Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiProxy 7.4.0 Release Notes
    7.4.0
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    2.0.14
    2.0.13
    2.0.12
    2.0.11
    2.0.10
    2.0.9
    2.0.8
    2.0.7
    2.0.6
    2.0.5
    2.0.4
    2.0.3
    2.0.2
    2.0.1
    2.0.0
    1.2.13
    1.2.12
    1.2.11
    1.2.10
    1.2.9
    1.2.8
    1.2.7
    1.2.6
    1.2.5
    1.2.4
    1.2.3
    1.2.2
    1.2.1
    1.2.0
    1.1.6
    1.1.5
    1.1.4
    1.1.3
    1.1.2
    1.1.1
    1.1.0
    1.0.7
    1.0.6
    1.0.5
    1.0.4
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    Implicit web proxy browser extension

    Implicit web proxy browser extension

    The Chrome browser extension fetches proxy settings from the FortiProxy at regular intervals. The FortiProxy acts as a load balancer, distributing the workload across different proxies. Different extension rules can be configured for different networks, providing enhanced flexibility.

    When traffic matches a transparent policy or web proxy with extension detection enabled, it redirects to the portal if the extension is not installed. The extension portal provides installation instructions and proxy setting synchronization.

    On the client, the user must download and install the extension from the Chrome web store. The extension synchronizes the proxy settings with FortiProxy. The proxy settings are automatically adjusted based on the load balancing results and the source interfaces.

    Implicit proxy detection from policy

    When a request hits the policy, it is checked for a header from the extension. If the header is included, the traffic is allowed to pass through. If the header is absent, the extension portal opens with a link to the extension so that it can be installed. If the extension is not installed, then the traffic is blocked.

    To enable extension detection:
    config firewall policy
    edit 1
        set type {transparent | explicit-web}
        set srcintf “any"
        set dstintf “any"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set implicit-proxy-detection enable
        set ssl-ssh-profile "deep-inspection"
    next
end

    Captive portal

    Users access the portal page either by being redirected or by accessing it directly. The portal, includes a link to download the extension and instructions for installing it. After the extension is installed, it periodically fetches the Proxy auto-config (PAC) from the portal address and port. A proxy rule is selected based on the source interface of the fetching request and a PAC is generated with that rule.

    To configure the authentication settings:
    config authentication setting
    set active-auth-scheme ''
    set sso-auth-scheme ''
    set captive-portal-type ip
    set captive-portal-ip 10.1.1.1
    set captive-portal-ip6 ::
    set cert-auth disable
    set captive-portal-port 7830
    set auth-https enable
    set captive-portal-ssl-port 7831
    set rewrite-https-port 0
end
    To configure interfaces:
    config system interface
    edit "port1"
        set ip 172.16.80.158 255.255.255.0
        set proxy-captive-portal enable
    next
    edit "port2"
        set ip 10.2.2.2 255.255.255.0
        set proxy-captive-portal enable
    next
end
    To configure implicit proxy settings:
    config web-proxy implicit-proxy-setting
    edit 1
        set interface port1
        set implicit-proxy-rule “rule1”
    next
    edit 2
        set interface port2
        set implicit-proxy-rule “rule2”
    next
end

    Implicit proxy rule

    Each implicit proxy rule includes a list of servers, the load balance method that is used to load balance traffic among the web proxies, and a bypass list that includes the addresses of servers that do not need to be proxied.

    Based on each implicit proxy rule, FortiProxy generates a PAC for proxy settings, and responds with the PAC when a user's extension requests the PAC from the extension portal.

    To configure an implicit proxy rule:
    config web-proxy implicit-proxy-rule
    edit "1"
        set load-balance-method round-robin
        set bypass-list "gmail.com" "login.microsoft.com"
        config proxy-servers
            edit 1
                set ip 10.1.99.1
                set port 8080
            next
            edit 2
                set ip 10.1.99.2
                set port 8080
            next
            edit 3
                set ip 10.1.99.3
                set port 8080
            next
        end
    next
end
    Previous
    Next

    Implicit web proxy browser extension

    Implicit web proxy browser extension

    The Chrome browser extension fetches proxy settings from the FortiProxy at regular intervals. The FortiProxy acts as a load balancer, distributing the workload across different proxies. Different extension rules can be configured for different networks, providing enhanced flexibility.

    When traffic matches a transparent policy or web proxy with extension detection enabled, it redirects to the portal if the extension is not installed. The extension portal provides installation instructions and proxy setting synchronization.

    On the client, the user must download and install the extension from the Chrome web store. The extension synchronizes the proxy settings with FortiProxy. The proxy settings are automatically adjusted based on the load balancing results and the source interfaces.

    Implicit proxy detection from policy

    When a request hits the policy, it is checked for a header from the extension. If the header is included, the traffic is allowed to pass through. If the header is absent, the extension portal opens with a link to the extension so that it can be installed. If the extension is not installed, then the traffic is blocked.

    To enable extension detection:
    config firewall policy
    edit 1
        set type {transparent | explicit-web}
        set srcintf “any"
        set dstintf “any"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set implicit-proxy-detection enable
        set ssl-ssh-profile "deep-inspection"
    next
end

    Captive portal

    Users access the portal page either by being redirected or by accessing it directly. The portal, includes a link to download the extension and instructions for installing it. After the extension is installed, it periodically fetches the Proxy auto-config (PAC) from the portal address and port. A proxy rule is selected based on the source interface of the fetching request and a PAC is generated with that rule.

    To configure the authentication settings:
    config authentication setting
    set active-auth-scheme ''
    set sso-auth-scheme ''
    set captive-portal-type ip
    set captive-portal-ip 10.1.1.1
    set captive-portal-ip6 ::
    set cert-auth disable
    set captive-portal-port 7830
    set auth-https enable
    set captive-portal-ssl-port 7831
    set rewrite-https-port 0
end
    To configure interfaces:
    config system interface
    edit "port1"
        set ip 172.16.80.158 255.255.255.0
        set proxy-captive-portal enable
    next
    edit "port2"
        set ip 10.2.2.2 255.255.255.0
        set proxy-captive-portal enable
    next
end
    To configure implicit proxy settings:
    config web-proxy implicit-proxy-setting
    edit 1
        set interface port1
        set implicit-proxy-rule “rule1”
    next
    edit 2
        set interface port2
        set implicit-proxy-rule “rule2”
    next
end

    Implicit proxy rule

    Each implicit proxy rule includes a list of servers, the load balance method that is used to load balance traffic among the web proxies, and a bypass list that includes the addresses of servers that do not need to be proxied.

    Based on each implicit proxy rule, FortiProxy generates a PAC for proxy settings, and responds with the PAC when a user's extension requests the PAC from the extension portal.

    To configure an implicit proxy rule:
    config web-proxy implicit-proxy-rule
    edit "1"
        set load-balance-method round-robin
        set bypass-list "gmail.com" "login.microsoft.com"
        config proxy-servers
            edit 1
                set ip 10.1.99.1
                set port 8080
            next
            edit 2
                set ip 10.1.99.2
                set port 8080
            next
            edit 3
                set ip 10.1.99.3
                set port 8080
            next
        end
    next
end
    Previous
    Next