Resolved issues
The following issues have been fixed in FortiProxy 7.4.3. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID | Description |
---|---|
985560 |
Application IDs do not show up in CLI. |
972058 |
Proxy inline IPS service should be "HTTPS" instead of "https" in IPS log for HTTPS traffic. |
985686 |
OpenSSL fails to encrypt and decrypt VD licenses. |
982273 |
Certificate authentication group information query fails. |
982883 |
Attack traffic for inline IPS cannot be exempted if set src-ip/dst-ip for both direction are in exempt-ip list. |
982015 |
IP addresses are removed after factory reset when more than 4 ports are configured. |
968509, 968524 |
Raw data and attack context are missing from inline IPS log. |
985198 | IP address threat feed connection status indicates "Other Error". |
955481 983897 |
When fast-policy-match is enabled, traffic is matched to wrong policy during a specific period of time. |
980527 | CLI should not allow the FTP protocol in config web-proxy isolator-server . |
980994 | External-resource type other than address and domain are not filtered out for firewall.policy.dstaddr6 and srcaddr6. |
977734 | Access to secondary unit is not granted when you use the SVI interface for management in HA. |
979936 | When configuring ipv6 addresses in the CLI, all types of external-resource for ipv6 address are listed. Only the external-resources of type "domain" and "address" should be listed. |
986971 | WAD crash on wad_secure_webproxy_ssl_set. |
982669 | IPS filter type protocol does not detect matched signature and bypass traffic with proxy inline-ips enabled. |
948042 | Failed to create VDOM with a name longer than 11 characters in the CLI when long-vdom-name is enabled. |
984179 984948 |
Application Control profile does not work on non-root VDOM. |
988098 | Crash during smtp-over-http. |
983920 |
Policy with dnat vip is denied when log-http-transaction is set to "all". |
976775 |
When policy based routing is configured and traffic is redirected to WAD, traffic from the FortiProxy back to the client is routed via static routing. |
980297 |
GUI shows empty remote groups while CLI configuration shows the correct remote group configuration. |
980702 |
URL rating lookup does not support valid URLs with forward slash. |
987777 |
Policy ID is not available for disabled policies in the FortiProxy GUI. |
974938 |
Remove references to unsupported features in FortiProxy log IDs. |
978473 982156 |
URL local/user category rating result shows only one best match category but not the other matched local/user categories configured in the profile. |
945197 |
Configuration value of the interface IP address should not be synced within a FortiProxy HA cluster on Azure. |
982637 |
Cannot start a capture in a non-root VDOM. |
985485 |
FortiProxy interface does not respond when HA has multiple vclusters. |
947928 |
In Policy & Objects > Proxy Auth Settings, you cannot unset a CA certificate once it is set. |
964747 |
No method legend in User Monitor widget. |
990142 | Interfaces with no members are allowed to be aggregated in GUI. |
773815 988544 |
AD group cache update issue. |
986806 | Crash in WAD user-info process. |
988402 |
Cannot use HA reserved management interface to send log to FortiAnalyzer. |
982614 |
Anti-virus incorrectly blocks the upload of good Excel files to OneDrive with corrupted archive error. |
989515 |
Crash on building fast match table when the source interface is configured with an empty system zone. |
967538 |
Traffic that should get IPS scanned passes through when IPS is out of service. |
985374 |
HA is out of sync after automatic reboot. |
981069 981546 |
ICAP is unable to bypass when ICAP remote server is offline and health-monitor is disabled. |
987387 |
On a non-root VDOM with multiple explicit-web entries, changes to policies are not applied properly. |
981193 |
FortiProxy do not send authentication request after proxy-re-authentication-time is passed. |
972919 |
Buffer overflow and format string vulnerabilities. |
985058 |
Weak key derivation for backup file. |
992186 |
Packet capture warning message is irrelevant and confusing. |
986713 | Config restore takes the device into system maintenance mode and makes it inaccessible. |
989621 | utmref is missing in forward traffic logs with http transaction log enabled. |
977905 | AV proxy profile causes issues with SMB access. |
990161 | HA secondary acts like primary in vcluster1 after the switch of primary and secondary in vluster2. |
983371 | WAD procmgr hangs on waitpid. |
977645 |
Incorrect output when viewing FortiView Proxy Policy with source set to FortiAnalyzer. |
991641 | Unable to save changes shaping policy when dstaddr6 is set to be an IPv6 FQDN address with wildcard (*). |
993581 | GUI DLP rules ID duplicate issue when you delete one and add another. |
993799 | Remove Fabric Overlay Orchestrator from GUI. |
993597 | WAD crashes when user LDAP server is configured. |
915834 | HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port. |
987687 | "Can not create query" error while deleting VDOMs. |
988015, 992933 | "sysctl ifconfig" does not work when the interface belongs to a non-root VDOM. |
989798 | Out-of-bounds write in SSL VPN. |
983298 | Forward logs for non-root VDOM are only visible in root VDOM. |
992167 | Providing an invalid client certificate during certificate authentication can create a redirection loop. |
985049 | XSS vulnerability in reboot page. |
989784 | Access to other users' bookmarks in SSL VPN web mode. |
979936 | When configuring ipv6 addresses in the CLI, all types of external-resource for ipv6 address are listed. Only the external-resources of type "domain" and "address" should be listed. |
980994 | External-resource type other than address and domain are not filtered out for firewall.policy.dstaddr6 and srcaddr6. |
988016 |
Aggregate interface is not initialized on startup when the aggregate is in a non-root VDOM. |
982716 |
False warning "unresovled FQDN" for all FQDN addresses other than wildcard FQDN. |
956570, 975752, 990586, 991059 |
Inline CASB UTM log issues. |
980924, 983161 |
Inline CASB upgrade issues. |
993080 |
Irrelevant fields in the VDOM configuration window in GUI. |
989660, 989668 |
rawdataid/rawdata, forwardedfor, and trueclntip are missing from inline IPS utm log. |
983856 |
"unknown-1" is listed in FortiView proxy applications tab. |
985902, 987198, 987298, 987310, 988250 |
Inline CASB CLI bug fixes. |
993108 | CLI hangs after you delete a VDOM from the CLI. |
994230 | WAD crashes when SOCKS request fails to connect to LDAP server. |
995622 | SOCKS request is unable to match web-proxy entity in auth rule and WAD crashes. |
985557 | HA in transparent mode fails to form due to dropped ARP requests. |
979908 |
No validation for source interface field for "ssh-tunnel" type policy in GUI. |
997177 | FortiProxy GUI cannot display ICAP log. |
992245 |
FQDN ipset is not populated after the captive portal configuration changes from IP to FQDN. |
989694 |
ICAP secure server with webfilter crashes on the first request. |
977530 |
HTTPS over locally resolved SOCKS webfilter not working. |
992599 | UTM action and count information is missing in http-transaction-log for HTTPS request when tp-policy is certificate-inspect. |
992853 | After matching an url-match in SOCKS proxy forwarding, the original IP rather than the fw_server ip is used to get the interface for policy matching. |
979219 | FortiProxy A/A cluster with VDOMs drop packets. |
981211 | Global system default settings for TLS 1.2 are not applied upon LDAP connection to domain controller. |
990257 |
Forward message sends the cookie header with original length but corrupted data. |
998086 |
New CASB entries are not created on none-root VDOM during CASB DB upgrade. |
998488 |
worker.tcp fails in "diag wad stats". |
999050 |
Certificate tab keeps loading the certificate is selected. |
997336 |
Cannot establish FSSO connection from FortiProxy VDOMs. |
997001 |
External resource cannot update for IPv6 hosts. |
975685 |
FortiProxy 400E possible WAD memory leak. |
996012, 997905 |
SOCKS policy match does not support url-list dstaddr type. |
959421 |
Cannot download files with a size of more than 5 MB via FPX with SSL deep inspection and DLP profile enabled. |
997868 |
Error during auth TLS for FTP service. |
992632 |
Inline CASB log is missing policytype field. |
992245 |
FQDN ipset is not populated after the captive portal configuration changes from IP to FQDN. |
995824 |
Counter value returns 0 for non-root interface when polling via SNMP. |
994749 |
URL filter fails to block transparent HTTPS traffic with IP hostname. |
868634 |
Bypass of root file system integrity checks at boot time. |
993166 |
When managed by FortiManager, HA-mode FortiPoxy triggers an auto update every 30 minutes. |
999664 |
Unable to allow the connections to match existing configured policy. |
923920 |
ICAP 204-response is not shown correctly and cannot be edited in GUI. |
986713 |
After configuration restore, the device changes to system maintenance mode and becomes inaccessible. |
993506 |
Remove CLI for in band HA management, which is not supported by FortiProxy. |
975759 |
When multiple control options are taking action in inline CASB, only the first action generates a UTM log. |
FortiNBI
The following issues have been fixed in FortiNBI. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID | Description |
---|---|
886077, 930915, 934251, 956123, 959594, 962908, 977250, 979177, 993669, 989676, 996544, 996542, 988642 |
FortiNBI bug fixes. |
959232 | Crash when downloading the FortiNBI installer. |
959263 | FortiNBI rating error and all pages are broken in the FortiNBI application. |
N/A |
Log collection fails if the isolator is not installed. |
N/A |
Instability issues caused by isolator state tracking. |
N/A |
Isolator download timeout is too long. |
N/A |
Service state are not accurate in edge scenarios during restart. |
N/A |
GUI is unavailable due to a broken link to Windows App SDK. |
N/A |
No timeout when task fails to start repeatedly. |
Common vulnerabilities and exposures
FortiProxy 7.4.3 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE reference |
---|---|
989784 |
|
989798 |
|
993863 |
|
868634 |