Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    New Features

    7.6.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    SOCKS proxy supports UTM scanning, authentication, and forward server

    SOCKS proxy supports UTM scanning, authentication, and forward server

    SOCKS proxy now supports UTM scanning, authentication, and forward server.

    To enable the SOCKS proxy in the explicit web proxy:
    config web-proxy explicit
    set socks enable
end

    Examples

    To test that expired certificates are blocked through a SOCKS proxy:

    1. Enable and configure the explicit proxy with SOCKS enabled.

    2. Create an explicit proxy policy that uses deep inspection.

    3. Browse to a website with an expired certificate, such as https://expired.badssl.com.

      FortiGate can resign server certificates and block expired server certificates through the SOCKS proxy.

    To test web filtering through a SOCKS proxy:

    1. Enable and configure the explicit proxy with SOCKS enabled.

    2. Create a web filter profile that blocks www.example.com.

    3. Create an explicit proxy policy that uses deep inspection and assign the profile to it.

    4. Attempt to browse to www.example.com.

      The website is blocked.

    To test blocking a virus through a SOCKS proxy:

    1. Enable and configure the explicit proxy with SOCKS enabled.

    2. Create an antivirus profile.

    3. Create an explicit proxy policy that uses deep inspection and assign the profile to it.

    4. Attempt to download a virus.

      The file is blocked.

    To test authentication through a SOCKS proxy:

    1. Enable and configure the explicit proxy with SOCKS enabled.

    2. Configure an authentication server and create user groups.

    3. Create an authentication scheme and rules.

    4. Create an explicit proxy policy and assign the user group to it.

    5. Try transferring data with and without user credentials:

      • If user credentials are not provided, the connection will fail:

        root@client:~# curl --socks5 10.1.100.6:1080 https://172.16.200.99 -v -k
*   Trying 10.1.100.6:1080...
* No authentication method was acceptable.
* Closing connection 0
curl: (97) No authentication method was acceptable.

      • When user credentials are provided, the connection succeeds and traffic can be passed:

        root@client:~# curl --socks5-host 10.1.100.6:1080 http://172.16.200.99 -v -k --proxy-user test1:123
*   Trying 10.1.100.6:1080...
* SOCKS5 connect to 172.16.200.99:80 (remotely resolved)
* SOCKS5 request granted.
* Connected to 10.1.100.6 (10.1.100.6) port 1080 (#0)
> GET / HTTP/1.1
> Host: 172.16.200.99
> User-Agent: curl/7.83.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Fri, 14 Jun 2024 00:46:47 GMT
< Server: Apache/2.4.38 (Ubuntu)
< Upgrade: h2c
< Connection: Upgrade
< Last-Modified: Tue, 08 Nov 2022 23:15:16 GMT
< ETag: "2f-5ecfdb689edac"
< Accept-Ranges: bytes
< Content-Length: 47
< Content-Type: text/html
<

It works!
this is pc4.
this is a test file
* Connection #0 to host 10.1.100.6 left intact

    6. Check the WAD user information:

      # diagnose wad user list

ID: 3, VDOM: root, IPv4: 10.1.100.77
  user name   : test1
  worker      : 5
  duration    : 179
  auth_type   : IP
  auth_method : socks-Basic
  pol_id      : 0
  g_id        : 0
  user_based  : 0
  expire      : 421
  LAN:
    bytes_in=217 bytes_out=648
  WAN:
    bytes_in=309 bytes_out=77
    To use a web proxy forwarding server through a SOCKS proxy:

    1. Enable and configure the explicit proxy with SOCKS enabled.

    2. Configure a web proxy forwarding server.

    3. Create an explicit proxy policy that uses deep inspection and apply the web proxy forwarding server to it.

    Previous
    Next

    SOCKS proxy supports UTM scanning, authentication, and forward server

    SOCKS proxy supports UTM scanning, authentication, and forward server

    SOCKS proxy now supports UTM scanning, authentication, and forward server.

    To enable the SOCKS proxy in the explicit web proxy:
    config web-proxy explicit
    set socks enable
end

    Examples

    To test that expired certificates are blocked through a SOCKS proxy:

    1. Enable and configure the explicit proxy with SOCKS enabled.

    2. Create an explicit proxy policy that uses deep inspection.

    3. Browse to a website with an expired certificate, such as https://expired.badssl.com.

      FortiGate can resign server certificates and block expired server certificates through the SOCKS proxy.

    To test web filtering through a SOCKS proxy:

    1. Enable and configure the explicit proxy with SOCKS enabled.

    2. Create a web filter profile that blocks www.example.com.

    3. Create an explicit proxy policy that uses deep inspection and assign the profile to it.

    4. Attempt to browse to www.example.com.

      The website is blocked.

    To test blocking a virus through a SOCKS proxy:

    1. Enable and configure the explicit proxy with SOCKS enabled.

    2. Create an antivirus profile.

    3. Create an explicit proxy policy that uses deep inspection and assign the profile to it.

    4. Attempt to download a virus.

      The file is blocked.

    To test authentication through a SOCKS proxy:

    1. Enable and configure the explicit proxy with SOCKS enabled.

    2. Configure an authentication server and create user groups.

    3. Create an authentication scheme and rules.

    4. Create an explicit proxy policy and assign the user group to it.

    5. Try transferring data with and without user credentials:

      • If user credentials are not provided, the connection will fail:

        root@client:~# curl --socks5 10.1.100.6:1080 https://172.16.200.99 -v -k
*   Trying 10.1.100.6:1080...
* No authentication method was acceptable.
* Closing connection 0
curl: (97) No authentication method was acceptable.

      • When user credentials are provided, the connection succeeds and traffic can be passed:

        root@client:~# curl --socks5-host 10.1.100.6:1080 http://172.16.200.99 -v -k --proxy-user test1:123
*   Trying 10.1.100.6:1080...
* SOCKS5 connect to 172.16.200.99:80 (remotely resolved)
* SOCKS5 request granted.
* Connected to 10.1.100.6 (10.1.100.6) port 1080 (#0)
> GET / HTTP/1.1
> Host: 172.16.200.99
> User-Agent: curl/7.83.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Fri, 14 Jun 2024 00:46:47 GMT
< Server: Apache/2.4.38 (Ubuntu)
< Upgrade: h2c
< Connection: Upgrade
< Last-Modified: Tue, 08 Nov 2022 23:15:16 GMT
< ETag: "2f-5ecfdb689edac"
< Accept-Ranges: bytes
< Content-Length: 47
< Content-Type: text/html
<

It works!
this is pc4.
this is a test file
* Connection #0 to host 10.1.100.6 left intact

    6. Check the WAD user information:

      # diagnose wad user list

ID: 3, VDOM: root, IPv4: 10.1.100.77
  user name   : test1
  worker      : 5
  duration    : 179
  auth_type   : IP
  auth_method : socks-Basic
  pol_id      : 0
  g_id        : 0
  user_based  : 0
  expire      : 421
  LAN:
    bytes_in=217 bytes_out=648
  WAN:
    bytes_in=309 bytes_out=77
    To use a web proxy forwarding server through a SOCKS proxy:

    1. Enable and configure the explicit proxy with SOCKS enabled.

    2. Configure a web proxy forwarding server.

    3. Create an explicit proxy policy that uses deep inspection and apply the web proxy forwarding server to it.

    Previous
    Next