Fortinet white logo
Fortinet white logo

Administration Guide

Feature Visibility

Feature Visibility

Various FortiProxy features can be enabled or disabled as required. Disable features are not shown in the GUI.

Go to System > Feature Visibility to configure which features are available.

The following options can be turned on or off by toggling the sliders:

Explicit Proxy

Controls the visibility of the Proxy Settings > Explicit Proxy menu, which allows you to enable an HTTP, HTTPS, or FTP proxy for your network and add the proxy to one or more FortiProxy interfaces. Users on your network must configure their browsers to use the proxy. Create policies to control access to the proxy and apply UTM and other features to proxy traffic.

ICAP

Controls the visibility of the Content Analyses > ICAP Profile, Content Analyses > ICAP Remote Servers, and Content Analyses > ICAP Local Servers pages, which allow you to offload services to an external server. These services can include: ad insertion, virus scanning, content and language translation, HTTP header or URL manipulation, and content filtering. You can also use this feature to set up profiles and add them to security policies.

VPN

Controls the visibility of the VPN menu, which allow you to create secure communication channels between networks and allows remote users to safely connect to secure private networks using IPsec VPN and FortiClient.

WAN Opt. & Cache

Controls the visibility of the WAN Optimization and Web Cache menus.

The WAN Optimization menu allows you to add WAN optimization to improve traffic performance and efficiency as it crosses the WAN.

The Web Cache menu allows you to cache web pages from any web server. All traffic between a client network and one or more web servers is then intercepted by a web cache policy. This policy causes the FortiProxy unit to cache pages from the web servers on the FortiProxy unit and makes the cached pages available to users on the client network. Web caching can be configured for standard and reverse web caching.

Zero Trust Network Access

Controls the visibility of the Policy & Objects > ZTNA menu, which allows you to uses client device identification, authentication, and Zero Trust tags to provide role-based application access. It gives administrators the flexibility to manage network access for On-net local users and Off-net remote users. Access to applications is granted only after device verification, authenticating the user’s identity, authorizing the user, and then performing context based posture checks using Zero Trust tags.

AntiVirus

Controls the visibility of the Security Profiles > AntiVirus menu, which allows you to remove viruses, analyze suspicious files with FortiSandbox, and apply botnet protection to network traffic. Set up antivirus profiles and add them to policies. This feature requires a subscription to FortiGuard AntiVirus.

Application Control

Controls the visibility of the Security Profiles > Application Control menu, which allows you to visualize and control the applications on your network. Set up application sensors and add them to policies. This feature requires a subscription to Application Control Signatures.

DNS Filter

Controls the visibility of the Security Profiles > DNS Filter men, which allows you to apply DNS category filtering, URL filtering to control a userʼs access to web resources. Set up DNS filter profiles and add them to policies or add them to a DNS server on a FortiProxy interface. Some features require a subscription to FortiGuard Web Filtering.

Endpoint Control

Allows access block for endpoints (PCs, iOS devices, Android devices) through the FortiProxy unit unless they meet security requirements. Enforces the use of FortiClient on the endpoints. Sends non-compliant endpoints to the FortiClient download portal to install the latest version. Setup Endpoint Control on FortiClient EMS. Requires FortiClient licenses.

File Filter

Controls the visibility of the Security Profiles > File Filter menu, which allows you to block files passing through based on file type based on the file's metadata only and not on file size or file content. A DLP profile must be configured to block files based on size or content, such as SSN numbers, credit card numbers, or regular expression pattern. The file filter can be applied directly to policies.

Intrusion Prevention

Controls the visibility of the Security Profiles > Intrusion Prevention menu, which allows you to detect and block network-based attacks. You can set up IPS sensors and add them to policies. This feature requires a subscription to FortiGuard IPS.

Video Filter

Controls the visibility of the Security Profiles > Video Filter menu, which allows you to apply video filter rules to policies to control user's access to videos from different sources.

Web Filter

Controls the visibility of the Security Profiles > Web Filter menu, which allows you to apply web category filtering, URL filtering, and content filtering to control user's access to web resources. You can set up web filter profiles and add them to policies. Some features require a subscription to FortiGuard Web Filtering.

Advanced Endpoint Control

Allows FortiClient Device quarantine by enabling the display of On-Net options and status on GUI pages.

Allow Unnamed Policies

Relaxes the requirement for every policy to have a name when created in GUI.

DNS Database

Controls the visibility of the Network > DNS Service menu, which allows you to set up the FortiProxy unit as the DNS server for your network. You can add local DNS entries to the DNS database and forward other DNS lookups to external DNS servers.

An alternative way to set up a DNS server is to set up DNS Filter Profiles (under Security Profiles > DNS Filter) and add them to DNS Server on a FortiProxy interface.

Implicit Firewall Policies

Firewall policy lists end with an implicit policy that denies all traffic. Enable this feature to see these policies on firewall policy lists in the GUI. You can edit an implicit policy and enable logging to record log messages when the implicit policy denies a session.

Multiple Interface Policies

Allows the configuration of policies with multiple source/destination interfaces. See Create or edit a policy.

Operational Technology (OT)

Controls the visibility of the Security Fabric > Asset Identity Center > OT View tab, which provides an OT mapping layout to browse assets by Purdue level.

Policy Advanced Options

Controls the visibility of advanced options when you create a policy in the GUI, such as the Negate Destination option. See Create or edit a policy.

Policy Disclaimer

Controls the visibility of the Policy Disclaimer option, which allows the user to enable a disclaimer on an allow policy, or a block notification on a deny policy. See Create or edit a policy.

Threat Weight Tracking

Controls the visibility of the Log & Report > Log Settings > Threat Weight tab, which includes the Threats option for FortiView and shows UTM events sorted using a weighted severity system.

Traffic Shaping

Controls the visibility of the Policy & Objects > Traffic Shaping menu, which allows you to configure policies to define how specific types of traffic are shaped by the FortiProxy unit.

Feature Visibility

Feature Visibility

Various FortiProxy features can be enabled or disabled as required. Disable features are not shown in the GUI.

Go to System > Feature Visibility to configure which features are available.

The following options can be turned on or off by toggling the sliders:

Explicit Proxy

Controls the visibility of the Proxy Settings > Explicit Proxy menu, which allows you to enable an HTTP, HTTPS, or FTP proxy for your network and add the proxy to one or more FortiProxy interfaces. Users on your network must configure their browsers to use the proxy. Create policies to control access to the proxy and apply UTM and other features to proxy traffic.

ICAP

Controls the visibility of the Content Analyses > ICAP Profile, Content Analyses > ICAP Remote Servers, and Content Analyses > ICAP Local Servers pages, which allow you to offload services to an external server. These services can include: ad insertion, virus scanning, content and language translation, HTTP header or URL manipulation, and content filtering. You can also use this feature to set up profiles and add them to security policies.

VPN

Controls the visibility of the VPN menu, which allow you to create secure communication channels between networks and allows remote users to safely connect to secure private networks using IPsec VPN and FortiClient.

WAN Opt. & Cache

Controls the visibility of the WAN Optimization and Web Cache menus.

The WAN Optimization menu allows you to add WAN optimization to improve traffic performance and efficiency as it crosses the WAN.

The Web Cache menu allows you to cache web pages from any web server. All traffic between a client network and one or more web servers is then intercepted by a web cache policy. This policy causes the FortiProxy unit to cache pages from the web servers on the FortiProxy unit and makes the cached pages available to users on the client network. Web caching can be configured for standard and reverse web caching.

Zero Trust Network Access

Controls the visibility of the Policy & Objects > ZTNA menu, which allows you to uses client device identification, authentication, and Zero Trust tags to provide role-based application access. It gives administrators the flexibility to manage network access for On-net local users and Off-net remote users. Access to applications is granted only after device verification, authenticating the user’s identity, authorizing the user, and then performing context based posture checks using Zero Trust tags.

AntiVirus

Controls the visibility of the Security Profiles > AntiVirus menu, which allows you to remove viruses, analyze suspicious files with FortiSandbox, and apply botnet protection to network traffic. Set up antivirus profiles and add them to policies. This feature requires a subscription to FortiGuard AntiVirus.

Application Control

Controls the visibility of the Security Profiles > Application Control menu, which allows you to visualize and control the applications on your network. Set up application sensors and add them to policies. This feature requires a subscription to Application Control Signatures.

DNS Filter

Controls the visibility of the Security Profiles > DNS Filter men, which allows you to apply DNS category filtering, URL filtering to control a userʼs access to web resources. Set up DNS filter profiles and add them to policies or add them to a DNS server on a FortiProxy interface. Some features require a subscription to FortiGuard Web Filtering.

Endpoint Control

Allows access block for endpoints (PCs, iOS devices, Android devices) through the FortiProxy unit unless they meet security requirements. Enforces the use of FortiClient on the endpoints. Sends non-compliant endpoints to the FortiClient download portal to install the latest version. Setup Endpoint Control on FortiClient EMS. Requires FortiClient licenses.

File Filter

Controls the visibility of the Security Profiles > File Filter menu, which allows you to block files passing through based on file type based on the file's metadata only and not on file size or file content. A DLP profile must be configured to block files based on size or content, such as SSN numbers, credit card numbers, or regular expression pattern. The file filter can be applied directly to policies.

Intrusion Prevention

Controls the visibility of the Security Profiles > Intrusion Prevention menu, which allows you to detect and block network-based attacks. You can set up IPS sensors and add them to policies. This feature requires a subscription to FortiGuard IPS.

Video Filter

Controls the visibility of the Security Profiles > Video Filter menu, which allows you to apply video filter rules to policies to control user's access to videos from different sources.

Web Filter

Controls the visibility of the Security Profiles > Web Filter menu, which allows you to apply web category filtering, URL filtering, and content filtering to control user's access to web resources. You can set up web filter profiles and add them to policies. Some features require a subscription to FortiGuard Web Filtering.

Advanced Endpoint Control

Allows FortiClient Device quarantine by enabling the display of On-Net options and status on GUI pages.

Allow Unnamed Policies

Relaxes the requirement for every policy to have a name when created in GUI.

DNS Database

Controls the visibility of the Network > DNS Service menu, which allows you to set up the FortiProxy unit as the DNS server for your network. You can add local DNS entries to the DNS database and forward other DNS lookups to external DNS servers.

An alternative way to set up a DNS server is to set up DNS Filter Profiles (under Security Profiles > DNS Filter) and add them to DNS Server on a FortiProxy interface.

Implicit Firewall Policies

Firewall policy lists end with an implicit policy that denies all traffic. Enable this feature to see these policies on firewall policy lists in the GUI. You can edit an implicit policy and enable logging to record log messages when the implicit policy denies a session.

Multiple Interface Policies

Allows the configuration of policies with multiple source/destination interfaces. See Create or edit a policy.

Operational Technology (OT)

Controls the visibility of the Security Fabric > Asset Identity Center > OT View tab, which provides an OT mapping layout to browse assets by Purdue level.

Policy Advanced Options

Controls the visibility of advanced options when you create a policy in the GUI, such as the Negate Destination option. See Create or edit a policy.

Policy Disclaimer

Controls the visibility of the Policy Disclaimer option, which allows the user to enable a disclaimer on an allow policy, or a block notification on a deny policy. See Create or edit a policy.

Threat Weight Tracking

Controls the visibility of the Log & Report > Log Settings > Threat Weight tab, which includes the Threats option for FortiView and shows UTM events sorted using a weighted severity system.

Traffic Shaping

Controls the visibility of the Policy & Objects > Traffic Shaping menu, which allows you to configure policies to define how specific types of traffic are shaped by the FortiProxy unit.