Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiProxy 7.2.5 Release Notes
    7.2.5
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.13
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.16
    7.2.15
    7.2.14
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.23
    7.0.22
    7.0.21
    7.0.20
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    2.0.14
    2.0.13
    2.0.12
    2.0.11
    2.0.10
    2.0.9
    2.0.8
    2.0.7
    2.0.6
    2.0.5
    2.0.4
    2.0.3
    2.0.2
    2.0.1
    2.0.0
    1.2.13
    1.2.12
    1.2.11
    1.2.10
    1.2.9
    1.2.8
    1.2.7
    1.2.6
    1.2.5
    1.2.4
    1.2.3
    1.2.2
    1.2.1
    1.2.0
    1.1.6
    1.1.5
    1.1.4
    1.1.3
    1.1.2
    1.1.1
    1.1.0
    1.0.7
    1.0.6
    1.0.5
    1.0.4
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.2.5. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID Description
    905027 Wildcard FQDN cannot be selected as dst-addr in central-snat-map while addrgrp with wildcard FQDN can be selected.
    870099 LDAP cache was not updated properly after the user group changed in Active Directory server.

    906586, 907738, 908012, 910373, 911413, 921492, 922847, 810112, 890307, 912749, 915426, 918527, 923468, 909156, 901191, 902924, 904662, 923847

    		 Fix some GUI issues.
    908382 GUI access to the FortiProxy should work when transparent mode is used with the Active-Passive HA configuration.
    906551 Fix wad high CPU caused by load policy per minute.
    735252 Files matching the signature in IPS sensors are not blocked by FTP via a transparent policy.
    904652 Inaccurate error message when AV engine blocks a file due to decompressed oversize.

    794255

    908820

    		 Sort the prio_array of internet service ids by their app id.
    902184 FTP-authenticated user sessions never expire after the session is closed even when proxy-auth-timeout is set.

    901598

    903300

    		 IP table bypasses ICMP traffic when HTTP transaction log is enabled.

    913971

    		 Deny traffic is not available in Correlation Log.
    906148 Intermittent ICAP server error.
    908778 Remote ICAP server with "Health Check" enabled has inaccurate status with "ICAP Disconnected" messages in the browser.
    912068 Unexpected messages are displayed in console.
    860072 Unable to use FortiToken with FortiProxy devices.
    853466 Traffic should not be redirected to WAD if the host of the proxy address or address group does not match the one defined in the policy.
    911513 URL list as dstaddr does not work in firewall policy.
    909409 Disallow setting wildcard FQDN in srcaddr for any address or address group.
    914448 Network issues after an upgrade.
    861899 FortiView Application Bandwidth widget shows nothing.
    914628 syslogd signal 11 crashes once when vpn scripts are running.
    918744 snmpd crashes in fpx_list_sessions.
    915815 WAD crash signal 11 every hour.
    905188 CPU usage is high with wad when you create, edit, or modify the user local and user group.
    919919 Crash when wad_http_req_url_routing calls wad_lb_info_get_server.
    919257 Crash due to wrongly configured ztna-ems-tag in webproxy policy.
    919212 WAD crashes and WAD process enters Conserve mode while still using memory.
    894008 EMS Cloud Fabric Connector is not working.
    906640 Debug deamon crash due to hold or put.
    889386 Improve firewall address or proxy address config change learning performance by adding firewall address hash.
    918733 WAD fails to process traffic from file filter protocols if only file-filter is enabled.
    921078 Delete "mode" option from the system.console command as the option is not used.
    916140 Fix memory leak in wad_url_filter_req_alloc.
    918478 "DRBG generate failed" error when more than 32 random bytes of data is requested.
    920161 HTTP request gets passed when matching a deny policy with pass-through enabled.
    834299 SSH command filter no longer works after prompt change.
    920105 "diagnose firewall fqdn list" command does not list any FQDNs.
    910115 NTLM authentication times out for no reason.
    908476 Remove some unsupported features that generate wasted syscalls.

    922576

    When VIP is configured in firewall policy, WAD keeps crashing.

    901432

    WAD crash while using Form Auth.

    917824

    Kerberos authentication does not work after an upgrade from 7.0.8 or 7.0.10 to 7.2.4.

    920675

    Single-user authorization fails when "ldap-user-cache" is disabled.

    904890

    Frequent WAD crashes with "wad_repl_msg_get " method.

    923315

    Format string bug in httpsd and CLI.

    922681

    In HA Config-Sync, the primary device has a delayed upgrade after the secondary device is upgraded successfully.

    893074

    With SSL full inspection, "HTTP 200 OK" requests that include illegal characters are blocked.

    923251

    WAD crash signal 6 continuously occurs after upgrade.

    907589

    SNI is not set when "detect-https-in-http-request" is enabled.

    887994

    In HA Active-Passive mode, ha-mgmt-intf IP is not synced.

    906566

    Shared shaper application fails when a forward server or VIP is configured.

    914467

    FortiProxy does not support changing the management VDOM but the relevant configuration option is not disabled.

    872227

    Non-root VDOMs cannot resolve addresses via DNS.

    907762

    Improve efficiency to get IP from IP pool for source NAT.

    912104

    Video filter does not work as expected.

    910329

    Clean up HA Active-Active mode related CLI options.

    903998

    Explicit FTP proxy with non-server certificate leads to connection issues due to key usage violation.

    905981

    High CPU usage after VDOM deletion.

    905935

    WAD crash at wad_aio_module_close during stress.

    873475

    Total number of HA seats may be overestimated when the received seat information includes multiple license types.

    904932

    Crash when using SSL VPN web mode to access FTP.

    914303

    HTTP transaction log is recorded as "https" scheme for "Ftp over HTTP" transaction.

    923559

    ICAP server crash under heavy traffic of http evader test.

    877836

    Multiple attempts to join a domain with wrong credentials causes WAD to crash.

    925043

    FortiProxy trial license is invalid when memory is more than 2 GB while the minimum required memory is 4 GB.

    924524

    WAD crashes at wad_fw_policy_check_user when authorization is required for FTPS login on the FortiProxy.

    873073

    WAD debug filter does not work properly with SSL deep-inspection using hardware crypto.

    924449

    Shaping policy matching failure.

    921642

    Memory leak in client certificate cache for virtual server access proxy.

    896345, 925885

    Fine-grained user/group level authorization timeout configuration.

    924555

    "exec manage" command fails to connect to peers in config-sync only HA cluster.

    915834

    FortiGuard updates from standby FortiProxy should not be exposed to firewall policies.

    Common vulnerabilities and exposures

    FortiProxy 7.2.5 is no longer vulnerable to the following CVE reference. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    920329

    CVE-2023-29183

    Previous
    Next

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.2.5. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID Description
    905027 Wildcard FQDN cannot be selected as dst-addr in central-snat-map while addrgrp with wildcard FQDN can be selected.
    870099 LDAP cache was not updated properly after the user group changed in Active Directory server.

    906586, 907738, 908012, 910373, 911413, 921492, 922847, 810112, 890307, 912749, 915426, 918527, 923468, 909156, 901191, 902924, 904662, 923847

    		 Fix some GUI issues.
    908382 GUI access to the FortiProxy should work when transparent mode is used with the Active-Passive HA configuration.
    906551 Fix wad high CPU caused by load policy per minute.
    735252 Files matching the signature in IPS sensors are not blocked by FTP via a transparent policy.
    904652 Inaccurate error message when AV engine blocks a file due to decompressed oversize.

    794255

    908820

    		 Sort the prio_array of internet service ids by their app id.
    902184 FTP-authenticated user sessions never expire after the session is closed even when proxy-auth-timeout is set.

    901598

    903300

    		 IP table bypasses ICMP traffic when HTTP transaction log is enabled.

    913971

    		 Deny traffic is not available in Correlation Log.
    906148 Intermittent ICAP server error.
    908778 Remote ICAP server with "Health Check" enabled has inaccurate status with "ICAP Disconnected" messages in the browser.
    912068 Unexpected messages are displayed in console.
    860072 Unable to use FortiToken with FortiProxy devices.
    853466 Traffic should not be redirected to WAD if the host of the proxy address or address group does not match the one defined in the policy.
    911513 URL list as dstaddr does not work in firewall policy.
    909409 Disallow setting wildcard FQDN in srcaddr for any address or address group.
    914448 Network issues after an upgrade.
    861899 FortiView Application Bandwidth widget shows nothing.
    914628 syslogd signal 11 crashes once when vpn scripts are running.
    918744 snmpd crashes in fpx_list_sessions.
    915815 WAD crash signal 11 every hour.
    905188 CPU usage is high with wad when you create, edit, or modify the user local and user group.
    919919 Crash when wad_http_req_url_routing calls wad_lb_info_get_server.
    919257 Crash due to wrongly configured ztna-ems-tag in webproxy policy.
    919212 WAD crashes and WAD process enters Conserve mode while still using memory.
    894008 EMS Cloud Fabric Connector is not working.
    906640 Debug deamon crash due to hold or put.
    889386 Improve firewall address or proxy address config change learning performance by adding firewall address hash.
    918733 WAD fails to process traffic from file filter protocols if only file-filter is enabled.
    921078 Delete "mode" option from the system.console command as the option is not used.
    916140 Fix memory leak in wad_url_filter_req_alloc.
    918478 "DRBG generate failed" error when more than 32 random bytes of data is requested.
    920161 HTTP request gets passed when matching a deny policy with pass-through enabled.
    834299 SSH command filter no longer works after prompt change.
    920105 "diagnose firewall fqdn list" command does not list any FQDNs.
    910115 NTLM authentication times out for no reason.
    908476 Remove some unsupported features that generate wasted syscalls.

    922576

    When VIP is configured in firewall policy, WAD keeps crashing.

    901432

    WAD crash while using Form Auth.

    917824

    Kerberos authentication does not work after an upgrade from 7.0.8 or 7.0.10 to 7.2.4.

    920675

    Single-user authorization fails when "ldap-user-cache" is disabled.

    904890

    Frequent WAD crashes with "wad_repl_msg_get " method.

    923315

    Format string bug in httpsd and CLI.

    922681

    In HA Config-Sync, the primary device has a delayed upgrade after the secondary device is upgraded successfully.

    893074

    With SSL full inspection, "HTTP 200 OK" requests that include illegal characters are blocked.

    923251

    WAD crash signal 6 continuously occurs after upgrade.

    907589

    SNI is not set when "detect-https-in-http-request" is enabled.

    887994

    In HA Active-Passive mode, ha-mgmt-intf IP is not synced.

    906566

    Shared shaper application fails when a forward server or VIP is configured.

    914467

    FortiProxy does not support changing the management VDOM but the relevant configuration option is not disabled.

    872227

    Non-root VDOMs cannot resolve addresses via DNS.

    907762

    Improve efficiency to get IP from IP pool for source NAT.

    912104

    Video filter does not work as expected.

    910329

    Clean up HA Active-Active mode related CLI options.

    903998

    Explicit FTP proxy with non-server certificate leads to connection issues due to key usage violation.

    905981

    High CPU usage after VDOM deletion.

    905935

    WAD crash at wad_aio_module_close during stress.

    873475

    Total number of HA seats may be overestimated when the received seat information includes multiple license types.

    904932

    Crash when using SSL VPN web mode to access FTP.

    914303

    HTTP transaction log is recorded as "https" scheme for "Ftp over HTTP" transaction.

    923559

    ICAP server crash under heavy traffic of http evader test.

    877836

    Multiple attempts to join a domain with wrong credentials causes WAD to crash.

    925043

    FortiProxy trial license is invalid when memory is more than 2 GB while the minimum required memory is 4 GB.

    924524

    WAD crashes at wad_fw_policy_check_user when authorization is required for FTPS login on the FortiProxy.

    873073

    WAD debug filter does not work properly with SSL deep-inspection using hardware crypto.

    924449

    Shaping policy matching failure.

    921642

    Memory leak in client certificate cache for virtual server access proxy.

    896345, 925885

    Fine-grained user/group level authorization timeout configuration.

    924555

    "exec manage" command fails to connect to peers in config-sync only HA cluster.

    915834

    FortiGuard updates from standby FortiProxy should not be exposed to firewall policies.

    Common vulnerabilities and exposures

    FortiProxy 7.2.5 is no longer vulnerable to the following CVE reference. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    920329

    CVE-2023-29183

    Previous
    Next