Fortinet black logo

XML Reference Guide

FortiProxy settings

FortiProxy settings

FortiProxy information is contained inside the <fortiproxy></fortiproxy> XML tags. FortiProxy is responsible for HTTP/HTTPS filtering and SMTP/POP3 antivirus scanning. Use these settings to configure FortiProxy’s behavior.

<forticlient_configuration>

<system>

<fortiproxy>

<enabled>1</enabled>

<enable_https_proxy>1</enable_https_proxy>

<http_timeout>60</http_timeout>

<client_comforting>

<pop3_client>1</pop3_client>

<pop3_server>1</pop3_server>

<smtp>1</smtp>

</client_comforting>

<selftest>

<enabled>0</enabled>

<last_port>-172</last_port>

<notify>0</notify>

</selftest>

</fortiproxy>

</system>

</forticlient_configuration>

The following table provides the XML tags for FortiProxy settings, as well as the descriptions and default values where applicable.

XML Tag

Description

Default Value

<enabled>

Enable or disable FortiProxy. When the Boolean value is set to 0, FortiProxy is disabled. HTTP/HTTPS filtering and SMTP/POP3 antivirus scanning are disabled.

Boolean value: [0 | 1]

1

<enable_https_proxy>

Enable or disable HTTPS proxy. When the Boolean value is set to 0, FortiProxy is unable to perform filtering on HTTPS traffic.

Boolean value: [0 | 1]

1

<http_timeout>

Connection timeout in seconds. FortiProxy determines if the remote server is available based on this timeout value. Lower this timeout value if your client requires a faster fail response.

60

<client_comforting> elements

Some types of email clients require continuous response from the server or a connection error may be triggered. Use these settings to enable or disable this feature.

<pop3_client>

Enable or disable POP3 client comforting. Client comforting helps to prevent POP3 clients from complaining that the server has not responded in time.

Boolean value: [0 | 1]

1

<pop3_server>

Enable or disable POP3 server comforting. Server comforting helps to prevent POP3 servers from complaining that the client has not responded in time. Example, where FortiClient is installed on a mail server.

Boolean value: [0 | 1]

1

<smtp>

Enable or disable SMTP client comforting. SMTP comforting helps to prevent SMTP clients from complaining that the server has not responded in time.

Boolean value: [0 | 1]

1

<selftest> elements

FortiProxy can detect if other software is disrupting internal traffic between FortiProxy's internal modules. It does this by sending packets periodically to 1.1.1.1, which are intercepted by FortiClient and dropped (they never leave the computer). If the packets are not detected, then it is deemed highly likely that third party software is intercepting the packets, signaling that FortiProxy is not able to perform regular traffic filtering.

<enabled>

Enable or disable self tests. FortiProxy periodically checks its own connectivity to determine if it is able to proxy other applications traffic.

Boolean value: [0 | 1]

1

<last_port>

Last port number used. This is the highest port number you want to allow FortiProxy to listen on. Use to prevent FortiProxy from binding to another port that another service normally uses.

Port range: 65535 to 10000

65535

<notify>

When the Boolean value is set to 1, the user sees a bubble notification when self-testing detects that a third party program has blocked HTTP/HTTPS filtering and SMTP/POP3 antivirus scanning.

Boolean value: [0 | 1]

1

FortiProxy settings

FortiProxy information is contained inside the <fortiproxy></fortiproxy> XML tags. FortiProxy is responsible for HTTP/HTTPS filtering and SMTP/POP3 antivirus scanning. Use these settings to configure FortiProxy’s behavior.

<forticlient_configuration>

<system>

<fortiproxy>

<enabled>1</enabled>

<enable_https_proxy>1</enable_https_proxy>

<http_timeout>60</http_timeout>

<client_comforting>

<pop3_client>1</pop3_client>

<pop3_server>1</pop3_server>

<smtp>1</smtp>

</client_comforting>

<selftest>

<enabled>0</enabled>

<last_port>-172</last_port>

<notify>0</notify>

</selftest>

</fortiproxy>

</system>

</forticlient_configuration>

The following table provides the XML tags for FortiProxy settings, as well as the descriptions and default values where applicable.

XML Tag

Description

Default Value

<enabled>

Enable or disable FortiProxy. When the Boolean value is set to 0, FortiProxy is disabled. HTTP/HTTPS filtering and SMTP/POP3 antivirus scanning are disabled.

Boolean value: [0 | 1]

1

<enable_https_proxy>

Enable or disable HTTPS proxy. When the Boolean value is set to 0, FortiProxy is unable to perform filtering on HTTPS traffic.

Boolean value: [0 | 1]

1

<http_timeout>

Connection timeout in seconds. FortiProxy determines if the remote server is available based on this timeout value. Lower this timeout value if your client requires a faster fail response.

60

<client_comforting> elements

Some types of email clients require continuous response from the server or a connection error may be triggered. Use these settings to enable or disable this feature.

<pop3_client>

Enable or disable POP3 client comforting. Client comforting helps to prevent POP3 clients from complaining that the server has not responded in time.

Boolean value: [0 | 1]

1

<pop3_server>

Enable or disable POP3 server comforting. Server comforting helps to prevent POP3 servers from complaining that the client has not responded in time. Example, where FortiClient is installed on a mail server.

Boolean value: [0 | 1]

1

<smtp>

Enable or disable SMTP client comforting. SMTP comforting helps to prevent SMTP clients from complaining that the server has not responded in time.

Boolean value: [0 | 1]

1

<selftest> elements

FortiProxy can detect if other software is disrupting internal traffic between FortiProxy's internal modules. It does this by sending packets periodically to 1.1.1.1, which are intercepted by FortiClient and dropped (they never leave the computer). If the packets are not detected, then it is deemed highly likely that third party software is intercepting the packets, signaling that FortiProxy is not able to perform regular traffic filtering.

<enabled>

Enable or disable self tests. FortiProxy periodically checks its own connectivity to determine if it is able to proxy other applications traffic.

Boolean value: [0 | 1]

1

<last_port>

Last port number used. This is the highest port number you want to allow FortiProxy to listen on. Use to prevent FortiProxy from binding to another port that another service normally uses.

Port range: 65535 to 10000

65535

<notify>

When the Boolean value is set to 1, the user sees a bubble notification when self-testing detects that a third party program has blocked HTTP/HTTPS filtering and SMTP/POP3 antivirus scanning.

Boolean value: [0 | 1]

1