Options
You can change the following explicit web proxy options as required by your configuration.
HTTP port, HTTPS port, FTP port, PAC port
The TCP port that web browsers use to connect to the explicit proxy for HTTP, HTTPS, FTP and PAC services. The default port is 8080 for all services. By default HTTPS, FTP. and PAC use the same port as HTTP. You can change any of these ports as required. Users configuring their web browsers to use the explicit web proxy should add the same port numbers to their browser configurations.
Multi-port support for Explicit Proxy
Support exists for the use of multiple ports and port range in the explicit FTP or Web proxies. These changes have been added in both CLI and GUI.
CLI:
set http-incoming-port <port_low>[-<port_high>]
Where:
port_low
- the low value of the portport_high
- the high value of the port
The port_high
value can be omitted if port_low
and port_high
are the same.
Proxy FQDN
Enter the fully qualified domain name (FQDN) for the proxy server. This is the domain name to enter into browsers to access the proxy server.
Max HTTP request length
Enter the maximum length of an HTTP request in Kbytes. Larger requests will be rejected.
Max HTTP message length
Enter the maximum length of an HTTP message in Kbytes. Larger messages will be rejected.
Multiple incoming ports and port ranges
Web proxy can be configured to listen on multiple ports on the same IP as well as listen for HTTP and HTTPS on those same (or different) ports. This is done in the CLI.
Define the IP ranges using a hyphen (-). As shown below, port_high
is not necessary to specify if port_low
is equal to port_high
.
CLI syntax
config web-proxy explicit
set http-incoming-port <port_low> [-<port_high>]
end
Internet services
FortiOS can use the Internet Service Database (introduced in 5.4.1) as a web-proxy policy matching factor. This can only be done in the CLI.
CLI syntax:
config firewall proxy-policy
edit 0
set internet-service <application-id>
set internet-service-custom <application-name>
IP pools
IP Pools can be used with web proxy. When using this option of setting the IP pool name, the outgoing IP will be selected.
CLI syntax
config firewall proxy-policy
edit <example>
set poolname <name>
end