Webfilter cannot communicate with FortiGuard through proxy.

FortiProxy bypassed FTP MODE command when protocol option configuration was set to block.

ICAP error messages use the correct replacement messages rather than the existing, hard-coded 502 response.

Fix GUI issues.

Ensure route entry removal whenever system.ha.unicast-gateway updates.

Speed up policy learning by using a delta config.

Change name from FortiAI to FortiNDR.

Implicitly enforce deepscan when HTTP CONNECT request or TLS SNI partially matches to a policy.

Fixed overflow when adding VDOM.

Improve url-rating by FortiGuard URL rating raw-flag, fix isolate does not work.

Port bug fix from FOS: wad forward-server monitor doesn't work.

WAD crash at wad_http_fwd_msg_body.

Add upgrade code to handle lost LDAP search filter option value.

Disable default firewall policy action for explicit proxy on ZTNA rules.

Memory usage tunning for webcache.

Primary FortiProxy license status is changing from "Valid" to "Warning" after a successfull upgrade under an HA cluster fix.

OVF contains wrong VMDK for HW15 and FortiGate-label fix.

OVF files contain FortiGate-VM references fix.

Fix SSH over HTTP policy matching issue and ICAP server failures.

Fix UTM features list is missing on policy page of type ssh/ssh-tunnel/wanopt/ftp.

Comment out unwanted references to SD-WAN.

Some fields (e.g. utm features) are not valid or missing according to the policy type fix.

Fix antivirus profile content disarm options are not rendered correctly.

Fix WAD memory leak on matching shaping policy.

Fix potential memory corruption in wad_stats.

Fix several issues related to dedicated-to option.

Update kernel to v5.10.109.

Fix missing ICAP request for CONNECT.

Fix ssl exempt check condition for nontp policy.

Traffic Shaping match fix

DLP block an email with multi attachments via MAPI, but the log cannot show all the blocked files.

Fix implicit deny policy logs and HTTP transaction logs not working.

Unable to add IPv6 address group objects to policies fix.

The source port range is not changed in kernel according to the CLI configuration fix.

Fix fast match generation update after config change.

Fix the issue authz header line is removed for HTTP basic authentication request.

Add traffic log.action as 'pending' for not full matched policy.

Fix data corruption on SSL traffic.

As long as the ICAP function is turned on, the website front will be abnormal.

Access issue with Application Control or IPS.

Fix key_share leak on HRR.

Fix domain-fronting conflict with HTTP2 connection coalescing.

Fix ha-mgmt interface binding.

IPv6 gateway route is not installed fix.

Fix super_admin is not prompted to select between RO and RW access.

Rollback multiple session-base users check under ip-base authenticate and rollback userquery logic at http-get-user.

Fix SSL layer data flow-control.

WAD process crashes at wad_async_queue_time_out.

Fix delayed CRLF 204 handling in ICAP.

Fix shaping policy match crash by pol_ctx double free.

Follow-up enforce deepscan when HTTP CONNECT: enforce fwdsvr, except host-cate not match.

Transparent mode "set dedicated-to management" not working as expected fix.

When to-pol with auth(group/user) is set to action isolate, request fails to be redirected to WAD.

Dedicated to management interfaces allow incoming connections on extra ports.

Access of NULL pointer in sslvpnd fix.

HTTPS request via tp-policy + fw server and authentication, crashes @__wad_http_policy_category_notify.

Add multiple HTTP request headers and extract .tar.gz file for external resource.

If the icap remote server is abnormal, the service connected through FortiProxy will be abnormal.

FSSO traffic log has group info but no user information. Add save guard when calling af->make().

ICAP - correct ICAP server max_conn and health check server IP leak issue.

Add sec_profile when matched implicit policy on HTTP traffic.

Fix certificate ha sync related issues.

FortiProxy blocks uncompressed oversize file, the AV UTM log does not cache the correct information.

Fix policy matching with multiple category type proxy-address.

WAD does not forward 302 HTTP redirect to end-client. WAD memory leak when convert explicit proxy to captive portal.

Custom upgrade code to handle the loss of local certificate data during upgrade.

ICAP "respmod-forward-rules" should AND "header-group" entries.

Fix SSL traffic occasionally fail.

Fix NTLM agentless authenticate fail due to user-restriction after FSSO service down.

FortiProxy as explicit web proxy did not block file transfer via ftp-over-http which has same hash value from ems-threat-feed.

Avoid Syncing Outgoing-ip in webproxy.global.

Fix proxy-address with host-regex match for IP URL.

Execute ha manage does not work in FortiProxy cluster when trusted host is configured fix.

Add License Sharing Information Widget on GUI.

Upgrade IA Engine to Version 8.

Fix proxy the certificate error when no policy matched.

Kerberos authentication failed when upgrade FortiProxy.

Fix disclaimer page is redirecting to incorrect URL.

Allow content-encoding: UTF-8 passthrough.

Local-ICAP Server Response does not contain Virus Response Header names and values, like X-Virus-ID or X-Infection-Found.

Prevent HA Syncing of gui-dashboard and ems-tag to fix ICAP local server sync issue.

Prefetch URLs report crawl for http://www.<whatever>.com failed (error: 255).

Adding local-in rules for NTD server.

Fixed several WebCache issues.

Fix SSL exempt check condition for non-transparent policy.

Fix WAD leak on IPS session objects.

With learn-client-ip enable policy able to control based on the learn-client-ip but logs not reflecting.

In transparent mode, implement srcaddr-negate, dstaddr-negate, and service-negate.

Failure to access HTTPS virtual server after the flow control in SSL port improved.

Event type of "infected" instead of "ems-threat-feed" logged when cached ems-threat-feed scan result used in FTP download.

Fix WAD memory leak after enable ICAP profile 'respmod-forward-rules'.

Change FortiGate reference to FortiProxy in "update-server-location" of "config sys fortiguard".

Fix TP Policy displaying explicit proxy service list and vice-versa.

Physical FortiProxy keeps killing usbmuxd.

Traffic forwarded to fw-server is always rebind with outgoing interface/ip despite of the masquerade configuration.

Fix WAD crash on wad_ssl_cert_check_auth_status().

Fix uninitialized ses_ctx usr_addr.

The inactivity timer is 30 minutes, and renewed any time it is given out by the pool for ICAP traffic, or when any traffic flows through the connection in either direction.

Fix an issue where dst-addr iptables rules are incorrect.

Second try to a URL using prefetch failed.

Fix WAD crash when web-proxy.forward-server-group does not have server-list.

Change default source port range to 1024-65001.

Explicit-outgoing-ip is not learned when config changes fix.

Client got 304 response if a cached object with vary headers and got expired.

Fix traffic shaping on VLAN interface.

Fetch IPsec tunnel status from strongSwan and display it in the GUI.

ICAP bypassing yields to web traffic corrupted upon ICAP_server failure to response.

Add support for ACI dynamic address in WAD.

WAD user_info process memory leak.

Too many redirections error with session based authenthication and web-auth-cookie.

WAD crashed at wad_http_req_finished with signal 11.

Agent-based NTLM authentication resulted in blank user entry and allowed traffic.

Add missing file.

Fix WAD firewall schedule config change does not take effect.

Fix empty FortiView monitor pages.

WAD can crash when building a proxy policy if an address group has no member.

Corrupted forward-server caused WAD crash.

Filter wad log messages by process type or process ID.

Crash when trying to access uninitialized array member.

WAD crash due to long line reponse from server and SSH filter vulnerability.

CID bug FORWARD_NULL in user info inventory.

Configuring SNMP wiped kernel SNAT settings.

Fix traffic shaping on newly configured VLAN interface.

Embed base64 string images instead of URLs for WAD blocking page.

Add kernel flow messages to help with kernel debugging.

Website will not reply if Connection uses the wrong letter case

ICAP infection headers could not show the correct file name.

The mac address type removed from firewall addresses, as it is not supported.

HTTP/HTTPS requests that match a policy with an L7 address are not forward to the isolate server.

DNS queries fail with dnsfilter applied.

cloudinitd crash when deploying FortiProxy on AWS.

Bypass interface kernel driver reset after rebooting.

Fix HA sequential upgrade.

WAD crashes on attaching history traffic stats to NULL tcp_port from session.

Rare case in HA configuration caused kernel panic.

Fix SSLVPN connection issue.

Add bypass URLs to HTTP isolator check .

Fix VPN widgets in the GUI.

ZTNA access stuck when going through TCP-fwd towards HTTPS with a deep-inspection profile.

Fix kernel panic when form HA A/P mode.