Fortinet black logo

Release Notes

Home FortiProxy 7.2.10 Release Notes
7.2.10
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0

Resolved issues

Resolved issues

The following issues have been fixed in FortiProxy 7.2.10. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID

Description
1012827 Admin login fails after the admin is renamed.
1011483 SNMP queries time out due to denial on dedicated management interface.
1010357, 1010843 Web proxy policy default action and global web proxy profile assignment issue.
1002945 When auth request is closing, calling wad_hauth_req_auth_notify triggers the close of auth request again.
1005976 Misleading message in "Fabric Upgrade" window.

1008255

When you edit a rule with "Domain Threat Feed" as dstaddr, it changes to dstaddr6 and traffic does not match.

1009948

FortiView Traffic Shaping console is not available in GUI.
1003811, 1008263 IP threat feed takes too long to load and external resource cannot load.

992247

HA connection from secondary FortiProxy to FortiAnalyzer goes through the virtual IP instead of the dedicated management interface.

1006692

Out-of-bounds access in diag_iotop.c.
996185 In certain hypervisor environments, the disk order may change which causes the FortiProxy to reformat disks when it shouldn't.
1004752 When using "IP Address Threat Feed" for source and destination, the traffic is not matched by the rule.
1004346 When FortiManager access is disabled, FortiProxy can still be accessed from FortiManager on TCP port 541.
1005957

Issues with traffic shaping CLI:

  • Unable to change a guaranteed bandwidth that is greater than 50.

  • Irrelevant NPU warning when enabling shaping on a VLAN interface.
998840 ICAP server crash when geting to eicar file.
1000338 Traffic shaping does not take effect on FTP data channels. A large file download via FTP can clog the entire bandwidth even with traffic shaping enabled.
1000127 Web pages are not loaded when web cache is enabled under policy.
993166 When managed by FortiManager, HA-mode FortiPoxy triggers an auto update every 30 minutes.
993506 Remove CLI for in band HA management, which is not supported by FortiProxy.
999050 Certificate tab keeps loading the certificate is selected.
986713 After configuration restore, the device changes to system maintenance mode and becomes inaccessible.

1017888

Forward server memory issues.

1014477

File uploads on webmail applications fail when antivirus, app control, or IPS is enabled on the explicit proxy policy.
1016947, 1017840

Log http-transaction "resplength" field value always shows zero.
1008676 Weak authentication in security fabric.
1013981, 1015407 Restoring a configuration backup with deny policies that have "set profile-type group" without the "profile-group" attributes will result in those policies being deleted.
1003937 Change "Data Leak Prevention" to "Data Loss Prevention" in GUI.
1015482 No member size check for proxy address groups.
1015808 DNS log does not show resolved address, response code, and correct policy ID.
1012965 Deep-inspection and webfilter are not working if profile-protocol-options has additional ports for HTTP, like 443.

1020278

Repeated WAD CSVC process crashes.

1013274

FortiProxy IPv6 table list missing IP rules in some VDOMs when multiple VDOMs are configured.

1021833

WAD policy and address build fails when a member in the address group does not exist.

1021318

Kerberos authentication gets stuck when "ldap-user-cache" is enabled.

1006108

Sites cannot open correctly during the first try when web cache for HTTPS traffic is enabled.

1019308

HTTP NTLM authentication requests are redirected to captive portal.

1020828

HTTP2 stream is not closed after transaction is complete.

1008688

When a new user is added under User & Authentication or User Definition, authenticated users are logged out.

1017091

"Web Proxy Forwarding Server" option is not available when you create or edit an FTP policy in GUI.

1017098

"Protocol" option is not available when you create or edit a forwarding server in GUI.

1003481, 1021292

WAD has signal 11 crash at wad_http_msg_strm_resume on corporate firewall.

1011970 , 1017054

"Failed to generate firewall rules" logs due to invalid address members configured in a policy.

1019752

Connection to the FTPS server fails.

1025444

100% usage of CUP 0 is consumed by WAD.

1025697

newcli crash on "diag wad filter process-id-by-src" command.

949464, 982553

WAD memory leak causing the FortiProxy to enter conserve mode randomly.

1025600

Transparent policy allows other source IP addresses that are not defined as the source and ISDB destination.

1021196

SAML authorization does not use user-info when ldap-user-cache is enabled.

913703

WAD enters D state.

1023713

TLS decode error when generating traffic with eicar.txt by SMTP.

1024965

SSH Policy Redirect toggle on GUI does not work as expected.

1023563

GUI issue.

1024424

System > Settings page does not load correctly.

FortiNBI

The following issues have been fixed in FortiNBI. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID Description
984527, 989676,993669, 996542, 996544 FortiNBI bug fixes.
N/A Ensure only one user app instance per user by terminating other FNBI user apps on startup
N/A

Missing directory causes crash in user application.
N/A

Broken MSFT links for their runtime installers.
N/A

Certain GUI runtimes installations are not skip when they have already been installed.

N/A

Log collection fails if the isolator is not installed.

N/A

Instability issues caused by isolator state tracking.

N/A

Isolator download timeout is too long.

N/A

Service state are not accurate in edge scenarios during restart.

N/A

GUI is unavailable due to a broken link to Windows App SDK.

N/A

No timeout when task fails to start repeatedly.
Previous
Next

Resolved issues

The following issues have been fixed in FortiProxy 7.2.10. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID

Description
1012827 Admin login fails after the admin is renamed.
1011483 SNMP queries time out due to denial on dedicated management interface.
1010357, 1010843 Web proxy policy default action and global web proxy profile assignment issue.
1002945 When auth request is closing, calling wad_hauth_req_auth_notify triggers the close of auth request again.
1005976 Misleading message in "Fabric Upgrade" window.

1008255

When you edit a rule with "Domain Threat Feed" as dstaddr, it changes to dstaddr6 and traffic does not match.

1009948

FortiView Traffic Shaping console is not available in GUI.
1003811, 1008263 IP threat feed takes too long to load and external resource cannot load.

992247

HA connection from secondary FortiProxy to FortiAnalyzer goes through the virtual IP instead of the dedicated management interface.

1006692

Out-of-bounds access in diag_iotop.c.
996185 In certain hypervisor environments, the disk order may change which causes the FortiProxy to reformat disks when it shouldn't.
1004752 When using "IP Address Threat Feed" for source and destination, the traffic is not matched by the rule.
1004346 When FortiManager access is disabled, FortiProxy can still be accessed from FortiManager on TCP port 541.
1005957

Issues with traffic shaping CLI:

  • Unable to change a guaranteed bandwidth that is greater than 50.

  • Irrelevant NPU warning when enabling shaping on a VLAN interface.
998840 ICAP server crash when geting to eicar file.
1000338 Traffic shaping does not take effect on FTP data channels. A large file download via FTP can clog the entire bandwidth even with traffic shaping enabled.
1000127 Web pages are not loaded when web cache is enabled under policy.
993166 When managed by FortiManager, HA-mode FortiPoxy triggers an auto update every 30 minutes.
993506 Remove CLI for in band HA management, which is not supported by FortiProxy.
999050 Certificate tab keeps loading the certificate is selected.
986713 After configuration restore, the device changes to system maintenance mode and becomes inaccessible.

1017888

Forward server memory issues.

1014477

File uploads on webmail applications fail when antivirus, app control, or IPS is enabled on the explicit proxy policy.
1016947, 1017840

Log http-transaction "resplength" field value always shows zero.
1008676 Weak authentication in security fabric.
1013981, 1015407 Restoring a configuration backup with deny policies that have "set profile-type group" without the "profile-group" attributes will result in those policies being deleted.
1003937 Change "Data Leak Prevention" to "Data Loss Prevention" in GUI.
1015482 No member size check for proxy address groups.
1015808 DNS log does not show resolved address, response code, and correct policy ID.
1012965 Deep-inspection and webfilter are not working if profile-protocol-options has additional ports for HTTP, like 443.

1020278

Repeated WAD CSVC process crashes.

1013274

FortiProxy IPv6 table list missing IP rules in some VDOMs when multiple VDOMs are configured.

1021833

WAD policy and address build fails when a member in the address group does not exist.

1021318

Kerberos authentication gets stuck when "ldap-user-cache" is enabled.

1006108

Sites cannot open correctly during the first try when web cache for HTTPS traffic is enabled.

1019308

HTTP NTLM authentication requests are redirected to captive portal.

1020828

HTTP2 stream is not closed after transaction is complete.

1008688

When a new user is added under User & Authentication or User Definition, authenticated users are logged out.

1017091

"Web Proxy Forwarding Server" option is not available when you create or edit an FTP policy in GUI.

1017098

"Protocol" option is not available when you create or edit a forwarding server in GUI.

1003481, 1021292

WAD has signal 11 crash at wad_http_msg_strm_resume on corporate firewall.

1011970 , 1017054

"Failed to generate firewall rules" logs due to invalid address members configured in a policy.

1019752

Connection to the FTPS server fails.

1025444

100% usage of CUP 0 is consumed by WAD.

1025697

newcli crash on "diag wad filter process-id-by-src" command.

949464, 982553

WAD memory leak causing the FortiProxy to enter conserve mode randomly.

1025600

Transparent policy allows other source IP addresses that are not defined as the source and ISDB destination.

1021196

SAML authorization does not use user-info when ldap-user-cache is enabled.

913703

WAD enters D state.

1023713

TLS decode error when generating traffic with eicar.txt by SMTP.

1024965

SSH Policy Redirect toggle on GUI does not work as expected.

1023563

GUI issue.

1024424

System > Settings page does not load correctly.

FortiNBI

The following issues have been fixed in FortiNBI. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID Description
984527, 989676,993669, 996542, 996544 FortiNBI bug fixes.
N/A Ensure only one user app instance per user by terminating other FNBI user apps on startup
N/A

Missing directory causes crash in user application.
N/A

Broken MSFT links for their runtime installers.
N/A

Certain GUI runtimes installations are not skip when they have already been installed.

N/A

Log collection fails if the isolator is not installed.

N/A

Instability issues caused by isolator state tracking.

N/A

Isolator download timeout is too long.

N/A

Service state are not accurate in edge scenarios during restart.

N/A

GUI is unavailable due to a broken link to Windows App SDK.

N/A

No timeout when task fails to start repeatedly.
Previous
Next