Fortinet black logo

New Features

Home FortiManager 7.0.0 New Features

FortiManager centrally manage FortiProxy devices in the FortiProxy ADOM type 7.0.3

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.7
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID c54fdd80-4935-11eb-b9ad-00505692583a:941807
Download PDF

FortiManager centrally manage FortiProxy devices in the FortiProxy ADOM type 7.0.3

Starting in FortiManager 7.0.3, FortiManager can centrally manage FortiProxy devices in the FortiProxy ADOM type.

FortiProxy policies

In the FortiProxy ADOM, go to Policy & Objects > Policy Packages and edit a FortiProxy policy.

  • Policy Types:
    When creating a firewall policy in a FortiProxy ADOM, you can select one of six policy types. The options available while configuring the policy settings will vary depending on the option selected. By default, the policy type is set to Transparent.
    For details on each of the policy types, please see the FortiProxy 7.0 Administration Guide.
  • Actions:
    Another difference for IPv4 policies is that the Action field includes two additional options: Redirect and Isolate.
    • Selecting Redirect will remove some options that are not supported by this action. The Redirect action requires you to input the Redirect URL.
    • The Isolate action requires you to input the Isolate Server. Isolate Server accepts existing objects, or users can create a new object from this page by clicking on the add icon located in the object selector.
  • WAN Optimization:
    Depending on the selected policy type, users can enabled WAN Optimization by clicking on the checkbox in Status. Once the checkbox has been clicked, the additional Active, Passive, and Manual status options appear, and you can select the Profile from the object selector.
  • Web Proxy Profile and Forwarding Server:
    Another feature available in IPv4 policies is the explicit Web Proxy Profile and Forwarding Server. Both features allow users to select from existing objects or create new objects from the same page.

Central NAT

If by default Central NAT is not enabled, users can edit or create a policy package to enable it for that policy package.

The FortiProxy Central SNAT form closely resembles the standard FortiOS form with a few minor differences. FortiProxy Central SNAT introduces the required Action selection. When Bypass or Masquerade is selected, no additional input is required. When IP Pools is selected, you must select the NAT IP Pool object. Users can create a new IP pool or use an existing one.

Depending on whether the Central SNAT type is IPv4 or IPv6, inputs will be replaced with their respective units. For example Source Address and Destination Address are replaced with Source IPv6 Address and Destination IPv6 Address.

PAC policies

PAC policies are specific to FortiProxy platforms and can only be configured in a FortiProxy ADOM. The Policy ID has to be in a range of 1 to 100. For additional information on PAC Policies, please see the FortiProxy 7.0 Administration Guide.

Explicit web proxy

The explicit web proxy feature is only supported through CLI Only Objects. Unlike FortiOS which only includes single explicit web proxy support, FortiProxy extends the web proxy feature to include more than one object. To configure the explicit web proxy objects, go to Policy & Objects > Object Configurations > CLI Only Objects. Once the object is created, you can select it from the Create/Edit Policy page.

Content analysis

New and enhanced features have been introduced for content analysis. You can find three tables related to ICAP: Profile, Remote Server, and Load Balancing.

  • ICAP Profile:
    You can configure an ICAP Profile at Policy & Objects > Object Configurations > Content Analysis > ICAP Profile.

  • ICAP Remote Server:
    You can configure an ICAP Remote Server at Policy & Objects > Object Configurations > Content Analysis > ICAP Remote Server. When configuring the ICAP Remote Server, the IP Address field will be replaced depending on the selected Address Type.

  • ICAP Load Balancing:
    You can configure an ICAP Load Balancing at Policy & Objects > Object Configurations > Content Analysis > ICAP Load Balancing.

Web Cache

To configure web cache features, go to the Device Manager and select a managed device to access the Device Database. In the Device Database, web cache settings can be configured in the CLI Configurations menu.

Import FortiProxy images in FortiGuard

In FortiGuard > Firmware Images, you can locally import FortiProxy images that can be used to upgrade managed FortiProxy devices.

Previous
Next

FortiManager centrally manage FortiProxy devices in the FortiProxy ADOM type 7.0.3

Starting in FortiManager 7.0.3, FortiManager can centrally manage FortiProxy devices in the FortiProxy ADOM type.

FortiProxy policies

In the FortiProxy ADOM, go to Policy & Objects > Policy Packages and edit a FortiProxy policy.

  • Policy Types:
    When creating a firewall policy in a FortiProxy ADOM, you can select one of six policy types. The options available while configuring the policy settings will vary depending on the option selected. By default, the policy type is set to Transparent.
    For details on each of the policy types, please see the FortiProxy 7.0 Administration Guide.
  • Actions:
    Another difference for IPv4 policies is that the Action field includes two additional options: Redirect and Isolate.
    • Selecting Redirect will remove some options that are not supported by this action. The Redirect action requires you to input the Redirect URL.
    • The Isolate action requires you to input the Isolate Server. Isolate Server accepts existing objects, or users can create a new object from this page by clicking on the add icon located in the object selector.
  • WAN Optimization:
    Depending on the selected policy type, users can enabled WAN Optimization by clicking on the checkbox in Status. Once the checkbox has been clicked, the additional Active, Passive, and Manual status options appear, and you can select the Profile from the object selector.
  • Web Proxy Profile and Forwarding Server:
    Another feature available in IPv4 policies is the explicit Web Proxy Profile and Forwarding Server. Both features allow users to select from existing objects or create new objects from the same page.

Central NAT

If by default Central NAT is not enabled, users can edit or create a policy package to enable it for that policy package.

The FortiProxy Central SNAT form closely resembles the standard FortiOS form with a few minor differences. FortiProxy Central SNAT introduces the required Action selection. When Bypass or Masquerade is selected, no additional input is required. When IP Pools is selected, you must select the NAT IP Pool object. Users can create a new IP pool or use an existing one.

Depending on whether the Central SNAT type is IPv4 or IPv6, inputs will be replaced with their respective units. For example Source Address and Destination Address are replaced with Source IPv6 Address and Destination IPv6 Address.

PAC policies

PAC policies are specific to FortiProxy platforms and can only be configured in a FortiProxy ADOM. The Policy ID has to be in a range of 1 to 100. For additional information on PAC Policies, please see the FortiProxy 7.0 Administration Guide.

Explicit web proxy

The explicit web proxy feature is only supported through CLI Only Objects. Unlike FortiOS which only includes single explicit web proxy support, FortiProxy extends the web proxy feature to include more than one object. To configure the explicit web proxy objects, go to Policy & Objects > Object Configurations > CLI Only Objects. Once the object is created, you can select it from the Create/Edit Policy page.

Content analysis

New and enhanced features have been introduced for content analysis. You can find three tables related to ICAP: Profile, Remote Server, and Load Balancing.

  • ICAP Profile:
    You can configure an ICAP Profile at Policy & Objects > Object Configurations > Content Analysis > ICAP Profile.

  • ICAP Remote Server:
    You can configure an ICAP Remote Server at Policy & Objects > Object Configurations > Content Analysis > ICAP Remote Server. When configuring the ICAP Remote Server, the IP Address field will be replaced depending on the selected Address Type.

  • ICAP Load Balancing:
    You can configure an ICAP Load Balancing at Policy & Objects > Object Configurations > Content Analysis > ICAP Load Balancing.

Web Cache

To configure web cache features, go to the Device Manager and select a managed device to access the Device Database. In the Device Database, web cache settings can be configured in the CLI Configurations menu.

Import FortiProxy images in FortiGuard

In FortiGuard > Firmware Images, you can locally import FortiProxy images that can be used to upgrade managed FortiProxy devices.

Previous
Next