Proxy settings
Proxy settings allows you to configure FortiNAC Manager to direct web traffic to a proxy server in order to download OS updates and auto-definition updates.
Proxy communication is not supported for MDM Services.
FortiNAC Manager Requirement: If proxy is enabled, both the FortiNAC Manager and managed FortiNAC CA servers must have their subnet(s) for port1/eth0 or domain(s) listed in the exclusions list. See Proxy Exclusions in the table below.
-
Click System > Settings.
-
Expand the System Communication folder.
-
Select Proxy Settings from the tree.
-
Use the table below to enter the necessary settings.
-
Click Save Settings.
Field |
Definition |
---|---|
Enable Proxy Configuration |
If enabled, FortiNAC Manager will use the Proxy Configuration to download OS updates and auto-definition updates. |
Host |
The hostname or address of the proxy server. |
Port |
Port used for communication with the proxy server. This must match the port setting on the proxy server itself. |
Authentication |
If enabled, you must enter the user name and password for the proxy server. |
User Name |
User Name for the email account used as the sender account. |
Password |
Password for the email account used as the sender account. |
Use HTTP Proxy settings for all protocols |
If enabled, the HTTP Proxy configuration will be used for both HTTPS and FTP Proxy communication. |
Proxy Exclusions |
Indicates the hosts that should be accessed without going through the proxy.
This is a required setting for FortiNAC Manager and the managed FortiNAC CA servers if proxy is enabled. Server synchronization between FortiNAC Manager and FortiNAC CA uses REST API. The Proxy Exclusion configuration prevents REST calls between the Manager and the CA from redirecting to the proxy server. If these calls are sent to the proxy, the synchronization process will not complete. The list of hosts are separated by the '|' character.
The wildcard character '*' can be used at the beginning or end of the string for pattern matching (e.g., *.foo.com|localhost” indicates that every host in the foo.com domain and the localhost should be accessed directly, even if a proxy server is specified).
Note: Using wildcard in the middle of the string is not supported (e.g. myhost.*.foo.com)
Required for FortiNAC Manager and managed CA servers: Include the port1/eth0 IP addresses, subnets or domains of the managed FortiNAC CA servers and Manager.
Example FortiNAC Manager Port1/eth0 IP: 10.10.10.4/24 Domain name: NACMgr.myntwk.com
FortiNAC CA Port1/eth0 IP’s: 10.10.10.5/24, 10.10.20.5/24 Domain names: NAC10.myntwk.com, NAC20.myntwk.com
One of the following examples would be entered in the Proxy Exclusions list of the Manager, NAC10 and NAC20:
A) 10.10.10.*|10.10.20.* B) 10.10.10.4|10.10.10.5|10.10.20.5.10 C) *.myntwk.com D) NCMgr.myntwk.com |NC10.myntwk.com|NC20.myntwk.com |