Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiProxy 7.4.11 Release Notes
    7.4.11
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.13
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.16
    7.2.15
    7.2.14
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.23
    7.0.22
    7.0.21
    7.0.20
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    2.0.14
    2.0.13
    2.0.12
    2.0.11
    2.0.10
    2.0.9
    2.0.8
    2.0.7
    2.0.6
    2.0.5
    2.0.4
    2.0.3
    2.0.2
    2.0.1
    2.0.0
    1.2.13
    1.2.12
    1.2.11
    1.2.10
    1.2.9
    1.2.8
    1.2.7
    1.2.6
    1.2.5
    1.2.4
    1.2.3
    1.2.2
    1.2.1
    1.2.0
    1.1.6
    1.1.5
    1.1.4
    1.1.3
    1.1.2
    1.1.1
    1.1.0
    1.0.7
    1.0.6
    1.0.5
    1.0.4
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.4.11. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID Description

    1102694

    "utmref" and "utmaction" fields are missing in forward traffic log and http-transaction

    traffic log for long-tcp sessions.

    859182

    WAD crashed at fts_crypto_kxp_pub_key_verify_done.
    1143534 Error when deploying fpx_arm64_aws due to short of flash space.
    1155295 Inline-CASB profile is not visible in the Profile Group in both CLI and GUI.
    1001480

    SSH policy display issues in both GUI and CLI.
    1149600

    In explicit proxy policy, if the outgoing interface type is pppoe, all traffic will be blocked when fast matching is enable.
    1162685 Traffic blocked due to per-ip shaper when no shaping policies are configured.
    1149915

    PSK auth method does not work when setting up IPsec IKEv2.
    1155022 Refine traffic log when forward server is down with server-down-option=block.
    1156135 Crashes when configuring policy with mix VIP and L7 addresses on GUI.
    1022507, 1039490 FortiProxy SSO users have no SSL enforcement.
    1098400 Inline IPS custom app dependency issues.
    1164508 Issue with machine account authentication in NTLM and Kerberos.
    1148863 Interface speed statistics are not shown if the interface is moved to a non-root VDOM.
    1071928 Duplicated utm log when log-http-transaction is enabled.
    1167993 Improve WAD statistics through shared memory.
    1169169 Cookie based form-authentication does not work with HTTPS.
    1166774 Policy "max-session-per-user" config update does not take effect.
    1169541 GUI should only be enabled when FortiCare is licensed.
    1165461 Failure in generating CSR with safenet HSM.
    1166902 Under the transparent policy configured with SAML authentication, user traffic fails to redirect to the authentication window.
    1174803 Crash during krb fallback traffic.
    1174060 WAD crash on dia test app wad 110 for shm-stats.
    1155100 Policy matching on WAD with VIP fails in transparent mode.
    1048549 To allow SN prefix FPXVMR and FPXVMO for FortiFlex
    1161593

    Cannot configure ssl-ssh-profile for explicit-web policy with action redirect.
    1128026 Video filter fails to effectively block YouTube videos.
    1172637 "Bad Request" error after clicking LOGIN on captive portal.
    1046939 CASB profile should only be configurable when utm-status is enabled.
    1159424 Implicit deny does not include or block IPv6.
    1177573 Issues related to error handling with wad_str objects and buffer operations.
    1178166 The web browser displays the certificate selection dialog when you access the FortiProxy GUI.
    1177714

    Traffic log for proxy traffic does not include explicit-web-proxy name.
    1178363 Occasional SSL error and WAD crash.
    1168782 URL Catergory Deny not indicated in traffic logs.
    1179713 Some fields are missing when policy type is set to transparent-connect.

    1174812

    Password-protected files sent from FortiProxy cannot be opened or scanned by FortiSandbox.
    1178564 Unable to access any websites intermittently in explicit proxy.
    1177015 When deep-inspection is enabled in policy and https-replacement-message is disabled, web filter log is not generated and traffic log's utmaction shows "allow" for traffic blocked by web filter.
    1173584

    Bypass for oversize files does not work.
    1156883, 1178985, 1183758, 1183978 GUI issues.
    1174463, 1180682, 1182789 Inline IPS crash.
    1172516 Request fails to match VIP on WAD.
    1133068

    Inconsistent blocking behaviors of banned IPs for different policy types and protocols.

    1160110

    Expired user seats are counted as valid in license sharing.

    1160437

    DNS lookup does not work for IPv6.

    1178203

    When inline IPS is enabled, WAD could crash in some HTTP traffic that use absolute or full URL in the requests.

    1026921

    Application control cannot block QUIC when proxy-inline-ips is enabled in the policy.

    1180491, 1188287

    SOCKS request which matches any explicit-web-connect policy skips matching of explicit-web policies.

    1187632

    Duplicate log_id in WAD traffic logs when the forward server is down.

    1137133

    Delay in loading a resolved address for Dynamic Address (FSSO) in the GUI.

    1187305

    Memory leak in inline IPS.

    1189360

    Inaccurate seat calculation for FNBI and FCAS license types during license sharing.

    1138074

    Log display issue when inline IPS is enabled.

    1186795

    Incorrect URL is displayed after form authentication.

    1193771

    When using cookie-based authentication, auth_method shows "NULL" instead of "Cookie".

    1177720

    Connection issues with FortiGate Cloud and FortiSandbox Cloud.

    1193984

    Crash when loading forward server monitor.

    1189310

    RadSec user authentication via local rule in the captive portal causes a crash.

    Common vulnerabilities and exposures

    FortiProxy 7.4.11 is no longer vulnerable to the following CVE reference. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    1187887, 1192040

    CVE-2025-59718 and CVE-2025-59719

    Previous
    Next

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.4.11. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID Description

    1102694

    "utmref" and "utmaction" fields are missing in forward traffic log and http-transaction

    traffic log for long-tcp sessions.

    859182

    WAD crashed at fts_crypto_kxp_pub_key_verify_done.
    1143534 Error when deploying fpx_arm64_aws due to short of flash space.
    1155295 Inline-CASB profile is not visible in the Profile Group in both CLI and GUI.
    1001480

    SSH policy display issues in both GUI and CLI.
    1149600

    In explicit proxy policy, if the outgoing interface type is pppoe, all traffic will be blocked when fast matching is enable.
    1162685 Traffic blocked due to per-ip shaper when no shaping policies are configured.
    1149915

    PSK auth method does not work when setting up IPsec IKEv2.
    1155022 Refine traffic log when forward server is down with server-down-option=block.
    1156135 Crashes when configuring policy with mix VIP and L7 addresses on GUI.
    1022507, 1039490 FortiProxy SSO users have no SSL enforcement.
    1098400 Inline IPS custom app dependency issues.
    1164508 Issue with machine account authentication in NTLM and Kerberos.
    1148863 Interface speed statistics are not shown if the interface is moved to a non-root VDOM.
    1071928 Duplicated utm log when log-http-transaction is enabled.
    1167993 Improve WAD statistics through shared memory.
    1169169 Cookie based form-authentication does not work with HTTPS.
    1166774 Policy "max-session-per-user" config update does not take effect.
    1169541 GUI should only be enabled when FortiCare is licensed.
    1165461 Failure in generating CSR with safenet HSM.
    1166902 Under the transparent policy configured with SAML authentication, user traffic fails to redirect to the authentication window.
    1174803 Crash during krb fallback traffic.
    1174060 WAD crash on dia test app wad 110 for shm-stats.
    1155100 Policy matching on WAD with VIP fails in transparent mode.
    1048549 To allow SN prefix FPXVMR and FPXVMO for FortiFlex
    1161593

    Cannot configure ssl-ssh-profile for explicit-web policy with action redirect.
    1128026 Video filter fails to effectively block YouTube videos.
    1172637 "Bad Request" error after clicking LOGIN on captive portal.
    1046939 CASB profile should only be configurable when utm-status is enabled.
    1159424 Implicit deny does not include or block IPv6.
    1177573 Issues related to error handling with wad_str objects and buffer operations.
    1178166 The web browser displays the certificate selection dialog when you access the FortiProxy GUI.
    1177714

    Traffic log for proxy traffic does not include explicit-web-proxy name.
    1178363 Occasional SSL error and WAD crash.
    1168782 URL Catergory Deny not indicated in traffic logs.
    1179713 Some fields are missing when policy type is set to transparent-connect.

    1174812

    Password-protected files sent from FortiProxy cannot be opened or scanned by FortiSandbox.
    1178564 Unable to access any websites intermittently in explicit proxy.
    1177015 When deep-inspection is enabled in policy and https-replacement-message is disabled, web filter log is not generated and traffic log's utmaction shows "allow" for traffic blocked by web filter.
    1173584

    Bypass for oversize files does not work.
    1156883, 1178985, 1183758, 1183978 GUI issues.
    1174463, 1180682, 1182789 Inline IPS crash.
    1172516 Request fails to match VIP on WAD.
    1133068

    Inconsistent blocking behaviors of banned IPs for different policy types and protocols.

    1160110

    Expired user seats are counted as valid in license sharing.

    1160437

    DNS lookup does not work for IPv6.

    1178203

    When inline IPS is enabled, WAD could crash in some HTTP traffic that use absolute or full URL in the requests.

    1026921

    Application control cannot block QUIC when proxy-inline-ips is enabled in the policy.

    1180491, 1188287

    SOCKS request which matches any explicit-web-connect policy skips matching of explicit-web policies.

    1187632

    Duplicate log_id in WAD traffic logs when the forward server is down.

    1137133

    Delay in loading a resolved address for Dynamic Address (FSSO) in the GUI.

    1187305

    Memory leak in inline IPS.

    1189360

    Inaccurate seat calculation for FNBI and FCAS license types during license sharing.

    1138074

    Log display issue when inline IPS is enabled.

    1186795

    Incorrect URL is displayed after form authentication.

    1193771

    When using cookie-based authentication, auth_method shows "NULL" instead of "Cookie".

    1177720

    Connection issues with FortiGate Cloud and FortiSandbox Cloud.

    1193984

    Crash when loading forward server monitor.

    1189310

    RadSec user authentication via local rule in the captive portal causes a crash.

    Common vulnerabilities and exposures

    FortiProxy 7.4.11 is no longer vulnerable to the following CVE reference. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    1187887, 1192040

    CVE-2025-59718 and CVE-2025-59719

    Previous
    Next