Resolved issues
The following issues have been fixed in FortiProxy 7.4.2. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID | Description |
---|---|
759153 | FortiProxy ignores ARP requests to aggregated port with LACP mode set to active or passive. |
790426 | WAD crashes at wad_ssl_cache_ssl_redir_server. |
806556 | WAD crash at "wad_h2_resume_run". |
829691 |
WAD application signal 11 crash during SSL Proxy AV HTTPS throughput test. |
845361 | WAD crashes at wad_cifs_file_free. |
854913 | License widget shows modules that irrelevant to FortiProxy. |
869999 |
Order of isolator profile entries cannot be adjusted. |
872707 | Search bar is missing in the User Monitor Dashboard. |
920401 | Traffic dropped when policy with action "isolate" is added in the configuation. |
924398 | FTP passive mode fails to establish data channel via DNAT as the IP/port provided by the server is not translated. |
927494 | Web filter logs only one HTTP request from an HTTP connection that includes multiple HTTP requests. |
934392 |
Upgrade configuration errors. |
941390 |
In certificate inspection, FortiProxy blocks blocklist certificate with no replacement message. |
941531 | Error when saving a shaping policy with the destination interface set to a zone. |
945197 | Configuration value of the interface IP address should not be synced within a FortiProxy HA cluster on Azure. |
946926 |
QUIC connection fails to enter bypass when the server does not issue retry packet. |
946944 | WAD stats reset after process crashes. |
948257 | Successfully authenticated user is prompted to re-login to Microsoft Edge. |
948486 | "dia sys vd stats" does not show VDOM status information. |
948498 | Management traffic failed if the management interface is in a non-root VDOM. |
949393 | Files exceeding the configured size in DLP sensor still gets downloaded. |
951108 |
Crash at wad_sec_policy_result_free. |
952276 | FortiProxy widgets show no statistics for interfaces in non-root VDOMs. |
952563 | When forward server is enabled with masquerade disabled and central SNAT map has IP pool enabled, traffic still goes to the forward server using a masquerade address instead of the IP pool address. |
952694 | FortiProxy-4000E scanunit daemon crashes continuously at load_SearchFile. |
953240 | Memory leak on ICAP forward headers. |
953727 | Inline CASB custom control option configuration is missing. |
954248 | ICAP local server hostname is not shown correctly in DLP log when you use ICAP local server with DLP profile. |
954402 | config-error-log errors when loading CASB.profile configuration due to incorrect handling the CASB DB deleted entries. |
954541 |
In WANOPT transparent mode, WAN optimization does not keep the original source address of the packets. |
954642 |
Redirect errors during ZTNA SAML authentication. |
954913 | CSF preferred seat should be capped at model max to prevent misconfiguration. |
955517 | The interface in non-management VDOMs cannot send out ARP. |
956493 | Number of events exceeds limit and and bytes are dropped in traffic shaping. |
956495 | Webfilter log shows wrong category description. |
957580 | cloudinit crashes when reading "User Data" (e.g. lic file) during FortiProxy AWS deployment. |
958051 | Potential memory leaks and crashes. |
958922 | Wrong policy match when URL list is set as destination. |
959204 |
WAD crash when using load balancing with SSL offloading. |
959421 | Cannot download files with a size greater than 5 MB via FortiProxy with SSL deep inspection and DLP profile enabled. |
959498 | All traffic transactions are unsuccessful in proxy AV and IPS HTTP throughput test. |
959608 | Failed to build vimeo-app with inline CASB. |
959998 |
HA secondary device keeps rebooting when it has a different disk usage set for the first disk than the primary and the configuration to be synced is massive. |
960182 | Remove some unused options for creating a new isolator profile. |
960604 | admin-server-cert configuration should not be synced in config-sync cluster. |
960677 | HTTP transaction log does not have category information and drops logs sometimes. |
960923 | Error "Can not create query" occurs when you set ha-direct enable in CLI. |
961454 | User ldap group cache is not updated in time as the timer. |
961488 | VPN user IP spoofing. |
961688 | Crash in IP tables generation due to invalid shaping policy configuration. |
962137 | HTTP CONNECT requests should not be redirected during cert-based authentication. |
962816 | Cannot delete disabled customized SaaS applications from inline CASB profile. |
963085 | Forticron crash causing external threat feed not to refresh or fetch new information. |
963418 |
File name is missing in oversized file blocking replacement messages. |
964134 | FortiProxy should not allow a combination of FTP and other protocols during forward server configuration. |
964146 |
Issues with forward server "Health Monitor" configuration option for different protocols. |
965226 | File types configured as blocked can still be downloaded from web mail. |
965254 | FortiProxy uses interface IP instead of IP pool setting when multiple IP pools are configured on the firewall policy. |
965642 |
No default certificate for firewall ssl-server entries. |
966238 | Restore image crash. |
966459 |
WAD memory leak during stress testing. |
966597 |
Number of proxy/UTM sessions does not reflect actual usage. |
966602 |
Log fields "filename" and "clouduser" are missing for cloud DAC signatures after enabling the proxy inline IPS. |
966647 |
Video filter cannot obtain channel ID. |
966780 |
Inline IPS is rebuilt on reboot or upgrade, causing high CPU usage. |
967025, 966827, 968848, 967049, 967029, 966956, 968971, 968938, 968994, 966973 |
Issues with inline CASB. |
967177 | Oversize limit does not work correctly. |
967488 | Unable to configure GRE tunnel. |
967522 |
Block page displays the name of the content of the zip file instead of the actual zip file name. |
967528 |
Crash at http3/wad_qpack when HTTP header value is empty. |
967579 | Per-IP traffic shaper does not function when the shaping policy's destination address is a proxy-address of type url-category. |
967823 |
Inline IPS behavior issues. |
968000 |
Settings for rate-based IPS signature are not honored for inline IPS. |
968143 |
Port number is stripped off for forwarding servers. |
968514 | WAD CPU reaches 99.9% and causes service impact due to buffer overflow. |
968660 | Traffic log gets trimmed if the size exceeds 1900. |
969007 |
Transport parameters error for QUIC peer connection. |
969539 | "Forward Server Monitor" Widget shows blank results. |
969997 | FortiProxy username is not shown in log if the authentication failed. |
970003, 972976, 978538, 979741 |
GUI issues. |
970863 |
FortiProxy fails to match google-translate regex matching rule. |
970895 |
http-transaction log incorrectly records the forward server IP as the destination IP/port. |
970975 | Web filter fails to get sub-category of plain HTTP based on URL path in certificate inspection mode. |
970993 |
Traffic is not blocked as expected when you set application with parameters to block in inline IPS. |
971068 |
Unable to match first group attribute from SAML assertion and requests may be denied. |
971232 |
Youtube application cannot be blocked by inline CASB. |
971380 |
Wad memory leak in inline IPS during stress testing. |
971506 |
Crash at qpack sanity test. |
971759 | Fix cookie_v4 kernel panic. |
972306 |
Cannot change captive portal SSL port number in transparent mode. |
972312 |
When the type is set to Geography for an address object, the Country/Region list is empty. |
972980 | Cannot create VDOM link on FPX-4000G. |
973055 | Remove unnecessary wad debug logs. |
973312 |
Downloading by FTP-over-HTTP with FTPS EPSV mode gets hung up when inspect-all is applied to web proxy policy. |
973457 | cmdbsvr crash when accssing CMDB complexes. |
973506 |
Inline IPS crash when IPS sensor has CVE set. |
973994 |
IP table does not have a dedicate field for virtual-server vsid. |
974170 |
Wad memory leak in inline IPS during stress testing. |
974307 | WAD crashes if scanunit crashes when scanning a file. |
974938 |
Wrong product references in FortiProxy log IDs. |
975392 | When you create an ICAP server group, the first ICAP server on the server list is dropped. |
975404 |
URL category proxy address configuration change does not take effect on shaping policy. |
975749 |
Potential performance issues caused by inline IPS database building. |
975833 |
When CVE is set in an IPS sensor, traffic could mismatch custom signatures even if they are not set in the filter. |
976129 |
Issues with botnet violation log when proxy inline IPS is enabled. |
976198 |
Missing port check for ICAP local server when configuring port in other services. |
976713 |
Connection is closed during SSL offload by "config firewall ssl-server". |
977581 |
"FortiProxy scheduled update failed" error. |
977605 |
An IPS configuration learning issue may cause failure in rule matching after you update a CVE or vuln-type-based IPS sensor entry to rule-based. |
977734 |
Access to secondary unit is not granted when you use the SVI interface for management in HA. |
977972 |
The GUI terminal cannot show the "dia sys top" correctly. |
978389 |
Inline IPS matching performance issue. |
978544 | When a request is sent with header "Cache-Control: max-age=0", the content is not returned and the connection is closed. |
978621, 978635, 978644, 978816 |
Inline IPS memory corruption and memory leak issue. |
978788 |
The kernel will panic when running a debug trace with vd/vd-name set to a non-root vdom. |
979936 |
When configuring ipv6 addresses in the CLI, all types of external-resource for ipv6 address are listed. Only the external-resources of type "domain" and "address" should be listed. |
980407 |
ICAP client fails to close tcp-port on connect error, resulting in leak session-context. |
980503 |
Cannot create an isolator server on the proxy policy page in the GUI. |
981332 |
Traffic cannot access Internet via non-root VDOM's transparent proxy policy. |
981551 |
WAD crashes with SSL ICAP local server when the ICAP server has an invalid SSL certificate. |
906712 949847 |
Crash on wad_diag_stats_policy_list. |
928048 955219 |
Match file name is wrong when downloading xz file from Google Drive. |
936771 936874 |
Wrong replacement message when outbreak prevention and file filter or DLP profile (both attached the to same policy) are enabled. |
943784 976103 |
The Inline CASB HTTP header change function does not update the new header name and value length correctly. |
944302 962671 |
Configuring inline CASB to block an application causes the access to the complete application-related domains to be blocked. |
967083 967507 |
Firewall policy schedule does not work correctly. |
940149 964421 966762 |
Rapid reset HTTP/2 DOS. |
960116 964872 967196 |
Issues in the inline CASB CLI. |
970051 970264 971551 |
Session monitor and Interface bandwidth widgets do not work. |
Common vulnerabilities and exposures
FortiProxy 7.4.2 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE reference |
---|---|
973351 |
|
958440 |
|
964421 |
|
855912 |