Fortinet black logo

Release Notes

Home FortiProxy 7.4.4 Release Notes
7.4.4
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0

Resolved issues

Resolved issues

The following issues have been fixed in FortiProxy 7.4.4. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID Description
998840 ICAP server crash when geting to eicar file.
1004346 When FortiManager access is disabled, FortiProxy can still be accessed from FortiManager on TCP port 541.
999491 No access to Intranet application with " 401 unauthorized" error.
1003093 Group query fails when Kerberos authorization in non-root VDOM and pac-data is disabled.
1005957

Issues with traffic shaping CLI:

  • Unable to change a guaranteed bandwidth that is greater than 50.

  • Irrelevant NPU warning when enabling shaping on a VLAN interface.
1004340 Add potential leak check in wad_content_config_set_protocol_ports.
1000338

Traffic shaping does not take effect on FTP data channels. A large file download via FTP can clog the entire bandwidth even with traffic shaping enabled.
1001749 Unresolved FQDN in GUI firewall address.
1002645 Cosmetic and spelling issues in OS image filenames.
1001204 No "Proxy Address" field when creating a forward server in GUI.
1001484 CASB profile can be configured for policy types that do not handle HTTP traffic.
1000999 External resources page does not render correctly.
1000127 Web pages are not loaded when web cache is enabled under policy.
1005976 Misleading message in "Fabric Upgrade" window.

1008255

When you edit a rule with "Domain Threat Feed" as dstaddr, it changes to dstaddr6 and traffic does not match.

1009948

FortiView Traffic Shaping console is not available in GUI.
1003811, 1008263 IP threat feed takes too long to load and external resource cannot load.
1008904 Certificate order changes under secure-web-proxy-cert after configuration.
1007822, 1008274 Custom SaaS applications with no domain configured should not be allowed to be saved.
994101 Certificate probe failing with certificate inspection along with web filter.
1006692 Out-of-bounds access in diag_iotop.c.
775882 WAD crashes at wad_hauth_trace_entry_close with signal 11.
1004752 When using "IP Address Threat Feed" for source and destination, the traffic is not matched by the rule.
1001688 Inline-CASB host regexp match does not work.
1012827 Admin login fails after the admin is renamed.
1011483 SNMP queries time out due to denial on dedicated management interface.

972921

Inline comments do not work as expected for the following threat feeds: FortiGuard Category, Domain Name, URL List.
1000941 FTP request fails to match ftp-explicit policy when destination FTP server is specified in FQDN.
1006140 , 1010565 , 1013074 CLI error for malware and EDM external resource statistics.
1010357, 1010843 Web proxy policy default action and global web proxy profile assignment issue.
1000236 WAD stream scan crashes at file typing because avengine failed to load.
1002945 When auth request is closing, calling wad_hauth_req_auth_notify triggers the close of auth request again.
1015808 DNS log does not show resolved address, response code, and correct policy ID.
1012965 Deep-inspection and webfilter are not working if profile-protocol-options has additional ports for HTTP, like 443.
985048 IP address validation mishandles zero characters.
996111 Some traffic cannot pass through after configuring application ID.
992247 HA connection from secondary FortiProxy to FortiAnalyzer goes through the virtual IP instead of the dedicated management interface.
996185 In certain hypervisor environments, the disk order may change which causes the FortiProxy to reformat disks when it shouldn't.
1016947, 1017840

Log http-transaction "resplength" field value always shows zero.
1008676 Weak authentication in security fabric.
1016970 WAD security profile memory leaks when policy configures ips-sensor and application-list.
1013104 DLP license information is not displayed under System > FortiGuard in GUI.

1017091

"Web Proxy Forwarding Server" option is not available when you create or edit an FTP policy in GUI.

1017098

"Protocol" option is not available when you create or edit a forwarding server in GUI.

1017682

Archived data tab under Antivirus Event keeps loading.
1013981, 1015407 Restoring a configuration backup with deny policies that have "set profile-type group" without the "profile-group" attributes will result in those policies being deleted.
1015482 No member size check for proxy address groups.
1014313 , 1014800 External resource not updating in HA failover or after changing update method.
1003937 Change "Data Leak Prevention" to "Data Loss Prevention" in GUI.

1011970 , 1017054

"Failed to generate firewall rules" logs due to invalid address members configured in a policy.

1020556

miglogd CPU usage is constantly high.

1020964

Issues due to modules not registered in the correct order during WAD process startup.

1019746

"dlp-sensor" is not correctly renamed to "dlp-profile" after the upgrade from 7.2 to 7.4.

1017888

Forward server memory issues.

1004206

MITM attack vulnerability for FortiManager connector.

1014477

File uploads on webmail applications fail when antivirus, app control, or IPS is enabled on the explicit proxy policy.

1013096

DLP sensors, dictionaries, and the entries inside the table are not grouped as "Managed Locally" and "Managed by FortiGuard".

792170

SAML authentication fails for CORS requests in explicit proxy.

1020278

Repeated WAD CSVC process crashes.

981757

Error 500 when downloading a file for the first time using AV profile with FortiSandbox scan.

1013274

FortiProxy IPv6 table list missing IP rules in some VDOMs when multiple VDOMs are configured.

1021833

WAD policy and address build fails when a member in the address group does not exist.

1006108

Sites cannot open correctly during the first try when web cache for HTTPS traffic is enabled.

1019308

HTTP NTLM authentication requests are redirected to captive portal.

1004985

Web filter cookie override does not work.

1020828

HTTP2 stream is not closed after transaction is complete.

993675

IPSec VPN tunnel formation fails in non-root VDOM.

1008688

When a new user is added under User & Authentication or User Definition, authenticated users are logged out.

1019069

WAD keeps crashing at dlp_profile_build_map and su_debug_vlog.

1003481, 1021292

WAD has signal 11 crash at wad_http_msg_strm_resume on corporate firewall.

1025444

100% usage of CUP 0 is consumed by WAD.

1025697

newcli crash on "diag wad filter process-id-by-src" command.

949464, 982553

WAD memory leak causing the FortiProxy to enter conserve mode randomly.

1025600

Transparent policy allows other source IP addresses that are not defined as the source and ISDB destination.

913703

WAD enters D state.

1021196

SAML authorization does not use user-info when ldap-user-cache is enabled.

1002459, 1019013

Some rules are skipped during inline CASB application match.

1018950

DNS proxy does not follow the system DNS server configuration due to missing interface information.

1024965

SSH Policy Redirect toggle on GUI does not work as expected.

1023563

GUI issue.

1024424

System > Settings page does not load correctly.

1019752

Connection to the FTPS server fails.

1022209

"400 error!" for SAML authentication with FortiAuthenticator.
1015482 No member size check for proxy address groups.

1001500

CASB profile dropdown is shown when the CASB option is disabled.

1026460

GUI load issue with Administrator with remote server group.

949464, 982553

WAD memory leak causing the FortiProxy to enter conserve mode randomly.

1019752,1027342

FTPS SSL handshake failure through explicit proxy.

1028493

Crash when you enable ha-mgmt-status in CLI and then load a backup configuration with ha-mgmt-status enabled but ha-mgmt-interfaces not configured.

1028427

Fortinet_SSL_xxxx template certificates are not filtered out from server certificate list in config web-proxy explicit-proxy CLI.

1028386

Remove irrelevant Security Fabric components from GUI.

1002626,1008632

ICDB access-control and SaaS-application group nodes are not loaded correctly.

1027699

FortiProxy fails with SSH message "kex type 34" when SSH server is not up-to-date.

993773

Memory leak and file descriptors remain open when "wad_worker_proc_ebpf_msg()" fails.

1029319

Random crashes on ICAP client.

1022475

WAD application crashes with intermittent navigation.

FortiNBI

The following issues have been fixed in FortiNBI. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID Description
N/A Ensure only one user app instance per user by terminating other FNBI user apps on startup
N/A

Missing directory causes crash in user application.
N/A

Broken MSFT links for their runtime installers.
N/A

Certain GUI runtimes installations are not skip when they have already been installed.
Previous
Next

Resolved issues

The following issues have been fixed in FortiProxy 7.4.4. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID Description
998840 ICAP server crash when geting to eicar file.
1004346 When FortiManager access is disabled, FortiProxy can still be accessed from FortiManager on TCP port 541.
999491 No access to Intranet application with " 401 unauthorized" error.
1003093 Group query fails when Kerberos authorization in non-root VDOM and pac-data is disabled.
1005957

Issues with traffic shaping CLI:

  • Unable to change a guaranteed bandwidth that is greater than 50.

  • Irrelevant NPU warning when enabling shaping on a VLAN interface.
1004340 Add potential leak check in wad_content_config_set_protocol_ports.
1000338

Traffic shaping does not take effect on FTP data channels. A large file download via FTP can clog the entire bandwidth even with traffic shaping enabled.
1001749 Unresolved FQDN in GUI firewall address.
1002645 Cosmetic and spelling issues in OS image filenames.
1001204 No "Proxy Address" field when creating a forward server in GUI.
1001484 CASB profile can be configured for policy types that do not handle HTTP traffic.
1000999 External resources page does not render correctly.
1000127 Web pages are not loaded when web cache is enabled under policy.
1005976 Misleading message in "Fabric Upgrade" window.

1008255

When you edit a rule with "Domain Threat Feed" as dstaddr, it changes to dstaddr6 and traffic does not match.

1009948

FortiView Traffic Shaping console is not available in GUI.
1003811, 1008263 IP threat feed takes too long to load and external resource cannot load.
1008904 Certificate order changes under secure-web-proxy-cert after configuration.
1007822, 1008274 Custom SaaS applications with no domain configured should not be allowed to be saved.
994101 Certificate probe failing with certificate inspection along with web filter.
1006692 Out-of-bounds access in diag_iotop.c.
775882 WAD crashes at wad_hauth_trace_entry_close with signal 11.
1004752 When using "IP Address Threat Feed" for source and destination, the traffic is not matched by the rule.
1001688 Inline-CASB host regexp match does not work.
1012827 Admin login fails after the admin is renamed.
1011483 SNMP queries time out due to denial on dedicated management interface.

972921

Inline comments do not work as expected for the following threat feeds: FortiGuard Category, Domain Name, URL List.
1000941 FTP request fails to match ftp-explicit policy when destination FTP server is specified in FQDN.
1006140 , 1010565 , 1013074 CLI error for malware and EDM external resource statistics.
1010357, 1010843 Web proxy policy default action and global web proxy profile assignment issue.
1000236 WAD stream scan crashes at file typing because avengine failed to load.
1002945 When auth request is closing, calling wad_hauth_req_auth_notify triggers the close of auth request again.
1015808 DNS log does not show resolved address, response code, and correct policy ID.
1012965 Deep-inspection and webfilter are not working if profile-protocol-options has additional ports for HTTP, like 443.
985048 IP address validation mishandles zero characters.
996111 Some traffic cannot pass through after configuring application ID.
992247 HA connection from secondary FortiProxy to FortiAnalyzer goes through the virtual IP instead of the dedicated management interface.
996185 In certain hypervisor environments, the disk order may change which causes the FortiProxy to reformat disks when it shouldn't.
1016947, 1017840

Log http-transaction "resplength" field value always shows zero.
1008676 Weak authentication in security fabric.
1016970 WAD security profile memory leaks when policy configures ips-sensor and application-list.
1013104 DLP license information is not displayed under System > FortiGuard in GUI.

1017091

"Web Proxy Forwarding Server" option is not available when you create or edit an FTP policy in GUI.

1017098

"Protocol" option is not available when you create or edit a forwarding server in GUI.

1017682

Archived data tab under Antivirus Event keeps loading.
1013981, 1015407 Restoring a configuration backup with deny policies that have "set profile-type group" without the "profile-group" attributes will result in those policies being deleted.
1015482 No member size check for proxy address groups.
1014313 , 1014800 External resource not updating in HA failover or after changing update method.
1003937 Change "Data Leak Prevention" to "Data Loss Prevention" in GUI.

1011970 , 1017054

"Failed to generate firewall rules" logs due to invalid address members configured in a policy.

1020556

miglogd CPU usage is constantly high.

1020964

Issues due to modules not registered in the correct order during WAD process startup.

1019746

"dlp-sensor" is not correctly renamed to "dlp-profile" after the upgrade from 7.2 to 7.4.

1017888

Forward server memory issues.

1004206

MITM attack vulnerability for FortiManager connector.

1014477

File uploads on webmail applications fail when antivirus, app control, or IPS is enabled on the explicit proxy policy.

1013096

DLP sensors, dictionaries, and the entries inside the table are not grouped as "Managed Locally" and "Managed by FortiGuard".

792170

SAML authentication fails for CORS requests in explicit proxy.

1020278

Repeated WAD CSVC process crashes.

981757

Error 500 when downloading a file for the first time using AV profile with FortiSandbox scan.

1013274

FortiProxy IPv6 table list missing IP rules in some VDOMs when multiple VDOMs are configured.

1021833

WAD policy and address build fails when a member in the address group does not exist.

1006108

Sites cannot open correctly during the first try when web cache for HTTPS traffic is enabled.

1019308

HTTP NTLM authentication requests are redirected to captive portal.

1004985

Web filter cookie override does not work.

1020828

HTTP2 stream is not closed after transaction is complete.

993675

IPSec VPN tunnel formation fails in non-root VDOM.

1008688

When a new user is added under User & Authentication or User Definition, authenticated users are logged out.

1019069

WAD keeps crashing at dlp_profile_build_map and su_debug_vlog.

1003481, 1021292

WAD has signal 11 crash at wad_http_msg_strm_resume on corporate firewall.

1025444

100% usage of CUP 0 is consumed by WAD.

1025697

newcli crash on "diag wad filter process-id-by-src" command.

949464, 982553

WAD memory leak causing the FortiProxy to enter conserve mode randomly.

1025600

Transparent policy allows other source IP addresses that are not defined as the source and ISDB destination.

913703

WAD enters D state.

1021196

SAML authorization does not use user-info when ldap-user-cache is enabled.

1002459, 1019013

Some rules are skipped during inline CASB application match.

1018950

DNS proxy does not follow the system DNS server configuration due to missing interface information.

1024965

SSH Policy Redirect toggle on GUI does not work as expected.

1023563

GUI issue.

1024424

System > Settings page does not load correctly.

1019752

Connection to the FTPS server fails.

1022209

"400 error!" for SAML authentication with FortiAuthenticator.
1015482 No member size check for proxy address groups.

1001500

CASB profile dropdown is shown when the CASB option is disabled.

1026460

GUI load issue with Administrator with remote server group.

949464, 982553

WAD memory leak causing the FortiProxy to enter conserve mode randomly.

1019752,1027342

FTPS SSL handshake failure through explicit proxy.

1028493

Crash when you enable ha-mgmt-status in CLI and then load a backup configuration with ha-mgmt-status enabled but ha-mgmt-interfaces not configured.

1028427

Fortinet_SSL_xxxx template certificates are not filtered out from server certificate list in config web-proxy explicit-proxy CLI.

1028386

Remove irrelevant Security Fabric components from GUI.

1002626,1008632

ICDB access-control and SaaS-application group nodes are not loaded correctly.

1027699

FortiProxy fails with SSH message "kex type 34" when SSH server is not up-to-date.

993773

Memory leak and file descriptors remain open when "wad_worker_proc_ebpf_msg()" fails.

1029319

Random crashes on ICAP client.

1022475

WAD application crashes with intermittent navigation.

FortiNBI

The following issues have been fixed in FortiNBI. For inquiries about a particular bug, please contact Customer Service & Support.

Bug ID Description
N/A Ensure only one user app instance per user by terminating other FNBI user apps on startup
N/A

Missing directory causes crash in user application.
N/A

Broken MSFT links for their runtime installers.
N/A

Certain GUI runtimes installations are not skip when they have already been installed.
Previous
Next