Explicit proxy and FortiSandbox Cloud
Explicit proxy connections can leverage FortiSandbox Cloud for advanced threat scanning and updates. This allows FortiGates behind isolated networks to connect to FortiCloud services.
To configure FortiGuard services to communicate with an explicit proxy server:
config system fortiguard set proxy-server-ip 172.16.200.44 set proxy-server-port 3128 set proxy-username "test1" set proxy-password ENC Y0+KTg9UsILkv8+nDe+Pe3VlnlaHUMzLkfAXLATknW/xm/Xv7EdZHTnua1djM+waZA1vxCh8LV7Ci4sEhj/PABSTShStxskEn3E1+CjxviwVSljgF6AD+zJZF/+4jkspq+PogZT3LVO68+kqsPdU4rikuy1BbnsbZcPxC/MJyuIx7343bdKYqp+IUprQUR2wf8tiMg== end
To verify the explicit proxy connection to FortiSandbox Cloud:
# diagnose debug application forticldd -1 Debug messages will be on for 30 minutes. # diagnose debug enable [2942] fds_handle_request: Received cmd 23 from pid-2526, len 0 [40] fds_queue_task: req-23 is added to Cloud-sandbox-controller [178] fds_svr_default_task_xmit: try to get IPs for Cloud-sandbox-controller [239] fds_resolv_addr: resolve aptctrl1.fortinet.com [169] fds_get_addr: name=aptctrl1.fortinet.com, id=32, cb=0x2bc089 [101] dns_parse_resp: DNS aptctrl1.fortinet.com -> 172.16.102.21 [227] fds_resolv_cb: IP-1: 172.16.102.21 [665] fds_ctx_set_addr: server: 172.16.102.21:443 [129] fds_svr_default_pickup_server: Cloud-sandbox-controller: 172.16.102.21:443 [587] fds_https_start_server: server: 172.16.102.21:443 [579] ssl_new: SSL object is created [117] https_create: proxy server 172.16.200.44 port:3128 [519] fds_https_connect: https_connect(172.16.102.21) is established. [261] fds_svr_default_on_established: Cloud-sandbox-controller has connected to ip=172.16.102.21 [268] fds_svr_default_on_established: server-Cloud-sandbox-controller handles cmd-23 [102] fds_pack_objects: number of objects: 1 [75] fds_print_msg: FCPC: len=109 [81] fds_print_msg: Protocol=2.0 [81] fds_print_msg: Command=RegionList [81] fds_print_msg: Firmware=FG101E-FW-6.02-0917 [81] fds_print_msg: SerialNumber=FG101E4Q17002429 [81] fds_print_msg: TimeZone=-7 [75] fds_print_msg: http req: len=248 [81] fds_print_msg: POST https://172.16.102.21:443/FCPService HTTP/1.1 [81] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) [81] fds_print_msg: Host: 172.16.102.21:443 [81] fds_print_msg: Cache-Control: no-cache [81] fds_print_msg: Connection: close [81] fds_print_msg: Content-Type: application/octet-stream [81] fds_print_msg: Content-Length: 301 [524] fds_https_connect: http request to 172.16.102.21: header=248, ext=301. [257] fds_https_send: sent 248 bytes: pos=0, len=248 [265] fds_https_send: 172.16.102.21: sent 248 byte header, now send 301-byte body [257] fds_https_send: sent 301 bytes: pos=0, len=301 [273] fds_https_send: sent the entire request to server: 172.16.102.21:443 [309] fds_https_recv: read 413 bytes: pos=413, buf_len=2048 [332] fds_https_recv: received the header from server: 172.16.102.21:443, [HTTP/1.1 200 Content-Type: application/octet-stream Content-Length: 279 Date: Thu, 20 Jun 2019 16:41:11 GMT Connection: close] [396] fds_https_recv: Do memmove buf_len=279, pos=279 [406] fds_https_recv: server: 172.16.102.21:443, buf_len=279, pos=279 [453] fds_https_recv: received a packet from server-172.16.102.21:443: sz=279, objs=1 [194] __ssl_data_ctx_free: Done [839] ssl_free: Done [830] ssl_disconnect: Shutdown [481] fds_https_recv: obj-0: type=FCPR, len=87 [294] fds_svr_default_on_response: server-Cloud-sandbox-controller handles cmd-23 [75] fds_print_msg: fcpr: len=83 [81] fds_print_msg: Protocol=2.0 [81] fds_print_msg: Response=202 [81] fds_print_msg: ResponseItem=Region:Europe,Global,Japan,US [81] fds_print_msg: existing:Japan [3220] aptctrl_region_res: Got rsp: Region:Europe,Global,Japan,US [3222] aptctrl_region_res: Got rsp: Region existing:Japan [439] fds_send_reply: Sending 28 bytes data. [395] fds_free_tsk: cmd=23; req.noreply=1 # [136] fds_on_sys_fds_change: trace [2942] fds_handle_request: Received cmd 22 from pid-170, len 0 [40] fds_queue_task: req-22 is added to Cloud-sandbox-controller [587] fds_https_start_server: server: 172.16.102.21:443 [579] ssl_new: SSL object is created [117] https_create: proxy server 172.16.200.44 port:3128 [519] fds_https_connect: https_connect(172.16.102.21) is established. [261] fds_svr_default_on_established: Cloud-sandbox-controller has connected to ip=172.16.102.21 [268] fds_svr_default_on_established: server-Cloud-sandbox-controller handles cmd-22 [102] fds_pack_objects: number of objects: 1 [75] fds_print_msg: FCPC: len=146 [81] fds_print_msg: Protocol=2.0 [81] fds_print_msg: Command=UpdateAPT [81] fds_print_msg: Firmware=FG101E-FW-6.02-0917 [81] fds_print_msg: SerialNumber=FG101E4Q17002429 [81] fds_print_msg: TimeZone=-7 [81] fds_print_msg: TimeZoneInMin=-420 [81] fds_print_msg: DataItem=Region:US [75] fds_print_msg: http req: len=248 [81] fds_print_msg: POST https://172.16.102.21:443/FCPService HTTP/1.1 [81] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) [81] fds_print_msg: Host: 172.16.102.21:443 [81] fds_print_msg: Cache-Control: no-cache [81] fds_print_msg: Connection: close [81] fds_print_msg: Content-Type: application/octet-stream [81] fds_print_msg: Content-Length: 338 [524] fds_https_connect: http request to 172.16.102.21: header=248, ext=338. [257] fds_https_send: sent 248 bytes: pos=0, len=248 [265] fds_https_send: 172.16.102.21: sent 248 byte header, now send 338-byte body [257] fds_https_send: sent 338 bytes: pos=0, len=338 [273] fds_https_send: sent the entire request to server: 172.16.102.21:443 [309] fds_https_recv: read 456 bytes: pos=456, buf_len=2048 [332] fds_https_recv: received the header from server: 172.16.102.21:443, [HTTP/1.1 200 Content-Type: application/octet-stream Content-Length: 322 Date: Thu, 20 Jun 2019 16:41:16 GMT Connection: close] [396] fds_https_recv: Do memmove buf_len=322, pos=322 [406] fds_https_recv: server: 172.16.102.21:443, buf_len=322, pos=322 [453] fds_https_recv: received a packet from server-172.16.102.21:443: sz=322, objs=1 [194] __ssl_data_ctx_free: Done [839] ssl_free: Done [830] ssl_disconnect: Shutdown [481] fds_https_recv: obj-0: type=FCPR, len=130 [294] fds_svr_default_on_response: server-Cloud-sandbox-controller handles cmd-22 [75] fds_print_msg: fcpr: len=126 [81] fds_print_msg: Protocol=2.0 [81] fds_print_msg: Response=202 [81] fds_print_msg: ResponseItem=Server1:172.16.102.51:514 [81] fds_print_msg: Server2:172.16.102.52:514 [81] fds_print_msg: Contract:20210215 [81] fds_print_msg: NextRequest:86400 [615] parse_apt_contract_time_str: The APTContract is valid to Mon Feb 15 23:59:59 2021 [616] parse_apt_contract_time_str: FGT current local time is Thu Jun 20 09:41:16 2019 [3289] aptctrl_update_res: Got rsp: APT=172.16.102.51:514 APTAlter=172.16.102.52:514 next-upd=86400 [395] fds_free_tsk: cmd=22; req.noreply=1