Fortinet black logo

Administration Guide

Home FortiProxy 7.0.0 Administration Guide
7.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Create or edit a proxy option profile

Create or edit a proxy option profile

To configure a new proxy option profile, go to Proxy Settings > Proxy Options and click Create New. The New Proxy Options page is displayed.

Configure the following settings and then click OK to save your changes:

Name

The name of the proxy option profile.

Comments

Optional description of the proxy option profile.

Log Oversized Files

Enable this setting to log when oversized files are processed. The setting does not change how the files are processed. It only enables the FortiProxy unit to log that they were either blocked or allowed through. A common practice is to allow larger files through without antivirus processing. This practice allows you to get an idea of how often this happens and decide on whether to alter the settings relating to the treatment of oversized files.

RPC over HTTP

Enable or disable the inspection of RPC over HTTP.

Protocol Port Mapping

To optimize the resources of the unit, enable or disable the mapping and inspection of protocols. When you enable a protocol, the default port numbers are automatically filled in, but you can change them.

Common Options

Comfort Clients

When proxy-based antivirus scanning is enabled, the FortiProxy unit buffers files as they are downloaded. After the entire file is captured, the FortiProxy unit begins scanning the file. During the buffering and scanning procedure, the user must wait. After the scan is completed, if no infection is found, the file is sent to the next step in the process flow. If the file is a large one this part of the process can take some time. In some cases enough time that some users may get impatient and cancel the download.

The Comfort Clients feature mitigates this potential issue by feeding a trickle of data while waiting for the scan to complete. The user then knows that processing is taking place and that there hasn’t been a failure in the transmission. The slow transfer rate continues until the antivirus scan is complete. After the file has been successfully scanned and found to be clean of any viruses, the transfer will proceed at full speed.

Enable and then configure the following:

  • Interval (seconds)—Enter the interval time in seconds. The default is 10.

  • Amount (bytes—Enter the amount in bytes. The default is 1.

Block Oversized File/Email

You can block files or emails that are larger than a specified size.

Enable and then enter the threshold size in megabytes of the files and emails to block.

Web Options

Chunked Bypass

The HTTP section allows the enabling of Chunked Bypass. This refers to the mechanism in version 1.1 of HTTP that allows a web server to start sending chunks of dynamically generated output in response to a request before actually knowing the actual size of the content. Where dynamically generated content is concerned, enabling this feature means that there is a faster initial response to HTTP requests. From a security stand point, enabling this feature means that the content is not held in the proxy as an entire file before proceeding.

Enable or disable the chunked bypass setting.

API Preview

The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
To use the API Preview:
  1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.
  2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.
  3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.
  4. Click Close to leave the preview.
Previous
Next

Create or edit a proxy option profile

To configure a new proxy option profile, go to Proxy Settings > Proxy Options and click Create New. The New Proxy Options page is displayed.

Configure the following settings and then click OK to save your changes:

Name

The name of the proxy option profile.

Comments

Optional description of the proxy option profile.

Log Oversized Files

Enable this setting to log when oversized files are processed. The setting does not change how the files are processed. It only enables the FortiProxy unit to log that they were either blocked or allowed through. A common practice is to allow larger files through without antivirus processing. This practice allows you to get an idea of how often this happens and decide on whether to alter the settings relating to the treatment of oversized files.

RPC over HTTP

Enable or disable the inspection of RPC over HTTP.

Protocol Port Mapping

To optimize the resources of the unit, enable or disable the mapping and inspection of protocols. When you enable a protocol, the default port numbers are automatically filled in, but you can change them.

Common Options

Comfort Clients

When proxy-based antivirus scanning is enabled, the FortiProxy unit buffers files as they are downloaded. After the entire file is captured, the FortiProxy unit begins scanning the file. During the buffering and scanning procedure, the user must wait. After the scan is completed, if no infection is found, the file is sent to the next step in the process flow. If the file is a large one this part of the process can take some time. In some cases enough time that some users may get impatient and cancel the download.

The Comfort Clients feature mitigates this potential issue by feeding a trickle of data while waiting for the scan to complete. The user then knows that processing is taking place and that there hasn’t been a failure in the transmission. The slow transfer rate continues until the antivirus scan is complete. After the file has been successfully scanned and found to be clean of any viruses, the transfer will proceed at full speed.

Enable and then configure the following:

  • Interval (seconds)—Enter the interval time in seconds. The default is 10.

  • Amount (bytes—Enter the amount in bytes. The default is 1.

Block Oversized File/Email

You can block files or emails that are larger than a specified size.

Enable and then enter the threshold size in megabytes of the files and emails to block.

Web Options

Chunked Bypass

The HTTP section allows the enabling of Chunked Bypass. This refers to the mechanism in version 1.1 of HTTP that allows a web server to start sending chunks of dynamically generated output in response to a request before actually knowing the actual size of the content. Where dynamically generated content is concerned, enabling this feature means that there is a faster initial response to HTTP requests. From a security stand point, enabling this feature means that the content is not held in the proxy as an entire file before proceeding.

Enable or disable the chunked bypass setting.

API Preview

The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
To use the API Preview:
  1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.
  2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.
  3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.
  4. Click Close to leave the preview.
Previous
Next