Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiProxy 7.0.14 Release Notes
    7.0.14
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.13
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.16
    7.2.15
    7.2.14
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.23
    7.0.22
    7.0.21
    7.0.20
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    2.0.14
    2.0.13
    2.0.12
    2.0.11
    2.0.10
    2.0.9
    2.0.8
    2.0.7
    2.0.6
    2.0.5
    2.0.4
    2.0.3
    2.0.2
    2.0.1
    2.0.0
    1.2.13
    1.2.12
    1.2.11
    1.2.10
    1.2.9
    1.2.8
    1.2.7
    1.2.6
    1.2.5
    1.2.4
    1.2.3
    1.2.2
    1.2.1
    1.2.0
    1.1.6
    1.1.5
    1.1.4
    1.1.3
    1.1.2
    1.1.1
    1.1.0
    1.0.7
    1.0.6
    1.0.5
    1.0.4
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.0.14. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID Description
    759153 FortiProxy ignores ARP requests to aggregated port with LACP mode set to active or passive.
    949393 Files exceeding the configured size in DLP sensor still gets downloaded.
    927494 Web filter logs only one HTTP request from an HTTP connection that includes multiple HTTP requests.
    960677 HTTP transaction log does not have category information and drops logs sometimes.
    965254 FortiProxy uses interface IP instead of IP pool setting when multiple IP pools are configured on the firewall policy.
    960923 Error "Can not create query" occurs when you set ha-direct enable in CLI.
    961488 VPN user IP spoofing.
    961494 Double free in automation-stitch.
    806556 WAD crash at "wad_h2_resume_run".
    958922 Wrong policy match when URL list is set as destination.
    960058 Rebuilding FortiProxy with "make image.out" rebuilds everything even when there is no code change.
    961688 Crash in IP tables generation due to invalid shaping policy configuration.
    953240 Memory leak on ICAP forward headers.
    961454 User ldap group cache is not updated in time as the timer.
    960604 admin-server-cert configuration should not be synced in config-sync cluster.
    957580 cloudinit crashes when reading "User Data" (e.g. lic file) during FortiProxy AWS deployment.
    971213 Traffic does not follow schedule to match the firewall policy when the schedule period is short.
    954248 ICAP local server hostname is not shown correctly in DLP log when you use ICAP local server with DLP profile.
    924398 FTP passive mode fails to establish data channel via DNAT as the IP/port provided by the server is not translated.

    973055

    		 Remove unnecessary wad debug logs.
    971068

    Unable to match first group attribute from SAML assertion and requests may be denied.
    915834 HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port.
    920401 Traffic dropped when policy with action "isolate" is added in the configuation.
    967579 Per-IP traffic shaper does not function when the shaping policy's destination address is a proxy-address of type url-category.
    941531 Shaping policy does not allow zones to be configured as destination interface.
    965226 File types configured as blocked can still be downloaded from web mail.
    967177 Oversize limit does not work correctly.

    967083

    967507

    		 Firewall policy schedule does not work correctly.
    790426 WAD crashes at wad_ssl_cache_ssl_redir_server.
    966238 Restore image crash.
    845361 WAD crashes at wad_cifs_file_free.
    974307 WAD crashes if scanunit crashes when scanning a file.
    968514 WAD CPU reaches 99.9% and causes service impact due to buffer overflow.
    973457 cmdbsvr crash when accssing CMDB complexes.

    970895

    HTTP transaction log incorrectly records the forward server IP as the destination IP/port.
    968660 Traffic log gets trimmed if the size exceeds 1900.

    966597

    Number of proxy/UTM sessions does not reflect actual usage.

    959421

    Cannot download files with a size greater than 5 MB file via FortiProxy with SSL deep inspection and DLP profile enabled.
    995812 Error when sending HTTP put request to Cloudflare.

    854913

    Missing service licenses in GUI.

    975392

    When you create an ICAP server group, the first ICAP server on the server list is dropped.

    975404

    URL category proxy address configuration change does not take effect on shaping policy.
    969997 FortiProxy username is not shown in log if the authentication failed.

    972306

    Cannot change captive portal SSL port number in transparent mode.

    Common vulnerabilities and exposures

    FortiProxy 7.0.14 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    855912

    CVE-2023-41677

    961488

    CVE-2023-45586

    961494

    CVE-2023-45584

    Previous
    Next

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.0.14. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID Description
    759153 FortiProxy ignores ARP requests to aggregated port with LACP mode set to active or passive.
    949393 Files exceeding the configured size in DLP sensor still gets downloaded.
    927494 Web filter logs only one HTTP request from an HTTP connection that includes multiple HTTP requests.
    960677 HTTP transaction log does not have category information and drops logs sometimes.
    965254 FortiProxy uses interface IP instead of IP pool setting when multiple IP pools are configured on the firewall policy.
    960923 Error "Can not create query" occurs when you set ha-direct enable in CLI.
    961488 VPN user IP spoofing.
    961494 Double free in automation-stitch.
    806556 WAD crash at "wad_h2_resume_run".
    958922 Wrong policy match when URL list is set as destination.
    960058 Rebuilding FortiProxy with "make image.out" rebuilds everything even when there is no code change.
    961688 Crash in IP tables generation due to invalid shaping policy configuration.
    953240 Memory leak on ICAP forward headers.
    961454 User ldap group cache is not updated in time as the timer.
    960604 admin-server-cert configuration should not be synced in config-sync cluster.
    957580 cloudinit crashes when reading "User Data" (e.g. lic file) during FortiProxy AWS deployment.
    971213 Traffic does not follow schedule to match the firewall policy when the schedule period is short.
    954248 ICAP local server hostname is not shown correctly in DLP log when you use ICAP local server with DLP profile.
    924398 FTP passive mode fails to establish data channel via DNAT as the IP/port provided by the server is not translated.

    973055

    		 Remove unnecessary wad debug logs.
    971068

    Unable to match first group attribute from SAML assertion and requests may be denied.
    915834 HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port.
    920401 Traffic dropped when policy with action "isolate" is added in the configuation.
    967579 Per-IP traffic shaper does not function when the shaping policy's destination address is a proxy-address of type url-category.
    941531 Shaping policy does not allow zones to be configured as destination interface.
    965226 File types configured as blocked can still be downloaded from web mail.
    967177 Oversize limit does not work correctly.

    967083

    967507

    		 Firewall policy schedule does not work correctly.
    790426 WAD crashes at wad_ssl_cache_ssl_redir_server.
    966238 Restore image crash.
    845361 WAD crashes at wad_cifs_file_free.
    974307 WAD crashes if scanunit crashes when scanning a file.
    968514 WAD CPU reaches 99.9% and causes service impact due to buffer overflow.
    973457 cmdbsvr crash when accssing CMDB complexes.

    970895

    HTTP transaction log incorrectly records the forward server IP as the destination IP/port.
    968660 Traffic log gets trimmed if the size exceeds 1900.

    966597

    Number of proxy/UTM sessions does not reflect actual usage.

    959421

    Cannot download files with a size greater than 5 MB file via FortiProxy with SSL deep inspection and DLP profile enabled.
    995812 Error when sending HTTP put request to Cloudflare.

    854913

    Missing service licenses in GUI.

    975392

    When you create an ICAP server group, the first ICAP server on the server list is dropped.

    975404

    URL category proxy address configuration change does not take effect on shaping policy.
    969997 FortiProxy username is not shown in log if the authentication failed.

    972306

    Cannot change captive portal SSL port number in transparent mode.

    Common vulnerabilities and exposures

    FortiProxy 7.0.14 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    855912

    CVE-2023-41677

    961488

    CVE-2023-45586

    961494

    CVE-2023-45584

    Previous
    Next