Fortinet black logo

Release Notes

Home FortiProxy 7.0.11 Release Notes
7.0.11
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.17
7.0.16
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0

What's new

What's new

The following sections describe new features, enhancements, and changes:

Sensor status monitoring

For FPX-2000E/4000E/2000G/4000G units, you can use the new Sensor Information widget for an overview of the status of the power supply sensor in the hardware system.

You can click on the status icon in the widget for more detailed information about the status, such as the real-time and expected power supply voltage values.

See Dashboard in the Administration Guide for more information about this widget or other widgets available.

Alternatively, in the CLI, use the diagnose hardware sysinfo sensor-status command to get an overview of the same status information of all sensors in the hardware system.

Show destination IP for authentication rules

The Authentication Rules table now includes the new Destination IP columns which show the destination IP information.

You can specify the destination IP when creating an authentication rule under Policy & Objects > Policy > Authentication Rules.

Show more details for HTTP transaction log

Under Log & Report > Http Transaction Log, you can now configure the table to show the following columns which display additional information about the HTTP transaction log:

  • Agent

  • HTTP Method

  • Referral URL

New AliCloud connector in Security Fabric

Under Security Fabric > External Connectors, you can now create an AliCloud connector to connect your FortiProxy unit to Alibaba Cloud.

Alternatively, use the config system sdn-connector command in the CLI.

Change to the Forward Server Monitor widget

In the Forward Server Monitor widget, the Status column is now renamed Forward.

See Dashboard in the Administration Guide for more information about this widget or other widgets available.

Support for FortiProxy G-series units

FortiProxy 7.0.11 adds support for the following FortiProxy G-series models:

  • FPX-400G
  • FPX-2000G
  • FPX-4000G

Refer to the FortiProxy datasheet or for specifications about the FortiProxy G-series models. Refer to the FortiProxy QuickStart Guide for detailed instructions of deploying a FortiProxy unit.

CLI changes

FortiProxy 7.0.11 includes the following CLI changes:

  • Use the new diagnose hardware sysinfo sensor-status command to get an overview of the status of the power supply sensor in the hardware system.

  • system snmp sysinfo—The SNMP system status information is now always shown, regardless of whether the set status option is enabled or disabled. In 7.0.10 and earlier, The SNMP system status information is hidden when the set status option is disabled.

  • The config web-proxy global command has the following new options:

    • set http-transaction-log [enable/disable]—Use this option to configure whether to record the http-transaction log for implicit policies. The http-transaction log includes sentbyte and recvbyte information to show the total bytes sent/received in the TCP session after the http transaction is generated. If available, the http-transaction log also includes the device, auth user, and group information.

    • extended-log—Use this option to configure whether to record the extended log for implicit policies. The extended log includes the useragent, referralurl, httpmethod, and statuscode fields.

  • config webfilter profile—The extended-log option is removed. For existing webfilter profiles with the extended-log option enabled, you must enable the extended-log option for each policy that uses the webfilter profile after upgrading to 7.0.11.

  • config user ldap—Use the new set max-connections option to configure the maximum number of LDAP server connections. The valid value range is 16-5000. The default is 64.

  • config authentication scheme—Use the new set search-all-ldap-databases [enable | disable] option to enable or disable searching all LDAP databases to find groups.

  • config system global—Use the new set kernel-panic-debug [enable | disable] option to configure whether to show kernel debug message on kernel panic.

Previous
Next

What's new

The following sections describe new features, enhancements, and changes:

Sensor status monitoring

For FPX-2000E/4000E/2000G/4000G units, you can use the new Sensor Information widget for an overview of the status of the power supply sensor in the hardware system.

You can click on the status icon in the widget for more detailed information about the status, such as the real-time and expected power supply voltage values.

See Dashboard in the Administration Guide for more information about this widget or other widgets available.

Alternatively, in the CLI, use the diagnose hardware sysinfo sensor-status command to get an overview of the same status information of all sensors in the hardware system.

Show destination IP for authentication rules

The Authentication Rules table now includes the new Destination IP columns which show the destination IP information.

You can specify the destination IP when creating an authentication rule under Policy & Objects > Policy > Authentication Rules.

Show more details for HTTP transaction log

Under Log & Report > Http Transaction Log, you can now configure the table to show the following columns which display additional information about the HTTP transaction log:

  • Agent

  • HTTP Method

  • Referral URL

New AliCloud connector in Security Fabric

Under Security Fabric > External Connectors, you can now create an AliCloud connector to connect your FortiProxy unit to Alibaba Cloud.

Alternatively, use the config system sdn-connector command in the CLI.

Change to the Forward Server Monitor widget

In the Forward Server Monitor widget, the Status column is now renamed Forward.

See Dashboard in the Administration Guide for more information about this widget or other widgets available.

Support for FortiProxy G-series units

FortiProxy 7.0.11 adds support for the following FortiProxy G-series models:

  • FPX-400G
  • FPX-2000G
  • FPX-4000G

Refer to the FortiProxy datasheet or for specifications about the FortiProxy G-series models. Refer to the FortiProxy QuickStart Guide for detailed instructions of deploying a FortiProxy unit.

CLI changes

FortiProxy 7.0.11 includes the following CLI changes:

  • Use the new diagnose hardware sysinfo sensor-status command to get an overview of the status of the power supply sensor in the hardware system.

  • system snmp sysinfo—The SNMP system status information is now always shown, regardless of whether the set status option is enabled or disabled. In 7.0.10 and earlier, The SNMP system status information is hidden when the set status option is disabled.

  • The config web-proxy global command has the following new options:

    • set http-transaction-log [enable/disable]—Use this option to configure whether to record the http-transaction log for implicit policies. The http-transaction log includes sentbyte and recvbyte information to show the total bytes sent/received in the TCP session after the http transaction is generated. If available, the http-transaction log also includes the device, auth user, and group information.

    • extended-log—Use this option to configure whether to record the extended log for implicit policies. The extended log includes the useragent, referralurl, httpmethod, and statuscode fields.

  • config webfilter profile—The extended-log option is removed. For existing webfilter profiles with the extended-log option enabled, you must enable the extended-log option for each policy that uses the webfilter profile after upgrading to 7.0.11.

  • config user ldap—Use the new set max-connections option to configure the maximum number of LDAP server connections. The valid value range is 16-5000. The default is 64.

  • config authentication scheme—Use the new set search-all-ldap-databases [enable | disable] option to enable or disable searching all LDAP databases to find groups.

  • config system global—Use the new set kernel-panic-debug [enable | disable] option to configure whether to show kernel debug message on kernel panic.

Previous
Next