Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DmytroKyiv
New Contributor

Created on ‎10-09-2025 03:15 PM

FortiManager 7.4.8 tries to push unsupported "config vpn ssl settings" to FortiWiFi-30G

We have a FortiWiFi-30G running FortiOS 7.4.8 managed by FortiManager 7.4.8.
During configuration installation, FortiManager tries to push the following commands:

config vpn ssl settings
  set banned-cipher SHA1 SHA256 SHA384
  set servercert ''
end

As a result, the installation fails with:
install and save finished status=FAILED


The command config vpn ssl settings does not exist on this model (only config vpn ssl client is available).

FortiWiFi # config vpn ssl
client    Client.

FortiWiFi # config vpn ssl setting
command parse error before 'setting'
Command fail. Return code 1

Although the error doesn’t affect the running configuration, the device always stays in Conflict state, and automatic updates do not work.

How can we remove or exclude this part (config vpn ssl settings) from the configuration template so that FortiManager stops trying to apply it?

Verification report excerpt:

---> generating verification report

(vdom root: vpn ssl settings:banned-cipher)
    remote original:
    to be installed: SHA1 SHA256 SHA384

(vdom root: vpn ssl settings:servercert)
    remote original:
    to be installed: ''

(vdom root: vpn ssl settings:status)
    remote original:
    to be installed: disable

<--- done generating verification report

 

Thank you in advance for your assistance on this issue.

Labels:
360
0 Kudos
7 REPLIES 7
BillH_FTNT
Staff
Staff

Created on ‎10-09-2025 07:20 PM

Hi @DmytroKyiv 

Is this a new device and a new installation?

Bill

342
DmytroKyiv
New Contributor
In response to BillH_FTNT

Created on ‎10-10-2025 12:39 AM

Hi @BillH_FTNT 

Yes, this is a new device

And it's the first device in this series in our network.

328
0 Kudos
illorenzoditorino
New Contributor II

Created on ‎10-13-2025 05:03 PM

Well, there was an earlier bug#1119299 about that but it was fixed in 7.4.7 and 7.6.3, but you said you are running 7.4.8... better to open a ticket and check with support.

253
0 Kudos
DmytroKyiv
New Contributor
In response to illorenzoditorino

Created on ‎10-14-2025 04:13 AM

Thanks for the reply!

I have several FWF-40F's and it doesn't have this problem. I think the problem is with the 30th model.

222
0 Kudos
farhanahmed
Staff
Staff

Created on ‎10-13-2025 05:17 PM

@DmytroKyiv 

- The issue you are seeing is due to the fact that FWF-30G does not have the SSL VPN settings.
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Unable-to-see-SSL-VPN-and-IPsec-opti...

- It is a syntax issue in FMG which 'thinks' SSL VPN is valid config for this model.

- There are no workarounds yet and it should be fixed in v7.6.5.
- So during the install, FMG will push all the other config without any issue and you can ignore the install fail if its only due to this sslvpn settings.

FA
248
DmytroKyiv
New Contributor
In response to farhanahmed

Created on ‎10-14-2025 04:25 AM

Thanks for the reply!

Version 7.6 is the Feature level, and I don't want to upgrade to it.
Yes, I'm just ignoring the error for now.


I was wondering if I could somehow remove a section of the configuration so that the FortiManager wouldn't update it.

220
0 Kudos
farhanahmed
Staff
Staff
In response to DmytroKyiv

Created on ‎10-15-2025 09:56 AM

Unfortunately, that would be a new 'feature request' to block a section of config from installing :)

FA
174
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.