Getting started

FortiProxy is a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques such as web filtering, DNS filtering, data loss prevention, antivirus, intrusion prevention, and advanced threat protection. It helps enterprises enforce internet compliance using granular application control. High-performance physical and virtual appliances deploy on-site to serve small, medium, and large enterprises

FortiProxy provides multiple detection methods such as reputation lookup, signature-based detection, and sandboxing to protect against known malware, emerging threats, and zero-day malware. It also intercepts outgoing client connections to the internet and has some firewall capabilities. However, the primary focus of FortiProxy is to be a secure web gateway solution that provides visibility, compliance, web security, and threat protection for any organization.

This document describes how to deploy a FortiProxy‑VM in a VMware vSphere environment. More information about configuring and using FortiProxy is available in the Fortinet Document Library.

In the initial setup, the following ports are used:

• DNS lookup — UDP 53

• FortiGuard licensing — TCP 443

Evaluation license

FortiProxy‑VM can be evaluated with a free 15-day trial license that includes most features, except:

• HA
• FortiGuard updates
• Technical support

You do not need to manually upload the trial license; it is built-in. The trial period begins the first time you start FortiProxy‑VM. When the trial expires, most functionality is disabled. You must purchase a license to continue using FortiProxy‑VM.

License sizes

VM licenses are available in the following sizes:

	Evaluation	VM02	VM04	VM08	VM16	VMUL
Maximum number of CPUs	2	4	8	16	32	Unlimited
Memory (GB)	2	Unlimited
Number of disks (boot + storage)	1+1	1+2	1+2	1+4	1+8	16 total

The maximum number of IP sessions varies by license and by available vRAM, just as it does for hardware models. For more information, see the FortiProxy Datasheet.

License validation

FortiProxy‑VM must periodically revalidate its license with the Fortinet Distribution Network (FDN). If it cannot contact the FDN for 24 hours, access to the FortiProxy‑VM web UI and CLI are locked.

By default, FortiProxy‑VM attempts to contact FDN over the internet. If the management port cannot access the internet (for example, in closed network environments), it is possible for FortiProxy‑VM to validate its license with a FortiManager that has been deployed on the local network to act as a local FDS (FortiGuard Distribution Server).

On the FortiProxy‑VM, specify the FortiManager IP address for the “override server” in the FortiGuard configuration:

config system central-management
    set type fortimanager
    config server-list
        edit 1
            set server-type update
            set server-address <FortiManager IP address for updates>
        next
        edit 2
            set server-type rating
            set server-address <FortiManager IP address for web filter ratings>
        next
    end
    set include-default-servers disable
end

TCP port 8890 is the port where the built-in FDS feature listens for requests. For more information on the FortiManager local FDS feature, see the FortiManager Administration Guide. Although FortiManager can provide FortiGuard security service updates to some Fortinet devices, for FortiProxy, its FDN features can provide license validation only.