Resolved issues
The following issues have been fixed in 7.4.7. To inquire about a particular bug, please contact Customer Service & Support.
AP Manager
| Bug ID | Description |
|---|---|
| 1041445 | The AP attributes do not automatically update in the AP Manager. |
| 1050466 | The 802.11ax-5g AP profile is missing for all FortiAPs that support WiFi 6. |
| 1083224 | FortiManager attempts to install 'port1-mode > bridge-to-wan' when 'Override LAN Port' is enabled and 'LAN Port Bridge' is set to 'Bridge to LAN'. |
Device Manager
| Bug ID | Description |
|---|---|
| 932579 | Assigning a BGP template is purging the previously existing BGP config from the target FortiGates |
| 973365 |
FortiManager does not display the IP addresses of FortiGate interfaces configured with DHCP addressing mode. |
| 992550 | Unable to remove the trusted host for a FortiGate admins under the Device DB from the FortiManager's GUI. |
| 995919 | Cannot config system password-policy expire-day for FortiGates. |
| 1000101 | FortiManager fails to retrieve certificates that were directly imported into the FortiGate. As a result, FortiManagerrepeatedly attempts to push a CSR, leading to installation status conflicts. |
| 1004220 | The SD-WAN Overlay template creates route-map names that exceed the 35-character limit. |
| 1021789 | The FortiManager SD-WAN widget's health check status is not functioning as expected. |
| 1039127 | Unable to edit the Logs settings under the device management. |
| 1041265 | While using a Device Blueprint to apply a pre-run cli template and creating model devices via CSV import, the pre-run does not show applied in Device Manager. |
| 1041440 |
Some FortiGate platform (FGT-40F & FGT-60F) does not support the
|
| 1053194 |
If the |
| 1063635 |
FortiManager does not support the FortiWiFi-80F-2R-3G4G-DSL. |
| 1063835 |
FortiManager ZTP installation to FortiGate versions 7.2.8 and lower may fail due to
differing default |
| 1063850 | FortiManager is attempting to install a "PRIVATE KEY" with every installation, even after retrieving the config. |
| 1071249 | Under Device Manager > Monitors > SD-WAN Monitor, there are some missing data on widgets Bandwidth Overview and Traffic Growth. |
| 1073479 | Install preview does not function properly. |
| 1075052 |
Occasionally, installations may fail on FortiGates in HA mode due to a "Serial number does NOT match" error. This can happen if the HA device's serial number on FortiManager does not immediately update after a failover. |
| 1079654 | Firewall address entries are incorrectly generated when creating a bridge/mesh-type SSID. |
| 1080414 |
CSV import fails to set metadata variables due to old header format ("name"). |
| 1080940 | In an IPSEC tunnel template, deleting an IPSEC tunnel that is not the last one in the template causes the configuration of the last remaining tunnel to disappear when you revisit the template. |
|
1081105 |
The " Workaround: Change the interface speed using CLI script and run directly on the FortiGate using the syntax " |
| 1085385 | Importing SD-WAN configuration previously completed on a FortiGate as a provisioning template in FortiManager returns "Response format error" message |
| 1086303 |
An installation error may occur when binding and installing the created
VLAN interface to the software switch due to |
| 1089102 | Metadata variable value cannot be emptied (value deleted) after a value has been set via Edit Variable Mapping for a model device. |
| 1090340 | Deleting at least 1 VPN IPSec tunnel from the IPSEC Templates purging other vpn phase2-interfaces which are using the same template |
| 1091441 | Managed FortiAnalyzer is not available in dropdown menu in System Template in Log Settings. |
| 1094451 | If the Timezone field in the System Template is left blank, FortiManager may apply its default timezone and overwrite the existing timezone on the FortiGates. |
| 1099270 | Unable to upgrade of FortiGate HA devices via Firmware Templates. |
| 1103166 | Installation wizard might stuck at 50% if the device has Jinja CLI template assigned. |
| 1103304 | OSPF passive interface settings cannot be set via Device settings > Router > OSPF. |
| 1110780 |
FortiManager does not allow creating the local-in policy with SD-WAN zone. |
| 1111432 | In a BGP template Neighbor Range, set max-neighbor-num 0 is not accepted
by the GUI. |
| 1115014 | FortiManager fails to install SSID configuration in FortiGate when captive portal is enabled with error "Must set selected-usergroups" |
| 1119280 | Firmware Template assignment does not work properly. |
|
1122481 |
When a FortiGate HA failover occurs, making any configuration changes on the FortiGate HA may cause FortiManager to attempt to purge the firewall policies on the device during the installation (Install Device Settings (only)). |
| 1124171 |
FortiManager retrieves the device configuration from the ZTP FortiGate after the image upgrade is performed, due to the 'Enforce Firmware' feature. This action erases all settings in the device database on the FortiManager side, and as a result, AutoLink installation will not be completed successfully. |
| 1124431 | Installation failure due to 'sslvpn os check' syntax error. |
| 1126321 | When creating a VLAN with "LAN" Role, an object is created even if "Create Address Object Matching Subnet" is disabled. |
| 1128094 | After upgrading to v7.2.10, the entries under Network Monitor > Routing (Static & Dynamic) no longer appear. |
| 1129574 | Unable to restrict Firmware upgrade via Admin Profile. |
| 1136080 |
Starting from version 7.2.11, FortiGate devices use a different password type for the administrator's password field. FortiManager versions released before this change cannot verify the administrator password when installing to an FortiGate, which may result in an installation failure. |
| 1148864 |
During provisioning, if multiple scripts attempt to modify the aggregate interface, the database installation fails with the following error: [attribute "vdom" check error - runtime error -2: Virtual domain must be same as virtual domain () for all aggregate/redundant interfaces] This issue occurs only with aggregate interfaces. |
| 1152564 | Unable to edit route-map due to the following error "rule/2/set-priority is out of range (property: set-priority)". |
| 1153376 |
If devices are added to FortiManager after SD-WAN is enabled, then Traffic Shaping/SD-WAN may display No Data or No Records Found. If the user enables SD-WAN after the device is already managed by FortiManager, there should be no issue. |
FortiSwitch Manager
| Bug ID | Description |
|---|---|
| 1026433 | When navigating to FortiSwitch Manager > FSW VLAN > "BUILD-VLAN" and enabling the DHCP Server, the Advanced options are missing the filename field. |
| 1077058 | IPv4 allow access for VLAN interface over Per-Device Mapping cannot be set. |
| 1089719 |
Pre-provisioning on FortiManager for the FortiSwitch 110G is unavailable, as this functionality might not yet supported on the FortiOS. Please review FortiSwitch 110G support in Special Notices. |
| 1097467 | There is a mismatch in the per-VDOM limit between the Managed FortiSwitch on the FortiManager and the actual FortiGate, causing a copy failure error when installing the configuration. So far, this issue has been observed on the FGT-90G. |
| 1110598 |
Unable to add per device mapping config for FortiSwitch VLAN. |
|
1153287 |
The maximum number of managed FortiSwitches on FortiManager does not match with the maximum number of managed FortiSwitches by FortiGate, resulting in a copy failure error during installation to FortiGates. |
Others
| Bug ID | Description |
|---|---|
| 1003711 |
During the FortiGate HA upgrade, both the primary and secondary FortiGates may reboot simultaneously, which can disrupt the network. This issue is more likely to occur in FortiGates that require disk checks, leading to longer boot times. |
| 1009848 |
Support ISE distributed deployment: PAN/MnT Nodes up to 2, Pxgrid Nodes up to 4. |
| 1025366 | FortiManager does not support the FortiExtender SSID |
| 1049457 |
Users may encounter an issue in the FortiManager GUI when expanding the log details (when FortiAnalyzer is added as a managed device). |
| 1052341 | Not able to select Address type MAC in SD-WAN rule source address. |
| 1065593 | Not able upgrade ADOM. |
| 1066240 |
The FortiSASE Connector is supported only on FortiManager VM platforms and is not supported on FortiManager hardware models. |
|
1067460 |
Unable to upgrade ADOMs from 6.0 to 6.2, due to the FortiGate's syntax changed. |
| 1075449 |
Intermittent connection issues have been reported randomly when the FortiManager manages 1000+ FortiGates. |
| 1081941 | When UTM-Profile gets added to a FortiProxy policy, FortiManager generates invalid config. |
|
1089725 |
Progressively slower GUI performance caused by increasing memory usage of the "init" daemon. |
| 1091375 | When the install is waiting for a session, it neither updates nor completes the task. |
| 1103008 | Not able to edit DNS Filter profile in FortiProxy ADOM. |
| 1111686 | FortiManager's GUI may crash with the error "Oops! Sorry, an unexpected error has occurred." when downloading a backup or accessing the Last Script Run option under Device Database. |
| 1113799 | Unable to upgarde the FortiAP or FortiSwitch from FortiManager. |
| 1114595 | Login authentication fail when using FortiAuthenticator with FortiToken Mobile assigned to the user. |
| 1114809 |
After upgrading the FortiManager using the "Upgrade Image via FortiGuard" feature, the FortiManager JSON API login may fail, leading to service disruptions. This issue is important for FortiPortal and other FortiManager API clients. |
| 1117603 |
Some compatibility issues have been encountered with FortiOS 7.4.7, please review the FortiManager 7.4.6 Release Notes. |
| 1119279 | Event log for object is generating thousands of Wifi Events. |
| 1124007 | 'Ok' button does not save the settings; Navigate to Device Manager > Device & Groups > Right click on FortiGate > Firmware upgrade > Schedule > Custom > Define time > Press OK. |
| 1125382 | When EMS is added as a Fabric Connector to these FortiGates from FortiManager, all devices appear under FortiManager-managed devices, but only the primary FortiGates serial number is displayed. |
| 1136765 | The PxGrid connector should support Fully Qualified Domain Names (FQDN). |
| 1142559 | When attempting to upload the firmware image from FortiGuard, FortiManager returns the following error "Code: -1, Invalid image". This issue has primarily been observed on FortiGate hardware platforms running special build firmware versions, where the image contains an encrypted MBR such as on the FortiGateRugged-70G-5G-Dual, FortiGateRugged-70G, FortiGateRugged-50G-5G, FortiWiFi-70G models. |
| 1147636 | Universal connector card on Fabric View page is missing under Fabric View > Endpoint/Identity connectors. |
|
1160086 |
Unable to upgrade ADOM from v7.2 to v7.4 due to HTTP3(QUIC) error in deep-inspection profile. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 706809 | Policy Checkexport does not have thelast hit count details anymore. |
| 968149 | Unable to export policy package to CSV. |
| 969923 | The View Mode button, which is used to check the interface in Pair View, is missing in the Firewall Policy under Policy Packages. |
| 991720 |
FortiManager still has an option to enable the |
| 1011220 | FortiManager constantly changes the UUID of some objects. |
| 1025012 |
Configuring the SSL/SSH inspection profile may result in the following error: "The server certificate replacement mode cannot support category exemptions." |
| 1030914 | Copy and paste function in GUI removes name of the policy rule and adds unwanted default security profiles (SSL-SSH no-inspection and default PROTOCOL OPTIONS). |
| 1047850 | Error occurs when modifying any route maps: "Cannot save route maps: rule/[id]/set-priority: out of range...". |
| 1054707 | FortiManager try to install "unset qos-policy" and installation fails. |
| 1057228 |
Importing the SDN Objects, with multiple tags, will addmultiple entries listed as SDN objects; when clients add anything into the filters section, browser immediately redirects to an error page showing: "Oops! Sorry, an unexpected error has occurred". |
| 1070800 |
FortiManager is attempting to install the |
| 1073463 | Installation is failed with error "VIP entry cannot be moved when central-nat is disabled." |
| 1076659 |
When policy package configured with policy block, installationto multiple devices may have copy fail errors if combined length of the Policy Block name and Policy name is greater than 35 characters and if the total number of such policies exceeds 1000. |
| 1077964 |
After ZTNA server real server address type changes from FQDN to IP, the policy installation may fail; FortiManager pushes ZTNA server config with wrong order. |
| 1078598 | Unable to import policy due to issues related to the protocol-options feature. |
| 1079037 | The internet-service-id attribute is configurable in the FortiManager,
whereas this attribute cannot be modified on the FortiGate. |
| 1079128 | ZTNA Server Per-Device Mapping may display a copy error failure if a new per-device mapping is created without specifying the object interface. |
| 1079678 |
FortiManager does not provide any warning when there is a "deny all" policy in the middle of a Policy Package. This can be still seen on the "task monitor". |
| 1082548 | Address type FQDN is missing DNS resolve domain name function feature. |
| 1086603 | Unable to create local-in policy with ISDB objects. |
| 1086705 | Multicast policy table Log column shows wrong info and right click update does not work properly. |
|
1089894 |
The Policy Package import may hang indefinitely on a specific FortiGate VDOM due to recursive object references. |
| 1092581 | FortiManager cannot modify rat-timeout-profile in Policy Packages. |
|
1093173 |
Web-filter rating service returns unrated when the URL does not have 'scheme' part. |
|
1096879 |
When checking the policy package diff, FortiManager shows that the " |
| 1097885 | Action column is missing in policy package for security policy when NGFW Mode set to policy-based. |
| 1101436 | The sni-server-cert-check cannot be disabled on SSL-SSH
inspection profile for "ftps", "pop3s", and
"smtps". |
| 1101919 | Changes to a Virtual IP global settings are not applied when a per-device mapping exists. |
| 1106646 |
When attempting to configure a local-in policy on FortiManager using ISDB objects as the source, the following error is encountered: "Attribute 'srcaddr' MUST be set when internet-service-src-name is set" |
| 1108159 | IP address list for an ISDB object differ between FortiManager and managed FortiGate while both devices have installed the same ISDB definitions. |
| 1109061 | FortiManager tries to set the inspection mode for the deny policies. |
| 1112011 |
When a policy package contains a globally assigned policy, installing a local ADOM policy package (with the "Install On" feature enabled for a specific device) may not function properly. The policy could be installed on all devices instead of the intended one. |
| 1112917 | Unable to set or update a security profile group on a policy directly in the firewall or proxy policy view. |
| 1113129 | FortiManager is treating implicit-deny local-in policy incorrectly,
denying any traffic. |
| 1114832 |
Any addition/modification in Application and Filter Overrides for Application profile doesn't show up in the install preview. |
| 1116489 | The revision history time stamps for custom profiles are all showing the same. |
| 1119299 | Installation fails due to syntax compatibility issues between FortiManager and FortiGate version 7.2.10. Specifically, the issue occurs when FortiManager attempts to unset the
servercert in the vpn ssl settings. |
| 1130475 | FortiManager starts appending an ID to the global-label associated with policies. This can cause a problem if global labels are being used to group policies together. |
| 1131552 | Import fails due to an invalid remote certificate, even though the certificate is available on the FortiGate. |
| 1133553 | Unused policy tool showing No hit count report for this policy package message when policy block is added to policy package. |
| 1134276 | Installation of "config system ddns" configuration fails. |
| 1139220 | FortiManager does not prevent users to mix ISDB and destination addresses. |
Script
| Bug ID | Description |
|---|---|
| 931088 |
Unable to delete VDOMs using the FortiManager script. Interfaces remain in the device database, causing the installation to fail. |
| 1085374 |
FortiManager does not support exporting the TCL scripts via CLI. |
Services
| Bug ID | Description |
|---|---|
| 1104925 | FortiManager in Cascade mode may fail to display accurate license information/contracts for FortiGate retrieved from the FDS server, as it is not listed in the FortiGate's authlist. |
| 1108706 |
When updating query service packages from the global anycast server (globalupdate.fortinet.net), medium-sized IoTS packages may encounter checksum errors. These errors can prevent the proper updating of SPAM and URL databases, potentially impacting the FortiManager's FortiGuard Services. |
| 1116120 |
When the FortiGuard Web Filter and Email Filter services are enabled, the usage of the root filesystem ("rootfs") gradually increases until it reaches 100%. This may affect the performance of other functions on the FortiManager, and it will be more noticeable when the FortiManager is operating with a smaller memory size. |
| 1138715 | FortiManager does not auto-download the FortiClient signature from FortiGuard. |
System Settings
|
Bug ID |
Description |
|---|---|
| 1047252 |
Incorrect warning message displayed in FortiManager GUI during upgrade from Feature build to Mature build. |
| 1081463 | The encrypted backup file cannot be easily correlated with the backup details, as the date and time are not included. |
|
1088248 |
When users perform any task, such as installing a policy, the task monitor icon that appears at the top-right of the GUI continuously shows a loading state, and users are unable to view the task progress. |
| 1108205 | ADOM lock override does not work
even though lock-preempt has been enabled. |
| 1115464 |
When any interfaces have the service access feature enabled (fgtupdates, fclupdates, and webfilter-antispam), changing the IP address on the desired interfaces may not immediately affect the listing port for that IP. As a result, the user might not be able to access the GUI using the newly configured IP address (assuming default port 443 is being used). |
| 1121608 | Under the Dashboard > Sessions widget, the number of current sessions presented in FortiManager does not match the number of sessions in the FortiGate. |
VPN Manager
|
Bug ID |
Description |
|---|---|
| 1084434 | Unable to rename theaddress objects (either source and/or destination) used in Phase2 quick selectors in IPSec VPN without an installation error. |
| 1084696 |
If users reopen the IPsec Tunnel template and close it without making any changes, FortiManager might still display the following error message in the install log: "Error: VPN IPsec phase1-interface psksecret...Minimum psksecret length is 6..." . |
| 1090636 | Unable to edit VPN community due to the following error message: "vpnmgr/vpntable/: cannot be edited". |
Common Vulnerabilities and Exposures
Visit https://fortiguard.com/psirt for more information.
| Bug ID | CVE references |
|---|---|
|
1091672 |
FortiManager 7.4.7 is no longer vulnerable to the following CVE Reference:
|
|
1129438 |
FortiManager 7.4.7 is no longer vulnerable to the following CVE Reference:
|