Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiProxy 7.2.11 Release Notes
    7.2.11
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.13
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.16
    7.2.15
    7.2.14
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.23
    7.0.22
    7.0.21
    7.0.20
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    2.0.14
    2.0.13
    2.0.12
    2.0.11
    2.0.10
    2.0.9
    2.0.8
    2.0.7
    2.0.6
    2.0.5
    2.0.4
    2.0.3
    2.0.2
    2.0.1
    2.0.0
    1.2.13
    1.2.12
    1.2.11
    1.2.10
    1.2.9
    1.2.8
    1.2.7
    1.2.6
    1.2.5
    1.2.4
    1.2.3
    1.2.2
    1.2.1
    1.2.0
    1.1.6
    1.1.5
    1.1.4
    1.1.3
    1.1.2
    1.1.1
    1.1.0
    1.0.7
    1.0.6
    1.0.5
    1.0.4
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.2.11. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID

    Description

    875233

    Not all Security Fabric settings on Active-Passive cluster should be synchronized.
    915834 HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port.

    990366, 1029049

    Device freezes and randomly reboots. Kernel panic observed.

    991626

    The GUI option for selecting a wildcard FQDN destination for IPv6 SNAT does not work properly.

    997868, 1041622

    Explicit FTPS does not work over SOCKS proxy.

    1003723

    Cannot configure heartbeat interface IP or set up unicast HA in transparent mode.

    1003762

    Loss of connection with no internet access and multiple crashes for the application WAD.

    1008556

    Webcache cannot correctly handle content-encoding conversion for Brotli and

    zstd.

    1011771

    Traffic is sometimes not processed with UTM profiles in policy.
    1017054 Traffic redirected through proxyd is blocked when the FortiProxy is in bridge mode.

    1019752, 1027342

    FTPS SSL handshake failure through explicit proxy.
    1020556 miglogd CPU usage is constantly high.
    1020788 No log is generated when a user is redirected to SAML authentication.

    1020961

    FortiProxy does not attempt to authenticate using the secondary Radius server when the primary is down.

    1022209

    "400 error!" for SAML authentication with FortiAuthenticator.
    1023951 ZIP files cannot be downloaded from FortiProxy antivirus profile with an error that the archive file is corrupted.

    1025061

    Intermittent file uploading failure using SFTP on Winscp client after upgrade.
    1025657 After upgrading, some websites are inaccessible when web cache is enabled.
    1026753 No alert email for license-related logs when alertmail setting.fpx-license-logs is enabled.
    1027699 FortiProxy fails with SSH message "kex type 34" when SSH server is not up-to-date.
    1027833 Proxy forwarding no longer works after firmware upgrade.
    1028493 Crash when you enable ha-mgmt-status in CLI and then load a backup configuration with ha-mgmt-status enabled but ha-mgmt-interfaces not configured.

    1029347

    ICAP profile should not be counted towards SWG license seats.
    1029938 "exec ha manage" returns the "Bad vrf ' 32'" error.

    1030106

    VIP configured in a transparent policy affects the behavior of FTP proxy.
    1031971 Memory leak for multipart boundary in http/2.
    1034036 FortiManager access is lost after upgrade when central-management type is fortimanager.

    1035614

    Unpacked variables do not match the pack layout.

    1035877, 1057116

    Disable UA check for requests with FNBI token. Do not intercept HTTP requests from machines with outdated CAPP.
    1036668 IPS default-action filter values do not match in GUI and CLI.

    1036782

    IPS sensor configuration does not filter out what is not supported.

    1037299

    Cache resolving issue in HA.
    1037465 DNS filter profile search does not work for non-root VDOM.

    1038447

    FortiAnalyzer traffic is directed to the dedicated-to management interface even if the dedicated-to interface is down.

    1038836

    User, group, and URL category information missing in HTTP transaction log for cert-inspect HTTPS traffic.
    1039033 FortiProxy sends a request to FortiGuard every 30 minutes and causes out-of-sync for a few minutes.
    1041560 FortiProxy crashes after cache peer setting change.

    1042226

    Potential crash in wsm_read_string().
    1042239, 1042382, 1039967 Cosmetic GUI issues.

    1042957

    Traffic logs do not show transparent policy UUID and the Packets column always shows 0.
    1042975 High CPU load through ips-engine and WAD keeps crashing when the isolator profile has an empty entry.

    1043778

    FortiProxy cannot detect the VFIO network inteface type in OCI.
    1045085 Overlapping buffer in memory copy may cause undefined behavior.
    1045223, 1046283 Cannot change log disk size after Azure template deployment.

    1045438

    FTP connection fails through wanopt profile with FTP.
    1045459 The "munmap" function is called with an incorrect argument, which can result in buffer overflow.
    1046470 High CPU and WAD crashes on FPX-4000E.
    1046944 Transparent policy does not support interface-subnet firewall address type.
    1047542 WAD fails to forward HTTP request with header 'accept-encoding: zstd' when strip-encoding is enabled.

    1047758

    Website browsing is slow.
    1047934 Disable ssh-rsa from SSH server host-key algorithm.

    1048549

    FortiProxy VM S Series serial number prefix.
    1048856 No status information for hardware sensor.

    1049243

    Access issue after changing captive portal type.
    1049784 Cannot deploy FortiProxy on ESXi 8.0 using the OVF file.
    1050315 Cannot change proxy-address type in CLI when the type is referenced.

    1050348

    DHCP relay does not work in FortiProxy.

    1052294

    WAD crashes frequently with "signal 11 (Segmentation fault) received" and "signal 6 (Aborted) received".

    1052991

    Crash when getting eicar file with webfilter in transparent policy.

    1054641

    Error saying "Failed to enforce FortiOS Security Enforce mode" at FPX-400G startup.

    1058198

    Traffic loop caused by HA in TP mode.

    FortiNBI

    The following issue has been fixed in FortiNBI. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID Description
    1032886,1034982 Crash during FortiNBI exit.

    1053344

    The "last modified" time for FortiNBI installer packages are not updated during upload.

    Common vulnerabilities and exposures

    FortiProxy 7.2.11 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    985048

    CVE-2024-26015

    1059304

    CVE-2024-48886 and CVE-2024-50563

    1057574

    CVE-2024-47569

    Previous
    Next

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.2.11. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID

    Description

    875233

    Not all Security Fabric settings on Active-Passive cluster should be synchronized.
    915834 HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port.

    990366, 1029049

    Device freezes and randomly reboots. Kernel panic observed.

    991626

    The GUI option for selecting a wildcard FQDN destination for IPv6 SNAT does not work properly.

    997868, 1041622

    Explicit FTPS does not work over SOCKS proxy.

    1003723

    Cannot configure heartbeat interface IP or set up unicast HA in transparent mode.

    1003762

    Loss of connection with no internet access and multiple crashes for the application WAD.

    1008556

    Webcache cannot correctly handle content-encoding conversion for Brotli and

    zstd.

    1011771

    Traffic is sometimes not processed with UTM profiles in policy.
    1017054 Traffic redirected through proxyd is blocked when the FortiProxy is in bridge mode.

    1019752, 1027342

    FTPS SSL handshake failure through explicit proxy.
    1020556 miglogd CPU usage is constantly high.
    1020788 No log is generated when a user is redirected to SAML authentication.

    1020961

    FortiProxy does not attempt to authenticate using the secondary Radius server when the primary is down.

    1022209

    "400 error!" for SAML authentication with FortiAuthenticator.
    1023951 ZIP files cannot be downloaded from FortiProxy antivirus profile with an error that the archive file is corrupted.

    1025061

    Intermittent file uploading failure using SFTP on Winscp client after upgrade.
    1025657 After upgrading, some websites are inaccessible when web cache is enabled.
    1026753 No alert email for license-related logs when alertmail setting.fpx-license-logs is enabled.
    1027699 FortiProxy fails with SSH message "kex type 34" when SSH server is not up-to-date.
    1027833 Proxy forwarding no longer works after firmware upgrade.
    1028493 Crash when you enable ha-mgmt-status in CLI and then load a backup configuration with ha-mgmt-status enabled but ha-mgmt-interfaces not configured.

    1029347

    ICAP profile should not be counted towards SWG license seats.
    1029938 "exec ha manage" returns the "Bad vrf ' 32'" error.

    1030106

    VIP configured in a transparent policy affects the behavior of FTP proxy.
    1031971 Memory leak for multipart boundary in http/2.
    1034036 FortiManager access is lost after upgrade when central-management type is fortimanager.

    1035614

    Unpacked variables do not match the pack layout.

    1035877, 1057116

    Disable UA check for requests with FNBI token. Do not intercept HTTP requests from machines with outdated CAPP.
    1036668 IPS default-action filter values do not match in GUI and CLI.

    1036782

    IPS sensor configuration does not filter out what is not supported.

    1037299

    Cache resolving issue in HA.
    1037465 DNS filter profile search does not work for non-root VDOM.

    1038447

    FortiAnalyzer traffic is directed to the dedicated-to management interface even if the dedicated-to interface is down.

    1038836

    User, group, and URL category information missing in HTTP transaction log for cert-inspect HTTPS traffic.
    1039033 FortiProxy sends a request to FortiGuard every 30 minutes and causes out-of-sync for a few minutes.
    1041560 FortiProxy crashes after cache peer setting change.

    1042226

    Potential crash in wsm_read_string().
    1042239, 1042382, 1039967 Cosmetic GUI issues.

    1042957

    Traffic logs do not show transparent policy UUID and the Packets column always shows 0.
    1042975 High CPU load through ips-engine and WAD keeps crashing when the isolator profile has an empty entry.

    1043778

    FortiProxy cannot detect the VFIO network inteface type in OCI.
    1045085 Overlapping buffer in memory copy may cause undefined behavior.
    1045223, 1046283 Cannot change log disk size after Azure template deployment.

    1045438

    FTP connection fails through wanopt profile with FTP.
    1045459 The "munmap" function is called with an incorrect argument, which can result in buffer overflow.
    1046470 High CPU and WAD crashes on FPX-4000E.
    1046944 Transparent policy does not support interface-subnet firewall address type.
    1047542 WAD fails to forward HTTP request with header 'accept-encoding: zstd' when strip-encoding is enabled.

    1047758

    Website browsing is slow.
    1047934 Disable ssh-rsa from SSH server host-key algorithm.

    1048549

    FortiProxy VM S Series serial number prefix.
    1048856 No status information for hardware sensor.

    1049243

    Access issue after changing captive portal type.
    1049784 Cannot deploy FortiProxy on ESXi 8.0 using the OVF file.
    1050315 Cannot change proxy-address type in CLI when the type is referenced.

    1050348

    DHCP relay does not work in FortiProxy.

    1052294

    WAD crashes frequently with "signal 11 (Segmentation fault) received" and "signal 6 (Aborted) received".

    1052991

    Crash when getting eicar file with webfilter in transparent policy.

    1054641

    Error saying "Failed to enforce FortiOS Security Enforce mode" at FPX-400G startup.

    1058198

    Traffic loop caused by HA in TP mode.

    FortiNBI

    The following issue has been fixed in FortiNBI. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID Description
    1032886,1034982 Crash during FortiNBI exit.

    1053344

    The "last modified" time for FortiNBI installer packages are not updated during upload.

    Common vulnerabilities and exposures

    FortiProxy 7.2.11 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    985048

    CVE-2024-26015

    1059304

    CVE-2024-48886 and CVE-2024-50563

    1057574

    CVE-2024-47569

    Previous
    Next