Fortinet black logo

Administration Guide

Introduction

Copy Link
Copy Doc ID b7ee159a-9f2d-11ec-9fd1-fa163e15d75b:93302
Download PDF

Introduction

FortiProxy provides a secure web gateway that protects against web attacks using URL filtering, visibility and control of encrypted web traffic through SSL and SSH inspection, and the application of granular web application policies. Flexible deployment modes cover inline, explicit, and transparent deployments.

  • Application Control allows you to identify and control applications on networks and endpoints regardless of the port, protocol, and IP address used. It gives you unmatched visibility and control over application traffic, even traffic from unknown applications and sources.

  • SSL and SSH inspection allows you to determine which inspection method will be applied to SSH and SSL traffic; identify how to treat invalid, unsupported or untrusted SSL certificates; and configure which web sites or web site categories are exempt from SSL inspection.

  • Web filtering provides web URL filtering to block access to harmful, inappropriate, and dangerous web sites that can contain phishing/pharming attacks, malware such as spyware, or objectionable content that can expose your organization to legal liability. Based on automatic research tools and targeted research analysis, real-time updates enable you to apply highly-granular policies that filter web access based on 78 web content categories, over 45 million rated web sites, and more than two billion web pages—all continuously updated.

  • The FortiProxy data leak prevention (DLP) system allows you to prevent sensitive data from leaving your network. When you define sensitive data patterns, data matching these patterns will be blocked or logged and allowed when passing through the FortiProxy unit. You configure the DLP system by creating individual filters based on file type, file size, a regular expression, an advanced rule, or a compound rule, in a DLP sensor and assign the sensor to a security policy. Although the primary use of the DLP feature is to stop sensitive data from leaving your network, it can also be used to prevent unwanted data from entering your network and to archive some or all of the content passing through the FortiProxy unit.

The FortiProxy unit also provides WAN optimization, web caching, and WCCP. FortiProxy WAN optimization and web caching improve performance and security of traffic passing between locations on your wide area network (WAN) or from the Internet to your web servers. You can use the FortiProxy unit as an explicit FTP and web proxy server. In addition, you can add web caching to any HTTP sessions including WAN optimization, explicit web proxy, and other HTTP sessions.

Supported protocols

Application layer security
  • SSH

  • FTP/FTPS/FTPoHTTP/FTPoHTTPConnect

  • SMTP/SMTPS

  • IMAP/IMAPS

  • POP3/POP3S

  • CIFS/SMB

  • MAPI/MAPIoRPC/MAPIoHTTPS

  • DNS

  • ICAP/WCCP

  • SCP/SFTP

VPN
  • IPsec/SSL VPNs

About this document

This document contains the following sections:

Appendices:

Introduction

FortiProxy provides a secure web gateway that protects against web attacks using URL filtering, visibility and control of encrypted web traffic through SSL and SSH inspection, and the application of granular web application policies. Flexible deployment modes cover inline, explicit, and transparent deployments.

  • Application Control allows you to identify and control applications on networks and endpoints regardless of the port, protocol, and IP address used. It gives you unmatched visibility and control over application traffic, even traffic from unknown applications and sources.

  • SSL and SSH inspection allows you to determine which inspection method will be applied to SSH and SSL traffic; identify how to treat invalid, unsupported or untrusted SSL certificates; and configure which web sites or web site categories are exempt from SSL inspection.

  • Web filtering provides web URL filtering to block access to harmful, inappropriate, and dangerous web sites that can contain phishing/pharming attacks, malware such as spyware, or objectionable content that can expose your organization to legal liability. Based on automatic research tools and targeted research analysis, real-time updates enable you to apply highly-granular policies that filter web access based on 78 web content categories, over 45 million rated web sites, and more than two billion web pages—all continuously updated.

  • The FortiProxy data leak prevention (DLP) system allows you to prevent sensitive data from leaving your network. When you define sensitive data patterns, data matching these patterns will be blocked or logged and allowed when passing through the FortiProxy unit. You configure the DLP system by creating individual filters based on file type, file size, a regular expression, an advanced rule, or a compound rule, in a DLP sensor and assign the sensor to a security policy. Although the primary use of the DLP feature is to stop sensitive data from leaving your network, it can also be used to prevent unwanted data from entering your network and to archive some or all of the content passing through the FortiProxy unit.

The FortiProxy unit also provides WAN optimization, web caching, and WCCP. FortiProxy WAN optimization and web caching improve performance and security of traffic passing between locations on your wide area network (WAN) or from the Internet to your web servers. You can use the FortiProxy unit as an explicit FTP and web proxy server. In addition, you can add web caching to any HTTP sessions including WAN optimization, explicit web proxy, and other HTTP sessions.

Supported protocols

Application layer security
  • SSH

  • FTP/FTPS/FTPoHTTP/FTPoHTTPConnect

  • SMTP/SMTPS

  • IMAP/IMAPS

  • POP3/POP3S

  • CIFS/SMB

  • MAPI/MAPIoRPC/MAPIoHTTPS

  • DNS

  • ICAP/WCCP

  • SCP/SFTP

VPN
  • IPsec/SSL VPNs

About this document

This document contains the following sections:

Appendices: