Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiProxy 7.2.5 Release Notes
    7.2.5
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.13
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.16
    7.2.15
    7.2.14
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.23
    7.0.22
    7.0.21
    7.0.20
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    2.0.14
    2.0.13
    2.0.12
    2.0.11
    2.0.10
    2.0.9
    2.0.8
    2.0.7
    2.0.6
    2.0.5
    2.0.4
    2.0.3
    2.0.2
    2.0.1
    2.0.0
    1.2.13
    1.2.12
    1.2.11
    1.2.10
    1.2.9
    1.2.8
    1.2.7
    1.2.6
    1.2.5
    1.2.4
    1.2.3
    1.2.2
    1.2.1
    1.2.0
    1.1.6
    1.1.5
    1.1.4
    1.1.3
    1.1.2
    1.1.1
    1.1.0
    1.0.7
    1.0.6
    1.0.5
    1.0.4
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    What's new

    What's new

    The following sections describe new features, enhancements, and changes:

    Sensor status monitoring

    For FPX-2000E/4000E/2000G/4000G units, you can use the new Sensor Information widget for an overview of the status of the power supply sensor in the hardware system.

    You can click on the status icon in the widget for more detailed information about the status, such as the real-time and expected power supply voltage values.

    See Dashboard in the Administration Guide for more information about this widget or other widgets available.

    Alternatively, in the CLI, use the diagnose hardware sysinfo sensor-status command to get an overview of the same status information of all sensors in the hardware system.

    Show destination IP for authentication rules

    The Authentication Rules table now includes the new Destination IP columns which show the destination IP information.

    You can specify the destination IP when creating an authentication rule under Policy & Objects > Policy > Authentication Rules.

    Show more details for HTTP transaction log

    Under Log & Report > Http Transaction Log, you can now configure the table to show the following columns which display additional information about the HTTP transaction log:

    • Agent

    • HTTP Method

    • Referral URL

    New AliCloud connector in Security Fabric

    Under Security Fabric > External Connectors, you can now create an AliCloud connector to connect your FortiProxy unit to Alibaba Cloud.

    Alternatively, use the config system sdn-connector command in the CLI.

    License sharing enhancements

    FortiProxy 7.2.5 includes the following enhancements to license sharing:

    • New support for the following license types:

      The License Sharing Information widget now also includes license sharing information of those two license types.

      Refer to the FortiProxy datasheet for more information about different license types.

    • License tolerance—FortiProxy now keeps the purchased seat of disconnected members for 8 hours and drops allocated seats after 1 minute.

    Support for FortiProxy G-series units

    FortiProxy 7.2.5 adds support for the following FortiProxy G-series models:

    • FPX-400G
    • FPX-2000G
    • FPX-4000G

    Refer to the FortiProxy datasheet or for specifications about the FortiProxy G-series models. Refer to the FortiProxy QuickStart Guide for detailed instructions of deploying a FortiProxy unit.

    CLI changes

    FortiProxy 7.2.5 includes the following CLI changes:

    • Use the new diagnose hardware sysinfo sensor-status command to get an overview of the status of all sensors in the hardware system, including temperature, power supply, and fan speed information.

    • system snmp sysinfo—The SNMP system status information is now always shown, regardless of whether the set status option is enabled or disabled. In 7.2.4 and earlier, The SNMP system status information is hidden when the set status option is disabled.

    • The config web-proxy global command has the following new options:

      • set http-transaction-log [enable/disable]—Use this option to configure whether to record the http-transaction log for implicit policies. The http-transaction log includes sentbyte and recvbyte information to show the total bytes sent/received in the TCP session after the http transaction is generated. If available, the http-transaction log also includes the device, auth user, and group information.

      • extended-log—Use this option to configure whether to record the extended log for implicit policies. The extended log includes the useragent, referralurl, httpmethod, and statuscode fields.

    • config webfilter profile—The extended-log option is removed. For existing webfilter profiles with the extended-log option enabled, you must enable the extended-log option for each policy that uses the webfilter profile after upgrading to 7.2.5.

    • config user ldap—Use the new set max-connections option to configure the maximum number of LDAP server connections. The valid value range is 16-5000. The default is 64.

    • config authentication scheme—Use the new set search-all-ldap-databases [enable | disable] option to enable or disable searching all LDAP databases to find groups.

    • config system global—Use the new set kernel-panic-debug [enable | disable] option to configure whether to show kernel debug message on kernel panic.

    • config system vdom-exception—Use the following new options under the object parameter to exclude SNMP-related settings from synchronization in an HA cluster for specific VDOMs:

      • system.snmp.sysinfo

      • system.snmp.community

      • system.snmp.user

    Previous
    Next

    What's new

    What's new

    The following sections describe new features, enhancements, and changes:

    Sensor status monitoring

    For FPX-2000E/4000E/2000G/4000G units, you can use the new Sensor Information widget for an overview of the status of the power supply sensor in the hardware system.

    You can click on the status icon in the widget for more detailed information about the status, such as the real-time and expected power supply voltage values.

    See Dashboard in the Administration Guide for more information about this widget or other widgets available.

    Alternatively, in the CLI, use the diagnose hardware sysinfo sensor-status command to get an overview of the same status information of all sensors in the hardware system.

    Show destination IP for authentication rules

    The Authentication Rules table now includes the new Destination IP columns which show the destination IP information.

    You can specify the destination IP when creating an authentication rule under Policy & Objects > Policy > Authentication Rules.

    Show more details for HTTP transaction log

    Under Log & Report > Http Transaction Log, you can now configure the table to show the following columns which display additional information about the HTTP transaction log:

    • Agent

    • HTTP Method

    • Referral URL

    New AliCloud connector in Security Fabric

    Under Security Fabric > External Connectors, you can now create an AliCloud connector to connect your FortiProxy unit to Alibaba Cloud.

    Alternatively, use the config system sdn-connector command in the CLI.

    License sharing enhancements

    FortiProxy 7.2.5 includes the following enhancements to license sharing:

    • New support for the following license types:

      The License Sharing Information widget now also includes license sharing information of those two license types.

      Refer to the FortiProxy datasheet for more information about different license types.

    • License tolerance—FortiProxy now keeps the purchased seat of disconnected members for 8 hours and drops allocated seats after 1 minute.

    Support for FortiProxy G-series units

    FortiProxy 7.2.5 adds support for the following FortiProxy G-series models:

    • FPX-400G
    • FPX-2000G
    • FPX-4000G

    Refer to the FortiProxy datasheet or for specifications about the FortiProxy G-series models. Refer to the FortiProxy QuickStart Guide for detailed instructions of deploying a FortiProxy unit.

    CLI changes

    FortiProxy 7.2.5 includes the following CLI changes:

    • Use the new diagnose hardware sysinfo sensor-status command to get an overview of the status of all sensors in the hardware system, including temperature, power supply, and fan speed information.

    • system snmp sysinfo—The SNMP system status information is now always shown, regardless of whether the set status option is enabled or disabled. In 7.2.4 and earlier, The SNMP system status information is hidden when the set status option is disabled.

    • The config web-proxy global command has the following new options:

      • set http-transaction-log [enable/disable]—Use this option to configure whether to record the http-transaction log for implicit policies. The http-transaction log includes sentbyte and recvbyte information to show the total bytes sent/received in the TCP session after the http transaction is generated. If available, the http-transaction log also includes the device, auth user, and group information.

      • extended-log—Use this option to configure whether to record the extended log for implicit policies. The extended log includes the useragent, referralurl, httpmethod, and statuscode fields.

    • config webfilter profile—The extended-log option is removed. For existing webfilter profiles with the extended-log option enabled, you must enable the extended-log option for each policy that uses the webfilter profile after upgrading to 7.2.5.

    • config user ldap—Use the new set max-connections option to configure the maximum number of LDAP server connections. The valid value range is 16-5000. The default is 64.

    • config authentication scheme—Use the new set search-all-ldap-databases [enable | disable] option to enable or disable searching all LDAP databases to find groups.

    • config system global—Use the new set kernel-panic-debug [enable | disable] option to configure whether to show kernel debug message on kernel panic.

    • config system vdom-exception—Use the following new options under the object parameter to exclude SNMP-related settings from synchronization in an HA cluster for specific VDOMs:

      • system.snmp.sysinfo

      • system.snmp.community

      • system.snmp.user

    Previous
    Next