Resolved issues
The following issues have been fixed in FortiProxy 7.2.9. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID |
Description |
---|---|
948042 | Failed to create VDOM with a name longer than 11 characters in the CLI when long-vdom-name is enabled. |
984094 | WAD worker memory leak. |
984179 984948 |
Application Control profile does not work on non-root VDOM. |
985198 | IP address threat feed connection status indicates "Other Error". |
955481 983897 |
When fast-policy-match is enabled, traffic is matched to wrong policy during a specific period of time. |
977734 | Access to secondary unit is not granted when you use the SVI interface for management in HA. |
951108 | Crash at wad_sec_policy_result_free. |
976713 | Connection is closed during SSL offload by "config firewall ssl-server". |
981332 | Traffic cannot access Internet via non-root VDOM's transparent proxy policy. |
980527 | CLI should not allow the FTP protocol in config web-proxy isolator-server . |
979936 | When configuring ipv6 addresses in the CLI, all types of external-resource for ipv6 address are listed. Only the external-resources of type "domain" and "address" should be listed. |
980994 | External-resource type other than address and domain are not filtered out for firewall.policy.dstaddr6 and srcaddr6. |
978544 | When a request is sent with header "Cache-Control: max-age=0", the content is not returned and the connection is closed. |
970003, 972976, 978538, 979741 | GUI issues. |
990161 | HA secondary acts like primary in vcluster1 after the switch of primary and secondary in vluster2. |
983371 | WAD procmgr hangs on waitpid. |
977645 |
Incorrect output when viewing FortiView Proxy Policy with source set to FortiAnalyzer. |
991641 | Unable to save changes shaping policy when dstaddr6 is set to be an IPv6 FQDN address with wildcard (*). |
993597 | WAD crashes when user LDAP server is configured. |
993108 | CLI hangs after you delete a VDOM from the CLI. |
915834 | HA active-passive flip: standby FortiProxy tries to reach out to FortiGuard services through HA port. |
987687 | "Can not create query" error while deleting VDOMs. |
988015, 992933 | "sysctl ifconfig" does not work when the interface belongs to a non-root VDOM. |
989798 | Out-of-bounds write in SSL VPN. |
983298 | Forward logs for non-root VDOM are only visible in root VDOM. |
992167 | Providing an invalid client certificate during certificate authentication can create a redirection loop. |
985049 | XSS vulnerability in reboot page. |
989784 | Access to other users' bookmarks in SSL VPN web mode. |
980994 | External-resource type other than address and domain are not filtered out for firewall.policy.dstaddr6 and srcaddr6. |
990142 | Interfaces with no members are allowed to be aggregated in GUI. |
773815 988544 |
AD group cache update issue. |
986806 | Crash in WAD user-info process. |
988402 |
Cannot use HA reserved management interface to send log to FortiAnalyzer. |
982614 |
Anti-virus incorrectly blocks the upload of good Excel files to OneDrive with corrupted archive error. |
988016 |
Aggregate interface is not initialized on startup when the aggregate is in a non-root VDOM. |
989515 |
Crash on building fast match table when the source interface is configured with an empty system zone. |
967538 |
Traffic that should get IPS scanned passes through when IPS is out of service. |
985374 |
HA is out of sync after automatic reboot. |
981069 981546 |
ICAP is unable to bypass when ICAP remote server is offline and health-monitor is disabled. |
987387 |
On a non-root VDOM with multiple explicit-web entries, changes to policies are not applied properly. |
981193 |
FortiProxy do not send authentication request after proxy-re-authentication-time is passed. |
974938 |
Remove references to unsupported features in FortiProxy log IDs. |
978473 982156 |
URL local/user category rating result shows only one best match category but not the other matched local/user categories configured in the profile. |
945197 |
Configuration value of the interface IP address should not be synced within a FortiProxy HA cluster on Azure. |
976775 |
When policy based routing is configured and traffic is redirected to WAD, traffic from the FortiProxy back to the client is routed via static routing. |
980297 |
GUI shows empty remote groups while CLI configuration shows the correct remote group configuration. |
980702 |
URL rating lookup does not support valid URLs with forward slash. |
987777 |
Policy ID is not available for disabled policies in the FortiProxy GUI. |
988098 | Crash during smtp-over-http. |
995824 | Counter value returns 0 for non-root interface when polling via SNMP. |
985557 | HA in transparent mode fails to form due to dropped ARP requests. |
979908 |
No validation for source interface field for "ssh-tunnel" type policy in GUI. |
997177 | FortiProxy GUI cannot display ICAP log. |
994749 |
URL filter fails to block transparent HTTPS traffic with IP hostname. |
992245 |
FQDN ipset is not populated after the captive portal configuration changes from IP to FQDN. |
989694 |
ICAP secure server with webfilter crashes on the first request. |
971213 |
Traffic does not follow schedule to match the firewall policy when the schedule period is short. |
977530 |
HTTPS over locally resolved SOCKS webfilter not working. |
992599 | UTM action and count information is missing in http-transaction-log for HTTPS request when tp-policy is certificate-inspect. |
992853 | After matching an url-match in SOCKS proxy forwarding, the original IP rather than the fw_server ip is used to get the interface for policy matching. |
994230 | WAD crashes when SOCKS request fails to connect to LDAP server. |
995622 | SOCKS request is unable to match web-proxy entity in auth rule and WAD crashes. |
979219 | FortiProxy A/A cluster with VDOMs drop packets. |
981211 | Global system default settings for TLS 1.2 are not applied upon LDAP connection to domain controller. |
868634 | Bypass of root file system integrity checks at boot time. |
977771 | Virus block return replacement messages leads to "HTTP not found" page. |
997336 |
Cannot establish FSSO connection from FortiProxy VDOMs. |
975685 |
FortiProxy 400E possible WAD memory leak. |
997001 |
External resource cannot update for IPv6 hosts. |
996012, 997905 |
SOCKS policy match does not support url-list dstaddr type. |
959421 |
Cannot download files with a size of more than 5 MB via FPX with SSL deep inspection and DLP profile enabled. |
997868 |
Error during auth TLS for FTP service. |
FortiNBI
The following issues have been fixed in FortiNBI. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID | Description |
---|---|
886077, 930915, 934251, 956123, 959594, 962908, 977250, 979177 |
FortiNBI bug fixes. |
959232 | Crash when downloading the FortiNBI installer. |
959263 | FortiNBI rating error and all pages are broken in the FortiNBI application. |
Common vulnerabilities and exposures
FortiProxy 7.2.9 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.
Bug ID |
CVE reference |
---|---|
989784 |
|
989798 |
|
993863 |
|
868634 |