Fortinet white logo
Fortinet white logo

Administration Guide

Proxy policy security profiles

Proxy policy security profiles

Web proxy policies support most security profile types.

Note

Security profiles must be created before they can be used in a policy, see Security Profiles for information.

Explicit web proxy policy

The security profiles supported by explicit web proxy policies are:

  • AntiVirus

  • Web Filter

  • Video Filter

  • DNS Filter

  • Application Control

  • IPS

  • DLP Profile

  • ICAP

  • Web Application Firewall

  • File Filter

  • SSL Inspection

To configure security profiles on an explicit web proxy policy in the GUI:
  1. Go to Policy & Objects > Proxy Policy.

  2. Click Create New.

  3. Set the following:

    Proxy Type

    Explicit Web

    Outgoing Interface

    port1

    Source

    all

    Destination

    all

    Schedule

    always

    Service

    webproxy

    Action

    ACCEPT

  4. In the Firewall / Network Options section, set Protocol Options to default.

  5. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):

    AntiVirus

    av

    Web Filter

    urlfiler

    Application Control

    app

    IPS

    Sensor-1

    DLP Profile

    dlp

    ICAP

    default

    Web Application Firewall

    default

    SSL Inspection

    deep-inspection

  6. Click OK to create the policy.

To configure security profiles on an explicit web proxy policy in the CLI:
config firewall proxy-policy
    edit 1
        set proxy explicit-web
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set service "web"
        set action accept
        set schedule "always"
        set utm-status enable
        set av-profile "av"
        set webfilter-profile "urlfilter"
        set dlp-profile "dlp"
        set ips-sensor "sensor-1"
        set application-list "app"
        set icap-profile "default"
        set waf-profile "default"
        set ssl-ssh-profile "deep-inspection"
    next
end

Transparent proxy

The security profiles supported by transparent proxy policies are:

  • AntiVirus

  • Web Filter

  • Video Filter

  • DNS Filter

  • Application Control

  • IPS

  • DLP Profile

  • ICAP

  • Web Application Firewall

  • File Filter

  • SSL Inspection

To configure security profiles on a transparent proxy policy in the GUI:
  1. Go to Policy & Objects > Proxy Policy.

  2. Click Create New.

  3. Set the following:

    Proxy Type

    Transparent Web

    Incoming Interfae

    port2

    Outgoing Interface

    port1

    Source

    all

    Destination

    all

    Schedule

    always

    Service

    webproxy

    Action

    ACCEPT

  4. In the Firewall / Network Options section, set Protocol Options to default.

  5. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):

    AntiVirus

    av

    Web Filter

    urlfiler

    Application Control

    app

    IPS

    Sensor-1

    DLP Profile

    dlp

    ICAP

    default

    Web Application Firewall

    default

    SSL Inspection

    deep-inspection

  6. Click OK to create the policy.

To configure security profiles on a transparent proxy policy in the CLI:
config firewall proxy-policy
    edit 2
        set proxy transparent-web
        set srcintf "port2"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set service "webproxy"
        set action accept
        set schedule "always"
        set utm-status enable
        set av-profile "av"
        set webfilter-profile "urlfilter"
        set dlp-profile "dlp"
        set ips-sensor "sensor-1"
        set application-list "app"
        set icap-profile "default"
        set waf-profile "default"
        set ssl-ssh-profile "certificate-inspection"
    next
end

FTP proxy

The security profiles supported by FTP proxy policies are:

  • AntiVirus
  • Application Control
  • IPS
  • File Filter
  • DLP Profile
To configure security profiles on an FTP proxy policy in the GUI:
  1. Go to Policy & Objects > Proxy Policy.

  2. Click Create New.

  3. Set the following:

    Proxy Type

    FTP

    Outgoing Interface

    port1

    Source

    all

    Destination

    all

    Schedule

    always

    Action

    ACCEPT

  4. In the Firewall / Network Options section, set Protocol Options to default.

  5. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):

    AntiVirus

    av

    Application Control

    app

    IPS

    Sensor-1

    DLP Profile

    dlp

  6. Click OK to create the policy.

To configure security profiles on an FTP proxy policy in the CLI:
config firewall proxy-policy
    edit 3
        set proxy ftp
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set utm-status enable
        set av-profile "av"
        set dlp-profile "dlp"
        set ips-sensor "sensor-1"
        set application-list "app"
    next
end

Proxy policy security profiles

Proxy policy security profiles

Web proxy policies support most security profile types.

Note

Security profiles must be created before they can be used in a policy, see Security Profiles for information.

Explicit web proxy policy

The security profiles supported by explicit web proxy policies are:

  • AntiVirus

  • Web Filter

  • Video Filter

  • DNS Filter

  • Application Control

  • IPS

  • DLP Profile

  • ICAP

  • Web Application Firewall

  • File Filter

  • SSL Inspection

To configure security profiles on an explicit web proxy policy in the GUI:
  1. Go to Policy & Objects > Proxy Policy.

  2. Click Create New.

  3. Set the following:

    Proxy Type

    Explicit Web

    Outgoing Interface

    port1

    Source

    all

    Destination

    all

    Schedule

    always

    Service

    webproxy

    Action

    ACCEPT

  4. In the Firewall / Network Options section, set Protocol Options to default.

  5. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):

    AntiVirus

    av

    Web Filter

    urlfiler

    Application Control

    app

    IPS

    Sensor-1

    DLP Profile

    dlp

    ICAP

    default

    Web Application Firewall

    default

    SSL Inspection

    deep-inspection

  6. Click OK to create the policy.

To configure security profiles on an explicit web proxy policy in the CLI:
config firewall proxy-policy
    edit 1
        set proxy explicit-web
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set service "web"
        set action accept
        set schedule "always"
        set utm-status enable
        set av-profile "av"
        set webfilter-profile "urlfilter"
        set dlp-profile "dlp"
        set ips-sensor "sensor-1"
        set application-list "app"
        set icap-profile "default"
        set waf-profile "default"
        set ssl-ssh-profile "deep-inspection"
    next
end

Transparent proxy

The security profiles supported by transparent proxy policies are:

  • AntiVirus

  • Web Filter

  • Video Filter

  • DNS Filter

  • Application Control

  • IPS

  • DLP Profile

  • ICAP

  • Web Application Firewall

  • File Filter

  • SSL Inspection

To configure security profiles on a transparent proxy policy in the GUI:
  1. Go to Policy & Objects > Proxy Policy.

  2. Click Create New.

  3. Set the following:

    Proxy Type

    Transparent Web

    Incoming Interfae

    port2

    Outgoing Interface

    port1

    Source

    all

    Destination

    all

    Schedule

    always

    Service

    webproxy

    Action

    ACCEPT

  4. In the Firewall / Network Options section, set Protocol Options to default.

  5. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):

    AntiVirus

    av

    Web Filter

    urlfiler

    Application Control

    app

    IPS

    Sensor-1

    DLP Profile

    dlp

    ICAP

    default

    Web Application Firewall

    default

    SSL Inspection

    deep-inspection

  6. Click OK to create the policy.

To configure security profiles on a transparent proxy policy in the CLI:
config firewall proxy-policy
    edit 2
        set proxy transparent-web
        set srcintf "port2"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set service "webproxy"
        set action accept
        set schedule "always"
        set utm-status enable
        set av-profile "av"
        set webfilter-profile "urlfilter"
        set dlp-profile "dlp"
        set ips-sensor "sensor-1"
        set application-list "app"
        set icap-profile "default"
        set waf-profile "default"
        set ssl-ssh-profile "certificate-inspection"
    next
end

FTP proxy

The security profiles supported by FTP proxy policies are:

  • AntiVirus
  • Application Control
  • IPS
  • File Filter
  • DLP Profile
To configure security profiles on an FTP proxy policy in the GUI:
  1. Go to Policy & Objects > Proxy Policy.

  2. Click Create New.

  3. Set the following:

    Proxy Type

    FTP

    Outgoing Interface

    port1

    Source

    all

    Destination

    all

    Schedule

    always

    Action

    ACCEPT

  4. In the Firewall / Network Options section, set Protocol Options to default.

  5. In the Security Profiles section, make the following selections (for this example, these profiles have all already been created):

    AntiVirus

    av

    Application Control

    app

    IPS

    Sensor-1

    DLP Profile

    dlp

  6. Click OK to create the policy.

To configure security profiles on an FTP proxy policy in the CLI:
config firewall proxy-policy
    edit 3
        set proxy ftp
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set utm-status enable
        set av-profile "av"
        set dlp-profile "dlp"
        set ips-sensor "sensor-1"
        set application-list "app"
    next
end