Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiPortal 7.4.0 User Guide
    7.4.0
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    Configuring a proxy/ZTNA policy

    Configuring a proxy/ZTNA policy

    A proxy/ZTNA policy enables proxying of traffic.

    To create or edit a proxy/ZTNA policy:
    1. Go to Policy.
    2. With the appropriate device selected, select Proxy/ZTNA Policy in the Policy type dropdown list.
    3. Click Create or select a policy and click Edit.
    4. In the form, enter the following information:

      Settings

      Guidelines

      Name

      Enter a name for the policy.

      Explicit Proxy Type

      Select one the following options:

      • Explicit Web: Proxy HTTP and HTTPS traffic.

      • Transparent Web: Transparently proxy HTTP and HTTPS traffic.

      • FTP: Proxy FTP traffic.

      • WAN Optimize: Optimize WAN traffic through a proxy.

      • ZTNA: Create a ZTNA policy to redirect client requests to the specified ZTNA server.

      Incoming Interface

      Select the incoming interfaces.

      This option is only available when Explicit Proxy Type is set to Transparent Web or ZTNA.

      Outgoing Interface

      Select the outgoing interfaces.

      This option is only available when Explicit Proxy Type is set to Explicit Web, Transparent Web, FTP, or WAN Optimize.

      IPv4 Source Address

      Select the IPv4 source addresses.

      This option is only available when Source Internet Service is disabled.

      IPv6 Source Address

      Select the IPv6 source addresses.

      This option is only available when Source Internet Service is disabled.

      Source User

      Select source users.

      Source User Group

      Select source user groups.

      Negate Source

      Enable or disable negation of the source.

      ZTNA Tag

      Select the ZTNA tags to apply.

      This option is only available when Explicit Proxy Type is set to ZTNA.

      Destination Internet Service

      Enable or disable the destination internet service, then select services.

      IPv4 Destination Address

      Select to add one or more address objects.

      This option is only available when Destination Internet Service is disabled.

      IPv6 Destination Address

      Select to add one or more address objects.

      This option is only available when Destination Internet Service is disabled.

      Negate Destination

      Enable or disable negation of the destination.

      ZTNA Server

      Select the ZTNA server to connect to.

      This option is only available when Explicit Proxy Type is set to ZTNA.

      Service

      Select services and service groups.

      This option is not available when Explicit Proxy Type is set to FTP.

      When Explicit Proxy Type is set to Explicit Web or Transparent Web, the only available service is webproxy.

      Schedule

      Select one entry from the dropdown.

      Action

      Select whether to Deny, Accept, or Redirect matching traffic.

      Redirect is only available when Explicit Proxy Type is set to Explicit Web or Transparent Web.

      Log Allowed Traffic

      Select from the following options:

      • No Log

      • Log Security Events

      • Log All Sessions

      This option is only available when Action is set to Accept.

      Generate Logs when Session Starts

      Enable to generate logs when the session starts.

      This option is only available when Action is set to Accept.

      Log Violation Traffic

      Enable or disable logging of denied traffic.

      This option is only available when Action is set to Deny.

      Display Disclaimer

      Enable or disable disclaimer for this type of traffic.

      This option is only available when Action is set to Accept.

      Customize Message

      From the dropdown, select a customized message.

      This option is only available if Display Disclaimer is enabled.

      This option is only available when Action is set to Accept.

      Security Profiles Options

      Enable or disable security profiles.

      • If Use Standard Security Profiles is enabled, select the appropriate profiles.

      • If Use Security Profile Group is enabled, select the appropriate profile group.

      This option is only available when Action is set to Accept.

      Protocol Options

      Select from the available protocol options group, as configured by your service provider.

      This option is only available when Action is set to Accept.

      SSL/SSH Inspection

      Select the SSL/SSH inspection profile to use for this policy.

      This option is only available when Action is set to Accept.

      Redirect URL

      Enter the URL where matching traffic will be redirected.

      This option is only available when Action is set to Redirect.

      Web Proxy Forwarding Server

      Select the forwarding server to use.

      This option is only available when Explicit Proxy Type is set to Transparent Web.

      Comments

      Optionally, enter a comment for the policy.

    5. Click Save.
    Previous
    Next

    Configuring a proxy/ZTNA policy

    Configuring a proxy/ZTNA policy

    A proxy/ZTNA policy enables proxying of traffic.

    To create or edit a proxy/ZTNA policy:
    1. Go to Policy.
    2. With the appropriate device selected, select Proxy/ZTNA Policy in the Policy type dropdown list.
    3. Click Create or select a policy and click Edit.
    4. In the form, enter the following information:

      Settings

      Guidelines

      Name

      Enter a name for the policy.

      Explicit Proxy Type

      Select one the following options:

      • Explicit Web: Proxy HTTP and HTTPS traffic.

      • Transparent Web: Transparently proxy HTTP and HTTPS traffic.

      • FTP: Proxy FTP traffic.

      • WAN Optimize: Optimize WAN traffic through a proxy.

      • ZTNA: Create a ZTNA policy to redirect client requests to the specified ZTNA server.

      Incoming Interface

      Select the incoming interfaces.

      This option is only available when Explicit Proxy Type is set to Transparent Web or ZTNA.

      Outgoing Interface

      Select the outgoing interfaces.

      This option is only available when Explicit Proxy Type is set to Explicit Web, Transparent Web, FTP, or WAN Optimize.

      IPv4 Source Address

      Select the IPv4 source addresses.

      This option is only available when Source Internet Service is disabled.

      IPv6 Source Address

      Select the IPv6 source addresses.

      This option is only available when Source Internet Service is disabled.

      Source User

      Select source users.

      Source User Group

      Select source user groups.

      Negate Source

      Enable or disable negation of the source.

      ZTNA Tag

      Select the ZTNA tags to apply.

      This option is only available when Explicit Proxy Type is set to ZTNA.

      Destination Internet Service

      Enable or disable the destination internet service, then select services.

      IPv4 Destination Address

      Select to add one or more address objects.

      This option is only available when Destination Internet Service is disabled.

      IPv6 Destination Address

      Select to add one or more address objects.

      This option is only available when Destination Internet Service is disabled.

      Negate Destination

      Enable or disable negation of the destination.

      ZTNA Server

      Select the ZTNA server to connect to.

      This option is only available when Explicit Proxy Type is set to ZTNA.

      Service

      Select services and service groups.

      This option is not available when Explicit Proxy Type is set to FTP.

      When Explicit Proxy Type is set to Explicit Web or Transparent Web, the only available service is webproxy.

      Schedule

      Select one entry from the dropdown.

      Action

      Select whether to Deny, Accept, or Redirect matching traffic.

      Redirect is only available when Explicit Proxy Type is set to Explicit Web or Transparent Web.

      Log Allowed Traffic

      Select from the following options:

      • No Log

      • Log Security Events

      • Log All Sessions

      This option is only available when Action is set to Accept.

      Generate Logs when Session Starts

      Enable to generate logs when the session starts.

      This option is only available when Action is set to Accept.

      Log Violation Traffic

      Enable or disable logging of denied traffic.

      This option is only available when Action is set to Deny.

      Display Disclaimer

      Enable or disable disclaimer for this type of traffic.

      This option is only available when Action is set to Accept.

      Customize Message

      From the dropdown, select a customized message.

      This option is only available if Display Disclaimer is enabled.

      This option is only available when Action is set to Accept.

      Security Profiles Options

      Enable or disable security profiles.

      • If Use Standard Security Profiles is enabled, select the appropriate profiles.

      • If Use Security Profile Group is enabled, select the appropriate profile group.

      This option is only available when Action is set to Accept.

      Protocol Options

      Select from the available protocol options group, as configured by your service provider.

      This option is only available when Action is set to Accept.

      SSL/SSH Inspection

      Select the SSL/SSH inspection profile to use for this policy.

      This option is only available when Action is set to Accept.

      Redirect URL

      Enter the URL where matching traffic will be redirected.

      This option is only available when Action is set to Redirect.

      Web Proxy Forwarding Server

      Select the forwarding server to use.

      This option is only available when Explicit Proxy Type is set to Transparent Web.

      Comments

      Optionally, enter a comment for the policy.

    5. Click Save.
    Previous
    Next