Resolved issues
The following issues have been fixed in FortiProxy 7.0.4. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID | Description |
---|---|
754289 | The WAN-optimization daemon (WAD) crashes with signal 11 when running the autotest group. |
764817 | You cannot import the Kerberos keytab file unless it has been encoded with base64. |
768980 | The set host-regex command is not working correctly. |
770178 | When a proxy address is used as the destination in a policy, unrelated traffic matches the policy. |
773614 | An error message is returned when trying to delete a new admin user in the CLI. |
777370 | When fast-match is disabled, the HTTPS request fails to match the source proxy address in the policy. |
777718 | The WAD should use the port in the TCP header to match the service field. |
778766 | The web proxy does not forward the HTTP request to the forwarding server when FQDN is used to configure the web-proxy forward-server. |
782085 | Session-based authentication does not redirect the request to the captive portal. |
783072 | The WAD does not perform a health check for the web-proxy forwarding server. |
783145 | The Cyrillic alphabet is not displayed correctly in the logs. |
783201 | Web caching is using too much memory. |
783811 | The web proxy does not forward requests to the forwarding server when FQDN is used as the address of the forwarding server for web proxy. |
783837 |
After upgrading FortiProxy from an HA cluster, the primary FortiProxy license status changes to “Warning.” |
783946 | When the source is a ClearPass dynamic object, the explicit proxy policy does not deny the request. |
784337 | The Open Virtualization Format (OVF) file contains fortios.vmdk instead of fortiproxy.vmdk. |
784797 |
SSH-over-HTTP traffic is redirected to the SSH policy, even when |
784891 | When editing a firewall policy in the GUI, the “Proxy Options,” “Disclaimer Options,” and “Security Profiles” sections are missing when the type is set to ssh, ssh-tunnel, wanopt, or ftp. |
784974 | Computer names are being used for authenticated users, instead of the user names. |
785058 |
The default setting for |
785232 |
The SSL-VPN daemon crashes during a quick HTTP connection from the VPN portal. |
785247 | When explicit FTP is being used, unknown commands should return a 530 message. |
785342 | When a proxy request is send using the SOCKS4A protocol, the request fails. |
785743 | Web application firewall (WAF) profiles block access to hosted websites, instead of illegal HTTP versions. |
786194 | The Category Usage Quota area is missing from the FortiProxy GUI. |
787027 | The Content Disarm options of the antivirus profile are not displayed correctly in the GUI. |
787496 |
There is a WAD memory leak. |
788697 | After upgrading to FortiProxy 2.0.8, when the type of destination address is set to URL category, the URL is blocked. Workaround: Use an allow policy in front of the blocking policy. |
788698 | After upgrading to 7.0.3, the logout page cannot be accessed after logging in with form-based authentication. |
789150 | The Duration field of the HTTP Transaction log shows seconds, instead of milliseconds. |
789520 | When a policy has the action set to isolate and the service set to http-connect , websites are not being properly isolated. |
789600 | When a firewall policy has the proxy-address type set to URL Category, the policy does not correctly block the specified categories. |
789960 | The user cannot create a three-node Config-Sync cluster. |
789982 | If the URL category is used in the firewall policy, websites are not being properly blocked. |
791235 | Exempting traffic from SSL inspection in the SSL/SSH inspection profile does not work. |
791668 | The shaping profile is not being used by the shaping policy. |
792579 |
Implicit Deny Policy logs and HTTP transaction logs are not working. |
793251 | IPv6 address group objects cannot be added to the policies. |
793687 | The set ip-src-port-range command is not working. |
794537 | The default value for set tcp-window-type (under config firewall profile-protocol-options ) should be auto-tuning . |
794753 | After upgrading from 7.0.1 to 7.0.3, a proxy user who was authenticated by LDAP cannot access the basic authentication web page. |
795159 | Traffic is triggering the wrong policy when the source is a proxy-address type header. |
795621 | When the antivirus profile is using deep inspection, some website uploads are denied. |
795970 | When the ICAP profile is configured, web pages cannot be fully displayed. |
796152 | When the transparent proxy is received, there is a WAD memory leak. |
796489 |
The Digest Algorithm options are missing in the FortiProxy GUI. |
796574 |
The authentication scheme for the SAML method cannot be saved in the GUI. |
796664 | Domain-fronting should be disabled on HTTP2 traffic. |
797609 |
When the IPv6 default route is configured, the gateway route is not installed. |
798027 |
Multiple WAD worker crashes cause the “Access Denied - The Maximum web proxy user limit has been reached.” error to be reported. |
798054 |
When using deep SSL inspection, a web page produces an error but loads eventually. |
798745 |
The original HTTP request should be forwarded to the web server. |
799171 |
The WAD crashes when the configuration is being changed in a transparent firewall policy. |
799214 |
The HTTPS request is not being forwarded to the forwarding server. |
799278 |
The |
799847 |
Sometimes the Internet cannot be accessed when transparent mode, the Internet Service Database, and user authentication are being used together. |
800243 |
The management interface should only listen for ports listed in the |
Common vulnerabilities and exposures
FortiProxy 7.0.4 is no longer vulnerable to the following CVEs:
-
CWE-79
-
CWE-120
-
CWE-124
-
CWE-269
Visit https://fortiguard.com/psirt for more information.