When configuring FSSO groups containing parentheses in policy-based NGFW mode, the following error can be observed:

config system settings
    set ngfw-mode policy-based
end

config user adgrp
    edit "CN=qq(qiqi),OU=Fortinet,DC=fortiqq,DC=com"
        set server-name "WIN2019"
    next
end

CLI:

Fortinet #config firewall security-policy
Fortinet (security-policy) # edit 1
Fortinet (1) # set fsso-groups CN=qq(qiqi),OU=Fortinet,DC=fortiqq,DC=com
The string contains XSS vulnerability characters

value parse error before ‘CN=qq’
Command fail. Return code -173

GUI:

However, no errors/issues can be seen in profile-based ngfw-mode:

config system settings
    set ngfw-mode profile-based
end

config firewall policy
    edit 1
        set name “Test”
        set srcintf “port1”
        set dstintf “port2”
        set action accept
        set srcaddr “all”
        set dstaddr “all”
        set schedule “always”
        set service “ALL”
        set nat enable
        set fsso-groups “CN=qq(qiqi),OU=Fortinet,DC=fortiqq,DC=com”
    next
end

This issue has been resolved in  v8.0.0 (scheduled to be released in February 2026). These timelines for firmware release are estimates and may be subject to change.