Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiManager 7.4.5 Release Notes
    7.4.5
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3

    Known issues

    Known issues

    Known issues are organized into the following categories:

    To inquire about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

    New known issues

    The following issues have been identified in version 7.4.5.

    Device Manager

    Bug ID

    Description

    1136080

    Starting from FortiOS version 7.2.11, FortiGate devices use a different password type for the administrator's password field. FortiManager versions released before this change cannot verify the administrator password when installing to a FortiGate, which may result in an installation failure.

    FortiSwitch Manager

    Bug ID

    Description

    1110598

    Unable to add per device mapping config for FortiSwitch VLAN.

    Workaround:

    A script can be run on "Policy Package or ADOM Database". The following is an example:

    config fsp vlan
edit "vlan200"
set vlanid 200
set _dhcp-status disable
config interface
set ip-managed-by-fortiipam disable
end
 
config dynamic_mapping
edit "FortiGate-80F-POE"-"root"
set _dhcp-status disable
config interface
set vlanid 20
end

config dhcp-server
set dns-service default
set ntp-service default
set timezone-option default
end
next
end
next
end

    Existing known issues

    The following issues have been identified in a previous version of FortiManager and remain in FortiManager 7.4.5.

    AP Manager

    Bug ID

    Description
    1032762 Since FortiOS 7.4.4 now supports the selection of multiple 802.11 protocols and has trimmed the band options, importing FortiOS 7.4.3 AP profiles may result in some bands and channels being un-matched or unset.
    1041445 The AP attributes do not automatically update in the AP Manager.
    1050466 The 802.11ax-5g AP profile is missing for all FortiAPs that support WiFi 6.
    1076200

    Policy install fails due to FortiManager installs unexpected changes related to "<wifi_intf> address".

    Workaround:

    Create a CLI template with all subnet addresses and assign to device.
    1081136

    FortiManager is trying to delete and create ssid interface subnet address after upgrade.

    Device Manager

    Bug ID

    Description
    952422 IPsec templates created by SDWAN Overlay does not create tunnels for all the underlay interfaces.
    973365

    FortiManager does not display the IP addresses of FortiGate interfaces configured with DHCP addressing mode.

    Workaround:

    Disable Addressing Mode from DHCP to Manual in FortiManager Device DB, then retrieve from FortiGate and IP will be updated successfully.
    974925

    The NTP Server setting may not display the correct configuration. This issue might occur on managed devices running FortiOS version 7.4.2 or higher.

    Workaround:

    Edit NTP server setting under CLI configuration.
    1004220 The SD-WAN Overlay template creates route-map names that exceed the 35-character limit.
    1053194 If the "system interface speed" attribute is changed from the FortiManager, it may potentially cause an installation failure. Modifying the "system interface speed" is not currently supported on the FortiManager and must be done on the FortiGate side.

    1063635

    FortiManager does not support the "FortiWiFi-80F-2R-3G4G-DSL".
    1070943

    Unable to upgrade the devices through the Device Group Upgrade Firmware feature.

    Workaround:

    Upgrade devices individually by using the "Device Firmware Upgrade" feature or Create New Firmware Template for single devices or device groups and use the "Assign to Devices/Groups" feature.
    1074717 An error might be observed when the SD-WAN template health check name contains a space, displaying the following message: "Bad health check name...".
    1075281

    Unable to add FortiAnalyzer to FortiManager when "fgfm-peercert-withoutsn" is enabled.

    Workaround:

    Set the "fgfm-peercert-withoutsn" to disable and then add FortiAnalyzer to FortiManager.
    1075747 SD-WAN Monitor does not display the members under the SD-WAN Rules (Map View or Table View). This issue is most likely to occur when "priority-zone" is configured.
    1080414

    CSV import fails to set metadata variables due to old header format ("name"). To update to the current format, see "Device blueprint header" in Special Notices.

    1081105

    The "system interface speed" attribute is incorrectly configured on the FortiManager, which may cause the installation to the FortiGate to fail.

    Workaround:

    Change the interface speed using CLI script and run directly on the FortiGate using the syntax "set speed auto".

    Others

    Bug ID

    Description
    998198

    When upgrading ADOM, the upgrade process fails with the following error: "invalid value - can not find import template 'XYZ' ".

    Workaround:

    Locate the scripts, delete them, upgrade the ADOM and then import the scripts.
    1003711

    During the FortiGate HA upgrade, both the primary and secondary FortiGates may reboot simultaneously, which can disrupt the network. This issue is more likely to occur in FortiGates that require disk checks, leading to longer boot times.

    Workaround:

    Disabling the disk check on fmupdate before the upgrade using the following command:

    config fmupdate fwm-setting

    set check-fgt-disk disable

    end
    1019261

    Unable to upgrade ADOM from 7.0 to 7.2, due to the error "Do not support urlfilter-table for global scope webfilter profile".

    Workaround:

    Run the following script against the ADOM DB:

    config webfilter profile

    edit "g-default"

    config web

    unset urlfilter-table

    end

    next

    end
    1029677

    Unable to upgrade ADOM from v6.4 to v7.0 due to global scope error in webfilter profile.

    Workaround:

    Rename the "g-default" to "g-test" > save. It can be deleted after that. Once ADOM upgraded, new g-default is created.
    1049457 When FortiAnalyzer is added as a managed device, users may encounter an issue in the FortiManager GUI when expanding the log details.

    Policy & Objects

    Bug ID

    Description
    845022 SDN Connector failed to import objects from VMware VSphere.
    991720

    FortiManager still has an option to enable the "match-vip" through the policy package for "allow" policies. However, this is not supported anymore on the FortiGates.

    Workaround:

    Disable the option under advance option in Firewall Rule.
    1029921 Under the "Web Application Firewall" security profiles, users are unable to disable the signatures through the GUI.
    1074686

    FortiManager fails to import NAC policies.

    Workaround:

    Manually create the NAC policy in the policy package and then install.

    1076659

    When policy package configured with policy block, installation to multiple devices may have copy fail errors if combined length of the Policy Block name and Policy name is greater than 35 characters and if the total number of such policies exceeds 1000.

    1079678

    FortiManager does not provide any warning when there is a "deny all" policy in the middle of a Policy Package. This can be still seen on the "task monitor".

    System Settings

    Bug ID

    Description

    1063040

    Unable to import a local certificate into FortiManager. This issue may occur if the certificate is encrypted with a newer OpenSSL version that FortiManager does not yet support.

    Workaround:

    Convert the latest certificate to the legacy format before uploading it to FortiManager.
    Previous
    Next

    Known issues

    Known issues

    Known issues are organized into the following categories:

    To inquire about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

    New known issues

    The following issues have been identified in version 7.4.5.

    Device Manager

    Bug ID

    Description

    1136080

    Starting from FortiOS version 7.2.11, FortiGate devices use a different password type for the administrator's password field. FortiManager versions released before this change cannot verify the administrator password when installing to a FortiGate, which may result in an installation failure.

    FortiSwitch Manager

    Bug ID

    Description

    1110598

    Unable to add per device mapping config for FortiSwitch VLAN.

    Workaround:

    A script can be run on "Policy Package or ADOM Database". The following is an example:

    config fsp vlan
edit "vlan200"
set vlanid 200
set _dhcp-status disable
config interface
set ip-managed-by-fortiipam disable
end
 
config dynamic_mapping
edit "FortiGate-80F-POE"-"root"
set _dhcp-status disable
config interface
set vlanid 20
end

config dhcp-server
set dns-service default
set ntp-service default
set timezone-option default
end
next
end
next
end

    Existing known issues

    The following issues have been identified in a previous version of FortiManager and remain in FortiManager 7.4.5.

    AP Manager

    Bug ID

    Description
    1032762 Since FortiOS 7.4.4 now supports the selection of multiple 802.11 protocols and has trimmed the band options, importing FortiOS 7.4.3 AP profiles may result in some bands and channels being un-matched or unset.
    1041445 The AP attributes do not automatically update in the AP Manager.
    1050466 The 802.11ax-5g AP profile is missing for all FortiAPs that support WiFi 6.
    1076200

    Policy install fails due to FortiManager installs unexpected changes related to "<wifi_intf> address".

    Workaround:

    Create a CLI template with all subnet addresses and assign to device.
    1081136

    FortiManager is trying to delete and create ssid interface subnet address after upgrade.

    Device Manager

    Bug ID

    Description
    952422 IPsec templates created by SDWAN Overlay does not create tunnels for all the underlay interfaces.
    973365

    FortiManager does not display the IP addresses of FortiGate interfaces configured with DHCP addressing mode.

    Workaround:

    Disable Addressing Mode from DHCP to Manual in FortiManager Device DB, then retrieve from FortiGate and IP will be updated successfully.
    974925

    The NTP Server setting may not display the correct configuration. This issue might occur on managed devices running FortiOS version 7.4.2 or higher.

    Workaround:

    Edit NTP server setting under CLI configuration.
    1004220 The SD-WAN Overlay template creates route-map names that exceed the 35-character limit.
    1053194 If the "system interface speed" attribute is changed from the FortiManager, it may potentially cause an installation failure. Modifying the "system interface speed" is not currently supported on the FortiManager and must be done on the FortiGate side.

    1063635

    FortiManager does not support the "FortiWiFi-80F-2R-3G4G-DSL".
    1070943

    Unable to upgrade the devices through the Device Group Upgrade Firmware feature.

    Workaround:

    Upgrade devices individually by using the "Device Firmware Upgrade" feature or Create New Firmware Template for single devices or device groups and use the "Assign to Devices/Groups" feature.
    1074717 An error might be observed when the SD-WAN template health check name contains a space, displaying the following message: "Bad health check name...".
    1075281

    Unable to add FortiAnalyzer to FortiManager when "fgfm-peercert-withoutsn" is enabled.

    Workaround:

    Set the "fgfm-peercert-withoutsn" to disable and then add FortiAnalyzer to FortiManager.
    1075747 SD-WAN Monitor does not display the members under the SD-WAN Rules (Map View or Table View). This issue is most likely to occur when "priority-zone" is configured.
    1080414

    CSV import fails to set metadata variables due to old header format ("name"). To update to the current format, see "Device blueprint header" in Special Notices.

    1081105

    The "system interface speed" attribute is incorrectly configured on the FortiManager, which may cause the installation to the FortiGate to fail.

    Workaround:

    Change the interface speed using CLI script and run directly on the FortiGate using the syntax "set speed auto".

    Others

    Bug ID

    Description
    998198

    When upgrading ADOM, the upgrade process fails with the following error: "invalid value - can not find import template 'XYZ' ".

    Workaround:

    Locate the scripts, delete them, upgrade the ADOM and then import the scripts.
    1003711

    During the FortiGate HA upgrade, both the primary and secondary FortiGates may reboot simultaneously, which can disrupt the network. This issue is more likely to occur in FortiGates that require disk checks, leading to longer boot times.

    Workaround:

    Disabling the disk check on fmupdate before the upgrade using the following command:

    config fmupdate fwm-setting

    set check-fgt-disk disable

    end
    1019261

    Unable to upgrade ADOM from 7.0 to 7.2, due to the error "Do not support urlfilter-table for global scope webfilter profile".

    Workaround:

    Run the following script against the ADOM DB:

    config webfilter profile

    edit "g-default"

    config web

    unset urlfilter-table

    end

    next

    end
    1029677

    Unable to upgrade ADOM from v6.4 to v7.0 due to global scope error in webfilter profile.

    Workaround:

    Rename the "g-default" to "g-test" > save. It can be deleted after that. Once ADOM upgraded, new g-default is created.
    1049457 When FortiAnalyzer is added as a managed device, users may encounter an issue in the FortiManager GUI when expanding the log details.

    Policy & Objects

    Bug ID

    Description
    845022 SDN Connector failed to import objects from VMware VSphere.
    991720

    FortiManager still has an option to enable the "match-vip" through the policy package for "allow" policies. However, this is not supported anymore on the FortiGates.

    Workaround:

    Disable the option under advance option in Firewall Rule.
    1029921 Under the "Web Application Firewall" security profiles, users are unable to disable the signatures through the GUI.
    1074686

    FortiManager fails to import NAC policies.

    Workaround:

    Manually create the NAC policy in the policy package and then install.

    1076659

    When policy package configured with policy block, installation to multiple devices may have copy fail errors if combined length of the Policy Block name and Policy name is greater than 35 characters and if the total number of such policies exceeds 1000.

    1079678

    FortiManager does not provide any warning when there is a "deny all" policy in the middle of a Policy Package. This can be still seen on the "task monitor".

    System Settings

    Bug ID

    Description

    1063040

    Unable to import a local certificate into FortiManager. This issue may occur if the certificate is encrypted with a newer OpenSSL version that FortiManager does not yet support.

    Workaround:

    Convert the latest certificate to the legacy format before uploading it to FortiManager.
    Previous
    Next