Fortinet black logo

Administration Guide

Home FortiProxy 7.0.0 Administration Guide
7.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Create or edit an explicit proxy

Create or edit an explicit proxy

Select Create New to open the Create Explicit Proxy window.

Select an explicit proxy configuration and then click Edit to open the Edit Explicit Proxy window.

Configure the following settings in the Explicit Proxy window and then click OK:

Name

Enter the name of the explicit web proxy configuration.

Interfaces

Select the interface or interfaces that are being monitored by the explicit web proxy from the drop-down list.

Status

This explicit web proxy configuration is enabled by default. Toggle to disable this explicit web proxy configuration.

HTTP Incoming IP

This field restricts the explicit HTTP proxy to accept sessions only from the specified IP address.

HTTP Incoming Port

Enter the port number that HTTP traffic from client web browsers use to connect to the explicit proxy for the specific protocol.

Explicit proxy users must configure their web browser’s protocols proxy settings to use this port. The default port is 8080. You can enter a maximum of eight ports. Separate multiple ports with a comma. The range of values is 1-65535.

HTTPS Incoming Port

Select Use HTTP Port or select Specify and then enter the port number that HTTPS traffic from client web browsers use to connect to the explicit proxy for the specific protocol.

Explicit proxy users must configure their web browser’s protocols proxy settings to use this port. You can enter a maximum of eight ports. Separate multiple ports with a comma. The range of values is 1-65535.

FTP Over HTTP

Select this checkbox to enable FTP over HTTP for the explicit web proxy. Then select Use HTTP Port or select Specify and enter the port number.

SOCKS Proxy

Select this checkbox to enable the SOCKS proxy. Then select Use HTTP Port or select Specify and enter the port number.

Prefer DNS Result

Select whether the DNS result uses an IPv4 or IPv6 address.

Unknown HTTP Version

You can select the action to take when the proxy server must handle an unknown HTTP version request or message. Set the unknown HTTP version to Best Effort, Reject, or Tunnel.

  • Best Effort attempts to handle the HTTP traffic as best as it can.

  • Reject treats known HTTP traffic as malformed and drops it.

SEC Default Action

Accept or deny explicit web proxy sessions when no web proxy firewall policy exists.

SSL Algorithm

Select the strength of the encryption algorithms accepted in HTTPS deep scan.

Authentication Realm

Enter an authentication realm to identify the explicit web proxy.

The realm can be any text string of up to 63 characters. If the realm includes spaces, you need to enclose it in quotes. When a user authenticates with the explicit web proxy, the HTTP authentication dialog box includes the realm so that you can use the realm to identify the explicitly web proxy for your users.

IPv6 Status

Toggle this setting if you want to use IPv6 addresses.

Return to Sender

Toggle this setting to allow the FortiProxy to remember the MAC address of the last hop and send responses to that MAC address instead of the default gateway.

PAC Status

Toggle this setting to use a proxy auto-config (PAC) file to define how web browsers can choose a proxy server for receiving HTTP content. PAC files include the FindProxyForURL(url, host) JavaScript function that returns a string with one or more access method specifications. These specifications cause the web browser to use a particular proxy server or to connect directly.

PAC Port

Select Use HTTP Port or select Specify and then enter the port number that traffic from client web browsers use to connect to the explicit proxy for the specific protocol. Explicit proxy users must configure their web browser’s protocols proxy settings to use this port.

PAC File Content

Select Edit to make changes to a PAC file that was previously uploaded or select Download and then select Save to save a copy of the PAC file.

API Preview

The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
note icon

The FTP over HTTP proxy engine supports PORT mode, FTP over HTTP CONNECT, and uploads through PUT (UTM scanning).
To use the API Preview:

  1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

  2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

  3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

  4. Click Close to leave the preview.

Previous
Next

Create or edit an explicit proxy

Select Create New to open the Create Explicit Proxy window.

Select an explicit proxy configuration and then click Edit to open the Edit Explicit Proxy window.

Configure the following settings in the Explicit Proxy window and then click OK:

Name

Enter the name of the explicit web proxy configuration.

Interfaces

Select the interface or interfaces that are being monitored by the explicit web proxy from the drop-down list.

Status

This explicit web proxy configuration is enabled by default. Toggle to disable this explicit web proxy configuration.

HTTP Incoming IP

This field restricts the explicit HTTP proxy to accept sessions only from the specified IP address.

HTTP Incoming Port

Enter the port number that HTTP traffic from client web browsers use to connect to the explicit proxy for the specific protocol.

Explicit proxy users must configure their web browser’s protocols proxy settings to use this port. The default port is 8080. You can enter a maximum of eight ports. Separate multiple ports with a comma. The range of values is 1-65535.

HTTPS Incoming Port

Select Use HTTP Port or select Specify and then enter the port number that HTTPS traffic from client web browsers use to connect to the explicit proxy for the specific protocol.

Explicit proxy users must configure their web browser’s protocols proxy settings to use this port. You can enter a maximum of eight ports. Separate multiple ports with a comma. The range of values is 1-65535.

FTP Over HTTP

Select this checkbox to enable FTP over HTTP for the explicit web proxy. Then select Use HTTP Port or select Specify and enter the port number.

SOCKS Proxy

Select this checkbox to enable the SOCKS proxy. Then select Use HTTP Port or select Specify and enter the port number.

Prefer DNS Result

Select whether the DNS result uses an IPv4 or IPv6 address.

Unknown HTTP Version

You can select the action to take when the proxy server must handle an unknown HTTP version request or message. Set the unknown HTTP version to Best Effort, Reject, or Tunnel.

  • Best Effort attempts to handle the HTTP traffic as best as it can.

  • Reject treats known HTTP traffic as malformed and drops it.

SEC Default Action

Accept or deny explicit web proxy sessions when no web proxy firewall policy exists.

SSL Algorithm

Select the strength of the encryption algorithms accepted in HTTPS deep scan.

Authentication Realm

Enter an authentication realm to identify the explicit web proxy.

The realm can be any text string of up to 63 characters. If the realm includes spaces, you need to enclose it in quotes. When a user authenticates with the explicit web proxy, the HTTP authentication dialog box includes the realm so that you can use the realm to identify the explicitly web proxy for your users.

IPv6 Status

Toggle this setting if you want to use IPv6 addresses.

Return to Sender

Toggle this setting to allow the FortiProxy to remember the MAC address of the last hop and send responses to that MAC address instead of the default gateway.

PAC Status

Toggle this setting to use a proxy auto-config (PAC) file to define how web browsers can choose a proxy server for receiving HTTP content. PAC files include the FindProxyForURL(url, host) JavaScript function that returns a string with one or more access method specifications. These specifications cause the web browser to use a particular proxy server or to connect directly.

PAC Port

Select Use HTTP Port or select Specify and then enter the port number that traffic from client web browsers use to connect to the explicit proxy for the specific protocol. Explicit proxy users must configure their web browser’s protocols proxy settings to use this port.

PAC File Content

Select Edit to make changes to a PAC file that was previously uploaded or select Download and then select Save to save a copy of the PAC file.

API Preview

The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
note icon

The FTP over HTTP proxy engine supports PORT mode, FTP over HTTP CONNECT, and uploads through PUT (UTM scanning).
To use the API Preview:

  1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

  2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

  3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

  4. Click Close to leave the preview.

Previous
Next