Resolved issues
The following issues have been fixed in FortiProxy 7.0.11. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID | Description |
---|---|
838884, 872405, 873471, 891898, 903840 |
Forward server status is not updated on long TCP session and https traffic. |
905030 | Shaping policy does not support diffserv-forward and diffserv-reverse. |
905027 | Wildcard FQDN cannot be selected as dst-addr in central-snat-map while addrgrp with wildcard FQDN can be selected. |
882867 | Proxy policy match resolve IP to multiple internet-service app_id. |
904696 | Missing explicit check to see if filesize and scan-oversize-limit exists for ICAP oversize events. |
902997 | "ipset destroy" does not work as intended. |
865784 865828 |
Some options of internet-service and internet-service6 do not function correctly. |
903187 | Improve the help text of the 'explicit-ftp-tls' option under "config firewall profile-protocol-options". |
901550 | Daemon 'radiusd' crashes on ha config-sync primary when mode changes from config-sync to standalone. |
902087 | ICAP scan-oiversize-log does not record event when file size is known ahead of scanning and bypassed. |
870099 | LDAP cache was not updated properly after the user group changed in Active Directory server. |
901472 | Email filter profile gets lost during the upgrade from FortiProxy v2 to v7. |
906586, 907738, 908012, 910373, 911413, 921492, 922847, 810112, 890307, 912749, 915426, 918527, 923468 |
Fix some GUI issues. |
908382 | GUI access to the FortiProxy should work when transparent mode is used with the Active-Passive HA configuration. |
906551 | Fix wad high CPU caused by load policy per minute. |
735252 | Files matching the signature in IPS sensors are not blocked by FTP via a transparent policy. |
905439 | hatalk crashes when AP cluster has multicast head-beat interface. |
904652 | Inaccurate error message when AV engine blocks a file due to decompressed oversize. |
794255 908820 |
Sort the prio_array of internet service ids by their app id. |
902184 | FTP-authenticated user sessions never expire after the session is closed even when proxy-auth-timeout is set. |
901598 903300 |
iptable bypasses ICMP traffic when http-transaction log is enabled. |
913971 |
Deny traffic is not available in Correlation Log. |
914205 | wad_shaping_policy_new crashes in wad_mem_c_malloc when sz_dst_intf is 0. |
906148 | Intermittent ICAP server error. |
908778 | Remote ICAP server with "Health Check" enabled has inaccurate status with "ICAP Disconnected" messages in the browser. |
912068 | Unexpected messages are displayed in console. |
903967 |
Cannot enable "Protecting SSL Server" as the "server-cert" field is missing in the "SSL/SSH Inspection" page. |
860072 | Unable to use FortiToken with FortiProxy devices. |
853466 | Traffic should not be redirected to WAD if the host of the proxy address or address group does not match the one defined in the policy. |
911513 | URL list as dstaddr does not work in firewall policy. |
909409 | Disallow setting wildcard FQDN in srcaddr for any address or address group. |
914448 | Network issues after upgrading to 7.0.10. |
861899 | FortiView Application Bandwidth widget shows nothing. |
914628 | syslogd signal 11 crashes once when vpn scripts are running. |
918744 | snmpd crashes in fpx_list_sessions. |
915815 | WAD crash signal 11 every hour. |
889386 | Fix of config delta failiure when schedule is applied to policy. Also improve firewall address or proxy address config change learning performance by adding firewall address hash. |
905188 | CPU usage is high with wad when you create, edit, or modify the user local and user group. |
919919 | Crash when wad_http_req_url_routing calls wad_lb_info_get_server. |
919257 | Crash due to wrongly configured ztna-ems-tag in webproxy policy. |
919212 | WAD crashes and WAD process enters Conserve mode while still using memory. |
894008 | EMS Cloud Fabric Connector is not working. |
906640 | Debug deamon crash due to hold or put. |
918733 | WAD fails to process traffic from file filter protocols if only file-filter is enabled. |
921078 | Delete "mode" option from the system.console command as the option is not used. |
916140 | Fix memory leak in wad_url_filter_req_alloc. |
918478 | "DRBG generate failed" error when more than 32 random bytes of data is requested. |
920161 | HTTP request gets passed when matching a deny policy with pass-through enabled. |
834299 | SSH command filter no longer works after prompt change. |
920105 | "diagnose firewall fqdn list" command does not list any FQDNs. |
910115 | NTLM authentication times out for no reason. |
908476 | Remove some unsupported features that generate wasted syscalls. |
922576 |
When VIP is configured in firewall policy, WAD keeps crashing. |
907762 |
Improve efficiency to get IP from IP pool for source NAT. |
901432 |
WAD crash while using Form Auth. |
917824 |
Large Kerberos keytabs cannot be saved from the CLI. |
920675 |
Single-user authorization fails when "ldap-user-cache" is disabled. |
923251 |
WAD crash signal 6 continuously occurs after the upgrade from 7.0.8 to 7.0.10. |
904890 |
Frequent WAD crashes with "wad_repl_msg_get " method. |
923315 |
Format string bug in httpsd and CLI. |
922681 |
In HA Config-Sync, the primary device has a delayed upgrade after the secondary device is upgraded successfully. |
893074 |
With SSL full inspection, "HTTP 200 OK" requests that include illegal characters are blocked. |
Common vulnerabilities and exposures
FortiProxy 7.0.11 is no longer vulnerable to the following CVE reference. Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE reference |
---|---|
920329 |