Support web proxy forward server over IPv6 7.4.1

This information is also available in the FortiOS 7.4 Administration Guide: Transparent web proxy forwarding over IPv6

The new IPv6-enabled forward server works the same way as the previous IPv4 forward server. For example, you can configure an IPv6 address or an FQDN that resolves to an IPv6 address for the forward server, and you can also use the IPv6 forward server in a forward server group.

config web-proxy forward-server
    edit <name>
        set addr-type {ip | ipv6 | fqdn}
        set ipv6 <IPv6-address>
    next
end

addr-type	Specify the type of IP address for the web proxy forward server: ip: use an IPv4 address. ipv6: use an IPv6 address. fqdn: use a fully qualified domain name (FQDN).
ipv6	Specify the IPv6 address for the web proxy forward server. Available when addr-type is set to ipv6.

Example

In this example, an explicit web proxy with a forward server can be reached by an IPv6 address, and a client PC uses this explicit web proxy forward server to access a website, such as www.google.com.

The IPv6 address is configured for the web proxy forward server, and then the configuration is added to a proxy policy. The web proxy forward server configuration could also be added to a proxy mode policy or a transparent web proxy policy.

To configure an IPv6 address:

1. Configure an IPv6 address for the web proxy forward server.

   In this example, address type is set to IPv6, and an IPv6 address is specified in a configuration (fgt6) for a web proxy forward server.

   config web-proxy forward-server
       edit "fgt6"
           set addr-type ipv6
           set ipv6 2000:172:16:200::8
           set port 8080
       next
   end

2. Add the web proxy forward server to a proxy policy.

   The web proxy forward server configuration (fgt6) is added to the firewall proxy policy.

   config firewall proxy-policy
       edit 1
           set uuid 560d8520-fa7b-51ed-e06a-df05ec145542
           set proxy explicit-web
           set dstintf "port3"
           set srcaddr "all"
           set dstaddr "all"
           set service "webproxy"
           set action accept
           set schedule "always"
           set logtraffic all
           set srcaddr6 "all"
           set dstaddr6 "all"
           set webproxy-forward-server "fgt6"
           set utm-status enable
           set ssl-ssh-profile "deep-custom"
           set av-profile "av"
       next
   end

3. View the traffic logs.

   An HTTP request to www.google.com was sent through the web proxy forward server over IPv6.

   12: date=2023-08-10 time=23:44:43 eventtime=1691736283529768562 tz="-0700" logid="0000000010" type="traffic" subtype="forward" level="notice" vd="vdom1" srcip=2000:10:1:100::11 srcport=44190 srcintf="port1" srcintfrole="undefined" dstcountry="United States" srccountry="Reserved" dstip=2607:f8b0:400a:807::2004 dstport=80 dstintf="port3" dstintfrole="undefined" sessionid=391251274 service="HTTP" proxyapptype="web-proxy" proto=6 action="accept" policyid=1 policytype="proxy-policy" poluuid="560d8520-fa7b-51ed-e06a-df05ec145542" trandisp="snat+dnat" tranip=2000:172:16:200::8 tranport=8080 transip=2000:172:16:200::2 transport=21344 duration=22 wanin=2385 rcvdbyte=2385 wanout=369 lanin=129 sentbyte=129 lanout=795 appcat="unscanned"