Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

Download PDF
Copy Link

FortiProxy settings

The <fortiproxy></fortiproxy> XML tags contain FortiProxy information. FortiProxy is responsible for HTTP/HTTPS filtering and SMTP/POP3 AV scanning. Use these settings to configure FortiProxy’s behavior.

<forticlient_configuration>

<system>

<fortiproxy>

<enabled>1</enabled>

<enable_https_proxy>1</enable_https_proxy>

<http_timeout>60</http_timeout>

<client_comforting>

<pop3_client>1</pop3_client>

<pop3_server>1</pop3_server>

<smtp>1</smtp>

</client_comforting>

<selftest>

<enabled>0</enabled>

<last_port>-172</last_port>

<notify>0</notify>

</selftest>

</fortiproxy>

</system>

</forticlient_configuration>

The following table provides the XML tags for FortiProxy settings, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<enabled>

Enable FortiProxy. When set to 0, FortiProxy is disabled. HTTP/HTTPS filtering and SMTP/POP3 AV scanning are disabled.

Boolean value: [0 | 1]

1

<enable_https_proxy>

Enable HTTPS proxy. When the Boolean value is set to 0, FortiProxy is unable to perform filtering on HTTPS traffic.

Boolean value: [0 | 1]

1

<http_timeout>

Connection timeout in seconds. FortiProxy determines if the remote server is available based on this timeout value. Lower this timeout value if your client requires a faster fail response.

60

<client_comforting> elements

Some email clients require continuous response from the server or a connection error may be triggered. Use these settings to enable this feature.

<pop3_client>

Enable POP3 client comforting. Client comforting helps to prevent POP3 clients from complaining that the server has not responded in time.

Boolean value: [0 | 1]

1

<pop3_server>

Enable POP3 server comforting. Server comforting helps to prevent POP3 servers from complaining that the client has not responded in time. This may be used in a situation where FortiClient is installed on a mail server.

Boolean value: [0 | 1]

1

<smtp>

Enable SMTP client comforting. SMTP comforting helps to prevent SMTP clients from complaining that the server has not responded in time.

Boolean value: [0 | 1]

1

<selftest> elements

FortiProxy can detect if other software is disrupting internal traffic between FortiProxy's internal modules. It does this by sending packets periodically to 1.1.1.1, which are intercepted by FortiClient and dropped (they never leave the computer). If the packets are not detected, then it is deemed highly likely that third party software is intercepting the packets, signaling that FortiProxy is not able to perform regular traffic filtering.

<enabled>

Enable self tests. FortiProxy periodically checks its own connectivity to determine if it is able to proxy other applications' traffic.

Boolean value: [0 | 1]

1

<last_port>

Last port number used. This is the highest port number you want to allow FortiProxy to listen on. Use to prevent FortiProxy from binding to another port that another service normally uses.

Port range: 65535 to 10000

65535

<notify>

When enabled, the user sees a bubble notification when self-testing detects that a third party program has blocked HTTP/HTTPS filtering and SMTP/POP3 AV scanning.

Boolean value: [0 | 1]

1

FortiProxy settings

The <fortiproxy></fortiproxy> XML tags contain FortiProxy information. FortiProxy is responsible for HTTP/HTTPS filtering and SMTP/POP3 AV scanning. Use these settings to configure FortiProxy’s behavior.

<forticlient_configuration>

<system>

<fortiproxy>

<enabled>1</enabled>

<enable_https_proxy>1</enable_https_proxy>

<http_timeout>60</http_timeout>

<client_comforting>

<pop3_client>1</pop3_client>

<pop3_server>1</pop3_server>

<smtp>1</smtp>

</client_comforting>

<selftest>

<enabled>0</enabled>

<last_port>-172</last_port>

<notify>0</notify>

</selftest>

</fortiproxy>

</system>

</forticlient_configuration>

The following table provides the XML tags for FortiProxy settings, as well as the descriptions and default values where applicable.

XML tag

Description

Default value

<enabled>

Enable FortiProxy. When set to 0, FortiProxy is disabled. HTTP/HTTPS filtering and SMTP/POP3 AV scanning are disabled.

Boolean value: [0 | 1]

1

<enable_https_proxy>

Enable HTTPS proxy. When the Boolean value is set to 0, FortiProxy is unable to perform filtering on HTTPS traffic.

Boolean value: [0 | 1]

1

<http_timeout>

Connection timeout in seconds. FortiProxy determines if the remote server is available based on this timeout value. Lower this timeout value if your client requires a faster fail response.

60

<client_comforting> elements

Some email clients require continuous response from the server or a connection error may be triggered. Use these settings to enable this feature.

<pop3_client>

Enable POP3 client comforting. Client comforting helps to prevent POP3 clients from complaining that the server has not responded in time.

Boolean value: [0 | 1]

1

<pop3_server>

Enable POP3 server comforting. Server comforting helps to prevent POP3 servers from complaining that the client has not responded in time. This may be used in a situation where FortiClient is installed on a mail server.

Boolean value: [0 | 1]

1

<smtp>

Enable SMTP client comforting. SMTP comforting helps to prevent SMTP clients from complaining that the server has not responded in time.

Boolean value: [0 | 1]

1

<selftest> elements

FortiProxy can detect if other software is disrupting internal traffic between FortiProxy's internal modules. It does this by sending packets periodically to 1.1.1.1, which are intercepted by FortiClient and dropped (they never leave the computer). If the packets are not detected, then it is deemed highly likely that third party software is intercepting the packets, signaling that FortiProxy is not able to perform regular traffic filtering.

<enabled>

Enable self tests. FortiProxy periodically checks its own connectivity to determine if it is able to proxy other applications' traffic.

Boolean value: [0 | 1]

1

<last_port>

Last port number used. This is the highest port number you want to allow FortiProxy to listen on. Use to prevent FortiProxy from binding to another port that another service normally uses.

Port range: 65535 to 10000

65535

<notify>

When enabled, the user sees a bubble notification when self-testing detects that a third party program has blocked HTTP/HTTPS filtering and SMTP/POP3 AV scanning.

Boolean value: [0 | 1]

1