Resolved issues
The following issues have been fixed in FortiProxy 7.2.3. For inquiries about a particular bug, please contact Customer Service & Support.
|
Bug ID |
Description |
|---|---|
| 871559 | The command "exec bypass-mode enable/disable" is not functional. |
| 875832 | doh server crash when connecting to 443 port for GUI. |
|
746587 |
Wad process crashes several times during file download. |
| 756345 | In certain circumstances, such as after booting, vd->policy_conf_gen lags behind g_wad.policy_generation, causing a logic failure that leads to conflict with IANA protocol numbers. |
|
776260 |
MAPI HTTP messages do not come through when ICAP profile is enabled. |
|
779361 |
When AV profile has outbreak-prevention, FortiProxy reports an error while handling requests from FTP servers that require non-anonymous login. |
| 796510 | When all server in a forward server group goes down, traffic through the group is forwarded to the original destination directly even if down-option is set to `block`. |
|
811975 |
Multiple widgets do not have a data source when VDOMs are enabled. |
| 812888 | When a client sends an HTTP/1.0 request, FortiProxy's forwarded response is always HTTP/1.1. Furthermore, if the server's response has chunked encoding, then FPX does not remove chunked encoding before forwarding the response to the client. |
|
820383 |
IPv6 support for FNBI. |
| 822829 | FortiProxy does not have default policy for ftp. When a client tries to access an ftps server, ses_ctx->sec_profile is none in wad_ftp_on_auth_cmd(), which causes crash. |
| 825977 | Fix crash on avscan submission error due to double close. |
|
828194 |
SSLVPN stops passing traffic after some time. |
|
831069 |
Blank page displayed after login to back-end server in SSLVPN web mode. |
|
835636 |
No indicator for egress TCP port exhaustion. |
|
842517 |
Adding a local user to a group containing lot of users causes delay on GUI and CLI due to cmdbsvr (high CPU). |
|
843318 |
WAD worker may crash with signal 11 if the request header contains "Cache-Control: only-if-cached". |
|
844488 |
FNBI installation fails on Windows 10 VMs. |
| 851581 | Change FortiView shaper monitor to show real-time information. |
|
853060 |
Wad crash on wad_hmsg_strm_buffering_put. |
| 854115 | ssh-policy-check results in TP policy being ignored. |
| 855882 | Memory leaking issue due to a typo in the calloc API. |
|
857284 |
Unable to delete a VDOM from FortiProxy CLI. |
| 857368 | After upgrading to 7.0.8, WAD crash with signal 11 wad_hpack which is caused by a stack allocated buffer overflow. |
| 857632 | wad http2 hpack parsing error in an edge case. |
| 859013 | Debug daemon may get stuck and cause Web GUI to load slowly. |
| 860190 | A tp-policy without any ssh related UTM will fail to redirect to check ssh-policies. |
|
863317 |
Fix GUI issue about FortiSandbox on the AntiVirus profile configuration page. |
|
863855 |
Lack of certificate verification when establishing secure connections with fabric devices. |
|
865301 |
AliCloud failure to rebind public eip to the new primary FortiProxy after HA failover. |
| 867005 | Sending traffic to icap client using icap secure results in "502 Bad Gateway". |
|
867453 |
Enable IPv6 forwarding. |
|
867900 |
Router is not learnt when the VDOM is newly created. |
|
868250 |
No monitoring for disk access. Difficult to trace what causes frequent disk access. |
| 868666 | Improper use of snprintf to write into a buffer. |
| 868782 | Change the default value formula of config.system.global.conntrack to be memory-size-based. |
|
869105 |
A manual restart is needed to validate FNBI installer and iso image changes. |
| 869120 | Fix wad crashes when loading or updating policy configuration. |
| 869267 | config-sync cluster is not able to sync with NTP server using dedicated mgmt interfaces. |
|
869359 |
Azure Auto-scale HA shows certificate error in secondary. |
|
869453 |
Enable IPv6 forwarding. |
| 869578 | When solving eicar evasion problem, status code 1xx and 204/304 are handled together rather than separately. |
| 869700 | wad crash at wad_h2_proc_data when icap blocks the traffic. |
| 869923 | DNS filter not taking effect for DoT traffic. |
|
870099 |
LDAP cache was not updated properly after the user group changed in Active Directory server. |
|
870391 |
FortiProxy VDOM decrypted traffic mirror feature works only on root VDOM. |
| 870764 | In wad_ftp_tp_cancel, wad delete the session context lease after the session is closed |
|
870900 |
Cannot add FortiProxy to FortiManager during the first setup or after factory reset. |
| 871449 | WAD crashes on policy testing when test request destination is IP and port. |
| 872358 | The logout option does not work when "Keep-alive" authentication is enabled. |
|
872366 |
"Insert empty policy" in GUI copies some fields from the parent policy instead of inserting a blank policy. |
|
872368 |
Failed to save changes while adding a user as source in a policy using quick edit. |
| 872617 | SWG SSO shows "Firewall Authentication" failure on endpoint, which is caused by infinite redirects. |
|
872685 |
When adding user objects to source field in a policy, the user objects are not highlighted. |
| 872721 | HA role is not updated on Web UI status bar. |
|
872752 |
CSF config-sync management IP and port should not be synced. |
| 872931 | 'diag sys session list' fails to list all sessions. |
| 872950 | wad_scan module is closed in wad_scan_handle_scan_results, which causes a crash. |
|
873031 |
Web UI firmware upgrade option is not available. |
|
873138 |
Cannot configure HA secondary heartbeat interface. |
| 873369 | HA fails to sync on KVM multicast HA when interface is virtio. |
| 873458 | Add forward server status update in passive mode for transparent traffic. |
|
873475 |
Improvements to Security Fabric license sharing of user seats. |
|
873652 |
FNBI does not work for web dialogue. |
|
873656 |
Failed to validate the EMS certificate which is signed by third-party CA and installed into FortiProxy. |
| 873851 | When you create a new vdom, wad_ui_prefetch_vd_init and wad_ui_reverse_cache_server_vd_init are not called and the linked list is not initialized, which results in a crash while traversing the linked list. |
|
874178 |
Eicar fetch traffic still gets blocked by AV after AV profile is removed from profile group. |
|
874226 |
Fix policy session number overflow in GUI and diag command. |
| 874563 | Crash and compile error due to implementation or coding error. |
|
874711 |
Explicit Proxy Traffic only has Policy ID recorded without the policy name on Web UI. |
|
874989 |
Support multiple 'Server' headers to fix website login issues. |
|
875100 |
Unable to remove external-resource in a certain VDOM when external resource has no reference in that VDOM. |
|
875170 |
Cannot view more than 500 lines under Log & Report > Forward Traffic on FortiProxy-2000E. |
| 875175 | Requests from local non-domain LDAP users are denied by the explicit firewall policy. |
| 875485 | Log all socks traffic as https transaction and show domain name in "hostname" and "url" for FQDN requests. |
|
875708 |
Fix high CPU utilization when memory usage is high. |
|
876394 |
Unable to run FortiNBI client on Windows 10 with error "FortiNBI Couldn't communicate with isolator". |
|
876758 |
SSH key is added even if operation is aborted. |
| 877128 | ZTNA saml portal or auth portal cannot handle cors preflight because it does not take cors preflight request into consideration after matching (saml/auth) gateway. |
| 877230 | If an HB interface is disabled and enabled on a unit, the respective unit will never join the cluster unless it is restarted. |
| 877774 | psv_tm prints the wrong time in diagnose command. |
| 878298 | If the memory usage is out of control, the appending request is added to a 'hold-list' for a while to apply flow-control to the worker. The request might not be removed from the list properly for some corner cases. |
| 878587 | HA role in the list page is not consistent with the detail page. |
|
878782 |
PAC configuration issue. |
| 878863 | Forward server group log only works when load-balance algorithm (ldb-method) is `weighted`. |
| 880092 | icap server hangs when icap secure is enabled. |
| 880205 | Fix firewall policy schedule with year later than 2038. |
| 880479 | Fix debug daemon crash when session is not found, which usually happens when CLI or worker exits before the request is done. |
|
881499 |
Icap client crashed on wad_conn_pool_conn error. |
|
881693 |
Fix SSL/SSH Inspection inspection profile visible issue. |
|
881697 |
After the cluster is formed and the slave is restarted, it comes back with "config file may contain errors". |
|
881846 |
Every VDOM has ha-mgmt and ha-vsys VRFs, which causes issues. |
|
882475 |
Domain user suffix extract from krb ticket not matching what's shown in diag wad user list. |
|
882728 |
SNAT ocassionally fails on DNS requests. |
|
883067 |
AV cache-infected-result causes false positives with incorrect dst addr. |
|
883121 |
HTTP transaction log does not show status code for some cached traffics. |
|
883170 |
Cached object is corrupted and client keeps resending request with token. |
|
883589 |
Traffic is still blocked after FNBI license expires. |
|
883618 |
New Alibaba region (SCCC) uses different region-id. |
|
884280 |
FortiProxy does not respond to explicit proxy requests on VLAN interface. |
|
884339 |
Wad process keeps crashing with signal 11. |
|
378251 860859 |
Fix nf_conntrack_expect's reference for master conntrack to avoid leaks. |
|
802564 881341 |
Forticron crash when restoring VDOM configuration. |
|
833306 884670 |
Intermittent error "Failed to retrieve FortiView data" on real-time FortiView sources and destination. |
|
835903 842624 |
Change WAD's TCP port to delay close if datais pending on socket's write queue. |
|
836705 836710 |
FNBI does not work for non-admin users on Windows 10. |
|
843288 874159 |
No endpoint information is found when accessing ZTNA application FUSE. |
|
850683 850688 |
Console keeps printing "bcm_nl.nr_request_drop 20753". |
|
871749 874932 |
Wad crash about infection cache feature. |
|
874049 860282 |
SSLVPN crashes when using webmode access. |
|
877873 877875 |
When new hatalk is launched, ha_clear_state() is called to reset some shared memory information which could be accessed by hatalk. |
|
880624 881471 |
Fix unpopulated ipset when FQDN dstaddr is specified. |
|
880712 882878 |
Fix wad crash and memory leak on traffic mirror. |
|
881208 882886 |
Fix masquerade 'disable' in transparent policy which causes traffic failure. |
|
883762 823962 |
Unable to update AV/ISDB database. |
|
845698 857358 866735 |
Google Cloud - When ha_filtered is called on slave's receiving, some packets are dropped as IP header is not correct. |
|
861343 863428 870022 |
Fix policy hit counts not shown in GUI policy list and diag command. |
|
870846 871239 871587 |
FPX hardware models do not update CMOS time correctly. |
|
881553 882350 882403 869573 885912 886579 |
Fix some GUI issues. |
Common vulnerabilities and exposures
FortiProxy 7.2.3 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.
|
Bug ID |
CVE reference |
|---|---|
|
845848 |
|
|
874761 |
|
|
874049 |
CVE-2023-33307 |
|
857368 |
|
|
843318 |