Introduction
FortiProxy delivers a class-leading Secure Web Gateway, security features, unmatched performance, and the best user experience for web sites and cloud-based applications.
FortiProxy 7.4.4 supports upgrade from the following versions only:
Refer to Deployment information for detailed upgrade instructions. |
All FortiProxy models include the following features out of the box:
Security modules
The unique FortiProxy architecture offers granular control over security, understanding user needs and enforcing Internet policy compliance with the following security modules:
Web filtering |
The web-filtering solution is designed to restrict or control the content a reader is authorized to access, delivered over the Internet using the web browser. The web rating override allows users to change the rating for a web site and control access to the site without affecting the rest of the sites in the original category. |
DNS filtering |
Similar to the FortiGuard web filtering. DNS filtering allows, blocks, or monitors access to web content according to FortiGuard categories. |
Email filtering |
The FortiGuard Antispam Service uses both a sender IP reputation database and a spam signature database, along with sophisticated spam filtering tools on Fortinet appliances and agents, to detect and block a wide range of spam messages. Updates to the IP reputation and spam signature databases are provided continuously by the FDN. |
CIFS filtering |
CIFS UTM scanning, which includes antivirus file scanning and DLP file filtering. |
Application control |
Application control technologies detect and take action against network traffic based on the application that generated the traffic. |
Inline CASB |
The inline CASB security profile enables the FortiProxy to perform granular control over SaaS applications directly on policies. |
Data Loss Prevention (DLP) |
The FortiProxy DLP system allows you to prevent sensitive data from leaving your network. |
Antivirus |
Antivirus uses a suite of integrated security technologies to protect against a variety of threats, including both known and unknown malicious codes (malware), plus Advanced Targeted Attacks (ATAs), also known as Advanced Persistent Threats (APTs). |
SSL/SSH inspection (MITM) |
SSL/SSH inspection helps to unlock encrypted sessions, see into encrypted packets, find threats, and block them. |
Intrusion Prevention System (IPS) |
IPS technology protects your network from cybercriminal attacks by actively seeking and blocking external threats before they can reach potentially vulnerable network devices. |
Zero Trust Network Access (ZTNA) |
ZTNA is an access control method that uses client device identification, authentication, and Zero Trust tags to provide role‑based application access. It gives administrators the flexibility to manage network access for users. Access to applications is granted only after device verification, authenticating the user’s identity, authorizing the user, and then performing context based posture checks using Zero Trust tags. |
Content Analysis |
Content Analysis allow you to detect adult content images in real time. This service is a real-time analysis of the content passing through the FortiProxy unit. |
Client-based native browser isolation (NBI) |
Client-based native browser isolation (NBI) uses a Windows Subsystem for Linux (WSL) distribution (distro) to isolate the browser from the rest of the computer in a container, which helps decrease the attack surface. |
Caching and WAN optimization
All traffic between a client network and one or more web servers is intercepted by a web cache policy. This policy causes the FortiProxy unit to cache pages from the web servers on the FortiProxy unit and makes the cached pages available to users on the client network. Web caching can be configured for standard and reverse web caching.
FortiProxy supports WAN optimization to improve traffic performance and efficiency as it crosses the WAN. FortiProxy WAN optimization consists of a number of techniques that you can apply to improve the efficiency of communication across your WAN. These techniques include protocol optimization, byte caching, SSL offloading, and secure tunneling.
Protocol optimization can improve the efficiency of traffic that uses the CIFS, FTP, HTTP, or MAPI protocol, as well as general TCP traffic. Byte caching caches files and other data on FortiProxy units to reduce the amount of data transmitted across the WAN.
FortiProxy is intelligent enough to understand the differing caching formats of the major video services in order to maximize cache rates for one of the biggest contributors to bandwidth usage. FortiProxy will:
-
Detect the same video ID when content comes from different CDN hosts.
-
Support seek forward/backward in video.
-
Detect and cache separately; advertisements automatically played before the actual videos.