Fortinet black logo

Release Notes

Home FortiProxy 7.4.1 Release Notes
7.4.1
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0

Resolved issues

Resolved issues

The following issues have been fixed in FortiProxy 7.4.1. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID

Description

936409

FortiProxy did not support nested addrgrp definition, which caused a configuration error while upgrading.

896476

FortiProxy rejects CONNECT request with body and extra data.

935749

Explicit policy was not added to policy list when the policy changes its web-proxy.

932475, 935925

FortiProxy not showing proxy policy after restoring the configuration, but it is shown in the CLI.

903925, 931277, 934403, 912281, 934477, 955688, 955351, 930920

Fix some GUI issues.

929821

"Bad gateway" error message and httpsd process exits with segmentation fault when generating a TAC report from GUI.

933030

Disable netflow and sflow commands which are not supported by FortiProxy.

927635

Web proxy in transparent mode cannot match interfaces.

927316

SNAT uses interface IP address instead of address from IP pool with forward server.

939241, 939575

High CPU when DNS server is busy.

938767

Alternative DNS does not work.

937734

Crash with custom IPs and implicit FTPS traffic.

939160

WAD crash on traffic when VDOM is enabled and a global webfilter profile is attached to a policy.

936513

DNS is not updated with HA reserved mgmt interface.

934498

When log-http-transaction is enabled, forward traffic to WAD only when UTM is enabled or the action of the policy is deny.
941755 FPX-400G platform configuration has the wrong maximum number of wad workers.
938373 Deep inspection uses default-untrusted-ca instead of default-ca.
846986 IPsec monitor widget resets incoming and outgoing data counter.
941045 Local rating picks the wrong category when URL path false matches to a longer local rating URL.

924740

Need to verify filters of wad debug trace and make sure all the necessary info is logged and filter works properly.

915834, 940065

HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port.

936353

FortiClient ztna-tcp-forwarding traffic was denied with a replacement block page " no device info was found" sometimes.
939679 WAD crash on proto_stats startup due to race condition.
943033

WAD crash. Empty vdom-dns.ssl-certificate after toggling from vdom-dns from "disable" to "enable".
940881 FortiProxy crashes when handling a rating request.
942078 LDAP admin login in HA cluster secondary not successful due to invalid DNS request.
938436 CA certificates are not displayed in the selection list of server certificate.

942872

TLS traffic is treated as plain text.
916276 FortiProxy memory leak consuming a lot of memory.
945012 Admin name containing spaces breaks trusthosts.

934094

Some websites through explicit proxy get blocked randomly.

947960

Available CA options in GUI does not match the options in CLI.
945257 GUI shows PAC policy while the user's admin profile is configured with System Read/Write.
945802 Cannot edit antivirus profile from GUI when Access Control is configured as "set secfabgrp none".
940162 FPX_VMWARE should be categorized as high end model.

928417

ICAP server should set DLP profile instead of DLP sensor.
951054 GUI user group information is inconsistent with CLI configuration.
948142 Memory utilization increases after upgrade.
942346 DNS proxy updates captive portal FQDN IP set with 0 IPs, causing IP tables to drop auth packets.
940447 SSLVPN frds service can be abused by authenticated users to cause memory leak.
950731 ICAP client always fails to get a proper ICAP server.

669491

Some online help links do not work.

938018

Confusing message when upgrading FortiProxy.
949373 Unable to define AV rule with FortiSandbox cloud.
949538 When "gui-ipv6" is disabled under global, the IPv4 destination object is miss in the authentication rule in GUI.
949040 WAD process causes memory leak for session-based authentication rules.
942111 FortiProxy does not attempt to resolve IPv6 addresses even when IPv6 is enabled on many policies.
948506 Restoring VDOM config from the GUI results in an exception error.
949303 Forward server does not work with IP pools that are not attached to a policy or central-snat.

949529

Format string vulnerability in FortiToken commands.
918191, 947814 WAD crash caused by a corruption or an issue that causes authentication loop.
940378 "Entry not found" error when configuring wildcard FQDN address of explicit FTP in GUI.
946360

Some IPs are not translated to the configured IP pools for HTTPS traffic.

925709

Management VDOM option is not supported and should not be in GUI.
946567 "diagnose sys tcpsock" does not show anything.
903680, 950931 Antiphishing scan stops after checking the first potential username.
910115 NTLM authentication times out for no reason.
945019 Support UEFI boot option on FortiProxy KVM and VMware.
947472 SAML authorization fails.

953094

HTTP AV failure due to stream-scan.

889668

Policy test does not match the correct policy.
897347 WAD user-info memory leak.
924644 Explicit proxy with forwarding server and URL list does not work.
948492 Resource limits do not work.
951059 DLP file pattern does not work with HTTP put request.
951998, 952316 VDOM link interface changes assigned VDOM while changing the operation mode.

946455

High CPU usage when counting VDOM sessions.

947931

"config auth setting > user-cert-ca" does not show local CA certificates.

953347

WAD crash.
858281 Add explicit firewall policy logging.
944368

"diag wad license details" displays "Is fabric root: y/n" for devices not in a CSF cluster.

942143

High memory usage when image analyzer is enabled.

955627

Rating service state tracking issues and ReCaptcha failure issue with extensions.
949847 WAD crash when it finishes processing traffic due to empty disclaimer list for default policy.

939056, 944507

FNBI bug fixes.

938810

No IPv6 support for multi-VDOM.

954863

"Content Encoding Error" when using browser for web proxy test.

955286

TCP connection unexpectedly closed by FortiProxy in consecutive explicit HTTP proxy.
951131 Unused IP sets are not always cleaned up.

955600

multiple Signal 6 crashes during configuration.

946944

WAD stats are not stored when process crashes.

955771

WAD manager process consistently crashes.

938821

HTTP explicit fails when multiple web proxy entries for the interface and SOCKS is enabled on the same port as HTTP.
956071 WAD crash when the server closes connection before async UTM is done.
955006 SNI check does not work when "Inspect all ports" is set.
954919 When a worker with ongoing session crashes, its assigned FNBI license seats are not released back to the license pool.

955857

WAD crash at HTTP HEAD request or unknown Content-Type with webfilter content-header action = block.

951070

WAD local AV scan blocks traffic when DLP profile is in place but no AV profile is set.

956230

DLP scan on image analysis is still performed when DLP license is expired.

955876

WAD crash at wad_fw_policy_check_user regularly.
Previous
Next

Resolved issues

The following issues have been fixed in FortiProxy 7.4.1. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID

Description

936409

FortiProxy did not support nested addrgrp definition, which caused a configuration error while upgrading.

896476

FortiProxy rejects CONNECT request with body and extra data.

935749

Explicit policy was not added to policy list when the policy changes its web-proxy.

932475, 935925

FortiProxy not showing proxy policy after restoring the configuration, but it is shown in the CLI.

903925, 931277, 934403, 912281, 934477, 955688, 955351, 930920

Fix some GUI issues.

929821

"Bad gateway" error message and httpsd process exits with segmentation fault when generating a TAC report from GUI.

933030

Disable netflow and sflow commands which are not supported by FortiProxy.

927635

Web proxy in transparent mode cannot match interfaces.

927316

SNAT uses interface IP address instead of address from IP pool with forward server.

939241, 939575

High CPU when DNS server is busy.

938767

Alternative DNS does not work.

937734

Crash with custom IPs and implicit FTPS traffic.

939160

WAD crash on traffic when VDOM is enabled and a global webfilter profile is attached to a policy.

936513

DNS is not updated with HA reserved mgmt interface.

934498

When log-http-transaction is enabled, forward traffic to WAD only when UTM is enabled or the action of the policy is deny.
941755 FPX-400G platform configuration has the wrong maximum number of wad workers.
938373 Deep inspection uses default-untrusted-ca instead of default-ca.
846986 IPsec monitor widget resets incoming and outgoing data counter.
941045 Local rating picks the wrong category when URL path false matches to a longer local rating URL.

924740

Need to verify filters of wad debug trace and make sure all the necessary info is logged and filter works properly.

915834, 940065

HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port.

936353

FortiClient ztna-tcp-forwarding traffic was denied with a replacement block page " no device info was found" sometimes.
939679 WAD crash on proto_stats startup due to race condition.
943033

WAD crash. Empty vdom-dns.ssl-certificate after toggling from vdom-dns from "disable" to "enable".
940881 FortiProxy crashes when handling a rating request.
942078 LDAP admin login in HA cluster secondary not successful due to invalid DNS request.
938436 CA certificates are not displayed in the selection list of server certificate.

942872

TLS traffic is treated as plain text.
916276 FortiProxy memory leak consuming a lot of memory.
945012 Admin name containing spaces breaks trusthosts.

934094

Some websites through explicit proxy get blocked randomly.

947960

Available CA options in GUI does not match the options in CLI.
945257 GUI shows PAC policy while the user's admin profile is configured with System Read/Write.
945802 Cannot edit antivirus profile from GUI when Access Control is configured as "set secfabgrp none".
940162 FPX_VMWARE should be categorized as high end model.

928417

ICAP server should set DLP profile instead of DLP sensor.
951054 GUI user group information is inconsistent with CLI configuration.
948142 Memory utilization increases after upgrade.
942346 DNS proxy updates captive portal FQDN IP set with 0 IPs, causing IP tables to drop auth packets.
940447 SSLVPN frds service can be abused by authenticated users to cause memory leak.
950731 ICAP client always fails to get a proper ICAP server.

669491

Some online help links do not work.

938018

Confusing message when upgrading FortiProxy.
949373 Unable to define AV rule with FortiSandbox cloud.
949538 When "gui-ipv6" is disabled under global, the IPv4 destination object is miss in the authentication rule in GUI.
949040 WAD process causes memory leak for session-based authentication rules.
942111 FortiProxy does not attempt to resolve IPv6 addresses even when IPv6 is enabled on many policies.
948506 Restoring VDOM config from the GUI results in an exception error.
949303 Forward server does not work with IP pools that are not attached to a policy or central-snat.

949529

Format string vulnerability in FortiToken commands.
918191, 947814 WAD crash caused by a corruption or an issue that causes authentication loop.
940378 "Entry not found" error when configuring wildcard FQDN address of explicit FTP in GUI.
946360

Some IPs are not translated to the configured IP pools for HTTPS traffic.

925709

Management VDOM option is not supported and should not be in GUI.
946567 "diagnose sys tcpsock" does not show anything.
903680, 950931 Antiphishing scan stops after checking the first potential username.
910115 NTLM authentication times out for no reason.
945019 Support UEFI boot option on FortiProxy KVM and VMware.
947472 SAML authorization fails.

953094

HTTP AV failure due to stream-scan.

889668

Policy test does not match the correct policy.
897347 WAD user-info memory leak.
924644 Explicit proxy with forwarding server and URL list does not work.
948492 Resource limits do not work.
951059 DLP file pattern does not work with HTTP put request.
951998, 952316 VDOM link interface changes assigned VDOM while changing the operation mode.

946455

High CPU usage when counting VDOM sessions.

947931

"config auth setting > user-cert-ca" does not show local CA certificates.

953347

WAD crash.
858281 Add explicit firewall policy logging.
944368

"diag wad license details" displays "Is fabric root: y/n" for devices not in a CSF cluster.

942143

High memory usage when image analyzer is enabled.

955627

Rating service state tracking issues and ReCaptcha failure issue with extensions.
949847 WAD crash when it finishes processing traffic due to empty disclaimer list for default policy.

939056, 944507

FNBI bug fixes.

938810

No IPv6 support for multi-VDOM.

954863

"Content Encoding Error" when using browser for web proxy test.

955286

TCP connection unexpectedly closed by FortiProxy in consecutive explicit HTTP proxy.
951131 Unused IP sets are not always cleaned up.

955600

multiple Signal 6 crashes during configuration.

946944

WAD stats are not stored when process crashes.

955771

WAD manager process consistently crashes.

938821

HTTP explicit fails when multiple web proxy entries for the interface and SOCKS is enabled on the same port as HTTP.
956071 WAD crash when the server closes connection before async UTM is done.
955006 SNI check does not work when "Inspect all ports" is set.
954919 When a worker with ongoing session crashes, its assigned FNBI license seats are not released back to the license pool.

955857

WAD crash at HTTP HEAD request or unknown Content-Type with webfilter content-header action = block.

951070

WAD local AV scan blocks traffic when DLP profile is in place but no AV profile is set.

956230

DLP scan on image analysis is still performed when DLP license is expired.

955876

WAD crash at wad_fw_policy_check_user regularly.
Previous
Next