FPX bypassed FTP MODE command when protocol option configuration was set to block.

Route entry removal when system.ha.unicast-gateway updates.

The LDAP search filter is lost after upgrading from FortiProxy 2.x to 7.0.

Disable Default Firewall Policy Action for Explicit Proxy on ZTNA rules.

OVF files contain FortiGate-VM references.

Make ZTNA deny traffic log supplies the specific reason (specific tag name, certificate wrong) when a deny happens.

Some fields, such as UTM features, should be hidden according to the policy type, and the file-filter-profile field is missing.

WAD crash when updating traffic statistic counters.

Issues related to the dedicated-to option.

Missing ICAP request for CONNECT.

DLP blocks an email with multiple attachments via MAPI, but the log does not show all the blocked files.

TAINTED_SCALAR found in WanOpt_Explicit_Proxy

Access issue with Application Control or IPS.

ha-mgmt interface binding issue.

Super_admin is not prompted to select between RO and RW access.

WAD process crashes at wad_async_queue_time_out.

When to-pol with authentication (group/user) is set to action isolate, the request fails to redirected to WAD and fails to match the given policy in the kernel.

GUI issues.

When the auth_type is not defined inside URL, "GETURL("auth_type")" is the NULL pointer. atoi(NULL) causes a SEGFAULT making the sslvpnd crash.

Add multiple HTTP request headers and extract .tar.gz file for external resource.

Normal ICAP suddenly becomes abnormal, instantly disconnecting all users. If the ICAP remote server is abnormal, the service connected through FortiProxy will be abnormal.

FSSO traffic log has group information but no user information.

When health check is enabled for a remote ICAP server and then IP address of the remote ICAP server is changed, FortiProxy still does the health check for the old IP address.

When an HTTPS connection policy match fails, it offers an implicit deny or allow policy that does not have a sec_profile, so ssl_opts is set to NULL. In certain cases this can result in a crash.

Remove cifs-profile from firewall.policy.

Fix certificate HA synchronization related issues.

The AV UTM log does not cache the correct information when FPX blocks uncompressed oversize file.

When multiple category proxy-address configured in one policy, the URL matches only one destination address category.

When converting explicit web HTTP session to captive portal session, original HTTP session not destroyed, and a new HTTP session is created after handshake.

Fast match flag is changed from enable to disable after changing settings of profile-protocol-options.

Custom upgrade code to handle the loss of local certificate data during upgrade

ICAP respmod-forward-rules should AND header-group entries, not OR.

SSL traffic occasionally fails.

NTLM agentless authentication fails due to user-restriction after FSSO service down.

FPX as explicit web proxy did not block file transfer via ftp-over-http that had the same hash value from ems-threat-feed.

Avoid syncing outgoing-ip in webproxy.global.

Proxy-address with host-regex match does not match all IP host URLs.

execute ha manage does not work for unicast HA in a FortiProxy cluster when a trusted host is configured.

Proxy certificate error when no policy matched.

When HTTP server returns a response header without second CRLF then closes the connection, WAD cannot flush the received data to client.

WAD could not parse the krb-keytab with new encryption method.

Explicit proxy policy disclaimer page redirecting to incorrect URL.

Allow content-encoding: UTF-8 passthrough.

Prevent HA syncing of gui-dashboard and ems-tag.

When doing prefetching, the default 'no inspection' profile is used. In SSL URL filter, a request is exempted when the exempt check is not set.

Prefetch URLsreport crawl for http://www.<whatever>.com failed.

FPX misses local-in rules for NTP server mode.

Traffic shapers applied to the interface are not working as expected.

Web cache issues.

SSL exempt check condition for non-transparent policies.

Fix WAD leak on IPS session objects.

Remove unused HA session sync (session-pickup) commands.

When learn-client-ip is enabled, a policy can control based on the IP, but logs do not reflect this.

In transparent mode, srcaddr-negate, dstaddr-negate, and service-negate are available.

Fail to access HTTPS virtual server after the flow control in SSL port improved.

Eventtype infected instead of ems-threat-feed logged when cached ems-threat-feed scan result used in FTP download.

WAD memory leak after enabling ICAP respmod-forward-rules profile.

TP policy displays explicit proxy service list, and vice-versa.

Communication between rlogd and miglogd uses a non-standard Netlink protocol.

Masquerade configuration is ignored when L7 address is used in transparent proxy.

WAD crash on wad_ssl_cert_check_auth_status().

Upgrade code for respmod-forward-rules header-groups change added.

Uninitialized ses_ctx usr_addr.

Source interface in SNAT entry list is empty when it is set to any.

IP tables might not be installed properly when the SNAT table contains an FQDN with a wildcard *.

allow-invalid-server-cert command available under SSL SSH profile .

When trying to prefetch the same URL twice, the first try succeeds with status code = 0, but the second try fails with status code = 4.

WAD crash when web-proxy.forward-server-group does not have server-list configured.

When the global web-proxy configuration is changed, the explicit-outgoing-ip is not learned, and the daemon continues to use the old outgoing-ip address.