Resolved issues
The following issues have been fixed in FortiProxy 7.4.4. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID | Description |
---|---|
998840 | ICAP server crash when geting to eicar file. |
1004346 | When FortiManager access is disabled, FortiProxy can still be accessed from FortiManager on TCP port 541. |
999491 | No access to Intranet application with " 401 unauthorized" error. |
1003093 | Group query fails when Kerberos authorization in non-root VDOM and pac-data is disabled. |
1005957 |
Issues with traffic shaping CLI:
|
1004340 | Add potential leak check in wad_content_config_set_protocol_ports. |
1000338 |
Traffic shaping does not take effect on FTP data channels. A large file download via FTP can clog the entire bandwidth even with traffic shaping enabled. |
1001749 | Unresolved FQDN in GUI firewall address. |
1002645 | Cosmetic and spelling issues in OS image filenames. |
1001204 | No "Proxy Address" field when creating a forward server in GUI. |
1001484 | CASB profile can be configured for policy types that do not handle HTTP traffic. |
1000999 | External resources page does not render correctly. |
1000127 | Web pages are not loaded when web cache is enabled under policy. |
1005976 | Misleading message in "Fabric Upgrade" window. |
1008255 |
When you edit a rule with "Domain Threat Feed" as dstaddr, it changes to dstaddr6 and traffic does not match. |
1009948 |
FortiView Traffic Shaping console is not available in GUI. |
1003811, 1008263 | IP threat feed takes too long to load and external resource cannot load. |
1008904 | Certificate order changes under secure-web-proxy-cert after configuration. |
1007822, 1008274 | Custom SaaS applications with no domain configured should not be allowed to be saved. |
994101 | Certificate probe failing with certificate inspection along with web filter. |
1006692 | Out-of-bounds access in diag_iotop.c. |
775882 | WAD crashes at wad_hauth_trace_entry_close with signal 11. |
1004752 | When using "IP Address Threat Feed" for source and destination, the traffic is not matched by the rule. |
1001688 | Inline-CASB host regexp match does not work. |
1012827 | Admin login fails after the admin is renamed. |
1011483 | SNMP queries time out due to denial on dedicated management interface. |
972921 |
Inline comments do not work as expected for the following threat feeds: FortiGuard Category, Domain Name, URL List. |
1000941 | FTP request fails to match ftp-explicit policy when destination FTP server is specified in FQDN. |
1006140 , 1010565 , 1013074 | CLI error for malware and EDM external resource statistics. |
1010357, 1010843 | Web proxy policy default action and global web proxy profile assignment issue. |
1000236 | WAD stream scan crashes at file typing because avengine failed to load. |
1002945 | When auth request is closing, calling wad_hauth_req_auth_notify triggers the close of auth request again. |
1015808 | DNS log does not show resolved address, response code, and correct policy ID. |
1012965 | Deep-inspection and webfilter are not working if profile-protocol-options has additional ports for HTTP, like 443. |
985048 | IP address validation mishandles zero characters. |
996111 | Some traffic cannot pass through after configuring application ID. |
992247 | HA connection from secondary FortiProxy to FortiAnalyzer goes through the virtual IP instead of the dedicated management interface. |
996185 | In certain hypervisor environments, the disk order may change which causes the FortiProxy to reformat disks when it shouldn't. |
1016947, 1017840 |
Log http-transaction "resplength" field value always shows zero. |
1008676 | Weak authentication in security fabric. |
1016970 | WAD security profile memory leaks when policy configures ips-sensor and application-list. |
1013104 | DLP license information is not displayed under System > FortiGuard in GUI. |
1017091 |
"Web Proxy Forwarding Server" option is not available when you create or edit an FTP policy in GUI. |
1017098 |
"Protocol" option is not available when you create or edit a forwarding server in GUI. |
1017682 |
Archived data tab under Antivirus Event keeps loading. |
1013981, 1015407 | Restoring a configuration backup with deny policies that have "set profile-type group" without the "profile-group" attributes will result in those policies being deleted. |
1015482 | No member size check for proxy address groups. |
1014313 , 1014800 | External resource not updating in HA failover or after changing update method. |
1003937 | Change "Data Leak Prevention" to "Data Loss Prevention" in GUI. |
1011970 , 1017054 |
"Failed to generate firewall rules" logs due to invalid address members configured in a policy. |
1020556 |
miglogd CPU usage is constantly high. |
1020964 |
Issues due to modules not registered in the correct order during WAD process startup. |
1019746 |
"dlp-sensor" is not correctly renamed to "dlp-profile" after the upgrade from 7.2 to 7.4. |
1017888 |
Forward server memory issues. |
1004206 |
MITM attack vulnerability for FortiManager connector. |
1014477 |
File uploads on webmail applications fail when antivirus, app control, or IPS is enabled on the explicit proxy policy. |
1013096 |
DLP sensors, dictionaries, and the entries inside the table are not grouped as "Managed Locally" and "Managed by FortiGuard". |
792170 |
SAML authentication fails for CORS requests in explicit proxy. |
1020278 |
Repeated WAD CSVC process crashes. |
981757 |
Error 500 when downloading a file for the first time using AV profile with FortiSandbox scan. |
1013274 |
FortiProxy IPv6 table list missing IP rules in some VDOMs when multiple VDOMs are configured. |
1021833 |
WAD policy and address build fails when a member in the address group does not exist. |
1006108 |
Sites cannot open correctly during the first try when web cache for HTTPS traffic is enabled. |
1019308 |
HTTP NTLM authentication requests are redirected to captive portal. |
1004985 |
Web filter cookie override does not work. |
1020828 |
HTTP2 stream is not closed after transaction is complete. |
993675 |
IPSec VPN tunnel formation fails in non-root VDOM. |
1008688 |
When a new user is added under User & Authentication or User Definition, authenticated users are logged out. |
1019069 |
WAD keeps crashing at dlp_profile_build_map and su_debug_vlog. |
1003481, 1021292 |
WAD has signal 11 crash at wad_http_msg_strm_resume on corporate firewall. |
1025444 |
100% usage of CUP 0 is consumed by WAD. |
1025697 |
newcli crash on "diag wad filter process-id-by-src" command. |
949464, 982553 |
WAD memory leak causing the FortiProxy to enter conserve mode randomly. |
1025600 |
Transparent policy allows other source IP addresses that are not defined as the source and ISDB destination. |
913703 |
WAD enters D state. |
1021196 |
SAML authorization does not use user-info when ldap-user-cache is enabled. |
1002459, 1019013 |
Some rules are skipped during inline CASB application match. |
1018950 |
DNS proxy does not follow the system DNS server configuration due to missing interface information. |
1024965 |
SSH Policy Redirect toggle on GUI does not work as expected. |
1023563 |
GUI issue. |
1024424 |
System > Settings page does not load correctly. |
1019752 |
Connection to the FTPS server fails. |
1022209 |
"400 error!" for SAML authentication with FortiAuthenticator. |
1015482 | No member size check for proxy address groups. |
1001500 |
CASB profile dropdown is shown when the CASB option is disabled. |
1026460 |
GUI load issue with Administrator with remote server group. |
949464, 982553 |
WAD memory leak causing the FortiProxy to enter conserve mode randomly. |
1019752,1027342 |
FTPS SSL handshake failure through explicit proxy. |
1028493 |
Crash when you enable ha-mgmt-status in CLI and then load a backup configuration with ha-mgmt-status enabled but ha-mgmt-interfaces not configured. |
1028427 |
Fortinet_SSL_xxxx template certificates are not filtered out from server certificate list in |
1028386 |
Remove irrelevant Security Fabric components from GUI. |
1002626,1008632 |
ICDB access-control and SaaS-application group nodes are not loaded correctly. |
1027699 |
FortiProxy fails with SSH message "kex type 34" when SSH server is not up-to-date. |
993773 |
Memory leak and file descriptors remain open when "wad_worker_proc_ebpf_msg()" fails. |
1029319 |
Random crashes on ICAP client. |
1022475 |
WAD application crashes with intermittent navigation. |
FortiNBI
The following issues have been fixed in FortiNBI. For inquiries about a particular bug, please contact Customer Service & Support.
Bug ID | Description |
---|---|
N/A | Ensure only one user app instance per user by terminating other FNBI user apps on startup |
N/A |
Missing directory causes crash in user application. |
N/A |
Broken MSFT links for their runtime installers. |
N/A |
Certain GUI runtimes installations are not skip when they have already been installed. |