Fortinet black logo

Release Notes

Home FortiProxy 7.2.8 Release Notes
7.2.8
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0

Resolved issues

Resolved issues

The following issues have been fixed in FortiProxy 7.2.8. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID

Description
759153 FortiProxy ignores ARP requests to aggregated port with LACP mode set to active or passive.
949393 Files exceeding the configured size in DLP sensor still gets downloaded.
927494 Web filter logs only one HTTP request from an HTTP connection that includes multiple HTTP requests.
960677 HTTP transaction log does not have category information and drops logs sometimes.
965254 FortiProxy uses interface IP instead of IP pool setting when multiple IP pools are configured on the firewall policy.

964146

Issues with forward server "Health Monitor" configuration option for different protocols.
960923 Error "Can not create query" occurs when you set ha-direct enable in CLI.
961488 VPN user IP spoofing.
961494 Double free in automation-stitch.
806556 WAD crash at "wad_h2_resume_run".
958922 Wrong policy match when URL list is set as destination.
961688 Crash in IP tables generation due to invalid shaping policy configuration.
953240 Memory leak on ICAP forward headers.
961454 User ldap group cache is not updated in time as the timer.
960604 admin-server-cert configuration should not be synced in config-sync cluster.
957580 cloudinit crashes when reading "User Data" (e.g. lic file) during FortiProxy AWS deployment.
954248 ICAP local server hostname is not shown correctly in DLP log when you use ICAP local server with DLP profile.
924398 FTP passive mode fails to establish data channel via DNAT as the IP/port provided by the server is not translated.
973055 Remove unnecessary wad debug logs.
915834 HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port.
920401 Traffic dropped when policy with action "isolate" is added in the configuation.
967579 Per-IP traffic shaper does not function when the shaping policy's destination address is a proxy-address of type url-category.
941531 Error when saving a shaping policy with the destination interface set to a zone.
965226 File types configured as blocked can still be downloaded from web mail.
967177 Oversize limit does not work correctly.

967083

967507

 Firewall policy schedule does not work correctly.
790426 WAD crashes at wad_ssl_cache_ssl_redir_server.
966238 Restore image crash.
845361 WAD crashes at wad_cifs_file_free.
974307 WAD crashes if scanunit crashes when scanning a file.
968514 WAD CPU reaches 99.9% and causes service impact due to buffer overflow.
973457 cmdbsvr crash when accssing CMDB complexes.

970895

http-transaction log incorrectly records the forward server IP as the destination IP/port.
968660 Traffic log gets trimmed if the size exceeds 1900.

966597

Number of proxy/UTM sessions does not reflect actual usage.

972306

Cannot change captive portal SSL port number in transparent mode.
960182 Remove some unused options for creating a new isolator profile.
948498 Management traffic failed if the management interface is in a non-root VDOM.
948257 Successfully authenticated user is prompted to re-login to Microsoft Edge.
948486 "dia sys vd stats" does not show VDOM status information.
967488 Unable to configure GRE tunnel.
964134 FortiProxy should not allow a combination of FTP and other protocols during forward server configuration.
962137 HTTP CONNECT requests should not be redirected during cert-based authentication.
955517 The interface in non-management VDOMs cannot send out ARP.
958051 Potential memory leaks and crashes.
952276 FortiProxy widgets show no statistics for interfaces in non-root VDOMs.
963085 Forticron crash causing external threat feed not to refresh or fetch new information.

940149

964421

966762

 Rapid reset HTTP/2 DOS.
968143

Port number is stripped off for forwarding servers.
970975 Web filter fails to get sub-category of plain HTTP based on URL path in certificate inspection mode.
972980 Cannot create VDOM link on FPX-4000G.
946944 WAD stats reset after process crashes.

970051

970264

971551

 Session monitor and Interface bandwidth widgets do not work.
954913 CSF preferred seat should be capped at model max to prevent misconfiguration.
977972

The GUI terminal cannot show the "dia sys top" correctly.
945197 Configuration value of the interface IP address should not be synced within a FortiProxy HA cluster on Azure.

906712

949847

 Crash on wad_diag_stats_policy_list.
854913 License widget shows modules that irrelevant to FortiProxy.
969539 "Forward Server Monitor" Widget shows blank results.
975392 When you create an ICAP server group, the first ICAP server on the server list is dropped.
959421 Cannot download files with a size greater than 5 MB via FortiProxy with SSL deep inspection and DLP profile enabled.
975404 URL category proxy address configuration change does not take effect on shaping policy.
971759 Fix cookie_v4 kernel panic.
969997 FortiProxy username is not shown in log if the authentication failed.

978788

The kernel will panic when running a debug trace with vd/vd-name set to a non-root vdom.

933593

User Agent field is truncated in http transaction log.

954541

In WANOPT transparent mode, WAN optimization does not keep the original source address of the packets.

973351

Security issues in curl and libcurl libraries.

976198

Missing port check for ICAP local server when configuring port in other services.

980407

ICAP client fails to close tcp-port on connect error, resulting in leak session-context.

Common vulnerabilities and exposures

FortiProxy 7.2.8 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE reference

973351

CVE-2023-38545 and CVE-2023-38546

964421

CVE-2023-44487

855912

CVE-2023-41677

Previous
Next

Resolved issues

The following issues have been fixed in FortiProxy 7.2.8. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID

Description
759153 FortiProxy ignores ARP requests to aggregated port with LACP mode set to active or passive.
949393 Files exceeding the configured size in DLP sensor still gets downloaded.
927494 Web filter logs only one HTTP request from an HTTP connection that includes multiple HTTP requests.
960677 HTTP transaction log does not have category information and drops logs sometimes.
965254 FortiProxy uses interface IP instead of IP pool setting when multiple IP pools are configured on the firewall policy.

964146

Issues with forward server "Health Monitor" configuration option for different protocols.
960923 Error "Can not create query" occurs when you set ha-direct enable in CLI.
961488 VPN user IP spoofing.
961494 Double free in automation-stitch.
806556 WAD crash at "wad_h2_resume_run".
958922 Wrong policy match when URL list is set as destination.
961688 Crash in IP tables generation due to invalid shaping policy configuration.
953240 Memory leak on ICAP forward headers.
961454 User ldap group cache is not updated in time as the timer.
960604 admin-server-cert configuration should not be synced in config-sync cluster.
957580 cloudinit crashes when reading "User Data" (e.g. lic file) during FortiProxy AWS deployment.
954248 ICAP local server hostname is not shown correctly in DLP log when you use ICAP local server with DLP profile.
924398 FTP passive mode fails to establish data channel via DNAT as the IP/port provided by the server is not translated.
973055 Remove unnecessary wad debug logs.
915834 HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port.
920401 Traffic dropped when policy with action "isolate" is added in the configuation.
967579 Per-IP traffic shaper does not function when the shaping policy's destination address is a proxy-address of type url-category.
941531 Error when saving a shaping policy with the destination interface set to a zone.
965226 File types configured as blocked can still be downloaded from web mail.
967177 Oversize limit does not work correctly.

967083

967507

 Firewall policy schedule does not work correctly.
790426 WAD crashes at wad_ssl_cache_ssl_redir_server.
966238 Restore image crash.
845361 WAD crashes at wad_cifs_file_free.
974307 WAD crashes if scanunit crashes when scanning a file.
968514 WAD CPU reaches 99.9% and causes service impact due to buffer overflow.
973457 cmdbsvr crash when accssing CMDB complexes.

970895

http-transaction log incorrectly records the forward server IP as the destination IP/port.
968660 Traffic log gets trimmed if the size exceeds 1900.

966597

Number of proxy/UTM sessions does not reflect actual usage.

972306

Cannot change captive portal SSL port number in transparent mode.
960182 Remove some unused options for creating a new isolator profile.
948498 Management traffic failed if the management interface is in a non-root VDOM.
948257 Successfully authenticated user is prompted to re-login to Microsoft Edge.
948486 "dia sys vd stats" does not show VDOM status information.
967488 Unable to configure GRE tunnel.
964134 FortiProxy should not allow a combination of FTP and other protocols during forward server configuration.
962137 HTTP CONNECT requests should not be redirected during cert-based authentication.
955517 The interface in non-management VDOMs cannot send out ARP.
958051 Potential memory leaks and crashes.
952276 FortiProxy widgets show no statistics for interfaces in non-root VDOMs.
963085 Forticron crash causing external threat feed not to refresh or fetch new information.

940149

964421

966762

 Rapid reset HTTP/2 DOS.
968143

Port number is stripped off for forwarding servers.
970975 Web filter fails to get sub-category of plain HTTP based on URL path in certificate inspection mode.
972980 Cannot create VDOM link on FPX-4000G.
946944 WAD stats reset after process crashes.

970051

970264

971551

 Session monitor and Interface bandwidth widgets do not work.
954913 CSF preferred seat should be capped at model max to prevent misconfiguration.
977972

The GUI terminal cannot show the "dia sys top" correctly.
945197 Configuration value of the interface IP address should not be synced within a FortiProxy HA cluster on Azure.

906712

949847

 Crash on wad_diag_stats_policy_list.
854913 License widget shows modules that irrelevant to FortiProxy.
969539 "Forward Server Monitor" Widget shows blank results.
975392 When you create an ICAP server group, the first ICAP server on the server list is dropped.
959421 Cannot download files with a size greater than 5 MB via FortiProxy with SSL deep inspection and DLP profile enabled.
975404 URL category proxy address configuration change does not take effect on shaping policy.
971759 Fix cookie_v4 kernel panic.
969997 FortiProxy username is not shown in log if the authentication failed.

978788

The kernel will panic when running a debug trace with vd/vd-name set to a non-root vdom.

933593

User Agent field is truncated in http transaction log.

954541

In WANOPT transparent mode, WAN optimization does not keep the original source address of the packets.

973351

Security issues in curl and libcurl libraries.

976198

Missing port check for ICAP local server when configuring port in other services.

980407

ICAP client fails to close tcp-port on connect error, resulting in leak session-context.

Common vulnerabilities and exposures

FortiProxy 7.2.8 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE reference

973351

CVE-2023-38545 and CVE-2023-38546

964421

CVE-2023-44487

855912

CVE-2023-41677

Previous
Next