Resolved issues
The following issues have been fixed in FortiProxy 7.4.1. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID |
Description |
---|---|
936409 |
FortiProxy did not support nested addrgrp definition, which caused a configuration error while upgrading. |
896476 |
FortiProxy rejects CONNECT request with body and extra data. |
935749 |
Explicit policy was not added to policy list when the policy changes its web-proxy. |
932475, 935925 |
FortiProxy not showing proxy policy after restoring the configuration, but it is shown in the CLI. |
903925, 931277, 934403, 912281, 934477, 955688, 955351, 930920 |
Fix some GUI issues. |
929821 |
"Bad gateway" error message and httpsd process exits with segmentation fault when generating a TAC report from GUI. |
933030 |
Disable netflow and sflow commands which are not supported by FortiProxy. |
927635 |
Web proxy in transparent mode cannot match interfaces. |
927316 |
SNAT uses interface IP address instead of address from IP pool with forward server. |
939241, 939575 |
High CPU when DNS server is busy. |
938767 |
Alternative DNS does not work. |
937734 |
Crash with custom IPs and implicit FTPS traffic. |
939160 |
WAD crash on traffic when VDOM is enabled and a global webfilter profile is attached to a policy. |
936513 |
DNS is not updated with HA reserved mgmt interface. |
934498 |
When log-http-transaction is enabled, forward traffic to WAD only when UTM is enabled or the action of the policy is deny. |
941755 | FPX-400G platform configuration has the wrong maximum number of wad workers. |
938373 | Deep inspection uses default-untrusted-ca instead of default-ca. |
846986 | IPsec monitor widget resets incoming and outgoing data counter. |
941045 | Local rating picks the wrong category when URL path false matches to a longer local rating URL. |
924740 |
Need to verify filters of wad debug trace and make sure all the necessary info is logged and filter works properly. |
915834, 940065 |
HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port. |
936353 |
FortiClient ztna-tcp-forwarding traffic was denied with a replacement block page " no device info was found" sometimes. |
939679 | WAD crash on proto_stats startup due to race condition. |
943033 |
WAD crash. Empty vdom-dns.ssl-certificate after toggling from vdom-dns from "disable" to "enable". |
940881 | FortiProxy crashes when handling a rating request. |
942078 | LDAP admin login in HA cluster secondary not successful due to invalid DNS request. |
938436 | CA certificates are not displayed in the selection list of server certificate. |
942872 |
TLS traffic is treated as plain text. |
916276 | FortiProxy memory leak consuming a lot of memory. |
945012 | Admin name containing spaces breaks trusthosts. |
934094 |
Some websites through explicit proxy get blocked randomly. |
947960 |
Available CA options in GUI does not match the options in CLI. |
945257 | GUI shows PAC policy while the user's admin profile is configured with System Read/Write. |
945802 | Cannot edit antivirus profile from GUI when Access Control is configured as "set secfabgrp none". |
940162 | FPX_VMWARE should be categorized as high end model. |
928417 |
ICAP server should set DLP profile instead of DLP sensor. |
951054 | GUI user group information is inconsistent with CLI configuration. |
948142 | Memory utilization increases after upgrade. |
942346 | DNS proxy updates captive portal FQDN IP set with 0 IPs, causing IP tables to drop auth packets. |
940447 | SSLVPN frds service can be abused by authenticated users to cause memory leak. |
950731 | ICAP client always fails to get a proper ICAP server. |
669491 |
Some online help links do not work. |
938018 |
Confusing message when upgrading FortiProxy. |
949373 | Unable to define AV rule with FortiSandbox cloud. |
949538 | When "gui-ipv6" is disabled under global, the IPv4 destination object is miss in the authentication rule in GUI. |
949040 | WAD process causes memory leak for session-based authentication rules. |
942111 | FortiProxy does not attempt to resolve IPv6 addresses even when IPv6 is enabled on many policies. |
948506 | Restoring VDOM config from the GUI results in an exception error. |
949303 | Forward server does not work with IP pools that are not attached to a policy or central-snat. |
949529 |
Format string vulnerability in FortiToken commands. |
918191, 947814 | WAD crash caused by a corruption or an issue that causes authentication loop. |
940378 | "Entry not found" error when configuring wildcard FQDN address of explicit FTP in GUI. |
946360 |
Some IPs are not translated to the configured IP pools for HTTPS traffic. |
925709 |
Management VDOM option is not supported and should not be in GUI. |
946567 | "diagnose sys tcpsock" does not show anything. |
903680, 950931 | Antiphishing scan stops after checking the first potential username. |
910115 | NTLM authentication times out for no reason. |
945019 | Support UEFI boot option on FortiProxy KVM and VMware. |
947472 | SAML authorization fails. |
953094 |
HTTP AV failure due to stream-scan. |
889668 |
Policy test does not match the correct policy. |
897347 | WAD user-info memory leak. |
924644 | Explicit proxy with forwarding server and URL list does not work. |
948492 | Resource limits do not work. |
951059 | DLP file pattern does not work with HTTP put request. |
951998, 952316 | VDOM link interface changes assigned VDOM while changing the operation mode. |
946455 |
High CPU usage when counting VDOM sessions. |
947931 |
"config auth setting > user-cert-ca" does not show local CA certificates. |
953347 |
WAD crash. |
858281 | Add explicit firewall policy logging. |
944368 |
"diag wad license details" displays "Is fabric root: y/n" for devices not in a CSF cluster. |
942143 |
High memory usage when image analyzer is enabled. |
955627 |
Rating service state tracking issues and ReCaptcha failure issue with extensions. |
949847 | WAD crash when it finishes processing traffic due to empty disclaimer list for default policy. |
939056, 944507 |
FNBI bug fixes. |
938810 |
No IPv6 support for multi-VDOM. |
954863 |
"Content Encoding Error" when using browser for web proxy test. |
955286 |
TCP connection unexpectedly closed by FortiProxy in consecutive explicit HTTP proxy. |
951131 | Unused IP sets are not always cleaned up. |
955600 |
multiple Signal 6 crashes during configuration. |
946944 |
WAD stats are not stored when process crashes. |
955771 |
WAD manager process consistently crashes. |
938821 |
HTTP explicit fails when multiple web proxy entries for the interface and SOCKS is enabled on the same port as HTTP. |
956071 | WAD crash when the server closes connection before async UTM is done. |
955006 | SNI check does not work when "Inspect all ports" is set. |
954919 | When a worker with ongoing session crashes, its assigned FNBI license seats are not released back to the license pool. |
955857 |
WAD crash at HTTP HEAD request or unknown Content-Type with webfilter content-header action = block. |
951070 |
WAD local AV scan blocks traffic when DLP profile is in place but no AV profile is set. |
956230 |
DLP scan on image analysis is still performed when DLP license is expired. |
955876 |
WAD crash at wad_fw_policy_check_user regularly. |