Fortinet black logo

Release Notes

Home FortiProxy 7.2.9 Release Notes
7.2.9
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0

Resolved issues

Resolved issues

The following issues have been fixed in FortiProxy 7.2.9. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID

Description
948042 Failed to create VDOM with a name longer than 11 characters in the CLI when long-vdom-name is enabled.
984094 WAD worker memory leak.

984179

984948

 Application Control profile does not work on non-root VDOM.
985198 IP address threat feed connection status indicates "Other Error".

955481

983897

 When fast-policy-match is enabled, traffic is matched to wrong policy during a specific period of time.
977734 Access to secondary unit is not granted when you use the SVI interface for management in HA.
951108 Crash at wad_sec_policy_result_free.
976713 Connection is closed during SSL offload by "config firewall ssl-server".
981332 Traffic cannot access Internet via non-root VDOM's transparent proxy policy.
980527 CLI should not allow the FTP protocol in config web-proxy isolator-server.
979936 When configuring ipv6 addresses in the CLI, all types of external-resource for ipv6 address are listed. Only the external-resources of type "domain" and "address" should be listed.
980994 External-resource type other than address and domain are not filtered out for firewall.policy.dstaddr6 and srcaddr6.
978544 When a request is sent with header "Cache-Control: max-age=0", the content is not returned and the connection is closed.
970003, 972976, 978538, 979741 GUI issues.
990161 HA secondary acts like primary in vcluster1 after the switch of primary and secondary in vluster2.
983371 WAD procmgr hangs on waitpid.

977645

Incorrect output when viewing FortiView Proxy Policy with source set to FortiAnalyzer.
991641 Unable to save changes shaping policy when dstaddr6 is set to be an IPv6 FQDN address with wildcard (*).
993597 WAD crashes when user LDAP server is configured.
993108 CLI hangs after you delete a VDOM from the CLI.
915834 HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port.
987687 "Can not create query" error while deleting VDOMs.
988015, 992933 "sysctl ifconfig" does not work when the interface belongs to a non-root VDOM.
989798 Out-of-bounds write in SSL VPN.
983298 Forward logs for non-root VDOM are only visible in root VDOM.
992167 Providing an invalid client certificate during certificate authentication can create a redirection loop.
985049 XSS vulnerability in reboot page.
989784 Access to other users' bookmarks in SSL VPN web mode.
980994 External-resource type other than address and domain are not filtered out for firewall.policy.dstaddr6 and srcaddr6.
990142 Interfaces with no members are allowed to be aggregated in GUI.

773815

988544

 AD group cache update issue.
986806 Crash in WAD user-info process.

988402

Cannot use HA reserved management interface to send log to FortiAnalyzer.

982614

Anti-virus incorrectly blocks the upload of good Excel files to OneDrive with corrupted archive error.

988016

Aggregate interface is not initialized on startup when the aggregate is in a non-root VDOM.

989515

Crash on building fast match table when the source interface is configured with an empty system zone.

967538

Traffic that should get IPS scanned passes through when IPS is out of service.

985374

HA is out of sync after automatic reboot.

981069

981546

ICAP is unable to bypass when ICAP remote server is offline and health-monitor is disabled.

987387

On a non-root VDOM with multiple explicit-web entries, changes to policies are not applied properly.

981193

FortiProxy do not send authentication request after proxy-re-authentication-time is passed.

974938

Remove references to unsupported features in FortiProxy log IDs.

978473

982156

URL local/user category rating result shows only one best match category but not the other matched local/user categories configured in the profile.

945197

Configuration value of the interface IP address should not be synced within a FortiProxy HA cluster on Azure.

976775

When policy based routing is configured and traffic is redirected to WAD, traffic from the FortiProxy back to the client is routed via static routing.

980297

GUI shows empty remote groups while CLI configuration shows the correct remote group configuration.

980702

URL rating lookup does not support valid URLs with forward slash.

987777

Policy ID is not available for disabled policies in the FortiProxy GUI.
988098 Crash during smtp-over-http.
995824 Counter value returns 0 for non-root interface when polling via SNMP.
985557 HA in transparent mode fails to form due to dropped ARP requests.
979908

No validation for source interface field for "ssh-tunnel" type policy in GUI.
997177 FortiProxy GUI cannot display ICAP log.

994749

URL filter fails to block transparent HTTPS traffic with IP hostname.

992245

FQDN ipset is not populated after the captive portal configuration changes from IP to FQDN.

989694

ICAP secure server with webfilter crashes on the first request.

971213

Traffic does not follow schedule to match the firewall policy when the schedule period is short.

977530

HTTPS over locally resolved SOCKS webfilter not working.
992599 UTM action and count information is missing in http-transaction-log for HTTPS request when tp-policy is certificate-inspect.
992853 After matching an url-match in SOCKS proxy forwarding, the original IP rather than the fw_server ip is used to get the interface for policy matching.
994230 WAD crashes when SOCKS request fails to connect to LDAP server.
995622 SOCKS request is unable to match web-proxy entity in auth rule and WAD crashes.
979219 FortiProxy A/A cluster with VDOMs drop packets.
981211 Global system default settings for TLS 1.2 are not applied upon LDAP connection to domain controller.
868634 Bypass of root file system integrity checks at boot time.
977771 Virus block return replacement messages leads to "HTTP not found" page.

997336

Cannot establish FSSO connection from FortiProxy VDOMs.

975685

FortiProxy 400E possible WAD memory leak.

997001

External resource cannot update for IPv6 hosts.

996012, 997905

SOCKS policy match does not support url-list dstaddr type.

959421

Cannot download files with a size of more than 5 MB via FPX with SSL deep inspection and DLP profile enabled.

997868

Error during auth TLS for FTP service.

FortiNBI

The following issues have been fixed in FortiNBI. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID Description

886077, 930915, 934251, 956123, 959594, 962908, 977250, 979177

FortiNBI bug fixes.
959232 Crash when downloading the FortiNBI installer.
959263 FortiNBI rating error and all pages are broken in the FortiNBI application.

Common vulnerabilities and exposures

FortiProxy 7.2.9 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE reference

989784

CVE-2024-23112

989798

CVE-2024-21762

993863

CVE-2024-23113

868634

CVE-2023-28002

Previous
Next

Resolved issues

The following issues have been fixed in FortiProxy 7.2.9. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID

Description
948042 Failed to create VDOM with a name longer than 11 characters in the CLI when long-vdom-name is enabled.
984094 WAD worker memory leak.

984179

984948

 Application Control profile does not work on non-root VDOM.
985198 IP address threat feed connection status indicates "Other Error".

955481

983897

 When fast-policy-match is enabled, traffic is matched to wrong policy during a specific period of time.
977734 Access to secondary unit is not granted when you use the SVI interface for management in HA.
951108 Crash at wad_sec_policy_result_free.
976713 Connection is closed during SSL offload by "config firewall ssl-server".
981332 Traffic cannot access Internet via non-root VDOM's transparent proxy policy.
980527 CLI should not allow the FTP protocol in config web-proxy isolator-server.
979936 When configuring ipv6 addresses in the CLI, all types of external-resource for ipv6 address are listed. Only the external-resources of type "domain" and "address" should be listed.
980994 External-resource type other than address and domain are not filtered out for firewall.policy.dstaddr6 and srcaddr6.
978544 When a request is sent with header "Cache-Control: max-age=0", the content is not returned and the connection is closed.
970003, 972976, 978538, 979741 GUI issues.
990161 HA secondary acts like primary in vcluster1 after the switch of primary and secondary in vluster2.
983371 WAD procmgr hangs on waitpid.

977645

Incorrect output when viewing FortiView Proxy Policy with source set to FortiAnalyzer.
991641 Unable to save changes shaping policy when dstaddr6 is set to be an IPv6 FQDN address with wildcard (*).
993597 WAD crashes when user LDAP server is configured.
993108 CLI hangs after you delete a VDOM from the CLI.
915834 HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port.
987687 "Can not create query" error while deleting VDOMs.
988015, 992933 "sysctl ifconfig" does not work when the interface belongs to a non-root VDOM.
989798 Out-of-bounds write in SSL VPN.
983298 Forward logs for non-root VDOM are only visible in root VDOM.
992167 Providing an invalid client certificate during certificate authentication can create a redirection loop.
985049 XSS vulnerability in reboot page.
989784 Access to other users' bookmarks in SSL VPN web mode.
980994 External-resource type other than address and domain are not filtered out for firewall.policy.dstaddr6 and srcaddr6.
990142 Interfaces with no members are allowed to be aggregated in GUI.

773815

988544

 AD group cache update issue.
986806 Crash in WAD user-info process.

988402

Cannot use HA reserved management interface to send log to FortiAnalyzer.

982614

Anti-virus incorrectly blocks the upload of good Excel files to OneDrive with corrupted archive error.

988016

Aggregate interface is not initialized on startup when the aggregate is in a non-root VDOM.

989515

Crash on building fast match table when the source interface is configured with an empty system zone.

967538

Traffic that should get IPS scanned passes through when IPS is out of service.

985374

HA is out of sync after automatic reboot.

981069

981546

ICAP is unable to bypass when ICAP remote server is offline and health-monitor is disabled.

987387

On a non-root VDOM with multiple explicit-web entries, changes to policies are not applied properly.

981193

FortiProxy do not send authentication request after proxy-re-authentication-time is passed.

974938

Remove references to unsupported features in FortiProxy log IDs.

978473

982156

URL local/user category rating result shows only one best match category but not the other matched local/user categories configured in the profile.

945197

Configuration value of the interface IP address should not be synced within a FortiProxy HA cluster on Azure.

976775

When policy based routing is configured and traffic is redirected to WAD, traffic from the FortiProxy back to the client is routed via static routing.

980297

GUI shows empty remote groups while CLI configuration shows the correct remote group configuration.

980702

URL rating lookup does not support valid URLs with forward slash.

987777

Policy ID is not available for disabled policies in the FortiProxy GUI.
988098 Crash during smtp-over-http.
995824 Counter value returns 0 for non-root interface when polling via SNMP.
985557 HA in transparent mode fails to form due to dropped ARP requests.
979908

No validation for source interface field for "ssh-tunnel" type policy in GUI.
997177 FortiProxy GUI cannot display ICAP log.

994749

URL filter fails to block transparent HTTPS traffic with IP hostname.

992245

FQDN ipset is not populated after the captive portal configuration changes from IP to FQDN.

989694

ICAP secure server with webfilter crashes on the first request.

971213

Traffic does not follow schedule to match the firewall policy when the schedule period is short.

977530

HTTPS over locally resolved SOCKS webfilter not working.
992599 UTM action and count information is missing in http-transaction-log for HTTPS request when tp-policy is certificate-inspect.
992853 After matching an url-match in SOCKS proxy forwarding, the original IP rather than the fw_server ip is used to get the interface for policy matching.
994230 WAD crashes when SOCKS request fails to connect to LDAP server.
995622 SOCKS request is unable to match web-proxy entity in auth rule and WAD crashes.
979219 FortiProxy A/A cluster with VDOMs drop packets.
981211 Global system default settings for TLS 1.2 are not applied upon LDAP connection to domain controller.
868634 Bypass of root file system integrity checks at boot time.
977771 Virus block return replacement messages leads to "HTTP not found" page.

997336

Cannot establish FSSO connection from FortiProxy VDOMs.

975685

FortiProxy 400E possible WAD memory leak.

997001

External resource cannot update for IPv6 hosts.

996012, 997905

SOCKS policy match does not support url-list dstaddr type.

959421

Cannot download files with a size of more than 5 MB via FPX with SSL deep inspection and DLP profile enabled.

997868

Error during auth TLS for FTP service.

FortiNBI

The following issues have been fixed in FortiNBI. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID Description

886077, 930915, 934251, 956123, 959594, 962908, 977250, 979177

FortiNBI bug fixes.
959232 Crash when downloading the FortiNBI installer.
959263 FortiNBI rating error and all pages are broken in the FortiNBI application.

Common vulnerabilities and exposures

FortiProxy 7.2.9 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.

Bug ID

CVE reference

989784

CVE-2024-23112

989798

CVE-2024-21762

993863

CVE-2024-23113

868634

CVE-2023-28002

Previous
Next