Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    8.0.0
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config web-proxy forward-server

    config web-proxy forward-server

    Configure forward-server addresses.

    config web-proxy forward-server
    Description: Configure forward-server addresses.
    edit <name>
        set addr-type [ip|ipv6|...]
        set comment {string}
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set fqdn {string}
        set healthcheck [disable|enable]
        set interface {string}
        set interface-select-method [sdwan|specify]
        set ip {ipv4-address-any}
        set ipv6 {ipv6-address}
        set masquerade [enable|disable]
        set monitor {string}
        set password {password}
        set port {integer}
        set server-down-option [block|pass]
        set username {string}
        set uuid {uuid}
        set vrf-select {integer}
    next
end

    config web-proxy forward-server

    Parameter

    Description

    Type

    Size

    Default

    addr-type

    Address type of the forwarding proxy server: IP or FQDN.

    option

    -

    ip

    Option

    Description

    ip

    Use an IPv4 address for the forwarding proxy server.

    ipv6

    Use an IPv6 address for the forwarding proxy server.

    fqdn

    Use the FQDN for the forwarding proxy server.

    comment

    Comment.

    string

    Maximum length: 63

    fabric-force-sync *

    Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

    option

    -

    disable

    Option

    Description

    enable

    Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    disable

    Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    fabric-object *

    Security Fabric global object setting.

    option

    -

    disable

    Option

    Description

    enable

    Object is set as a security fabric-wide global object.

    disable

    Object is local to this security fabric member.

    fabric-object-source *

    Source of truth for fabric object.

    option

    -

    root

    Option

    Description

    member

    Source of truth for this object is a non-root member of fabric.

    local

    Source of truth for this object is this security fabric member.

    root

    Source of truth for this object is the root of the fabric.

    fqdn

    Forward server Fully Qualified Domain Name (FQDN).

    string

    Maximum length: 255

    healthcheck

    Enable/disable forward server health checking. Attempts to connect through the remote forwarding server to a destination to verify that the forwarding server is operating normally.

    option

    -

    disable

    Option

    Description

    disable

    Disable health checking.

    enable

    Enable health checking.

    interface

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    sdwan

    Option

    Description

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    ip

    Forward proxy server IP address.

    ipv4-address-any

    Not Specified

    0.0.0.0

    ipv6

    Forward proxy server IPv6 address.

    ipv6-address

    Not Specified

    ::

    masquerade

    Enable/disable use of the IP address of the outgoing interface as the client IP address (default = enable)

    option

    -

    enable

    Option

    Description

    enable

    Enable use of the IP address of the outgoing interface as the client IP address.

    disable

    Disable use of the IP address of the outgoing interface as the client IP address.

    monitor

    URL for forward server health check monitoring (default = www.google.com).

    string

    Maximum length: 255

    www.google.com

    name

    Server name.

    string

    Maximum length: 63

    password

    HTTP authentication password.

    password

    Not Specified

    port

    Port number that the forwarding server expects to receive HTTP sessions on (1 - 65535, default = 3128).

    integer

    Minimum value: 1 Maximum value: 65535

    3128

    server-down-option

    Action to take when the forward server is found to be down: block sessions until the server is back up or pass sessions to their destination.

    option

    -

    block

    Option

    Description

    block

    Block sessions until the server is back up.

    pass

    Pass sessions to their destination bypassing the forward server.

    username

    HTTP authentication user name.

    string

    Maximum length: 64

    uuid *

    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

    uuid

    Not Specified

    00000000-0000-0000-0000-000000000000

    vrf-select

    VRF ID used for connection to server.

    integer

    Minimum value: 0 Maximum value: 511

    -1

    * This parameter may not exist in some models.

    Previous
    Next

    config web-proxy forward-server

    config web-proxy forward-server

    Configure forward-server addresses.

    config web-proxy forward-server
    Description: Configure forward-server addresses.
    edit <name>
        set addr-type [ip|ipv6|...]
        set comment {string}
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set fqdn {string}
        set healthcheck [disable|enable]
        set interface {string}
        set interface-select-method [sdwan|specify]
        set ip {ipv4-address-any}
        set ipv6 {ipv6-address}
        set masquerade [enable|disable]
        set monitor {string}
        set password {password}
        set port {integer}
        set server-down-option [block|pass]
        set username {string}
        set uuid {uuid}
        set vrf-select {integer}
    next
end

    config web-proxy forward-server

    Parameter

    Description

    Type

    Size

    Default

    addr-type

    Address type of the forwarding proxy server: IP or FQDN.

    option

    -

    ip

    Option

    Description

    ip

    Use an IPv4 address for the forwarding proxy server.

    ipv6

    Use an IPv6 address for the forwarding proxy server.

    fqdn

    Use the FQDN for the forwarding proxy server.

    comment

    Comment.

    string

    Maximum length: 63

    fabric-force-sync *

    Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

    option

    -

    disable

    Option

    Description

    enable

    Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    disable

    Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    fabric-object *

    Security Fabric global object setting.

    option

    -

    disable

    Option

    Description

    enable

    Object is set as a security fabric-wide global object.

    disable

    Object is local to this security fabric member.

    fabric-object-source *

    Source of truth for fabric object.

    option

    -

    root

    Option

    Description

    member

    Source of truth for this object is a non-root member of fabric.

    local

    Source of truth for this object is this security fabric member.

    root

    Source of truth for this object is the root of the fabric.

    fqdn

    Forward server Fully Qualified Domain Name (FQDN).

    string

    Maximum length: 255

    healthcheck

    Enable/disable forward server health checking. Attempts to connect through the remote forwarding server to a destination to verify that the forwarding server is operating normally.

    option

    -

    disable

    Option

    Description

    disable

    Disable health checking.

    enable

    Enable health checking.

    interface

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    sdwan

    Option

    Description

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    ip

    Forward proxy server IP address.

    ipv4-address-any

    Not Specified

    0.0.0.0

    ipv6

    Forward proxy server IPv6 address.

    ipv6-address

    Not Specified

    ::

    masquerade

    Enable/disable use of the IP address of the outgoing interface as the client IP address (default = enable)

    option

    -

    enable

    Option

    Description

    enable

    Enable use of the IP address of the outgoing interface as the client IP address.

    disable

    Disable use of the IP address of the outgoing interface as the client IP address.

    monitor

    URL for forward server health check monitoring (default = www.google.com).

    string

    Maximum length: 255

    www.google.com

    name

    Server name.

    string

    Maximum length: 63

    password

    HTTP authentication password.

    password

    Not Specified

    port

    Port number that the forwarding server expects to receive HTTP sessions on (1 - 65535, default = 3128).

    integer

    Minimum value: 1 Maximum value: 65535

    3128

    server-down-option

    Action to take when the forward server is found to be down: block sessions until the server is back up or pass sessions to their destination.

    option

    -

    block

    Option

    Description

    block

    Block sessions until the server is back up.

    pass

    Pass sessions to their destination bypassing the forward server.

    username

    HTTP authentication user name.

    string

    Maximum length: 64

    uuid *

    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

    uuid

    Not Specified

    00000000-0000-0000-0000-000000000000

    vrf-select

    VRF ID used for connection to server.

    integer

    Minimum value: 0 Maximum value: 511

    -1

    * This parameter may not exist in some models.

    Previous
    Next