Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.7
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiManager 7.4.7 Release Notes
    7.4.7
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3

    Known issues

    Known issues

    Known issues are organized into the following categories:

    To inquire about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

    New known issues

    The following issues have been identified in version 7.4.7.

    AP Manager

    Bug ID

    Description
    1173274 FortiManager is trying to enable ddscan when it is not enabled on ADOM db, device db, and AP Manager profile.

    1174004

    After FortiManager's upgrade to 7.4.7, FortiManager may suggest to "set ddscan enable" during the first installation, and this may create some issue on FortiAPs connected to the FortiGate.

    Device Manager

    Bug ID

    Description

    1166830

    FortiGates may be unexpectedly renamed during policy package installation when deploying to multiple devices (more than 5).

    Workaround:

    Install to less than 5 devices at the same time or create metadata variable to config hostname in system template.

    1167436

    FortiManager displays "retrievehaconffail" error when performing retrieve config for FortiGate's HA cluster.

    Workaround:

    "diagnose test deploymanager reloadconf " from the CLI does not display any error.

    1167958

    1175207

    After upgrading FortiManager to version 7.4.7, /var may fill up with temporary files. This is most likely to happen with high device count (>100) or heavy use of thread feeds. Possible symptoms include FGFM tunnels to FortiGates not coming up or GUI not functioning correctly. The likelihood of /var filling up increases the longer FortiManager runs on 7.4.7

    What to look for:

    1. The inode usage of /var increases rapidly as seen in “diagnose system print df –i”, it soars over 30% hours/days after a FortiManager reboot.

    2. The fgfm debug output shows many occurrences of "connect error when connect to : Bad file descriptor".

    3. If some function/feature is broken, this functionality often recovers if rebooting FortiManager, then after some time, it is broken again.

    FortiSwitch Manager

    Bug ID

    Description

    1161320

    FortiManager shows an incomplete FortiSwitch Topology compared with FortiGate.

    Others

    Bug ID

    Description

    1158842

    The FortiManager dashboard FortiGuard license status does not display the same data as shown on the FortiGuard page.

    1163922

    The FortiView tile is missing after adding FortiAnalyzer as a managed device to FortiManager.

    1168422

    FortiManager does not properly support the "FortiGate-50G-SFP-POE" platform.

    1170281

    Not able to create a new VDOM or remove any interfaces from VDOMs when Workspace mode is enabled.

    Workaround:

    Use a script like the following and run it against the Device Database CLI:

    config vdom

    edit vdom_name

    end

    1188452

    Downstream FortiManagers in cascade mode does not download the Webfilter database from the Upstream FortiManager.

    1254367

    FortiManager instances deployed on Azure may lose all data—including configuration, logs, and reports—if the VM is deallocated and subsequently reallocated.

    This may occur during Azure-level operations such as VM stop (deallocate) or SKU/size changes. Please refer to the Special Notices for more information.

    Policy & Objects

    Bug ID

    Description
    1152640

    When no port setting (empty value) has been set for HTTPS on SSL/SSH Inspection Profile, the installation preview shows error "https ... Must set at least one port (default port:443) or enable ssl inspect-all".

    Workaround:

    Modify the profile by adding port setting for HTTPS under "Protocol Port Mapping" even they were disabled. (Enable the option first, input port setting, such as "443", then disable the option and save the profile).

    1157272

    When creating a new entry under the Logical Relationship for a DLP dictionary, the Pattern field must be completed only for the applicable entry types; it should remain blank for those that do not require it.

    1160047

    Application control category "GenAI" is missing in FortiManager, but present in FortiGate.

    Workaround:

    Copy a FortiGate application list (Applist) from the CLI that includes Category 36, and insert it into a CLI template in FortiManager. Assign CLI template to Fortigate.

    1162327

    Install preview may get stuck if another user is simultaneously pushing an install on a different FortiGate within FortiManager.

    1170381

    Unable to create new section "Add Section" in policy after upgrading FortiManager to 7.4.7 while using interface pair view mode. Operation "Add Section" triggers nothing. Field "label" or "global-label" are empty.

    1173197

    Where Used feature is not working for objects that contain a forward slash (/).

    1199272

    Imported certificate does not show details.

    1174618

    After importing the policies and objects from the FortiGate, even though the FortiManager settings were selected, the configuration status for all FortiGates changed to ‘Modified.’

    Services

    Bug ID

    Description

    1167362

    Despite having the fgfm-deny-unknown setting enabled, unauthorized devices might still be appearing in the Device Manager. For more information, see Special Notices.

    System Settings

    Bug ID

    Description
    1169081

    When clicking on the "Approve this request" link in the Workflow mode, following error message can be observed:

    "Unable to complete action, failed to 'approve'."

    Workaround:

    Log in to FortiManager to approve the task.

    VPN Manager

    Bug ID

    Description
    1166323

    The VPN Manager > IPsec VPN Communities page no longer displays correctly — the page loads but shows only a blank (white) screen.

    Existing known issues

    The following issues have been identified in a previous version of FortiManager and remain in FortiManager 7.4.7.

    AP Manager

    Bug ID

    Description
    1032762 Since FortiOS 7.4.4 now supports the selection of multiple 802.11 protocols and has trimmed the band options, importing FortiOS 7.4.3 AP profiles may result in some bands and channels being un-matched or unset.

    Device Manager

    Bug ID

    Description

    970157

    FortiManager is attempting to install SNMP configurations that are not supported by the FortiGate VM, such as power-supply-failure, temperature-high, and voltage-alert.

    Workaround:

    Create a CLI template for SNMP configuration and assign it to the device(s).
    974925

    The NTP Server setting may not display the correct configuration. This issue might occur on managed devices running FortiOS versions lower than 7.4.2.

    Workaround:

    Edit NTP server setting under CLI configuration.

    980362

    The Firmware Version column in Device Manager incorrectly shows "Upgrading FortiGate from V1 to V2" even after a successful upgrade has been completed.

    1102790

    FortiManager pushes the unset auto-connect command to config system lte-modem, where the default value is disabled on FortiOS but still enabled on FortiManager.

    1112389

    FortiView and Log View fail to display logs when FortiAnalyzer is configured as a managed device in FortiManager.

    Global ADOM

    Bug ID

    Description
    1141123

    Installing the Global Header Policy fails with the error: "invalid value". This issue has been observed after upgrading FortiManager to v7.2.10.

    Workaround:

    1. Unset the uuids of all addresses and address groups in Global.

      # execute fmpolicy print-adom-object Global 140 all

      # execute fmpolicy print-adom-object Global 142 all

      • copy them to new file in Notepad++

      • use regex replace all ^set uuid.*$ with unset uuid

    2. Clone all used global addresses and services to have different names from the local ones and replace them in the global policies.

    3. Assign the changes.

    4. Install.

    Others

    Bug ID

    Description
    1019261

    Unable to upgrade ADOM from 7.0 to 7.2, due to the error "Do not support urlfilter-table for global scope webfilter profile".

    Workaround:

    Run the following script against the ADOM DB: 

    config webfilter profile
    edit "g-default"
        config web
            unset urlfilter-table
        end
    next
end

    1041706

    Extender Manager shows the managed Extender as Down even if it is Up and correctly displayed on FortiGate.

    1049457

    Users may encounter an issue in the FortiManager GUI when expanding the log details (when FortiAnalyzer is added as a managed device).

    1071646

    Formatted Event logs do not display the correct timestamp.

    1113980

    In FortiManager operating in Workspace (ALL ADOMs) mode, the Installation Preview may hang, and the GUI displays an infinite loading state.

    This issue is observed when multiple users initiate installations to their respective devices simultaneously while the Policy Packages (PPs) are locked.
    1126662

    In an FortiGate HA setup running on the public cloud platform, the FortiManager attempts to install changes on static routes, which may cause routes to be deleted after an HA failover.

    Policy & Objects

    Bug ID

    Description
    845022 SDN Connector failed to import objects from VMware VSphere.
    971065 When the number of Custom Internet Services exceeds 256, installation fails due to this limitation.

    1131041

    Not able to create ZTNA Server due to the certificate error.
    1142983 In FortiManager, creating a threat feed connector and applying it to multiple VDOMs results in the same UUID being assigned across all instances. This behavior may lead to duplicate UUID issues.

    1168866

    In FortiManager under Policy & Objects > Firewall Objects > Internet Service > IP Reputation Database, most entries show “0” in the Number of Entries column, while the same entries display data on FortiGate devices.

    Services

    Bug ID

    Description
    1170893

    When FortiManager is acting as Local FortiGuard Servers, FortiClient applications running on Linux machines are not receiving any signature updates.
    Previous
    Next

    Known issues

    Known issues

    Known issues are organized into the following categories:

    To inquire about a particular bug or to report a bug, please contact Fortinet Customer Service & Support.

    New known issues

    The following issues have been identified in version 7.4.7.

    AP Manager

    Bug ID

    Description
    1173274 FortiManager is trying to enable ddscan when it is not enabled on ADOM db, device db, and AP Manager profile.

    1174004

    After FortiManager's upgrade to 7.4.7, FortiManager may suggest to "set ddscan enable" during the first installation, and this may create some issue on FortiAPs connected to the FortiGate.

    Device Manager

    Bug ID

    Description

    1166830

    FortiGates may be unexpectedly renamed during policy package installation when deploying to multiple devices (more than 5).

    Workaround:

    Install to less than 5 devices at the same time or create metadata variable to config hostname in system template.

    1167436

    FortiManager displays "retrievehaconffail" error when performing retrieve config for FortiGate's HA cluster.

    Workaround:

    "diagnose test deploymanager reloadconf " from the CLI does not display any error.

    1167958

    1175207

    After upgrading FortiManager to version 7.4.7, /var may fill up with temporary files. This is most likely to happen with high device count (>100) or heavy use of thread feeds. Possible symptoms include FGFM tunnels to FortiGates not coming up or GUI not functioning correctly. The likelihood of /var filling up increases the longer FortiManager runs on 7.4.7

    What to look for:

    1. The inode usage of /var increases rapidly as seen in “diagnose system print df –i”, it soars over 30% hours/days after a FortiManager reboot.

    2. The fgfm debug output shows many occurrences of "connect error when connect to : Bad file descriptor".

    3. If some function/feature is broken, this functionality often recovers if rebooting FortiManager, then after some time, it is broken again.

    FortiSwitch Manager

    Bug ID

    Description

    1161320

    FortiManager shows an incomplete FortiSwitch Topology compared with FortiGate.

    Others

    Bug ID

    Description

    1158842

    The FortiManager dashboard FortiGuard license status does not display the same data as shown on the FortiGuard page.

    1163922

    The FortiView tile is missing after adding FortiAnalyzer as a managed device to FortiManager.

    1168422

    FortiManager does not properly support the "FortiGate-50G-SFP-POE" platform.

    1170281

    Not able to create a new VDOM or remove any interfaces from VDOMs when Workspace mode is enabled.

    Workaround:

    Use a script like the following and run it against the Device Database CLI:

    config vdom

    edit vdom_name

    end

    1188452

    Downstream FortiManagers in cascade mode does not download the Webfilter database from the Upstream FortiManager.

    1254367

    FortiManager instances deployed on Azure may lose all data—including configuration, logs, and reports—if the VM is deallocated and subsequently reallocated.

    This may occur during Azure-level operations such as VM stop (deallocate) or SKU/size changes. Please refer to the Special Notices for more information.

    Policy & Objects

    Bug ID

    Description
    1152640

    When no port setting (empty value) has been set for HTTPS on SSL/SSH Inspection Profile, the installation preview shows error "https ... Must set at least one port (default port:443) or enable ssl inspect-all".

    Workaround:

    Modify the profile by adding port setting for HTTPS under "Protocol Port Mapping" even they were disabled. (Enable the option first, input port setting, such as "443", then disable the option and save the profile).

    1157272

    When creating a new entry under the Logical Relationship for a DLP dictionary, the Pattern field must be completed only for the applicable entry types; it should remain blank for those that do not require it.

    1160047

    Application control category "GenAI" is missing in FortiManager, but present in FortiGate.

    Workaround:

    Copy a FortiGate application list (Applist) from the CLI that includes Category 36, and insert it into a CLI template in FortiManager. Assign CLI template to Fortigate.

    1162327

    Install preview may get stuck if another user is simultaneously pushing an install on a different FortiGate within FortiManager.

    1170381

    Unable to create new section "Add Section" in policy after upgrading FortiManager to 7.4.7 while using interface pair view mode. Operation "Add Section" triggers nothing. Field "label" or "global-label" are empty.

    1173197

    Where Used feature is not working for objects that contain a forward slash (/).

    1199272

    Imported certificate does not show details.

    1174618

    After importing the policies and objects from the FortiGate, even though the FortiManager settings were selected, the configuration status for all FortiGates changed to ‘Modified.’

    Services

    Bug ID

    Description

    1167362

    Despite having the fgfm-deny-unknown setting enabled, unauthorized devices might still be appearing in the Device Manager. For more information, see Special Notices.

    System Settings

    Bug ID

    Description
    1169081

    When clicking on the "Approve this request" link in the Workflow mode, following error message can be observed:

    "Unable to complete action, failed to 'approve'."

    Workaround:

    Log in to FortiManager to approve the task.

    VPN Manager

    Bug ID

    Description
    1166323

    The VPN Manager > IPsec VPN Communities page no longer displays correctly — the page loads but shows only a blank (white) screen.

    Existing known issues

    The following issues have been identified in a previous version of FortiManager and remain in FortiManager 7.4.7.

    AP Manager

    Bug ID

    Description
    1032762 Since FortiOS 7.4.4 now supports the selection of multiple 802.11 protocols and has trimmed the band options, importing FortiOS 7.4.3 AP profiles may result in some bands and channels being un-matched or unset.

    Device Manager

    Bug ID

    Description

    970157

    FortiManager is attempting to install SNMP configurations that are not supported by the FortiGate VM, such as power-supply-failure, temperature-high, and voltage-alert.

    Workaround:

    Create a CLI template for SNMP configuration and assign it to the device(s).
    974925

    The NTP Server setting may not display the correct configuration. This issue might occur on managed devices running FortiOS versions lower than 7.4.2.

    Workaround:

    Edit NTP server setting under CLI configuration.

    980362

    The Firmware Version column in Device Manager incorrectly shows "Upgrading FortiGate from V1 to V2" even after a successful upgrade has been completed.

    1102790

    FortiManager pushes the unset auto-connect command to config system lte-modem, where the default value is disabled on FortiOS but still enabled on FortiManager.

    1112389

    FortiView and Log View fail to display logs when FortiAnalyzer is configured as a managed device in FortiManager.

    Global ADOM

    Bug ID

    Description
    1141123

    Installing the Global Header Policy fails with the error: "invalid value". This issue has been observed after upgrading FortiManager to v7.2.10.

    Workaround:

    1. Unset the uuids of all addresses and address groups in Global.

      # execute fmpolicy print-adom-object Global 140 all

      # execute fmpolicy print-adom-object Global 142 all

      • copy them to new file in Notepad++

      • use regex replace all ^set uuid.*$ with unset uuid

    2. Clone all used global addresses and services to have different names from the local ones and replace them in the global policies.

    3. Assign the changes.

    4. Install.

    Others

    Bug ID

    Description
    1019261

    Unable to upgrade ADOM from 7.0 to 7.2, due to the error "Do not support urlfilter-table for global scope webfilter profile".

    Workaround:

    Run the following script against the ADOM DB: 

    config webfilter profile
    edit "g-default"
        config web
            unset urlfilter-table
        end
    next
end

    1041706

    Extender Manager shows the managed Extender as Down even if it is Up and correctly displayed on FortiGate.

    1049457

    Users may encounter an issue in the FortiManager GUI when expanding the log details (when FortiAnalyzer is added as a managed device).

    1071646

    Formatted Event logs do not display the correct timestamp.

    1113980

    In FortiManager operating in Workspace (ALL ADOMs) mode, the Installation Preview may hang, and the GUI displays an infinite loading state.

    This issue is observed when multiple users initiate installations to their respective devices simultaneously while the Policy Packages (PPs) are locked.
    1126662

    In an FortiGate HA setup running on the public cloud platform, the FortiManager attempts to install changes on static routes, which may cause routes to be deleted after an HA failover.

    Policy & Objects

    Bug ID

    Description
    845022 SDN Connector failed to import objects from VMware VSphere.
    971065 When the number of Custom Internet Services exceeds 256, installation fails due to this limitation.

    1131041

    Not able to create ZTNA Server due to the certificate error.
    1142983 In FortiManager, creating a threat feed connector and applying it to multiple VDOMs results in the same UUID being assigned across all instances. This behavior may lead to duplicate UUID issues.

    1168866

    In FortiManager under Policy & Objects > Firewall Objects > Internet Service > IP Reputation Database, most entries show “0” in the Number of Entries column, while the same entries display data on FortiGate devices.

    Services

    Bug ID

    Description
    1170893

    When FortiManager is acting as Local FortiGuard Servers, FortiClient applications running on Linux machines are not receiving any signature updates.
    Previous
    Next