Fortinet black logo

Administration Guide

Home FortiProxy 7.0.0 Administration Guide
7.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Web Proxy Setting

Web Proxy Setting

Use the web proxy setting to change the global configuration of explicit web proxies.

Go to Proxy Settings > Web Proxy Setting to change the global explicit web proxy settings.

Configure the following settings and then click Apply:

Proxy FQDN

The FQDN for the global proxy server. This is the domain name to enter into browsers to access the proxy server.

Max HTTP request length

The maximum length of an HTTP request that can be cached, in KB. Larger requests are rejected. The default is 8 KB.

Max HTTP message length

The maximum length of an HTTP message that can be cached, in KB. Larger messages are rejected. The default is 32 KB.

Realm

You can enter an authentication realm to identify the explicit web proxy. The realm can be any text string of up to 63 characters. If the realm includes spaces, enclose it in quotes. When a user authenticates with the explicit web proxy, the HTTP authentication dialog box includes the realm, so you can use the realm to identify the explicitly web proxy for your users.

Explicit Outgoing IP

Enter the IP address to use as the source address for outgoing HTTP requests by explicit web proxy. Select + to enter another IP address.

Webproxy Profile

Enter the name of the web proxy profile that will be applied when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy.

Default CA Certificate

Select which certificate to use as a default. The default certificate is Fortinet_CA_SSL.

Forward Server Affinity Timeout

Enter the number of minute before the traffic from the source IP address is no longer assigned to the forwarding server. The default is 30 minutes. The range is 6-60 minutes.

Fast Policy Match

The fast policy match function improves the performance of IPv4 explicit and transparent web proxies on FortiProxy units. When enabled, after the proxy policies are configured, the FortiProxy unit builds a fast searching table based on the different proxy policy matching criteria. When fast policy matching is disabled, web proxy traffic is compared to the policies one at a time from the beginning of the policy list.

LDAP User Cache

Enable or disable the LDAP user cache.

Strict Web Check

Enable or disable (by default) the blocking of web sites that send incorrect headers that don't conform to HTTP 1.1 (see RFC 2616 for more information). Enabling this option may block some commonly used websites.

Forward Proxy Auth

Enable or disable (by default) the forwarding of proxy authentication headers. Note that this option is only practical when in explicit mode, because proxy authentication headers are always forwarded when in transparent mode. By default, in explicit mode, proxy authentication headers are blocked by the explicit web proxy. Therefore, enable this entry if you need to allow proxy authentication through the explicit web proxy.

Strict Guest

Enable or disable whether the explicit web proxy uses strict guest user checking.

HTTPS Replacement Message

Enable or disable whether a replacement message is displayed for HTTPS requests.

Message Upon Server Error

Enable or disable whether a replacement message is displayed when a server error is detected.

Trace Auth No Resp

Enable or disable whether timed-out authentication requests are logged.

Extended Log 7.0.11

Enable or disable the recording of extended log for implicit policies. The extended log includes the useragent, referralurl, httpmethod, and statuscode fields.

Log HTTP Transaction

Configure the logging of HTTP transactions:

  • All—Log all HTTP transactions.

  • Security Profiles (default)—Log HTTP transaction on UTM event.

  • Disable—Disable HTTP transaction log.

When All or Security Profiles is selected, you can find the HTTP transaction logs under Log & Report > HTTP Transaction. See Types of logs.

API Preview

The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
To use the API Preview:

  1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

  2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

  3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

  4. Click Close to leave the preview.

Previous
Next

Web Proxy Setting

Use the web proxy setting to change the global configuration of explicit web proxies.

Go to Proxy Settings > Web Proxy Setting to change the global explicit web proxy settings.

Configure the following settings and then click Apply:

Proxy FQDN

The FQDN for the global proxy server. This is the domain name to enter into browsers to access the proxy server.

Max HTTP request length

The maximum length of an HTTP request that can be cached, in KB. Larger requests are rejected. The default is 8 KB.

Max HTTP message length

The maximum length of an HTTP message that can be cached, in KB. Larger messages are rejected. The default is 32 KB.

Realm

You can enter an authentication realm to identify the explicit web proxy. The realm can be any text string of up to 63 characters. If the realm includes spaces, enclose it in quotes. When a user authenticates with the explicit web proxy, the HTTP authentication dialog box includes the realm, so you can use the realm to identify the explicitly web proxy for your users.

Explicit Outgoing IP

Enter the IP address to use as the source address for outgoing HTTP requests by explicit web proxy. Select + to enter another IP address.

Webproxy Profile

Enter the name of the web proxy profile that will be applied when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy.

Default CA Certificate

Select which certificate to use as a default. The default certificate is Fortinet_CA_SSL.

Forward Server Affinity Timeout

Enter the number of minute before the traffic from the source IP address is no longer assigned to the forwarding server. The default is 30 minutes. The range is 6-60 minutes.

Fast Policy Match

The fast policy match function improves the performance of IPv4 explicit and transparent web proxies on FortiProxy units. When enabled, after the proxy policies are configured, the FortiProxy unit builds a fast searching table based on the different proxy policy matching criteria. When fast policy matching is disabled, web proxy traffic is compared to the policies one at a time from the beginning of the policy list.

LDAP User Cache

Enable or disable the LDAP user cache.

Strict Web Check

Enable or disable (by default) the blocking of web sites that send incorrect headers that don't conform to HTTP 1.1 (see RFC 2616 for more information). Enabling this option may block some commonly used websites.

Forward Proxy Auth

Enable or disable (by default) the forwarding of proxy authentication headers. Note that this option is only practical when in explicit mode, because proxy authentication headers are always forwarded when in transparent mode. By default, in explicit mode, proxy authentication headers are blocked by the explicit web proxy. Therefore, enable this entry if you need to allow proxy authentication through the explicit web proxy.

Strict Guest

Enable or disable whether the explicit web proxy uses strict guest user checking.

HTTPS Replacement Message

Enable or disable whether a replacement message is displayed for HTTPS requests.

Message Upon Server Error

Enable or disable whether a replacement message is displayed when a server error is detected.

Trace Auth No Resp

Enable or disable whether timed-out authentication requests are logged.

Extended Log 7.0.11

Enable or disable the recording of extended log for implicit policies. The extended log includes the useragent, referralurl, httpmethod, and statuscode fields.

Log HTTP Transaction

Configure the logging of HTTP transactions:

  • All—Log all HTTP transactions.

  • Security Profiles (default)—Log HTTP transaction on UTM event.

  • Disable—Disable HTTP transaction log.

When All or Security Profiles is selected, you can find the HTTP transaction logs under Log & Report > HTTP Transaction. See Types of logs.

API Preview

The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
To use the API Preview:

  1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

  2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

  3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

  4. Click Close to leave the preview.

Previous
Next