Producent oprogramowania Fortinet udostępnił właśnie nową wersję oprogramowania dla produktu FortiManager o numerze wersji 7.0.0. W najnowszej wersji rozwiązano problem zawieszającego się SD-WAN w środowiskach powyżej 1500 urządzeń, rozwiązano również błąd, który nie pozwalał dodać FortiGate 101F do FortiManagera. W opisywanej wersji naprawiono także usterkę, która skutkowała, iż FortiManager po przełączeniu urządzeń w klastrze HA tracił połączenie do urządzeń. Po więcej ciekawych informacji zapraszamy do dalszej części artykułu.
Rozwiązane problemy:
AP Manager
| Bug ID | Description |
|---|---|
| 590098 | When adding a new WTP profile, FortiManager tries to set a default handoff-sta-thresh and unset radio bands, which do not match the defaults for many of the E-series APs. |
| 593168 | DFS channel list in WiFi template is inconsistent between FortiManager and FortiGate. |
| 648812 | DHCP server is created incorrectly for Bridge SSID. |
| 667215 | FortiManager should be able to classify Rogue FortiAPs. |
| 669906 | FortiManager may not be able to install mpsk-key from AP Manager. |
| 679115 | An available interface cannot be selected when authorizing FortiExtender. |
| 692911 | FortiManager may not be able to display correct information for wireless radio in wireless profile for FortiWiFi-80F-2R. |
Device Manager
| Bug ID | Description |
|---|---|
| 485037 | Monitor > map view may fail if proxy is enabled. |
| 594211 | FortiManager should be able to create new VLAN interface on fabric interface and install to FortiGate. |
| 604855 | CLI Template should not prevent the lan interface from being deleted once all the dependencies have been removed. |
| 609744 | Device Manager > System > Interface may not be able to delete SSID interface. |
| 610134 | FortiManager may not be able to save the admin setting page. |
| 610585 | Device Manager cannot save DHCP for Unknown MAC address with action sets to block. |
| 616387 | Device configuration dashboard cannot update hostname or VDOM. |
| 624325 | Creating or editing transparent VDOM to disable may stall at 20%. |
| 627664 | FortiManager cannot cooperate with socket-size 0 and changes it to 1 automatically. |
| 636012 | Importing a policy may report conflict for the default SSH CA certificates. |
| 643845 | After auto link, FortiGate HA cluster members have the same hostname. |
| 645086 | Policy Lookup shows an error even though the device is in sync. |
| 646421 | FortiManager may not be able to configure VDOM property resources setting. |
| 649785 | SD-WAN > Monitor may hang for an ADOM with 1500 devices. |
| 649821 | Installation may fail for FortiGate-600D. |
| 654611 | Under Advanced mode and within a VDOM, clicking „Device Manager” on the top menu returns the no permission error. |
| 655264 | VDOM count is not correct when vdom-mode split-vdom is configured on FortiGate with VM0xV license. |
| 656433 | FortiManager device delete process may hang . |
| 657988 | FortiManager may lose connection and fail to install after FortiGate HA switching roll. |
| 659387 | FortiManager should be able to provision CLI-template, SD-WAN-template, and Policy Package together to the model device. |
| 662243 | FortiManager is unable to clone SNMP Community under System Templates. |
| 662656 | When importing polices that contain policy block or global policy,the import wizard should provide a warning that those polices will not be imported. |
| 665344 | Users with full R/W DVM privileges should be allowed to see and modify the System Provisioning Templates. |
| 666833 | GUI returns no warning when 4-byte AS or invalid community is configured on Standard community. |
| 667826 | Device Manager may show „No entry found” with rtmmond and the security console crashes. |
| 669129 | FortiManager does not create dynamic mapping for an address group causing import failure. |
| 669155 | SD-WAN monitor hangs at loading when the admin profile is set to Read-Only for SD-WAN. |
| 669704 | FortiManager does not allow user to configure FortiGate admin password longer than 32 characters. |
| 670535 | Install fails when creating a new DHCP reservation due to missing MAC address. |
| 670839 | FortiManager should be able to configure IPSec Phase2 selector using the same IP range. |
| 671348 | FortiManager should allow more than ten incoming source interfaces for policy routing decision. |
| 672319 | View Config, View Install Log , and Revision Diff in Workspace mode should not be greyed out when the ADOM is unlocked. |
| 672338 | FortiManager may unset interface weight in SD-WAN when installing within 6.0 ADOM. |
| 673008 | SD-WAN Rules order changes to the default when creating a rule and moving it to the top. |
| 673641 | When creating a policy, all the vwpare names are shown and not only the names from the installation target. |
| 674282 | FortiManager sends unset entry-id if the FortiGate implements NAC access-mode at FortiSwitch switchport level. |
| 674938 | FortiManager should add support for set use-shortcut-sla option in SD-WAN rules. |
| 676002 | FortiManager is not allowing to re-install policy when user selects all devices with VDOMs from Device Manager. |
| 677241 | Interface speed is set incorrectly on the port group due to missing aggregate membership verification. |
| 678066 | Install may fail when changing FortiGate admin password from FortiManager. |
| 680516 | Host Name is truncated when the name has more than 31 characters. |
| 681627 | FortiManager is accepting DNS source IP even though it is not part of the available interfaces. |
| 684372 | When using VDOMs, the Policy Package status remains in modified status after using Push to device. |
| 684462 | FortiManager truncates the device configuration when downloading from View configuration option. |
| 688541 | FortiManager should not unset dynamic-vlan of wireless-controller VAP and gateway of router settings after import. |
| 689014 | FortiManager may return an error when changing FortiGate device log configuration from FortiManager with management VDOM moved to another VDOM. |
| 689920 | FortiWeb serial number may not be correctly recognized and firmware version is not available in the Add device wizard. |
| 690012 | Changing the value of a meta-data field for a device should trigger the change with configuration status. |
| 690241 | FortiManager may fail to auto-link with FortiGate with the error: Failed to update device management data 'invalid value – devmgmtdatafailed|invalid value. |
| 690566 | Changes to the Disclaimer Page may not be saved and displays an error. |
| 692669 | Browser may display a message, A webpage is slowing down your browser, while checking revision difference. |
| 693622 | There may be inconsistent behavior between FortiGate and FortiManager when changing port speeds for FortiGate-3600E or FortiGate-3601E. |
| 696496 | Auto-link may fail when Workspace is enabled. |
| 696848 | Users may not be able to retrieve configuration or import policy from managed devices and dvmcore crashes frequently. |
| 697098 | Retrieving HA configuration may fail when adding FortiGate. |
| 697535 | Device Manager should not allow user to add ssl.root to a zone. |
| 697746 | FortiManager needs to support adding FortiAnalyzer devices with serial numbers that have a prefix of FAVMXX. |
| 697924 | When there are many devices, all managed FortiGates may show connection down state. |
| 698625 | FortiManager may not be able to view, add, or edit software switch members. |
| 698709 | When importing policies, firewall policies may not be loaded. |
| 699182 | FortiManager may fail to add FortiGate-101F as model device. |
| 699450 | The SDWAN monitor is showing historical traffic for an interface when it is Down in the defined time period. |
| 701446 | SD-WAN monitor may take several minutes to display a map if the device tunnel is flapping. |
| 702555 | FortiManager may lose device admin user and geo-location information during the onboard process for a model device. |
| 702590 | The System template may stop being displayed on the Devices & Groups page. |
| 704197 | FortiManager may fail to create a FortiSwitch in a 6.0 ADOM. |
| 704789 | SD-WAN monitor is missing Health Check Status information and probes. |
| 705547 | Route monitor may shows incorrect interface information. |
| 711034 | There may be to displaying Meta Fields data when creating or editing a Device Group. |
FortiSwitch Manager
| Bug ID | Description |
|---|---|
| 650453 | FortiSwitch template and VLAN shall appear for firewall policy creation. |
| 667703 | After adding a FortiSwitch, running a script to provision may fail. |
| 678804 | FortiSwitch template is not working as expected in switchport NAC access-mode. |
| 690995 | FortiSwitch Manager should not install the auto-detected setting to FortiGate. |
| 700023 | Install may fail with switch-controller managed-switch:poe-pre-standard-detection after upgrade. |
| 700136 | In FortiSwitch Manager, the Map to Normalized interface menu always displays none when editing a VLAN. |
| 706953 | A maximum of one device entry can be found in Device Information column under FortiSwitch port. |
| 707909 | Template may be removed, and FortiLink interface and Comments fields may be empty. |
| 708901 | The assigned FortiSwitch template name that has more than sixteen characters may fail ADOM integrity check. |
Global ADOM
| Bug ID | Description |
|---|---|
| 632400 | When installing a global policy, FortiManager may delete policy routes and settings on an ADOM. |
| 662216 | Searching for Where Used in a Global ADOM may not show object usage in an ADOM. |
| 667423 | Assigned header policy from the global ADOM shows up on excluded policy package. |
| 670280 | Promoting the Profile Group object should not promote the default Protocol option. |
Others
| Bug ID | Description |
|---|---|
| 649399 | After upgrade, install may fail if a FortiGate was assigned to a system template. |
| 656956 | There may be crashes with rtmmond when FortiWLM is enabled. |
| 659916 | FortiManager may consume high memory usage by the svc sys daemon. |
| 661069 | ADOM restricted access user is able to pull Device Manager information from ADOMs via JSON API. |
| 665617 | FortiManager may consume high CPU resource when locking ADOM or loading policy. |
| 667421 | FortiManager may report repeated miglogd crashes which causes lost logs. |
| 667442 | FortiManager may not be able to connect to FortiGate CLI via SSH widget or execute TCL scripts. |
| 670479 | FortiManager configuration file size may be large due to a bulk of resync files. |
| 671444 | FortiManager may fail to check-in configuration revision with the HA secondary unit. |
| 673210 | When checking unused policy, implicit policy information is not included. |
| 681707 | The diagnose cdb upgrade check +all command may unset defmap-intf. |
| 682404 | The rtmmond process memory usage may constantly increasing. |
| 686460 | ADOM integrity check may run slowly and it takes several minutes to response for each ADOM. |
| 687155 | FortiManager should improve the error message for running CLI Template. |
| 690969 | The dmworker process may consume high memory and CPU resources with failures due to busy handler. |
| 691568 | FortiManager GUI may randomly becomes non responsive. |
| 695549 | The _created timestamp is missing in the REST API return data for Policy. |
| 697132 | In some circumstances, FortiManager is not accessible unless the device is rebooted every couple of days. |
Policy and Objects
| Bug ID | Description |
|---|---|
| 494367 | Users cannot search for an address in a policy where the address is a part of a nested group. |
| 523350 | FortiManager does not show the default certificate under SSL/SSH Inspection within policy. |
| 547052 | FortiManager GUI should not allow creating Security Profiles without any SSL/SSH Inspection Profile defined. |
| 565301 | Exporting policy package to Excel may not work. |
| 587634 | FortiManager may not be able to create new wildcard FQDN type address to FortiGate 6.2. |
| 601229 | FortiManager is missing device-type option for custom device dynamic mapping. |
| 608268 | Users may not be able to edit firewall policy due to session-ttl:out of range in v5.6 or v6.0 ADOM. |
| 612317 | FortiManager shows incorrect country code for Cyprus under User definition. |
| 615936 | FortiManager is missing the SSH protocol in DLP filter. |
| 617894 | FortiManager is missing IPV6 none values after modifying policy. |
| 630431 | Some application and filter overrides are not displayed in the GUI. |
| 633727 | FortiManager is unable to display summary of policy package diff for a VDOM with a long name. |
| 647189 | FortiManager dynamic object filter generator is adding an „s” at the end of the tag preventing the object from working. |
| 651991 | After adding and removing Security Profile, the policy Security Profile changes from no-inspection to empty. |
| 657026 | GUI hangs during loading when applying changes made to Anti Virus profile. |
| 658528 | The URL remote category, FortiGuard Threat Feed, is not available in the dropdown menu for Proxy Address. |
| 660483 | IPS signatures may not match between FortiGate and FortiManager. |
| 661590 | FortiManager should fail the install with a proper error message without selecting security profile group on proxy policy. |
| 667414 | FortiManager may freeze when editing the Comment field in a policy package with many policies. |
| 668649 | Install may hang at 75% when no VLAN interface is configured for fsp managed-switch. |
| 669389 | Install may fail due to web filter profile in flow mode with setting changes available in proxy mode only. |
| 670019 | There is no Decrypted Traffic Mirror option in policy when only one port mapping is enabled in Full SSL/SSH Inspection. |
| 670833 | Search box for address may not always work. |
| 671265 | Global object assignment may not work. |
| 671693 | Internet Service Group should show an error or a warning when the direction setting is not the same. |
| 671985 | Decrypted Traffic Mirror setting is not being removed from policy after it is changed in the SSL Inspection method. |
| 671988 | FortiManager is not able to push dynamic objects to FortiGate after receiving the configurations from NSXT connector. |
| 673305 | Policy package install may hang and fail due to high memory usage. |
| 673311 | Full SSL/SSH Inspection profile’s Invalid SSL Certificates setting does not take effect when Inspect All Ports is selected. |
| 673554 | FortiManager should not allow a policy to set the destination address with a Virtual Server when inspection-mode is set as flow. |
| 673554 | FortiManager should not allow a policy to set the destination address with a Virtual Server when inspection-mode is set as flow. |
| 674899 | FortiManager may not be able to edit proxy addresses objects. |
| 675199 | Local web category override is not installed if web filter is part of policy block package. |
| 675501 | Policy check may show negative values. |
| 675509 | FortiManager may randomly set IPv4 IP Pool object to overload. |
| 675541 | Deleting an override entry should trigger modified status for policy packages with FortiGuard Category Based Filter enabled within web filter profile. |
| 675587 | Firewall VIP hover-over popup should not show ports when port forwarding is disabled. |
| 677385 | IPS profile may not load. |
| 678439 | FortiManager may always configure empty application parameter values. |
| 681342 | Devices are evicted from Installation target after authorizing a new device. |
| 682370 | Having changed an IPS profile on security profile, the change is not visible when editing the policy again. |
| 686591 | FortiManager may not be able to add individual VWP interface members to multicast policy. |
| 688589 | Setting the Local Webfilter Category action to Allow should not disable the action when installed on FortiGate. |
| 690509 | FortiManager may fail to install ACI-Direct connector to FortiGate due to server-list command. |
| 692114 | Where Used returns no record found when IPS Custom Signature is being used. |
| 693763 | Saving address object may return error: firewall/address/organization : The data is invalid for selected url. |
| 694605 | FortiManager may not be able to push the entire Azure SDN Connector configuration. |
| 696072 | FortiManager GUI should allow users to configure HTTPS health check monitor including fields such as http-match and http-get in the monitor. |
| 700743 | Viewing Policy and Objects may be slower after upgrade. |
| 701290 | FortiManager should not allow users to create a wildcard FQDN address object with non-wildcard FQDN. |
| 702138 | NGFW security policy Application category Unknown applications is missing on FortiManager while it is present on FortiGate. |
| 703639 | Installing policy package for a device using CLI template may stall. |
Revision History
| Bug ID | Description |
|---|---|
| 579286 | Installation may fail for FortiGate 6.2 within ADOM 6.0 due to configuration changes with virtual-wan-link member weight and volume-ratio, and internet-service-ctrl. |
| 637465 | Installation fails when installing global v6.2 IPv4 policy to v6.4 FortiGate. |
| 642075 | Install may fail with delete metadata-server error. |
| 657344 | Installing from 6.0 ADOM may try to „unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2. |
| 657344 | Installing from 6.0 ADOM may try to unset inspection-mode and unset ssl-ssh-profile on FortiGate 6.2. |
| 660525 | Installing from FortiManager, may unset comment, organization, and subnet-name during install. |
| 662438 | FortiManager may try to purge all web rating override entries. |
| 662661 | Default value of global: system npu ip-reassembly:max-timeout NPU setting in ADOM 6.0 for FortiGate-1800F should be changed to 10000 to avoid Conflict status. |
| 667148 | When a policy install is performed, Install preview shows a lot of firewall policies with metafield changes without any actual change being performed. |
| 673101 | When set cfg-save manual is configured, FortiManager may try to delete objects that do not exist in the FortiGate configuration. |
| 673327 | With traffic shaper in Mbps or Gbps, FortiManager should convert it to Kbps if installation target is non 64 bits FortiGate model. |
| 677659 | FortiManager may fail to retrieve device configuration on web category with log threat-weight. |
| 679139 | When a policy package is shared between many firewalls, web rating override purge may fail in some scenarios. |
| 683728 | Installation fail due to VIP mapped IP range error when installing v6.2 policy package to v6.4 device. |
| 686036 | FortiManager may remove Allow Access configurations for secondary IP when a policy package is installed. |
| 689270 | The following attributes under configs vpn ssl setting may have an invalid range: login-attempt-limit, login-block-time, http-request-header-timeout, http-request-body-timeout and router bgp keep-alive-timer. |
| 691240 | FortiManager should not unset the value forward-error-correction with certain FortiGate platforms. |
| 691835 | FortiManager should be able to move one VLAN to a different zone without deleting many rules or zones. |
| 693231 | FortiManager tries to purge webfilter ftgd-local-rating when directly referenced in URL Category of a policy. |
| 698350 | Install may fail with error: [VPN manager ] failed to update vpn node with device info. |
| 700495 | FortiManager 6.2 ADOM may be sending set synproxy to FortiGate-1801F. |
| 701870 | Process may get stuck at 85% when pushing multiple policy packages from Global ADOM. |
| 709456 | FortiManager may be missing configuration revisions after performing HA failover. |
Script
| Bug ID | Description |
|---|---|
| 663820 | The LDAP port value remains 636 on device database and FortiManager is not accepting custom port number via CLI script. |
| 668947 | Changes using CLI Script may not be applied to devices in the container or folder. |
| 671998 | TCL scripts may not work when ssh-kex-sha1 and ssh-mac-weak are not enabled on FortiGate. |
Services
| Bug ID | Description |
|---|---|
| 644021 | FortiManager should be able to use custom certificate for the update related services. |
| 644173 | FortiManager should improve FortiGuard disk space quota usage logging and inquiry. |
| 671387 | FortiManager installs the latest IPS and application control signatures on managed device despite that To Be Deployed Version is configured. |
| 673307 | FortiManager may return invalid license to FortiMail and cause AntiSpam license to expire. |
| 674511 | FortiManager should count FMGC expired device number. |
| 677875 | Scheduling firmware upgrades may cause fds_svrd to consume 100% CPU resource. |
| 691738 | FortiManager may not be able to connect to FDS server via IPv6 proxy. |
| 694903 | There may be issues with some firmware upgrade paths. |
| 699768 | FortiManager should add 06002000NIDS02504 extend IPS database to default download list. |
| 701341 | FortiGuard Firmware Images may not show up-to-date FortiOS versions. |
| 704584 | FAP firmware may not be listed and cannot be imported. |
System Settings
| Bug ID | Description |
|---|---|
| 553488 | TACACS is unable to assign multiple ADOMs to admins. |
| 598194 | FortiManager two-factor authentication admin login is missing the option for FTK Mobile push notification authentication. |
| 623457 | FortiManager prompts error while importing CA certificate. |
| 631733 | Changing trusted IP can be saved and installed. |
| 642205 | While FortiAnalyzer model is disabled, FortiManager may fail to create an ADOM due to over size with disk quota. |
| 654370 | Users may not be able to access Java console with an error message: Too many concurrent connections. |
| 660226 | HA may crash when upgrading. |
| 662970 | Firewall addresses may not be not visible on GUI after upgrading FortiManager. |
| 667445 | FortiManager may show errors on dynamic_mapping.local-int during upgrade. |
| 674661 | After upgrade, FortiGate VDOM that contains FortiToken user cannot be managed anymore and policy install generates an error. |
| 677118 | Upgrading ADOM from 6.2 to 6.4 may fail due to replacement message. |
| 677461 | FortiManager is not able to identify ADOMs that are locked by non super user administrators. |
| 684907 | Changing the FortiGuard Server Location in the License Information dashboard may not take any effect. |
| 686569 | Creating and deleting the static route may remove a specific connected route. |
| 687223 | Users may not be able to upgrade an ADOM because of profile-protocol-options. |
| 688517 | Upgrading an ADOM may fail due to a FortiExtender Object. |
| 689917 | If a policy is configured with a Proxy Options profile with HTTP Policy Redirect enabled, the ADOM upgrade should enable the related option set http-policy-redirect enable to preserve the HTTP redirect feature. |
| 690400 | System Admin User ssh-public-key cannot choose ed25519. |
| 690921 | Upgrading an ADOM from 6.0 to 6.2 should not add custom ssl-ssh-profile to policies which were not configured for SSL inspection. |
| 695058 | Radius response packets should not timeout with less of the remoteauthtimeout setting. |
| 695360 | ADOM upgrade may be slow and it may take several minutes to start. |
| 699185 | If Management Extension Applications (MEA) are enabled, all system settings may be lost after upgrading FortiManager. |
| 699253 | Admin profile should not need system level access to view list of time zones in Device Manager. |
| 704504 | License Information may keep loading for admin user with FortiGuard and System Settings with read-write permissions. |
| 705762 | Session can be approved twice by different users of the same approval group. |
VPN Manager
| Bug ID | Description |
|---|---|
| 596953 | Go to VPN manager > monitor and select a specific community from the tree menu to show only that community’s tunnels and the monitor page displays a white screen. |
| 608221 | There is no XAUTH USER column in VPN Manager Monitor. |
| 620801 | SSLVPN > Edit SSLVPN Settings > IP Range, only shows configuration from ADOM database objects. |
| 647394 | VPN Manager with VPN zone feature disabled may trigger policy copy failure. |
| 653328 | FortiManager is unable to edit a SSL portal in VPN Manager containing „/” special character. |
| 658221 | The dns-suffix on SSL VPN portal is not installed if web-mode is disabled. |
| 697308 | VPN Manager is setting dst-name to All when using dst-name object group address in a protected subnet. |
| 701772 | AP may not show up in AP Manager after running CLI templates. |
| 704614 | FortiManager may not be able to push policy package due to VPN related error. |
Znane problemy do rozwiązania:
AP Manager
| Bug ID | Description |
|---|---|
| 633171 | There may be DFS Channel mismatch between FortiManager and FortiGate for FAP-223E. |
| 673020 | When creating anSSID interface in Central Management, AP Manager automatically generates normalized interface name that has no default mapping configuration. |
| 674636 | SSID may be empty in AP Manager> WiFi Profiles> SSID column. |
| 701487 | FortiManager may not be able to assign AP profile after upgrading the firmware. |
| 712669 | FortiManager may set darrp as enable on radio in monitor mode resulting in installation failure. |
Device Manager
| Bug ID | Description |
|---|---|
| 545239 | After adding FortiAnalyzer fabric ADOM to FortiManager, Device Manager’s log status, Log Rate, or Device Storage column cannot get data from FortiAnalyzer. |
| 554241 | FortiManager cannot delete and reassign ports to a VDOM when split VDOM is enabled. |
| 560444 | FortiManager may not set pmf to enable, causing the install to always fail with WPA3-SAE, WPA3-Enterprise, or WPA3-SAE-Transition within 6.4 ADOM. |
| 563690 | Device Manager fails to add FortiAnalyzer which contains a FortiGate HA device with the error: serial number does not match database. |
| 576850 | There may be possible VDOM Name inconsistency between FortiManager and FortiGate. |
| 596711 | FortiManager CLI Configuration shows incorrect default wildcard value for router access-list. |
| 610568 | FortiManager may not follow the order in CLI Script template. |
| 615044 | Configuration status may be shown modified after added FortiGate to FortiManager. |
| 630316 | After auto-conf IPv6 address is changed on FortiGate, the address is not updated into device database. |
| 636638 | Fabric view may stuck during loading. |
| 640907 | FortiManager is unable to configure FortiSwitch port mirroring. |
| 651560 | SD-WAN monitor may hang loading when admin user belongs to device group. |
| 660491 | Device Manager system interface should not allow duplicated secondary IP address. |
| 664120 | When FortiGate HA secondary unit is down, action is displayed as promote on Device Manager. |
| 665207 | FortiManager needs IPv6 support on Syslog server setting. |
| 670577 | When creating an API admin from CLI Configuration, trusted host section is missing. |
| 670849 | Central Management configuration may be removed from FortiGate during device registration. |
| 672344 | If managed FortiAnalyzer is in HA, setting Send Logs to Managed FortiAnalyzer in the system template may cause an install error. |
| 673548 | FortiManager may not be able to make changes to the FortiGate interface settings when the interface type is Software Switch. |
| 674904 | FortiManager may not be able to import policy with interface binding contradiction on srcintf error. |
| 686144 | SD-WAN monitor table view may not matching with FortiGate performance SLA monitor. |
| 689721 | When changing FortiGuard related settings via CLI Configuration, FortiManager shows changes are reverted back and also shows the message: ’Successfully updated.’ |
| 690493 | License check setting may not be saved. |
| 690608 | Duplicate entries for FortiExtenders may exist with same serial number. |
| 700566 | FortiManager should allow user to select different VDOMs when creating an EMAC VLAN. |
| 701348 | Once VRPP instance is created, user should be able to edit or delete it. |
| 702906 | DHCP Relay Service may not be deleted when it is configured on VLAN interface. |
| 709214 | System template should allow source interface to be selected when specify is activated as interface-select-method. |
| 710570 | Any statement is not accepted by FortiManager in the prefix-list configuration. |
FortiSwitch Manager
| Bug ID | Description |
|---|---|
| 667703 | After adding a FortiSwitch, running a script to provision may fail. |
| 674539 | FortiManager may fail to upgrade two FortiSwitch devices at the same time. |
| 676739 | FortiManager may not be able to delete VLAN interfaces created by FortiSwitch Manager. |
Global ADOM
| Bug ID | Description |
|---|---|
| 667197 | User should not be able to delete global object when ADOM is not locked. |
| 680798 | FortiManager may return the error, Could not read zone validation results, when assigning global ADOM changes with Automatically Install Policies to ADOM Devices. |
| 689965 | Replacement message type UTM is not being pushed from global ADOM to local ADOM. |
| 693510 | Display Options for Object Config will reset to default unexpectedly. |
Others
| Bug ID | Description |
|---|---|
| 510508 | FortiManager cannot assign multiple ADOMs to an admin user via JSON API. |
| 605560 | Flag is_model and linked_to_model are not working for add model device with JSON API. |
| 657997 | Assigning a device to system template may not work via JSON when FortiManager is in Workspace mode. |
| 669191 | The fdssvd daemon may randomly crash. |
| 677304 | Diagnose command cannot filer download objects by objid. |
| 680806 | GUI access for multiple administrators may stall when upgrading multiple FortiGate devices. |
| 683841 | FortiManager databases may randomly lose integrity. |
| 695782 | Connection to FortiGate may fail with multiple fgfmsd crashes. |
Policy & Objects
| Bug ID | Description |
|---|---|
| 538057 | The OR button in the column filter may not work. |
| 585177 | FortiManager is unable to create VIPv6 virtual server objects. |
| 593072 | After a non-super user deletes a device, a super_user admin cannot edit zone or interface with the deleted device’s dynamic mappings. |
| 601696 | FortiManager may add unexpected IPv6 address to IPv6 address field when deleting ::/0. |
| 607628 | After deletion, creating another DNS Filter object with the same name and Domain Filter Subtable returns a duplicate error. |
| 615250 | Search by CVE may not work for both IPS Signatures and IPS Filters. |
| 615624 | Firewall policy and proxy policy cannot select IP type external resource as address. |
| 623100 | FortiManager is constantly changing UUID for firewall address object. |
| 642708 | View Mode may unexpectedly change from Interface Pair View to By Sequence mode. |
| 646329 | Policy Check may claim that different IPS profiles as duplicate. |
| 652753 | Wen an obsolete internet service is selected, FortiManager may show entries IDs instead of names. |
| 655601 | FortiManager may be slow to add or remove a URL entry in a web filter with a large list. |
| 656991 | FortiManager should not allow VIP to be created with same IP for External IP and Mapped IP Address. |
| 659296 | FortiManager may take a lot of time to update web filter URL filter list. |
| 663109 | FortiManager should not allow user to select a profile group in a flow-based policy that uses a proxy-based feature. |
| 666258 | User should not be able to create a firewall policy with an Internet service with Destination direction in Source by using drag and drop. |
| 679282 | Editing a global object in an ADOM is not possible and generates the error, undefined is not iterable. |
| 680898 | When SSL is off in EMS Fabric connector, FortiManager may return an error: Failed to refresh FSSO: EMS: error occurred in epoll_in: Success. |
| 681006 | Domain Name and FortiGuard Category Threat Feeds are not installed when set as allow action in security profiles. |
| 681453 | Copy fails for address and group from the exempt list of an SSL profile not used in the policy package. |
| 682356 | FortiManager may not be able to map normalized interface. |
| 684081 | Policy Check and Find Unused Policies may not work for FortiGate in Policy-Based mode. |
| 684728 | FortiManager and FortiGate should have equivalent filter list entries. |
| 686911 | Workflow session may not be able to compare with error: Cannot compare because of invalid Revision Diff data. |
| 686962 | FortiManager is not allowed to rename application control profile. |
| 689589 | Internet Services may not match between FortiManager and FortiGate. |
| 690269 | Newly imported Cisco ACI connector object does not appear for selection until browser is refreshed. |
| 705025 | Find Unused Policies may report incorrect session data for security policy. |
| 711121 | Enabling FortiGuard Outbreak Prevention database does not match FortiGate’s behavior. |
| 711964 | Wildcard certificate should be able to be used for Deep Inspection. |
Revision History
| Bug ID | Description |
|---|---|
| 606737 | User may not be able to install policy package due to changes with external interface with VIP settings. |
| 618305 | FortiManager changes configuration system csf settings. |
| 623159 | Zone validation in Re-Install Policy is not saving the user choice and deleting all related policies. |
| 635957 | Install fails for subnet overlap IP between two interfaces. |
| 671481 | FortiManager may unset inspection-mode for 6.2 FortiGate in 6.0 ADOM during installation. |
| 672609 | After import, FortiManager may prompt password error on administrator during install. |
| 674094 | FortiManager may unset explicit proxy’s HTTPS and PAC ports and change the value to 0 instead. |
| 693225 | FortiManager may install unset inspection-mode to FortiGate 6.2 device in 6.0 ADOM. |
| 694380 | Installation may fail when set safelist enable in ssl-ssh-profile is pushed to FortiGate 6.2 from an 6.0 ADOM. |
Script
| Bug ID | Description |
|---|---|
| 630016 | FortiGate user can see scripts from all ADOMs. |
| 668876 | Using CLI script to create SD-WAN with auto-numbering, 'edit 0′, may not work. |
| 688479 | Using TCL Script to take device configuration backup may not work. |
Services
| Bug ID | Description |
|---|---|
| 567664 | HA secondary device does not update FortiMeter license. |
| 685678 | When FortiMail FIPS mode is enabled, FortiManager should be able to validate its license. |
| 701777 | Application ID is not being configured after policy script execution. |
System Settings
| Bug ID | Description |
|---|---|
| 479723 | FortiManager may not display the settings for Fabric View in an admin profile. |
| 517964 | FortiManager may crate incorrect certificate and it cannot be deleted. |
| 614127 | FortiManager should show details in the fnbamd debug if login fails due to trusted hosts. |
| 616703 | The CLI Console in the GUI may not respond. |
| 617601 | Sort by Time Used in the task monitor may not be correct. |
| 652417 | FortiManager HA may go out of synchronization periodically based on the logs. |
| 670497 | After upgrading FortiManager, it may delete syslog configuration. |
| 687171 | Users may not be able to assign devices to the ADOMs to which they have full access. |
| 687968 | FortiManager should not change to ipv6-autoconf to Disabled when management access is changed to the ipv6-autoconf enable state. |
| 690926 | FortiManager is removing SD-WAN field description upon ADOM upgrading from 6.2 to 6.4. |
| 700142 | FortiManager should allow users to configure more than eight hosts per SNMP community. |
| 708939 | Dashboard is showing incorrect GB per day and device quota information when FortiManager is enabled. |
VPN Manager
| Bug ID | Description |
|---|---|
| 681110 | VPN manager may not push any configuration on ADOM 6.0 for dial up VPN on FortiGate. |
| 699759 | When installing a policy package, per device mapped object used in SSL VPN cannot be installed. |
| 712633 | VPN Manager pushes default „dpd-retrycount” and „dpd-retryinterval”, but it cannot display them. |
Notatki producenta: FortiManager 7.0.0
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie