Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.7
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiProxy 7.4.7 Release Notes
    7.4.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.13
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.16
    7.2.15
    7.2.14
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.23
    7.0.22
    7.0.21
    7.0.20
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    2.0.14
    2.0.13
    2.0.12
    2.0.11
    2.0.10
    2.0.9
    2.0.8
    2.0.7
    2.0.6
    2.0.5
    2.0.4
    2.0.3
    2.0.2
    2.0.1
    2.0.0
    1.2.13
    1.2.12
    1.2.11
    1.2.10
    1.2.9
    1.2.8
    1.2.7
    1.2.6
    1.2.5
    1.2.4
    1.2.3
    1.2.2
    1.2.1
    1.2.0
    1.1.6
    1.1.5
    1.1.4
    1.1.3
    1.1.2
    1.1.1
    1.1.0
    1.0.7
    1.0.6
    1.0.5
    1.0.4
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.4.7. For inquiries about a particular bug, please contact Customer Service & Support.

    Description

    Bug ID
    1087908 No authentication popup when ldap-user-cache is enabled.
    1084141 Cannot establish signature authmethod with IPsec.
    1090073 Incorrect product name in the readme file of VMWare .ovf.zip.

    1073651

    "dot.quic" in no-inspection profile is not updated to bypass when the FortiProxy is first installed.
    1088776 Digest auth crash.
    1088339 Webfilter not blocking static URL list if 204 response is enabled.
    1020828 WAD HTTP2 Stream Error when client send a small concurrent stream and make multiple concurrent requests.

    1088412

    No URL in the auth failed event log.

    1088519

    WAD does not check BOTNET when inline IPS is disabled.

    1083357

    Application Control does not block SharePoint upload.
    1083359 Missing client IP in denied explicit forward traffic log.

    1093624

    Proxy regular expression and wildcard local URL filter pattern issues.

    1091016

    Config-sync HA cluster is out of sync after upgrade due to "authentication.setting.update-time".

    1087486

    ICAP client does not do URI encoding when converting FTP to HTTP.

    537134

    Session is not terminated after web-filter quota is reached.
    1018780, 1023127 WAD crash on wad_http_avscan_comfort.
    978602, 1066078, 1066567 Inline IPS and IPS engine redirection issues.

    1089193

    FortiProxy failed to communicate with RADIUS server that lacks message-authenticator support.
    1083188, 1089697 Proxy AV does not generate infected-URL cache entry if the first request is HTTP/2.

    1078395

    Upgrade libnetfilter_conntrack to include the coverity fixes.

    1092324

    Randomly the auth portal is not displayed in the secondary.

    1095945

    Cannot reset one of the scanunit debugs, which permanently floods the CLI with output.

    1085179

    Channel video cannot be blocked by proxy-inline-ips scan when user directly visits the video by URL.

    1093671

    Policy route with port configured causes IP tables failure.
    1091669 CMDBError with Active-Passive config and Management Interface Reservation per WebUI

    1094396

    session-sync-dev is unsupported and should be hidden in CLI.

    1005867, 1087631

    AV scan does not work for archived msoffice, msofficex and 7z files.

    1096348

    Unexpected logs are generated for the known applications when the logging is disabled in application profile.

    1093923

    WAD crash caused by NULL webfilter profile when cmdb having issue.

    1082378

    The counter of bytes shows 0 after SOCKS traffic matched the policy.

    1096450

    WAD process crashes continuously.

    1094717

    Root CA certificate should be filtered out for option ssl-cert under web-proxy global.

    1099891

    firewall.address type wildcard does not support non-contiguous masks.

    933225

    Unexpected message during link monitor deamon start.

    1097384

    FortiProxy SOCKS policy-matching is case-sensitive while case-sensitivity is disabled globally.

    1083925

    When captive portal is set to FQDN, it fails to match due to FQDN case sensitivity.

    1070388

    FortiProxy does not respond to an ICMP request from directly connected interfaces.

    1101390

    Proxy-address host address config update does not take effect.

    1100611

    VMware kernel panic does not log to console.

    1096705

    With inline-IPS enabled, no SNMP traps are generated when an IPS signature is detected.

    1096290

    WAD crash at wad_log_http_transaction.

    1103545

    Serverlo ad balance VIP in policy causes IP tables failure.

    1097877

    The license sharing widget does not show the purchased license seats of temporarily disconnected members that are still within the 8-hour grace period.

    1103035

    No backward-compatibility for license sharing.

    1099324

    "fpx_snat_pick_ip" related kernel messages in crashlog.

    1099850

    WAD crashes when it tries to initialize a QUIC listener on a port that has been already assigned to another UDP listener in another daemon (e.g. DNS proxy).

    1102477

    Unable to download PAC file in PAC policy.

    1095866

    WAD not responding to clients with error when SMB uploads are blocked.

    1101083

    WAD app-based policy crash.

    1074493

    Some HTTP Transaction logs do not contain category and category description when webfilter is enabled.

    1088866

    Uploading of password-protected archive files is blocked.

    1100906

    Source NAT shows 0.0.0.0 in the logs.

    1103421

    Inline IPS does not block PDF as expected.

    1103965

    Fails to create local certificate file.

    1096728

    Continuous WAD crashing on Azure which affects some VIP traffic.

    983997, 1099574

    Failed to validate two different CAs with the same subject and issuer.

    1085418

    Content analysis filename shows "Image Cache Was Cleared".

    1103110, 1106077, 1094526, 1105757

    GUI issues.

    1105731

    Add connection timeout and its handler in wad_p2s_http_sesmodule.

    Common vulnerabilities and exposures

    FortiProxy 7.4.7 is no longer vulnerable to the following CVE reference. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    1092960, 1093060

    CVE-2024-45324

    Previous
    Next

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.4.7. For inquiries about a particular bug, please contact Customer Service & Support.

    Description

    Bug ID
    1087908 No authentication popup when ldap-user-cache is enabled.
    1084141 Cannot establish signature authmethod with IPsec.
    1090073 Incorrect product name in the readme file of VMWare .ovf.zip.

    1073651

    "dot.quic" in no-inspection profile is not updated to bypass when the FortiProxy is first installed.
    1088776 Digest auth crash.
    1088339 Webfilter not blocking static URL list if 204 response is enabled.
    1020828 WAD HTTP2 Stream Error when client send a small concurrent stream and make multiple concurrent requests.

    1088412

    No URL in the auth failed event log.

    1088519

    WAD does not check BOTNET when inline IPS is disabled.

    1083357

    Application Control does not block SharePoint upload.
    1083359 Missing client IP in denied explicit forward traffic log.

    1093624

    Proxy regular expression and wildcard local URL filter pattern issues.

    1091016

    Config-sync HA cluster is out of sync after upgrade due to "authentication.setting.update-time".

    1087486

    ICAP client does not do URI encoding when converting FTP to HTTP.

    537134

    Session is not terminated after web-filter quota is reached.
    1018780, 1023127 WAD crash on wad_http_avscan_comfort.
    978602, 1066078, 1066567 Inline IPS and IPS engine redirection issues.

    1089193

    FortiProxy failed to communicate with RADIUS server that lacks message-authenticator support.
    1083188, 1089697 Proxy AV does not generate infected-URL cache entry if the first request is HTTP/2.

    1078395

    Upgrade libnetfilter_conntrack to include the coverity fixes.

    1092324

    Randomly the auth portal is not displayed in the secondary.

    1095945

    Cannot reset one of the scanunit debugs, which permanently floods the CLI with output.

    1085179

    Channel video cannot be blocked by proxy-inline-ips scan when user directly visits the video by URL.

    1093671

    Policy route with port configured causes IP tables failure.
    1091669 CMDBError with Active-Passive config and Management Interface Reservation per WebUI

    1094396

    session-sync-dev is unsupported and should be hidden in CLI.

    1005867, 1087631

    AV scan does not work for archived msoffice, msofficex and 7z files.

    1096348

    Unexpected logs are generated for the known applications when the logging is disabled in application profile.

    1093923

    WAD crash caused by NULL webfilter profile when cmdb having issue.

    1082378

    The counter of bytes shows 0 after SOCKS traffic matched the policy.

    1096450

    WAD process crashes continuously.

    1094717

    Root CA certificate should be filtered out for option ssl-cert under web-proxy global.

    1099891

    firewall.address type wildcard does not support non-contiguous masks.

    933225

    Unexpected message during link monitor deamon start.

    1097384

    FortiProxy SOCKS policy-matching is case-sensitive while case-sensitivity is disabled globally.

    1083925

    When captive portal is set to FQDN, it fails to match due to FQDN case sensitivity.

    1070388

    FortiProxy does not respond to an ICMP request from directly connected interfaces.

    1101390

    Proxy-address host address config update does not take effect.

    1100611

    VMware kernel panic does not log to console.

    1096705

    With inline-IPS enabled, no SNMP traps are generated when an IPS signature is detected.

    1096290

    WAD crash at wad_log_http_transaction.

    1103545

    Serverlo ad balance VIP in policy causes IP tables failure.

    1097877

    The license sharing widget does not show the purchased license seats of temporarily disconnected members that are still within the 8-hour grace period.

    1103035

    No backward-compatibility for license sharing.

    1099324

    "fpx_snat_pick_ip" related kernel messages in crashlog.

    1099850

    WAD crashes when it tries to initialize a QUIC listener on a port that has been already assigned to another UDP listener in another daemon (e.g. DNS proxy).

    1102477

    Unable to download PAC file in PAC policy.

    1095866

    WAD not responding to clients with error when SMB uploads are blocked.

    1101083

    WAD app-based policy crash.

    1074493

    Some HTTP Transaction logs do not contain category and category description when webfilter is enabled.

    1088866

    Uploading of password-protected archive files is blocked.

    1100906

    Source NAT shows 0.0.0.0 in the logs.

    1103421

    Inline IPS does not block PDF as expected.

    1103965

    Fails to create local certificate file.

    1096728

    Continuous WAD crashing on Azure which affects some VIP traffic.

    983997, 1099574

    Failed to validate two different CAs with the same subject and issuer.

    1085418

    Content analysis filename shows "Image Cache Was Cleared".

    1103110, 1106077, 1094526, 1105757

    GUI issues.

    1105731

    Add connection timeout and its handler in wad_p2s_http_sesmodule.

    Common vulnerabilities and exposures

    FortiProxy 7.4.7 is no longer vulnerable to the following CVE reference. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    1092960, 1093060

    CVE-2024-45324

    Previous
    Next