install On" field in FortiManager does not exist anymore.
1003309 When cloning an address object which is member of a group, the cloned object is not a member of that group.
1004056 The installation may encounter an error related to Syntax support for the "ssh-enc-algo" command.
1008413 FortiManager fails to load IPS signatures in the profile.
1008729 EMS tags fail to import upon clicking Apply & Refresh.
1009296 "Fork error (out of memory?)" message has been observed when installing Policy Package on multiple targets simultaneously.

1012336

Pre-installation fails with the error message, "Attribute source-IP check error for RADIUS users."
1012389 "Negate Source" and "Negate Destination" options are missing.
1012400 The policy package installation is hanging due to a crash in the "securityconsole" application.
1012435 When editing an address group in a firewall policy, the members do not display correctly.
1013459 FortiManager fails to load address object in SSL/SSH inspection.
1013948 After upgrading to FortiManager versions 7.2.5 or 7.4.3, the installation preview may hang. However, the installation process itself can be completed successfully.
1013990 There are no commands available for installing source or destination interfaces when adding them to a firewall policy or SNAT rule.
1020917 When "partial-install" feature is enabled, clicking on "Install Objects" can sometimes freeze the GUI, preventing any modifications until it refreshes and also installation may not completed.

Revision History

Bug ID

Description

801614

FortiManager might display an error message "Failed to create a new revision." for some FortiGates when retrieving their configurations.

Script

Bug ID

Description
1008268 The FortiManager script installation process hangs and does not complete.
1011730 FortiManager does not load scripts instantly; it takes a noticeable number of seconds for each script to open.

1020938

After the image upgrade, users may encounter a "Temporarily Unavailable" page message. This problem specifically occurs when special characters, like "$(...)", are used within a TCL script in an ADOM. The Meta variable parsing function incorrectly identifies these characters as meta variable delimiters.

System Settings

Bug ID

Description
825319 FortiManager fails to promote a FortiGate HA member (running on firmware 7.2.0 to 7.2.4) to the Primary.

987173

The "ext-auth-group-match" feature doesn't work for SAML SSO users.

VPN Manager

Bug ID

Description
784385

If policy changes are made directly on the FortiGates, the subsequent PP import creates faulty dynamic mappings for VPN Manager.

Workaround:

It is strongly recommended to create a fresh backup of the FortiManager's configuration prior to the workaround. Perform the following command to check & repair the FortiManager's configuration database.

diagnose cdb check policy-packages <adom>

After running this command, FortiManager will remove the invalid mappings of vpnmgr interfaces.
Previous
Next