Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiProxy 7.4.6 Release Notes
    7.4.6
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.13
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.16
    7.2.15
    7.2.14
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.23
    7.0.22
    7.0.21
    7.0.20
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    2.0.14
    2.0.13
    2.0.12
    2.0.11
    2.0.10
    2.0.9
    2.0.8
    2.0.7
    2.0.6
    2.0.5
    2.0.4
    2.0.3
    2.0.2
    2.0.1
    2.0.0
    1.2.13
    1.2.12
    1.2.11
    1.2.10
    1.2.9
    1.2.8
    1.2.7
    1.2.6
    1.2.5
    1.2.4
    1.2.3
    1.2.2
    1.2.1
    1.2.0
    1.1.6
    1.1.5
    1.1.4
    1.1.3
    1.1.2
    1.1.1
    1.1.0
    1.0.7
    1.0.6
    1.0.5
    1.0.4
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    What's new

    What's new

    The following sections describe new features, enhancements, and changes in FortiProxy 7.4.6:

    Packet capture enhancements

    Packet capture has been enhanced. When defining a capture, multiple interfaces can be configured to capture packets on, making it easier to see both sides of a conversation on one screen, and easier to troubleshoot issues with return traffic in the network. Host names can also be used instead of IP addresses for the filter. The IP address of the hostname is resolved, and then the captures starts. The snapshot length specifies the maximum number of bytes captured per packet by the packet capture utility.

    To configure the features in the GUI:

    1. Go to Network > Diagnostics and, on the Packet capture tab, click New packet capture.

    2. Configure the interfaces, the Snapshot Length, and filter by one or more hostnames.

    3. Configure other settings are needed and start the capture.

    To configure the features in the CLI:
    diagnose sniffer packet <interface> <filter> <verbose> <count> <tsformat> <frame size> <hostnames>

    See diagnose sniffer packet in the CLI guide for more details.

    SR-IOV support on KVM, VMware, and Azure

    FortiProxy 7.4.6 adds support for SR-IOV on KVM, VMware, and Azure to optimize FortiProxy-VM performance.

    New Reputable Websites page

    Use the new System > Reputable Websites page to view the list of trusted URLs by FortiProxy. The list is synchronized from FortiGuard. You can search the list for an IP or domain.

    To exclude reputable websites from SSL deep inspection, enable the Reputable websites option under SSL/SSH Inspection.

    Web forwarding server column

    A Forward Server column can be added to the policy overview table. It shows the upstream forwarding server that the policy will forward traffic to.

    IP based user authentication through portal authentication without HTTP redirection

    For IP-based authentication, if negotiate is enabled in its active scheme, the form-auth-fallback command is available. When enabled, if an exception occurs while processing the ticket, the user will be prompted to enter user name and password. Captive portal must be enabled.

    By default, form-auth-fallback is disabled.

    config authentication rule
    edit "krb-rules"
        set srcintf "any"
        set srcaddr "all"
        set dstaddr "all"
        set active-auth-method "krb-scheme"
        set form-auth-fallback enable
    next
end

    Customizable syslog format option

    To better support 3rd party integrations, syslog format options can be customized.

    config log syslogd setting
    set format custom
    config log-templates
        edit 1
            set category traffic
            set template "$(date) $(time) $(logid)"
        next
    next
end

    category <category>

    The log category.

    template <string>

    The log template string.

    Header replacement in web-proxy profile

    In web-proxy profiles, the header can be replaced.

    config web-proxy profile
    edit my_profile
        config headers
            edit 1
                set name "server"
                set action add-to-response
                set add-option {replace | replace-when-match}
                set content "content_changed"
            next
        end
    next
end

    replace

    Replace content to existing HTTP header or create new header if HTTP header is not found.

    replace-when-match

    Replace content to existing HTTP header.

    Previous
    Next

    What's new

    What's new

    The following sections describe new features, enhancements, and changes in FortiProxy 7.4.6:

    Packet capture enhancements

    Packet capture has been enhanced. When defining a capture, multiple interfaces can be configured to capture packets on, making it easier to see both sides of a conversation on one screen, and easier to troubleshoot issues with return traffic in the network. Host names can also be used instead of IP addresses for the filter. The IP address of the hostname is resolved, and then the captures starts. The snapshot length specifies the maximum number of bytes captured per packet by the packet capture utility.

    To configure the features in the GUI:

    1. Go to Network > Diagnostics and, on the Packet capture tab, click New packet capture.

    2. Configure the interfaces, the Snapshot Length, and filter by one or more hostnames.

    3. Configure other settings are needed and start the capture.

    To configure the features in the CLI:
    diagnose sniffer packet <interface> <filter> <verbose> <count> <tsformat> <frame size> <hostnames>

    See diagnose sniffer packet in the CLI guide for more details.

    SR-IOV support on KVM, VMware, and Azure

    FortiProxy 7.4.6 adds support for SR-IOV on KVM, VMware, and Azure to optimize FortiProxy-VM performance.

    New Reputable Websites page

    Use the new System > Reputable Websites page to view the list of trusted URLs by FortiProxy. The list is synchronized from FortiGuard. You can search the list for an IP or domain.

    To exclude reputable websites from SSL deep inspection, enable the Reputable websites option under SSL/SSH Inspection.

    Web forwarding server column

    A Forward Server column can be added to the policy overview table. It shows the upstream forwarding server that the policy will forward traffic to.

    IP based user authentication through portal authentication without HTTP redirection

    For IP-based authentication, if negotiate is enabled in its active scheme, the form-auth-fallback command is available. When enabled, if an exception occurs while processing the ticket, the user will be prompted to enter user name and password. Captive portal must be enabled.

    By default, form-auth-fallback is disabled.

    config authentication rule
    edit "krb-rules"
        set srcintf "any"
        set srcaddr "all"
        set dstaddr "all"
        set active-auth-method "krb-scheme"
        set form-auth-fallback enable
    next
end

    Customizable syslog format option

    To better support 3rd party integrations, syslog format options can be customized.

    config log syslogd setting
    set format custom
    config log-templates
        edit 1
            set category traffic
            set template "$(date) $(time) $(logid)"
        next
    next
end

    category <category>

    The log category.

    template <string>

    The log template string.

    Header replacement in web-proxy profile

    In web-proxy profiles, the header can be replaced.

    config web-proxy profile
    edit my_profile
        config headers
            edit 1
                set name "server"
                set action add-to-response
                set add-option {replace | replace-when-match}
                set content "content_changed"
            next
        end
    next
end

    replace

    Replace content to existing HTTP header or create new header if HTTP header is not found.

    replace-when-match

    Replace content to existing HTTP header.

    Previous
    Next