Fortinet Document Library

Version:


Table of Contents

New Features

6.2.0
Download PDF
Copy Link

Transparent Web Proxy Forwarding

This feature enables the proxy forwarding option for Transparent Web Proxy policies and Regular Firewall for HTTP and HTTPS.

In previous versions of FortiOS, explicit proxy allowed the user to forward proxy traffic to another proxy server (proxy chaining). With this new implementation, web traffic can be forwarded to the upstream proxy without requiring the users to reconfigure their browsers or publish a proxy auto-reconfiguration (PAC) file.

Once configured, traffic generated by a client is forwarded by the FortiGate to the upstream proxy, then the upstream proxy forwards it to the server.

Example configuration:
  1. Configure the web proxy forwarding server:
    config web-proxy forward-server
        edit "PC_03"
            set ip 172.16.200.46
            set healthcheck enable
            set monitor "http://www.google.ca"
        next
    end
  2. Append the web proxy forwarding server to a firewall policy:
    config firewall policy
        edit 1
            set name "LAN to WAN"
            set uuid b89f6184-2a6b-51e9-5e2d-9b877903a308
            set srcintf "port2"
            set dstintf "port1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set schedule "always"
            set service "ALL"
            set utm-status enable
            set logtraffic all
            set webproxy-forward-server "PC_03"
            set fsso disable
            set av-profile "av"
            set ssl-ssh-profile "deep-custom"
            set nat enable
        next
    end

Transparent Web Proxy Forwarding

This feature enables the proxy forwarding option for Transparent Web Proxy policies and Regular Firewall for HTTP and HTTPS.

In previous versions of FortiOS, explicit proxy allowed the user to forward proxy traffic to another proxy server (proxy chaining). With this new implementation, web traffic can be forwarded to the upstream proxy without requiring the users to reconfigure their browsers or publish a proxy auto-reconfiguration (PAC) file.

Once configured, traffic generated by a client is forwarded by the FortiGate to the upstream proxy, then the upstream proxy forwards it to the server.

Example configuration:
  1. Configure the web proxy forwarding server:
    config web-proxy forward-server
        edit "PC_03"
            set ip 172.16.200.46
            set healthcheck enable
            set monitor "http://www.google.ca"
        next
    end
  2. Append the web proxy forwarding server to a firewall policy:
    config firewall policy
        edit 1
            set name "LAN to WAN"
            set uuid b89f6184-2a6b-51e9-5e2d-9b877903a308
            set srcintf "port2"
            set dstintf "port1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set schedule "always"
            set service "ALL"
            set utm-status enable
            set logtraffic all
            set webproxy-forward-server "PC_03"
            set fsso disable
            set av-profile "av"
            set ssl-ssh-profile "deep-custom"
            set nat enable
        next
    end