Fortinet white logo
Fortinet white logo

Administration Guide

Transparent web proxy forwarding over IPv6

Transparent web proxy forwarding over IPv6

The IPv6-enabled forward server works the same way as the IPv4 forward server. For example, you can configure an IPv6 address or an FQDN that resolves to an IPv6 address for the forward server, and you can also use the IPv6 forward server in a forward server group.

config web-proxy forward-server
    edit <name>
        set addr-type {ip | ipv6 | fqdn}
        set ipv6 <IPv6-address>
    next
end

addr-type

Specify the type of IP address for the web proxy forward server:

  • ip: use an IPv4 address.

  • ipv6: use an IPv6 address.

  • fqdn: use a fully qualified domain name (FQDN).

ipv6

Specify the IPv6 address for the web proxy forward server. Available when addr-type is set to ipv6.

Example

In this example, an explicit web proxy with a forward server can be reached by an IPv6 address, and a client PC uses this explicit web proxy forward server to access a website, such as www.google.com.

The IPv6 address is configured for the web proxy forward server, and then the configuration is added to a proxy policy. The web proxy forward server configuration could also be added to a proxy mode policy or a transparent web proxy policy.

To configure an IPv6 address in the GUI:
  1. Go to Network > Explicit Proxy.

  2. If disabled, enable Explicit Web Proxy.

  3. Under Web Proxy Forwarding Servers, click Create New.

    The New Forwarding Server pane opens.

  4. Set the following options, and click OK to create the forwarding server.

    Proxy Address Type

    IPv6

    Proxy Address

    2000:172:16:200::8

    Port

    8080

    Health Monitor

    Enable

    Health Check Monitor Site

    www.google.com

  5. Set the remaining options as needed, and click OK to save the explicit web proxy.

  6. Add the web proxy forward server to a proxy policy.

To configure an IPv6 address in the CLI:
  1. Configure an IPv6 address for the web proxy forward server.

    In this example, address type is set to IPv6, and an IPv6 address is specified in a configuration (fgt6) for a web proxy forward server.

    config web-proxy forward-server
        edit "fgt6"
            set addr-type ipv6
            set ipv6 2000:172:16:200::8
            set port 8080
        next
    end
  2. Add the web proxy forward server to a proxy policy.

    The web proxy forward server configuration (fgt6) is added to the firewall proxy policy.

    config firewall proxy-policy
        edit 1
            set uuid 560d8520-fa7b-51ed-e06a-df05ec145542
            set proxy explicit-web
            set dstintf "port3"
            set srcaddr "all"
            set dstaddr "all"
            set service "webproxy"
            set action accept
            set schedule "always"
            set logtraffic all
            set srcaddr6 "all"
            set dstaddr6 "all"
            set webproxy-forward-server "fgt6"
            set utm-status enable
            set ssl-ssh-profile "deep-custom"
            set av-profile "av"
        next
    end
  3. View the traffic logs.

    An HTTP request to www.google.com was sent through the web proxy forward server over IPv6.

    12: date=2023-08-10 time=23:44:43 eventtime=1691736283529768562 tz="-0700" logid="0000000010" type="traffic" subtype="forward" level="notice" vd="vdom1" srcip=2000:10:1:100::11 srcport=44190 srcintf="port1" srcintfrole="undefined" dstcountry="United States" srccountry="Reserved" dstip=2607:f8b0:400a:807::2004 dstport=80 dstintf="port3" dstintfrole="undefined" sessionid=391251274 service="HTTP" proxyapptype="web-proxy" proto=6 action="accept" policyid=1 policytype="proxy-policy" poluuid="560d8520-fa7b-51ed-e06a-df05ec145542" trandisp="snat+dnat" tranip=2000:172:16:200::8 tranport=8080 transip=2000:172:16:200::2 transport=21344 duration=22 wanin=2385 rcvdbyte=2385 wanout=369 lanin=129 sentbyte=129 lanout=795 appcat="unscanned"

Transparent web proxy forwarding over IPv6

Transparent web proxy forwarding over IPv6

The IPv6-enabled forward server works the same way as the IPv4 forward server. For example, you can configure an IPv6 address or an FQDN that resolves to an IPv6 address for the forward server, and you can also use the IPv6 forward server in a forward server group.

config web-proxy forward-server
    edit <name>
        set addr-type {ip | ipv6 | fqdn}
        set ipv6 <IPv6-address>
    next
end

addr-type

Specify the type of IP address for the web proxy forward server:

  • ip: use an IPv4 address.

  • ipv6: use an IPv6 address.

  • fqdn: use a fully qualified domain name (FQDN).

ipv6

Specify the IPv6 address for the web proxy forward server. Available when addr-type is set to ipv6.

Example

In this example, an explicit web proxy with a forward server can be reached by an IPv6 address, and a client PC uses this explicit web proxy forward server to access a website, such as www.google.com.

The IPv6 address is configured for the web proxy forward server, and then the configuration is added to a proxy policy. The web proxy forward server configuration could also be added to a proxy mode policy or a transparent web proxy policy.

To configure an IPv6 address in the GUI:
  1. Go to Network > Explicit Proxy.

  2. If disabled, enable Explicit Web Proxy.

  3. Under Web Proxy Forwarding Servers, click Create New.

    The New Forwarding Server pane opens.

  4. Set the following options, and click OK to create the forwarding server.

    Proxy Address Type

    IPv6

    Proxy Address

    2000:172:16:200::8

    Port

    8080

    Health Monitor

    Enable

    Health Check Monitor Site

    www.google.com

  5. Set the remaining options as needed, and click OK to save the explicit web proxy.

  6. Add the web proxy forward server to a proxy policy.

To configure an IPv6 address in the CLI:
  1. Configure an IPv6 address for the web proxy forward server.

    In this example, address type is set to IPv6, and an IPv6 address is specified in a configuration (fgt6) for a web proxy forward server.

    config web-proxy forward-server
        edit "fgt6"
            set addr-type ipv6
            set ipv6 2000:172:16:200::8
            set port 8080
        next
    end
  2. Add the web proxy forward server to a proxy policy.

    The web proxy forward server configuration (fgt6) is added to the firewall proxy policy.

    config firewall proxy-policy
        edit 1
            set uuid 560d8520-fa7b-51ed-e06a-df05ec145542
            set proxy explicit-web
            set dstintf "port3"
            set srcaddr "all"
            set dstaddr "all"
            set service "webproxy"
            set action accept
            set schedule "always"
            set logtraffic all
            set srcaddr6 "all"
            set dstaddr6 "all"
            set webproxy-forward-server "fgt6"
            set utm-status enable
            set ssl-ssh-profile "deep-custom"
            set av-profile "av"
        next
    end
  3. View the traffic logs.

    An HTTP request to www.google.com was sent through the web proxy forward server over IPv6.

    12: date=2023-08-10 time=23:44:43 eventtime=1691736283529768562 tz="-0700" logid="0000000010" type="traffic" subtype="forward" level="notice" vd="vdom1" srcip=2000:10:1:100::11 srcport=44190 srcintf="port1" srcintfrole="undefined" dstcountry="United States" srccountry="Reserved" dstip=2607:f8b0:400a:807::2004 dstport=80 dstintf="port3" dstintfrole="undefined" sessionid=391251274 service="HTTP" proxyapptype="web-proxy" proto=6 action="accept" policyid=1 policytype="proxy-policy" poluuid="560d8520-fa7b-51ed-e06a-df05ec145542" trandisp="snat+dnat" tranip=2000:172:16:200::8 tranport=8080 transip=2000:172:16:200::2 transport=21344 duration=22 wanin=2385 rcvdbyte=2385 wanout=369 lanin=129 sentbyte=129 lanout=795 appcat="unscanned"