Transparent Web Proxy Forwarding
This feature enables the proxy forwarding option for Transparent Web Proxy policies and Regular Firewall for HTTP and HTTPS.
In previous versions of FortiOS, explicit proxy allowed the user to forward proxy traffic to another proxy server (proxy chaining). With this new implementation, web traffic can be forwarded to the upstream proxy without requiring the users to reconfigure their browsers or publish a proxy auto-reconfiguration (PAC) file.
Once configured, traffic generated by a client is forwarded by the FortiGate to the upstream proxy, then the upstream proxy forwards it to the server.
Example configuration:
- Configure the web proxy forwarding server:
config web-proxy forward-server edit "PC_03" set ip 172.16.200.46 set healthcheck enable set monitor "http://www.google.ca" next end
- Append the web proxy forwarding server to a firewall policy:
config firewall policy edit 1 set name "LAN to WAN" set uuid b89f6184-2a6b-51e9-5e2d-9b877903a308 set srcintf "port2" set dstintf "port1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set utm-status enable set logtraffic all set webproxy-forward-server "PC_03" set fsso disable set av-profile "av" set ssl-ssh-profile "deep-custom" set nat enable next end