config web-proxy global
Configure Web proxy global settings.
config web-proxy global Description: Configure Web proxy global settings. set fast-policy-match [enable|disable] set forward-proxy-auth [enable|disable] set forward-server-affinity-timeout {integer} set ldap-user-cache [enable|disable] set learn-client-ip [enable|disable] set learn-client-ip-from-header {option1}, {option2}, ... set learn-client-ip-srcaddr <name1>, <name2>, ... set learn-client-ip-srcaddr6 <name1>, <name2>, ... set log-policy-pending [enable|disable] set max-message-length {integer} set max-request-length {integer} set max-waf-body-cache-length {integer} set policy-category-deep-inspect [enable|disable] set proxy-fqdn {string} set src-affinity-exempt-addr {ipv4-address-any} set src-affinity-exempt-addr6 {ipv6-address} set ssl-ca-cert {string} set ssl-cert {string} set strict-web-check [enable|disable] set webproxy-profile {string} end
config web-proxy global
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
fast-policy-match |
Enable/disable fast matching algorithm for explicit and transparent proxy policy. |
option |
- |
enable |
||||||||
|
|
|||||||||||
forward-proxy-auth |
Enable/disable forwarding proxy authentication headers. |
option |
- |
disable |
||||||||
|
|
|||||||||||
forward-server-affinity-timeout |
Period of time before the source IP's traffic is no longer assigned to the forwarding server. |
integer |
Minimum value: 6 Maximum value: 60 |
30 |
||||||||
ldap-user-cache |
Enable/disable LDAP user cache for explicit and transparent proxy user. |
option |
- |
disable |
||||||||
|
|
|||||||||||
learn-client-ip |
Enable/disable learning the client's IP address from headers. |
option |
- |
disable |
||||||||
|
|
|||||||||||
learn-client-ip-from-header |
Learn client IP address from the specified headers. |
option |
- |
|
||||||||
|
|
|||||||||||
learn-client-ip-srcaddr |
Source address name (srcaddr or srcaddr6 must be set). Address name. |
string |
Maximum length: 79 |
|
||||||||
learn-client-ip-srcaddr6 |
IPv6 Source address name (srcaddr or srcaddr6 must be set). Address name. |
string |
Maximum length: 79 |
|
||||||||
log-policy-pending |
Enable/disable logging sessions that are pending on policy matching. |
option |
- |
disable |
||||||||
|
|
|||||||||||
max-message-length |
Maximum length of HTTP message, not including body. |
integer |
Minimum value: 16 Maximum value: 256 |
32 |
||||||||
max-request-length |
Maximum length of HTTP request line. |
integer |
Minimum value: 2 Maximum value: 64 |
8 |
||||||||
max-waf-body-cache-length |
Maximum length of HTTP messages processed by Web Application Firewall. |
integer |
Minimum value: 10 Maximum value: 1024 |
32 |
||||||||
policy-category-deep-inspect |
Enable/disable deep inspection for application level category policy matching. |
option |
- |
enable |
||||||||
|
|
|||||||||||
proxy-fqdn |
Fully Qualified Domain Name to connect to the explicit web proxy. |
string |
Maximum length: 255 |
default.fqdn |
||||||||
src-affinity-exempt-addr |
IPv4 source addresses to exempt proxy affinity. |
ipv4-address-any |
Not Specified |
|
||||||||
src-affinity-exempt-addr6 |
IPv6 source addresses to exempt proxy affinity. |
ipv6-address |
Not Specified |
|
||||||||
ssl-ca-cert |
SSL CA certificate for SSL interception. |
string |
Maximum length: 35 |
Fortinet_CA_SSL |
||||||||
ssl-cert |
SSL certificate for SSL interception. |
string |
Maximum length: 35 |
Fortinet_Factory |
||||||||
strict-web-check |
Enable/disable strict web checking to block web sites that send incorrect headers that don't conform to HTTP 1.1. |
option |
- |
disable |
||||||||
|
|
|||||||||||
webproxy-profile |
Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. |
string |
Maximum length: 63 |
|