Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.4.15
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config web-proxy global

    config web-proxy global

    Configure Web proxy global settings.

    config web-proxy global
    Description: Configure Web proxy global settings.
    set fast-policy-match [enable|disable]
    set forward-proxy-auth [enable|disable]
    set forward-server-affinity-timeout {integer}
    set learn-client-ip [enable|disable]
    set learn-client-ip-from-header {option1}, {option2}, ...
    set learn-client-ip-srcaddr <name1>, <name2>, ...
    set learn-client-ip-srcaddr6 <name1>, <name2>, ...
    set max-message-length {integer}
    set max-request-length {integer}
    set max-waf-body-cache-length {integer}
    set proxy-fqdn {string}
    set ssl-ca-cert {string}
    set ssl-cert {string}
    set strict-web-check [enable|disable]
    set webproxy-profile {string}
end

    config web-proxy global

    Parameter

    Description

    Type

    Size

    Default

    fast-policy-match

    Enable/disable fast matching algorithm for explicit and transparent proxy policy.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    forward-proxy-auth

    Enable/disable forwarding proxy authentication headers.

    option

    -

    disable

    Option

    Description

    enable

    Enable forwarding proxy authentication headers.

    disable

    Disable forwarding proxy authentication headers.

    forward-server-affinity-timeout

    Period of time before the source IP's traffic is no longer assigned to the forwarding server.

    integer

    Minimum value: 6 Maximum value: 60

    30

    learn-client-ip

    Enable/disable learning the client's IP address from headers.

    option

    -

    disable

    Option

    Description

    enable

    Enable learning the client's IP address from headers.

    disable

    Disable learning the client's IP address from headers.

    learn-client-ip-from-header

    Learn client IP address from the specified headers.

    option

    -

    Option

    Description

    true-client-ip

    Learn the client IP address from the True-Client-IP header.

    x-real-ip

    Learn the client IP address from the X-Real-IP header.

    x-forwarded-for

    Learn the client IP address from the X-Forwarded-For header.

    learn-client-ip-srcaddr <name>

    Source address name (srcaddr or srcaddr6 must be set).

    Address name.

    string

    Maximum length: 79

    learn-client-ip-srcaddr6 <name>

    IPv6 Source address name (srcaddr or srcaddr6 must be set).

    Address name.

    string

    Maximum length: 79

    max-message-length

    Maximum length of HTTP message, not including body.

    integer

    Minimum value: 16 Maximum value: 256

    32

    max-request-length

    Maximum length of HTTP request line.

    integer

    Minimum value: 2 Maximum value: 64

    8

    max-waf-body-cache-length

    Maximum length of HTTP messages processed by Web Application Firewall.

    integer

    Minimum value: 10 Maximum value: 1024

    32

    proxy-fqdn

    Fully Qualified Domain Name to connect to the explicit web proxy.

    string

    Maximum length: 255

    default.fqdn

    ssl-ca-cert

    SSL CA certificate for SSL interception.

    string

    Maximum length: 35

    Fortinet_CA_SSL

    ssl-cert

    SSL certificate for SSL interception.

    string

    Maximum length: 35

    Fortinet_Factory

    strict-web-check

    Enable/disable strict web checking to block web sites that send incorrect headers that don't conform to HTTP 1.1.

    option

    -

    disable

    Option

    Description

    enable

    Enable strict web checking.

    disable

    Disable strict web checking.

    webproxy-profile

    Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy.

    string

    Maximum length: 63

    Previous
    Next

    config web-proxy global

    config web-proxy global

    Configure Web proxy global settings.

    config web-proxy global
    Description: Configure Web proxy global settings.
    set fast-policy-match [enable|disable]
    set forward-proxy-auth [enable|disable]
    set forward-server-affinity-timeout {integer}
    set learn-client-ip [enable|disable]
    set learn-client-ip-from-header {option1}, {option2}, ...
    set learn-client-ip-srcaddr <name1>, <name2>, ...
    set learn-client-ip-srcaddr6 <name1>, <name2>, ...
    set max-message-length {integer}
    set max-request-length {integer}
    set max-waf-body-cache-length {integer}
    set proxy-fqdn {string}
    set ssl-ca-cert {string}
    set ssl-cert {string}
    set strict-web-check [enable|disable]
    set webproxy-profile {string}
end

    config web-proxy global

    Parameter

    Description

    Type

    Size

    Default

    fast-policy-match

    Enable/disable fast matching algorithm for explicit and transparent proxy policy.

    option

    -

    enable

    Option

    Description

    enable

    Enable setting.

    disable

    Disable setting.

    forward-proxy-auth

    Enable/disable forwarding proxy authentication headers.

    option

    -

    disable

    Option

    Description

    enable

    Enable forwarding proxy authentication headers.

    disable

    Disable forwarding proxy authentication headers.

    forward-server-affinity-timeout

    Period of time before the source IP's traffic is no longer assigned to the forwarding server.

    integer

    Minimum value: 6 Maximum value: 60

    30

    learn-client-ip

    Enable/disable learning the client's IP address from headers.

    option

    -

    disable

    Option

    Description

    enable

    Enable learning the client's IP address from headers.

    disable

    Disable learning the client's IP address from headers.

    learn-client-ip-from-header

    Learn client IP address from the specified headers.

    option

    -

    Option

    Description

    true-client-ip

    Learn the client IP address from the True-Client-IP header.

    x-real-ip

    Learn the client IP address from the X-Real-IP header.

    x-forwarded-for

    Learn the client IP address from the X-Forwarded-For header.

    learn-client-ip-srcaddr <name>

    Source address name (srcaddr or srcaddr6 must be set).

    Address name.

    string

    Maximum length: 79

    learn-client-ip-srcaddr6 <name>

    IPv6 Source address name (srcaddr or srcaddr6 must be set).

    Address name.

    string

    Maximum length: 79

    max-message-length

    Maximum length of HTTP message, not including body.

    integer

    Minimum value: 16 Maximum value: 256

    32

    max-request-length

    Maximum length of HTTP request line.

    integer

    Minimum value: 2 Maximum value: 64

    8

    max-waf-body-cache-length

    Maximum length of HTTP messages processed by Web Application Firewall.

    integer

    Minimum value: 10 Maximum value: 1024

    32

    proxy-fqdn

    Fully Qualified Domain Name to connect to the explicit web proxy.

    string

    Maximum length: 255

    default.fqdn

    ssl-ca-cert

    SSL CA certificate for SSL interception.

    string

    Maximum length: 35

    Fortinet_CA_SSL

    ssl-cert

    SSL certificate for SSL interception.

    string

    Maximum length: 35

    Fortinet_Factory

    strict-web-check

    Enable/disable strict web checking to block web sites that send incorrect headers that don't conform to HTTP 1.1.

    option

    -

    disable

    Option

    Description

    enable

    Enable strict web checking.

    disable

    Disable strict web checking.

    webproxy-profile

    Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy.

    string

    Maximum length: 63

    Previous
    Next