Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiProxy 7.2.4 Release Notes
    7.2.4
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    2.0.14
    2.0.13
    2.0.12
    2.0.11
    2.0.10
    2.0.9
    2.0.8
    2.0.7
    2.0.6
    2.0.5
    2.0.4
    2.0.3
    2.0.2
    2.0.1
    2.0.0
    1.2.13
    1.2.12
    1.2.11
    1.2.10
    1.2.9
    1.2.8
    1.2.7
    1.2.6
    1.2.5
    1.2.4
    1.2.3
    1.2.2
    1.2.1
    1.2.0
    1.1.6
    1.1.5
    1.1.4
    1.1.3
    1.1.2
    1.1.1
    1.1.0
    1.0.7
    1.0.6
    1.0.5
    1.0.4
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.2.4. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID Description
    854511 Unable to make API calls via PostmanRuntime script.
    882728 SNAT ocassionally fails on DNS requests.

    729351

    889309

    		 The object allocated by wad_mem_malloc is not freed by wad_mem_free.

    759144

    888354

    		 Port incorrect IOCTL causes userspace CMDB firewall issues.

    873224

    874099

    		 SSL log and configuration fixes.
    872550 Fail to create config-sync HA on GCP when heartbeat interfaces are within the same subnet range.

    888430

    894569

    896009

    899181

    899625

    900736

    902135

    903624

    903967

    		 Fix some GUI issues.
    889382 When query-v1-status is disabled and custom SNMP service doesn't exist, Iptable rule is not added and SNMP v2 query generation via client fails.
    887321 wAD "signal 6" crash.
    887560 dnsproxy does not populate ipsets when firewall.central-snap-map and firewall.shaping-policy are updated to include FQDNs.
    891541 forward-server-group config change might cause crash.

    885994

    889991

    		 Fix a few bugs in CLI configuration during upgrade.
    872493 Disk logging files are cached in kernel and causes high memory usage.
    891696 Fix miscalculation on request header length and no space to append body for av scan with legacy scan mode.
    857543 ha-management interface config on FPX units causes the cluster to be out-of-sync.
    894087 FortiAnalyzer logs of secondary devices are queued under the Active-Passive HA cluster.

    886145

    		 Failure in creating firewall.address6 FQDNs with a syscall error.

    889349

    892209

    		 Improve the build performance of algo daemon fast match table.
    889521 Failure in creating a firewall policy with a parse error message.

    769955

    889493

    899959

    		 WAD crashes in some cases.
    882182 Crash on av comfort stop due to missing secure profile.
    842336 Timeout when sequentially upgrading a config-sync HA cluster.
    888670 Local certificate is lost following the upgrade from FortiProxy 2.0 to 7.0.
    894884 Fix WAD memory leak on master secret.
    854918 Changing an HA cluster from unicast to multicast requires a reboot for the cluster to re-sync.
    866434 Domain fronting detection log enhancement.
    894755 Fix WAD firewall policy new memory leak.
    893697 Incorrect cifs file cache purge timeout causes scan issues.
    800850 ICMPv6 input and routing traffic is dropped.
    896345 User authenticate timeout configuration doesn't work.
    897421 ha-mgmt-interfaces are not used when ha-direct is enabled.
    877239 Forward traffic log is missing utmref for some web filter events which causes empty results in Security tab.

    890809

    		 Requests from users in a child domain cannot match a firewall policy with user-based authentication.
    863854 Lack of certificate verification when establishing secure connections with FortiGuard's map server.
    897409 SNMP Traffic not responding through dedicated-to management port.
    898325 HA hbdev is reset to port2 as a "default" value during upgrade.
    896992 Wrong minor version number in update request.
    890626 WAD worker crashes with signal 11 during NTLM authentication after changing the authentication rule from session-based to IP-based.

    828917

    878668

    895126

    		 LDAP group cache issue.
    898503 WAD keeps crashing during SSLVPN test.

    898406

    Heap buffer overflow in SSLVPN pre-authentication.

    892091

    Wrong file type and matched file type/name is missing in filefilter logs for some archived zip files.

    899145

    Trusthost ipsets are not present when a wildcard exists.

    891777

    "set log-http-transaction disable" option does not work.

    896476

    898903

    FortiProxy rejects CONNECT request with body and extra data.

    883831

    FortiProxy web cache memory leak.

    896048

    Access of uninitialized pointer in vdom parameter.

    889383

    Add dump for model max license seat and disk limit for VMUL model.

    856187

    FTPS explicit stops working with ippool.

    856859

    Misleading quarantine fields in replacement message and utm log of stream-scan when handling oversized infected archive.

    834007

    With av http block, uploading an eicar file in gmail generates a block log with filename "upload".

    849654

    utm-filefilter logs show incorrect filename with Chinese, Japanese or Korean characters.

    890298

    GUI packet capture does not work on VDOMs other than 'root'.

    887993

    AIO module support on KVM.

    890834

    Licenses of the passive unit are not shared to the active unit when the Security Fabric root is an active-passive mode HA group.

    891696

    Miscaculation on request header length.

    884784

    Bypass-mode configured as "off" automatically switches to "on" after power failure.

    889537

    WAD fails to match policy when dstintf is specified.

    837729

    884784

    Bypass interface kernel driver reset after rebooting.

    894903

    SNMPD fails to start with ha-direct enabled and multi VDOM enabled.

    892292

    Cannot connect to non-root VDOM local interfaces.

    901550

    Daemon 'radiusd' crashes on ha config-sync primary when mode changes from config-sync to standalone.

    902997

    "ipset destroy" does not work as intended.

    865784

    865828

    Some options of internet-service and internet-service6 do not function correctly.

    901808

    Duplicate entries in protocol-options profile when enabling explicit-ftp-tls.

    903187

    Improve the help text of the 'explicit-ftp-tls' option under "config firewall profile-protocol-options".

    882867

    When internet-service is enabled in proxy-policies, traffic is not matched to the appropriate policy sometimes.

    888947

    In HA Active-Passive mode, the primary unit fails to relay DNS requests from passive units.

    905439

    hatalk crashes when AP cluster has multicast head-beat interface.

    Common vulnerabilities and exposures

    FortiProxy 7.2.4 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    844920

    CVE-2022-41328

    863855

    CVE-2023-29175

    N/A

    CVE-2023-29178

    898406

    CVE-2023-27997

    889254

    CVE-2023-33306

    803283

    CVE-2023-47536

    Previous
    Next

    Resolved issues

    Resolved issues

    The following issues have been fixed in FortiProxy 7.2.4. For inquiries about a particular bug, please contact Customer Service & Support.

    Bug ID Description
    854511 Unable to make API calls via PostmanRuntime script.
    882728 SNAT ocassionally fails on DNS requests.

    729351

    889309

    		 The object allocated by wad_mem_malloc is not freed by wad_mem_free.

    759144

    888354

    		 Port incorrect IOCTL causes userspace CMDB firewall issues.

    873224

    874099

    		 SSL log and configuration fixes.
    872550 Fail to create config-sync HA on GCP when heartbeat interfaces are within the same subnet range.

    888430

    894569

    896009

    899181

    899625

    900736

    902135

    903624

    903967

    		 Fix some GUI issues.
    889382 When query-v1-status is disabled and custom SNMP service doesn't exist, Iptable rule is not added and SNMP v2 query generation via client fails.
    887321 wAD "signal 6" crash.
    887560 dnsproxy does not populate ipsets when firewall.central-snap-map and firewall.shaping-policy are updated to include FQDNs.
    891541 forward-server-group config change might cause crash.

    885994

    889991

    		 Fix a few bugs in CLI configuration during upgrade.
    872493 Disk logging files are cached in kernel and causes high memory usage.
    891696 Fix miscalculation on request header length and no space to append body for av scan with legacy scan mode.
    857543 ha-management interface config on FPX units causes the cluster to be out-of-sync.
    894087 FortiAnalyzer logs of secondary devices are queued under the Active-Passive HA cluster.

    886145

    		 Failure in creating firewall.address6 FQDNs with a syscall error.

    889349

    892209

    		 Improve the build performance of algo daemon fast match table.
    889521 Failure in creating a firewall policy with a parse error message.

    769955

    889493

    899959

    		 WAD crashes in some cases.
    882182 Crash on av comfort stop due to missing secure profile.
    842336 Timeout when sequentially upgrading a config-sync HA cluster.
    888670 Local certificate is lost following the upgrade from FortiProxy 2.0 to 7.0.
    894884 Fix WAD memory leak on master secret.
    854918 Changing an HA cluster from unicast to multicast requires a reboot for the cluster to re-sync.
    866434 Domain fronting detection log enhancement.
    894755 Fix WAD firewall policy new memory leak.
    893697 Incorrect cifs file cache purge timeout causes scan issues.
    800850 ICMPv6 input and routing traffic is dropped.
    896345 User authenticate timeout configuration doesn't work.
    897421 ha-mgmt-interfaces are not used when ha-direct is enabled.
    877239 Forward traffic log is missing utmref for some web filter events which causes empty results in Security tab.

    890809

    		 Requests from users in a child domain cannot match a firewall policy with user-based authentication.
    863854 Lack of certificate verification when establishing secure connections with FortiGuard's map server.
    897409 SNMP Traffic not responding through dedicated-to management port.
    898325 HA hbdev is reset to port2 as a "default" value during upgrade.
    896992 Wrong minor version number in update request.
    890626 WAD worker crashes with signal 11 during NTLM authentication after changing the authentication rule from session-based to IP-based.

    828917

    878668

    895126

    		 LDAP group cache issue.
    898503 WAD keeps crashing during SSLVPN test.

    898406

    Heap buffer overflow in SSLVPN pre-authentication.

    892091

    Wrong file type and matched file type/name is missing in filefilter logs for some archived zip files.

    899145

    Trusthost ipsets are not present when a wildcard exists.

    891777

    "set log-http-transaction disable" option does not work.

    896476

    898903

    FortiProxy rejects CONNECT request with body and extra data.

    883831

    FortiProxy web cache memory leak.

    896048

    Access of uninitialized pointer in vdom parameter.

    889383

    Add dump for model max license seat and disk limit for VMUL model.

    856187

    FTPS explicit stops working with ippool.

    856859

    Misleading quarantine fields in replacement message and utm log of stream-scan when handling oversized infected archive.

    834007

    With av http block, uploading an eicar file in gmail generates a block log with filename "upload".

    849654

    utm-filefilter logs show incorrect filename with Chinese, Japanese or Korean characters.

    890298

    GUI packet capture does not work on VDOMs other than 'root'.

    887993

    AIO module support on KVM.

    890834

    Licenses of the passive unit are not shared to the active unit when the Security Fabric root is an active-passive mode HA group.

    891696

    Miscaculation on request header length.

    884784

    Bypass-mode configured as "off" automatically switches to "on" after power failure.

    889537

    WAD fails to match policy when dstintf is specified.

    837729

    884784

    Bypass interface kernel driver reset after rebooting.

    894903

    SNMPD fails to start with ha-direct enabled and multi VDOM enabled.

    892292

    Cannot connect to non-root VDOM local interfaces.

    901550

    Daemon 'radiusd' crashes on ha config-sync primary when mode changes from config-sync to standalone.

    902997

    "ipset destroy" does not work as intended.

    865784

    865828

    Some options of internet-service and internet-service6 do not function correctly.

    901808

    Duplicate entries in protocol-options profile when enabling explicit-ftp-tls.

    903187

    Improve the help text of the 'explicit-ftp-tls' option under "config firewall profile-protocol-options".

    882867

    When internet-service is enabled in proxy-policies, traffic is not matched to the appropriate policy sometimes.

    888947

    In HA Active-Passive mode, the primary unit fails to relay DNS requests from passive units.

    905439

    hatalk crashes when AP cluster has multicast head-beat interface.

    Common vulnerabilities and exposures

    FortiProxy 7.2.4 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.

    Bug ID

    CVE reference

    844920

    CVE-2022-41328

    863855

    CVE-2023-29175

    N/A

    CVE-2023-29178

    898406

    CVE-2023-27997

    889254

    CVE-2023-33306

    803283

    CVE-2023-47536

    Previous
    Next