Fortinet black logo

Release Notes

Home FortiProxy 7.4.0 Release Notes
7.4.0
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0

CLI changes

CLI changes

FortiProxy 7.4.0 includes the following new and changed commands:

New commands

  • configure isolator setting—Configure the action to perform on isolator sessions that do not match any existing policies (unmatched-session) or have missing information (defective-session).

  • config antivirus exempt-list—Configure a list of hashes to be exempt from AV scanning.

  • config dlp data-type—Configure predefined data type used by DLP blocking.

  • config dlp dictionary—Configure dictionaries used by DLP blocking.

  • config dlp sensor—Configure sensors used by DLP blocking. Use this command to define which dictionary to check. It counts the number of dictionary matches to trigger the sensor.

    The old config dlp sensor command is renamed config dlp profile. Use the config dlp profile command to configure DLP profiles which allow filtering by size and file type.

  • diagnose wad license glob-usage <period>—Show the total license usage history of the Security Fabric group.

Changed commands

  • config image-analyzer profile—This command has the following new options for configuring optical character recognition:

    • set optical-character-recognition [enable|disable]—Enable/disable optical character recognition.

    • set ocr-activation-threshold {integer}—When optical character recognition is enabled, use this option to configure the threshold to activate optical character recognition. The value range is 0 - 100, where 0 means bypassing all images without DLP and 100 means processing all images with DLP that triggers OCR. The default is 30.

  • config web-proxy explicit-proxy—This command has the following new options:

    • secure-web-proxy {disable | enable | secure}—Enable/disable/require the secure web proxy for HTTP and HTTPS session.

    • secure-web-proxy-cert <certificate1> <certificate2> ...—Enter the names of the server certificates in the local certificate store of the FortiProxy used to establish a TLS connection between the user’s browser and the FortiProxy.

    • ssl-dh-bits {768 | 1024 | 1536 | 2048}—Set the bit size of Diffie-Hellman (DH) prime used in the DHE-RSA negotiation.

  • config system fortisandbox—Use the new set inline-scan [enable|disable] option to enable or disable FortiSandbox inline scan.

  • config user setting—The following options now support the value default:

    • set auth-cert

    • set auth-ca-cert

    Setting the value as default allows FortiProxy to automatically pull the default CA and server certificate values that you set in config firewall ssl default-certificate, which avoids the need to modify the certificate value in config user setting after the default certificates are changed in config firewall ssl default-certificate if you want to keep using the default certificates in config user setting.

  • config antivirus profile—This command has the following changes:

    • set ftgd-analytics—This option is renamed set fortisandbox-mode with the values changed from [disable|suspicious|everything] to [inline|analytics-suspicious|analytics-everything].

    • set analytics-max-upload—This option is renamed set fortisandbox-max-upload.

    • set extended-log—This option is removed.

  • config firewall policy—The values of the set http-transaction-log option changed from [enable | disable] to [all | utm | disable].

  • config web-proxy global—The values of the set log-http-transaction option changed from [enable | disable] to [all | utm | disable].

  • config dlp sensor—This command is renamed config dlp profile with the set extended-log option removed. Use this command to configure DLP profiles which allow filtering by size and file type.

    Use the new config dlp sensor to configure sensors used by DLP blocking and define which dictionary to check.

  • config file-filter profile—The set extended-log option is removed.

  • config firewall policy—Use the new set implicit-proxy-detection option to enable or disable implicit proxy detection.

  • config webfilter profile—Use the new set ia-categorization option to enable or disable the use of image-analyzer engine to categorize images with unknown FortiGuard categories.

Previous
Next

CLI changes

FortiProxy 7.4.0 includes the following new and changed commands:

New commands

  • configure isolator setting—Configure the action to perform on isolator sessions that do not match any existing policies (unmatched-session) or have missing information (defective-session).

  • config antivirus exempt-list—Configure a list of hashes to be exempt from AV scanning.

  • config dlp data-type—Configure predefined data type used by DLP blocking.

  • config dlp dictionary—Configure dictionaries used by DLP blocking.

  • config dlp sensor—Configure sensors used by DLP blocking. Use this command to define which dictionary to check. It counts the number of dictionary matches to trigger the sensor.

    The old config dlp sensor command is renamed config dlp profile. Use the config dlp profile command to configure DLP profiles which allow filtering by size and file type.

  • diagnose wad license glob-usage <period>—Show the total license usage history of the Security Fabric group.

Changed commands

  • config image-analyzer profile—This command has the following new options for configuring optical character recognition:

    • set optical-character-recognition [enable|disable]—Enable/disable optical character recognition.

    • set ocr-activation-threshold {integer}—When optical character recognition is enabled, use this option to configure the threshold to activate optical character recognition. The value range is 0 - 100, where 0 means bypassing all images without DLP and 100 means processing all images with DLP that triggers OCR. The default is 30.

  • config web-proxy explicit-proxy—This command has the following new options:

    • secure-web-proxy {disable | enable | secure}—Enable/disable/require the secure web proxy for HTTP and HTTPS session.

    • secure-web-proxy-cert <certificate1> <certificate2> ...—Enter the names of the server certificates in the local certificate store of the FortiProxy used to establish a TLS connection between the user’s browser and the FortiProxy.

    • ssl-dh-bits {768 | 1024 | 1536 | 2048}—Set the bit size of Diffie-Hellman (DH) prime used in the DHE-RSA negotiation.

  • config system fortisandbox—Use the new set inline-scan [enable|disable] option to enable or disable FortiSandbox inline scan.

  • config user setting—The following options now support the value default:

    • set auth-cert

    • set auth-ca-cert

    Setting the value as default allows FortiProxy to automatically pull the default CA and server certificate values that you set in config firewall ssl default-certificate, which avoids the need to modify the certificate value in config user setting after the default certificates are changed in config firewall ssl default-certificate if you want to keep using the default certificates in config user setting.

  • config antivirus profile—This command has the following changes:

    • set ftgd-analytics—This option is renamed set fortisandbox-mode with the values changed from [disable|suspicious|everything] to [inline|analytics-suspicious|analytics-everything].

    • set analytics-max-upload—This option is renamed set fortisandbox-max-upload.

    • set extended-log—This option is removed.

  • config firewall policy—The values of the set http-transaction-log option changed from [enable | disable] to [all | utm | disable].

  • config web-proxy global—The values of the set log-http-transaction option changed from [enable | disable] to [all | utm | disable].

  • config dlp sensor—This command is renamed config dlp profile with the set extended-log option removed. Use this command to configure DLP profiles which allow filtering by size and file type.

    Use the new config dlp sensor to configure sensors used by DLP blocking and define which dictionary to check.

  • config file-filter profile—The set extended-log option is removed.

  • config firewall policy—Use the new set implicit-proxy-detection option to enable or disable implicit proxy detection.

  • config webfilter profile—Use the new set ia-categorization option to enable or disable the use of image-analyzer engine to categorize images with unknown FortiGuard categories.

Previous
Next