Fortinet black logo

Resolved issues

Resolved issues

The following issues have been resolved in FortiADC 7.1.2 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description

0891664 The customized form base authentication page cannot support domain names longer than 32 bytes, which results in redirection to an incomplete domain name.
0885150 Shared memory related crash caused by conflict between httproxy and cmdb when cmdb reinits shared memory.
0884045 Firewall Policy deny logs are not generated when the packet is for Layer 4 virtual servers.
0883985 FortiADC Layer 2 forward proxy in transparent mode does not work well.
0883108 Secondary HA unit reload loop caused by the comment field of the alert policy becoming mismatched between the secondary and primary units when the comment defaults to comment in the primary after cmdb inits.
0882565 Typos in the upgrade completion message for the statistics database.
0881798 FQDN issue caused by longer self-generated keys. Require support for 2048 bits key size for both KSK and ZSK with the RSASHA256 algorithm.
0881065 Request to increase the Maximum Packet Count in Packet Capture from the current 10,000 to 100,000.
0874118 Automation alert email subjects default to "FADC_Alert" instead of user-defined subject.
0873773 Out of memory issue caused by configuration synchronization.
0871641 Loss of connectivity between FortiADC and FortiAnalyzer due to hardware platforms attempting to use a certificate that is not available to them.
0870372 FortiADC crashes and HA-failover was not triggered.
0868982 WCCP did not work with VDOM.
0867226 The Cookie Security policy Max Age unit is based in minutes in the GUI, but the value that is inserted to the cookie is based on seconds, which means the given range would be incorrect.
0865442 DNS SLB does not forward server response when RS returns failures.
0865060 SNMP does not respond for power supply trap.
0864953 FortiADC-VM shuts itself down due to timing issues related to SAML function.
0862865 Layer 7 virtual server frontend SNI incorrectly contains real server local certificate.
0862575 File upload fails with AV engine error.
0858336 CORS Protection deny access even for legitimate traffic specified in Allowed Origin.
0858214 GUI bug preventing Client SSL profile creation.
0855871 Upgrade failed due to unsupported "firewall nat-snat" IPv6 configuration.
0853597 Servers in server pool showing as unavailable due to LB crash and Netlink issue.
0853552 OCI performance issues resolved by adding irqbalance for virtIO in OCI.
0851364 VM returns 20 instead of 10 for SNMP fadcVdMaxVdoms.
0850561 SLB stops responding to SSL requests resulting in httproxy crash.
0848745 Health check does not fail even when the real server is not configured with the services due to some daemon being unable to register the cmdb event.
0847993 The DNS related items are not hidden in report settings in non-root ADOM mode.
0847611 High spike in CPU usage and random reboots caused by IRQ handling.
0845338 FortiADC reporting wrong interface speed with SNMP.
0836337 Virtual servers in non-root will not be synchronized to GLB if ADOM mode is enabled.
0816798

In an HA environment, if you are using a predefined automation configuration, resetting the configuration through the GUI (using the reset button) or unsetting comments through CLI will cause the HA synchronization to fail whenever a device reboots and rejoins the cluster.

Using the GUI reset button resets the predefined configuration values to the predefined default values, all except the comments value which is set to the default value on the backend. For example, if using the HA predefined configuration, the reset will result in set comments HAset comments comments. When a new device (or a rebooted device) joins the HA cluster, the synchronization will fail due to the mismatched set comments value between the device that has the predefined default value (set comments HA) and the reset device that has the default value (set comments comments).

In the CLI, if set comments in the predefined configuration has been unset and is the default value set comments comments, then the same HA synchronization issue will occur.

Common Vulnerabilities and Exposures

For more information, visit https://www.fortiguard.com/psirt.

Bug ID

Description

0891336 FortiADC7.1.2 is no longer vulnerable to the following CVE-Reference: CWE-23: Relative Path Traversal.
0891282/ 0891280/ 0887733/ 0852344/ 0838131/ 0819704 /0892671

FortiADC7.1.2 is no longer vulnerable to the following CVE-Reference: CWE-78: Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection").

0882586

FortiADC7.1.2 is no longer vulnerable to the following CVE-Reference: CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401.

0872407

FortiADC7.1.2 is no longer vulnerable to the following CVE-Reference: CWE-942: Permissive Cross-domain Policy with Untrusted Domains.

Resolved issues

Resolved issues

The following issues have been resolved in FortiADC 7.1.2 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description

0891664 The customized form base authentication page cannot support domain names longer than 32 bytes, which results in redirection to an incomplete domain name.
0885150 Shared memory related crash caused by conflict between httproxy and cmdb when cmdb reinits shared memory.
0884045 Firewall Policy deny logs are not generated when the packet is for Layer 4 virtual servers.
0883985 FortiADC Layer 2 forward proxy in transparent mode does not work well.
0883108 Secondary HA unit reload loop caused by the comment field of the alert policy becoming mismatched between the secondary and primary units when the comment defaults to comment in the primary after cmdb inits.
0882565 Typos in the upgrade completion message for the statistics database.
0881798 FQDN issue caused by longer self-generated keys. Require support for 2048 bits key size for both KSK and ZSK with the RSASHA256 algorithm.
0881065 Request to increase the Maximum Packet Count in Packet Capture from the current 10,000 to 100,000.
0874118 Automation alert email subjects default to "FADC_Alert" instead of user-defined subject.
0873773 Out of memory issue caused by configuration synchronization.
0871641 Loss of connectivity between FortiADC and FortiAnalyzer due to hardware platforms attempting to use a certificate that is not available to them.
0870372 FortiADC crashes and HA-failover was not triggered.
0868982 WCCP did not work with VDOM.
0867226 The Cookie Security policy Max Age unit is based in minutes in the GUI, but the value that is inserted to the cookie is based on seconds, which means the given range would be incorrect.
0865442 DNS SLB does not forward server response when RS returns failures.
0865060 SNMP does not respond for power supply trap.
0864953 FortiADC-VM shuts itself down due to timing issues related to SAML function.
0862865 Layer 7 virtual server frontend SNI incorrectly contains real server local certificate.
0862575 File upload fails with AV engine error.
0858336 CORS Protection deny access even for legitimate traffic specified in Allowed Origin.
0858214 GUI bug preventing Client SSL profile creation.
0855871 Upgrade failed due to unsupported "firewall nat-snat" IPv6 configuration.
0853597 Servers in server pool showing as unavailable due to LB crash and Netlink issue.
0853552 OCI performance issues resolved by adding irqbalance for virtIO in OCI.
0851364 VM returns 20 instead of 10 for SNMP fadcVdMaxVdoms.
0850561 SLB stops responding to SSL requests resulting in httproxy crash.
0848745 Health check does not fail even when the real server is not configured with the services due to some daemon being unable to register the cmdb event.
0847993 The DNS related items are not hidden in report settings in non-root ADOM mode.
0847611 High spike in CPU usage and random reboots caused by IRQ handling.
0845338 FortiADC reporting wrong interface speed with SNMP.
0836337 Virtual servers in non-root will not be synchronized to GLB if ADOM mode is enabled.
0816798

In an HA environment, if you are using a predefined automation configuration, resetting the configuration through the GUI (using the reset button) or unsetting comments through CLI will cause the HA synchronization to fail whenever a device reboots and rejoins the cluster.

Using the GUI reset button resets the predefined configuration values to the predefined default values, all except the comments value which is set to the default value on the backend. For example, if using the HA predefined configuration, the reset will result in set comments HAset comments comments. When a new device (or a rebooted device) joins the HA cluster, the synchronization will fail due to the mismatched set comments value between the device that has the predefined default value (set comments HA) and the reset device that has the default value (set comments comments).

In the CLI, if set comments in the predefined configuration has been unset and is the default value set comments comments, then the same HA synchronization issue will occur.

Common Vulnerabilities and Exposures

For more information, visit https://www.fortiguard.com/psirt.

Bug ID

Description

0891336 FortiADC7.1.2 is no longer vulnerable to the following CVE-Reference: CWE-23: Relative Path Traversal.
0891282/ 0891280/ 0887733/ 0852344/ 0838131/ 0819704 /0892671

FortiADC7.1.2 is no longer vulnerable to the following CVE-Reference: CWE-78: Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection").

0882586

FortiADC7.1.2 is no longer vulnerable to the following CVE-Reference: CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401.

0872407

FortiADC7.1.2 is no longer vulnerable to the following CVE-Reference: CWE-942: Permissive Cross-domain Policy with Untrusted Domains.