Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiProxy 7.2.2 Release Notes
    7.2.2
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    2.0.14
    2.0.13
    2.0.12
    2.0.11
    2.0.10
    2.0.9
    2.0.8
    2.0.7
    2.0.6
    2.0.5
    2.0.4
    2.0.3
    2.0.2
    2.0.1
    2.0.0
    1.2.13
    1.2.12
    1.2.11
    1.2.10
    1.2.9
    1.2.8
    1.2.7
    1.2.6
    1.2.5
    1.2.4
    1.2.3
    1.2.2
    1.2.1
    1.2.0
    1.1.6
    1.1.5
    1.1.4
    1.1.3
    1.1.2
    1.1.1
    1.1.0
    1.0.7
    1.0.6
    1.0.5
    1.0.4
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    What's new

    What's new

    The following sections describe new features and enhancements:

    Toggle logging pending traffic

    Logging pending traffic can be enabled/disabled. When enabled, all traffic, including pending traffic, is logged. When disabled, only traffic matched to a policy is logged. It is disabled by default.

    To configure the logging sessions depending on policy matching:
    config web-proxy global
    set log-policy-pending {enable | disable}
end

    enable

    Enable logging sessions that are pending on policy matching.

    disable

    Disable logging sessions that are pending on policy matching (default).

    Inter-VDOM links

    VDOM links are virtual interfaces that allow VDOMs to communicate internally without using additional physical interfaces. A VDOM link contains a pair of interfaces, each one connected to a VDOM to form each end of the inter-VDOM connection. Inter-VDOM routing can be configured in order to communicate between one VDOM to another.

    When VDOMs are configured on your FortiProxy unit, configuring inter-VDOM routing and VDOM links is similar to creating a VLAN interface.

    For more information about VDOMs, see Virtual domains.

    To create a VDOM link:

    1. Enable multi VDOM mode and create the VDOMs.

    2. Assign interfaces to VDOMs.

    3. Configure the VDOM link:

      config global
    config system vdom-link
        edit <link name>
        next
    end
end

      Interfaces of type vdom-link are automatically created after configuring a VDOM link. They cannot be directly created. Each link creates two interfaces, named <link name>0 and <link name>1, that can be moved between VDOMs and serve as the inter-VDOM link.

    4. Configure inter-VDOM routing:

      config global
    config system interface
        edit <link name>0
            set vdom <vdom name>
            set ip <ip/netmask>
            set allowaccess https ping ssh
            set description "Far side of the VDOM link"
        next
        edit <link name>1
            set vdom root
            set ip <ip/netmask>
            set allowaccess https ping ssh
            set description "Management side of the VDOM link"
        next
    end
end

    5. Configure the firewall policies so that the links can be accessed.

    Cross-VDOM VLANs

    A VLAN can be applied to a VDOM that is different from the VDOM that its physical interface is applied to.

    For example:

    config system interface
    edit port1
        set vdom root
        set ip 10.10.0.254 255.255.255.0
        set allowaccess https ssh 
        set type physical
        set snmp-index 1
    next
    edit vlan1
        set vdom Test-VDOM
        set ip 10.123.123.1 255.255.255.0
        set device-identification enable
        set role lan
        set snmp-index 10
        set interface port1
        set vlanid 1
    next
end</pre>

    Passive FTP mode for explicit proxy

    The FTP mode for explicit proxy can be changed to passive mode. When in passive mode, the FTP client mode is based on the FTP client's preference, while the FTP proxy to FTP server connection is always passive (if supported by the FTP server).

    By default, the FTP mode is client, meaning that the FTP mode for both the client and server is based on the FTP client's preference.

    To configure the FTP mode for explicit proxy:
    config ftp-proxy explicit
    set status enable
    set server-data-mode {client | passive}
end

    client

    Use the same transmission mode for client and server data sessions (default).

    passive

    Use passive mode on server data session.

    855703

    Add option to use the first hard disk for only logging on high end models.

    Use the first hard disk for logging only

    On high end models, such as the FortiProxy 2000E and 4000E, the first hard disk can be configured to be used only for logging, as opposed to logging and WAN optimization.

    To configure what the first hard disk is used for:
    config system storage
			edit "HD1"
			set usage {mix | log}
			next
		end

    mix

    Use the hard disk for both logging and WAN Optimization.

    log

    Use the hard disk for logging.

    Toggle TLS fingerprint

    The TLS fingerprint can be updated when deep-inspection is enabled. By default, this option is disabled.

    config system global
    set update-tls-finger-print {enable | disable}
end

    Support AliCloud platform

    FortiProxy-VM supports Alibaba Cloud (AliCloud).

    AliCloud Elastic Compute Service (ECS) provides fast memory and the latest Intel CPUs to help you power your cloud applications and achieve faster results with low latency.

    Previous
    Next

    What's new

    What's new

    The following sections describe new features and enhancements:

    Toggle logging pending traffic

    Logging pending traffic can be enabled/disabled. When enabled, all traffic, including pending traffic, is logged. When disabled, only traffic matched to a policy is logged. It is disabled by default.

    To configure the logging sessions depending on policy matching:
    config web-proxy global
    set log-policy-pending {enable | disable}
end

    enable

    Enable logging sessions that are pending on policy matching.

    disable

    Disable logging sessions that are pending on policy matching (default).

    Inter-VDOM links

    VDOM links are virtual interfaces that allow VDOMs to communicate internally without using additional physical interfaces. A VDOM link contains a pair of interfaces, each one connected to a VDOM to form each end of the inter-VDOM connection. Inter-VDOM routing can be configured in order to communicate between one VDOM to another.

    When VDOMs are configured on your FortiProxy unit, configuring inter-VDOM routing and VDOM links is similar to creating a VLAN interface.

    For more information about VDOMs, see Virtual domains.

    To create a VDOM link:

    1. Enable multi VDOM mode and create the VDOMs.

    2. Assign interfaces to VDOMs.

    3. Configure the VDOM link:

      config global
    config system vdom-link
        edit <link name>
        next
    end
end

      Interfaces of type vdom-link are automatically created after configuring a VDOM link. They cannot be directly created. Each link creates two interfaces, named <link name>0 and <link name>1, that can be moved between VDOMs and serve as the inter-VDOM link.

    4. Configure inter-VDOM routing:

      config global
    config system interface
        edit <link name>0
            set vdom <vdom name>
            set ip <ip/netmask>
            set allowaccess https ping ssh
            set description "Far side of the VDOM link"
        next
        edit <link name>1
            set vdom root
            set ip <ip/netmask>
            set allowaccess https ping ssh
            set description "Management side of the VDOM link"
        next
    end
end

    5. Configure the firewall policies so that the links can be accessed.

    Cross-VDOM VLANs

    A VLAN can be applied to a VDOM that is different from the VDOM that its physical interface is applied to.

    For example:

    config system interface
    edit port1
        set vdom root
        set ip 10.10.0.254 255.255.255.0
        set allowaccess https ssh 
        set type physical
        set snmp-index 1
    next
    edit vlan1
        set vdom Test-VDOM
        set ip 10.123.123.1 255.255.255.0
        set device-identification enable
        set role lan
        set snmp-index 10
        set interface port1
        set vlanid 1
    next
end</pre>

    Passive FTP mode for explicit proxy

    The FTP mode for explicit proxy can be changed to passive mode. When in passive mode, the FTP client mode is based on the FTP client's preference, while the FTP proxy to FTP server connection is always passive (if supported by the FTP server).

    By default, the FTP mode is client, meaning that the FTP mode for both the client and server is based on the FTP client's preference.

    To configure the FTP mode for explicit proxy:
    config ftp-proxy explicit
    set status enable
    set server-data-mode {client | passive}
end

    client

    Use the same transmission mode for client and server data sessions (default).

    passive

    Use passive mode on server data session.

    855703

    Add option to use the first hard disk for only logging on high end models.

    Use the first hard disk for logging only

    On high end models, such as the FortiProxy 2000E and 4000E, the first hard disk can be configured to be used only for logging, as opposed to logging and WAN optimization.

    To configure what the first hard disk is used for:
    config system storage
			edit "HD1"
			set usage {mix | log}
			next
		end

    mix

    Use the hard disk for both logging and WAN Optimization.

    log

    Use the hard disk for logging.

    Toggle TLS fingerprint

    The TLS fingerprint can be updated when deep-inspection is enabled. By default, this option is disabled.

    config system global
    set update-tls-finger-print {enable | disable}
end

    Support AliCloud platform

    FortiProxy-VM supports Alibaba Cloud (AliCloud).

    AliCloud Elastic Compute Service (ECS) provides fast memory and the latest Intel CPUs to help you power your cloud applications and achieve faster results with low latency.

    Previous
    Next