Fortinet white logo
Fortinet white logo

Introduction

Introduction

FortiProxy delivers a class-leading Secure Web Gateway, security features, unmatched performance, and the best user experience for web sites and cloud-based applications. All FortiProxy models include the following features out of the box:

Security modules

The unique FortiProxy architecture offers granular control over security, understanding user needs and enforcing Internet policy compliance with the following security modules:

  • Web filtering

    • The web-filtering solution is designed to restrict or control the content a reader is authorized to access, delivered over the Internet using the web browser.

    • The web rating override allows users to change the rating for a web site and control access to the site without affecting the rest of the sites in the original category.

  • DNS filtering

    • Similar to the FortiGuard web filtering. DNS filtering allows, blocks, or monitors access to web content according to FortiGuard categories.

  • Email filtering

    • The FortiGuard Antispam Service uses both a sender IP reputation database and a spam signature database, along with sophisticated spam filtering tools on Fortinet appliances and agents, to detect and block a wide range of spam messages. Updates to the IP reputation and spam signature databases are provided continuously by the FDN.

  • CIFS filtering

    • CIFS UTM scanning, which includes antivirus file scanning and data leak prevention (DLP) file filtering.

  • Application control

    • Application control technologies detect and take action against network traffic based on the application that generated the traffic.

  • Data Leak Prevention (DLP)

    • The FortiProxy data leak prevention system allows you to prevent sensitive data from leaving your network.

  • Antivirus

    • Antivirus uses a suite of integrated security technologies to protect against a variety of threats, including both known and unknown malicious codes (malware), plus Advanced Targeted Attacks (ATAs), also known as Advanced Persistent Threats (APTs).

  • SSL/SSH inspection (MITM)

    • SSL/SSH inspection helps to unlock encrypted sessions, see into encrypted packets, find threats, and block them.

  • Intrusion Prevention System (IPS)

    • Intrusion Prevention System technology protects your network from cybercriminal attacks by actively seeking and blocking external threats before they can reach potentially vulnerable network devices.

  • Content Analysis

    • Content Analysis allow you to detect adult content images in real time. This service is a real-time analysis of the content passing through the FortiProxy unit.

Caching and WAN optimization

All traffic between a client network and one or more web servers is intercepted by a web cache policy. This policy causes the FortiProxy unit to cache pages from the web servers on the FortiProxy unit and makes the cached pages available to users on the client network. Web caching can be configured for standard and reverse web caching.

FortiProxy supports WAN optimization to improve traffic performance and efficiency as it crosses the WAN. FortiProxy WAN optimization consists of a number of techniques that you can apply to improve the efficiency of communication across your WAN. These techniques include protocol optimization, byte caching, SSL offloading, and secure tunneling.

Protocol optimization can improve the efficiency of traffic that uses the CIFS, FTP, HTTP, or MAPI protocol, as well as general TCP traffic. Byte caching caches files and other data on FortiProxy units to reduce the amount of data transmitted across the WAN.

FortiProxy is intelligent enough to understand the differing caching formats of the major video services in order to maximize cache rates for one of the biggest contributors to bandwidth usage. FortiProxy will:

  • Detect the same video ID when content comes from different CDN hosts

  • Support seek forward/backward in video

  • Detect and cache separately; advertisements automatically played before the actual videos

Supported models

The following models are supported on FortiProxy 7.0.9, build 0138:

FortiProxy

  • FPX-2000E
  • FPX-4000E
  • FPX-400E

FortiProxy VM

  • FPX-AZURE
  • FPX-HY
  • FPX-KVM
  • FPX-KVM-ALI
  • FPX-KVM-AWS
  • FPX-KVM-GCP
  • FPX-KVM-OPC
  • FPX-VMWARE
  • FPX-XEN

Introduction

Introduction

FortiProxy delivers a class-leading Secure Web Gateway, security features, unmatched performance, and the best user experience for web sites and cloud-based applications. All FortiProxy models include the following features out of the box:

Security modules

The unique FortiProxy architecture offers granular control over security, understanding user needs and enforcing Internet policy compliance with the following security modules:

  • Web filtering

    • The web-filtering solution is designed to restrict or control the content a reader is authorized to access, delivered over the Internet using the web browser.

    • The web rating override allows users to change the rating for a web site and control access to the site without affecting the rest of the sites in the original category.

  • DNS filtering

    • Similar to the FortiGuard web filtering. DNS filtering allows, blocks, or monitors access to web content according to FortiGuard categories.

  • Email filtering

    • The FortiGuard Antispam Service uses both a sender IP reputation database and a spam signature database, along with sophisticated spam filtering tools on Fortinet appliances and agents, to detect and block a wide range of spam messages. Updates to the IP reputation and spam signature databases are provided continuously by the FDN.

  • CIFS filtering

    • CIFS UTM scanning, which includes antivirus file scanning and data leak prevention (DLP) file filtering.

  • Application control

    • Application control technologies detect and take action against network traffic based on the application that generated the traffic.

  • Data Leak Prevention (DLP)

    • The FortiProxy data leak prevention system allows you to prevent sensitive data from leaving your network.

  • Antivirus

    • Antivirus uses a suite of integrated security technologies to protect against a variety of threats, including both known and unknown malicious codes (malware), plus Advanced Targeted Attacks (ATAs), also known as Advanced Persistent Threats (APTs).

  • SSL/SSH inspection (MITM)

    • SSL/SSH inspection helps to unlock encrypted sessions, see into encrypted packets, find threats, and block them.

  • Intrusion Prevention System (IPS)

    • Intrusion Prevention System technology protects your network from cybercriminal attacks by actively seeking and blocking external threats before they can reach potentially vulnerable network devices.

  • Content Analysis

    • Content Analysis allow you to detect adult content images in real time. This service is a real-time analysis of the content passing through the FortiProxy unit.

Caching and WAN optimization

All traffic between a client network and one or more web servers is intercepted by a web cache policy. This policy causes the FortiProxy unit to cache pages from the web servers on the FortiProxy unit and makes the cached pages available to users on the client network. Web caching can be configured for standard and reverse web caching.

FortiProxy supports WAN optimization to improve traffic performance and efficiency as it crosses the WAN. FortiProxy WAN optimization consists of a number of techniques that you can apply to improve the efficiency of communication across your WAN. These techniques include protocol optimization, byte caching, SSL offloading, and secure tunneling.

Protocol optimization can improve the efficiency of traffic that uses the CIFS, FTP, HTTP, or MAPI protocol, as well as general TCP traffic. Byte caching caches files and other data on FortiProxy units to reduce the amount of data transmitted across the WAN.

FortiProxy is intelligent enough to understand the differing caching formats of the major video services in order to maximize cache rates for one of the biggest contributors to bandwidth usage. FortiProxy will:

  • Detect the same video ID when content comes from different CDN hosts

  • Support seek forward/backward in video

  • Detect and cache separately; advertisements automatically played before the actual videos

Supported models

The following models are supported on FortiProxy 7.0.9, build 0138:

FortiProxy

  • FPX-2000E
  • FPX-4000E
  • FPX-400E

FortiProxy VM

  • FPX-AZURE
  • FPX-HY
  • FPX-KVM
  • FPX-KVM-ALI
  • FPX-KVM-AWS
  • FPX-KVM-GCP
  • FPX-KVM-OPC
  • FPX-VMWARE
  • FPX-XEN