Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiProxy 7.0.0 Administration Guide
    7.0.0
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Create or edit an explicit proxy

    Create or edit an explicit proxy

    Select Create New to open the Create Explicit Proxy window.

    Select an explicit proxy configuration and then click Edit to open the Edit Explicit Proxy window.

    Configure the following settings in the Explicit Proxy window and then click OK:

    Name

    Enter the name of the explicit web proxy configuration.

    Interfaces

    Select the interface or interfaces that are being monitored by the explicit web proxy from the drop-down list.

    Status

    This explicit web proxy configuration is enabled by default. Toggle to disable this explicit web proxy configuration.

    HTTP Incoming IP

    This field restricts the explicit HTTP proxy to accept sessions only from the specified IP address.

    HTTP Incoming Port

    Enter the port number that HTTP traffic from client web browsers use to connect to the explicit proxy for the specific protocol.

    Explicit proxy users must configure their web browser’s protocols proxy settings to use this port. The default port is 8080. You can enter a maximum of eight ports. Separate multiple ports with a comma. The range of values is 1-65535.

    HTTPS Incoming Port

    Select Use HTTP Port or select Specify and then enter the port number that HTTPS traffic from client web browsers use to connect to the explicit proxy for the specific protocol.

    Explicit proxy users must configure their web browser’s protocols proxy settings to use this port. You can enter a maximum of eight ports. Separate multiple ports with a comma. The range of values is 1-65535.

    FTP Over HTTP

    Select this checkbox to enable FTP over HTTP for the explicit web proxy. Then select Use HTTP Port or select Specify and enter the port number.

    SOCKS Proxy

    Select this checkbox to enable the SOCKS proxy. Then select Use HTTP Port or select Specify and enter the port number.

    Prefer DNS Result

    Select whether the DNS result uses an IPv4 or IPv6 address.

    Unknown HTTP Version

    You can select the action to take when the proxy server must handle an unknown HTTP version request or message. Set the unknown HTTP version to Best Effort, Reject, or Tunnel.

    • Best Effort attempts to handle the HTTP traffic as best as it can.

    • Reject treats known HTTP traffic as malformed and drops it.

    SEC Default Action

    Accept or deny explicit web proxy sessions when no web proxy firewall policy exists.

    SSL Algorithm

    Select the strength of the encryption algorithms accepted in HTTPS deep scan.

    Authentication Realm

    Enter an authentication realm to identify the explicit web proxy.

    The realm can be any text string of up to 63 characters. If the realm includes spaces, you need to enclose it in quotes. When a user authenticates with the explicit web proxy, the HTTP authentication dialog box includes the realm so that you can use the realm to identify the explicitly web proxy for your users.

    IPv6 Status

    Toggle this setting if you want to use IPv6 addresses.

    Return to Sender

    Toggle this setting to allow the FortiProxy to remember the MAC address of the last hop and send responses to that MAC address instead of the default gateway.

    PAC Status

    Toggle this setting to use a proxy auto-config (PAC) file to define how web browsers can choose a proxy server for receiving HTTP content. PAC files include the FindProxyForURL(url, host) JavaScript function that returns a string with one or more access method specifications. These specifications cause the web browser to use a particular proxy server or to connect directly.

    PAC Port

    Select Use HTTP Port or select Specify and then enter the port number that traffic from client web browsers use to connect to the explicit proxy for the specific protocol. Explicit proxy users must configure their web browser’s protocols proxy settings to use this port.

    PAC File Content

    Select Edit to make changes to a PAC file that was previously uploaded or select Download and then select Save to save a copy of the PAC file.

    API Preview

    The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
    note icon

    The FTP over HTTP proxy engine supports PORT mode, FTP over HTTP CONNECT, and uploads through PUT (UTM scanning).
    To use the API Preview:

    1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

    2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

    3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

    4. Click Close to leave the preview.

    Previous
    Next

    Create or edit an explicit proxy

    Create or edit an explicit proxy

    Select Create New to open the Create Explicit Proxy window.

    Select an explicit proxy configuration and then click Edit to open the Edit Explicit Proxy window.

    Configure the following settings in the Explicit Proxy window and then click OK:

    Name

    Enter the name of the explicit web proxy configuration.

    Interfaces

    Select the interface or interfaces that are being monitored by the explicit web proxy from the drop-down list.

    Status

    This explicit web proxy configuration is enabled by default. Toggle to disable this explicit web proxy configuration.

    HTTP Incoming IP

    This field restricts the explicit HTTP proxy to accept sessions only from the specified IP address.

    HTTP Incoming Port

    Enter the port number that HTTP traffic from client web browsers use to connect to the explicit proxy for the specific protocol.

    Explicit proxy users must configure their web browser’s protocols proxy settings to use this port. The default port is 8080. You can enter a maximum of eight ports. Separate multiple ports with a comma. The range of values is 1-65535.

    HTTPS Incoming Port

    Select Use HTTP Port or select Specify and then enter the port number that HTTPS traffic from client web browsers use to connect to the explicit proxy for the specific protocol.

    Explicit proxy users must configure their web browser’s protocols proxy settings to use this port. You can enter a maximum of eight ports. Separate multiple ports with a comma. The range of values is 1-65535.

    FTP Over HTTP

    Select this checkbox to enable FTP over HTTP for the explicit web proxy. Then select Use HTTP Port or select Specify and enter the port number.

    SOCKS Proxy

    Select this checkbox to enable the SOCKS proxy. Then select Use HTTP Port or select Specify and enter the port number.

    Prefer DNS Result

    Select whether the DNS result uses an IPv4 or IPv6 address.

    Unknown HTTP Version

    You can select the action to take when the proxy server must handle an unknown HTTP version request or message. Set the unknown HTTP version to Best Effort, Reject, or Tunnel.

    • Best Effort attempts to handle the HTTP traffic as best as it can.

    • Reject treats known HTTP traffic as malformed and drops it.

    SEC Default Action

    Accept or deny explicit web proxy sessions when no web proxy firewall policy exists.

    SSL Algorithm

    Select the strength of the encryption algorithms accepted in HTTPS deep scan.

    Authentication Realm

    Enter an authentication realm to identify the explicit web proxy.

    The realm can be any text string of up to 63 characters. If the realm includes spaces, you need to enclose it in quotes. When a user authenticates with the explicit web proxy, the HTTP authentication dialog box includes the realm so that you can use the realm to identify the explicitly web proxy for your users.

    IPv6 Status

    Toggle this setting if you want to use IPv6 addresses.

    Return to Sender

    Toggle this setting to allow the FortiProxy to remember the MAC address of the last hop and send responses to that MAC address instead of the default gateway.

    PAC Status

    Toggle this setting to use a proxy auto-config (PAC) file to define how web browsers can choose a proxy server for receiving HTTP content. PAC files include the FindProxyForURL(url, host) JavaScript function that returns a string with one or more access method specifications. These specifications cause the web browser to use a particular proxy server or to connect directly.

    PAC Port

    Select Use HTTP Port or select Specify and then enter the port number that traffic from client web browsers use to connect to the explicit proxy for the specific protocol. Explicit proxy users must configure their web browser’s protocols proxy settings to use this port.

    PAC File Content

    Select Edit to make changes to a PAC file that was previously uploaded or select Download and then select Save to save a copy of the PAC file.

    API Preview

    The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
    note icon

    The FTP over HTTP proxy engine supports PORT mode, FTP over HTTP CONNECT, and uploads through PUT (UTM scanning).
    To use the API Preview:

    1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

    2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

    3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

    4. Click Close to leave the preview.

    Previous
    Next