Transparent web proxy forwarding over IPv6
The IPv6-enabled forward server works the same way as the IPv4 forward server. For example, you can configure an IPv6 address or an FQDN that resolves to an IPv6 address for the forward server, and you can also use the IPv6 forward server in a forward server group.
config web-proxy forward-server edit <name> set addr-type {ip | ipv6 | fqdn} set ipv6 <IPv6-address> next end
addr-type |
Specify the type of IP address for the web proxy forward server:
|
ipv6 |
Specify the IPv6 address for the web proxy forward server. Available when |
Example
In this example, an explicit web proxy with a forward server can be reached by an IPv6 address, and a client PC uses this explicit web proxy forward server to access a website, such as www.google.com.
The IPv6 address is configured for the web proxy forward server, and then the configuration is added to a proxy policy. The web proxy forward server configuration could also be added to a proxy mode policy or a transparent web proxy policy.
To configure an IPv6 address in the GUI:
-
Go to Network > Explicit Proxy.
-
If disabled, enable Explicit Web Proxy.
-
Under Web Proxy Forwarding Servers, click Create New.
The New Forwarding Server pane opens.
-
Set the following options, and click OK to create the forwarding server.
Proxy Address Type
IPv6
Proxy Address
2000:172:16:200::8
Port
8080
Health Monitor
Enable
Health Check Monitor Site
www.google.com
-
Set the remaining options as needed, and click OK to save the explicit web proxy.
-
Add the web proxy forward server to a proxy policy.
To configure an IPv6 address in the CLI:
-
Configure an IPv6 address for the web proxy forward server.
In this example, address type is set to IPv6, and an IPv6 address is specified in a configuration (fgt6) for a web proxy forward server.
config web-proxy forward-server edit "fgt6" set addr-type ipv6 set ipv6 2000:172:16:200::8 set port 8080 next end
-
Add the web proxy forward server to a proxy policy.
The web proxy forward server configuration (fgt6) is added to the firewall proxy policy.
config firewall proxy-policy edit 1 set uuid 560d8520-fa7b-51ed-e06a-df05ec145542 set proxy explicit-web set dstintf "port3" set srcaddr "all" set dstaddr "all" set service "webproxy" set action accept set schedule "always" set logtraffic all set srcaddr6 "all" set dstaddr6 "all" set webproxy-forward-server "fgt6" set utm-status enable set ssl-ssh-profile "deep-custom" set av-profile "av" next end
-
View the traffic logs.
An HTTP request to www.google.com was sent through the web proxy forward server over IPv6.
12: date=2023-08-10 time=23:44:43 eventtime=1691736283529768562 tz="-0700" logid="0000000010" type="traffic" subtype="forward" level="notice" vd="vdom1" srcip=2000:10:1:100::11 srcport=44190 srcintf="port1" srcintfrole="undefined" dstcountry="United States" srccountry="Reserved" dstip=2607:f8b0:400a:807::2004 dstport=80 dstintf="port3" dstintfrole="undefined" sessionid=391251274 service="HTTP" proxyapptype="web-proxy" proto=6 action="accept" policyid=1 policytype="proxy-policy" poluuid="560d8520-fa7b-51ed-e06a-df05ec145542" trandisp="snat+dnat" tranip=2000:172:16:200::8 tranport=8080 transip=2000:172:16:200::2 transport=21344 duration=22 wanin=2385 rcvdbyte=2385 wanout=369 lanin=129 sentbyte=129 lanout=795 appcat="unscanned"