Fortinet black logo

Release Notes

Home FortiProxy 7.0.11 Release Notes
7.0.11
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0

Resolved issues

Resolved issues

The following issues have been fixed in FortiProxy 7.0.11. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID Description

838884, 872405, 873471, 891898, 903840

Forward server status is not updated on long TCP session and https traffic.
905030 Shaping policy does not support diffserv-forward and diffserv-reverse.
905027 Wildcard FQDN cannot be selected as dst-addr in central-snat-map while addrgrp with wildcard FQDN can be selected.
882867 Proxy policy match resolve IP to multiple internet-service app_id.
904696 Missing explicit check to see if filesize and scan-oversize-limit exists for ICAP oversize events.
902997 "ipset destroy" does not work as intended.

865784

865828

 Some options of internet-service and internet-service6 do not function correctly.
903187 Improve the help text of the 'explicit-ftp-tls' option under "config firewall profile-protocol-options".
901550 Daemon 'radiusd' crashes on ha config-sync primary when mode changes from config-sync to standalone.
902087 ICAP scan-oiversize-log does not record event when file size is known ahead of scanning and bypassed.
870099 LDAP cache was not updated properly after the user group changed in Active Directory server.
901472 Email filter profile gets lost during the upgrade from FortiProxy v2 to v7.

906586, 907738, 908012, 910373, 911413, 921492, 922847, 810112, 890307, 912749, 915426, 918527, 923468

 Fix some GUI issues.
908382 GUI access to the FortiProxy should work when transparent mode is used with the Active-Passive HA configuration.
906551 Fix wad high CPU caused by load policy per minute.
735252 Files matching the signature in IPS sensors are not blocked by FTP via a transparent policy.
905439 hatalk crashes when AP cluster has multicast head-beat interface.
904652 Inaccurate error message when AV engine blocks a file due to decompressed oversize.

794255

908820

 Sort the prio_array of internet service ids by their app id.
902184 FTP-authenticated user sessions never expire after the session is closed even when proxy-auth-timeout is set.

901598

903300

 iptable bypasses ICMP traffic when http-transaction log is enabled.

913971

 Deny traffic is not available in Correlation Log.
914205 wad_shaping_policy_new crashes in wad_mem_c_malloc when sz_dst_intf is 0.
906148 Intermittent ICAP server error.
908778 Remote ICAP server with "Health Check" enabled has inaccurate status with "ICAP Disconnected" messages in the browser.
912068 Unexpected messages are displayed in console.

903967

 Cannot enable "Protecting SSL Server" as the "server-cert" field is missing in the "SSL/SSH Inspection" page.
860072 Unable to use FortiToken with FortiProxy devices.
853466 Traffic should not be redirected to WAD if the host of the proxy address or address group does not match the one defined in the policy.
911513 URL list as dstaddr does not work in firewall policy.
909409 Disallow setting wildcard FQDN in srcaddr for any address or address group.
914448 Network issues after upgrading to 7.0.10.
861899 FortiView Application Bandwidth widget shows nothing.
914628 syslogd signal 11 crashes once when vpn scripts are running.
918744 snmpd crashes in fpx_list_sessions.
915815 WAD crash signal 11 every hour.
889386 Fix of config delta failiure when schedule is applied to policy. Also improve firewall address or proxy address config change learning performance by adding firewall address hash.
905188 CPU usage is high with wad when you create, edit, or modify the user local and user group.
919919 Crash when wad_http_req_url_routing calls wad_lb_info_get_server.
919257 Crash due to wrongly configured ztna-ems-tag in webproxy policy.
919212 WAD crashes and WAD process enters Conserve mode while still using memory.
894008 EMS Cloud Fabric Connector is not working.
906640 Debug deamon crash due to hold or put.
918733 WAD fails to process traffic from file filter protocols if only file-filter is enabled.
921078 Delete "mode" option from the system.console command as the option is not used.
916140 Fix memory leak in wad_url_filter_req_alloc.
918478 "DRBG generate failed" error when more than 32 random bytes of data is requested.
920161 HTTP request gets passed when matching a deny policy with pass-through enabled.
834299 SSH command filter no longer works after prompt change.
920105 "diagnose firewall fqdn list" command does not list any FQDNs.
910115 NTLM authentication times out for no reason.
908476 Remove some unsupported features that generate wasted syscalls.

922576

When VIP is configured in firewall policy, WAD keeps crashing.

907762

Improve efficiency to get IP from IP pool for source NAT.

901432

WAD crash while using Form Auth.

917824

Large Kerberos keytabs cannot be saved from the CLI.

920675

Single-user authorization fails when "ldap-user-cache" is disabled.

923251

WAD crash signal 6 continuously occurs after the upgrade from 7.0.8 to 7.0.10.

904890

Frequent WAD crashes with "wad_repl_msg_get " method.

923315

Format string bug in httpsd and CLI.

922681

In HA Config-Sync, the primary device has a delayed upgrade after the secondary device is upgraded successfully.

893074

With SSL full inspection, "HTTP 200 OK" requests that include illegal characters are blocked.

Common vulnerabilities and exposures

FortiProxy 7.0.11 is no longer vulnerable to the following CVE reference. Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE reference

920329

CVE-2023-29183

Previous
Next

Resolved issues

The following issues have been fixed in FortiProxy 7.0.11. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID Description

838884, 872405, 873471, 891898, 903840

Forward server status is not updated on long TCP session and https traffic.
905030 Shaping policy does not support diffserv-forward and diffserv-reverse.
905027 Wildcard FQDN cannot be selected as dst-addr in central-snat-map while addrgrp with wildcard FQDN can be selected.
882867 Proxy policy match resolve IP to multiple internet-service app_id.
904696 Missing explicit check to see if filesize and scan-oversize-limit exists for ICAP oversize events.
902997 "ipset destroy" does not work as intended.

865784

865828

 Some options of internet-service and internet-service6 do not function correctly.
903187 Improve the help text of the 'explicit-ftp-tls' option under "config firewall profile-protocol-options".
901550 Daemon 'radiusd' crashes on ha config-sync primary when mode changes from config-sync to standalone.
902087 ICAP scan-oiversize-log does not record event when file size is known ahead of scanning and bypassed.
870099 LDAP cache was not updated properly after the user group changed in Active Directory server.
901472 Email filter profile gets lost during the upgrade from FortiProxy v2 to v7.

906586, 907738, 908012, 910373, 911413, 921492, 922847, 810112, 890307, 912749, 915426, 918527, 923468

 Fix some GUI issues.
908382 GUI access to the FortiProxy should work when transparent mode is used with the Active-Passive HA configuration.
906551 Fix wad high CPU caused by load policy per minute.
735252 Files matching the signature in IPS sensors are not blocked by FTP via a transparent policy.
905439 hatalk crashes when AP cluster has multicast head-beat interface.
904652 Inaccurate error message when AV engine blocks a file due to decompressed oversize.

794255

908820

 Sort the prio_array of internet service ids by their app id.
902184 FTP-authenticated user sessions never expire after the session is closed even when proxy-auth-timeout is set.

901598

903300

 iptable bypasses ICMP traffic when http-transaction log is enabled.

913971

 Deny traffic is not available in Correlation Log.
914205 wad_shaping_policy_new crashes in wad_mem_c_malloc when sz_dst_intf is 0.
906148 Intermittent ICAP server error.
908778 Remote ICAP server with "Health Check" enabled has inaccurate status with "ICAP Disconnected" messages in the browser.
912068 Unexpected messages are displayed in console.

903967

 Cannot enable "Protecting SSL Server" as the "server-cert" field is missing in the "SSL/SSH Inspection" page.
860072 Unable to use FortiToken with FortiProxy devices.
853466 Traffic should not be redirected to WAD if the host of the proxy address or address group does not match the one defined in the policy.
911513 URL list as dstaddr does not work in firewall policy.
909409 Disallow setting wildcard FQDN in srcaddr for any address or address group.
914448 Network issues after upgrading to 7.0.10.
861899 FortiView Application Bandwidth widget shows nothing.
914628 syslogd signal 11 crashes once when vpn scripts are running.
918744 snmpd crashes in fpx_list_sessions.
915815 WAD crash signal 11 every hour.
889386 Fix of config delta failiure when schedule is applied to policy. Also improve firewall address or proxy address config change learning performance by adding firewall address hash.
905188 CPU usage is high with wad when you create, edit, or modify the user local and user group.
919919 Crash when wad_http_req_url_routing calls wad_lb_info_get_server.
919257 Crash due to wrongly configured ztna-ems-tag in webproxy policy.
919212 WAD crashes and WAD process enters Conserve mode while still using memory.
894008 EMS Cloud Fabric Connector is not working.
906640 Debug deamon crash due to hold or put.
918733 WAD fails to process traffic from file filter protocols if only file-filter is enabled.
921078 Delete "mode" option from the system.console command as the option is not used.
916140 Fix memory leak in wad_url_filter_req_alloc.
918478 "DRBG generate failed" error when more than 32 random bytes of data is requested.
920161 HTTP request gets passed when matching a deny policy with pass-through enabled.
834299 SSH command filter no longer works after prompt change.
920105 "diagnose firewall fqdn list" command does not list any FQDNs.
910115 NTLM authentication times out for no reason.
908476 Remove some unsupported features that generate wasted syscalls.

922576

When VIP is configured in firewall policy, WAD keeps crashing.

907762

Improve efficiency to get IP from IP pool for source NAT.

901432

WAD crash while using Form Auth.

917824

Large Kerberos keytabs cannot be saved from the CLI.

920675

Single-user authorization fails when "ldap-user-cache" is disabled.

923251

WAD crash signal 6 continuously occurs after the upgrade from 7.0.8 to 7.0.10.

904890

Frequent WAD crashes with "wad_repl_msg_get " method.

923315

Format string bug in httpsd and CLI.

922681

In HA Config-Sync, the primary device has a delayed upgrade after the secondary device is upgraded successfully.

893074

With SSL full inspection, "HTTP 200 OK" requests that include illegal characters are blocked.

Common vulnerabilities and exposures

FortiProxy 7.0.11 is no longer vulnerable to the following CVE reference. Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE reference

920329

CVE-2023-29183

Previous
Next