Fortinet black logo

Release Notes

Home FortiProxy 7.2.2 Release Notes
7.2.2
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0

What's new

What's new

The following sections describe new features and enhancements:

Toggle logging pending traffic

Logging pending traffic can be enabled/disabled. When enabled, all traffic, including pending traffic, is logged. When disabled, only traffic matched to a policy is logged. It is disabled by default.

To configure the logging sessions depending on policy matching:
config web-proxy global
    set log-policy-pending {enable | disable}
end

enable

Enable logging sessions that are pending on policy matching.

disable

Disable logging sessions that are pending on policy matching (default).

Inter-VDOM links

VDOM links are virtual interfaces that allow VDOMs to communicate internally without using additional physical interfaces. A VDOM link contains a pair of interfaces, each one connected to a VDOM to form each end of the inter-VDOM connection. Inter-VDOM routing can be configured in order to communicate between one VDOM to another.

When VDOMs are configured on your FortiProxy unit, configuring inter-VDOM routing and VDOM links is similar to creating a VLAN interface.

For more information about VDOMs, see Virtual domains.

To create a VDOM link:

  1. Enable multi VDOM mode and create the VDOMs.

  2. Assign interfaces to VDOMs.

  3. Configure the VDOM link:

    config global
    config system vdom-link
        edit <link name>
        next
    end
end

    Interfaces of type vdom-link are automatically created after configuring a VDOM link. They cannot be directly created. Each link creates two interfaces, named <link name>0 and <link name>1, that can be moved between VDOMs and serve as the inter-VDOM link.

  4. Configure inter-VDOM routing:

    config global
    config system interface
        edit <link name>0
            set vdom <vdom name>
            set ip <ip/netmask>
            set allowaccess https ping ssh
            set description "Far side of the VDOM link"
        next
        edit <link name>1
            set vdom root
            set ip <ip/netmask>
            set allowaccess https ping ssh
            set description "Management side of the VDOM link"
        next
    end
end

  5. Configure the firewall policies so that the links can be accessed.

Cross-VDOM VLANs

A VLAN can be applied to a VDOM that is different from the VDOM that its physical interface is applied to.

For example:

config system interface
    edit port1
        set vdom root
        set ip 10.10.0.254 255.255.255.0
        set allowaccess https ssh 
        set type physical
        set snmp-index 1
    next
    edit vlan1
        set vdom Test-VDOM
        set ip 10.123.123.1 255.255.255.0
        set device-identification enable
        set role lan
        set snmp-index 10
        set interface port1
        set vlanid 1
    next
end</pre>

Passive FTP mode for explicit proxy

The FTP mode for explicit proxy can be changed to passive mode. When in passive mode, the FTP client mode is based on the FTP client's preference, while the FTP proxy to FTP server connection is always passive (if supported by the FTP server).

By default, the FTP mode is client, meaning that the FTP mode for both the client and server is based on the FTP client's preference.

To configure the FTP mode for explicit proxy:
config ftp-proxy explicit
    set status enable
    set server-data-mode {client | passive}
end

client

Use the same transmission mode for client and server data sessions (default).

passive

Use passive mode on server data session.

855703

Add option to use the first hard disk for only logging on high end models.

Use the first hard disk for logging only

On high end models, such as the FortiProxy 2000E and 4000E, the first hard disk can be configured to be used only for logging, as opposed to logging and WAN optimization.

To configure what the first hard disk is used for:
config system storage
			edit "HD1"
			set usage {mix | log}
			next
		end

mix

Use the hard disk for both logging and WAN Optimization.

log

Use the hard disk for logging.

Toggle TLS fingerprint

The TLS fingerprint can be updated when deep-inspection is enabled. By default, this option is disabled.

config system global
    set update-tls-finger-print {enable | disable}
end

Support AliCloud platform

FortiProxy-VM supports Alibaba Cloud (AliCloud).

AliCloud Elastic Compute Service (ECS) provides fast memory and the latest Intel CPUs to help you power your cloud applications and achieve faster results with low latency.

Previous
Next

What's new

The following sections describe new features and enhancements:

Toggle logging pending traffic

Logging pending traffic can be enabled/disabled. When enabled, all traffic, including pending traffic, is logged. When disabled, only traffic matched to a policy is logged. It is disabled by default.

To configure the logging sessions depending on policy matching:
config web-proxy global
    set log-policy-pending {enable | disable}
end

enable

Enable logging sessions that are pending on policy matching.

disable

Disable logging sessions that are pending on policy matching (default).

Inter-VDOM links

VDOM links are virtual interfaces that allow VDOMs to communicate internally without using additional physical interfaces. A VDOM link contains a pair of interfaces, each one connected to a VDOM to form each end of the inter-VDOM connection. Inter-VDOM routing can be configured in order to communicate between one VDOM to another.

When VDOMs are configured on your FortiProxy unit, configuring inter-VDOM routing and VDOM links is similar to creating a VLAN interface.

For more information about VDOMs, see Virtual domains.

To create a VDOM link:

  1. Enable multi VDOM mode and create the VDOMs.

  2. Assign interfaces to VDOMs.

  3. Configure the VDOM link:

    config global
    config system vdom-link
        edit <link name>
        next
    end
end

    Interfaces of type vdom-link are automatically created after configuring a VDOM link. They cannot be directly created. Each link creates two interfaces, named <link name>0 and <link name>1, that can be moved between VDOMs and serve as the inter-VDOM link.

  4. Configure inter-VDOM routing:

    config global
    config system interface
        edit <link name>0
            set vdom <vdom name>
            set ip <ip/netmask>
            set allowaccess https ping ssh
            set description "Far side of the VDOM link"
        next
        edit <link name>1
            set vdom root
            set ip <ip/netmask>
            set allowaccess https ping ssh
            set description "Management side of the VDOM link"
        next
    end
end

  5. Configure the firewall policies so that the links can be accessed.

Cross-VDOM VLANs

A VLAN can be applied to a VDOM that is different from the VDOM that its physical interface is applied to.

For example:

config system interface
    edit port1
        set vdom root
        set ip 10.10.0.254 255.255.255.0
        set allowaccess https ssh 
        set type physical
        set snmp-index 1
    next
    edit vlan1
        set vdom Test-VDOM
        set ip 10.123.123.1 255.255.255.0
        set device-identification enable
        set role lan
        set snmp-index 10
        set interface port1
        set vlanid 1
    next
end</pre>

Passive FTP mode for explicit proxy

The FTP mode for explicit proxy can be changed to passive mode. When in passive mode, the FTP client mode is based on the FTP client's preference, while the FTP proxy to FTP server connection is always passive (if supported by the FTP server).

By default, the FTP mode is client, meaning that the FTP mode for both the client and server is based on the FTP client's preference.

To configure the FTP mode for explicit proxy:
config ftp-proxy explicit
    set status enable
    set server-data-mode {client | passive}
end

client

Use the same transmission mode for client and server data sessions (default).

passive

Use passive mode on server data session.

855703

Add option to use the first hard disk for only logging on high end models.

Use the first hard disk for logging only

On high end models, such as the FortiProxy 2000E and 4000E, the first hard disk can be configured to be used only for logging, as opposed to logging and WAN optimization.

To configure what the first hard disk is used for:
config system storage
			edit "HD1"
			set usage {mix | log}
			next
		end

mix

Use the hard disk for both logging and WAN Optimization.

log

Use the hard disk for logging.

Toggle TLS fingerprint

The TLS fingerprint can be updated when deep-inspection is enabled. By default, this option is disabled.

config system global
    set update-tls-finger-print {enable | disable}
end

Support AliCloud platform

FortiProxy-VM supports Alibaba Cloud (AliCloud).

AliCloud Elastic Compute Service (ECS) provides fast memory and the latest Intel CPUs to help you power your cloud applications and achieve faster results with low latency.

Previous
Next