Fortinet black logo

Release Notes

Home FortiManager 7.4.2 Release Notes
7.4.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3

Resolved Issues

Resolved Issues

The following issues have been fixed in 7.4.2. To inquire about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description

736930

FortiManager is unable to efficiently display rogue AP lists for FortiGates with a high volume of rogue APs.
861941 FortiManager attempts to install "arrp-profile" even if "darrp" is disabled.

906061

It takes a significant amount of time to assign a profile to each FortiAP.

Device Manager

Bug ID Description
723720 "strong-crypto" feature change under the CLI configuration cannot be installed to FortiGate.
778131 FortiManager did not support the per device mapping for user SAML configurations.
811104 Import policy package fails after installing web-proxy through CLI configurations.

838462

Adding device using "Add Model HA Cluster" feature failed as FortiManager does not allow "virtual switch interfaces" being used as "heartbeat interfaces".
880934 FortiManager reverts Syslog mode settings on local FortiGates (when FortiGates are in FIPS mode).

902577

The status of the FortiLink split-interface radio button under FortiManager's Device Manager does not match the configuration in FortiGates.

920394

Installation failed due to the incorrect install order during ZTP.

923808

Even with the "set dhcp-relay-request-all-server enable" option enabled, FortiManager does not keep the DHCP server & relay configurations on the same interface.
935586 When managed devices go down/appear offline, not all FGFM tunnels are automatically recovered by FortiManager.

936168

Unable to assign Device Group to the Firmware Template.
939921 The firmware upgrade in ADOM mode backup is not allowed.

947393

When adding a device via CSV file import, not all metadata values may be configured successfully if a variable is not used in any provisioning templates within the blueprint.
948475 "View Diff" function under the "Device Configuration DB" under Device Manager per device does not function properly.
949546 When zones have identical names except for case, only 1 of the zones may be visible in Device Manager.
949612 The SD-WAN monitor table-view takes too long to load/display information.
952404 FortiManager cannot install the Static Route config under the Provisioning Template due to a static route template error after upgrading to FortiManager 7.2.4/7.4.1.
954610 FortiManager does not show objects under the 'named address' options in Ipsec VPN Phase 2 definitions.
956567 Not able to edit/delete Logging Devices Group.
961447

After upgrading FortiManager (VMs & FortiManager Cloud) to versions 7.2.4 or 7.4.1, devices may not be able to be retrieved or refreshed.

967611

Device Manager interface link status is blank for various Interface types (Tunnel, Aggregate, VDOM Link, Software Switch).

969542

Sometimes IPsec Tunnel Template displays the "Response with errors" message when editing the template.

969698

FortiManager allows the creation of an empty service value for Internet Service routes.

FortiSwitch Manager

Bug ID

Description

940419

When adding FortiSwitch on FortiManager, error message "Import error - invalid port number" is displayed.

958072

The "view ports" feature under the Managed FortiSwitches of the FortiSwitch manager does not display the ports.

967213

While attempting to deploy a FortiSwitch template to a model device, FortiManager generates the following error message: "VLAN interface does not match FortiLink."

Global ADOM

Bug ID

Description
906058 Firewall address cannot be deleted from Global ADOM; it displays an error message indicating that the object is being used in ADOM root.

969182

Under the Global ADOM, the assignment of specific policy packages does not function properly.

Others

Bug ID

Description

583349

FortiManager does not provide support for image upgrades on "ONDEMAND" devices.

796858

Subject Key Identifier extension is missing on FortiManager ADOM CA certificate.
875584

FortiManager cannot upgrade ADOMs to 7.2 due to error "copy system replacemsg spam.smtp-spam-emailblock".

891253 The firmware upgrade is successful; however, the task line does not get updated for the retrieve action when device names exceed the predefined character limit.
900512 FortiManager ADOM Upgrade fails with the error message, "Peer type cannot be peer when authentication method is pre-share key".
922957 The "fmgd" process may crash while loading the ADOM when multiple Policy Packages are locked.
937448 Unable to change the time zone on ADOM when FortiAnalyzer feature is enabled on FortiManager.
941203 FortiManager does not support the use of Certificate Templates to create certificates with a "range=global" setting for FortiGates operating in multi-vdom mode.

945048

Unable to edit/delete/clone extender controller for ADOM V7.0.
957433

When creating the FortiManager/FortiAnalyzer docker instances, UUID is missing under the "diagnose debug vminfo".

960796

FortiExtenders are not displayed under the FortiExtender Manager for all FortiGates.

963490

Installation fails as FortiManager attempts to "set role primary" feature for the "lan-extension backhaul" under the "extender-controller".

971122

FortiManager does not support all authentication types that are supported by FortiOS, leading to a certificate error in the FortiClient EMS connector.

Policy and Objects

Bug ID

Description
630648 A FortiManager instance running on Microsoft Azure is unable to import the SDN connector for a dynamic firewall address and is displaying an error message stating "wrong input parameter."
725427 Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPSEC policy.
751443

FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

830640 "Send files to FortiSandbox for inspection" option is being enabled when creating an antivirus profile.
854359 An installation error occurs when FortiManager attempts to install wildcard FQDN addresses 'mzstatic-apple' and 'cdn-apple' within the 'custom-deep-inspection' SSL-SSH profile.
855073

The "where used" feature (under the Source & Destination objects) incorrectly displays "No Record Found" even when these objects are in use.
875103 Local categories gets purged if used in Profile Mode Security Profiles.
894597 Default value for "unsupported-ssl-version" in ssl-ssh-profile gets modified during the installation.
899226 Unable to create Central SNAT explicit port translations on FortiManager.
900229 In policy-based policy packaged, application IDs are displayed instead of their names.
904751 WebRating overrides can't be deployed or deleted via FortiManager.
907925 IPS profile/Signature tab is not visible for admins with non-default admin profile.
939979 After editing authentication-rule/portal mapping, FortiManager installs unexpected changes to these rules.
942659 Syncing EMS tags from FortiManager fails when the EMS Connector is configured in multi-site mode.
943386 The installation failed with the message: "auto-firmware-upgrade-day is overridden by auto-firmware-upgrade-delay for automatic patch-level firmware upgrades from FortiGuard."

944931

Cannot install or import policy with internet-service6 object.
945632 Modifying the Policy Installation Target does not trigger a status change in the Policy Package when adding an "install on" to a single policy.

945853

FortiManager doesn't sync previously deleted FortiClient EMS tags.
948437 When adding a filter under Application Control, it results in a display of apps with messy names and icons.

948559

Policy blocks doesn't load properly.
948980 After creating a new v7.4 ADOM, clicking on the "Show Global Object Search" displays empty page.
949515

Security Policy Installation Verification fails because the "internet-service-negate" feature gets enabled every time after modifying the policy.
949972 Filter isn't working when trying to add a device as a Installation target for an existing policy package.

955010

Comments on policies may be cleared when a blank area within the text field is clicked.
957225 ADOM admin users not able to view the managed FortiGate in the policy push wizard
958923 Installing policy packages that utilize an SSL/SSH Inspection profile may fail with the error message, "Server certificate replace mode cannot support category exempt."

959166

Export to Excel does not work.

960660

The Clone Reverse feature is not functioning when the firewall policy includes an Internet service address object.
960778 Installation failed because FortiManager attempts to remove a static entry, "QuarantinedDevices."
963536 The policy package feature 'Export to Excel' is not functioning.
964464 Policy Lookup feature does not function.

965670

Creating a new interface type 'vlan'; changing VDOM results in the removal of the selected interface.

978814

When attempting to use the Export to Excel feature under the Firewall Policy with extensive rules, GUI may slow down and become unresponsive for some time.

Revision History

Bug ID

Description
513317 FortiManager may fail to install policy after FortiGate failover on Azure.
894523 Object revision timestamp is taken from previous revision.

Script

Bug ID

Description
937528 Unable to send DHCP options "set value" using CLI template and using Script.

Services

Bug ID Description
863094 The query status is not functioning correctly, and the 'top 10 unrated sites' section actually displays ratings.
938365 FortiManager's GUI does not display an option under FortiGuard Settings to support the 7.2 version for FortiClient and FortiMail.

System Settings

Bug ID Description

842732

FortiManager does not display the Secondary HA member's status correctly.

853429

Creating FortiManager's configuration backup via scp cannot be done.

871633

The configuration that is not synchronized among HA members cannot be modified on slave devices.
930200 Unable to change the time and timezone from the GUI.
930449 Testing the syslog server displays the message, "Failed to send a test log to syslog server".
936694 After removing a device, FortiManager generates repeated "sync dvmdb to faz" tasks for all logged-in administrative users.
941082 A password prompt is consistently requested with each new login attempt when applying password policies to a local account linked to FortiToken Cloud Mobile for multi-factor authentication (MFA).

957308

After enabling FAZ feature the new Event Logs are not displayed in Event Log under the system settings.
966148 RADIUS remote users are unable to successfully install changes to FortiGates.

967862

In the FortiManager dashboard, bandwidth is displayed in 'bps'.

VPN Manager

Bug ID

Description

897574

Address Objects with Meta Variables do not function correctly when creating Static routes using the VPN Manager.

906097

VPN Manager IPsec community Phase 2 encryption setting can't be changed to AES256GCM from the GUI.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

947396

FortiManager 7.4.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-44253

949519

FortiManager 7.4.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-41842

968793

FortiManager 7.4.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-47542
Previous
Next

Resolved Issues

The following issues have been fixed in 7.4.2. To inquire about a particular bug, please contact Customer Service & Support.

AP Manager

Bug ID Description

736930

FortiManager is unable to efficiently display rogue AP lists for FortiGates with a high volume of rogue APs.
861941 FortiManager attempts to install "arrp-profile" even if "darrp" is disabled.

906061

It takes a significant amount of time to assign a profile to each FortiAP.

Device Manager

Bug ID Description
723720 "strong-crypto" feature change under the CLI configuration cannot be installed to FortiGate.
778131 FortiManager did not support the per device mapping for user SAML configurations.
811104 Import policy package fails after installing web-proxy through CLI configurations.

838462

Adding device using "Add Model HA Cluster" feature failed as FortiManager does not allow "virtual switch interfaces" being used as "heartbeat interfaces".
880934 FortiManager reverts Syslog mode settings on local FortiGates (when FortiGates are in FIPS mode).

902577

The status of the FortiLink split-interface radio button under FortiManager's Device Manager does not match the configuration in FortiGates.

920394

Installation failed due to the incorrect install order during ZTP.

923808

Even with the "set dhcp-relay-request-all-server enable" option enabled, FortiManager does not keep the DHCP server & relay configurations on the same interface.
935586 When managed devices go down/appear offline, not all FGFM tunnels are automatically recovered by FortiManager.

936168

Unable to assign Device Group to the Firmware Template.
939921 The firmware upgrade in ADOM mode backup is not allowed.

947393

When adding a device via CSV file import, not all metadata values may be configured successfully if a variable is not used in any provisioning templates within the blueprint.
948475 "View Diff" function under the "Device Configuration DB" under Device Manager per device does not function properly.
949546 When zones have identical names except for case, only 1 of the zones may be visible in Device Manager.
949612 The SD-WAN monitor table-view takes too long to load/display information.
952404 FortiManager cannot install the Static Route config under the Provisioning Template due to a static route template error after upgrading to FortiManager 7.2.4/7.4.1.
954610 FortiManager does not show objects under the 'named address' options in Ipsec VPN Phase 2 definitions.
956567 Not able to edit/delete Logging Devices Group.
961447

After upgrading FortiManager (VMs & FortiManager Cloud) to versions 7.2.4 or 7.4.1, devices may not be able to be retrieved or refreshed.

967611

Device Manager interface link status is blank for various Interface types (Tunnel, Aggregate, VDOM Link, Software Switch).

969542

Sometimes IPsec Tunnel Template displays the "Response with errors" message when editing the template.

969698

FortiManager allows the creation of an empty service value for Internet Service routes.

FortiSwitch Manager

Bug ID

Description

940419

When adding FortiSwitch on FortiManager, error message "Import error - invalid port number" is displayed.

958072

The "view ports" feature under the Managed FortiSwitches of the FortiSwitch manager does not display the ports.

967213

While attempting to deploy a FortiSwitch template to a model device, FortiManager generates the following error message: "VLAN interface does not match FortiLink."

Global ADOM

Bug ID

Description
906058 Firewall address cannot be deleted from Global ADOM; it displays an error message indicating that the object is being used in ADOM root.

969182

Under the Global ADOM, the assignment of specific policy packages does not function properly.

Others

Bug ID

Description

583349

FortiManager does not provide support for image upgrades on "ONDEMAND" devices.

796858

Subject Key Identifier extension is missing on FortiManager ADOM CA certificate.
875584

FortiManager cannot upgrade ADOMs to 7.2 due to error "copy system replacemsg spam.smtp-spam-emailblock".

891253 The firmware upgrade is successful; however, the task line does not get updated for the retrieve action when device names exceed the predefined character limit.
900512 FortiManager ADOM Upgrade fails with the error message, "Peer type cannot be peer when authentication method is pre-share key".
922957 The "fmgd" process may crash while loading the ADOM when multiple Policy Packages are locked.
937448 Unable to change the time zone on ADOM when FortiAnalyzer feature is enabled on FortiManager.
941203 FortiManager does not support the use of Certificate Templates to create certificates with a "range=global" setting for FortiGates operating in multi-vdom mode.

945048

Unable to edit/delete/clone extender controller for ADOM V7.0.
957433

When creating the FortiManager/FortiAnalyzer docker instances, UUID is missing under the "diagnose debug vminfo".

960796

FortiExtenders are not displayed under the FortiExtender Manager for all FortiGates.

963490

Installation fails as FortiManager attempts to "set role primary" feature for the "lan-extension backhaul" under the "extender-controller".

971122

FortiManager does not support all authentication types that are supported by FortiOS, leading to a certificate error in the FortiClient EMS connector.

Policy and Objects

Bug ID

Description
630648 A FortiManager instance running on Microsoft Azure is unable to import the SDN connector for a dynamic firewall address and is displaying an error message stating "wrong input parameter."
725427 Policy package install skips the policy where destination interface is set as SD-WAN zone and policy is IPSEC policy.
751443

FortiManager displays policy installation copy failures error when ipsec template gets unassigned.

830640 "Send files to FortiSandbox for inspection" option is being enabled when creating an antivirus profile.
854359 An installation error occurs when FortiManager attempts to install wildcard FQDN addresses 'mzstatic-apple' and 'cdn-apple' within the 'custom-deep-inspection' SSL-SSH profile.
855073

The "where used" feature (under the Source & Destination objects) incorrectly displays "No Record Found" even when these objects are in use.
875103 Local categories gets purged if used in Profile Mode Security Profiles.
894597 Default value for "unsupported-ssl-version" in ssl-ssh-profile gets modified during the installation.
899226 Unable to create Central SNAT explicit port translations on FortiManager.
900229 In policy-based policy packaged, application IDs are displayed instead of their names.
904751 WebRating overrides can't be deployed or deleted via FortiManager.
907925 IPS profile/Signature tab is not visible for admins with non-default admin profile.
939979 After editing authentication-rule/portal mapping, FortiManager installs unexpected changes to these rules.
942659 Syncing EMS tags from FortiManager fails when the EMS Connector is configured in multi-site mode.
943386 The installation failed with the message: "auto-firmware-upgrade-day is overridden by auto-firmware-upgrade-delay for automatic patch-level firmware upgrades from FortiGuard."

944931

Cannot install or import policy with internet-service6 object.
945632 Modifying the Policy Installation Target does not trigger a status change in the Policy Package when adding an "install on" to a single policy.

945853

FortiManager doesn't sync previously deleted FortiClient EMS tags.
948437 When adding a filter under Application Control, it results in a display of apps with messy names and icons.

948559

Policy blocks doesn't load properly.
948980 After creating a new v7.4 ADOM, clicking on the "Show Global Object Search" displays empty page.
949515

Security Policy Installation Verification fails because the "internet-service-negate" feature gets enabled every time after modifying the policy.
949972 Filter isn't working when trying to add a device as a Installation target for an existing policy package.

955010

Comments on policies may be cleared when a blank area within the text field is clicked.
957225 ADOM admin users not able to view the managed FortiGate in the policy push wizard
958923 Installing policy packages that utilize an SSL/SSH Inspection profile may fail with the error message, "Server certificate replace mode cannot support category exempt."

959166

Export to Excel does not work.

960660

The Clone Reverse feature is not functioning when the firewall policy includes an Internet service address object.
960778 Installation failed because FortiManager attempts to remove a static entry, "QuarantinedDevices."
963536 The policy package feature 'Export to Excel' is not functioning.
964464 Policy Lookup feature does not function.

965670

Creating a new interface type 'vlan'; changing VDOM results in the removal of the selected interface.

978814

When attempting to use the Export to Excel feature under the Firewall Policy with extensive rules, GUI may slow down and become unresponsive for some time.

Revision History

Bug ID

Description
513317 FortiManager may fail to install policy after FortiGate failover on Azure.
894523 Object revision timestamp is taken from previous revision.

Script

Bug ID

Description
937528 Unable to send DHCP options "set value" using CLI template and using Script.

Services

Bug ID Description
863094 The query status is not functioning correctly, and the 'top 10 unrated sites' section actually displays ratings.
938365 FortiManager's GUI does not display an option under FortiGuard Settings to support the 7.2 version for FortiClient and FortiMail.

System Settings

Bug ID Description

842732

FortiManager does not display the Secondary HA member's status correctly.

853429

Creating FortiManager's configuration backup via scp cannot be done.

871633

The configuration that is not synchronized among HA members cannot be modified on slave devices.
930200 Unable to change the time and timezone from the GUI.
930449 Testing the syslog server displays the message, "Failed to send a test log to syslog server".
936694 After removing a device, FortiManager generates repeated "sync dvmdb to faz" tasks for all logged-in administrative users.
941082 A password prompt is consistently requested with each new login attempt when applying password policies to a local account linked to FortiToken Cloud Mobile for multi-factor authentication (MFA).

957308

After enabling FAZ feature the new Event Logs are not displayed in Event Log under the system settings.
966148 RADIUS remote users are unable to successfully install changes to FortiGates.

967862

In the FortiManager dashboard, bandwidth is displayed in 'bps'.

VPN Manager

Bug ID

Description

897574

Address Objects with Meta Variables do not function correctly when creating Static routes using the VPN Manager.

906097

VPN Manager IPsec community Phase 2 encryption setting can't be changed to AES256GCM from the GUI.

Common Vulnerabilities and Exposures

Visit https://fortiguard.com/psirt for more information.

Bug ID CVE references

947396

FortiManager 7.4.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-44253

949519

FortiManager 7.4.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-41842

968793

FortiManager 7.4.2 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-47542
Previous
Next