Fortinet white logo
Fortinet white logo

Administration Guide

Proxy settings

Proxy settings

Proxy settings allows you to configure FortiNAC Manager to direct web traffic to a proxy server in order to download OS updates and auto-definition updates.

Proxy communication is not supported for MDM Services.

FortiNAC Manager Requirement: If proxy is enabled, both the FortiNAC Manager and managed FortiNAC CA servers must have their subnet(s) for port1/eth0 or domain(s) listed in the exclusions list. See Proxy Exclusions in the table below.

  1. Click System > Settings.

  2. Expand the System Communication folder.

  3. Select Proxy Settings from the tree.

  4. Use the table below to enter the necessary settings.

  5. Click Save Settings.

Field

Definition

Enable Proxy Configuration

If enabled, FortiNAC Manager will use the Proxy Configuration to download OS updates and auto-definition updates.

Host

The hostname or address of the proxy server.

Port

Port used for communication with the proxy server. This must match the port setting on the proxy server itself.

Authentication

If enabled, you must enter the user name and password for the proxy server.

User Name

User Name for the email account used as the sender account.

Password

Password for the email account used as the sender account.

Use HTTP Proxy settings for all protocols

If enabled, the HTTP Proxy configuration will be used for both HTTPS and FTP Proxy communication.

Proxy Exclusions

Indicates the hosts that should be accessed without going through the proxy.

This is a required setting for FortiNAC Manager and the managed FortiNAC CA servers if proxy is enabled. Server synchronization between FortiNAC Manager and FortiNAC CA uses REST API. The Proxy Exclusion configuration prevents REST calls between the Manager and the CA from redirecting to the proxy server. If these calls are sent to the proxy, the synchronization process will not complete.

The list of hosts are separated by the '|' character.

The wildcard character '*' can be used at the beginning or end of the string for pattern matching (e.g., *.foo.com|localhost” indicates that every host in the foo.com domain and the localhost should be accessed directly, even if a proxy server is specified).

Note: Using wildcard in the middle of the string is not supported (e.g. myhost.*.foo.com)

Required for FortiNAC Manager and managed CA servers: Include the port1/eth0 IP addresses, subnets or domains of the managed FortiNAC CA servers and Manager.

Example

FortiNAC Manager

Port1/eth0 IP: 10.10.10.4/24

Domain name: NACMgr.myntwk.com

FortiNAC CA

Port1/eth0 IP’s: 10.10.10.5/24, 10.10.20.5/24

Domain names: NAC10.myntwk.com, NAC20.myntwk.com

One of the following examples would be entered in the Proxy Exclusions list of the Manager, NAC10 and NAC20:

A) 10.10.10.*|10.10.20.*

B) 10.10.10.4|10.10.10.5|10.10.20.5.10

C) *.myntwk.com

D) NCMgr.myntwk.com |NC10.myntwk.com|NC20.myntwk.com

Proxy settings

Proxy settings

Proxy settings allows you to configure FortiNAC Manager to direct web traffic to a proxy server in order to download OS updates and auto-definition updates.

Proxy communication is not supported for MDM Services.

FortiNAC Manager Requirement: If proxy is enabled, both the FortiNAC Manager and managed FortiNAC CA servers must have their subnet(s) for port1/eth0 or domain(s) listed in the exclusions list. See Proxy Exclusions in the table below.

  1. Click System > Settings.

  2. Expand the System Communication folder.

  3. Select Proxy Settings from the tree.

  4. Use the table below to enter the necessary settings.

  5. Click Save Settings.

Field

Definition

Enable Proxy Configuration

If enabled, FortiNAC Manager will use the Proxy Configuration to download OS updates and auto-definition updates.

Host

The hostname or address of the proxy server.

Port

Port used for communication with the proxy server. This must match the port setting on the proxy server itself.

Authentication

If enabled, you must enter the user name and password for the proxy server.

User Name

User Name for the email account used as the sender account.

Password

Password for the email account used as the sender account.

Use HTTP Proxy settings for all protocols

If enabled, the HTTP Proxy configuration will be used for both HTTPS and FTP Proxy communication.

Proxy Exclusions

Indicates the hosts that should be accessed without going through the proxy.

This is a required setting for FortiNAC Manager and the managed FortiNAC CA servers if proxy is enabled. Server synchronization between FortiNAC Manager and FortiNAC CA uses REST API. The Proxy Exclusion configuration prevents REST calls between the Manager and the CA from redirecting to the proxy server. If these calls are sent to the proxy, the synchronization process will not complete.

The list of hosts are separated by the '|' character.

The wildcard character '*' can be used at the beginning or end of the string for pattern matching (e.g., *.foo.com|localhost” indicates that every host in the foo.com domain and the localhost should be accessed directly, even if a proxy server is specified).

Note: Using wildcard in the middle of the string is not supported (e.g. myhost.*.foo.com)

Required for FortiNAC Manager and managed CA servers: Include the port1/eth0 IP addresses, subnets or domains of the managed FortiNAC CA servers and Manager.

Example

FortiNAC Manager

Port1/eth0 IP: 10.10.10.4/24

Domain name: NACMgr.myntwk.com

FortiNAC CA

Port1/eth0 IP’s: 10.10.10.5/24, 10.10.20.5/24

Domain names: NAC10.myntwk.com, NAC20.myntwk.com

One of the following examples would be entered in the Proxy Exclusions list of the Manager, NAC10 and NAC20:

A) 10.10.10.*|10.10.20.*

B) 10.10.10.4|10.10.10.5|10.10.20.5.10

C) *.myntwk.com

D) NCMgr.myntwk.com |NC10.myntwk.com|NC20.myntwk.com