Resolved issues
The following issues have been fixed in FortiProxy 7.2.8. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID |
Description |
---|---|
759153 | FortiProxy ignores ARP requests to aggregated port with LACP mode set to active or passive. |
949393 | Files exceeding the configured size in DLP sensor still gets downloaded. |
927494 | Web filter logs only one HTTP request from an HTTP connection that includes multiple HTTP requests. |
960677 | HTTP transaction log does not have category information and drops logs sometimes. |
965254 | FortiProxy uses interface IP instead of IP pool setting when multiple IP pools are configured on the firewall policy. |
964146 |
Issues with forward server "Health Monitor" configuration option for different protocols. |
960923 | Error "Can not create query" occurs when you set ha-direct enable in CLI. |
961488 | VPN user IP spoofing. |
961494 | Double free in automation-stitch. |
806556 | WAD crash at "wad_h2_resume_run". |
958922 | Wrong policy match when URL list is set as destination. |
961688 | Crash in IP tables generation due to invalid shaping policy configuration. |
953240 | Memory leak on ICAP forward headers. |
961454 | User ldap group cache is not updated in time as the timer. |
960604 | admin-server-cert configuration should not be synced in config-sync cluster. |
957580 | cloudinit crashes when reading "User Data" (e.g. lic file) during FortiProxy AWS deployment. |
954248 | ICAP local server hostname is not shown correctly in DLP log when you use ICAP local server with DLP profile. |
924398 | FTP passive mode fails to establish data channel via DNAT as the IP/port provided by the server is not translated. |
973055 | Remove unnecessary wad debug logs. |
915834 | HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port. |
920401 | Traffic dropped when policy with action "isolate" is added in the configuation. |
967579 | Per-IP traffic shaper does not function when the shaping policy's destination address is a proxy-address of type url-category. |
941531 | Error when saving a shaping policy with the destination interface set to a zone. |
965226 | File types configured as blocked can still be downloaded from web mail. |
967177 | Oversize limit does not work correctly. |
967083 967507 |
Firewall policy schedule does not work correctly. |
790426 | WAD crashes at wad_ssl_cache_ssl_redir_server. |
966238 | Restore image crash. |
845361 | WAD crashes at wad_cifs_file_free. |
974307 | WAD crashes if scanunit crashes when scanning a file. |
968514 | WAD CPU reaches 99.9% and causes service impact due to buffer overflow. |
973457 | cmdbsvr crash when accssing CMDB complexes. |
970895 |
http-transaction log incorrectly records the forward server IP as the destination IP/port. |
968660 | Traffic log gets trimmed if the size exceeds 1900. |
966597 |
Number of proxy/UTM sessions does not reflect actual usage. |
972306 |
Cannot change captive portal SSL port number in transparent mode. |
960182 | Remove some unused options for creating a new isolator profile. |
948498 | Management traffic failed if the management interface is in a non-root VDOM. |
948257 | Successfully authenticated user is prompted to re-login to Microsoft Edge. |
948486 | "dia sys vd stats" does not show VDOM status information. |
967488 | Unable to configure GRE tunnel. |
964134 | FortiProxy should not allow a combination of FTP and other protocols during forward server configuration. |
962137 | HTTP CONNECT requests should not be redirected during cert-based authentication. |
955517 | The interface in non-management VDOMs cannot send out ARP. |
958051 | Potential memory leaks and crashes. |
952276 | FortiProxy widgets show no statistics for interfaces in non-root VDOMs. |
963085 | Forticron crash causing external threat feed not to refresh or fetch new information. |
940149 964421 966762 |
Rapid reset HTTP/2 DOS. |
968143 |
Port number is stripped off for forwarding servers. |
970975 | Web filter fails to get sub-category of plain HTTP based on URL path in certificate inspection mode. |
972980 | Cannot create VDOM link on FPX-4000G. |
946944 | WAD stats reset after process crashes. |
970051 970264 971551 |
Session monitor and Interface bandwidth widgets do not work. |
954913 | CSF preferred seat should be capped at model max to prevent misconfiguration. |
977972 |
The GUI terminal cannot show the "dia sys top" correctly. |
945197 | Configuration value of the interface IP address should not be synced within a FortiProxy HA cluster on Azure. |
906712 949847 |
Crash on wad_diag_stats_policy_list. |
854913 | License widget shows modules that irrelevant to FortiProxy. |
969539 | "Forward Server Monitor" Widget shows blank results. |
975392 | When you create an ICAP server group, the first ICAP server on the server list is dropped. |
959421 | Cannot download files with a size greater than 5 MB via FortiProxy with SSL deep inspection and DLP profile enabled. |
975404 | URL category proxy address configuration change does not take effect on shaping policy. |
971759 | Fix cookie_v4 kernel panic. |
969997 | FortiProxy username is not shown in log if the authentication failed. |
978788 |
The kernel will panic when running a debug trace with vd/vd-name set to a non-root vdom. |
933593 |
User Agent field is truncated in http transaction log. |
954541 |
In WANOPT transparent mode, WAN optimization does not keep the original source address of the packets. |
973351 |
Security issues in curl and libcurl libraries. |
976198 |
Missing port check for ICAP local server when configuring port in other services. |
980407 |
ICAP client fails to close tcp-port on connect error, resulting in leak session-context. |
Common vulnerabilities and exposures
FortiProxy 7.2.8 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE reference |
---|---|
973351 |
|
964421 |
|
855912 |